Topic: [ANN][SHC] ShinyCoin █First ever RAMHOG algo Pow/Pos █NO ASIC/GPU | Whitepaper (Read 58440 times)

WARNING: Please don't use Ramhog!  This is a lame algorithm that is easily sped up in an ASIC attack.  It was generated by an armature, and never peer reviewed in any way.  I broke it in an hour completely.  If there were a thriving mining community for ShinyCoin, I would likely have to go build some hardware to out mine everyone by 100X or so per $ invested.

First flaw: the xor-shift PRNG is _not_ cryptographically secure.  In particular, given index i and the initial state, I can compute xorshift(i) in constant time.  Given that only 1 in 512 memory locations is in any way different from this output (times a constant which does nothing), I can generate the pads in a massively parallel attack, and have 511 out of every 512 locations right.  The final locations are trivially computed in a lazy manner on demand.

The final loop only reads a bit over 8 million locations, so I only need to generate a tiny fraction of the actual data.  There is also a terrible time-memory trade-off.  OMG, this algorithm is lame.  Please use something more secure, like Scrypt!  One of the three entries in the password hashing competition that are better than scrypt might also be OK: Yescrypt, Lyra2, and Argon2 (in that order of preference).

The flows in Ramhog are so extensive, I don't want to bother listing what I found in just an hour.  This algorithm is a lost cause.  However, the worst offender is how their PRNG can be computed massively in parallel.  The PRNG is:

static inline uint64_t xorshift_next(xorshift_ctx *pctx)
{
    uint64_t s0 = pctx->s[ pctx->p ];
    uint64_t s1 = pctx->s[ pctx->p = ( pctx->p + 1 ) & 63 ];
    s1 ^= s1 << 25; // a
    s1 ^= s1 >> 3;  // b
    s0 ^= s0 >> 49; // c
    pctx->s[ pctx->p ] = s0 ^ s1;
    return ( pctx->s[ pctx->p ] = s0 ^ s1 ) * 8372773778140471301LL;
}

There are 64 "state" variables, of 64-bits each, for a total state of 4096 bits.  The entire state is generated securely with PBKDF2-SHA256.  However, after that, all that happens is that state variables get shifted and xor-ed on each other in a _fixed_ pattern.  I can represent 64 iteration of xorshift as a 4096x4096 Boolean matrix.  To compute the n-th state, I simplly multiply the initial state times this matrix to the power of n/64.  For source code to do this sort of Boolean matrix operation, see my Github repo bmat:

https://github.com/waywardgeek/bmat

Could you crypto-coin guys please try to have a public review of your PoW algorithms before starting your block chains?  Alternatively, could you let a million bucks or so of market cap grow, and then send me a notice to see if I can PWN your currency?  I was too late for this one, and also too late for that one based on Momentum (another broken PoW).  Heck, I only learned how to crack PoW algorithms over the last 18 months.  Are there any new hacked-up PoW coins out there I should attack?

Thanks,
Bill

this is more centralized than bitcoin mining.

With 16GB this doesn't work on W64, even in safe mode in command prompt without explorer in the background. It needs 100-200 MB more to run. 

Is coin swap the only exchange for shinycoin?

I sold mine early on. I'm the only one who profited, others are at a loss.

I knew you mined a lot of shiny. Now it's Shity.... That is a sad fact.

but then neg. rating makes it more interesting to deal with you

I have reasons to believe he was/is involved in 2 scamcoins released in the last 20 days. Take a look at the post history of people
i called out as shills - no posts on bitcointalk since.

I demand my neg. rating revoked !

Where is the dev?
Accident?

Oh, no, this coin shouldn't be dead.

Oh, no, I just focus on this particular coin.

what's price?

Do you want to buy?

Obviously dead!   

who will sell the coin?

The dev gave up the coin. It's strange that there are so many irresponsible devs.

same here.
Did you solve it?

WARNING: Checkpoint is too old. Wait for block chain to download, or notify developers of the issue

Hmm maybe in terms of technical skill I do, but I don't know how good I'd be at actually running the coin. Plus there doesn't seem to be that much interest anymore, even as of last week, there's only like 3 people posting on this thread. Not sure if it'd be worth it to be honest.

Shinycoin is the child with no mother.

Who can take care of it next?
Or just let it dying.

By the way. wallet can not sync at block 8684.

getnetworkhashpm
14667

I have also PMed sandor111 for the pool code. Still no reply.

I think it's clear sunny has bailed. I don't know why to be honest. I've PMed him a few days ago and he hasn't replied.

I volunteered to do the subcurrencies and was working on it (can see my work so far here: https://github.com/csaftoiu/shinycoin/tree/subcurrencies ). I stopped pending seeing what was going on with primer. I thought all would be fine when mod verified the extortion attempt but looks like sunny has given up?

My experience was that he was pretty disorganized. He would make last-minute changes when a release was due. He would sometimes reply quickly and other times be very unresponsive. Definitely not a reliable dev. Only way forward for this coin is for someone to take over, fork it, change the checkpoint and alert and signing keys. At least code is public now, so if someone really likes the idea they can start a new coin that uses ramhog.