潘志彪 via bitcoin-dev
2017-10-03 15:52:16 UTC
Here is a solution may solve Block Withholding Attack. The general idea is
came from Aviv Zohar(***@cs.huji.ac.il), I made it work for Bitcoin.
Anyway, thanks Aviv.
DIFF_1 = 0x00000000FFFF0000000000000000000000000000000000000000000000000000;
Diff = DIFF_1 / target
this is equal to
Diff = DIFF_1 / (target - 0) or Diff = DIFF_1 / abs(target - 0)
now, we change diff algo to below:
New_Diff = DIFF_1 / abs(target - offset)
Offset is 32 bytes, like uint256 in Bitcoin, range is [0, 2^256),
define: offset_hash = DSHA256(offset).
we need to do a little change to the merkle root hash algo, put the
offset_hash as a tx hash in the front of tx hashes.
[offset_hash, coinbase_tx_hash, tx01_hash, tx02_hash, âŠ , tx_n_hash]
Actually could put offset_hash in any place in the array of hashes.
network_hash_range = network_hash_end - network_hash_begin
miner_hash_range = miner_hash_end - miner_hash_begin
The offset value MUST between network_hash_begin/end or
When mining pool send a job to miners, put the PoW hash range
(miner_hash_begin/end) in the job. So if the miners find a hash which value
is between [miner_hash_begin, miner_hash_end], means it's SHOULD be a
valid share, could submit the share to the pool. If the hash value is
between [network_hash_begin, network_hash_end] means find a valid block.
The network_diff is much much high than the miner's diff, means the
network_hash_range is much much smaller than miner_hash_range. By now,
a typical miner's pool diff is around 16K, network diff is 1123863285132,
so miner_hash_range is at least million times bigger than
The miners only know miner_hash_range, it's impossible for cheat miners
to find out which share could make a valid block or not.
1. it's a hard fork.
2. will make existed asic dsha256 chips useless, but I think it's only a
small change to make new asic chips based on existed tech.