Summary: In this report, we examine merged mining on the Bitcoin blockchain. Over the past year, each mined Bitcoin block has contained approximately two commitment hashes from other blockchains, indicating widespread adoption of merged mining among miners. Currently, over 90% of Bitcoin's hash power engages in some form of merged mining. Merged mining has experienced significant growth in recent years, and due to its lower security risks and potential to mitigate mining centralization pressures, it has raised fewer concerns for some stakeholders. Risks associated with newer implementations can largely be mitigated through blind merged mining.
What Is Merged Mining?
Merged mining, also known as auxiliary proof-of-work (AuxPoW), refers to the process of mining two or more blockchains simultaneously. Essentially, the same proof-of-work can secure multiple systems. This involves a parent chain (e.g., Bitcoin) and a child chain, where the child chain inherits security properties from the parent chain. We first discussed this concept in our 2017 article, "The 2014 Litecoin-Dogecoin Hash War and Its Impact on Bitcoin and Bitcoin Cash."
This report focuses on cases where Bitcoin serves as the parent chain, and another blockchain’s commitment hash is embedded within the Bitcoin blockchain. In these scenarios, Bitcoin requires no modifications—it remains unaware of other systems. However, the child chain must be configured to accept Bitcoin block headers as proof-of-work. Miners can then earn dual rewards: standard Bitcoin block rewards and additional incentives from mining the alternative chain.
Conventional vs. Blind Merged Mining
There are two theoretical forms of merged mining:
Conventional Merged Mining
- Conducted directly by Bitcoin miners.
- Miners validate blocks on both chains.
- Rewards consist of native tokens from both chains.
Blind Merged Mining
- Conducted by third parties who pay Bitcoin miners fees for proof-of-work.
- Miners only validate the parent (Bitcoin) chain, ignoring the child chain’s integrity.
- Rewards are paid in Bitcoin, eliminating exposure to child-chain risks.
| Feature | Conventional Merged Mining | Blind Merged Mining |
|---|---|---|
| Who Mines? | Bitcoin miners | Third-party agents |
| Validation | Both chains verified | Only parent chain verified |
| Incentives | Dual-chain rewards | Bitcoin fees only |
From a security perspective, blind merged mining is generally superior because it prevents child-chain issues from affecting Bitcoin. For example, bugs or reorganizations in a child chain could theoretically disrupt Bitcoin’s block production under conventional merged mining. However, blind variants like BIP 301 or Ruben Somsen’s proposal mitigate these risks. Projects like Veriblock also exemplify blind merged mining, albeit controversially due to their Bitcoin block-space usage.
This report focuses on conventional merged mining due to its higher prevalence and security implications.
Where Are Commitment Hashes Located?
Merged mining requires embedding child-chain hashes in specific Bitcoin block locations to avoid ambiguity. Two common placements exist:
OP_RETURN Outputs in Coinbase Transactions
- Used by chains like RSK and SegWit (though SegWit isn’t a true "child chain").
- Since 2020, an average of 2.3 OP_RETURN outputs exist per coinbase transaction.
Coinbase ScriptSig (AuxPoW Standard)
- Utilized by Namecoin and others to embed Merkle roots.
- Saves space by consolidating multiple commitments.
Adoption Trends
1. OP_RETURN Outputs
- RSK Adoption: 40–50% of Bitcoin blocks now include RSK commitments.
- SegWit Dominance: Near-100% adoption since 2018, skewing OP_RETURN data.
- Pool Variations: SlushPool leads in RSK adoption (88%), while Binance and Huobi favor other chains.
👉 Explore real-time mining stats
2. Coinbase ScriptSig (Namecoin-Style)
- Historical Peaks: Reached 75% adoption in 2012–2016 before declining.
- Resurgence: Currently ~85% adoption, likely driven by Namecoin’s price rallies and software updates.
Key Findings
- Multi-Scheme Adoption: Miners often use multiple merged-mining systems simultaneously, increasing operational complexity.
- Security Risks: Bugs in child chains could theoretically impact Bitcoin, though no incidents have occurred.
- Centralization Pressures: Running resource-intensive merged-mining setups may favor large-scale miners.
FAQs
1. Does merged mining harm Bitcoin’s security?
No proven incidents exist, but theoretical risks (e.g., child-chain bugs) warrant monitoring. Blind merged mining eliminates most concerns.
2. Why do miners adopt merged mining?
Additional revenue streams (e.g., RSK or Namecoin rewards) incentivize participation.
3. Is SegWit a form of merged mining?
Technically no—it’s a Bitcoin upgrade using similar embedding techniques.
4. How does blind merged mining work?
Third parties pay Bitcoin miners to include hashes without validating child chains.
5. Which chains dominate merged mining?
RSK (OP_RETURN) and Namecoin (ScriptSig) are the most prominent.
6. Could merged mining increase centralization?
Potentially, if only large miners can afford to run complex setups.
Conclusion
Merged mining has become a mainstream practice among Bitcoin miners, with over 90% participation. While conventional methods dominate, blind variants offer superior security. No major issues have arisen, but vigilance is advised—especially as adoption grows.