404 pagina niet gevonden
4 stars based on
69 reviews
SAT solving - An alternative to brute force bitcoin mining 03 February A Bitcoin mining program essentially performs the following in pseudo-code: This is a brute force approach to something-like-a preimage attack on Obmen bitcoin mineral The process of mining consists of finding an input to a cryptographic hash function which hashes below or equal to a fixed target value.
Namely, a model checker backed by a SAT solver are used to find the correct nonce or prove the absence of a valid nonce. In contrast to obmen bitcoin mineral force, which actually executes and computes algirithm hashes, my approach is only symbolically executing the hash function with added constraints which are inherent in obmen bitcoin mineral bitcoin mining process.
The main results besides the recipe for building a SAT-based miner, are: The proposed algorithm potentially gets more efficient with increasing bitcoin difficulty. This is not the first time SAT solvers are used to analyse a cryptographic hash. Mate Soos et al have done interesting research on extending SAT solvers for cryptographic problems [1]; Iilya Mironov and Lintao Obmen bitcoin mineral generated hash collisions using off-the-shelf SAT solvers [2]; and many others, e.
However, to the best of my knowledge, this is the first description of an application of SAT solving to bitcoin mining. I do not claim that it is a faster approach than brute force, however it is at least theoretically more appealing.
To aid understanding, I will introduce some basic ideas behind SAT solving and model checking. Please see the references for a better introduction to SAT solving [11] and bounded model checking [12]. As easy as it may hitcoin, it is one of the hard, outstanding problems in computer science obmen bitcoin mineral efficiently answer this decision problem.
There is a large and thriving community around building algorithms which solve this problem for hard bitcoin mining algorithm source search.
Actually, each year soure is a competition held where the latest, improved algorithms compete against each other on common problems.
Thanks to a large number of competitors, a standard input format DIMACSand the easy way obmen bitcoin mineral benchmarking the performance of SAT solvers there have been massive improvements over the last 10 years. Wikipedia obmen bitcoin mineral the algorithm well: A literal is simply a variable or its negation. A clause is a disjunction of literals. CNF is then any formula which purely consists of conjunctions of clauses.
DPLL then consists of a depth-first search of all possible variable assignments by picking an unassigned variable, inferring bitcoin mining algorithm source search of further variables which obmen bitcoin mineral sourcs follow from the current assignment, and resolving potential conflicts in the variable assignments by backtracking.
Model checkers such as CBMC [5] directly seagch programming languages like C into CNF formulas, in such a way that the semantics of each language construct such as pointers arithmetic, memory model, etc are preserved.
Clearly, this is quite involved and is done in a number of steps: A simple example of the transformation is visible in the following figure from paper [6]: As visible in the figure, the property which should be checked for violations is expressed as an assertion.
If it is not possible to make the formula true then the property is guaranteed to hold. Most importantly, in case of satisfiability, the model checker can reconstruct the variable assignment and execution trace called counterexample which leads to the violation using the truth variable algodithm provided by the solver.
Bitcoin mining using SAT Solving and Model Checking Using the above tools we can spurce the bitcoin mining obmen bitcoin mineral very differently to brute force. We take an existing C implementation of sha from a mining program and strip away everything but the actual hash function and the basic mining bltcoin of sha obmen bitcoin mineral block. The aim of this is that with the right assumptions and assertions added to the implementation, we direct the SAT solver to find a nonce.
Instead of a loop which executes the obmen bitcoin mineral many times and a procedure which checks if we computed a correct hash, we add constraints that when satisfied implicitly have the correct nonce in its solution. The assumptions and assertions obmen bitcoin mineral be broken down to the following ideas: The nonce is modelled as a non-deterministic soyrce The known structure of a valid hash, i. The nonce Instead of a loop that continuously increases the nonce, obmen bitcoin mineral declare the nonce as a non-deterministic value.
Slurce is a way of abstracting the model. In model checking, non-determinism is used to model external user input or library functions e.
Obmen bitcoin mineral nonce can be seen as the only "free variable" in obmen bitcoin mineral model. Encoding the structure Bitcoin mining programs always have to have a function which checks whether the computed hash is below the target see here ssarch an example. We could do the same and just translate this function straight to Obmen bitcoin mineral, however there is a much better and more declarative solution than that in our case. Instead, we can just assume values which we know are fixed in algorjthm output of the hash.
This will algofithm the search space to discard any execution paths where the assumptions would not be true anymore. Because obmen bitcoin mineral are not in a brute force setting, but a constraint solving setting this is very simple to express. We assume the following: Only compute hashes which have N bytes [N depends on the target] of leading zeros. In CBMC this is simple to achieve and looks about as follows: Assumptions on the bitcoin mining algorithm source search miining result in restrictions of the input -- in our case this means only valid nonces will be considered.
This serves three purposes: Again, in comparison, brute force just blindly computes hashes with no way obmen bitcoin mineral specifying what we are looking for. The SAT-based solution only computes hashes that comply with the mining specification of a valid hash. The Assertion The most important part is defining the assertion, or the property P as it is called in the section above.
The key idea here is that the counterexample produced by the model checker will contain a valid mijing given a clever enough assertion. A bounded model checker is seacrh a bug obmen bitcoin mineral tool. You specify the invariant of your system, which should always hold, and the model checker will try to find an execution where this invariant is violated i. That obmen bitcoin mineral why bitcoin mining algorithm source search Obmen bitcoin mineral above is negated in bitcoin mining algorithm source search formula.
Thus, the invariant, our P, is set to "No valid nonce exists". If a satisfiable solution is found, we will get an execution path to a valid nonce value. In reality, this is encoded more elegantly. Since the leading zeros of a hash are already assumed to be true, all that remains to be asserted is that the value of the first non-zero byte in the valid hash will be below the target at that position.
Again, we know the position of the non-zero byte for certain because of the target. For example, if our current target is the following: The only way this can be done is by playing with the only free variable in the model -- the nonce.
In that way, we just translated the bitcoin mining problem into SAT solving land. Producing a Counterexample Combining the ideas from the above sections results in a conceptual SAT-based bitcoin mining framework. In pseudo C code this looks as follows: The advantage of using the built-in solver is that, in case of satisfiability, the model checker can easily retrieve a counterexample from the solution which consists of all variable assignments in the solution.
A violation of the assertion implies a hash below the target is found. Let us inspect a counterexample when run on the genesis block as input. At state below, the flag was found to be 0 which violates the assertion.
Moving upwards in the execution trace we find a valid hash in state Finally, the value of the non-deterministically chosen nonce is recovered in state State file satcoin. In order to evaluate its performance I generated two benchmark files where one has a satisfiable solution and the other does not. I restricted the nonce range the possible values to be mlning to algoritym for each file.
The files are available on the following github project. Unsurprisingly, the solvers are not capable of solving this problem efficiently as of now. However, it is interesting to see the differences in algoriyhm.