I Introduction
In 2008, Satoshi Nakamoto [1] published a breakthrough decentralized cryptosystem called Bitcoin, which ushered in an era of fully distributed trust network. Ten years have passed since its publication and Bitcoin is indeed a successful electronic currency. Many papers have been published for Bitcoin applications [2], however, very few are ever materialized. We believe that there are two main reasons for this phenomenon: the intrinsic overhead of the Bitcoin construction and the security hazards [3] [4] such as double spending.
The intrinsic overhead of Bitcoin lies in two parts of the system: the information propagation and the proofofwork mechanism. The former is strongly related to the synchronization and consensus issue. Karame et al. [5] [6] initiated the study of fast payment in order to accelerate the transaction confirmation in Bitcoin and found out that the double spending probability is nonnegligible. Bamert et al. [7] proposed securing fast payments, which improved the previous studies. They showed that under their construction the double spending probability diminishes to less than 0.088%. Stathakopoulou et al. [8] introduced a faster Bitcoin network based on the pipeline. They showed that increasing the locality of connectivity among each node can accelerate the information propagation. By implementing a Content Distribution Network, they achieved 60.6% average speed up. From these works, we see that resolving the intrinsic overhead by accelerating the information propagation has limited performance.
As a result, we tried to fix the intrinsic overhead of Bitcoin network, or the PoWbased network, by proposing a new difficulty adjustment mechanism. The main focus is to strengthen the power of PoW so that it can guarantee stronger security.
Ia ProofofWork (PoW)
In a PoW system, every participant has the right to be the verifier, but with a different probability. The probability to be selected as a verifier depends on how much he or she has devoted to the system. That is, the more one contributes to the system, the higher probability he or she has to be selected as a verifier. The mechanism to evaluate the amount of devotion is the socalled proofofwork. Practically speaking, each participant keeps computing hash values of the header of a block. And the first one who finds a small enough hash value will be regarded as the verifier for the current block.
IB Double Spending
However, there is a potential hazard that the verifier is an attacker. Attackers might modify the transaction record and benefit themselves. In [1], Satoshi referred to this kind of situation as double spending in which the verifier spends the same money twice, which is definitely not allowed to happen in a trusted system.
The original double spending scenario in [1] considers the possibility that some attackers in Bitcoin system build their own blockchain instead of mining on the main chain. The attackers build a private blockchain that is longer than the public chain. Thus, other participants in the system will adopt the longer one, which in this case is the attackers’ private blockchain. The attackers produce some fake transactions in its private blockchain, usually by removing the records of their spendings so as to spend that money again in the future. Once these fake transactions such as a double spending one, merge into the main blockchain, the trust of the system will break down.
IC Highorder Markov Chain
Raftery [9] proposed the Mixture Transition Distribution model (MTD) in 1985 which models the highorder Markov chain with a lag coefficient. Later, Berchtold and Raftery [10] generalized the idea into multimatrix MTD, infinitelag MTD, spatial MTD, etc., which can be used in various applications. In 2005, Ching et.al. [11] [12] relaxed the constraints in MTD model and yielded a more general results. Recently, Li and Ng [13]
used probability tensor to model the highorder Markov chain, and found some sufficient conditions for the existence and uniqueness of stationary distribution.
However, these previous works are not quite the same as what we focus here. They generalized the Markov property into highorder Markov chain, which conditions on more than one past states, and emphasized on the stationary distribution or asymptotic behaviors of a single state. Here, we not only utilize the highorder Markov property but also obtain the stationary distribution or asymptotic behaviors of a sequence of states. In other words, the event we care about is a period of time or state, not a single snapshot.
Ii Model
We use a general stochastic process to model the PoW system and construct the personalized difficulty adjustment PoW system step by step. We start from the traditional PoW system in Section IIA, then we introduce the concept of personalized difficulty adjustment in Section IIB and give an example of difficulty function in Section IIC.
Iia Traditional PoW system
First, note that the system is basically a discrete system. Namely, the system is composed of a sequence of blocks, and it’s sufficient for us to use the index of each box to order the configurations in the system. In the following construction, we use the small letter to denote the order index of the block we are at.
Next, there are participants in the system competing for solving hash values. Each of them intrinsically has his own computing power, denoted as , where refers to the index of the participant and is the block index. Besides the computing power, there is a timevarying parameter recording the difficulty of the system. We denote the difficulty for competing block as , with computing power and difficulty . It is sufficient to model the traditional PoW system with a twotuple stochastic process as follows.
Definition 1 (traditional PoW system).
A traditional PoW system is a 2tuple
where is the computing power of player and is the difficulty of the system at the block respectively.
At block , participant has computing power and is assigned with difficulty . Each of the participants then keeps computing hash function until one of them finds a valid hash value. The probability of participant to win at block is proportional to . This observation is formally stated in Theorem 1 and is proved in Appendix A.
IiB Personalized Difficulty Adjustment (PDA) PoW System
To simplify the problem, we assume all the nodes in PoW networks have the same computing power. A PDA PoW system modifies the dynamic parameter of itself according to the recent outcomes in the system. For example, in this system [Figure 1], the difficulty index of each player will be configured according to the past winners in recent blocks. Suppose player A wins 4 blocks in the past 6 blocks, then his difficulty will be higher than player B who only wins 1 block in that period. Intuitively, we can think of the scenario as a dynamic stochastic process in which the transition mechanism will depend on a period of past results.
To formalize a PDA PoW system, there are three elements we need to add into the system: the winning history, the number of past blocks we concern, and the difficulty function.
The winning history records who wins the block from the beginning till current block denoted as , where denotes the winner at the th block. Next, we denote the number of past history as . That is to say, if we are at block , then we are going to consider the winner at blocks . The difficulty function is specified by from the past winning history to a difficulty assignment for every player. Thus, we define PDA PoW system as follows:
Definition 2 (personalized difficulty adjustment proofofwork system).
A PDA PoW system with participants (players) is a 5tuple
where

denotes the computing power of player at block . For simplicity, if not specified, we assume the computing power of each player is a constant and remains all the same. Intuitively, we can think of computing power as internal power.

denotes the difficulty of player at block . Intuitively, we can think of difficulty as external power.

denotes who wins at block .

is the number of blocks we look into the past.

is the difficulty function that looks into past blocks.
The process is actually overdetermined. The difficulty are recursively defined by the winning history , the number of blocks we look in the past and the difficulty function . Similarly, we denote the probability of the th player to compute for block as . And for convenience, we denote the recent histories as history.
The probability of winning matters the most. With some probability argument, we can derive a simple relation between winning probability, difficulty, and computing power stated in the following theorem.
Theorem 1.
The winning probability of player at block is proportional to the winning probability divided by the difficulty. That is, . The proof is left in Appendix A.
Intuitively, Theorem 1 tells us that the winning probability of each player is proportional to the ratio of computing power and the assigned difficulty. As a result, once this ratio is approximately the same for all participants, then the winning probability will close to uniform.
IiC Difficulty function
Definition 3 (difficulty function).
A difficulty function that considers past blocks is a mapping from past history
to a difficulty vector for
players: .Also, with Theorem 1, we assume for simplicity.
Example II.1 (exponential nonordered difficulty function).
Denote the winning times of player in the past blocks from current block as . An exponential nonordered difficulty function maps
Suppose we take and every player has the same computing power. If the 3history right now is , then the winning times of each player is:
The difficulty for each player at block is:
The winning probability for each player at block is:
p.s. we denote as
This example shows the intuition of exponential nonordered difficulty function: the winning probability at block is proportional to .
Iii Rate of consecutive winning
Now we want to examine how well the PDA mechanism prevents us from consecutive winning.
We define the scenario we care about.

Setting: A PDA PoW system with players: . Assume the computing power is constant for each player, i.e. .

Goal: We want to know the probability of player 1 consecutively winning for time, i.e. .
First, we consider the case with no difficulty function (or we choose the exponential nonordered difficulty function).
Iiia No difficulty function
As the winning probability for each player at a single block is all the same: , the probability of player to consecutively win blocks is . From another point of view, we can think of this as a nodifficultycase as the winning probability of each block is i.i.d while, in other cases the winning probability of each block is correlated.
IiiB Arbitrary difficulty function
And then we consider choosing an arbitrary difficulty function . However, since the winning probability of each block is correlated, we can not simply utilize the i.i.d. property to calculate the goal: . Instead, joint probability of consecutive blocks should be considered as:
We find out that system obeys highorder Markov chain, or kth order Markov property.
Definition 4 (highorder Markov chain).
The idea of highorder Markov chain is as follows.
The transition probability of a stochastic process is only conditioned on the previous events. Formally, suppose is a th order Markov chain over state space , then for and ,
Therefore, we can directly encode the winning probability into a transition matrix as we regard each possible history as a state. Formally speaking, we define the state space of the Markov chain as , where is the state space and is the transition probability function.

: the history.

: suppose then
where is the difficulty for player conditioned on history .
Let be the probability vector over denoting the probability of past history started from block . Then, the stationary distribution of past history is that satisfies . Or, equivalently, .
IiiC exponential nonordered difficulty function
Suppose we choose the exponential nonordered difficulty function in a participants, past history PDA PoW system . Then, we get , where and
Here we calculate the probability of consecutive winning with the different number of past history and different difficulty functions. The number of participants is 5.
2  3  4  5  

No difficulty  4e2  8e3  1.6e3  3.2e4 
2exponential nonordered  2.34e2  1.59e3  6.14e5  1.35e6 
5exponential nonordered  1.12e2  1.64e4  6.38e7  6.74e10 
IiiD Calculation issue
We have discussed the probability of consecutive winning with different difficulty functions. And in Table I we show that the probability of consecutive winning drops down obviously as we increase the number of past history and the difficulty ratio .
However, once we increase the number of participants, the size of transition matrix drastically increases. For example, if we consider 4 past history, the number of states in the transition matrix of 5 participants is . As we consider 20 participants, the number will become , which hardly can be computed by a normal computer! As a result, once we create a new difficulty function and want to see its performance of preventing from consecutive winning, we cannot efficiently compute the results if there is a large number of participants with the above calculation model.
When looking deeper into the transition matrix, we can find out that there are so many 0’s. Namely, the matrix is extremely sparse.
Iv State reduction
While the number of states grows up, the outcomes are full of supersymmetry. We intuitively put them all together and reduce the number of outcomes, which will drastically reduce the computation.
Iva Abstract model
We find out that PDA PoW system and the basic dynamics share many similarities. However, some parameters in PDA PoW system change over time according to the outcome makes it more complicated. Therefore, we divide the system into two parts: The base rules and the parameters. Moreover, the parameters can also be categorized into fixed parameters and dynamic parameters.
The PDA PoW system has the base rules analogous to the basic mechanisms such as mining policies, proof of work, timestamps, etc. The parameters are the number of players, computing power, difficulty function, difficulty etc. We formalize the abstract model of PDA PoW system as follows:
Basic rules  Mining policies, proof of work, timestamps.  

Parameters  Fixed  Difficulty function, number of players*, 
computing power.  
Dynamic  Difficulty. 
We define the fixed and dynamic parameters respectively as follows:
Definition 5 (fixed parameters).
The fixed parameters of PDA PoW system, denoted as , is a 4tuple
, where

: number of players.

: computing power of each player.

: number of history considered in the difficulty function.

: the personalized difficulty function.
Definition 6 (dynamic parameters).
The dynamic parameters of PDA PoW system on block , denoted as , is a 2tuple
where

: the difficulty of each player of block .

: the winning history in the system.
IvB Framework
There are three steps in the reduction process:

Reduce states.

Transition matrix.

Stationary distribution.
In the first step, Reduce states, we scan through all possible past configurations and generate reduced states. Next, Transition matrix, we construct the corresponding transition matrix according to the reduced state, the basic parameters of the system, and the decay parameter of the exponential nonordered model. Finally, Stationary distribution, we use an iterative method to find the stationary distribution of reduced transition matrix and obtain the stationary probability of consecutive winning.
IvB1 Reduce states
We construct a mapping from the standard state space to the reduced state space based on the intuition in Section IV. Formally, we define the standard state space and reduced state space as follows:
Definition 7 (standard state space).
The standard state space of the PDA PoW system, denoted as , is the Cartesian product over the player space.
which is the state space for history.
Definition 8 (reduced state space).
The reduced state space of the PDA PoW system, denoted as , is a subset of defined as follow:
which is the reduced state space for history.
Note that the first constraint regulates the number of the smaller index should not be less than the number of the larger index. And the second constraint regulates if two indices appear the same number of times, the smaller index should appear first.
After defining the standard state space and reduced state space, now we are going to construct a mapping between them. And this is trivial since we can directly get the mapping by the definition of reduced state space.
Definition 9 (Reduced mapping).
A reduced mapping from standard state space to reduced state space denoted as . , is defined as follow
Here, we give an example of a PDA PoW system. For general application, one should observe the structure in their system and find a good way to reduce the number of states.
IvB2 Transition matrix
In this step, we are going to formalize the transition function over the reduced state space, i.e., we apply the reduced mapping on the standard transition function. Suppose the standard transition function defined on standard probability space is . Then we define the reduced transition function as follows:
Definition 10 (reduced transition function).
Suppose is the standard transition function, then the reduced transition function, denoted as , is defined as
IvB3 Stationary distribution
To define the notion of stationary distribution in reduced state space, we need to specify the notion of the probability distribution over reduced stated space. We denote the space of probability distribution of reduced state space as
Note that we can view the stochastic process as another stochastic process of history:
Moreover, we describe such stochastic process with random variables
where the support of is . As a result, the distribution of can be represented by probability distribution in . That is, .Finally, we can define the stationary distribution of the stochastic process , … in the sense of history as follows:
Definition 11 (reduced stationary distribution of history).
Suppose , we say is a reduced stationary distribution of reduced transition function if
IvC Analysis
Table III shows the probability of consecutive winning with different system settings.
nk  1  2  3  4  5  6 

1  1  1  1  1  1  1 
2  0.5  0.19  5.56e2  1.18e2  1.80e3  1.97e4 
3  0.34  7.30e2  1.04e2  9.41e4  5.39e5  1.94e6 
4  0.25  3.83e2  3.52e3  1.93e4  6.25e6  1.20e7 
5  0.20  2.35e2  1.59e3  6.14e5  1.35e6  1.70e8 
6  0.17  1.59e2  8.46e4  2.52e5  4.17e7  3.84e9 
7  0.14  1.45e2  5.03e4  1.21e5  1.60e7  1.14e9 
V Discussion
We have shown that the probability of consecutive winning is drastically decreased after using the personalized difficulty adjustment proofofwork mechanism. See Table III. The likeliness of double spending is decreased as the result. In this section, we will first summarize the results and compare with other’s works. Then, discuss the major assumption, address identifiability, in this work. In the end, we will elaborate on some future works and open questions.
Va Summary and comparison
In Table IV, we summarize the consecutive winning probability from different mechanisms. The first row is the consecutive winning probability computed from the program in [1] and the following two rows are the results from the PDA for PoW mechanism we have proposed.
Mechanism k  1  2  3 

Bitcoin PoW  0.2046  0.0510  1.312e2 
PDA PoW: 2exponential  0.1011  0.0054  1.560e4 
PDA PoW: 5exponential  0.1030  0.0024  1.218e5 
Mechanism k  4  5  6 
Bitcoin PoW  3.455e3  9.137e4  2.428e4 
PDA PoW: 2exponential  1.214e5  1.953e8  8.447e11 
PDA PoW: 5exponential  1.412e8  3.660e12  2.135e16 
Clearly, the consecutive winning probability of PDA mechanism decreases much faster than that of traditional PoW setting. However, the double spending criteria in two mechanisms are actually not exactly the same. The traditional PoW mechanism allows forking in their blockchain, so the double spending probability in their estimation will be a little higher than that under the addressidentifiability assumption.
VB Address identifiability
In the paper by Satoshi Nakamoto [1], he abandoned address identifiability in favor of complete anonymity. As a consequence, the traditional PoW system such as Bitcoin allows forking to happen in the blockchain and thus requires an analytical model that is different from our highorder Markov chain. In the analysis of our personalized difficulty setting, we adopt the address identifiability assumption so that the double spending probability will be smaller than that in traditional forkstyle PoW system.
Vi Conclusion
In this paper, we solve the intrinsic overhead problem of proofofworkbased blockchain by proposing a new PoW mechanism. We first formalize it as a voting system and then generalize it to a personalized difficulty adjustment system. The adjustment mechanism balances the winning distribution in the network because those who win a lot recently will less likely become the next verifier. Next, we use a highorder Markov chain to quantitatively model the PDA system. Finally, we show that the consecutive winning rate drastically decreases from 0.02% to 0.00000008% after adopting the exponential nonordered difficulty function. As a result, PDA successfully decreases the probability of double spending by proposing a modified PoW protocol instead of the traditional approaches via information propagation.
However, the performance of accelerating the transaction confirmation is not fully examined, which is a potential future work. On the other hand, we would like to point out the possible breakdown of a balanced motivation system. Since we increase the difficulty for those who have won recently, they might decide to have a break after winning and thus damage the dynamics of the system. Related problems were studied by Rosenfeld [16] and Kroll et al. [17] under the traditional setting. Another future work is the analysis of the winning distribution under PDA mechanism. It is possible that the winning distribution under PDA may not incentivize some participants, thus the PoW process suffers sabotage. We are actively working on the analysis and its implications.
References
 [1] Satoshi Nakamoto, “Bitcoin: A peertopeer electronic cash system,” Consulted, vol. 1, no. 2012.
 [2] Ephraim Feig, “A framework for blockchainbased applications,” arXiv preprint arXiv:1803.00892, 2018.
 [3] Marta Piekarska Harry Halpin, “Introduction to security and privacy on the blockchain,” in Symposium on Security and Privacy Workshops, 2017 IEEE European Symposium on. IEEE, 2017.
 [4] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar, “Optimal selfish mining strategies in bitcoin,” in Financial Cryptography and Data Security. 2017, pp. 515–532, Springer.
 [5] Ghassan Karame, Elli Androulaki, and Srdjan Capkun, “Two bitcoins at the price of one? doublespending attacks on fast payments in bitcoin.,” IACR Cryptology ePrint Archive, vol. 2012.
 [6] Ghassan O Karame, Elli Androulaki, Marc Roeschlin, Arthur Gervais, and Srdjan Čapkun, “Misbehavior in bitcoin: A study of doublespending and accountability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 1.
 [7] Tobias Bamert, Christian Decker, Lennart Elsen, Roger Wattenhofer, and Samuel Welten, “Have a snack, pay with bitcoins,” in PeertoPeer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–5.
 [8] Chrysoula Stathakopoulou, “A faster bitcoin network,” 2015.
 [9] Adrian E Raftery, “A model for highorder markov chains,” Journal of the Royal Statistical Society. Series B (Methodological), pp. 528–539, 1985.
 [10] André Berchtold and Adrian E Raftery, “The mixture transition distribution model for highorder markov chains and nongaussian time series,” Statistical Science, pp. 328–356, 2002.
 [11] Waiki Ching, Michael K Ng, and Shuqin Zhang, “On computation with higherorder markov chains,” in Current Trends in High Performance Computing and Its Applications, pp. 15–24. Springer, 2005.
 [12] Michael K Ng and WK Ching, Markov Chains: Models, Algorithms and Applications, Springer, 2006.
 [13] Wen Li and Michael K Ng, “On the limiting probability distribution of a transition probability tensor,” Linear and Multilinear Algebra, vol. 62, no. 3.
 [14] JenHung Tseng, YenChih Liao, Bin Chong, and ShihWei Liao, “Governance on the drug supply chain via gcoin blockchain,” International Journal of Environmental Research and Public Health, 2018.
 [15] ShihWei Liao, Boyu Lin, and EnRan Zhou, “Gcoin: wiki, code and whitepaper,” https://gcoin.org and github.com/OpenNetworking/gcoincommunity/wiki/GcoinwhitepaperEnglish, 2014.
 [16] Meni Rosenfeld, “Analysis of hashratebased double spending,” arXiv preprint arXiv:1402.2009, 2014.
 [17] Joshua A Kroll, Ian C Davey, and Edward W Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries,” in Proceedings of WEIS, 2013, vol. 2013.
Appendix A Proof of Theorem 1
Computing power is the rate to calculate a hash value; difficulty here is the upper bound value the participant is required to solve. For participant i, we model the waiting time of solving the hash value for blocks as an exponential random variable with mean . Given and with respect to a block , the waiting time is
is the probability that
Therefore, the probability is proportional to .
Comments
There are no comments yet.