Donate $100 for the Cryptome archive of 65.000 files from June 1996 to the present

17 May 2011

The Bitcoin Lottery

Date: Tue, 17 May 2011 13:21:38 +0200
From: Eugen Leitl <eugen[at]>
To: cypherpunks[at], info[at]
Subject: Re: [silk] Bitcoin

----- Forwarded message from Alaric Snell-Pym <alaric[at]> -----

From: Alaric Snell-Pym <alaric[at]>
Date: Tue, 17 May 2011 12:09:43 +0100
To: silklist[at]
Subject: Re: [silk] Bitcoin

On 05/17/11 11:15, Suresh Ramasubramanian wrote:

> Alaric Snell-Pym [17/05/11 11:06 +0100]:
>> Ah, the limit isn't done like that. 50 bitcoin are generated about every
>> 10 minutes, period. The more CPU time you put in, the larger a *share*
>> of that you get, but the global rate remains the same.
> the more CPUs you put in?

Well, the more CPU *time*.

Technically, to mine bitcoin, you're racing to be the first to find a number that, when combined with the details of a bunch of pending transactions with a complicated function (SHA-256, for the tecchies out there), is less than a target.

So you set your CPU trying random numbers, feeding them along with a heap of pending transactions into SHA-256, and seeing if the output is below the target.

If it is, you advertise that fact to the network, and you get to spend 50 bitcoin as you see fit.

However, it takes something like 2^47 attempts (each attempt is called a "hash") to find an output below the target. My MacBook pro can do about a million - 2^20 - per second, meaning it'd take 2^27 seconds, or about 1500 days, to find one. On average. I might get lucky and find one right away. Or I might not, and take five times that long.

So if I put twice as many CPUs in, I could do it in about half the time (on average). Either way, for my kind of CPU, it takes about 1500 days of time to "win a block". If I split that between 1500 CPUs, I can win a block a day! As the system adjusts the difficulty of the target so that, on average, six blocks are won per hour, one per day would give me 1/144 of the entire creation rate of new bitcoins...

In practice, the "miners" (people who set out to win blocks) don't use CPUs; they use GPUs (as found on video cards). Certain brands of GPU (ATI ones, it seems) are good at the maths required for SHA-256, so they put loads of graphics cards into their PCs and set them trying out random numbers until they get a 'win'.

Even then, it'd still take them weeks... so what most do is to join "pools" and get their systems to cooperate with others. The pool measures how much they're contributing, by them sending the pool evidence of near-misses (results they get that approach the target, but don't make it), by which the pool works out how much CPU time each member is putting in; when somebody in the pool wins the block, the money goes to the pool (and the pool can check that!), so the pool splits it proportionally by how much CPU time was contributed.

Really, it's all like a lottery; and the miners get their systems entering the lottery a billion times per second.

Currently, the bitcoin network produces about 1.5 trillion hashes per second, total. So somebody managing a billion a second, in a mining pool, earns about a 1500th of the total "income" of new bitcoin - 50 every ten minutes...



Alaric Snell-Pym