Bitcoin for the Befuddled (2015)

Chapter 7. BITCOIN MINING

New bitcoins are created through Bitcoin mining. In some sense, Bitcoin mining is similar to digging for gold: It takes time and effort—hence the term mining. The difference between mining gold and mining bitcoins is that a Bitcoin miner uses electricity and computational labor rather than physical labor. Mining is also the process by which new Bitcoin transactions are added to the block-chain, or the public ledger. By adding a new block of transactions to the blockchain, the miner who added the block is rewarded with newly minted bitcoins (as well as old bitcoins in the form of transaction fees).

The number of new bitcoins being mined from each block is diminishing slowly over time and will continue to do so until all 21 million bitcoins have been excavated. But unlike mining for gold, Bitcoin miners know exactly how many bitcoins are left to be mined. By 2140, every bitcoin will have been extracted and will be in circulation.

Although it is potentially lucrative to mine bitcoins, it is not for everyone. As with gold, most people, regardless of how much they want gold, would not mine it themselves. Similarly, earning a profit mining bitcoins is challenging and risky. Should you mine bitcoins? Probably not. In this chapter we’ll explore the difficulties and hazards, but the short answer is that deciding whether to mine bitcoins is like deciding whether or not to mine gold. Mining gold in financially meaningful quantities requires a high degree of expertise, access to cheap labor and electricity, raising (and risking!) significant capital, and waiting years for a return on investment. If you are reading this book, it’s best for you to leave Bitcoin mining to the professionals. However, if you are not motivated by profit and just want to mine (a trivial amount of) bitcoins for fun, you can certainly do that!

Why Is Bitcoin Mining Needed?

Whenever someone creates a new currency, one awkward problem usually surfaces at the outset: They need to figure out how to distribute newly minted money. If a government creates the money, this problem is easily resolved because the government can simply compensate itself and use the money to pay for government services. (Or, as in the United States, a government can use a complex scheme involving a Federal Reserve and treasury bond underwriting to lead to the same end result, giving the federal government capital it can spend that originated through the minting process.) However, if you’re creating a distributed currency like Bitcoin, without a central party, dispersing newly minted money is surprisingly difficult. Part of the genius of Bitcoin’s design was that Satoshi found a sensible way to distribute bitcoins. The currency would be given to those people willing to do computational work to protect the network, aka the miners.

Because protecting the Bitcoin network requires effort, time, and money, anyone willing to do this work would merit a monetary incentive. Therefore, Satoshi’s strategy of using bitcoins as an incentive for miners acted as a decentralized mechanism for giving away new coins and created a community dedicated to protecting the network through the mining process. Let me tell you a little story to help you understand how mining protects the Bitcoin network.

A Parable of Two Generals

“The fat king is dead!” they yelled through the streets of the Principality of Cryptoville the day the king died. King Karl was not popular among the common folk for his cruelty to the peasants of his kingdom was exceeded only by his girth. Unfortunately, his son Crowley was crowned that same day, and he was believed to be very much his father’s son.

For this reason and more, two generals, the General of the North and the General of the South, banded together in a plan to overthrow the monarchy. Quickly, they were able to conquer most of the lands outside the castle walls. All that remained to free the land from tyranny was to storm Castle Cryptoville!

image

The two generals’ armies gathered at the north and south sides of the castle. On the east and west sides of the castle were the Kraggly Mountains, a treacherous mountain range with steep cliffs that had taken the lives of many Cryptovillians through the ages.

image

On the south side of the castle, the General of the South exclaimed, “Yes! This is the time to strike! I shall send a message to the north to begin the attack!” However, it then occurred to the general that his messenger would have to cross the Kraggly Mountains. What if a mishap prevented the message from getting through? If this happened, he, the General of the South, would attack the castle on his own and might be defeated by the foe. So the General of the South revised his plan: “I will send a message to the north to attack and will ask the General of the North to send a confirmatory reply indicating that he received my message!”

When the General of the North received the message, he declared, “Splendid! Surely we will be victorious! I shall send the confirmation to the south. Oh, but just to be sure, I’ll ask the General of the South to return a message so I know he received my confirmation. I definitely wouldn’t want to attack the castle on my own.”

After receiving the confirmation, the General of the South asserted, “Great, we’re almost ready. Now all I need to do is wait for the north to send a confirmation that the general received the confirmation of my confirmation. Victory shall be ours after I get my answer—maybe sometime tomorrow!”

That night, King Crowley’s henchmen snuck into the north and south camps and assassinated both generals as they slept.

Applying the Parable to Bitcoin

In the story of the two generals, two parties needed to achieve a consensus on a plan. However, their mode of communication was based on unreliable mediums—the messengers who had to cross the perilous mountains. As a result, their naïve attempt to attain this consensus created an infinite loop of confirmations for confirmations that led to their doom. Could the generals have used another strategy to coordinate their attack?

The parable is based on an old math puzzle that was studied long before the existence of Bitcoin. The short answer to the question is that the generals would never be 100 percent certain that the other general had agreed to participate in an attack, and this can be proven mathematically.1

A more generalized version of this puzzle, called the Byzantine Generals Problem, is the same as the preceding parable except more is at play than just two generals. With this generalized version of the puzzle, with more than two armies, we can posit not only that the messages are unreliable but also that one or both of the generals may be in cahoots with King Crowley, sending misleading messages to the other generals.

This is precisely the problem a decentralized cryptocurrency needs to solve to determine which Bitcoin transactions sent across the network are valid: That is, if two conflicting transactions are sent via the network and involve the same coins, which of those transactions should take precedence? In fact, Bitcoin offers a probabilistic solution to the Byzantine Generals Problem.

image

In essence, the generals need to mine blocks that require significant computational resources to solve. In those blocks, they state the exact time the attack should occur. Also, as soon as a general finds out that another block has been completed, that general should cease his effort to create a new stand-alone block. Instead, each general should simply create a block containing the message “I confirm that I agree with the time in the block by general ABC.” Then other generals should create their block to link to this new block and include the message, “I confirm with the confirmation by general XYZ of the time by general ABC.” By continuing this process indefinitely, these blocks will form a blockchain, adding weight to the time suggested in the initial block (a genesis block). This exact blockchain strategy was described by Satoshi soon after he created Bitcoin.2

However, a couple of open questions remain about this algorithm’s description: Aren’t we back to square one, piling confirmations on top of confirmations ad infinitum? Surprisingly, the answer is no. Because of the computational effort involved in creating blocks, every new block generated as a confirmation of a previous block provides statistical information about the total computational power possessed by the entire population of generals. Consequently, when a given genesis block has approximately six more confirmations amassed on top of it than any other genesis block, the result is almost (but not quite) absolute certainty that the majority of generals are in agreement with the suggested attack time. (However, because this is a probabilistic solution, certainty will always be a bit less than 100 percent, which is why the original Two Generals Problem is still considered unsolved in a purely theoretical sense. But with Satoshi’s approach, certainty can be arbitrarily close to 100 percent.)

However, this approach of using proof-of-work and a blockchain to coordinate the attacks of the generals still has a subtle flaw: A general who is lazy could cheat the network by never using her computer to mine blocks. Because blocks are awarded randomly by solving the mining puzzle, any one general could just leave her computer turned off during the entire process—saving electricity—but still benefit from the consensus. No one would discover that she shirked her duty, because not every participant will successfully mine blocks in either case. But in the case of Bitcoin, Satoshi had the genius to add an extra detail that solves this freeloader problem: The system pays miners with bitcoins as a reward! By paying a handsome reward, the Bitcoin network maintains an adequate number of miners at all times, a reward that is not possible in the simpler solution to the Byzantine Generals Problem without a currency built into the network.

Now that you have a good conceptual understanding of Bitcoin mining and why it’s important, let’s dive into the details of how Bitcoin mining helps prevent attacks against the network and how it enables the distribution of new currency.

Preventing Attacks with Mining

How does mining prevent attacks? When designing a peer-to-peer payment network, the creator must assume that some peers on the network will try to deceive other, and that all peers in the network will act in their own self-interest. So what might go wrong with the Bitcoin network? One obvious problem is that someone might create a transaction assigning himself a million bitcoins. However, because a public record of all Bitcoin accounts exists in the blockchain, everyone can easily identify when someone is trying to give himself money that he doesn’t own; unless a person can provide a valid signature for the transaction using a Bitcoin address that contains a million coins, no other node on the Bitcoin network will accept this transaction.

However, a more difficult problem to pinpoint is when a peer creates one ledger that includes a transaction spending her own bitcoins (for which she can create a digital signature) and then produces a second ledger in which those bitcoins were never spent (or sent to a different person). An abusive peer could first add a transaction to the blockchain to send bitcoins to you, and then after you gave her something of value (e.g., a cake), she could produce a new ledger in which that transaction never happened. The second ledger would conflict with the first ledger, so this abuse would certainly not go unnoticed, but it wouldn’t be clear which ledger was correct. Presumably, the first ledger would be correct and any subsequently created ledger that conflicts would be invalid (after all, you already gave away your cake). But peers on the network may disagree as to which ledger came first (especially those with malicious intent), and without a central authority, who is to say which peers are correct? Bitcoin mining solves the problem of ordering transactions so everyone can agree which ones came first.

Every Bitcoin user constantly receives blocks from other users on the network. These blocks may be part of different, competing branches in the main Bitcoin blockchain and therefore represent conflicting versions of the true ledger. Hence, the software running on every user’s computer constantly evaluates blocks as they appear on the network and decides which one is the most trustworthy and likely to be part of the accepted blockchain in the future. How does it decide?

It simply picks the one that has the most blocks (i.e., has the longest blockchain). This is considered the oldest and so came first. A blockchain with 12 blocks has existed for longer than one with 7 blocks. However, this method of deciding which chain to trust works only if a malicious peer cannot create a second ledger, immediately add 10 (or more) blocks to it, and make it seem as though the second ledger predated the first.

For this reason, the Bitcoin software checks how much computational work was required to add each block in competing branches. The amount of work used to add a block is easy to verify (they call it a proof-of-work algorithm because you can prove that you did the work). The branch with the “most work” is usually the longest one (i.e., the one with the most blocks), but if someone cheated by making a long branch with lots of “easy” blocks, it wouldn’t count. For a malicious peer to create a second ledger, erase his old transactions, and convince everyone his ledger was first, he would have to add blocks to it more quickly than the rest of the network. The only way to accomplish such fraud would be to privately control more computational power than the entire Bitcoin network. This type of abuse is called the 51 percent attack, and there is a good reason why it has never happened.

The only way to carry out a 51 percent attack is to invest more heavily in Bitcoin mining than everyone else on the network combined, and the only advantage gained is being able to double-spend your own bitcoins. But the rewards of doing so are limited: Such an attack would undermine people’s confidence in the Bitcoin system, and the attacker’s bitcoins would become devalued.

Let’s suppose that a malicious attacker decided to make such an investment. What would be more lucrative: to abuse the ledger or to collect mining rewards? The economic incentives of Bitcoin mining strongly favor the latter. So if someone did amass the power to abuse the system, the only economic advantage would be to use that power honestly and simply mine Bitcoins better than everyone else.

Distributing New Currency with Mining

As mentioned in the beginning of the chapter, besides ordering transactions correctly, Bitcoin mining also serves as a mechanism to distribute a new digital currency. It is not an easy task to create a new currency and distribute it widely. Satoshi could have initially given himself 21 million bitcoins and then arbitrarily handed them out. But that would have been a bit random and most likely wouldn’t have created a meaningful, valued currency.

Because Bitcoin was intended to be a currency with a finite supply, miners can’t generate new bitcoins forever. This means that Satoshi needed to somehow choose a point in time by which all the bitcoins would be generated. If all bitcoins were generated in the first year of Bitcoin’s existence, the currency would have favored early adopters too much. Conversely, if bitcoins were generated too slowly, newcomers might not have had enough incentive to take a chance and devote their computing power to this strange, new project called Bitcoin. Also, if bitcoins were generated so slowly that it would take thousands of years before they were all mined, bitcoins might not have been perceived as a finite commodity but rather one whose supply was constantly being inflated. For better or worse, Satoshi chose a scheme in which bitcoins would be distributed over a century at a rate that is reduced by half approximately every four years3 until the total number eventually reaches 21 million (see Figure 8-1).

image

Figure 8-1: Bitcoin awarded over time: The left graph shows the reward schedule for bitcoins until the year 2031. The right graph extends the time range until the year 2169.

The graph on the left shows the total number of bitcoins in circulation until the year 2031. As you can see, the amount in circulation continues to increase, but the pace slows over time because the block reward is cut in half at regular intervals. Consequently, the bitcoins a miner receives every few minutes, as she wins the mining race, will be much less in future years.

Nearly all of the approximately 21 million bitcoins will be distributed by 2031. However, small amounts of the currency will continue to be distributed long past that date. The graph on the right shows the distribution schedule to the year 2169. Bitcoin’s success in its first five years suggests that Satoshi was at least in the right ballpark when he estimated how rapidly bitcoins should be distributed.

When all the bitcoins have been mined, Bitcoin mining will no longer serve its distribution purpose; rather, it will just be a mechanism for securely processing transactions.

Will people still mine bitcoins then? What happens to the public ledger? Instead of new bitcoins, the reward for being a Bitcoin miner will only be the transaction fees paid by the users (which may be substantial in years to come).

How Does Bitcoin Mining Work?

Bitcoin involves a network of computers around the world that constantly broadcast and relay new transactions to each other. Each computer on this network is a node. Because of Bitcoin’s decentralized nature, some nodes can appear or disappear at random times without impacting the network as a whole. No special central nodes exist.

Nodes can be grouped into three categories: those that only broadcast transactions; those that broadcast and relay transactions; and those that broadcast, relay, and create new blocks with transactions. Each type of node requires substantially more computational resources than the previous type. The last of the three includes Bitcoin-mining nodes and requires the heftiest computers.

When a Bitcoin node is launched (i.e., when you launch Bitcoin software on your computer), it connects to other nodes through the Internet to form a somewhat haphazard (but also robust) mesh network. A mesh network has no central nodes that manage traffic. Instead, all nodes equally share the responsibility of propagating information across the network.

Figure 8-2 shows what a small piece of the Bitcoin mesh network might look like.

image

Figure 8-2: A conceptual drawing of the Bitcoin network. The circles represent nodes, all of which are arbitrarily connected to other nodes via network connections, shown as lines. Transactions and newly mined blocks are continuously broadcast over this network.

In this figure, you can see what happens when, for instance, you buy a cup of coffee using bitcoins. Most likely, you would do this from a mobile phone and would be running the most basic type of node, the broadcast-only node (shown as the circle labeled B at the top of the figure). The transaction steps are as follows:

1. The starting node (your phone) creates a transaction that transfers your coins to the Bitcoin address owned by the coffee shop. This node then immediately sends this transaction to its peers on the mesh network, which are most likely relay nodes.

2. The relay node simply propagates this transaction to other relay nodes, allowing the transaction to quickly propagate everywhere and to everyone. Actually, it is not quite that simple, since the relay nodes need to be wary of malicious or spammy transactions: If a relay node just forwarded any message, the Bitcoin network would quickly collapse in a flood of junk transactions. Therefore, all the relay nodes check that the transaction is correctly formatted, make sure it has valid signatures, and look through the most current version of the blockchain to ensure the money being spent is verifiably present in the source account of the transaction.

3. If the transaction passes muster, it arrives within seconds at all the mining nodes on the network. These mining nodes add this transaction to a preliminary block, which they will attempt to mine (a process we’ll describe in more detail shortly).

4. If the mining is successful, the newly mined block is then broadcast across the network, confirming the block’s transactions and giving the miner a mining reward. Although it typically takes a few minutes for a block to be mined, once the block has been found, it will again traverse the entire network within seconds.

Ultimately, every transaction must be recorded on the blockchain. So nodes that only broadcast must link up directly with nodes that mine or indirectly via nodes that relay. Mining nodes may also apply specific arbitrary criteria to transactions, such as favoring those with a larger transaction fee. If the fee is too low, some mining (or relay nodes) may ignore the transaction. However, just because some nodes ignore a transaction doesn’t mean others will: As long as the transaction finds a mining node that accepts it, the transaction will eventually be added to the blockchain. Usually, mining nodes collect as many transactions as possible (to collect the most fees). Although each transaction has only a small fee attached to it, many thousands of transactions can be included in a block, and the sum of these fees, which are paid to the miner, can be substantial. But due to memory constraints,4 the number of transactions that can be included in a block has a maximum limit. For this reason, some miners exclude transactions whose fees are too low (or zero).

Although all mining nodes collect transactions and organize them into blocks, only one of the nodes (the lucky one) adds its block to the block-chain.5 The fortunate miner then collects the mining reward, which is the sum of the block reward (the newly minted bitcoins in each block) and all the transaction fees for the added block. Nodes that relay transactions and those miners who didn’t add a block do not receive any bitcoins from transaction fees or otherwise.

Once the lucky miner is selected, the new block is broadcast to the rest of the network, and all of the other mining nodes stop working on their old block and start working on a new one. So how is the lucky node decided on? It is the node that solves the block by finding a special input to the SHA256 hash function.

How Miners Solve a Block

Bitcoin mining requires a great deal of computational power, but what do miners calculate? They repeatedly calculate the double SHA256 hash6 of slight variations of certain information, called the block header, in their new block. When a block of transactions is created, the block header contains a summary of information about the block, including the time it was created, a hash of the transactions within the block, and other data, which we’ll delve into shortly. Importantly, in the block header is a field for an arbitrary number called a nonce,7 which the miner chooses. In fact, it is the only part of the block that is under the full control of the miner. So how does a miner choose a value for this nonce?

A solved block (i.e., a block that will be accepted by others as part of the blockchain and the one the miner is paid for) occurs when the double SHA256 hash of the block header results in a number that is less than some predetermined threshold, known as the difficulty target. If the result is greater than the target, the block remains unsolved. When this happens, the miner must try a different nonce, which is contained in the header and hence affects the hash. Because cryptographic hash functions produce completely new outputs when the input is changed by even the tiniest amount, changing the nonce value results in a totally new hash for the entire block header. By repeatedly changing the nonce value, eventually a hash output will be found that is less than the target. Typically, a miner simply increments the nonce by 1 in this search until a successful nonce value is found. When a working nonce is found, the block is solved.8

Anatomy of a Block

Let’s take a closer look at a block’s structure so you can see how the miners’ actions fit into the big picture. At the top level, a Bitcoin block essentially has four parts:

  Anatomy of a Block
➊ blocksize (e.g., 868 KB)
➋ block header (see below)
➌ transaction count (e.g., 1,278)
➍ list of transactions

Blocksize is a number at the top of the block that indicates the size of the entire block ➊. This is followed by the block header ➋, which we’ll discuss in detail shortly. The rest of a block stores a count of the number of transactions ➌ followed by a list of all the transactions ➍. One of these transactions is the block reward, which the miner adds to assign himself some new bitcoins. These bitcoins are created from nothing. All bitcoins in existence at one point originated as such a block reward.

Including the nonce ➏, the block header consists of six pieces of data:

  Block header structure
➊ bitcoin version number
➋ double SHA256 hash of the previous block header
➌ double SHA256 hash of all of the transactions in the block
➍ current timestamp
➎ the difficulty target
➏ the nonce

At the top is a version number ➊. It exists to facilitate the ability to distinguish blocks in the old and new format if ever a major change in the blockchain structure occurs in the future, as Bitcoin is refined. Next, the block header holds a hash of the previous block’s header ➋. It is a very important field because this value links blocks together in a chain: When miners mine a block, not only are they securing the transactions in their own block, but they are also securing the transactions in all previous blocks that make up this version of the chain. By creating this block, a miner is essentially casting a vote stating, “I believe this is the true history of all Bitcoin transactions, and my block builds upon the work of other miners, as indicated by this hash of the previous miner’s block.”

Next, the header contains a hash of all transactions in the current block ➌. When a node on the Bitcoin network receives a block from other nodes on the network, this hash allows them to verify that the transactions in the block haven’t been tampered with; the hash of the transactions must exactly match the value in this field.

Subsequently, a timestamp ➍ indicates when the block was created. For the most part, Bitcoin disregards real-world time. In fact, mining blocks in the blockchain can be thought of as a primitive sequential clock, and the ticking of this clock in the form of newly mined blocks is the only concept of time Bitcoin takes into account.

However, setting the block difficulty is one specific instance in which Bitcoin needs to recognize real-world time. Block difficulty ➎ is periodically calculated using the timestamp of previous blocks and is also a field in the block header. Because Bitcoin is designed to solve new blocks roughly every 10 minutes, it needs a way to measure how far apart blocks have been spaced in the recent past, which is the reason the timestamp field exists. If Bitcoin difficulty wasn’t periodically adjusted based on real-world time, its block rate would be determined by the currency’s popularity. As a result, the Bitcoin network could become unstable if it became too popular or not popular enough. In both of those instances, the block rate would become unreasonable, and the Bitcoin network would no longer function.

So how is the difficulty target value decided? When Bitcoin was created, the target was set to this certain easy number:

26959535291011309493156476344723991336010898738574164086137773096960
≈ 2.7 × 1067 or 2224

To put this value in perspective, the SHA256 hash function outputs values between 0 and 2256 (~1.16 × 1077), and this target requires the output to be less than 2224 (about one-billionth of the maximum output). This is similar to requiring that a random number generator that generates values between 0 and 1 must output a number less than 0.000000001 to solve a block. This target value is the easiest Bitcoin has ever used. Most ordinary personal computers (in 2009) could calculate new hashes at a rate of about 1 million hashes per second, or 1 megahash/s (MH/s). Because the odds of a hash being less than this target value are 1 in a billion, a computer hashing at 1 MH/s would need about 1,000 seconds (~17 minutes) to have a good chance9 at solving a block.

If a faster computer were to start mining at 2 MH/s, the target would automatically decrease to reduce the odds of finding a block (thereby taking longer). The difficulty stored in the blockchain header is expressed as a ratio between the initial target used by Bitcoin (when it started) and the current target. Initially, the difficulty was equal to 1 (because the initial target was the current target), and it has been mostly increasing ever since. If the hash rate decreases (e.g., due to computers withdrawing from the network) so that blocks are found more slowly than ten minutes on average, the difficulty will decrease (which in Bitcoin’s first five years has happened very rarely).

As you can see, target numbers are large and unwieldy. Therefore, it is more convenient, when discussing bitcoin mining, to calculate a difficulty, which is simply the ratio of the current target number to the target number on Satoshi’s very first block, the genesis block:

image

The difficulty is not adjusted immediately in response to increases or decreases in the hash rate. Instead, the difficulty is adjusted every time the blockchain grows by 2,016 blocks, which happens approximately every two weeks (2,016 × 10 minutes = 14 days). If it takes less than two weeks to mine 2,016 blocks, the difficulty is increased, but if it takes longer than two weeks, the difficulty is decreased.

During the first five years, the mining difficulty in Bitcoin increased from 1 to over 50 billion. At this difficulty, an ordinary personal computer (tablet, laptop, etc.) would be lucky to solve one block every 3.5 million years! This difficulty corresponds to a network hash rate that is ~360,000,000,000 MH/s, or 360 petahash/s (PH/s). All of the world’s conventional supercomputers combined would hash at a rate less than 1 PH/s.

The incredible rise in computational power used for Bitcoin mining derives from a combination of wider adoption and the use of increasingly specialized hardware. In the first year, most miners used the CPUs on their laptops to mine bitcoins. Then people realized they could repurpose graphics cards designed originally for demanding computer games to mine bitcoins. The graphics cards, specifically the graphics-processing units (GPUs) on them, were thousands of times faster and more energy efficient than CPUs. Not long thereafter, hardware developers discovered they could use field programmable gate arrays (FPGAs), which are specialized devices used for computer chip prototype development, to mine bitcoins even faster than GPUs. Until this point, nobody had manufactured hardware specifically to mine bitcoins. GPUs and FPGAs were off-the-shelf hardware that was just repurposed for Bitcoin mining. However, when the Bitcoin economy became extensive, it became worthwhile for computer chip developers to create application specific integrated circuits (ASICs), like the one in Figure 8-3.

image

Figure 8-3: An early ASIC Bitcoin-mining machine from the Avalon Corporation. The small chips arranged in a grid are each custom ASIC chips designed to perform Bitcoin hash operations.

These single-purpose computer chips were manufactured specifically to mine bitcoins in the fastest, most energy-efficient way possible. Bitcoin ASICs are optimized to calculate SHA256 hashes. Today, practically all Bitcoin mining is done with ASIC-based hardware. Further increases in speed and efficiency are being achieved continually by designing the chips with smaller and smaller features (from 130 nm to 65 nm to 28 nm features, and so on). Consequently, more calculations can be made per unit of area. Each new breakthrough in hardware performance leads to a network hash rate that increases by many orders of magnitude (see Figure 8-4), especially if the price of bitcoins rises at the same time (further justifying capital investment in mining hardware).

image

Figure 8-4: The amount of computation performed over time on the Bitcoin network (in terrahashes, or trillions of hashes per second). The left graph uses a traditional linear scale for the y-axis, in which the enormous computing power of ASIC miners in 2013 dwarfs all previous methods of mining. In the right graph, we use a logarithmic scale for showing the hash rate of the network, making it possible to see the progress in computing power on the network more clearly, progressing from CPU, to GPU, to FPGA, and finally ASIC mining.

At a difficulty of 50 billion, a Bitcoin-mining device capable of 10 TH/s could find a block about once every 8 months, which is an average time, and the variance can be significant. For Bitcoin miners who want to receive a more steady income, it is best to join forces with other miners in what is known as pooled mining.

Pooled Mining

Although the network solves blocks about every 10 minutes, individual miners might only solve a block once every few months. With such an unpredictable revenue stream, it can be difficult to plan and operate a Bitcoin-mining operation. To help make the reward more regular and predictable, most miners who don’t control enormous computational power (i.e., greater than 1 percent of the network hash rate) join a mining pool.

mining pool is a collection of miners who combine computational resources and then split the block reward. From the network’s perspective, a mining pool is a single mining node, but hundreds or perhaps thousands of individual miners are calculating hashes within that node. A mining pool solves blocks more often than an individual miner; therefore, the miners’ income is more frequent. When the block reward is divided among the miners, it is usually allocated proportionally based on the number of hashes a miner contributed. Because it is difficult to know exactly how many hashes an individual contributed, the typical measurement of contribution is in the form of calculated shares. Although the exact details vary between mining pools, a miner earns a share when she calculates a hash output that is less than a much easier-to-reach target than the real target. As a result, it might take an individual miner years before he would find a hash less than the real target but only a few minutes to find a hash less than the pool’s share target. The number of shares accumulated by a miner represents how much of the pool’s hashing power that miner contributed.

Using a pool, a casual Bitcoin user can try her hand at mining and collect tiny fractions of bitcoins using a moderately powerful computing device (e.g., a cheap Bitcoin-mining ASIC that can be plugged into a USB slot). Although it may not be profitable, considering the costs of electricity, it can be fun to accumulate a few microbitcoins by contributing computational power to the network.

Bitcoin Mining for Profit

Should you mine bitcoins? In short, probably not. Bitcoin mining requires significant computational power, which requires electricity, expensive hardware, and space. Your return on investment will depend heavily on the number of other miners there are and how much computational power they’re providing. Because the number of bitcoins distributed to the network is not affected by the number of miners, the more miners, the more diluted the reward will be.10 Bitcoin mining can only be profitable for those with the most efficient hardware, in terms of energy and capital efficiency, and cheapest electrical power. Because hardware manufacturers have the lowest capital costs per mining device, many profitable Bitcoin-mining companies manufacture their own hardware. These manufacturers may also hire their own research and development engineers to design newer and more efficient computer chips (i.e., ASICs) for Bitcoin mining. In summary, Bitcoin mining is an extremely competitive business and will likely become more so as Bitcoin adoption increases.

Perhaps if you have your own wind farm or solar panel array and have more electricity than you know what to do with, you might be able to mine bitcoins profitably. But it still requires careful consideration of the capital costs and the opportunity cost compared to just buying bitcoins directly. A common mistake in estimating the viability of a Bitcoin-mining venture is to put too much weight on the exchange rate (in whichever other currency you’re using). You should always compare the return from Bitcoin mining against the number of bitcoins you could have purchased for the same initial investment. The future exchange rate should make little difference in your investment decision. If it is not profitable to mine bitcoins today when the rate is $200 per bitcoin, it makes no difference if they will be $1,000 per bitcoin tomorrow; you should just buy bitcoins instead of mining them.

It is also important to reasonably project the future hash rate. Although it is impossible to predict the future, more than likely the network hash rate will continue increasing very quickly during Bitcoin’s first 10 years.11 See the following example calculation, keeping in mind that even if mining is more profitable than buying bitcoins directly, it’s still a lot more work!


Example calculation: To mine or to buy?
Equipment: One super-duper-hashing-miner made by Miners-R-Us
      Hash rate: 1 TH/s
      Power consumption: 0.4 kW
      Price: 5 BTC (includes shipping)
Local electricity cost: 0.001 BTC/kWh → monthly power costs: 0.30 BTC
Current difficulty: 4 billion
Time to solve a block   = difficulty * 2^32 / (hash rate)
                        = 4 billion * 2^32 / 1 TH/s = 6.5 months per block
                        (0.153 blocks per month)
New bitcoins per block = 25 BTC
Avg. transaction fees per block = 0.5 BTC
Total mining reward per block = 25.5 BTC
Revenue per month = Total mining reward per block * blocks per month
                  = 25.5 BTC * 0.153 = 3.92 BTC

Scenario #1 – Difficulty increases by 100% per month
Month 1: Rev. = 3.92 BTC, Power costs = 0.30 BTC, Monthly profit = 3.62 BTC
Month 2: Rev. = 1.96 BTC, Power costs = 0.30 BTC, Monthly profit = 1.66 BTC
Month 3: Rev. = 0.98 BTC, Power costs = 0.30 BTC, Monthly profit = 0.68 BTC
Month 4: Rev. = 0.49 BTC, Power costs = 0.30 BTC, Monthly profit = 0.19 BTC
Month 5: (Power costs exceed revenue → turn off mining device!)
Total profits: 3.62 + 1.66 + 0.68 + 0.19 – 5 = 1.15 BTC (mining is profitable)

Scenario #2 – Difficulty increases by 200% per month
Month 1: Rev. = 3.92 BTC, Power costs = 0.30 BTC, Monthly profit = 3.62 BTC
Month 2: Rev. = 1.31 BTC, Power costs = 0.30 BTC, Monthly profit = 1.01 BTC
Month 3: Rev. = 0.44 BTC, Power costs = 0.30 BTC, Monthly profit = 0.14 BTC
Month 4: (Power costs exceed revenue → turn off mining device!)
Total profits: 3.62 + 1.01 + 0.14 – 5 = -0.24 BTC (better to just buy bitcoins)

If you decide to purchase Bitcoin-mining hardware, be wary. Anyone selling Bitcoin mining hardware has calculated that it would be more profitable to sell to you rather than use the hardware to mine himself. Carefully do your research on the vendor, the hardware details, and the shipping timelines. Receiving a mining device a few months later than you anticipated can mean the difference between a positive and a negative return on your investment (because the network hash rate will be higher).

Theoretical Hash Rate Limits

As computers become more powerful and energy efficient, and especially if Bitcoin adoption continues to increase exponentially, the network hash rate is expected to grow significantly. How high can it go? If more and more computers start mining and the price of a bitcoin remains fixed,12eventually the amount of bitcoins each miner earns won’t cover the costs of electricity. Ultimately, it can be argued that the limit of the network hash rate depends on the energy efficiency of the mining hardware (see Table 8-1).

Table 8-1: Energy Efficiency of Different Forms of Bitcoin-Mining Hardware (Calculated as a Ratio Between Hash Rate and Power Consumption)*

Mining device

Hash rate (GH/s)

Power (W)

Energy per hash (J/GH)

Laptop with single-core CPU

0.0005

100

200,000

Laptop with efficient quad-core CPU

0.02

50

2,500

Medium-end GPU (400 cores)

0.1

200

2,000

High-end GPU (2000+ cores)

0.5

300

600

High-end FPGA

0.8

40

50

130 nm ASIC device

10.0

80

8

65 nm ASIC device

60

240

4

28 nm ASIC device

1,000

800

0.8

* Values are representative of typical mining devices; specific designs may vary significantly.

To determine whether Bitcoin mining is profitable using a certain type of hardware, we must combine three factors: the energy efficiency of the hardware, the cost of electricity, and the overall hash rate of the network. The graph in Figure 8-5 shows the relationship between these three factors.

The curves on the graph show how advanced the hardware needs to be, given the electricity costs. The lines on the right side represent instances of higher electricity costs. Clearly, if the electricity costs more, you would need a more advanced hardware setup to be profitable at mining. In this case, more advanced hardware means hardware that consumes less electricity for every joule of energy it consumes.

image

Figure 8-5: Profitability threshold curves for comparing hardware efficiency, electricity cost, and network hash rate on the Bitcoin network. Given your current electricity cost, a curve can be drawn that relates the efficiency needed by your mining hardware (in J/GH) to be profitable, for a certain network hash rate. If you can draw a point below your electricity cost curve for your mining equipment, then you’ll be able to mine profitably on the Bitcoin network.

If bitcoins increase in value, the relative cost of electricity decreases, and the breakeven point for the network hash rate increases. If a mining device has an efficiency of 0.8 J/GH and electricity costs only 0.01 mBTC per kWh, the network hash rate at which mining would no longer viable would be 18,000 PH/s, corresponding to a difficulty of 2.5 trillion. So is it possible the hash rate could go even higher than it is today?

The ASIC designs in Table 8-1 show that the energy per hash drops as the feature dimensions decrease. If we assume that in the future high-efficiency 14 nm ASICs that use only 0.1 J/GH will exist, then at 0.01 mBTC/kWh the breakeven hash rate would be greater than 100,000 PH/s. Computer chips made with features smaller than 14 nm dimensions don’t exist yet, but Moore’s law13 has persistently defied predictions by skeptics that computer chips have reached the smallest feature sizes possible. Clearly, the network hash rate could potentially be enormously higher than it is today.

Decentralization in Bitcoin Mining

Bitcoin’s success depends on being a decentralized network. In its infancy, anyone could join the Bitcoin network as a mining node; however, now mining is done primarily by professionals with resources, expertise, and capital well out of reach of the average Joe. Is this trend recentralizingBitcoin? This is a subject of debate among Bitcoin users, miners, and developers.

Another related subject we haven’t discussed in detail yet is the limit to the number of transactions that can be included in each block. Obviously, a real, physical limit exists in the sense that an individual cannot include an infinite number of transactions in any block. However, a smaller limit is imposed as a rule in the Bitcoin protocol (i.e., although the physical limit might be in the range of millions of transactions per block, the rule-based limit is in the thousands of transactions range). The original purpose of this self-imposed limit14 was to prevent the blockchain from becoming bloated with pointless transactions (i.e., spam), but some have argued that the limit serves a greater purpose, which is to maintain decentralization.

In addition to having a computing device that can perform SHA256 hashes very quickly, mining nodes and relay nodes must have sufficient storage space to store a full copy of the blockchain. If the blocks that make up the chain become much larger than they are now, not only will miners need faster computers, but their systems will also need the capability of storing substantial amounts of data (possibly in the form of large data centers). This would further increase the capital requirements of miners and inevitably lead some to abandon the profession. Fewer mining nodes would make the network more centralized by degrees. For this reason, some miners have advocated for limiting the number of transactions per block to a small number (although this would ultimately drive up transaction fees). Is such a desire justified?

Although it’s a complicated issue, we can use the gold mining analogy to explain. Is gold a centrally controlled commodity? Very few people, by percentage, have the resources, time, and expertise to mine gold. However, no monopoly exists on gold mining; any well-financed venture can search for gold and attempt to mine it. Similarly, even though Bitcoin mining might no longer be viable for casual users and instead become a venture performed by companies and organizations, a single institution would never obtain sole control of Bitcoin mining. Nonetheless, it is best to keep a close eye on the future number of Bitcoin miners.

image

image

image

image