Topic: Are ASICs the last major evolution in mining hardware? (Read 6874 times)

Yeah, but that's nothing really major to write home about.



Jesus will be back to solve all of our worldly woes before then. 

well, the hyperx could be at the top of the bubble and the asic at the bottom...



plus, given the stated development time, they could probably ship them out before  BFL

No. Next evolution is: Molecular computing, once the time for computing a block (preparing DNA samples and doing a read out) drops below the 10 minute mark, and the associated cost is lower than the electricity cost consumed by the state-of-the-art asics at that time.

But won't be happening within the next 10 years.

According to them, ASICs are already more efficient...

Coherent Logix's HyperX!

But what's the point of "quantum" hashing, if your wallet belongs to everyone?

Hard-wired SAT solvers?

Well I don't think Vlad was meaning today but more the "end state" but I could see how it could be taken that way.  Also I agree today we are vulnerable because we don't have ASICs in large numbers.  Of course we were ALWAYS vulnerable however seeing retail products suddenly makes that threat more tangible.

Today your $1M number is probably right.  Even though Avalon/BFL are sold at a huge premium that premium will come down overtime and hashrate will be much higher.  To achieve real security requires both replacing horribly inefficient (in terms of MH/$) GPU with ASICs AND raising the true security value of the network (which comes through higher exchange rates and fees).  Both are needed to provide a real deterrent against attacking the network.   Still without ASICs the second half become moot.  We simply could never get enough hashing power with GPUs to build any credible defense against ASIC based attackers so moving to ASICs is a mandatory first step.   I will feel better when the hashrate is in the tens of PH/s.

I was replying to Vladimir's post who fantasized about an ASIC in every household as if that would happen almost no matter what.


I dont believe for a second it would cost anything like $50M now. I bet you could pull it off with closer to $1M today or even next year. Per chip, asics costs almost nothing, its not because avalon or bfl are selling them as if they are made from pure gold, that your scary entity cant order wafers at $2000 each.

 

Nor do I, and agreed with your other points.

Let's speak about ASICs used as heating system. Combined with floor heating (so you have water at a not too high temperature and the ASICs are happy) 

Yeah not sure what insane math you are doing?  $1M USD per BTC * 25 BTC per block * 6 * 24 * 365 = $1.3 T global mining rewards.  If miners were willing to accept "only" a 50% ROIC that would require an attacker to spend $2.6T to attack Bitcoin.  Bitcoin would be quite safe even under much smaller scenarios.




And if Bitcoin never lives up to its potential then just $50M wasted?  Most "big scary" entities either have a need to explain expenditures (imagine the shareholder revolve if BofA misses earning estimated because the CEO decided he needed to spend $50M to kill this thing almost nobody has heard about) or are massively reactionary (like governments).  

I don't worry too much about it.  Still if a massive and well planned 51% attack comes from an entity both with the funds and willingness to lose them it still won't matter in the long run.  Much like killing Napster didn't end p2p file sharing, it only mutated and evolved into much harder to kill systems.  Cryptocurrency is a concept, it can't be killed. If Bitcoin is killed by a 51% attack the next version will be even harder to kill.   This next version doesn't have to start at 0 (like all pump and dump altcoins do for obvious reasons).  The next version could use the values just prior to the 51% attack as its genesis block.  The system could be made 51% resistant possibly through a combination of proof of work and proof of stake to increase the cost to attackers.  $50M to kill something nobody uses is too "easy" try $500M or $5B.  

Thats pretty much the same as what i was saying. Vladimir's pipedream of a mining asic in every house, just wont happen unless bitcoins becomes.. well, lets do some silly math;
10 billion people, lets conservatively say 2 billion households? And lets use the previous  estimate of 40K mining devices today, and generously assume them to be perfectly distributed among households, and that they will be distributed perfectly in the future too. So we would need a 50000 fold increase in valuation, somewhere around 1 million of todays dollar per BTC. Oh, multiplied by 2 for every ~4 years that it takes. Im holding my breath .


Someone with a big enough vested interest might because they see its potential before its realized.

The next major evolution is a nuclear power plant together with ASIC farms, and by that time most of the users will be closed from mining

After 4 years, 1800 BTC per day, if each of them worth $1000, then altogether they worth $1.8 million, suppose half of that is the electricity cost, so $1 million paid in electricity per day, almost 10 million kwh, that is 416Mw power, and most of the new nuclear plants are between 1000 and 1700 Mw electric

That would be bad for manking. If in the future heating would be electric, I hope it will be the most efficient electric heating, with heat pumps which requires electric power only around 1/4 of the heat pumped in, i.e. a 1KW heat pump heats the same as a 4 KW clasic heater.   


Mass-production advantage applies to an attacker also
Consuming 10% of electricity of the planet to maintain bitcoin network? This will not happen for sure

Look Vladimir, I have nothing with you. I only want to state a few things:
ASICs are not a panacea (like many around here seems to believe). They only "level" the field for now. After ASIC migration, cost of a network attack will be comparable with, but no greater then, the values of the miners. Now it's worse (it's much cheaper to attack).
Resilience of the network (value of the miners) is directly correlated with the value of bitcoin economy. So let's do our best to make it happen (the growth of the economy).
 

 

Puppet here is the great thing (your easy to overlook 25% vs 3% mistake aside).  The price of BTC and thus the direct reward to miners is related to the exchange rate (since most miner's costs are in USD/EUR).  When the exchange rate rises global mining rewards rise and more people mine.  When it falls less people mine.  The exchange rate is at least loosely related (we could say positively correlated) to adoption.   If the amount of ASICs sold is relatively low (say $50M USD worth) that means the BTC exchange rate is low.  If the BTC exchange rate is low then adoption is low.   Who is going to spend $50M+ to attack something almost nobody is using? 

IF however adoption is extremely high (say a user base 100x larger) then we would expect the exchange rate to also rise by at least a magnitude.  This will mean more global reward for miners (in USD terms) and thus more mining equipment sold.  Potentially hundreds of millions of USD worth of units.

The economics of Bitcoin make it such that it is only "cheap" ($30M attack) to attack Bitcoin when almost nobody is using it.  The one weakness in that economic model was the ability for those with deep pockets to "cheat" (use ASICs to fight a GPU war) and drastically reduce their costs.  Once ASICs ship in bulk that shortcut will be closed.   Meaning attackers have two choices.  Spend $30M (or $xM) to destroy something nobody is using (and likely spawn a number of second gen cryptocurrencies hardened against 51% attacks) or wait and spend $300M or $3B or ($xxxxM) to destroy something a lot of people are using.

The window of opportunity is rapidly closing.  Within 10-20 years it will be cost prohibitive to make an attack especially if you see "ASIC heating" become mainstream. 

It doesn't - it halves every 210,000 blocks. That could be more or less than 4 years depending on the hashrate.

My bad, I thought it halved every 2 years instead of 4

You mean 25%?

None of that will happen even if half the houses on the planet have people that use bitcoin. There has to be an economic incentive for people to buy mining hardware, and it will only scale up from the current level with an increase of the total value of bitcoin,  while scaling down with the decreased block reward - in so far its not partially offset by transaction costs.

If there is a guestimated $20M worth of mining equipment in use now, there will be not much more or less than $20M worth of ASIC miners next year given the same bitcoin price/blockreward.  Okay, maybe a bit more as the cost shifts more to hardware and less to energy, at least initially, in the long run, it wont change by orders of magnitude.

In 10 years,  blockreward will have decreased to 3% of what it is now. Lets be generous and assume transaction rewards by then are as big as the blockrewards; if so,  then you would still expect to see roughly $20M worth of mining hardware if a bitcoin was worth 16x what is now, or  ~$320 by then. Multiply both by a factor of 10 if you wish, it wont come anywhere near to your pipe dream.


If bitcoin comes even anywhere close to consuming 10% of all electricity produced on earth, I for one will become a fierce advocate against it.

lastbit, do you think that whatever you said would still be applicable when:
- half of the houses on the planet are heated by bitcoin ASIC powered "cost offset" heaters,
- half of space heaters on the palnet have "bitcoin cost offset module" with a bunch of latest bitcoin hashing chips inside?
- there are multiply racks full of bitcoin asic hashing gear in every datacenter that has decent energy pricing.
- etc...

It seems you are ignoring that logically after prototypes are done the next step for bitcoin ASIC manufacturers will be "mass production" of a huge quantity of chips and plugging them into everything even remotely viable as dedicated gear or as 'cost offset' device.

Now tell me if there a single entity on the planet that can build a set of DC's consuming say 10% of all electricity used on the planet for heating just to piss everyone off?

In context of my post talking about theoretical cost of 51% attack at this moment using GPU tech is rather ridiculous.

Sorry to disappoint a lot of persons, but that's not about Peta , Exa, not even Zetta or Yotta.

It's all about the money.

Hashrate is now around 25TH/s. That equivalent to about 40000 pieces of 7970. That's around 20 mil USD.
Considering motherboards, power supplies, workforce, etc., I'd say an entity willing to spend 30-40 mil USD, plus costs of 10MW of electricity, could wreak havoc with bitcoin, using GPUs. You do realize that this is doable by banks and nations (and even some individuals although I cannot see their possible motivation).
But what about an ASIC atack? Right now, Avalon team claims that they can produce 51% power (another 25TH/s) with under 600 000 USD. This is even scarier, isn't it? If they can, why a bank/nation cannot? Or lets say a bank/nation is not so smart and their cost to develop and produce 25GH/s in ASICs is 5 milions. Still very scary!

So what ASIC adoption will mean for us? It will only cancel the ASIC atack versus GPU/FPGA bitcoin network mentioned above. If we, bitcoiners, will invest in ASIC around the same amount we have invested in GPUs/FPGAs, so around 30 milions USD, that means and entity willing to destroy us will have to invest, more or less, the same money. Unfortunately, 30 milions USD are in the realm of MANY entities

We'll be safe against a hacker, but we'll still be at the mercy of BIG powers.

Are there solutions for us? Very few!
One is to convince as many folks as we can to invest in bitcoin and use them. Not necessarily in mining, it's enough in the economy. A growing economy will drive fiat/btc up, so mining hashrate will follow growing (beeing profitable in fiat money due to fiat/btc rate, even if btc reward is smaller due to raised network hashrate).
Lower cost/(GH/s) as much as possible. This will come with competition, and probably prices will stabilize at the level at which, despite of greater hashrate, return of investment is still under 12 months.
And there's one more thing. But not here because I already feel I'm offtopic.
 

Which doesn't apply to bitcoin mining.  Post QC algorithms are theories to improve the security of asymmetric encryption (public private key) algorithms.  They aren't applicable for cryptgraphic hashes. 

Yeah not sure where people get the idea that QC "instantly solve" problems.  They don't.

Using Shor's algorithm a lot of solutions can be found in polynomial time but polynominal time doesn't equal instant time.  Note Shor's algorithm isn't useful for "breaking" a hash but there is no known Quatum algorithm which can solve that problem in polynominal time or faster.

http://en.wikipedia.org/wiki/Shor's_algorithm

So lets look at brute forcing a private key.  To brute force a 160 bit private key would require 2^160 attempts using a classical computer.  A QC designed to implement Shor's algorithm could do it in 2^80 attempts.  So the QC can perform the same search in 1/2^80 as many operations.  This is a massive increase in speed but not "instant time".  Also 1 operation on a classical computer and one operation on a QC aren't comparable.  It may take 100x or even 10,000 times as long to perform one operation using a QC.  

It is possible Grover's algorithm could be used to brute force hashes but no proof of that exist yet.

http://en.wikipedia.org/wiki/Grover%27s_algorithm

Still Grover's algorithm doesn't "instantly" solve anything either (to my knowledge nothing does quantum or otherwise).  Grover's algorithm can only provide a probable solution and for a large problem it requires many quadrillions of attempts to produce a solution with any accuracy.


So while speeds up are probable this "instant solve" is just nonsense.  Another complication is that Bitcoin mining by QC is novel and would require a new quantum algorithm.  Most QC problems are related to finding a specific solution however with Bitcoin we are only interested in a "good enough" solution.  For example at difficulty 2.5 million there are roughly   8,986,648,889,050,210,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 valid solutions.  Using existing Quantum Algorithms would likely not be useful as for example if a quantum algorithm was found that could break a specific 256 bit hash in polynominal times 2^128 operations is still much larger than current difficulty (2^32 * 3 million).

anyone got a cup or something? i think this QC talk has left my brain dripping out my ears.

Nice explantation, thanks. Thanks too for the link.

Judging by his handle, I suspect Qbits is better qualified to answer this than me, but AFAIK, a quantum computer does calculations in "parallel universes", and these calculations are not restricted to adding or subtracting. You would just add a comparison in there.

So  yes, in practice if QC becomes viable, pretty much all current methods of encryption become pointless and we will need something else. Thats being researched, if you are interested:
http://en.wikipedia.org/wiki/Post-quantum_cryptography

lol, Aliens are of course the best bet.

Which of these do you think is most likely? I have my money on aliens of course, but who doesn't?

If the calculation result in only hashes < difficulty, how does the calculation test for this? I didn't think QC broke encryption, just created many hashes at once.

The algorithm would have a method for testing which of the hashes it created are < D, hence the requirement of sorting. Either that or there's an algorithm which can break the encryption.

Or I'm completely wrong and talking out of my butt. It's probably the latter, but I'm interested in knowing more.

As DeathAndTaxes said. Plus:

For the next 5-20 years expect Bitcoin mining tech to develop in the following directions:

1. improving Bitcoin ASIC's in direction of catching up with the best ASIC tech available i.e. with what the latest top of the line CPU we have;
2. making mining gear more modular so that upgrade path from old generation of chips to new ones is more cost effective. For example, retaining enclosures, power supplies, cooling gear etc and having replaceable cards with chips that could be replaced/upgraded;
3. making mining gear more space and power efficient so that it could fill standard 32/16A ~42U rack.
4. making mining gear that could also allow reuse of generated heat and proliferation of "energy cost offsetting" devices of all shapes and forms. like bitcoin generating coffee-warmers, space heaters, house heating systems, beef jerky and dried fruit production etc..
5. economies of scale i.e. producing large quantities of low cost hashing chips and gear.
6. concentration of large scale bitcoin hashing capacity in areas where low cost electricity is available or where secondary use of heat produced is viable
7. timed use of hashing capacity to take advantage of low cost energy during off-peak hours.
8. use of hashing hardware to utilize "free electricity" in places where "unmetered" energy is available. But expect, providers of "free energy" such as employers, moms basements, student dorms to catch up on this eventually.

This is the beauty of free market, it WILL make Bitcoin hashing as cost efficient as possible over time.

In any case expect network's Bitcoin hashing capacity to be customarily measured in Peta and even Exa hashes (as opposed to Mega and Giga and Tera hashes) rather soon.

Expect that pretty soon no single entity will be able to mount a sustained 51% attack even theoretically.

Expect eventually quantum computing, aliens, time travelers, DNA/biological computers or other such rather improbable now actors to disrupt Bitcoin hashing marketplace in some shape of form.

I also think that ASIC mining gear manufacturers will quickly move to large scale production of mining gear in large quantities up to the point where cost of auxiliary equipment in rigs (PSU, enclosures, fans etc...) is comparable to the cost of hashing chips.

I also think that we will see availability of hashing chips for OEM's and 1-2 companies dominating Bitcoin chip markets with a much larger number of OEM's and VAR's producing the mining gear of all shapes and sizes.

Actually, afaik, quantum computers could even use bogosort to sort a finite list in a single clock cycle.

Now im no expert in QC, but I doubt you even have to sort anything. You just have to code the QC so that all universes are destroyed except for the ones where the resulting hash is < difficulty. Any one of them would create valid blocks, you wouldnt even have to pick the smallest. Pick any.

Of course it matters. It invalidates this statement:


If quantum computers are poor at sorting (I have no idea) then it will take longer than qbits' estimate. 10% percent longer? 1e06% longer? Without at least an estimate (or an explanation of why I'm being wrong headed) his point is not proven.

Does that really matter? If a quantum computer can calculate a near infinite number of hashes simultaneously and therefore find a block or even multiple blocks "per clockcycle", surely sorting them isnt going to make a big difference.

Yeah, but where are you gonna find the 1.21 jigga watts of power that you need to run it?

How? Not that I disbelieve, I'm just not sure it's that simple. I would have thought it would have to at least take additional time to sort though all the solutions to find the smallest hash.

quantum computers work slightly different than ordinary computers in that they do not have to go through billions and billions of tries to find a hash below the threshold set forth by the difficulty.

quantum computer would find the hash in a single step essentially in a time normal computer would take to calculate and try a single hash.

so 1 Hash per second quantum computer produces one "below the threshold" block hash per second (assuming it exists at all) regardless of difficulty.

Graphene is just one of several experimental technologies with which researchers hope to keep Moore's law alive for a bit longer. No one expects it to exceed Moore's law by some order of magnitude.

As for clock frequency,  500 GHz has already been done with silicon a long time ago:
http://news.bbc.co.uk/2/hi/technology/5099584.stm
Of course, clockspeed alone (or more correctly: transistor switching speed) is utterly meaningless.

One of the benefits that can sometimes get overlooked is the network security. When the network is measured in PH/s and ASICs are commonplace, it is much harder to attack the network. This was a common fear during the CPU and even GPU days.

There will be a huge improvement!!

the european union just paid 1 billion € (1,35 billion usd) to research about "Graphene"http://en.wikipedia.org/wiki/Graphene and to research how to build a processor with graphene.
They could run with up to 500 GHZ per core!

just imagine 500 ghz quadcore .. yumm!

Not sure if you realize, the difficulty will be raised to offset any speed a computer can throw at the network..

indeed. sufficiently big quantum computer would be able to find a suitable block hash in arbitrarily short time thus ending the bitcoin for good.

of course such quantum computer would be useful for other things as well (can you spell SSH?)...

Well, I do expect a price war that will have pretty major consequences. Once all the ASIC vendors sold and delivered their initial runs and difficulty explodes, mining revenue per GH and thus demand will dry up unless they cut prices, and they should have very high per unit margins allowing them to do just that (ASICs cost almost nothing to produce). Causing even higher difficulty, requiring even lower prices for these devices to be marketable. Over and over. In that sense the next year or two will see pretty dramatic changes IMO, but it will be with mostly the same chips for sale now. Just for satoshi's on the bitcoin, so to speak.

Some really good replies here by some really knowledgeable people. It looks like bitcoin has caught up, technology wise, to the rest of the industry. Nothing major to come besides the obvious efficiency and manufacturing improvements, not before the next few reward splits anyway.

Asics will be in the same boat as CPUs/GPUs, as they are fundamentally using the same technology.  Short of quantum computing, there hasnt been anything even on the horizon that promises a "quantum leap" beyond Moore's law for the past 30 or 40 years now. Keeping up with Moore's law will prove difficult enough by itself. Now anything is possible, but if something new does come along that offers another order of magnitude increase,  it will almost certainly revolutionize a whole lot more than just bitcoin mining.

BTW, I dont expect to see any real improvements over the first generation of ASICs any time soon. In the short/mid term, they wont even keep up with Moore's law, because I believe there will be no financial incentive to invest in more advanced process nodes. We will get a price war first, and once we get to the bottom of that (orders of magnitude cheaper than today), most miners will be so far under water, I doubt there will be a market for slightly more energy efficient devices, especially considering the high NRE it would take to develop 28nm or smaller chips.

I was referring to that quote because you can never be sure about the future, unless you've been there yourself.
As others have said, quantum computing will most likely be available at some point in the future.

D&T is right. I can tell you both Diablo and I, along with numerous others along the way, have spent many hours trying everything to further tweak the algorithms as used by GPUs, and we have been unable to squeeze anything more out of it. I suspect the on-chip algorithm on the ASICs closely resembles these optimised OpenCL kernels as used by GPUs.

FTFY, and saved me from posting it myself

my 2 bitcents:

in the future who knows..  quantum computing, positronic brains, chystaline entities?

Which has nothing to do with the topic.

An Avalon ASIC is roughly 17x more efficient than the average FPGA (170 MH/J vs 10 MH/J).
An Avalon ASIC is roughly 85x more efficient than the average GPU (170 MH/J vs 2 MH/J).
An Avalon ASIC is roughly 680x more efficient than the average CPU (170 MH/J vs 0.25 MH/J).

Nobody said faster and more efficient ASICs aren't possible but there is no technology which would allow a 680x increased in efficiency over what the Avalon is capable of.  Going to state of the art, fully custom, optimized 28nm ASIC might allow a 24x increase in performance however after that miners would be limited to Moore's law.  There are no more "shortcuts".

When you consider that at one time "good miners" were operating at 0.25 MH/W efficiency and bad guys could "cheat" (using 28nm full custom ASICs) acheive a roughly 16,000x "shortcut" the gap has been significantly closed.

“640K ought to be enough for anybody.” -Bill Gates (1981)

Well you can clearly see how that went.

For some reason, the wording of both your posts sounded really weird to me. Either way, you're posting very vague answers to the OPs question. Yes, there will be improvements, but no, there will be no major technological advancements that will produce the same jump as what we've seen from CPU -> GPU and now from GPU -> ASIC.

So why didn't these happen on GPU (which are pretty damn easy to reprogram).  GPU algorithm mining efficiency has all but stalled. 18 months ago people were finding 10% here, and 3% there and that all essentially flatlined almost a year ago.

I doubt there is much algorithm efficiency left.  Now it is possible SHA-256 will be partially compromised which allows for the creation of "optimized" hashers which take that cryptographic flaw into account but that is hard to predict when or if it will happen.

I reckon the jump is going to be algorithmic. I mean finding mathematical shortcuts to hashing. That's where the action will be.

More people talking nonsense....

There are still algorithmic improvements, at some point in time further 'shortcuts' will be discovered.
Spotted at least one myself... problem is I'm not a maths guru.. so I cannot figure out a formula, but I can see it happening.

The only major jumps left are catching up to current state of the art technology (28nm process).  After that any future improvements would be limited to Moore's law.  

The Avalon is built using 110nm so there are a jumps in performance using the same chip manufactured on a smaller process (80nm, 65m, 40nm, 28nm).  Each one of these jumps would roughly double the efficiency (MH/J and MH/$).  Also the design of the Avalon is likely not the "end all" in SHA-256 Microprocessor design.  Some additional efficiency can be tweaked out of an improved chip design and improved construction, etc.  How much?  No idea lets guess 50% improvement is possible.

Still even if you put all that together you likely are talking a full custom, perfectly optimized, 28nm miner would be ~(110/28)^2*150% "only" 24x high efficiency as a theoretical upper bound.

Pretty much. You might see some efficiency improvements as the years go by, but from a performance standpoint, this is pretty much it.

Bitcoin was released into the wild in Jan 2009 and was first mined on CPUs, which everyone who learned about Bitcoin already had access to.

Then around Sep 2010 the first GPU miner was released. It picked up fast because GPU's were available off of any computer store shelf, and most PC enthusiasts already had one in their machine.

Sometime around May 2011 the first FPGA was demonstrated. FPGA chips were already available, but required assembly to work as Bitcoin miners.

Now we have ASICs coming onto the market, which are purpose built chips, designed for the sole purpose of mining Bitcoins.

The big question is, where do you go from here? Or is this the last major leap for Bitcoin hardware?