Trustless cloud mining

[miner2251]

For now, there are many services that offer cloud mining. The scheme used here is as follows: at first, you deposit coins to some website and then they are showing you some growing numbers. You can withdraw funds after reaching some value, you can also stick with some free plan or purchase some paid option, that will speed up your mining, depending on this item's price.

The problem with this type of sites is that most of them are just scams, you can deposit some coins, you can even withdraw them for a few months, but then, suddenly the whole website can disappear and reappear under completely new address.

It seems that blockchain also provide solution for this type of service. Instead of depositing coins to some cloud mining address, you can send them to some 2-of-2 multisig. Then, they can make sure that funds are really deposited, but at the same time you can make sure they just don't run away with your coins. And then, they can show you some growing numbers, allowing also some purchases of mining equipment or withdrawing coins.

If you decide to withdraw some of them, you can just create a new transaction spending coins from the multisig input and all they have to do is just signing it. More than that: if they want to gain your trust and show a good will, they can periodically create a transaction that allow you to withdraw all already mined coins and they can sign it.

[1714549236]

1714549236

[1714549236]

1714549236

[1714549236]

1714549236

[NotATether]

Most of those websites aren't even doing any mining in the background, they are just showing you some numbers which is equivalent to putting lipstick on a pig. Scammers are the ones making these sites, so why would they implement something like this?

I don't know about you but I think that "trustless" and "cloud" are mutually exclusive. I mean, even if there was a sure way to ensure you get paid your mining rewards, you still have to trust that the site is actually doing some mining in a datacenter.

Take conventional local mining for example, that's decentralized and you don't have to trust anyone to pay you when you find a block because you own the mining equipment, unless you are mining at a pool, but then there's some form of centralization here, they can almost be considered a "cloud" too.

And how are they going to securely send the customer the seed and public key to the multisig wallet without it getting intercepted by an attacker? Someone getting possession of it will neutralize the security of using multisig in your plan.

[miner2251]

And how are they going to securely send the customer the seed and public key to the multisig wallet without it getting intercepted by an attacker? Someone getting possession of it will neutralize the security of using multisig in your plan.

Are you trying to say that sending public keys over HTTPS is not secure somehow? Also, intercepting public keys could only harm privacy, but still, private keys are needed to spend it. Also, multiplying and dividing keys is enough to prove the ownership of some private key and share the public key at the same time. More than that: both private keys are needed (or both signatures signing some transaction chosen by the attacker). If only one would be compromised, then altering transaction by some third party is impossible.

unless you are mining at a pool, but then there's some form of centralization here, they can almost be considered a "cloud" too

Exactly. It could be useful to receive some smaller amounts by forming some kind of CPU pool. For example: if mining 1 BTC needs a lot of power, then mining single satoshi is 10^8 times easier. Then, if there are many clients, that could be promising somehow. "Cloud" or "pool" mining operator can just receive shares and send payments in this "LN-like way". Sooner or later, millions of such miners could produce a block.

[ranochigo]

Exactly. It could be useful to receive some smaller amounts by forming some kind of CPU pool. For example: if mining 1 BTC needs a lot of power, then mining single satoshi is 10^8 times easier. Then, if there are many clients, that could be promising somehow. "Cloud" or "pool" mining operator can just receive shares and send payments in this "LN-like way". Sooner or later, millions of such miners could produce a block.

The trick is to produce a block with your CPU pool. My ASIC would outpace probably thousands if not millions of actual PCs. A pool wouldn't pay out unless they generate a block that is why PPS is usually for more established pools because they can afford to pay out the funds in advance while smaller pools pays out in PPLNS.
Most cloud mining websites, or at least those legit ones takes in deposits for contracts to cover the running costs of their ASIC farms. If the funds gets locked in the multisig, then there is no way for them to pay off their expenses in the short turn and they might as well just mine for themselves. There is a reason why they sell their hashpower and that is to eliminate the possibility of profitability loss due to exchange rate or difficulty changes. Locking them in a 2-of-2 multisig with no mediator is dangerous. Either party could refuse to sign a transaction and effectively holding one another hostage over the funds.

I don't think trustless cloud mining will ever exist. The nature of cloud mining requires the payment to be done upfront.

[PrimeNumber7]

The closest thing to "trustless cloud mining" is something along the lines of the business model that nicehash used, that is customers would pay a fixed amount for the ability to use a particular miner for a set amount of time. The amount of trust required could be reduced with LN if for example, the customer could have the right to rent a miner for up to a certain number of days, but would be charged by the minute, or half-minute, and would need to pay every minute, half-minute, or another interval. This would mean the customer would potentially lose only a small amount of coin if the cloud miner were a scammer.

The drawback to the above is that it will probably result in higher prices for the customer because the miner will have to finance the purchase of the equipment out of their own pocket, the owner of the miner would not have a guarantee their equipment will always be in use and would bear the risk that difficulty increases faster than projected.

I cannot think of a way a cloud miner could be considered anything close to "trustless" for the traditional cloud mining websites that sell "lifetime" access to a set amount of hashrate.

[NotATether]

Are you trying to say that sending public keys over HTTPS is not secure somehow? Also, intercepting public keys could only harm privacy, but still, private keys are needed to spend it. Also, multiplying and dividing keys is enough to prove the ownership of some private key and share the public key at the same time. More than that: both private keys are needed (or both signatures signing some transaction chosen by the attacker). If only one would be compromised, then altering transaction by some third party is impossible.

I was thinking of delivery of private keys via email, which has horrendous privacy problems. But now that I think of it, there's a way to make private keys available in the browser without giving anyone else a chance to see it.

It involves creating a token for each user every time they buy a mining contract, similar to the session IDs that Chipmixer makes. These tokens have to be saved by the user because they are erased server-side. Typing this token gives you access to your corresponding private key for you to copy (operating system security and clipboard snooping et al still apply).

A bonus you get from this method is that when the user wants to cancel their service, they would delete this token which will also delete the private key, after one final transaction to move all mined bitcoins off to the user has been signed and broadcasted.

[pooya87]

I was thinking of delivery of private keys via email, which has horrendous privacy problems. But now that I think of it, there's a way to make private keys available in the browser without giving anyone else a chance to see it.

It involves creating a token for each user every time they buy a mining contract, similar to the session IDs that Chipmixer makes. These tokens have to be saved by the user because they are erased server-side. Typing this token gives you access to your corresponding private key for you to copy (operating system security and clipboard snooping et al still apply).

A bonus you get from this method is that when the user wants to cancel their service, they would delete this token which will also delete the private key, after one final transaction to move all mined bitcoins off to the user has been signed and broadcasted.

That doesn't solve anything, the company has to always have access to the funds and be able to move them (we assume they are a legitimate business and have to buy equipment, pay for maintenance, pay the bills, etc). So the coins can't be locked in a single key and stay there, they have to move. The company can't also give access to their whole balance to random users! If the company turns malicious they can also empty the key before the user by storing the key and lying about discarding it.

[acquafredda]

2-of-2 multisig doesn't achieve trustless cloud mining. While it's true it prevent them (the cloud mining company) from stealing your Bitcoin, but it brings another problem such as,
1. User refuse to sign transaction because they feel cheated (e.g. non-transparent operational cost report)
2. They (the cloud mining company) could deceive user by saying they need to pay operational cost, when they actually slowly perform exit scam
3. They refuse to sign transaction because user violate their ridiculous ToS

Exactly this.
I am sorry but I would never use the word trust, in any form, in association with the words "cloud mining". I have seen too many scams here on bitcointalk to never go back to anything cloud mining ever again.

[hugeblack]

Trustless cloud mining is like exhanging from fiat money to cryptocurrencies, it is an activity that requires non-digital interaction and thus the need to trust a third party to solve the problem, it is not among the problems that can be solved digitally.
Some solutions may enable you to guarantee receipt of your coins, but they may include cases of misuse. There is no company that accepts such cases or any cause cand made losses to them.