Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YLTY7-0005bM-To for bitcoin-development@lists.sourceforge.net; Wed, 11 Feb 2015 09:25:35 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.54 as permitted sender) client-ip=74.125.82.54; envelope-from=natanael.l@gmail.com; helo=mail-wg0-f54.google.com; Received: from mail-wg0-f54.google.com ([74.125.82.54]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YLTY5-0003ZK-Tw for bitcoin-development@lists.sourceforge.net; Wed, 11 Feb 2015 09:25:35 +0000 Received: by mail-wg0-f54.google.com with SMTP id y19so2063313wgg.13 for ; Wed, 11 Feb 2015 01:25:27 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.180.211.101 with SMTP id nb5mr3580234wic.37.1423646727911; Wed, 11 Feb 2015 01:25:27 -0800 (PST) Received: by 10.194.92.208 with HTTP; Wed, 11 Feb 2015 01:25:27 -0800 (PST) Received: by 10.194.92.208 with HTTP; Wed, 11 Feb 2015 01:25:27 -0800 (PST) In-Reply-To: References: Date: Wed, 11 Feb 2015 10:25:27 +0100 Message-ID: From: Natanael To: Hector Chu Content-Type: multipart/alternative; boundary=001a11c37cc680c157050ecc95ef X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (natanael.l[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YLTY5-0003ZK-Tw Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Proposal: Requiring a miner's signature in the block header X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2015 09:25:36 -0000 --001a11c37cc680c157050ecc95ef Content-Type: text/plain; charset=UTF-8 Den 11 feb 2015 09:55 skrev "Hector Chu" : > > A proposal for stemming the tide of mining centralisation -- Requiring a > miner's signature in the block header (the whole of which is hashed), and > paying out coinbase to the miner's public key. > > Please comment on whether this idea is feasible, has been thought of before, > etc., etc. Thank you. > > Motivation > ---------- > > Mining is centralising to a handful of pool operators. This is bad for a > number of political reasons, which we won't go into right now. But I have > always believed that some years down the line, they could hold the users > hostage and change the rules to suit themselves. For instance by eliminating > the halving of the block reward. [...] > I propose that we require each miner to sign the block header prior to > hashing. The signature will be included in the data that is hashed. Further, > the coinbase for the block must only pay out to the public key counterpart of > the private key used to sign the block header. [...] > This will make it difficult to form a cooperating pool of miners who may not > trust each other, as the block rewards will be controlled by disparate parties > and not by the pool operator. Only a tight clique of trusted miners would be > able to form their own private pool in such an environment. People already trust things like cloud mining, so your solution with increasing technical trust requirements won't help. But you will however break P2Pool instead. Also, note that threshold signatures (group signatures) could probably be used by an actual distrusting pool's miners. There are already a proof of concept for this implemented with secp256k1 that works with Bitcoin clients silently. This wouldn't prevent such a pool from working. --001a11c37cc680c157050ecc95ef Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


Den 11 feb 2015 09:55 skrev "Hector Chu" <hectorchu@gmail.com>:
>
> A proposal for stemming the tide of mining centralisation -- Requiring= a
> miner's signature in the block header (the whole of which is hashe= d), and
> paying out coinbase to the miner's public key.
>
> Please comment on whether this idea is feasible, has been thought of b= efore,
> etc., etc. Thank you.
>
> Motivation
> ----------
>
> Mining is centralising to a handful of pool operators. This is bad for= a
> number of political reasons, which we won't go into right now. But= I have
> always believed that some years down the line, they could hold the use= rs
> hostage and change the rules to suit themselves. For instance by elimi= nating
> the halving of the block reward.

[...]

> I propose that we require each miner to sign the block = header prior to
> hashing. The signature will be included in the data that is hashed. Fu= rther,
> the coinbase for the block must only pay out to the public key counter= part of
> the private key used to sign the block header.

[...]

> This will make it difficult to form a cooperating pool = of miners who may not
> trust each other, as the block rewards will be controlled by disparate= parties
> and not by the pool operator. Only a tight clique of trusted miners wo= uld be
> able to form their own private pool in such an environment.

People already trust things like cloud mining, so your solut= ion with increasing technical trust requirements won't help. But you wi= ll however break P2Pool instead.

Also, note that threshold signatures (group signatures) coul= d probably be used by an actual distrusting pool's miners. There are al= ready a proof of concept for this implemented with secp256k1 that works wit= h Bitcoin clients silently. This wouldn't prevent such a pool from work= ing.

--001a11c37cc680c157050ecc95ef--