Practical Mining Pool is Possible

[weikengchen]

This is a WARNING about the underestimation of the risk of mining pools in PoS.

Ethereum FAQ (https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ) and some papers like Proof of Activity (http://eprint.iacr.org/2014/452) have analyzed the mining pools in PoS. They think it is not that practical because of a high risk.

• The sketch of mining pool: Everyone sends the money of a fund manager, who is delegated for validation. The fund manager distributes the Tx fee to the people who contribute the lucky coins, itself for business, and other clients in the pool (optional).

• Rationale: running a full node can be tiring. money are supposed to be highly distributed in many accounts. if most users cannot be online or are just reluctant to run a full node, they may be happier to delegate the money, if they trust the fund manager.

  • However: The risk of putting money to the fund manager is high. The fund manager can just steal all the money. This mining pool is much dangerous than that in PoW -- the latter you never lose your money, but at most get nothing.

Summary of the current idea

• It is possible to put money to someone.
• It is highly risky. Let us assume that would not be a general practice.

But what if...

• We have a way to ensure the fund manager cannot steal your money.
• We ensure the fund manager does what he promises to the clients? (note: not to the community)

If this is possible, then we have practical mining pools -- you don't need to run a full node.

  Join CoinBase Today! Earn Interest Every day! 100% Secure from Experts!

  Even if CoinBase were under full control of ISIS, your money is 100% Secure!

Imagine how participants think about the above advertisement if it is ALMOST TOTALLY TRUE.

Construction

• A paper on PoW, but construction applys to PoS is from Dr. Loi Luu: https://www.comp.nus.edu.sg/~loiluu/papers/SmartPool.pdf
• Please refer to this post (https://medium.com/@loiluu/casper-sgx-8475e56244b) in the section "Hardening against long-range forks", which is talking about a different thing, but actually, constructs such a mining pool. (and they have figures!)
• We can use Software Guard Execution (SGX) of Intel. It provides a trusted environment. Programs and code inside cannot be read even by OS and memory readers. And it can prove to anyone in the world about what is running inside, called the ``enclave''.
• SGX has been used for many research projects, like data analytics, federated learning, network middlewares, all without secret leakage, with very practical performance.
• Amazon starts to offer SGX support in virtual machines. Others may follow.
• Many research papers in smart contracts start to use SGX. For example, Town Crier by Cornell to trustable feed data into the smart contracts.
• The authors of PoA have no responsibility to consider SGX -- that paper is 2014. But SGX comes in 2015.

Should I trust Intel?

• The question is not you. Actually, is "will actually-a-little-bit-rational human beings take the risk to trust Intel?".
• The answer is almost yes. Your CPU is Intel or AMD. Your GPU is AMD or Nvidia. If Intel did release a microcode update to add a backdoor, then security is a dream.
• Let us make the assumption that a large group of users trust. Note that I am not assuming the Intel is trusted. I am assuming that many people believe.

So far so good?

• We can have several fund managers in the world. They provide an SGX-backed validation-delegated service. People share the secret key of their wallet (not sending the money) to the enclave after they validate the enclave. The enclave uses ZeroTrace (https://eprint.iacr.org/2017/549.pdf) to read/write the database to fully hide the access patterns -- nothing is leaked.
• The enclave behaves as a big stake -- when one of the coins under its management is hit, it finishes the validation and takes Tx fee. It will send Tx fees as promise.
• Users' secret keys are 100% secure. Enclave can prove that the key never leaks to the outside.
• Validation almost has no slow down.
• Users' money is secure and return is guaranteed.

Bad thing?

• You may feel that SGX can guarantee the correctness, so it does no harm to the community.
• The fund manager only has the responsibility to be correct to its clients. No need to hold the responsibility to the community.
• The fund manager can just remove some Tx information at the network level -- or pretend it does not receive that message. Anyway, it has the right to choose.
• Mining pool comes again.

Will mining pools in PoS be terrible?

• Snow white (https://eprint.iacr.org/2016/919.pdf) is a paper in PoS which analyzes the corruption. Please jump to page 16. The figure shows that, if for 16.5% centralization, a reasonable risk would require 25 blocks to be verified. And they said

  In all configurations, Snow White needs to wait for 34% to 43% more blocks than Bitcoin for the same consistency failure probability.

• The mining pool is much serious in PoS!

SGX is something existing?

• For Intel CPU higher than Skylake, it supports SGX.
• My laptop can run a startup for delegated validation :)

So everyone can run a mining pool?

• Yes.
• Decentralized? There will be many small pools? So the problem is solved?
• Nope. The big one takes little efforts to solve all, it can ask for a very small management fee.
• Don't forget the fund manager distributes the money to all in the pool!
• Do you still remember why people join a PoW mining pool? Individual mining does not reduce your chance to generate a hash. But you may never have that day.
• Do you still remember that network latency matters? Coinbase may have the world's least latency server -- to broadcast its validation sharply to every full node upon a successful validation.
• Do you know that many websites for shopping, but students are attracted often by Amazon -- the advertisement works.

Wait! Can you summary a little bit?

• We will have several big mining pools in PoS systems.
• Although (some) developers don't trust them, the massive people turn out to trust -- the risk is almost zero, right?
• More secure than JPMorgan Chase?
• The mining pools are "UN Security Council's five permanent members". They validate almost everything.

What should we do?

• Seem no immediate quick-fix.
• Let us sit down for a moment.

What do you think will help?

• This question is much difficult to handle.
• I would suggest Ethereum to invite researchers for a discussion -- especially, how to thwart SGX?

[djrtwo]

I suggest you take this to http://ethresear.ch if it's still relevant.

Closing for now.

[weikengchen]

I agree we should close this.

I will put this into Ethereum research :) Thanks.