Pages:
Author

Topic: [ANN] Bitcoin PoW Upgrade Initiative - page 11. (Read 42931 times)

newbie
Activity: 25
Merit: 0
March 19, 2017, 01:45:01 PM
#38
Thank you for taking the initiative on this.
legendary
Activity: 1204
Merit: 1002
Gresham's Lawyer
March 19, 2017, 01:32:31 PM
#37
The concern I have with it is that there is already a FPGA developed with Equihash, and we dont want future ASICs/FPGA's from alts attacking bitcoin,

I doubt that this is true. Can you point me to where you heard that?

You should probably think carefully and make up your mind whether decentralization or 51%-attack-resistance are more important to you:

https://bitcoinmagazine.com/articles/zcash-creator-on-the-upcoming-zcash-launch-privacy-and-the-unfinished-internet-revolution-1472568389/

(Search in text for "fundamental trade-off".)

Zooko has a point here.  There are trade-offs, but these are only some of the concerns.
Take Monero for example.  It is CPU/GPU but the CPUs do better for the money invested.
The issue with it is that it is highly mined by botnet.

If Bitcoin goes the CPU route with its economic heft, it will encourage botnet mining to a significantly greater extent.  This could have consequences for public relations, legality, VC investment appetite and other problematic results.

If the goal is to 'forever end the specter of miner influence on development direction', CPU PoW change might not be radical enough of a change, Bitcoin might have to go one of the more tested PoS methods, or find another solution to the Byzantine General problem.

If PoS is chosen, the longest successful, tried and tested PoS chain is probably Bitshares, which was refined again for Steem.

If a CPU PoS is chosen, may the governments of the world have mercy upon Bitcoin.
hero member
Activity: 690
Merit: 505
Cryptorials.io
March 19, 2017, 01:02:00 PM
#36
Have you guys looked at Cuckoo cycle?

FWIW we evaluated Cuckoo as well for Zcash, and it was a strong second-place contender. There wasn't really anything wrong with it — it just didn't seem to have quite as much of a rigorous scientific analysis as Equihash. However, that is a very subjective thing for me to say. You could argue (and Cuckoo's author, John Tromp, does argue persuasively) that Cuckoo's history of analysis and refinement is better than Equihash's.

Interesting to hear that, thanks for sharing.

If anyone's interested Aeternity has a testnet running using Cuckoo Cycle https://github.com/aeternity/testnet
newbie
Activity: 20
Merit: 0
March 19, 2017, 12:42:02 PM
#35
Have you guys looked at Cuckoo cycle?

FWIW we evaluated Cuckoo as well for Zcash, and it was a strong second-place contender. There wasn't really anything wrong with it — it just didn't seem to have quite as much of a rigorous scientific analysis as Equihash. However, that is a very subjective thing for me to say. You could argue (and Cuckoo's author, John Tromp, does argue persuasively) that Cuckoo's history of analysis and refinement is better than Equihash's.
legendary
Activity: 994
Merit: 1035
March 19, 2017, 12:34:22 PM
#34
I doubt that this is true. Can you point me to where you heard that?


Still more of a rumor, but I would not be surprised ... FPGA and ASIC development will be much quicker in the future, if anything the only thing keeping ASICs away from ETHhash is Vitalk's threat to switch to PoS

https://twitter.com/ZcashMiner/status/815512912546541568


You should probably think carefully and make up your mind whether decentralization or 51%-attack-resistance are more important to you:

https://bitcoinmagazine.com/articles/zcash-creator-on-the-upcoming-zcash-launch-privacy-and-the-unfinished-internet-revolution-1472568389/

(Search in text for "fundamental trade-off".)



yes, I agree... something to think about
newbie
Activity: 20
Merit: 0
March 19, 2017, 12:31:57 PM
#33
The concern I have with it is that there is already a FPGA developed with Equihash, and we dont want future ASICs/FPGA's from alts attacking bitcoin,

I doubt that this is true. Can you point me to where you heard that?

You should probably think carefully and make up your mind whether decentralization or 51%-attack-resistance are more important to you:

https://bitcoinmagazine.com/articles/zcash-creator-on-the-upcoming-zcash-launch-privacy-and-the-unfinished-internet-revolution-1472568389/

(Search in text for "fundamental trade-off".)
legendary
Activity: 994
Merit: 1035
March 19, 2017, 12:20:04 PM
#32
Interesting altcoin proposal, when can I mine it?

Any idea when Poloniex will list it?

It will not be able to be mined for profit , and not listings on exchanges. If the testnet coins for this testnet start to find value for some odd reason we will reset it just like in bitcoins main testnet.

IF we are forced to carry out this HF , than yes, there will be 3 coins / chains ... with 2 new alts created, this , BTU , and the original chain. All three groups will likely fight over the "bitcoin" brand

Have you guys looked at Cuckoo cycle?

It has very strong ASIC-resistance and even a phone can mine without orders of magnitude loss in efficiency:

"The most cost effective Cuckoo Cycle mining hardware should consist of a relatively cheap and tiny many core memory controller that needs to be paired with commodity DRAM chips, where the latter dominate both the hardware and energy cost (about 1 Watt per DRAM chip)"

https://github.com/tromp/cuckoo

Another good candidate.
hero member
Activity: 690
Merit: 505
Cryptorials.io
March 19, 2017, 12:20:01 PM
#31
Have you guys looked at Cuckoo cycle?

It has very strong ASIC-resistance and even a phone can mine without orders of magnitude loss in efficiency:

"The most cost effective Cuckoo Cycle mining hardware should consist of a relatively cheap and tiny many core memory controller that needs to be paired with commodity DRAM chips, where the latter dominate both the hardware and energy cost (about 1 Watt per DRAM chip)"

https://github.com/tromp/cuckoo
newbie
Activity: 6
Merit: 0
March 19, 2017, 12:17:46 PM
#30
I think it's interesting how Myriad Coin attempts to introduce a plethora of POW algorithms

We want 1 secure algo , not many as that would make bitcoin more insecure


  We just do this a few times... pick some new hash function with a HF... re-decentralize mining-- until it becomes clear that in general, it is not profitable to develop specialized mining hardware... so maybe we have to do it less in the future. maybe eventually never.

Asics will happen regardless, and we do not want to have developers forcing HF changes on the community because this opens up an attack surface. A pow HF must individually be decided upon by economic users, and preferably as a reaction after an attack occurs.

Agreed-- I'm not suggesting developers lobby for the POW changes. Obviously, this has to be a grassroots economic stakeholder driven process. I proposed a few mechanisms whereby the POW is somewhat dynamic to avoid the normalization of HFs in the context of, perhaps unavoidable, hardware optimization. In a perfect world, we wouldn't even have the need for this dialogue today.

Though, today, it is becoming clear that high percentage miners can hold the network ransom and make all kinds of DOS threats, so I'm not sure exactly what constitutes an attack from your perspective.
hero member
Activity: 667
Merit: 500
March 19, 2017, 12:17:07 PM
#29
Interesting altcoin proposal, when can I mine it?

Any idea when Poloniex will list it?
legendary
Activity: 994
Merit: 1035
March 19, 2017, 12:08:44 PM
#28
I think it's interesting how Myriad Coin attempts to introduce a plethora of POW algorithms

We want 1 secure algo , not many as that would make bitcoin more insecure


  We just do this a few times... pick some new hash function with a HF... re-decentralize mining-- until it becomes clear that in general, it is not profitable to develop specialized mining hardware... so maybe we have to do it less in the future. maybe eventually never.

Asics will happen regardless, and we do not want to have developers forcing HF changes on the community because this opens up an attack surface. A pow HF must individually be decided upon by economic users, and preferably as a reaction after an attack occurs.
newbie
Activity: 6
Merit: 0
March 19, 2017, 12:06:35 PM
#27
Although I never really took the coin seriously due to their spammy and scammy sounding marketing, I think it's interesting how Myriad Coin attempts to introduce a plethora of POW algorithms... Something like this... an integrated feature whereby it is trivial for nodes to introduce new POWs, which all maintain their own difficulty is interesting in this context:

It appears to be the case that any one choice of POW will lead to eventual hardware specialization, and the way to fight this is to add hooks to make investment in any one hardware specialization scheme ineffective. Dynamic POW may achieve this.

I'm no expert on the hardware implementation of ASIC SHA, and have read earlier in this thread that simply switching to 3xSHA2 would be enough to break current hardware optimizations... what if the dynamic POW affected the depth of SHA required to find a hash?

To summarize, a few ways forward include:

1)  Nodes choose POW dynamically... some single algorithm... valid for some number of blocks... before switching to a different one. Nodes communicate, perhaps with POS backing... which POW they currently accept?

2)  Difficulty is assessed in both nonce as well as hash depth... though it would seem to me that it would be possible to develop specialized hardware which can perform sequential SHA calculations... (now that I think about it... why isn't this possible with current SHA2 chips?)

3)  We just do this a few times... pick some new hash function with a HF... re-decentralize mining-- until it becomes clear that in general, it is not profitable to develop specialized mining hardware... so maybe we have to do it less in the future. maybe eventually never.
legendary
Activity: 994
Merit: 1035
March 19, 2017, 11:57:58 AM
#26
Is this for real or is this a joke?


Dead serious. Should have been done years ago as we knew this moment may come.

"Speak softly, but carry a big stick"

We should welcome the miners back in a coin vote and forgive them for their miscalculation, but Jihan is threatening to attack the minority chain and steal funds from users on cores slack and twitter. He made multiple threats, may be bluffing , but we have to treat this seriously for him or any other attacker in the future. 
donator
Activity: 674
Merit: 523
March 19, 2017, 11:47:09 AM
#25
Is this for real or is this a joke?
legendary
Activity: 994
Merit: 1035
March 19, 2017, 11:43:54 AM
#24
Since most of you obviously haven't read it, let me direct your attention to Section 6 of the Bitcoin white paper:

Quote from: Bitcoin: A Peer-to-Peer Electronic Cash System, Section 6
The incentive may help encourage nodes to stay honest.
If a greedy attacker is able to assemble more CPU power than all the honest nodes,
he would have to choose between using it to defraud people by stealing back his payments,
or using it to generate new coins.

He ought to find it more profitable to play by the rules,
such rules that favour him with more new coins than everyone else combined,
than to undermine the system and the validity of his own wealth.



Satoshi isn't infallible or god ... wise , yes, but made plenty of mistakes along the way ...

here is a list of the flaws from the whitepaper-
https://gist.github.com/harding/dabea3d83c695e6b937bf090eddf2bb3
https://github.com/bitcoin-dot-org/bitcoin.org/issues/1325
newbie
Activity: 6
Merit: 0
March 19, 2017, 11:40:06 AM
#23
Since most of you obviously haven't read it, let me direct your attention to Section 6 of the Bitcoin white paper:

Quote from: Bitcoin: A Peer-to-Peer Electronic Cash System, Section 6
The incentive may help encourage nodes to stay honest.
If a greedy attacker is able to assemble more CPU power than all the honest nodes,
he would have to choose between using it to defraud people by stealing back his payments,
or using it to generate new coins.

He ought to find it more profitable to play by the rules,
such rules that favour him with more new coins than everyone else combined,
than to undermine the system and the validity of his own wealth.



Satoshi wasn't accounting for extrinsic economic motivations or shortcomings in miners' ability to assess what is in their own best interest.
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
March 19, 2017, 11:37:08 AM
#22
I think a hardfork change is too drastic, and will certainly end in a contentious hard fork.  A POW change light can be implemented as a soft fork by a requirement for an extra proof of work of a different type in the coinbase transaction or in another special transaction.  This will encourage cooperation between miners having lots of specialized SHA256 hardware and users mining the extra proof of work on their CPUs.
Good thoughts but miners will never approve this proposal with BIP 9 and I doubt even 51% so would need to be a UASF , whicj will likely end up as a HF only . This proposal is more of a HF in reaction to a 51% attack from miners which would not be as controversial.
The current miners will still have a huge advantage with the extra-POW soft-fork model, since SHA256 hashing power as well is required to find blocks, so I think a large enough economic majority will make the current miners come along in a UASF.  The miners have no interest in mining worthless coins after all.  They will have to share their power and some of their income with CPU miners, since none of them can operate alone, but will likely still have most of the payout.  It is easier to recruit another CPU miner for peanuts, than getting enough ASIC hashing power to compete at the current difficulty.  The most challenging task here is to find the right balance between first and second POW difficulty, and how to adjust this autonomously in a way compatible with the current difficulty adjustment scheme.
legendary
Activity: 994
Merit: 1035
March 19, 2017, 11:21:20 AM
#21
If you're looking for a new Proof-of-Work, I can recommend the Equihash Proof-of-Work that we selected for Zcash.

Thank you for the suggestion.
I like how both Ethereum's Dagger-Hashimoto ethash and Equihash have both been relatively well tested in the wild. The concern I have with it is that there is already a FPGA developed with Equihash, and we dont want future ASICs/FPGA's from alts attacking bitcoin, but than again perhaps there could be a benefit to merge mining with either ETC or Zcash for better security .

Something to consider, definitely.

No need to be fancy, just triple SHA256 would be enough to change the current dynamic and not deviate too much from Satoshi's plan.
Hmm... but either way , this introduces the same costs and risks as Keccak and at least we can delay ASICs a bit more with Keccack
nvK
sr. member
Activity: 381
Merit: 259
March 19, 2017, 11:17:30 AM
#20
No need to be fancy, just triple SHA256 would be enough to change the current dynamic and not deviate too much from Satoshi's plan.
newbie
Activity: 20
Merit: 0
March 19, 2017, 11:12:58 AM
#19
If you're looking for a new Proof-of-Work, I can recommend the Equihash Proof-of-Work that we selected for Zcash.

We studied Proof-of-Work functions for a long time, chose Equihash (https://z.cash/blog/why-equihash.html), hired a legendary hacker to study it and write his evaluation (https://z.cash/blog/the-zcash-equihash-analysis.html), gave out $30,000 dollars in bounties to make the best implementations for CPU and GPU (https://z.cash/blog/announcing-miner-contest.html), got lots of good open source implementations (https://zcashminers.org/submissions), launched the network (https://z.cash/blog/zcash-begins.html), and mining has been working very well at scale ever since (http://www.coinwarz.com/network-hashrate-charts/zcash-network-hashrate-chart).

The reasons we chose Equihash are:

* it is memory-oriented rather than computation-oriented which makes it less cost-efficient to implement in ASIC,
* it is asymmetric, meaning that verifying a solution is much cheaper than generating that solution (_even_ starting from the nonce that generates that solution); In particular it requires substantial RAM (hundreds of MB, depending on parameter choices) to generate a solution (or an attempted solution), but it does not require that much RAM to verify a solution. This may be useful for constrained implementations such as SPV wallets in constrained hardware, implementation inside the Ethereum VM, etc.
* it has a good level of scientific investigation behind it, which makes me think it relatively unlikely than an algorithmic breakthrough would enable someone to find solutions much cheaper than the competition. This has been born out by the experience of live Zcash mining, where developers have made tremendous progress on micro-optimization, but as far as we know no algorithmic breakthroughs.

A reason to choose Equihash is that you benefit from the all of the research and implementation work described above. There are many well-tested implementations available, both open source and proprietary.
Pages:
Jump to: