Monthly Archives: June 2014

Bitcoin mining and monopoly

Bitcoin mining has come under scrutiny recently because one mining pool, GHash, seemed to have more than half the mining resources used in mining Bitcoin. Bitcoin mining is important because the bitcoin protocol relies on competitive mining to authenticate transactions as well as to create and distribute new bitcoins.

The existing discussions of this issue are at best incomplete.

It has been claimed by Eyal and Sirer in their paper “Majority is not Enough: Bitcoin Mining is Vulnerable” that they “show that the Bitcoin protocol is not incentive-compatible.” As a result, they have argued for a “hard fork” because it is possible for a miner to gain more than a proportionate share of earnings – new bitcoins and transactions fees – once it has sufficient computing power under its control.

It is important to note what they actually show. They show that it is possible for a participant in mining with sufficient resources to gain more than a proportionate share of earnings by a strategy of mining privately and revealing its new blocks strategically. Revelation occurs when other miners – call them public miners – find a block. If private mining has not found a block, then the private miner moves to the new blockchain and continues. If the private block has one or more new blocks, then the private mining announces those blocks. The new private addition will contain at least one block and sometimes two or more blocks. The greater-than-proportionate earnings come from having more than one block sometimes. The more mining power, the higher is the probability of adding more than one block.

Currently, such a participant would be a mining pool. The practical example which has accumulated on the order of half of mining power is the mining pool GHash.

In “The Economics of Bitcoin Mining”, Kroll, Davey and Felten argue that Bitcoin is susceptible to attacks from determined adversaries who are willing to expend resources to disrupt Bitcoin. They argue, as a result, that Bitcoin inevitably will have a governance structure which is identifiable.

How would an economist, as compared to computer scientists, approach this issue?

First, mining bitcoins is a dynamic game. Equilibrium occurs for multiple periods. Second, miners are not anonymous in the sense that any miner, let alone a mining pool with a large fraction of total resources, is anonymous. To be clear, the identities of the people who are miners may well be anonymous but the miners, as miners, are not anonymous. It is not the case that all peers in the bitcoin universe are treated the same and are unknown. For example, the Bitcoin Wiki lists a number of fallback nodes considered reliable. It also compares the characteristics of mining pools.

In a reputational equilibrium, participants develop reputations and maintain them. The reputations are maintained because failure to do so results in outcomes that have lower value than maintaining the reputation. This is the situation which confronted GHash recently and the pool behaved as I would have expected, taking actions to continue creation of bitcoins.

Mining can be supported by a reputational equilibrium because the game is dynamic, there are a finite number of participants, and at least some participants are not anonymous,. The identities of the participants matter. Any strategy such as switching addresses to hide any particular strategy (such as superseding existing blocks as in Eyal and Shirer) will be evident quickly. For example, other participants would have an incentive to ignore blocks announced by that miner and move on.

This does not mean that the current protocol deals with known attacks, let alone all possible attacks. It does not. In fact, it is not possible to have a set of rules that provides pre-determined actions in all possible states of the world. There is not enough ink or hard-disk space in the world, and there probably still would be unknown attacks no matter how much effort were devoted to thinking of new ones.

A structure to determine the rules for Bitcoin in unforeseen eventualities is inevitable. And it does exist of course as the Bitcoin Foundation. In part, this echoes a point made by Kroll, Davey and Felten.

Bitcoin is not a completely anonymous implementation of a set of rules that can run forever with no human oversight. But then, this is true for open-source software, so it’s hard to see how it could be true for something as complicated as a digital currency.

I am not, of course, claiming that I have shown there is a reputational equilibrium for mining. I haven’t. I have outlined what it would have to look like. There would be a problem completing this analysis though.

The mining protocol creates the observed tendency toward monopoly in mining. In the next week, I will discuss why on this blog.