Author

Topic: [ANN][BLC] Blakecoin Blake-256 for GPU/FPGA With Merged Mined Pools Stable Net - page 134. (Read 409641 times)

legendary
Activity: 1509
Merit: 1030
Solutions Architect
no problem bzyzny you have quite a good understanding about crypto stuff  Grin

sr. member
Activity: 274
Merit: 254
BlueDragon747, thanks for the explanation about blake2 vs blake1, makes sense you would choose the one that has more documentation and resources available and is easier to implement. Also I'm glad you pointed out the reason keccak was chosen for SHA3, I was having trouble finding an explanation of their decision.
sr. member
Activity: 274
Merit: 254
@bzyzny I agree, just have to understand the theoretical collision attack for SHA1 and how SHA2 solves that. How is a hash algo developed, by trial and weakness detection or do they "calculate" the theoretical strength somehow?

I believe most cryptographic algorithms are made by either academic research groups at universities or by private corporations. Regardless, as BlueDragon pointed out, they usually start with the theoretical math and use existing techniques as a basis. Quite often new algorithms are made because theoretical flaws or weaknesses are found in existing algorithms, and so they apply that knowledge to find ways to remove/reduce those flaws. Once the improved algorithm is made, there is extensive peer review and analysis done before finalizing its implementation. In order for an algorithm to become a standard (like SHA2 and SHA3) it must go through several rounds of examination and comparison to other algorithms. And an important point to remember is that just because a particular algorithm is chosen as the standard (i.e. keccak for sha3) does not necessarily mean it is "better" than the other candidates, but only that it met the required criteria better. They try to pick whichever algo is most well rounded, or that best addresses a specific issue in the previous standard. Point is that keccak and blake not necessarily better or worse than each other, but each has advantages/disadvantages depending on what you are using it for. I think BlueDragon747 made the right choice with using blake since it seems better suited for use in cryptocurrencies than keccak. As for how they detect weaknesses and calculate theoretical strength, I dont know the specifics but it involves a lot of advanced math and statistical analysis regarding probabilities, and also i'd imagine they utilize supercomputers to try to crack it.

if you are interested in the history of cryptography, this is a good read:
https://archive.org/download/NSA-WasntAllMagic_2002/NSA-WasntAllMagic_2002.pdf
legendary
Activity: 1509
Merit: 1030
Solutions Architect
@bzyzny I agree, just have to understand the theoretical collision attack for SHA1 and how SHA2 solves that. How is a hash algo developed, by trial and weakness detection or do they "calculate" the theoretical strength somehow?

read some academic papers they do it in math first before writing an algo then get it independently verified, but most of the algo's are built from previous algo's its not easy to write a secure hashing algo especially from scratch Roll Eyes

e.g blake was from lake and chacha

Daniel J. Bernstein is one of the best:
http://cr.yp.to/djb.html

JP Aumasson is also very good (blake/blake2):
https://131002.net/

SHA-256 uses the Merkle–Damgård construction method
Blake-256 uses the HAIFA construction method which an improved Merkle–Damgård
Keccak uses the sponge construction method

SHA-256 is weak against length extension that's why they use a double hash as it is suposed to give resistance to that attack, Blake-256 is resistant to length extension due to the HAIFA construction method and Keccak is immune to length extension that's why they picked it for SHA-3 not for its speed

This is cool ref and will give you the background on different construction methods:
http://theglobaljournals.com/paripex/file.php?val=MTExNA==

This is how I know 8 round Blake-256 has a best attack of 2200, independent academic paper by one of the worlds leading groups of cryptographers  
https://eprint.iacr.org/2013/852.pdf <-- bottom of table on p4, before this I used an educated guess based on other attacks (I was a little pessimistic at 2192)
hero member
Activity: 725
Merit: 503
@bzyzny I agree, just have to understand the theoretical collision attack for SHA1 and how SHA2 solves that. How is a hash algo developed, by trial and weakness detection or do they "calculate" the theoretical strength somehow?
legendary
Activity: 1509
Merit: 1030
Solutions Architect

Do the current pools support getwork?


yes getwork is working  Cheesy
legendary
Activity: 1509
Merit: 1030
Solutions Architect
BlueDragon747, you mentioned that Blake2 is faster, so why didn't you use that?

it was a compromise you can't currently get Blake2 in OpenCL and Verilog and only a few examples in VHDL which as kramble has pointed out can make things more difficult for an implementation.

to get best speed from Blake2 it would also be best to remove the endian conversion from the wallet and other software, Blake-256 was compatible as it was designed to replace SHA-256 which is big endian

I did the reduced round to minimize the difference between them in terms of speed/power efficiency while maintaining the security buffer, designed for a best attack of min 2128 ideal was 2192 but real world 2200 so quite happy with design decisions  Grin

that buffer basically means no better way than brute force as a boomerang attack would not make any difference to the wallet/mining anyways

for bruteforce its Blake-256 = 2256 and SHA-256D = 2255 (extra collision due to double hash)  
sr. member
Activity: 274
Merit: 254
BlueDragon747, you mentioned that Blake2 is faster, so why didn't you use that?
sr. member
Activity: 274
Merit: 254
Rupy, I appreciate you sharing your idea and it is creative and interesting. However I think you are overlooking some key points. First, blakecoin already has its chosen algorithm, this is unlikely to ever change without making a whole different coin. Second, hashing algorithms general take many people several years to develop and test, so assuming your idea is plausible it probably won't come to fruition for at least 5 years. Finally, and most importantly, blakecoin is meant to NOT be asic resistant. If/when BLC is popular enough to warrent making an asic for it, we want the asics to be as fast, efficient, and CHEAP as possible. That way even if asics are made, the avg person can still afford one. Also will allow for higher network hashrate with minimal power consumption. People are so indoctrinated with the "asic resistance" B.S. spread by scrypt coins, I know it can be hard to wrap your head around "asic friendly" at first. But don't be disenchanted, if you want to invent a dynamic hash algo, it would be quite an achievement but you'll have to start studying cryptology asap :-)
legendary
Activity: 1140
Merit: 1000
The Real Jude Austin
I've not able to even get the driver running need to retrace my steps again. might move to ubuntu if no luck still trying win764 and a x6500.

works a sha256 miner with cgminer. do ineed to unload something from that?

Let me know how it works for you on Linux.

I was unable to get things going on Windows 7. The readme states:
The main dependencies are python 2.7 and the PyUSB module created by Pablo Bleyer. PyUSB is available as source or an installer for Windows from: http://bleyer.org/pyusb.

I was unable to find a PyUSB module for Python 2.7, only 2.6. I was unable to get connected to the x6500.

I then tried a Windows XP virtual machine and had immediate success. I have since moved to an Ubuntu virtual machine running eloipool_blakecoin.

Do the current pools support getwork? I could be wrong but I don't believe stratum is supported by miner.py.

Jude, it looks like you could successfully mine if you just pointed it at your blakecoin wallet via RPC.

Happy hashing



I did solo-mine, would have found two blocks.

But the base difficulty and golden nonce are off in mine.py for the coin so it counted the solved blocks as rejected.
sr. member
Activity: 409
Merit: 250
I've not able to even get the driver running need to retrace my steps again. might move to ubuntu if no luck still trying win764 and a x6500.

works a sha256 miner with cgminer. do ineed to unload something from that?

Let me know how it works for you on Linux.

I was unable to get things going on Windows 7 64b. The readme states:
The main dependencies are python 2.7 and the PyUSB module created by Pablo Bleyer. PyUSB is available as source or an installer for Windows from: http://bleyer.org/pyusb.

I was unable to find a PyUSB module for Python 2.7, only 2.6. I was unable to get connected to the x6500.

I then tried a Windows XP 32b virtual machine and had immediate success. I have since moved to an Ubuntu virtual machine running eloipool_blakecoin.

Do the current pools support getwork? I could be wrong but I don't believe stratum is supported by mine.py.

Jude, it looks like you could successfully mine if you just pointed it at your blakecoin wallet via RPC.

Happy hashing

legendary
Activity: 1509
Merit: 1030
Solutions Architect
some lag on eu1 going to try a restart

Edit:
might need to put in another support ticket to my provider  Undecided
legendary
Activity: 1509
Merit: 1030
Solutions Architect
Yes, well that's the point of all this, we didn't think we could have distributed "double spending safe" transactions either...

its not safe just resistant e.g 51% attack
hero member
Activity: 725
Merit: 503
Yes, well that's the point of all this, we didn't think we could have distributed "double spending safe" transactions either...
legendary
Activity: 1509
Merit: 1030
Solutions Architect
its silly and could still have an asic would just be an expensive one to have made  Wink

what miner is going to spend days/weeks building a bitstream for each diff change would never get any transactions done

Ok, you are missing the point. You wouldn't make the bitstream manually it would be transformed automatically by the client (tools that don't exist yet). You would have to invent stuff!

The point of the exercise: make a hasing algo that can't be ASICifyable because it changes and the parts that change have to be in the silicon to be performant.

I don't think this is possible if you can write code in C you can FPGA or ASIC at some point

any dynamic bits you would just do in the miner software
hero member
Activity: 725
Merit: 503
its silly and could still have an asic would just be an expensive one to have made  Wink

what miner is going to spend days/weeks building a bitstream for each diff change would never get any transactions done

Ok, you are missing the point. You wouldn't make the bitstream manually it would be transformed automatically by the client (tools that don't exist yet). You would have to invent stuff!

The point of the exercise: make a hasing algo that can't be ASICifyable because it changes and the parts that change have to be in the silicon to be performant.

Wait, this is a bounty! I would easily pay 5 btc for this, anyone else?
legendary
Activity: 1509
Merit: 1030
Solutions Architect
At one point I had the bright idea that Quark would be implementable in FPGA (one engine per hash algo, probably not fully-unrolled so as to get them to fit), so I thought I'd start with keccak (been working in collaboration, but I won't mention who unless he wants to chime in).

Not good. ISE just outright refuses to route it (even for a very small amount of LUT usage), the 1600 bits of state just seem to send PAR into a tizzy. Shame really as it looks nice on the ASIC floorplan.

Blake-256 = Small, Fast, Simple, Power efficient

its going to be hard to beat that Wink

maybe you want to have a go at Blake2 its the only faster algo I know, BMW-256 is quite quick as well
sr. member
Activity: 384
Merit: 250
quark uses an awful waterfall method for its algo's its terribly inefficient!  

try building the bitstream from source via Xilinx ISE and then think about it again Roll Eyes

takes days/weeks to get a good fmax build  Shocked

At one point I had the bright idea that Quark would be implementable in FPGA (one engine per hash algo, probably not fully-unrolled so as to get them to fit), so I thought I'd start with keccak (been working in collaboration, but I won't mention who unless he wants to chime in).

Not good. ISE just outright refuses to route it (even for a very small amount of LUT usage), the 1600 bits of state just seem to send PAR into a tizzy. Shame really as it looks nice on the ASIC floorplan.
legendary
Activity: 1509
Merit: 1030
Solutions Architect
That's the thing, I don't have time to do this but I'm sure it's possible, using custom tools and whatnot. Someone out there is most certainly already working on it, and the rewards will be huge, think Bitcoin 2.0

I think you are missing the point!  Roll Eyes

its silly and could still have an asic would just be an expensive one to have made  Wink

what miner is going to spend days/weeks building a bitstream for each diff change would never get any transactions done
hero member
Activity: 725
Merit: 503
That's the thing, I don't have time (or the brains) to do this but I'm sure it's possible, using custom tools and whatnot. Someone out there is most certainly already working on it, and the rewards will be huge, think Bitcoin 2.0
Jump to: