From: Bram Cohen <bram@bittorrent.com>
To: Erik Aronesty <erik@q32.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] A Small Modification to Segwit
Date: Mon, 10 Apr 2017 07:34:47 -0700 [thread overview]
Message-ID: <CA+KqGko1cWoe=31udzVSg8cdb2Do7CW4Gq_7WODsMOC=3Y1kTg@mail.gmail.com> (raw)
In-Reply-To: <CAJowKg+tYK9j5LTwokMGutD+-SjBQ70U=X7rqHMGSeaG2NEo9A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2009 bytes --]
On Sun, Apr 9, 2017 at 11:44 AM, Erik Aronesty via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> Clearly a level-playing field is critical to keeping centralization from
> being a "defining feature" of Bitcoin over the long term. I've heard the
> term "level playing field" bandied about quite a bit. And it seems to me
> that the risk of state actor control and botnet attacks is less than
> state-actor manipulation of specialized manufacturing of "SHA-256 forever"
> hardware. Indeed, the reliance on a fairly simple hash seems less and
> less likely a "feature" and more of a baggage.
>
>
Whatever your hashing function the bottleneck for mining will be power.
Equihash and Cuckoo are serious attempts at making custom hardware have no
benefit over commodity hardware, but that's more about getting rid of
custom hardware manufacturers than it is about mining decentralization,
although arguably if successful it might let botnets back in, which would
improve decentralization. While those have been surprisingly successful at
resisting hardware so far, they might eventually fall as well, and if they
do they'll have even worse properties of centralizing around a mining
hardware manufacturer than sha256 does.
It would be much safer to go the other way, to a PoW function whose best
hardware implementation is particularly straightforward and well
understood. In that case it would be best to go with sha3. Sha3 also has
the benefit of using the sponge construction, which makes it particularly
resistant to asciboost-type attacks. It was picked out specifically because
its design from a security standpoint was particularly
confidence-inspiring, and in this case it actually makes a difference.
Arguably you could also go with blake2b, whose 1024 bit block size
completely obviates the asicboost concern entirely by cramming everything
into a single block. That also might have an even simpler design in
hardware than sha3, but a real expert would need to opine on that one.
[-- Attachment #2: Type: text/html, Size: 2437 bytes --]
next prev parent reply other threads:[~2017-04-10 14:34 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-07 20:06 [bitcoin-dev] A Small Modification to Segwit Jimmy Song
2017-04-08 0:05 ` Jimmy Song
2017-04-08 14:59 ` Luke Dashjr
2017-04-08 15:17 ` Jimmy Song
2017-04-08 16:05 ` Luke Dashjr
2017-04-08 16:16 ` Jimmy Song
2017-04-08 16:19 ` Timo Hanke
2017-04-08 1:48 ` praxeology_guy
2017-04-08 2:46 ` Jimmy Song
2017-04-08 8:33 ` Pavel Moravec
2017-04-08 14:35 ` Jimmy Song
2017-04-08 16:38 ` Pavel Moravec
2017-04-08 22:19 ` Jimmy Song
2017-04-08 18:15 ` praxeology_guy
2017-04-08 18:51 ` Eric Voskuil
2017-04-08 20:38 ` praxeology_guy
2017-04-09 11:46 ` Jorge Timón
2017-04-08 16:27 ` Jorge Timón
2017-04-08 17:22 ` Jorge Timón
2017-04-08 22:26 ` Jimmy Song
2017-04-09 11:48 ` Jorge Timón
2017-04-09 14:01 ` Jimmy Song
[not found] ` <CABm2gDqfsBREj2x5Uz9hxwt-Y6m=KHd2-hRw4gV0CbO+-8B0dg@mail.gmail.com>
2017-04-10 9:16 ` Jorge Timón
2017-04-09 18:44 ` Erik Aronesty
2017-04-09 21:16 ` Jared Lee Richardson
2017-04-09 23:51 ` David Vorick
2017-04-10 0:20 ` Erik Aronesty
2017-04-10 1:45 ` Thomas Daede
2017-04-10 14:34 ` Bram Cohen [this message]
2017-04-10 14:46 ` Bram Cohen
2017-04-10 15:25 ` g
2017-04-10 18:17 ` Erik Aronesty
2017-04-11 2:39 ` g
2017-04-11 18:39 ` Staf Verhaegen
2017-04-11 9:31 ` Sancho Panza
2017-04-11 13:00 ` Jorge Timón
2017-04-11 7:59 ` Tom Zander
2017-04-11 13:25 ` Sancho Panza
2017-04-11 14:40 ` Jimmy Song
2017-04-11 21:25 ` Jorge Timón
2017-04-11 23:42 ` Jimmy Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+KqGko1cWoe=31udzVSg8cdb2Do7CW4Gq_7WODsMOC=3Y1kTg@mail.gmail.com' \
--to=bram@bittorrent.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=erik@q32.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox