Postern Labs
MAINNET BETA. Unaudited · relaxed k=4 regime (trivially forgeable) · k=8 hardening reverted, re-activating with a difficulty fix · very few nodes, 51%-attackable · not a security · for evaluation — not to protect real secrets yet. Full disclaimer →

Mining · solo first, pool optional

Mining, and the reference pool.

Solo mining on the Bloch-SIS-PoW mainnet beta needs no pool: bloch --mine mines standalone, and a found block pays you the whole reward. The pool described here is strictly optional — a piece of reference, non-production software whose only honest purpose is smoothing variance for small miners. It never touches Postern's revenue, and it never sells or lists the coin.

Read before pointing hashrate anywhere

  • Mainnet beta — a designation, not a security claim. The chain is unaudited (audit contracted, not done); the relaxed regime (k=4) currently applies and work remains trivially forgeable — the k=8 hardening was activated at block 213,000 but reverted (it multiplied mining difficulty ~4096x and the low-hashrate chain stalled) and will re-activate with a matched difficulty reduction.
  • Very few nodes, low hashrate → 51%-attackable. The coins you mine — solo or pooled — carry no value claim: not a security, not an asset, no sale, no listing, no price. 17% founder premine disclosed. Full disclaimer.
  • Mine to exercise the machinery and strengthen a young network — not as an investment. Use at your own risk.

Solo vs pool

Solo is the default. The pool only changes the variance.

Solo mining works standalone. A node started with --mine (see run a node) mines on its own; if it finds a block, you get the entire reward. No pool, no account, no third party.

The pool is optional, and it does exactly one honest thing: it smooths variance. A small miner who would find a solo block once a month can instead earn a proportional slice of every block the pool finds, via PPLNS share accounting. The expected income is the same (minus any pool fee) — only the variance changes. If your hashrate is large enough that solo variance doesn't hurt, solo mine.

The part pool marketing never says

A big pool is an attack on the network it serves.

Do not concentrate hashrate — spread it, or run solo

A pool that grows past ~51% of network hashrate is a 51%-attack vector against the very network it serves — regardless of the operator's intentions, it is a single point of coercion, failure, and censorship. On a network this small, that line is uncomfortably close. So, the opposite of pool marketing, on purpose:

  • Do not point your hashrate at the biggest pool. Prefer small pools — and leave any pool that is approaching a majority of the network.
  • Run your own pool. The reference below is MIT-licensed precisely so forking and self-hosting is easy — it exists so there can be many independent pools, not one.
  • Solo mine when you can. Every solo miner is a decentralization win.

The reference daemon prints this warning at startup, the dashboard shows it in a banner, and the dashboard actively estimates the pool's share of network hashrate — escalating into an explicit “move your hashrate elsewhere” warning as it nears the majority line. Forks are asked to keep all three. Do not operate a pool at a scale approaching 51% of the network.

The reference pool

bloch-pool — open-source, reference, non-production.

The protocol repository ships a reference pool in its pool/ directory — a standalone cargo workspace, deliberately independent of the node so it can be vendored and forked. It is reference code, unaudited, and not hardened for production — the same honest status as the chain itself. Three binaries:

bloch-pool

The pool daemon: SIS-native stratum dialect (the classic Stratum V1 protocol has no field for the 256-coefficient solution vector every Bloch block carries), PPLNS share accounting with a maturity-gated credit lifecycle, a JSONL-journaled restart-surviving ledger, JSON-RPC upstream to a Bloch node, and the honest dashboard.

reference prototype unaudited

bloch-pool-miner

A reference CPU miner that doubles as runnable protocol documentation. Signs the pool's address-ownership challenge, keeps its nonce cursor across jobs — intentionally a single-connection smoke-test client, not a performance miner.

reference prototype unaudited

bloch-pool-keyshard

Shamir 2-of-3 seed-recovery utility for the pool wallet (any 2 shares reconstruct; one alone reveals nothing). Honest label, exactly as the tool prints it: key recovery for disaster resilience — NOT threshold signing.

reference prototype unaudited

Two honesty rules are built in. First, share validation is the real consensus verifier, pointed at a softer target — and shares are credited only to an address the connection has proved it controls (a hybrid ML-DSA-65 ‖ Falcon-1024 signature over a per-session challenge, the same scheme as consensus). Second, the accounting never overstates what the pool holds: a found block is recorded pending and credits are booked only once it is canonical at --confirm-depth (default 10); an orphaned block's pending credit is dropped, never booked. Every share and block event is journaled and replayed at startup, so a restart cannot erase owed balances — and an operator cannot “time” restarts to harvest an empty PPLNS window.

One more label worth keeping straight: the PoW is not lattice-hard. Bloch-SIS-PoW is SHAKE-256 cumulative-work hashcash with a Module-SIS structural gate; pool shares are plain hash-difficulty shares, and no lattice bit-security number attaches to any of this.

Running it

A pool is just two binaries and a node.

Build from the protocol source tree (see run a node for cloning and prerequisites — the repository address is gitlab.com/blochsispow-group/BlochSISPoW-project, rendered as text because the ownerless protocol has no official site). You need a Bloch node with RPC enabled; the pool talks to it over getblocktemplate / submitblock / getblockhash and depends only on two lean protocol crates, not the full node.

cd pool
cargo build --release
cargo test

The pool daemon — every flag spelled out so you change it deliberately:

RUST_LOG=info bloch-pool \
  --pool-address bloch1q...      # required: where block rewards land
  --node-rpc http://127.0.0.1:16210 \
  --fee-bps 0 \                  # pool fee in basis points; capped at 1000 (10%)
  --share-bits 2100ffff \        # compact share difficulty (hex); fixed, no vardiff
  --pplns-window 4096 \          # PPLNS window size, in shares
  --confirm-depth 10 \           # blocks credit only once canonical at this depth
  --journal bloch-pool.journal \ # JSONL ledger journal ("" = memory-only, testing)
  --listen 0.0.0.0:3335 \        # miner-facing stratum
  --dashboard 127.0.0.1:8650 \   # dashboard HTTP (keep it loopback or proxied)
  --refresh-secs 5 \             # template poll interval (well under the 30 s block time)
  --coinbase-tag bloch-pool-ref/v0.1
  # --no-auth-proof              # disable the address-ownership proof (not recommended)

And the reference miner, pointed at it:

bloch-pool-miner \
  --address bloch1q...           # required: your payout address
  --auth-seed <hex 32B seed> \   # wallet seed controlling --address (signs the
                                 # pool's ownership challenge; required unless the
                                 # pool runs --no-auth-proof)
  --auth-index 0 \               # optional: diversified-address index for the seed
  --pool 127.0.0.1:3335 \
  --max-shares 0 \               # exit after N accepted shares (0 = forever)
  --burst 200000                 # candidates per burst between socket polls

Note the default fee is 0% — the fee is an operator setting, not a project revenue stream. Consistent with everything else on this site: no revenue line of this project touches the token.

How to connect

Connecting a miner, end to end.

A short terminal walkthrough against the reference deployment at posternpool.com (stratum posternpool.com:3335, dashboard at posternpool.com): create a wallet with bloch-cli newwallet, build bloch-pool-miner, connect with your payout address and your wallet seed as --auth-seed (the pool requires an ownership proof by default — the seed signs a one-time challenge and is never sent), then watch shares land on the dashboard.

How to connect a miner to the Postern pool — tutorial (1:32, narrated, subtitled). Everything shown is reference, non-production software on the unaudited mainnet beta; the coin is worth nothing by design. Solo mining (bloch --mine) remains the default — don't concentrate hashrate on any single pool, this one included.

Custody, stated honestly

Procedural M-of-N — not threshold signing.

Pooled mining unavoidably means the pool address briefly custodies the coinbase until disbursement. Here is the honest state of the art for Bloch, with nothing pretended:

  • Cryptographic threshold signing is not available. Bloch's hybrid ML-DSA-65 ‖ Falcon-1024 signatures have no practical MPC/threshold construction today (2027+ research), and the chain is strictly single-signature P2PKH with no script system — on-chain k-of-n multisig needs a consensus change, roadmapped separately as GIP-008. Nothing in this pool pretends otherwise.
  • What ships instead is procedural: bloch-pool-keyshard splits the pool wallet's seed into 3 Shamir shares (any 2 reconstruct — the field math is the vetted sharks crate, not hand-rolled), one per custodian. This is seed recovery for disaster resilience: at recovery, and at every signing, the seed exists whole in one process on one machine. Run both offline.
  • The pool daemon itself is keyless by design. Credits are ledger entries, not payments; disbursing them is a manual wallet transaction under a documented dual-control procedure — the signing wallet lives on an isolated machine, two people approve every disbursement against the journal, and the custodied float is kept minimal by disbursing frequently.

The honest dashboard

A dashboard built to make lying harder.

The running daemon serves a self-contained HTML dashboard (no external assets) and the same numbers as JSON at /api/stats. To be clear about what that means: it is a server UI — it exists only where someone is running a pool. The reference deployment at posternpool.com serves one; any other pool's dashboard is whoever runs that pool — verify accordingly, or run your own.

What it shows is exactly what the ledger knows — per-miner shares, confirmed credits, the estimated next-block split, blocks with their pending/confirmed/orphaned status, node-rejected submissions, and the explicit pool take — plus:

  • an honest luck panel: expected blocks (Σ share-work / block-work) versus blocks actually found, pool-wide and per miner — so bad luck and statistical block withholding are visible instead of indistinguishable;
  • a rolling share-of-network estimate that escalates into the “move your hashrate elsewhere” warning as the pool nears the 51% line;
  • node health — seconds since the last good template; new miners get no work from a stale tip.

Two small honesty details: sat amounts in /api/stats are serialized as strings, because JS numbers lose exactness past 2^53 and an honesty tool must not do approximate arithmetic on debts; and the work-rate figure is labeled candidates/s, not hash/s, because a candidate (seed expansion + SIS residual gate + aux hash) is what it actually measures.

Honest limits

What this reference is not.

  • Not audited, not production. Same status as the chain itself. Advisor-flagged holes have been closed, but it has not seen adversarial production traffic.
  • The operator is still trusted. Nothing stops a fork from lying on its dashboard — verify pools by their behavior, or run your own. The ownership proof, session caps, rate caps, and bounded queues harden the miner-facing side only.
  • No vardiff. One fixed share difficulty for every miner: fast miners waste round trips, slow miners wait long between shares.
  • The journal is append-only and grows forever. Rotation and compaction are the operator's problem (one JSON object per line, trivially archivable).
  • Confirmation is canonical-hash-at-height — on a GhostDAG, a conservative approximation of coinbase spendability, not a full blue-set proof.
  • No TLS on stratum or the dashboard — if you expose either beyond localhost, terminate TLS at a reverse proxy, and keep the dashboard bound to loopback unless deliberately published.
  • Single upstream node, no failover — a down node means the pool logs, withholds stale work from new miners, and retries.
  • Manual payouts only. The daemon has no wallet and no keys, by design.

One last time

Mainnet beta — unaudited. The relaxed regime (k=4) currently applies — work is trivially forgeable; the k=8 hardening was activated at block 213,000 but reverted and will re-activate with a matched difficulty reduction. Low hashrate → 51%-attackable — which is exactly why this page tells you to spread hashrate, run solo, and never feed a majority pool. The coin is not a security and not an asset — no sale, no listing, no price, no value claim; 17% founder premine disclosed. Use at your own risk — the disclaimer wins.