Last week Paypal released a whitepaper in partnership with Energy Web and DMG Blockchain Solutions, describing a “Green Mining Initiative” intended to redirect fees from participating users specifically to certified miners powering their operations with renewable energy. I can’t say I’m surprised by this honestly, mining has at this point become very normalized in terms of its use to further renewable energy or climate goals. Mining is actually very suited to this task given its nature, miners are mercenaries looking for the cheapest energy possible to devote towards solving the next block. If you have stranded power, or excess power, they will take it.
The overall architecture of this system though is beyond the territory of Rube Goldberg. I am kind of amazed that this is the level of technical understanding and sophistication that a major company like Paypal has on tap, especially in their Blockchain Research Group specifically focusing on this space. The entire thing is inefficient, absurd, and some of the end goals or possibilities they discuss are not built upon sound economic incentives.
The Core Design
The entire gist of the design is to ensure that when a compliant user broadcasts a transaction to the network, only a certified green miner can collect the associated transaction fee. The problem with this is that mining fees from a transaction are collectible from any miner who includes them in a block, not just certified ones. A mechanism is required to guarantee only certain miners can collect a few.
The first thing you have to do is identify which miners you want to be capable of claiming the restricted fee. They propose utilizing a system called “Green Proofs for Bitcoin” offered by Energy Web. The proofs are certifications from the organization that a miners energy mix or impact on the grid meets some threshold of renewable energy use or positive impact on the power grid. In the certification process each miner can register a public key, creating a list of each certified miners public key.
This key certification is at the root of what enables ensuring only the correct miners can claim a fee. Compliant users’ wallets can query or be provided with a list of all certified miners bitcoin addresses, and from there have the information needed to create a special transaction that only they can claim the fee for. The trick is a multisig output. There are no hard limits of how many keys need to sign for a multisig address, so compliant users can include the fee to certified miners in a special output with a 1-of-n multisig script that any certified miner can spend. A minimal fee at the bottom of the mempool feerate range is also included traditionally just to ensure that it propagates across the network.
The last piece of the puzzle is actually claiming the fee. If a certified miner was to mine a block including a green transaction, and not also include a transaction spending the fee output to themselves, then any certified miner could claim the fee output in the next block they mine. There, for each green transaction a certified miner includes in their block, they must include a corresponding transaction sending the fee output to an address only they hold a key for.
Special wallets can craft transactions with fee outputs only claimable by certified miners, and these users can preferentially direct their fees towards miners certified as using renewable energy or creating some other positive impact on the grid.
Full of holes and incomplete thinking
Firstly, the general idea of requiring miners to include a second transaction of their own is an incredibly inefficient design, which they do acknowledge in the paper. What they don’t acknowledge is the economic realities this implies for transactions’ feerates.
A Bitcoin transaction pays fees based on the amount of space it takes up in terms of data. By introducing the need for miners to take up blockspace creating a secondary transaction collecting this “green fee” they are economically speaking increasing the size of the green transaction itself. This is very similar in practice to Child-Pays-For-Parent from an economic perspective.
With CPFP, a transaction spending an output from an unconfirmed transaction pays an abnormally high fee. This by averaging the fee the second transaction pays across both itself and the first transaction, which must be confirmed before the second one can be, increases the feerate of the first transaction. This green fee collection mechanism is the same dynamic, but in reverse.
By requiring the miners to craft a second transaction to claim the fee, assuming the fee output pays an average feerate, the net fees the miner collects per byte of data is actually lowered. The blockspace required to collect it could have been used to include another fee paying transaction. So in reality, the fee a compliant user includes for certified miners must also pay for the miner’s claim transaction, in effect meaning compliant users have to pay more absolute fees to achieve a specific fee rate. Why would users do this?
In a vacuum this dynamic guarantees that either compliant users have to overpay, or certified miners wind up actually making less revenue all things equal. The former is irrational from a consumer point of view, and the latter completely fails to achieve the goal of rewarding miners using renewables extra revenue.
A second glaring issue, and an amazing one, is their thinking of how to structure the 1-of-n multisig script. With traditional pre-Taproot multisig, each individual key in the multisig must be present in the script. This presents a problem. The size of the green fee output grows linearly for each miner who has a key in the multisig.
The plan laid out in the paper describes breaking miners up into subgroups, and rotating between which group you pay fees to each time you transact. I.e. if there are 21 miners, split them up into 3 groups of 7, moving to the next group to send the fees to each time you transact. This would create a highly irregular distribution of fees between all the certified miners, as the rate of transactions amongst compliant users and rate of rotation between them is not something that can be prescribed or made regular. Not to mention, it seemingly shows a complete lack of awareness of Schnorr based multisig schemes like FROST.
Schnorr based multisig scripts use aggregate keys, meaning no matter how many member keys are involved, only a single public key is needed for the script, and only a single signature is required. This would completely address the issue of multisig script size, and do away with the requirement for the clunk breaking up of certified miners into subgroups.
They also make no mention of more efficient mechanisms for actually collecting the fee. A single secondary transaction for each green transaction is mind blowingly inefficient. An very obvious mechanism to be more efficient with use of blockspace would be to sweep all of the green transaction fee outputs in a single transaction. This would require only a single transaction output to aggregate all of the fees into a single UTXO, rather than a discrete output for each individual fee, and also creating the need to combine them with yet another transaction later.
They finally go on to discuss the potential of a centralized out of band mechanism directly to certified miners, but bring up the centralization, introduction of trust, and complexity of implementing direct communication to each individual miner as reasons for designing the distributed protocol described above.
The Market Alright Does This
At the end of the day, the technical inefficiencies and lack of grasping blatantly obvious solutions (at least partially) to them, aren’t even the most confounding part of this to me. It’s attempting to insert incentive distorting dynamics into the application layer of the protocol to address the concern over renewable energy in the first place. Why? The market literally handles this incentive all by itself.
Renewable energy is the cheapest energy even when taking into account the cost of construction and operation of energy production capacity. Miners chief concern is finding the lowest priced energy they possibly can. Why is Paypal trying to interject weird systems giving users a distortionary mechanism to restrict fees only to certain miners, and overall introduce a distortionary market mechanism into this picture? The market already does what you want. Renewable energy is cheap, build more of it and miners will come and buy it, bringing revenue to finance the operation (especially when it is initially disconnected from the grid and has no other consumers).
The entire dynamic of fees in Bitcoin is that it is a completely open market, where any miner can compete to collect fees from any transaction by including them in their own blocks. This entire dynamic is built to incentivize maximal competition between miners to provide security and finality to users of the network. Trying to introduce weird distortions like this proposal into the system is a destabilizing factor in the balance of competition and network security, and is completely redundant given the market realities of the mining ecosystem.
Do you want to see Bitcoin mining be a positive factor in incentivizing and helping expand renewable energy production? Great! It already does that, no changes needed. It does not need Rube Goldberg machinations slapped on top to accomplish that goal, the inherent market based mechanisms of competition between miners already does that.
I really don’t understand what Paypal, DMG, and Energy Web are thinking here.
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish