Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1XJZC5-00021d-7P
	for bitcoin-development@lists.sourceforge.net;
	Tue, 19 Aug 2014 02:30:41 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.99 as permitted sender)
	client-ip=62.13.148.99; envelope-from=pete@petertodd.org;
	helo=outmail148099.authsmtp.net; 
Received: from outmail148099.authsmtp.net ([62.13.148.99])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1XJZC3-0004Bv-RO for bitcoin-development@lists.sourceforge.net;
	Tue, 19 Aug 2014 02:30:41 +0000
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
	by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s7J2UX1c091247
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 19 Aug 2014 03:30:33 +0100 (BST)
Received: from petertodd.org (petertodd.org [174.129.28.249])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s7J2UQPo029088
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 19 Aug 2014 03:30:28 +0100 (BST)
Date: Mon, 18 Aug 2014 22:30:25 -0400
From: Peter Todd <pete@petertodd.org>
To: bitcoin-development@lists.sourceforge.net
Message-ID: <20140819023025.GA3074@petertodd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: c8cebfb7-2748-11e4-9f74-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVJwpGK10IU0Fd
	P1hXKl1LNVAaWXld WiVPGEoXDxgzCjYj NEgGOBsDNw4AXgx1
	IQ0eXVBSFQF4AR8L BR4UUBE8dgJCZn9y bFhgVm5ZWE1lcE56
	XU8aVmp8ZwIBCD8f UklYfwsadARMdlEW YgMqBiVfZngFYX5o
	WlZqMmx0bDsAdGEN GltQfAobGB1WEmUq bBQFADlnGEwDRiM8
	ZwcmLUMYEA4bPw0v KlonVhodPgURDgAW BFxISDNDKlQaDzYs
	RRtAWlATWCFdTDYU CwclJFBUYHReXSte CwNLURgEFyJCViBM
	ACxQSSA3ElVhIkMs MyIQWQgA
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 174.129.28.249/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [62.13.148.99 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1XJZC3-0004Bv-RO
Subject: [Bitcoin-development] Cloud mining should be using merkle sum trees
 to prove they aren't doing fractional reserve mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2014 02:30:41 -0000


--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

A number of people - most recently Gavin Andresen - have speculated that
cloud hashing operations may in fact be ponzi schemes that don't
actually own the hashing power they claim to own. The claim is that the
customers upfront purchase of hashing power is simply kept and used to
pay off existing customer profits rather than actually being used to
purchase mining equipment.

We can use merkle sum trees to detect this fraud cryptographically:

1) Put the MH/s paid for by each account into a merkle sum tree, each
with a customer supplied unique identifier. (like their email address)
This allows the customer to verify that the hashing power they paid for
has been included in the total hashing power claimed.

2) Mark blocks found by the operation publicly so they can be associated
with the specific cloud mining operation; putting the merkle sum tree
root hash into the coinbase or an OP_RETURN output would be ideal. This
allows anyone to verify that the hashing power claimed corresponds to
the # of blocks actually found.

--=20
'peter'[:-1]@petertodd.org
0000000000000000201d505432d708aa2edb656f6fe34d686b37d4747e5ff389

--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJT8rbBAAoJEBmcgzuo5/CF8zIIANNpWYzw0Ir85Zg6gIr0CWWC
k/2IzrQALx9qqSex4lB81wO9VUiCs3p6HE5AFLFJur8dIVZ9F7ArPo4EARHVeq4v
AyjN88kwxdJHz2zQOyPV7Rm1o2lIU0eQaP+mBwcGPIbrRJKPFPVL+yFQBYxXyzEB
Sku+L5wdbycEOLgWFpSrVci0sj22ouprzlEgVJTG+u8sznfmi2ShPh+2mJs22RXL
rUgo81AtZc1UWJEOXKRM9txXabZhSOziVJiX7gAjy7IiE9tyqZcUrRHztJFYlo+o
DY1K/gLkOrIZVi2HbFMIb4zav+SQr/4Sftbz8+k6URdaE2FsECsUCEU/5OkvfdY=
=cTN/
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--