* [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm
@ 2015-10-02 8:02 Daniele Pinna
2015-10-02 8:20 ` Jorge Timón
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Daniele Pinna @ 2015-10-02 8:02 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 810 bytes --]
The following paper proposing an asymmetric memory-hard PoW had been
recently published:
http://eprint.iacr.org/2015/946.pdf
My intent is not to promote the paper as I have not finished studying it
myself. I am however interested in the dev-list's stance on potentially
altering the bitcoin PoW protocol should an algorithm that guarantees
protection from ASIC/FPGA optimization be found.
I assume that, given the large amount of money invested by some miners into
their industrial farms this would represent a VERY contentious hard fork.
It is, however, also true that a novel optimization-resistant algorithm
could greatly ameliorate decentralization in the bitcoin network due to a
resurgence of desktop/cellphone mining.
Where do the core devs stand on this matter, hypothetical as it may be?
Dpinna
[-- Attachment #2: Type: text/html, Size: 988 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:02 [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm Daniele Pinna @ 2015-10-02 8:20 ` Jorge Timón 2015-10-02 8:30 ` Adam Back ` (3 more replies) [not found] ` <CALqxMTH6r8eJN2Xw+nn1z=6x9Q3TRSQQ6ZMXsmHPyX8dNx+EgA@mail.gmail.com> 2015-10-02 21:31 ` Luke Dashjr 2 siblings, 4 replies; 12+ messages in thread From: Jorge Timón @ 2015-10-02 8:20 UTC (permalink / raw) To: Daniele Pinna; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 664 bytes --] On Oct 2, 2015 10:03 AM, "Daniele Pinna via bitcoin-dev" < bitcoin-dev@lists.linuxfoundation.org> wrote: > > should an algorithm that guarantees protection from ASIC/FPGA optimization be found. This is demonstrably impossible: anything that can be done with software can be done with hardware. This is computer science 101. And specialized hardware can always be more efficient, at least energy-wise. On the other hand, BIP99 explicitly contemplates "anti-miner hardforks" (obviously not for so called "ASIC-resistance" [an absurd term coined to promote some altcoins], but just for restarting the ASIC and mining market in case mining becomes too centralized). [-- Attachment #2: Type: text/html, Size: 838 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:20 ` Jorge Timón @ 2015-10-02 8:30 ` Adam Back 2015-10-02 8:31 ` Daniele Pinna ` (2 subsequent siblings) 3 siblings, 0 replies; 12+ messages in thread From: Adam Back @ 2015-10-02 8:30 UTC (permalink / raw) To: Jorge Timón; +Cc: Bitcoin Dev, Daniele Pinna See also https://www.reddit.com/r/Bitcoin/comments/3n5nws/research_paper_asymmetric_proofofwork_based_on/cvl922x Adam On 2 October 2015 at 10:20, Jorge Timón <bitcoin-dev@lists.linuxfoundation.org> wrote: > > On Oct 2, 2015 10:03 AM, "Daniele Pinna via bitcoin-dev" > <bitcoin-dev@lists.linuxfoundation.org> wrote: >> >> should an algorithm that guarantees protection from ASIC/FPGA optimization >> be found. > > This is demonstrably impossible: anything that can be done with software can > be done with hardware. This is computer science 101. > And specialized hardware can always be more efficient, at least energy-wise. > > On the other hand, BIP99 explicitly contemplates "anti-miner hardforks" > (obviously not for so called "ASIC-resistance" [an absurd term coined to > promote some altcoins], but just for restarting the ASIC and mining market > in case mining becomes too centralized). > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:20 ` Jorge Timón 2015-10-02 8:30 ` Adam Back @ 2015-10-02 8:31 ` Daniele Pinna 2015-10-02 10:46 ` NxtChg 2015-10-02 16:38 ` Peter R 3 siblings, 0 replies; 12+ messages in thread From: Daniele Pinna @ 2015-10-02 8:31 UTC (permalink / raw) To: Jorge Timón; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 930 bytes --] Interesting! I didn't notice BIP 99's anti-miner hardfork proposal.... thanks for pointing it out to me. Dpinna Daniele Pinna, Ph.D On Fri, Oct 2, 2015 at 10:20 AM, Jorge Timón <jtimon@jtimon.cc> wrote: > > On Oct 2, 2015 10:03 AM, "Daniele Pinna via bitcoin-dev" < > bitcoin-dev@lists.linuxfoundation.org> wrote: > > > > should an algorithm that guarantees protection from ASIC/FPGA > optimization be found. > > This is demonstrably impossible: anything that can be done with software > can be done with hardware. This is computer science 101. > And specialized hardware can always be more efficient, at least > energy-wise. > > On the other hand, BIP99 explicitly contemplates "anti-miner hardforks" > (obviously not for so called "ASIC-resistance" [an absurd term coined to > promote some altcoins], but just for restarting the ASIC and mining market > in case mining becomes too centralized). > [-- Attachment #2: Type: text/html, Size: 1498 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:20 ` Jorge Timón 2015-10-02 8:30 ` Adam Back 2015-10-02 8:31 ` Daniele Pinna @ 2015-10-02 10:46 ` NxtChg 2015-10-02 11:00 ` Jorge Timón 2015-10-02 16:38 ` Peter R 3 siblings, 1 reply; 12+ messages in thread From: NxtChg @ 2015-10-02 10:46 UTC (permalink / raw) To: Jorge Timón, Daniele Pinna; +Cc: Bitcoin Dev >...obviously not for so called "ASIC-resistance" [an absurd term coined to promote some altcoins] Yet another fallacy of "all-or-nothing" thinking, which is so abundant in the Core camp. The fact that you can build ASIC for any kind of algorithm _in_theory_ doesn't mean you can't make it _arbitrary_hard_ in practice. So I would tone down the arrogance a bit. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 10:46 ` NxtChg @ 2015-10-02 11:00 ` Jorge Timón 0 siblings, 0 replies; 12+ messages in thread From: Jorge Timón @ 2015-10-02 11:00 UTC (permalink / raw) To: NxtChg; +Cc: Bitcoin Dev, Daniele Pinna [-- Attachment #1: Type: text/plain, Size: 688 bytes --] On Oct 2, 2015 12:46 PM, "NxtChg" <nxtchg@hush.com> wrote: > > > >...obviously not for so called "ASIC-resistance" [an absurd term coined to promote some altcoins] > > Yet another fallacy of "all-or-nothing" thinking, which is so abundant in the Core camp. > > The fact that you can build ASIC for any kind of algorithm _in_theory_ doesn't mean you can't make it _arbitrary_hard_ in practice. > > So I would tone down the arrogance a bit. > ASIC-RESISTANCE is simply not possible, I'm sorry if that position strikes you as arrogant. Note that I didn't say anything about memory-hard, which is possible (but not necessarily preferrable to simple-to-implement-in-hardware pow algorithms). [-- Attachment #2: Type: text/html, Size: 901 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:20 ` Jorge Timón ` (2 preceding siblings ...) 2015-10-02 10:46 ` NxtChg @ 2015-10-02 16:38 ` Peter R 3 siblings, 0 replies; 12+ messages in thread From: Peter R @ 2015-10-02 16:38 UTC (permalink / raw) To: Jorge Timón; +Cc: Bitcoin Dev, Daniele Pinna [-- Attachment #1: Type: text/plain, Size: 1430 bytes --] > On Oct 2, 2015, at 1:20 AM, Jorge Timón via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > On Oct 2, 2015 10:03 AM, "Daniele Pinna via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote: > > should an algorithm that guarantees protection from ASIC/FPGA optimization be found. > This is demonstrably impossible: anything that can be done with software can be done with hardware. This is computer science 101. And specialized hardware can always be more efficient, at least energy-wise. > I encourage Alex and Dmitry to consider submitting their paper to Ledger, where it will be reviewed objectively and with an open mind. The authors have motivated their work, framed it in its scholarly context, and made explicit the contributions their paper makes. Their manuscript, "Asymmetric proof-of-work based on the Generalized Birthday problem," clearly represents a great deal of work by the authors and I commend them for their efforts. In the link Adam Back provided, Greg Maxwell mentioned that “it is far from clear that 'memory hardness' is actually a useful goal.” I agree with this statement; however, regardless of whether memory hardness turns out to be a useful goal in regards to cryptocurrency or not, a paper analyzing memory-hard proof-of-work schemes is certainly useful in helping us to figure that out. Best regards, Peter [-- Attachment #2: Type: text/html, Size: 2146 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
[parent not found: <CALqxMTH6r8eJN2Xw+nn1z=6x9Q3TRSQQ6ZMXsmHPyX8dNx+EgA@mail.gmail.com>]
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm [not found] ` <CALqxMTH6r8eJN2Xw+nn1z=6x9Q3TRSQQ6ZMXsmHPyX8dNx+EgA@mail.gmail.com> @ 2015-10-02 8:30 ` Daniele Pinna 2015-10-02 16:45 ` Gregory Maxwell 0 siblings, 1 reply; 12+ messages in thread From: Daniele Pinna @ 2015-10-02 8:30 UTC (permalink / raw) To: Adam Back, bitcoin-dev [-- Attachment #1: Type: text/plain, Size: 2098 bytes --] The recently published paper I referenced cite's the Cuckoo cycle algorithm, discusses its limitations and explains how their proposed algorithm greatly improves on it. Again.... you're probably in a WAYYY better position to judge this than I am. My question was purely hypothetical as I wanted to know where the core devs stand on flipping the mining ecosystem upside down. Thanks for your link though, I'll read it right now (before finishing the research article i posted :) ). Daniele Daniele Pinna, Ph.D On Fri, Oct 2, 2015 at 10:14 AM, Adam Back <adam@cypherspace.org> wrote: > There are papers demonstrating this "protection from ASIC/FPGA > optimization" to be basically impossible > https://download.wpsoftware.net/bitcoin/asic-faq.pdf and yet people > keep trying... > > See also John Tromps cuckoo cycle paper, seems close to the best you > could expect from memory hard. > > Adam > > On 2 October 2015 at 10:02, Daniele Pinna via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: > > The following paper proposing an asymmetric memory-hard PoW had been > > recently published: > > > > http://eprint.iacr.org/2015/946.pdf > > > > My intent is not to promote the paper as I have not finished studying it > > myself. I am however interested in the dev-list's stance on potentially > > altering the bitcoin PoW protocol should an algorithm that guarantees > > protection from ASIC/FPGA optimization be found. > > > > I assume that, given the large amount of money invested by some miners > into > > their industrial farms this would represent a VERY contentious hard fork. > > > > It is, however, also true that a novel optimization-resistant algorithm > > could greatly ameliorate decentralization in the bitcoin network due to a > > resurgence of desktop/cellphone mining. > > > > Where do the core devs stand on this matter, hypothetical as it may be? > > > > Dpinna > > > > > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > [-- Attachment #2: Type: text/html, Size: 3209 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:30 ` Daniele Pinna @ 2015-10-02 16:45 ` Gregory Maxwell 2015-10-02 21:37 ` Dave Scotese 0 siblings, 1 reply; 12+ messages in thread From: Gregory Maxwell @ 2015-10-02 16:45 UTC (permalink / raw) To: Daniele Pinna; +Cc: Bitcoin Dev On Fri, Oct 2, 2015 at 8:30 AM, Daniele Pinna via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > The recently published paper I referenced cite's the Cuckoo cycle algorithm, > discusses its limitations and explains how their proposed algorithm greatly > improves on it. They discuss a very old version of the Cuckoo cycle paper, and I believe none of their analysis is applicable to the most recent revision. :( In any case, I commented more about functions of this class here: https://www.reddit.com/r/Bitcoin/comments/3n5nws/research_paper_asymmetric_proofofwork_based_on/cvl922x I don't believe changing the POW function is impossible in principle, but I expect it would only happen due to problems with the composition of current hash-power and not even if it were universally agreed that some other construction were technically better (though that is a high bar.) ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 16:45 ` Gregory Maxwell @ 2015-10-02 21:37 ` Dave Scotese 0 siblings, 0 replies; 12+ messages in thread From: Dave Scotese @ 2015-10-02 21:37 UTC (permalink / raw) To: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 4108 bytes --] If the PoW function is changed, it ought to change slowly so as not to drop a brick wall in front of the miners speeding toward the ever-receding goal of protecting the blockchain. Who's going to get on that path if the bitcoin community does that? But it can be done slowly. If most of the entries is the list of possible PoW functions are double-SHA256, then the few that aren't will offer the healthy goal sought by those who like the idea of changing it. The healthy goal is for general computing machines to help protect the blockchain in an incentivized way. There's a sick goal too, which is to destroy large investments in mining. I hope no one has that goal. At http://bitcoin.stackexchange.com/questions/35679/is-it-possible-to-make-pow-asic-resistant-through-dynamically-generated-hash-cha/40475#40475 I proposed that ongoing competitions for the creation of new hash algorithms could feed an ASIC-resistant PoW, defined using the as-yet-unknowable winners of such competitions. It is possible to make an ASIC resistant algorithm, but it isn't a programmable algorithm - it's one that requires human intervention. The hash of the next block is a good example - there's no programmable algorithm that can find it because too much human intervention is required, but it's an algorithm well-enough defined for us to build a billion dollar system on top of it. That being said, I've started looking at two different kinds of decentralization. The literal actually-in-different-places kind is categorically different than the much more important, virtual impervious-to-coercion kind. The behavior of the "centralized" oil cartel is a good example. The participants cheat. This is a fundamental principle in the debate between free-marketeers and authoritarians regarding the emergence of monopoly. Without coercion, monopolies fall apart. There's nothing coercive about our use of the double-SHA256, so in my mind, the centralization it has so far produced is not dangerous. It's scary, sure, but until coercion is used to prevent me and my friends from buying our own ASICs, it remains impervious to coercion. Sorry for the long email that didn't make any apparent progress. The thinking is what matters to me, and seeing two kinds of decentralization and recognizing that a change in PoW can be slow enough to avoid hurting existing miners are items I haven't seen anyone else recognize, so I had to bring them up. notplato On Fri, Oct 2, 2015 at 9:45 AM, Gregory Maxwell via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Fri, Oct 2, 2015 at 8:30 AM, Daniele Pinna via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: > > The recently published paper I referenced cite's the Cuckoo cycle > algorithm, > > discusses its limitations and explains how their proposed algorithm > greatly > > improves on it. > > They discuss a very old version of the Cuckoo cycle paper, and I > believe none of their analysis is applicable to the most recent > revision. :( > > In any case, I commented more about functions of this class here: > > https://www.reddit.com/r/Bitcoin/comments/3n5nws/research_paper_asymmetric_proofofwork_based_on/cvl922x > > I don't believe changing the POW function is impossible in principle, > but I expect it would only happen due to problems with the composition > of current hash-power and not even if it were universally agreed that > some other construction were technically better (though that is a high > bar.) > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > -- I like to provide some work at no charge to prove my value. Do you need a techie? I own Litmocracy <http://www.litmocracy.com> and Meme Racing <http://www.memeracing.net> (in alpha). I'm the webmaster for The Voluntaryist <http://www.voluntaryist.com> which now accepts Bitcoin. I also code for The Dollar Vigilante <http://dollarvigilante.com/>. "He ought to find it more profitable to play by the rules" - Satoshi Nakamoto [-- Attachment #2: Type: text/html, Size: 5489 bytes --] ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 8:02 [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm Daniele Pinna 2015-10-02 8:20 ` Jorge Timón [not found] ` <CALqxMTH6r8eJN2Xw+nn1z=6x9Q3TRSQQ6ZMXsmHPyX8dNx+EgA@mail.gmail.com> @ 2015-10-02 21:31 ` Luke Dashjr 2015-10-02 23:19 ` Milly Bitcoin 2 siblings, 1 reply; 12+ messages in thread From: Luke Dashjr @ 2015-10-02 21:31 UTC (permalink / raw) To: bitcoin-dev, Daniele Pinna On Friday, October 02, 2015 8:02:43 AM Daniele Pinna via bitcoin-dev wrote: > I am however interested in the dev-list's stance on potentially > altering the bitcoin PoW protocol should an algorithm that guarantees > protection from ASIC/FPGA optimization be found. > > I assume that, given the large amount of money invested by some miners into > their industrial farms this would represent a VERY contentious hard fork. > > It is, however, also true that a novel optimization-resistant algorithm > could greatly ameliorate decentralization in the bitcoin network due to a > resurgence of desktop/cellphone mining. > > Where do the core devs stand on this matter, hypothetical as it may be? Besides ASIC-proof being even tehoretically impossible, assuming we had a PoW that worked using mere RAM-as-the-ASIC, this would probably not be good in the long term for decentralisation, as it is only a matter of time until botnets would bankrupt all the legitimate miners out of operation. Restarting the mining with a new algorithm as a reaction and defence against centralised hoarding of mining ASICs (as we are seeing now), would be acceptable. It would not necessarily be contentions *to the economy*, as such hoarding-miners do not participate in the economy in any meaningful way (they do not accept payments from other bitcoin users). Luke ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm 2015-10-02 21:31 ` Luke Dashjr @ 2015-10-02 23:19 ` Milly Bitcoin 0 siblings, 0 replies; 12+ messages in thread From: Milly Bitcoin @ 2015-10-02 23:19 UTC (permalink / raw) To: bitcoin-dev > Restarting the mining with a new algorithm as a reaction and defence against > centralised hoarding of mining ASICs (as we are seeing now), would be > acceptable. It would not necessarily be contentions *to the economy*, as such > hoarding-miners do not participate in the economy in any meaningful way (they > do not accept payments from other bitcoin users). > > Luke I don't see any basis for these claims. Under this theory developers also do not "participate in the economy" either. These are questions for economists and not developers. Maybe "we" could change the language of Core to prevent the centralization of developers? Maybe switch over to FORTRAN? lol Russ ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2015-10-02 23:19 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-02 8:02 [bitcoin-dev] Dev-list's stance on potentially altering the PoW algorithm Daniele Pinna
2015-10-02 8:20 ` Jorge Timón
2015-10-02 8:30 ` Adam Back
2015-10-02 8:31 ` Daniele Pinna
2015-10-02 10:46 ` NxtChg
2015-10-02 11:00 ` Jorge Timón
2015-10-02 16:38 ` Peter R
[not found] ` <CALqxMTH6r8eJN2Xw+nn1z=6x9Q3TRSQQ6ZMXsmHPyX8dNx+EgA@mail.gmail.com>
2015-10-02 8:30 ` Daniele Pinna
2015-10-02 16:45 ` Gregory Maxwell
2015-10-02 21:37 ` Dave Scotese
2015-10-02 21:31 ` Luke Dashjr
2015-10-02 23:19 ` Milly Bitcoin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox