Agreed. Monero's idea of slightly altering the PoW parameters every X months is just whack-a-mole, and doesn't sound like a proper development plan for any serious tech person. On the plus side, at least they are admitting that the PoW they devised to be ASIC-resistant in the past isn't very resistant now, because (omg) technology moves on. (Gosh, is it really 7 years since we developed the first Bitcoin FPGA miners? I still have that dev board lying around.)
For something arguably more ASIC-resistant, Boolberry has had its Wild Keccak for a few years, but I guess it's NIH for everyone else. Zcoin's upcoming MTP also looks interesting with its multi-gigabyte memory requirements. But even they won't be ASIC-proof forever -- remember when 640 KB was enough for everybody?
FYI, the current Monero team had nothing to do with devising the original algorithm.
No, but in a sense they did take credit for it by promoting the algorithm as such without making improvements to harden it, so the burden is theirs to carry just the same. I fully agree with teknohog's assumption that their decision to alter PoW parameters every quarter is flawed logic and shows level of amateur design and development going into Monero. It's no wonder why Edward Snowden classifies it as an amateur cryptocurrency project.
On the other hand Boolberry distanced itself from Cryptonight with the introduction of Wild Keccak which, just like the Monero traceability report relative to Boolberry's guaranteed output, shows level of understanding and foresight not present anywhere in Monero. Although both Cryptonight and Wild Keccak use weakened cryptographic primitives without any justification being provided by either authors; WK is a step in the right direction with regards to providing ASIC performance resistance over Cryptonight with its blockchain based scratchpad.
I feel it kind of did okay in holding off not only ASICs but even domination of CPUs by GPUs for four years, which is more than can be said for most if not all other algorithms which have tried that. But in the end the designers made some incorrect assumptions and it proved to be broken.
This isn't really just a question of technology moving on, as CPUs (and GPUs) have also improved significantly so ASICs had and have a moving target. But still the algorithm just did not do what it was supposed to do.
Holding off ASICs? No offense, but you seem to have a very basic understanding of algorithm design and ASIC development.. ASICs are ALWAYS possible regardless of the underlying algorithm. The idea of being "ASIC resistant" that somehow said algorithm prevents the design and development of an ASIC is a fallacy that's been regurgitated by armchair cryptographers across the cryptocurrency space.
The proper term should be "ASIC performance resistance" as the key to preventing hardware dominance is proper algorithm design for correct cost/benefit/performance analysis. I give crypto_zoidberg as free pass here with regards to him branding Wild Keccak as "ASIC resistant" due to his language barrier, no doubt he meant ASIC performance resistant vs typical terminologies.
Development of an ASIC is roughly 10m USD just to get to a prototype stage. If the end result is an ASIC that performs on par with its CPU or GPU counterparts then the algorithm still retains it's decentralized property thus can be classified as egalitarian. At that point it's purely a matter of who to support Intel, AMD or a new hardware manufacturer with an interest in said currency rather than a question of 100% performance gain over the former.
multi-gigabyte memory requirements
Large memory requirements will not in and of themselves make it ASIC resistant. If just the amount of memory is the the main issue, then ASIC builders can just attach a lot of cheap external memory as they are doing with Ethereum ASICs. (Not intended as a review of MTP generally, just the comment about memory usage.)
Again, nothing will make anything ASIC resistant in the typical terminology used by armchair cryptographers as ASIC development is always possible with any algorithm. Reducing hardware dominance to retain egalitarian properties can only be achieved with proper design. The easy fix here would be to adopt Wild Keccak as replacement for Monero's algorithm as it is a direct drop in replacement a worthy successor to Cryptonight.
Or the more logical approach would be to simply just take up an interest in Boolberry and support the superior project. Now that Crypto_zoidberg is back with a full team of developers to support him and the fundamental flaws present in Monero's design it's the only logical decision at this point. Instead of simply migrating to Monero's codebase like Aeon is doing, Zoidberg is making substantial improvements with his own unique LMDB implementation (due for release next week) which leaves 3 unique cryptonote codebases: Bytecoin, Monero and Boolberry.
https://github.com/cryptozoidberg/boolberry/branches(work on LMDB can be viewed on LMDB and LMDB_Core branches).
https://medium.com/@BoolberryBBR/boolberry-monthly-progress-report-march-ccb7d1433472
(Not intended as a review of MTP generally, just the comment about memory usage.)
Not taken as one, however, our our full review on MTP-Argon2 can be viewed at the ePrint below.
"Itsuku: a Memory-Hardened Proof-of-Work Scheme"
https://eprint.iacr.org/2017/1168What started as an initial review of Cryptonight, Wild Keccak and later MTP-Argon2 spiraled into full blown R&D of a new algorithm Itsuku. Over the course of the last year we've achieved 1/16th the proof size of the original MTP design and hardened it against all known attack vectors. We also provide proper hardware design for the algorithm. Among other things, the beauty of Itsuku is that memory bandwidth is the limiting factor, not the size, so even 64GiB over 4GiB will not see much improvement. This algorithm will be used in our upcoming Moneda [XMN] and Doubloon [XDB] reference projects. ZCoin and Turtlecoin are the only projects I know of waiting for us to release either reference project so they can use the algorithm in their system.
https://github.com/turtlecoin/meta/issues/74Feel free to read through it. In section 6, we briefly outline comparative analysis between Cryptonight, Wild Keccak and Itsuku. That will give you a better understanding of the underlying systems here. We plan on releasing another paper that focuses purely on Cryptonight vs Wild Keccak with improvements that will be made to the latter increase egalitarian properties however this will be released after only after our next paper is published.
In our initial discovery we've found that WK is much better suited than CN to retain said properties. As stated earlier the quick and easy solution would be to adopt WK but again at that point you'd be better off just supporting Boolberry as the original developer is back on the project full time.
