Preventing mining pool concentration with Lamport signatures

a simple hack

edit: here’s a far more efficient way to do this https://medium.com/@lmgoodman/7c7ba2d6a1b (inspired by a post from @RKHilbertSpace)

It occurs to me that there is a simple hack which could prevent the concentration of bitcoin mining pools. It only requires a minimal change to the bitcoin protocol and, quite importantly, it does not penalize the existing investments in ASICs.

Instead of having the miner attempt to produce a block hash matching the difficulty, we have the miner generate Lamport signatures.

First, the miner forms a pair of public/private Lamport keys.

The miner then hashes the block header along with the signature and signs this hash, the hash of this signature must then meet the difficulty target.

Lamport keys are S (secret) and P (public)

B is the usual bitcoin block header (timestamp, merkle hash of transactions, etc)

Sha is the SHA-256 hashing function

Sign(S,Sha(M)) is the Lamport signature of the digest of message M using secret key S

+ is the xor function

We are computing

x = Sha(Sign(S, Sha(Sha(B)+Sha(P)))))))

x is the the block hash and is the number that must meet the difficulty target.

The miner can collect his reward at a later time, using the same key. Since the security parameter of a Lamport key halves after each signature on average, we use a signature of 512 x 256 bit hashes.

Some key properties