Research: F-PoC — Can We Redesign PoW Rewards to Make CPU Mining Viable Again?

Mining
1

Hi everyone,

I’m sharing open research (not a proposal) exploring alternative reward distribution for PoW networks. I’m using Zcash’s decentralization challenges as motivation for this research.

The Problem I’m Looking At

Zcash was designed to be ASIC-resistant, but today:

  • CPU mining is effectively inaccessible

  • 3 pools control >50% of network hashrate

  • Solo mining is a lottery (expected time: months to years)

This seems to contradict the original vision of accessible, decentralized mining.

My Research Approach

I built a research prototype called F-PoC (Fair Proof-of-Contribution) to explore one question:

“What if rewards were distributed among all miners every 24 hours, not just one winner?”

Instead of “winner-takes-all”, rewards are distributed based on three factors:

Factor Weight Why
Computational work (shares) 60% Still rewards work
Long-term participation (loyalty) 20% Encourages staying online
Economic commitment (bond) 20% Creates alignment, enables slashing

The prototype shows that with this approach:

  • CPU miners could receive rewards every 24 hours (not once a year)

  • Pool dependence could be reduced (predictable rewards regardless of pool)

  • Miners have incentive to stay even during low-price periods

What Already Exists

  • Research prototype in Rust (full node, genesis block, solo mining)

  • Complete protocol specification

  • Core mechanics: reward distribution (PoCI), loyalty tracking, bonds, slashing

All code is open source:
https://github.com/andreudumitro-eng/accum-core

My Question to the Community

I’m not proposing changes to Zcash. I’m trying to understand:

Is research into alternative reward distribution mechanisms something the Zcash community would find valuable?

I’m considering continuing this research regardless, but I’d love to know if there’s any interest from Zcash folks — whether for inspiration, reference, or future discussion.

Thank you for reading.

Best regards,
Andrii Dumitro

2

Hey Andrii, read through the repo. Nice work!

A few questions though:

  1. Is the bond component linear? Bonding 100x more giving 100x the weight recreates the capital dominance problem you’re solving for. Is there a normalization cap?
  2. Bonds are recoverable unless slashed, so the real cost to a Sybil attacker is opportunity cost, not a burn. What’s the actual deterrent for someone willing to lock up capital across 1,000 identities?
  3. ECDSA keypairs are free to generate. How does the protocol distinguish one operator with 1,000 keys from 1,000 real miners?

Also I did see your other thread briefly and from what I understand, Zcash’s core mission has always been privacy, not mining. The goal is a financial system where transactions can’t be tracked.

But I think it’s definitely worth continuing the efforts here! Even if Zcash doesn’t adopt it, the research has value for other PoW networks that prioritize mining decentralization.

3

Hi,

Thank you for the thoughtful review and for taking the time to read through the repo. You’ve raised exactly the right questions — the ones that separate a research prototype from a production system. Let me respond point by point.

1. Bond component: linear vs. non-linear

Your question: Is the bond component linear? Bonding 100x more giving 100x the weight recreates the capital dominance problem.

Answer: No, it is not linear. The bond component uses square root normalization, just like shares:

text

norm_bond_i = sqrt(bond_raw_i) / max_sqrt_bond_in_epoch

Example:

  • Miner A bonds 10,000 ZEC → sqrt = 100

  • Miner B bonds 100 ZEC → sqrt = 10

Despite having 100× more bond, Miner A gets only 10× more normalized weight. This prevents capital dominance while still creating economic disincentives.

However, you raise a valid point: square root reduces but does not eliminate the advantage. A billionaire bonding 1,000,000 ZEC still has ~31× the normalized weight of someone bonding 1,000 ZEC. This is something I want to study empirically — perhaps a logarithmic or capped normalization is better. The current implementation makes this tunable, so different functions can be tested.

2. Bond recoverability: opportunity cost vs. burn

Your question: Bonds are recoverable unless slashed, so the real cost to a Sybil attacker is opportunity cost, not a burn. What’s the actual deterrent?

Answer: You are correct that the bond is recoverable (locked for 14 days, then returned). The deterrent is not the burn, but:

  1. Lock-up period (20,160 blocks ~14 days): Capital cannot be used elsewhere (staking, trading, etc.). For a large-scale Sybil attack (e.g., 1,000 identities × 1 ZEC each = 1,000 ZEC locked), the attacker loses ~14 days of opportunity cost (e.g., staking yield ~5% APR = ~0.2% loss = ~2 ZEC). That is not a strong deterrent for a determined attacker.

  2. Slashing exists for malicious behavior (equivocation, invalid share flooding), but not for simply creating many identities.

The real Sybil deterrent is the combination of:

  • Minimum bond (1 ZEC) × number of identities

  • Loyalty decay: New identities start with loyalty = 0, so they earn significantly less for the first weeks/months

  • Square root normalization reduces the impact of many small bonds compared to one large bond

But you are right — a Sybil attacker with enough capital to lock 1,000 ZEC across 1,000 identities could still disrupt the network, especially in early days when ZEC price is low.

Proposed mitigations (to be researched in Phase 3):

Mitigation Description
Exponential bond requirement Bond requirement grows with number of identities from same economic entity (detected via IP / payout addresses)
Reputation system New miners earn less until they prove consistent participation over multiple epochs
Dynamic minimum bond Minimum bond adjusted based on network hashrate and ZEC price (e.g., targeting $50 equivalent)

This is an open research question. I do not claim F-PoC solves Sybil attacks perfectly — only that it makes them more expensive than in traditional PoW (where creating 1,000 identities is free and has zero cost).

3. ECDSA keypairs are free: distinguishing one operator with 1,000 keys from 1,000 real miners

Your question: ECDSA keypairs are free to generate. How does the protocol distinguish one operator with 1,000 keys from 1,000 real miners?

Answer: It cannot distinguish them cryptographically. This is the fundamental limitation of any permissionless system — Bitcoin, Ethereum, and Zcash all have the same issue. An operator with 1,000 GPUs can run 1,000 independent nodes with 1,000 keypairs, and the network sees 1,000 “miners.”

However, F-PoC makes this strategy less effective than in traditional PoW:

Aspect Traditional PoW F-PoC
Reward for 1,000 keys (same total hashrate) Same as one key — winner-takes-all, variance unchanged Each key earns based on its individual shares, loyalty, bond
Bond requirement None 1 ZEC per key (1,000 ZEC locked for 14 days)
Loyalty None New keys start at 0, earn less for weeks
Pool advantage High — pools smooth variance Low — variance already smoothed by epoch distribution

So an attacker with 1,000 GPUs can:

  • Option A: Run as 1 miner → earns full PoCI based on total shares

  • Option B: Run as 1,000 miners → earns the same total PoCI (sum of normalized shares ≈ same as sqrt normalization of total), but must lock 1,000 ZEC in bonds and loses loyalty advantage

The economic incentive is to run as a single miner, not as many small ones. The protocol does not need to distinguish them — game theory aligns the incentives.

4. Zcash’s core mission is privacy, not mining

Your comment: Zcash’s core mission has always been privacy, not mining. The goal is a financial system where transactions can’t be tracked.

Answer: I completely agree. F-PoC is not a proposal to change Zcash’s consensus.

This is an open research platform for studying mining decentralization. The value to Zcash is:

  1. If mining becomes too centralized (ASICs, pools), transaction censorship becomes possible. A centralized mining cartel could refuse to include certain shielded transactions. Mining decentralization supports privacy.

  2. The research outputs (variance reduction data, loyalty mechanisms, auditable bonds for compliance) are independent of the consensus algorithm and could inform future discussions.

  3. Even if Zcash never adopts F-PoC, the research has value for other PoW networks (Monero, Ravencoin, etc.) that prioritize mining decentralization. The commenter acknowledges this themselves.

Summary table of your questions and my responses

Question Short answer Open research issue?
Bond normalization Square root, not linear — tunable Yes — optimal function unknown
Sybil deterrent Lock period + loyalty + sqrt; not perfect Yes — needs more work
Distinguishing 1,000 keys Impossible cryptographically; game theory aligns incentives Fundamental limitation of PoW
Zcash’s mission is privacy Agreed; mining decentralization supports privacy Research, not a proposal

What I would like to ask you

You clearly understand the incentive design space. I would value your input on:

  1. What bond normalization function do you think would work best? Linear? Square root? Logarithmic? Capped?

  2. Do you know of any existing research on Sybil resistance in proof-of-work that doesn’t rely on external identity?

  3. Would you be open to a short technical chat? I am collecting feedback from researchers and practitioners to improve the F-PoC design before Phase 3.

Thank you again for the rigorous questions — this is exactly the kind of feedback that moves research forward.

Best regards,
Andrii Dumitro
(F-PoC / fair-poc-research)

1 Like