17 May 2011
The Bitcoin Lottery
Date: Tue, 17 May 2011 13:21:38 +0200
From: Eugen Leitl <eugen[at]leitl.org>
To: cypherpunks[at]al-qaeda.net, info[at]postbiota.org
Subject: Re: [silk] Bitcoin
----- Forwarded message from Alaric Snell-Pym
From: Alaric Snell-Pym <alaric[at]snell-pym.org.uk>
Date: Tue, 17 May 2011 12:09:43 +0100
Subject: Re: [silk] Bitcoin
On 05/17/11 11:15, Suresh Ramasubramanian wrote:
> Alaric Snell-Pym [17/05/11 11:06 +0100]:
>> Ah, the limit isn't done like that. 50 bitcoin are generated about
>> 10 minutes, period. The more CPU time you put in, the larger a
>> of that you get, but the global rate remains the
> the more CPUs you put in?
Well, the more CPU *time*.
Technically, to mine bitcoin, you're racing to be the first to find a number
that, when combined with the details of a bunch of pending transactions with
a complicated function (SHA-256, for the tecchies out there), is less than
So you set your CPU trying random numbers, feeding them along with a heap
of pending transactions into SHA-256, and seeing if the output is below the
If it is, you advertise that fact to the network, and you get to spend 50
bitcoin as you see fit.
However, it takes something like 2^47 attempts (each attempt is called a
"hash") to find an output below the target. My MacBook pro can do about a
million - 2^20 - per second, meaning it'd take 2^27 seconds, or about 1500
days, to find one. On average. I might get lucky and find one right away.
Or I might not, and take five times that long.
So if I put twice as many CPUs in, I could do it in about half the time (on
average). Either way, for my kind of CPU, it takes about 1500 days of time
to "win a block". If I split that between 1500 CPUs, I can win a block a
day! As the system adjusts the difficulty of the target so that, on average,
six blocks are won per hour, one per day would give me 1/144 of the entire
creation rate of new bitcoins...
In practice, the "miners" (people who set out to win blocks) don't use CPUs;
they use GPUs (as found on video cards). Certain brands of GPU (ATI ones,
it seems) are good at the maths required for SHA-256, so they put loads of
graphics cards into their PCs and set them trying out random numbers until
they get a 'win'.
Even then, it'd still take them weeks... so what most do is to join "pools"
and get their systems to cooperate with others. The pool measures how much
they're contributing, by them sending the pool evidence of near-misses (results
they get that approach the target, but don't make it), by which the pool
works out how much CPU time each member is putting in; when somebody in the
pool wins the block, the money goes to the pool (and the pool can check that!),
so the pool splits it proportionally by how much CPU time was contributed.
Really, it's all like a lottery; and the miners get their systems entering
the lottery a billion times per second.
Currently, the bitcoin network produces about 1.5 trillion hashes per second,
total. So somebody managing a billion a second, in a mining pool, earns about
a 1500th of the total "income" of new bitcoin - 50 every ten minutes...