High-mining: the latest version of the protection of the PoW-blockchain against "attack 51%"


    The developers of Litecoin Cash fork presented a preprint of the technical document ' The Hive: Agent-based Mining in Litecoin Cash ', in which they described their proposal to protect the cryptocurrency blockchain, which works on the basis of the proof-of-work algorithm, against “51% attack”. Their solution combines mining with the use of aging ASIC devices (SHA-256) and democratic virtual mining using work bees (HiveMine). In the case of a competent implementation, the blockchain LCC will solve one of the biggest problems of modern blockchain projects (from Bitcoin to Ethereum): the threat of an attack when more than half of the total network capacity is in the hands of an attacker.

    The problem of "attack 51%"

    Those who follow the cryptocurrency market could not fail to note the recent outbreak of 51% attacks on relatively small PoW projects (proof-of-work - “proof of work done), when attackers rewrote transactions and withdraw funds as quickly as possible through the exchanges. “Relatively” in this case means that a small fraction of devices that support the cryptographic security of a large blockchain (Bitcoin or Ethereum, for example) will be enough to break the consensus of a small blockchain running on the same hash algorithm (Bitcoin Cash or Bitcoin Gold, respectively) .

    In the case of cryptocurrencies, which take the SHA-256 algorithm (LCC or BCH) as the basis for encryption, the risk is aggravated by the fact that Bitcoin (BTC), the largest and most secure cryptocurrency of the world, operates on the same algorithm.

    In this article we will focus on the mathematical model of protection against attacks 51% and superficially highlight the main related terms and concepts used in blockchain cryptography.

    Introduction to High Mining

    In the classical security scheme of the PoW blockchain, miners compete by calculating a huge number of potential block hashes to find one that satisfies the complexity conditions set by the network consensus. If the complexity is equal to zero and any hash will be accepted by the network as valid, proof-of-work will not work and any node in the network will be able to easily mine the blocks.

    At first glance, this is not bad: mining will become democratic and low-cost in terms of energy. But in practice, everyone will mine cheap blocks and push them into the network, which means there will be many candidates for the continuation of the block chain. Since the miners will no longer understand on which block to build the continuation of the blockchain, there will be a lot of discarded chains (orphan). There will be chaos that has been observed by PoW-coins with an inadequate mining complexity adjustment algorithm.

    If the complexity is zero and the production of the unit will not bear any costs, no one can determine which candidate chains are worth more, which means there will be no priority. Miners will also be able to work on various chains without losing anything.

    This thought experiment simply demonstrates that the main purpose of the proof-of-work, proof-of-stake, or generally proof-of-anything algorithm is to provide the network with a deterministic way of determining the right to mining, chasing or forging a block with which other participants will agree. . In addition, another important condition for all those who are looking for a block is not to work on a set of chains at the same time with impunity. In the proof-of-stake system (“proof of ownership”), this approach is punishable by partial or total deprivation of a stake.

    High mining- this is an alternative form of struggle for a block, when the right to produce a block is provided by an agent working on behalf of the user. These agents - “worker bees” - are located on the blockchain itself. They are absolutely decentralized and are created when the user performs a special transaction to create an agent.

    After creation, worker bees begin to act as virtual mining devices (rig), and their owners become "beekeepers." When worker bees successfully extract a block, the reward for the block (including the commissions enclosed in the block) is paid to the beekeeper. Worker bees require very little energy and do not need specialized equipment for the production of blocks. Also, their lifespan is limited and the creation of a bee is a speculative action with a certain price; this prevents attempts to work on multiple chains at the same time. The success of an individual bee depends solely on the population of bees living in the entire network. Some bees will never find a block, while others will be disproportionately lucky (by analogy with solo mining).


    Fig. 1: the worker bee is added to the blockchain through the bee creation transaction (BCT) and mine blocks during its lifetime

    Creating agents (worker bees)

    To create a working bee, the user sends a transaction to a special "dead" address, for example: CReateLitecoinCashWorkerBeeXYs19YQ. Note that each uses the same address to create a bee. This address is parsed as existing and correct, but no one has a private key for it; The vanitygen utility determines that a private key search using 24 * 2 GHz cores will take about 1.7 * 10 ^ 31 years (with a 50% chance of success).

    A transaction creating a bee must have at least two conclusions. The first defines a fixed fee for the creation of a bee, which is sent to an unavailable address. Although the price of creating a bee will be determined dynamically, it is assumed that it will be a percentage of the reward per unit. This calculation includes the minimum cost, so that by the time when all the coins are mined, it makes sense to use high-mining to get commissions for the transaction.

    The second conclusion has a zero cost, but specifies the base address that will receive any reward for the block discovered by the bee in the future. You can call it "the future address of the beekeeper." If desired, the user himself can clarify it; By default, a new address will be generated each time in his wallet.


    "vout": [
     // Bee creation fee
     "addr": "CReateLitecoinCashWorkerBeeXYs19YQ"
     "value": 1.0000000
     // Address to receive block rewards forany blocks this bee mines
     "addr": "CTrdm8YDfjmFJwFnKbvNZ9NYznhMqrNgFR"
     "value": 0.0000000
     // Change address for change from creation fee
     "addr": "Cd6CRuWCu6p4NLR6XG7BKyC8hzvEoYuKbn"
     "value": 123.5274346

    Bees mature and become capable of extracting blocks after 576 blocks appear in the blockchain since the creation of the bee. This is the expected number of new blocks added to the Litecoin Cash blockchain in 24 hours. After maturation, bees exist 4032 blocks (approximately 1 week) and look for blocks, then die.

    Creation of a bee occurs in a QT-wallet. It looks like this:


    Fig. 2: Layout tabs LCC-wallet with working bees

    Bees in work: block search

    For example, let's assume that the blockchain height is 1000, and the network must determine which bee is assigned to find block 1001. Alice's beekeeper now has 4 bees (created between 576 and 4608 blocks).

    When block 1000 appears, Alice's wallet calculates two values.

    The first is a deterministic value, which is unpredictable, but easily verifiable. This is easy to do by folding the hashes of the blocks at different (hard-coded) depths between, say, 0 and 500,000 blocks, ensuring that our random value will be well rooted in the blockchain:

    string deterministicRandString =
    blocks[blockHeight].hash +
    blocks[blockHeight-13].hash +
    blocks[blockHeight-173].hash +
    blocks[blockHeight-1363].hash +
    blocks[blockHeight-27363].hash +

    Next, it calculates the target wallet hash bees beeTargetHash. This value is determined by the exponential moving average with a very high dynamic range, which sets beeTargetHashso that for any given population of bees is determined by the frequency of the blocks obtained in the process of high-mining. On the positive side, the more PoW-blocks were mined since the last high-mine-block, the higher (simpler) beeTargetHash. The algorithm is defined as follows; values maxTarget, emaWindowsSizeand emaDesiredSpacingwill be determined during the simulation.

    beeHashTarget = previousBeeHashTarget (default to highest (easiest) target maxTarget)
    numPowBlocks = number of pow blocks since the previous hive mined block;
    emaInterval = emaWindowSize / emaDesiredSpacing;
    beeHashTarget *= (interval - 1) * emaDesiredSpacing + numPowBlocks + numPowBlocks;
    beeHashTarget /= (interval + 1) * emaDesiredSpacing;

    As deterministicRandStringwell as beeHashTargetcan be calculated by any node in the network.

    Now Alice's wallet passes each of her living bees through a deterministic random chain, combining the bees' BCT transactions and hashing them to get a new hash, beeHash, of a single bee. Therefore, each bee generates one hash per block. This hash is similar to the best hash generated by PoW mining rig during the same time period.

    hash beeHash = sha256(deterministicRandString + bee.creationTransaction.ID);

    As Alice’s wallet tracks bees, each of which counts beeHash, he keeps a record of the best (lowest) detected hashes. If, by the total, the best hash found by Alice’s wallet satisfies the condition beeHash < beeTargetHash, Alice receives the right to add a block.

    Suppose Alice has a live bee whose hash is lower than the target, and the identifier of the successful bee's BCT transaction is as follows:


    Knowing that Alice’s wallet has the right to sign a block, the network produces a block with a special transaction with two exits:

    "vout": [
     // Zero-value output identifies the bee and proves it's really minting for Alice"value": 0,
     "n": 0,
     "scriptPubKey": {
     "asm": "OP_RETURN OP_BEE0f6953f0a0816483c71ae3df45650a997e678588a315d72e9ae06e6a3f1c1841
     // Block reward (subsidy + fees) - must pay to bee's correct coinbase address"value": 250.0001125,
     "n": 1,
     "scriptPubKey": {
     "addresses": [

    vout[0]- This is an output with a zero value that can not be spent. It is used both to identify the bee that got the block, and to prove that she got it for Alice.

    vout[1]- This is the conclusion that Alice pays a reward for the block.

    Block confirmation

    Bob’s wallet, receiving Alice’s block, now has to make sure that it satisfies consensus. First, he makes sure that the transaction includes two inputs, the first of which is zero, and that the script begins with OP_RETURN OP_BEE. It then retrieves the transaction ID of Alice's bee:


    Deviation: because a bee creation transaction is transferred to an unavailable address, the output of unspent transactions (UTXO) remains in it. Consequently, Bob’s wallet does not need to include the txindexcommand line option (which fully indexes all transactions due to slower verification and increased disk usage) to easily check Alice’s BCT outputs. Due to the use of UTXO, the QT-wallet does not need any databases or modifications to support high-mining mining. The tab with bees is also built in dynamically.

    By validating the high-mine block, Bob's wallet performs the equivalent of RPC (remote procedure call):

    gettxout 0f6953f0a0816483c71ae3df45650a997e678588a315d72e9ae06e6a3f1c1841 0

    This gives him the first exit BTC,, vout [0]and ensures that 1) the depth of the transaction lies in the range of the life of the bee; 2) a commission was paid for the creation of a bee; 3) it was sent to the correct stub address.

    If the check is passed, Bob's wallet produces:

    gettxout 0f6953f0a0816483c71ae3df45650a997e678588a315d72e9ae06e6a3f1c1841 1

    Thus obtaining the second output BCT, vout [1]confirming that 1) the value is zero; 2) the address is the same as the address of receiving the transfer of coins in the block (in the example CTrdm8YDfjmFJwFnKbvNZ9NYznhMqrNgFR).

    The following check verifies the message signature from the last part vout [0]. The message must have the current block number, signed by the transfer receipt address, so Bob’s wallet produces:

    verifymessage CTrdm8YDfjmFJwFnKbvNZ9NYznhMqrNgFR

    Finally, Bob calculates deterministicRandStringand beeHashTargetfor the current block, then calculates beeHashAlice and checks it for beeHashTarget. If all checks are passed, the block is considered valid and verified. The block validation process is fast and does not require costly verification of historical blocks.

    Pairing High Mining and PoW Mining

    It is assumed that high-mining will not be the only method to ensure network security. Litecoin Cash developers want not only to keep the mining community, but also not to interfere with it in any way. High-mining should be paired with PoW-mining on the same blockchain.

    Currently, the operation of the circuit is calculated as follows:


    That is, the operation of the circuit is accumulated as a function of complexity in each block of the circuit. The developers propose to change this definition as follows:


    Thus, each high-mine block will be rewarded depending on the amount of work contained in the previous PoW block, and the constant kis determined experimentally.

    Conclusion: high mining as a defense against attack 51%

    According to the main developer of Litecoin Cash Iain 'Tanner' Craig, the idea of ​​HiveMine is not only to protect 51% of the attack, but also to democratize and decentralize mining. Unlike PoS-blockchains, when “the rich get richer” accumulating their share, HiveMine still requires the costs of creating bees that may not pay off. Mining on the basis of agents satisfies three main tasks of the team: a significant complication of carrying out an attack of 51%, democratization of mining and freedom for miners on the SHA-256 algorithm, which ensures high security of the same Bitcoin network. For a successful attack, the attacker will need to take over 51% of the network's power, as well as 51% of the bees in the network, and given the process of creating bees, this will immediately become obvious.

    According to the same Craig, after testing and implementing the HiveMine model into the Litecoin Cash network, not provided with such a hashrate capacity on SHA-256, like the same Bitcoin Cash, it will nevertheless be faster and more reliable than the Bitcoin Cash network or .

    1. ' The Hive: Agent-based Mining in Litecoin Cash ', Iain CRAIG, Sebastian CLARKE, Michał WYSZYŃSKI and Federico DE GONZÁLEZ-SOLER. (2018)

    Also popular now: