Merged Bitcoin: Proof of Work Blockchains with Multiple Hash Types
Christopher Blake, Chen Feng, Xuachao Wang, Qianyu Yu
TL;DR
The paper introduces Merged Bitcoin, a PoW protocol that combines multiple hash types by scoring blocks across types and selecting the highest-score chain under a Δ-bounded delay model. It develops a general multiple-resource framework, proves that an AND-based security region is impossible in permissionless systems, and derives tight lower and upper bounds on the honest-chain growth rate to characterize the security region. Under linear cost-per-hash assumptions, it shows Merged Bitcoin can maximize attack cost and better withstand asymmetries such as hardware backdoors or quantum speedups, especially with appropriate difficulty adjustments. Compared to Minotaur, Merged Bitcoin avoids chain outages and takeover risks, while enabling broader trust across diverse hash ecosystems; the work also outlines practical considerations for difficulty tuning and future work on non-linear security regions and k-confirmation rules.
Abstract
Proof of work blockchain protocols using multiple hash types are considered. It is proven that the security region of such a protocol cannot be the AND of a 51\% attack on all the hash types. Nevertheless, a protocol called Merged Bitcoin is introduced, which is the Bitcoin protocol where links between blocks can be formed using multiple different hash types. Closed form bounds on its security region in the $Δ$-bounded delay network model are proven, and these bounds are compared to simulation results. This protocol is proven to maximize cost of attack in the linear cost-per-hash model. A difficulty adjustment method is introduced, and it is argued that this can partly remedy asymmetric advantages an adversary may gain in hashing power for some hash types, including from algorithmic advances, quantum attacks like Grover's algorithm, or hardware backdoor attacks.
