Author Topic: Pools Using Collaterals  (Read 396 times)

Mr. Spread

  • Core Developer
  • Posts: 105
    • View Profile
Pools Using Collaterals
« on: February 06, 2015, 06:03:26 pm »
Recently a new idea about how to make pools was suggested, I think it was already discussed sometime before. The idea is that each miner will send collateral equal to the block reward to the pool. Miners then submit shares to the pool as usual, if any miner tries to steal the block reward then pool would use collateral of this miner to pay to other miners and cheating miner will gain nothing.

Stealing
Miners cannot steal coins in this scheme but can pool do this? Obviously pool has collected many collaterals and can just take them all and run away. But what if pool is operated by some publicly known persons, legally registered as an organization in, say, US, would pool operators be able to safely steal your coins without any risk to themselves? The answer is yes and here is how it can be done:
1. Pool operators would spend the block reward and anonymize it. If anonymous transactions are implemented by this time then this can be done directly using SpreadCoin, otherwise they will exchange it to something like Monero and anonymize it there.
2. After that pool operators would claim that miner has stolen the block reward and redistribute miner's collateral to other miners.
3. Nor miner nor pool operators can prove to anyone that they didn't stole the money. External observers will only see that block reward was not redistributed to other miners as usual but they cannot know who has actually stolen it - pool or miner.

This means that pool can safely steal money while miners can falsely accuse pool of stealing their money and such claims cannot be confirmed nor disproved by anyone.

Economy
This scheme assumes that block reward is cheap so that it is not a problem for miner to obtain this amount. This claim is somethat of dubious.

If you can find blocks consistently then you don't need pool and associated risk of stealing your collateral. If you cannot find blocks consistently then collateral is probably exceeding the amount you will ever mine or is close to it, if you can easily just buy such amount why would you bother with mining?

If SpreadCoin price is low then there are less people mining it and solo-mining even for small miners is possible and they don't need pools. Currently even with one GPU you can find 1 block in 1-2 days, with small mining farm you will be able to find blocks regularly. If price is high then collateral is also expensive.

The other aspect is that requirement for such collaterals if massively adopted would move the price up, this would make this collateral not so cheap.

georgem

  • Tech Admin
  • ******
  • Posts: 587
    • View Profile
Re: Pools Using Collaterals
« Reply #1 on: February 06, 2015, 06:13:53 pm »
But what if the pool doesn't have 100% control over the collateral, but the money is on some kind of multisig address?

Something like an "automated escrow" as described in this video:

https://www.youtube.com/watch?v=ITRPrGuzqjE

No party can just run away with the money this way. They both have to fullfill their contract so that the collateral goes back to them.

This means, that not only does every miner need to deposit a collateral, but the pool ALSO needs to pay a collateral.
The pool will probably even need to match every collateral that every single miner has payed.

Let's assume 100 miners in 1 pool.
Every miner has to pay a collateral of X, so all miners in sum will pay 100 X.
So the pool needs to balance that and add another 100 X.

Now all the miners and the pool are equally invested and will both have to lose the same amount when they play foul.
Forum donations: SVusZDRc8P1BjBRwrgdqYrJ4j5aY3gHFUg

Mr. Spread

  • Core Developer
  • Posts: 105
    • View Profile
Re: Pools Using Collaterals
« Reply #2 on: February 06, 2015, 06:28:25 pm »
But what if the pool doesn't have 100% control over the collateral, but the money is on some kind of multisig address?

Something like an "automated escrow" as described in this video:

https://www.youtube.com/watch?v=ITRPrGuzqjE

No party can just run away with the money this way. They both have to fullfill their contract so that the collateral goes back to them.

This means, that not only does every miner need to deposit a collateral, but the pool ALSO needs to pay a collateral.
The pool will probably even need to match every collateral that every single miner has payed.

Let's assume 100 miners in 1 pool.
Every miner has to pay a collateral of X, so all miners in sum will pay 100 X.
So the pool needs to balance that and add another 100 X.

Now all the miners and the pool are equally invested and will both have to lose the same amount when they play foul.
Why we do not want pools in the first place? Because they put too many control in a too few hands. If they are cooperating (or were hacked, or one pool controls more than 50%) they can e.g. perform double-spending attack. If you you will design some system where miners should monitor pools for not misbehaving then it would not be bad at all, it may be even good, we will get both protection from possibly malicious pools and consistent payments for miners.

I still don't see how what you described will work.

georgem

  • Tech Admin
  • ******
  • Posts: 587
    • View Profile
Re: Pools Using Collaterals
« Reply #3 on: February 06, 2015, 06:35:13 pm »
Why we do not want pools in the first place? Because they put too many control in a too few hands. If they are cooperating (or were hacked, or one pool controls more than 50%) they can e.g. perform double-spending attack. If you you will design some system where miners should monitor pools for not misbehaving then it would not be bad at all, it may be even good, we will get both protection from possibly malicious pools and consistent payments for miners.

I still don't see how what you described will work.

I'm just playing "devil's advocate" here.
Preventing Pools is an awesome feature and nobody doubts the benefits this has regarding decentralization. (even our enemies don't doubt that effect, they just claim that our feature isn't working)

Some people claim that a pool would still be able to work, if all participants (miners AND the pool itself) would need to pay a collateral into a multisig address that everyone can check, and see if the other has payed into, and then, should someone suspect that something fishy is going on, this person would "FREEZE" the multisig address and trap his and the others collateral there FOREVER, hereby punishing both participants (himself and the pool, or vice versa) ...

That's why it's called "automated escrow". Either both WIN, or both LOSE, and that's where the deterrence so no one acts badly comes from.

Not sure if this can even work in this scenario, I am just saying.
Forum donations: SVusZDRc8P1BjBRwrgdqYrJ4j5aY3gHFUg

Mr. Spread

  • Core Developer
  • Posts: 105
    • View Profile
Re: Pools Using Collaterals
« Reply #4 on: February 06, 2015, 06:55:56 pm »
Why we do not want pools in the first place? Because they put too many control in a too few hands. If they are cooperating (or were hacked, or one pool controls more than 50%) they can e.g. perform double-spending attack. If you you will design some system where miners should monitor pools for not misbehaving then it would not be bad at all, it may be even good, we will get both protection from possibly malicious pools and consistent payments for miners.

I still don't see how what you described will work.

I'm just playing "devil's advocate" here.
Preventing Pools is an awesome feature and nobody doubts the benefits this has regarding decentralization. (even our enemies don't doubt that effect, they just claim that our feature isn't working)

Some people claim that a pool would still be able to work, if all participants (miners AND the pool itself) would need to pay a collateral into a multisig address that everyone can check, and see if the other has payed into, and then, should someone suspect that something fishy is going on, this person would "FREEZE" the multisig address and trap his and the others collateral there FOREVER, hereby punishing both participants (himself and the pool, or vice versa) ...

That's why it's called "automated escrow".

Not sure if this can even work in this scenario, I am just saying.
How much money would then pool need for this? With such amount it would be more profitable to run a masternode. Such scheme would also significantly limit number of miners per pool depending on the number of coins this pool has. The amount of money pool operator will need to invest in this greatly exceeds the possible income from mining fees (even with 100% fee).

Some miners will forget to withdraw the collateral, some will lose their keys, some will get more money from some other activity and will don't care anymore about the collateral, some will be hit by bus, pool will lose money in each of these cases.

Pool operator can not simply stop the pool and get back all the money, pool will probably never get all the invested money back.

Of course it is possible to disable multisig transactions but I think it is not necessary.

georgem

  • Tech Admin
  • ******
  • Posts: 587
    • View Profile
Re: Pools Using Collaterals
« Reply #5 on: February 06, 2015, 07:00:13 pm »
I'm just playing "devil's advocate" here.
Preventing Pools is an awesome feature and nobody doubts the benefits this has regarding decentralization. (even our enemies don't doubt that effect, they just claim that our feature isn't working)

Some people claim that a pool would still be able to work, if all participants (miners AND the pool itself) would need to pay a collateral into a multisig address that everyone can check, and see if the other has payed into, and then, should someone suspect that something fishy is going on, this person would "FREEZE" the multisig address and trap his and the others collateral there FOREVER, hereby punishing both participants (himself and the pool, or vice versa) ...

That's why it's called "automated escrow".

Not sure if this can even work in this scenario, I am just saying.
How much money would then pool need for this? With such amount it would be more profitable to run a masternode. Such scheme would also significantly limit number of miners per pool depending on the number of coins this pool has. The amount of money pool operator will need to put in this greatly exceeds the possible income from mining fees (probably even with 100% fee).

Some miners will forget to withdraw the collateral, some will lose their keys, some will get more money from some other activity and will don't care anymore about mining collateral, some will be hit by bus, pool will lose money in each of these cases.

Pool operator can not simply stop the pool and get back all the money, pool will probably never get all invested money back.

Of course it is possible to disable multisig transactions but I think it is not necessary.

I agree, it would make running a pool very expensive, and vulnerable to all kinds of things that could go wrong,
and the support and handling needed to run such a pool will be much higher, it will make a pool like 100 times more expensive than normally, while the profit stays the same.

So, I think your claim, that Spreadcoin prevents pools is sound and still true, although some crazy people "could" actually start an escrowed pool, but why should they? Just to troll us maybe?  ;D
Forum donations: SVusZDRc8P1BjBRwrgdqYrJ4j5aY3gHFUg

minerpage

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Pools Using Collaterals
« Reply #6 on: February 06, 2015, 07:02:50 pm »
Quote
Just to troll us maybe?  ;D

I think that's clearly the case... I'm no expert but I think SpreadX11 disables pool mining right in the protocol... one would think that's clearly enough indication of the coin's position... it looks like the SPR bashers are using hollow arguments to scare the newcomers...

georgem

  • Tech Admin
  • ******
  • Posts: 587
    • View Profile
Re: Pools Using Collaterals
« Reply #7 on: February 06, 2015, 07:07:33 pm »
Quote
Just to troll us maybe?  ;D

I think that's clearly the case... I'm no expert but I think SpreadX11 disables pool mining right in the protocol... one would think that's clearly enough indication of the coin's position... it looks like the SPR bashers are using hollow arguments to scare the newcomers...

Even if an escrowed pool is really created, the participants there will live in a constant fear of "scorpion might sting frog" scenario.



http://en.wikipedia.org/wiki/The_Scorpion_and_the_Frog
Forum donations: SVusZDRc8P1BjBRwrgdqYrJ4j5aY3gHFUg

jjjordan

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: Pools Using Collaterals
« Reply #8 on: February 07, 2015, 03:43:46 pm »
Pool proof.
I think that is what best describes this property.
It will both shut up haters and will not mislead newcomers...
my 2c...

EDIT: it might be a good idea to replace "no pools" with "pool proof"

GilAlexander

  • Newbie
  • *
  • Posts: 47
    • View Profile
Re: Pools Using Collaterals
« Reply #9 on: February 07, 2015, 06:32:22 pm »
Recently a new idea about how to make pools was suggested
Since it was me let I play devil's advocate too. (especially didn't post on btalk not to whet fudsters with red letters but some others weren't so smart)

This means that pool can safely steal money while miners can falsely accuse pool of stealing their money and such claims cannot be confirmed nor disproved by anyone.
I come up with another idea.

Miner registrates on pool and pays collateral. Miner generates his own address for mining (let A) and states it publicly. Pool states it's hot address (X) too.
Fair play: miner generates a block and sends block reward from A to X. Pool distributes it. Since A is controlled only by miner and X only by pool, no one can buckpass each other - if miner didn't send funds from A to X, miner will be unfair; if funds weren't distributed from X correctly, pool will be unfair.

The more complicated question is could anyone check shares without knowing the key for coinbase address? Because funds from X must be distibuted accordingly hashrates and third-party observer needs to check how many shares were generated. I'm not very closely familiar with spreadcoin's codebase and whole block structure wasn't described but I believe the answer is yes since anyone could check whether block's hash matches difficulty (is the block valid) - so anyone must be able to check whether hash matches little difficulty that is used for shares (I mean that shares must be somehow broadcasted publicly by miner too).

The resulting scheme is looking more as "esprit de corps" when group of miners agrees to share their rewards proportionally some variable (hashrate) that may be proved. And pool now is a priviledged part that distributes rewards. I agree that it is much harder to implement and control than classic pool. I agree that economical argument from op-post is valid (but how many altcoins do you know where block reward is so large in $?). I agree with quote and my interest here is technical details.
Quote
If you you will design some system where miners should monitor pools for not misbehaving then it would not be bad at all, it may be even good, we will get both protection from possibly malicious pools and consistent payments for miners.
my spr addr: SVf1jyKHgdCngvpXf9SGQveiaFBFthmjVu