ZIP: 301 Title: Zcash Stratum Protocol Owners: Jack Grigg <[email protected]> Credits: 5a1t Daira-Emma Hopwood Marek Palatinus (slush) and colleagues Jelle Bourdeaud'hui (razakal) ocminer Status: Final Category: Standards / Ecosystem Created: 2016-09-23 License: MIT
The key words "MUST", "MUST NOT", "SHOULD", "MAY", and "RECOMMENDED" in this document are to be interpreted as described in BCP 14 [1] when, and only when, they appear in all capitals.
This ZIP describes the Zcash variant of the Stratum protocol, used by miners to communicate with mining pool servers.
Many existing cryptocurrency miners and pools use the original Stratum protocol [4] [5] for communication, in situations where the miner does not require any control over what they mine (for example, a miner connected to a local [6] node). However, the protocol is very specific to Bitcoin, in that it makes assumptions about the block header format, and the available nonce space [7]. Zcash has made changes that invalidate these assumptions.
Having a formal specification for a Zcash-compatible Stratum-style mining protocol means that existing pool operators and miner authors can quickly and easily migrate their frameworks to the Zcash network, with no ambiguity about interoperability.
The Stratum protocol is an instance of [9]. The miner is a JSON-RPC client, and the Stratum server is a JSON-RPC server. The miner starts a session by opening a standard TCP connection to the server, which is then used for two-way line-based communication:
- The miner can send requests to the server.
- The server can respond to requests.
- The server can send notifications to the client.
All communication for a particular session happens through a single connection, which is kept open for the duration of the session. If the connection is broken or either party disconnects, the active session is ended. Servers MAY support session resuming; this is negotiated between the client and server during initial setup (see Session Resuming).
Each request or response is a JSON string, terminated by an ASCII LF character
(denoted in the rest of this specification by \n
). The LF character MUST NOT
appear elsewhere in a request or response. Client and server implementations MAY
assume that once they read a LF character, the current message has been
completely received.
Per [9], there is no requirement for the id
property in requests
and responses to be unique; only that servers MUST set id
in their responses
equal to that in the request they are responding to (or null
for
notifications). However, it is RECOMMENDED that clients use unique ids for their
requests, to simplify their response parsing.
In the protocol messages below, (content)
indicates that content
is
optional. Variable names are indicated in EMPHASIS. All other characters are
part of the protocol message.
The [9] specification allows for error objects in responses, but does not specify their format. The original Stratum protocol uses the following format for error responses [4]:
{"id": ##, "result": null, "error": [ERROR_CODE, "ERROR_MESSAGE", TRACEBACK]} \n
For compatibility, this format is retained. We therefore define an error object as an array:
[ERROR_CODE, "ERROR_MESSAGE", TRACEBACK]
ERROR_CODE
(int)Indicates the type of error that occurred.
The error codes are to be interpreted as described in [10]. The following application error codes are defined:
- 20 - Other/Unknown
- 21 - Job not found (=stale)
- 22 - Duplicate share
- 23 - Low difficulty share
- 24 - Unauthorized worker
- 25 - Not subscribed
ERROR_MESSAGE
(str)- A human-readable error message. The message SHOULD be limited to a concise single sentence.
TRACEBACK
Additional information for debugging errors. The format is server-specific.
Miners MAY attempt to parse the field for displaying to the user, and SHOULD fall back to rendering it as a JSON string.
Servers MUST set this to
null
if they have no additional information.
Miners SHOULD display a human-readable message to the user. This message can be
derived from either ERROR_CODE
or ERROR_MESSAGE
, or both. An example of
using ERROR_CODE
over ERROR_MESSAGE
might be that the miner UI offers
localization.
- Client sends
mining.subscribe
to set up the session. - Server replies with the session information.
- Client sends
mining.authorize
for their worker(s). - Server replies with the result of authorization.
- Server sends
mining.set_target
. - Server sends
mining.notify
with a new job. - Client mines on that job.
- Client sends
mining.submit
for each solution found. - Server replies with whether the solution was accepted.
- Server sends
mining.notify
again when there is a new job.
In Bitcoin, blocks contain two nonces: the 4-byte block header nonce, and an extra nonce in the coinbase transaction [7]. The original Stratum protocol splits this extra nonce into two parts: one set by the server (used for splitting the search space amongst connected miners), and the other iterated by the miner [4]. The nonce in Zcash's block header is 32 bytes long [2], and thus can serve both purposes simultaneously.
We define two nonce parts:
NONCE_1
- The server MUST pick such that
len(NONCE_1) < 32
in bytes. NONCE_2
The miner MUST pick such that
len(NONCE_2) = 32 - len(NONCE_1)
in bytes.In hex,
lenHex(NONCE_2) = 64 - lenHex(NONCE_1)
, and both lengths are even.
The nonce in the block header is the concatenation of NONCE_1
and
NONCE_2
in hex. This means that a miner using bignum representations of nonce
MUST increment by 1 << len(NONCE_1)
to avoid altering NONCE_1
(because
the encoding of the nonce in the block header is little endian, in line with the
other 32-byte fields [7] [2]).
Servers that support session resuming identify this by setting a SESSION_ID
in their initial response. Servers MAY set SESSION_ID
to null
to
indicate that they do not support session resuming. Servers that do not set
SESSION_ID
to null
MUST cache the following information:
- The session ID.
NONCE_1
- Any active job IDs.
Servers MAY drop entries from the cache on their own schedule.
When a miner connects using a previous SESSION_ID
:
- If the cache contains the
SESSION_ID
, the server's initial response MUST be constructed from the cached information. - If the server does not recognise the session, the
SESSION_ID
in the server's initial response MUST NOT equal theSESSION_ID
provided by the miner.
Miners MUST re-authorize all workers upon resuming a session.
Request:
{"id": 1, "method": "mining.subscribe", "params": ["MINER_USER_AGENT", "SESSION_ID", "CONNECT_HOST", CONNECT_PORT]} \n
MINER_USER_AGENT
(str)A free-form string specifying the type and version of the mining software. Recommended syntax is the User Agent format used by Zcash nodes.
Example:
MagicBean/1.0.0
SESSION_ID
(str)The id for a previous session that the miner wants to resume (e.g. after a temporary network disconnection) (see Session Resuming).
This MAY be
null
indicating that the miner wants to start a new session.CONNECT_HOST
(str)The host that the miner is connecting to (from the server URL).
Example:
pool.example.com
CONNECT_PORT
(int)The port that the miner is connecting to (from the server URL).
Example:
3337
Response:
{"id": 1, "result": ["SESSION_ID", "NONCE_1"], "error": null} \n
SESSION_ID
(str)- The session id, for use when resuming (see Session Resuming).
NONCE_1
(hex)- The first part of the block header nonce (see Nonce Parts).
A miner MUST authorize a worker in order to submit solutions. A miner MAY authorize multiple workers in the same session; this could be for statistical purposes on the particular server being used. Details of such purposes are outside the scope of this specification.
Request:
{"id": 2, "method": "mining.authorize", "params": ["WORKER_NAME", "WORKER_PASSWORD"]} \n
WORKER_NAME
(str)- The worker name.
WORKER_PASSWORD
(str)- The worker password.
Response:
{"id": 2, "result": AUTHORIZED, "error": ERROR} \n
AUTHORIZED
(bool)- This MUST be
true
if authorization succeeded. Per [9], it MUST benull
if there was an error. ERROR
(obj)An error object. This MUST be
null
if authorization succeeded.If authorization failed, the server MUST provide an error object describing the reason. See Error Objects for the object format.
Server message:
{"id": null, "method": "mining.set_target", "params": ["TARGET"]} \n
TARGET
(hex)The server target for the next received job and all subsequent jobs (until the next time this message is sent). The miner compares proposed block hashes with this target as a 256-bit big-endian integer, and valid blocks MUST NOT have hashes larger than (above) the current target (in accordance with the Zcash network consensus rules [3]).
Miners SHOULD NOT submit work above this target. Miners SHOULD validate their solutions before submission (to avoid both unnecessary network traffic and wasted miner time).
Servers MUST NOT accept submissions above this target for jobs sent after this message. Servers MAY accept submissions above this target for jobs sent before this message, but MUST check them against the previous target.
When displaying the current target in the UI to users, miners MAY convert the
target to an integer difficulty as used in Bitcoin miners. When doing so, miners
SHOULD use powLimit
(as defined in src/chainparams.cpp
) as the basis for
conversion.
Server message:
{"id": null, "method": "mining.notify", "params": ["JOB_ID", "VERSION", "PREVHASH", "MERKLEROOT", "RESERVED", "TIME", "BITS", CLEAN_JOBS]} \n
JOB_ID
(str)- The id of this job.
VERSION
(hex)The block header version, encoded as in a block header (little-endian
int32_t
).Used as a switch for subsequent parameters. At time of writing, the only defined block header version is 4. Miners SHOULD alert the user upon receiving jobs containing block header versions they do not know about or support, and MUST ignore such jobs.
Example:
04000000
The following parameters are only valid for VERSION == "04000000"
:
PREVHASH
(hex)- The 32-byte hash of the previous block, encoded as in a block header.
MERKLEROOT
(hex)- The 32-byte Merkle root of the transactions in this block, encoded as in a block header.
RESERVED
(hex)- A 32-byte reserved field, encoded as in a block header. Zero by convention (in
hex,
0000000000000000000000000000000000000000000000000000000000000000
). TIME
(hex)- The block time suggested by the server, encoded as in a block header.
BITS
(hex)- The current network difficulty target, represented in compact format, encoded as in a block header.
CLEAN_JOBS
(bool)- If true, a new block has arrived. The miner SHOULD abandon all previous jobs.
Request:
{"id": 4, "method": "mining.submit", "params": ["WORKER_NAME", "JOB_ID", "TIME", "NONCE_2", "EQUIHASH_SOLUTION"]} \n
WORKER_NAME
(str)A previously-authenticated worker name.
Servers MUST NOT accept submissions from unauthenticated workers.
JOB_ID
(str)The id of the job this submission is for.
Miners MAY make multiple submissions for a single job id.
TIME
(hex)The block time used in the submission, encoded as in a block header.
MAY be enforced by the server to be unchanged.
NONCE_2
(hex)- The second part of the block header nonce (see Nonce Parts).
EQUIHASH_SOLUTION
(hex)- The Equihash solution, encoded as in a block header (including the compactSize at the beginning in canonical form [8]).
Result:
{"id": 4, "result": ACCEPTED, "error": ERROR} \n
ACCEPTED
(bool)- This MUST be
true
if the submission was accepted. Per [9], it MUST benull
if there was an error. ERROR
(obj)An error object. Per [9], this MUST be
null
if the submission was accepted without error.If the submission was not accepted, the server MUST provide an error object describing the reason for not accepting the submission. See Error Objects for the object format.
Server message:
{"id": null, "method": "client.reconnect", "params": [("HOST", PORT, WAIT_TIME)]} \n
HOST
(str)The host to reconnect to.
Example:
pool.example.com
PORT
(int)The port to reconnect to.
Example:
3337
WAIT_TIME
(int)- Time in seconds that the miner should wait before reconnecting.
If client.reconnect
is sent with an empty parameter array, the miner SHOULD
reconnect to the same host and port it is currently connected to.
Request (optional):
{"id": 3, "method": "mining.suggest_target", "params": ["TARGET"]} \n
TARGET
(hex)- The target suggested by the miner for the next received job and all subsequent jobs (until the next time this message is sent).
The server SHOULD reply with mining.set_target
. The server MAY set the
result id equal to the request id.
Why does mining.subscribe
include the host and port?
- It has the same use cases as the
Host:
header in HTTP. Specifically, it enables virtual hosting, where virtual pools or private URLs might be used for DDoS protection, but that are aggregated on Stratum server backends. As with HTTP, the server CANNOT trust the host string. - The port is included separately to parallel the
client.reconnect
method; both are extracted from the server URL that the miner is connecting to (e.g.stratum+tcp://pool.example.com:3337
).
Why use the 256-bit target instead of a numerical difficulty?
- There is no protocol ambiguity when using a target. A server can pick a
specific target (by whatever algorithm), and enforce it cleanly on submitted
jobs.
- A numerical difficulty must be converted into a target by miners, which adds unnecessary complexity, results in a loss of precision, and leaves ambiguity over the conversion and the validity of resulting submissions.
- The minimum numerical difficulty in Bitcoin's Stratum protocol is 1, which
corresponds to
powLimit
. This makes it harder to test miners and servers. A target can represent difficulties lower than the minimum.
Does a 256-bit target waste bandwidth?
- The target is generally not set as often as solutions are submitted, so any effect is minimal.
- Zcash's proof-of-work, Equihash, is much slower than Bitcoin's, so any latency caused by the size of the target is minimal compared to the overall solver time.
- For the current Equihash parameters (200/9), the Equihash solution dominates bandwidth usage.
Why does mining.submit
include WORKER_NAME
?
WORKER_NAME
is only included here for statistical purposes (like monitoring performance and/or downtime).JOB_ID
is used for pairing server-stored jobs with submissions.
Thanks to:
- 5a1t for the initial brainstorming session.
- Daira-Emma Hopwood for hir input on API selection and design.
- Marek Palatinus (slush) and his colleagues for their refinements, suggestions, and robust discussion.
- Jelle Bourdeaud'hui (razakal) and ocminer for their help with testing and finding implementation bugs in the specification.
[1] | Information on BCP 14 — "RFC 2119: Key words for use in RFCs to Indicate Requirement Levels" and "RFC 8174: Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words" |
[2] | (1, 2) Zcash Protocol Specification, Version 2020.1.15. Section 7.3: Block Headers |
[3] | Zcash Protocol Specification, Version 2020.1.15. Section 7.6.2: Difficulty filter |
[4] | (1, 2, 3) Stratum Mining Protocol. Slush Pool |
[5] | Stratum protocol documentation. Bitcoin Forum |
[6] | P2Pool. Bitcoin Wiki |
[7] | (1, 2, 3) Block Headers - Bitcoin Developer Reference. |
[8] | Variable length integer. Bitcoin Wiki |
[9] | (1, 2, 3, 4, 5, 6) JSON-RPC 1.0 Specification (2005). |
[10] | JSON-RPC 2.0 Specification. The JSON-RPC Working Group. |