Bonded Mining: Difficulty Adjustmentby Miner Commitment

0 14
Avatar for Lordxb7
3 years ago

Abstract. Proof-of-work blockchains must implement a difficulty adjust-

ment algorithm (DAA) in order to maintain a consistent inter-arrival time

between blocks. Conventional DAAs are essentially feedback controllers,

and as such, they are inherently reactive. This approach leaves them

susceptible to manipulation and often causes them to either under- or

over-correct. We present Bonded Mining, a proactive DAA that works

by collecting hash rate commitments secured by bond from miners. The

difficulty is set directly from the commitments and the bond is used to

penalize miners who deviate from their commitment. We devise a statisti-

cal test that is capable of detecting hash rate deviations by utilizing only

on-blockchain data. The test is sensitive enough to detect a variety of

deviations from commitments, while almost never misclassifying honest

miners. We demonstrate in simulation that, under reasonable assump-

tions, Bonded Mining is more effective at maintaining a target block

time than the Bitcoin Cash DAA, one of the newest and most dynamic

DAAs currently deployed. In this preliminary work, the lowest hash rate

miner our approach supports is 1% of the total and we directly consider

only two types of fundamental attacks. Future work will address these

limitations.

Keywords: Difficulty adjustment · protocols · cryptocurrencies

1 Introduction

Blockchain protocols maintain a public ledger of account balances that are

updated by authorized transactions. Proof-of-work (PoW) mining is the process

of assembling transactions into blocks and earning the right to add the block to

a growing chain [24]. PoW mining involves repeatedly cryptographically hashing

the assembled block, each time with a different nonce. The hashes are generated

uniformly at random from a space with maximum value S. When a hash falls

below a target t, the corresponding block is said to be mined, and it is added to

the blockchain. Closely related to target is the difficulty3 D, which is equal to S/t.

3 Technically D = t0/t, where t0 ≈ S is the target with highest possible difficulty, but this

detail is not important for our analysis.

The expected time required to mine a block is a function of D and the rate that

hashes are generated, or hash rate h. Hash rate fluctuates (sometimes rapidly)

over time, and therefore PoW blockchains must adjust D to ensure that the

expected block time remains roughly constant. Currently, all PoW blockchains

use a difficulty adjustment algorithm (DAA) to adjust D as h fluctuates.

Although implementations vary widely, each DAA is essentially a feedback

controller analogous to a thermostat. The DAA uses previous block creation

times to detect a change in h, and then it makes an adjustment to D in order

to move the expected times toward the desired value T. There are three major

limitations to this reactive approach.

1. There is a tendency to either over or under correct, which can cause oscillations

in block time [29, 30].

2. Contentious hard forks create significant instability in block times for mi-

nority hash rate blockchains, which must resort to a backup controller that

compensates for swings in miner hash rate allocation preference [31].

3. Most control algorithms can be gamed by miners without consequence in

order to extract higher rewards [18, 21], causing fluctuations in block time as

a result.

4. Feedback control is inherently reactionary; it only uses historical block time

and difficulty data to produce future difficulty values.

Contributions. We present Bonded Mining, a protocol that enhances PoW

mining with a proactive approach to difficulty adjustment so that inter-block

times are always near their desired value despite sudden hash rate changes. The

idea is to ask miners to commit to their individual hash rate and financially bind

them to it by holding bond. Difficulty is adjusted based on these self-reported

commitments. Miners are incentivized to commit to a realistic estimate of their

future hash rate and honor their commitment, even if it becomes nominally more

profitable to direct their hash rate elsewhere. The protocol is flexible: miner

commitments last until they mine their next block; and they can deviate from

the commitment (incurring a penalty commensurate with their deviation) as long

as they are truthful about the deviation.

For security, we derive a statistical test (using on-blockchain data only) that

is capable of detecting both short- and long-term deception from miners. Miners

who fail the test suffer a significant financial penalty. The test is sensitive enough

to detect a miner who drops to 20% of her commitment for a week or more, and

it can also detect when she strays from her commitment by as little as 1% every

block over the course of 70 days or more. This sensitivity comes with very little

risk for honest miners. Even when a miner deviates from her commitment, if she

truthfully reports that deviation, then the probability of failing any test over the

course of a year is less than 0.3%.

Because of its proactive design and the penalties associated with deception,

Bonded Mining is better capable of maintaining the desired expected block times

than are conventional, reactive approaches. In Bonded Mining, the extent to

which block times remain close to desired time T is the extent to which miners

value their bond more than a change in their hash rate.

1
$ 0.00
Avatar for Lordxb7
3 years ago

Comments