VRF-based Mining

Simple Non-Outsourceable Cryptocurrency Mining

Runchao HAN (Monash University, CSIRO-Data61)
Haoyu LIN (Bytom Foundation, ZenGo X)
Jiangshan YU (Monash University)

Abstract

This paper introduces VRF-based mining, a simple and effective way of making pooled mining impossible. Instead of using hash functions, VRF-based mining uses Verifiable Random Functions (VRFs) for Proof-of-work (PoW)-based consensus. As VRF binds an output with a secret key, a pool operator should reveal its secret key to outsource the mining process to miners, and miners can anonymously steal cryptocurrency in the pool operator’s wallet.


To access full text of our paper (accepted in CBT@ESORICS 2020), please visit
https://github.com/vrf-mining/vrf-mining.

Motivation

Mining pools centralisation, which can lead to censorship and 51% attacks.


Pool Distribution
Bitcoin 3-month Pool Distribution, taken from https://btc.com/stats/pool?pool_mode=month3. Accessed 27 Aug. 2020.

Verifiable random functions

Verifiable Random Function (VRF) is a public-key version of cryptographic hash function, and requires a secret key to Hash and Prove, the correspoing public key and proof to Verify.


VRF should satisfy the following properties:

  • Uniqueness
  • Collision Resistance
  • Pseudorandomness

    • VRF-based mining

    VRF-based mining

    Non-outsourceability analysis

    Types of non-outsourceability:

  • Weak non-outsourcability: If the pool operator outsources the mining process, miners can always steal the reward of mining. Weak non-outsourceability defines the punishment of outsourcing.
  • Strong non-outsourcability: In addition to weak non-outsourcability, the pool operator cannot link the stolen mining reward with the miner who steals it. Strong non-outsourceability covers both the punishment and the anonymity of the stealer.


    • VRF-based mining satisfies punish-mining-reward (miners can still steal reward), but not stealing-unlinkability (stealing is anonymous): a pool operator can outsource different block templates with different secret keys to each miner, and can identify the stealer by the secret key in the transaction stealing the reward.

    Other non-outsourceable mining protocols

    Comparison between mining protocols. NSP is short for Non-outsourceable scratch-off puzzle2.
    VRF-based mining NSP-1 NSP-2 2P-PoW3
    Punish-mining-reward
    Stealing-unlinkability ✗$^\dagger$
    No partial outsourcing
    Support randomised signatures
    No complex cryptography
    $\dagger$ The pool operator should take non-negligible effort to deanonymise stealing behaviours.

    Decentralised mining protocols

    Comparison with decentralised mining pools.
    VRF-based mining P2Pool4 SmartPool5 BetterHash6
    Complexity - Blockchain Smart contract -
    Decentralisation Mining Mining Mining Select txs

    1. Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: 40th Annual Symposium on Foundations of Computer Science (Cat. No. 99CB37039). pp. 120–130. IEEE (1999).

    2. Miller, A., Kosba, A., Katz, J., Shi, E.: Nonoutsourceable scratch-off puzzles to discourage bitcoin mining coalitions. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. pp. 680–691. ACM (2015).

    3. “How to disincentivize large bitcoin mining pools” hackingdistributed.com, Ittay Eyal and Emin Gün Sirer, https://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/. Accessed 27 Aug. 2020.

    4. “p2pool: Decentralized, DoS-resistant, Hop-Proof pool” Bitcoin Forum, forrestv, https://bitcointalk.org/index.php?topic=18313. Accessed 27 Aug. 2020.

    5. Luu, L., Velner, Y., Teutsch, J., Saxena, P.: Smartpool: Practical decentralized pooled mining. In: 26th {USENIX} Security Symposium ({USENIX} Security 17). pp. 1409–1426 (2017).

    6. “BetterHash Mining Protocol(s)” BIPs, Matt Corallo, https://github.com/TheBlueMatt/bips/blob/betterhash/bip-XXXX.mediawiki. Accessed 27 Aug. 2020.