Topic: Ethereum Anti-ASIC fork, is it the right time for bitcoin too? - page 8. (Read 2439 times)

you're backpedalling the above claim, and you knew you were wrong when you made it. I won't be replying further

And yet this is the first time I've ever heard this definition.  Curious.  Someone might think you just came up with it.   

An inventor can't protect their invention against the passage of time.  There's no cure for progress.  It's what people do.  We find solutions to do stuff faster and cheaper.  Why is this such an outrage all of a sudden?



This seems to be more of an opinion rather than a statement of fact.



Arguably, the system was devised so that the incentive to build a valid blockchain is greater than the incentive to attack it.  A multitude of other coins with different algorithms thought they could do better and subsequently fell at this very hurdle.  What's the rush to repeat their mistakes?



Opinions again.  You haven't actually countered any of those arguments.  Calling them garbage does not constitute a rebuttal.  Thanks for repeating some of reasons why changing the algo has downsides, though.

َWho says that?

Breaking a cryptographic system, is just about finding a solution much cheaper and faster than what is expected as the processing cost and time by the inventor. SHA256 ASICS are not cracking the hash function, they are a crack against how bitcoin is using it as a cryptographic system. They are breaking PoW, not SHA256.

To be more specific, a cyberpunk Satoshi Nakamoto, devised a one cpu, one vote system for a decentralised system named bitcoin, instead of finding a collision the problem was defined to find a nonce that hashes to a value close enough to a target. just like collision problem which is hard to find the new problem was supposed to be hard, not that much but reasonably hard to solve, the inventor designed the whole system on this simple concept: AS the problem is equally hard for all the participants, the ones who consume more energy and allocate more cpus have more chance to solve it sooner and deserve to be rewarded more.

It is what then happened, some greedy douche bags found a flaw in Satoshi's schema: the whole algorithm (SHA256 being its core but not the whole) has very small memory footprint and can be accelerated dramatically by a specialized chip, an ASIC. End of the story.

The thing with people like you is that you are addicted to this situation at the same time that you are taking advantage of it. All those stupid and worthless arguments that you guys repeat over and over about how inevitable are ASICs because every algorithm is vulnerable to ASICs, ASICs are not a big deal, GPUs are not that much different than ASICs, ASICs are good because they can't jump in/out the network, ASICs are good because they are immune to botnets, bla,blah, ... they are just pure garbage, they do not deserve to get an answer, they are just some desperate justifications mad by some addicts who have no choice other than living in the jails made by a bunch of greedy crackers who are mocking them at the same time that are making money out of their misery.

They don't.


Hash algorithms are broken when you find a collision, efficiently. "Efficient" in practice means devising a different algorithm to SHA256 that can find collisions on a practical timescale. SHA256 ASICs cannot be used to look for collisions efficiently, they are designed to do one thing only: perform the actual SHA256 algorithm on data being fed to them.

It's possible they could find a collision, but checking that would have to be programmed by the controller, not an SHA256 ASIC. It's unlikely though, and certainly has nothing to do with making SHA256 unusable for authentication etc. That would require an efficient method of finding collisions, not an inefficient method (i.e. brute forcing). If you want to man-in-the-middle someone, using a hash farm to brute force their connection's shared secret key is going to be frustratingly expensive if the target renegotiates their HMAC secret at almost any frequency more than, say, once every 1000 years.

There's never been a report I've heard of an SHA256 ASIC being used to find even 1 hash collision, despite the inconceivable number of hashes performed in Bitcoin mining since 2009.

So the question then becomes:

Is your issue truly with ASICs?  Or with Bitmain?

My stance remains that it's far more practical and safe to encourage a larger number of companies to get involved in the production of ASICs, rather than trying to stuff the genie back in the lamp, burying it and then hoping that the clear and obvious financial incentive to let it back out again is never discovered.

Competition works best when there isn't the potential for one competitor to obtain a major advantage over the others.  This is why you raise the bar and not just politely ask the competitors to perform to a lower level than they're capable of.  Sooner or later, their desire to win will override your desire to lower the bar.  If multiple manufacturers can make ASICs, no one company has a major advantage over the others.  But if you make a supposedly ASIC-resistant algo, you open the potential to one company "cracking" it (it's not really a crack, though) before the others do.  And the companies with the most disposable income will have the best chance of gaining the advantage.  That's a weaker system than the one we currently have and I will continue to argue against it.

I mean, you've seen movies, right?  That overused trope where the good guy and the bad guy agree to settle their differences with a fair fist fight, but then when the bad guy is losing, they pull out a knife/gun/whatever?  You can't trust hardware manufacturers to agree to a fair fight.  It won't work.  They want to win and I sincerely doubt they'll lose any sleep if they don't conform to your noble ideals.  

Mining is an arms race.  It was an arms race long before ASICs.  It'll continue to be an arms race if someone comes up with something better than ASICs.  But at no point will it be ever be safe to believe that everyone will lay down their arms and go back to a fist fight.

I think I could explain it in other words.

each threat must assess in 2 different ways: "1- severity 2- expanse". the problem with ASICs is because of its severity in a possible threat, but this could not prevent the expanse of a threat that you mentioned it very well - and in fact this is what I try to express. Disabling ASICs is necessary, but not enough. an example for the arrangements that we could take for controlling the EXPANSE factor of a thread, would be flash-back-pinning:

https://bitcointalksearch.org/topic/the-necessity-of-flash-back-pinning-in-structure-of-transactions-5089384

QC hypothetically can solve ECDSA problem and ECDSA is about to be considered as a failed algorithm already.People are working hard to find an alternative instead of denial or justification.

Believe it or not, there is a line between NVIDIA/AMD/Intel/... on one side and Bitmain on the other side.

He has no choice as Ethereum centralizes more and more away from him, and to Infuria running and controlling most of the dapps, and the nodes. Hahaha.

Vitalik will become something like a mascot.



Ok.


Or, in Ethereum's situation, will it be an assurance that there will never be another anti-ASIC hard fork again?

And how do ASICs break the cryptographic hash function?  The idea of mining is to solve the nonce.  Finding a way to do it as efficiently as possible is not breaking any cryptographic element.



So ASICs are bad but GPU mining is okay?  It's nice to see where we draw the arbitrary lines.  The centralising element doesn't come from the hardware used, but from the quantity of units one person can utilise.  If I mine on my home CPU, while some billionaire has 50 warehouses dotted around the globe with 10000 CPUs mining away, it's literally no different in terms of centralisation.



It would be a bigger failure if we switched the algorithm to one that could allow that to happen in future.  Attempting to restrict ASICs and someone managing to do it anyway is the only way this scenario could occur now.  For me, personally, your ideology isn't worth the potential cost to the network.  Others may feel differently.

Of course it does break a lock, how would it be possibly considered otherwise? We are talking about cryptography after all!

Satoshi was not an expert of chip manufacturing industry and had no clue about how a stupid algorithm like sha256 is vulnerable to ASIC attack. This is it.

Suppose as a result of ignorance, whatever, nobody have attempted this attack until now and we have still gpu/cpu mining of sha256 with like 2,000,000 gpus installed. Now you manage to build a s9 which outperforms a gpu by being like 10.000 times more efficient with almost the same price and instead of selling your miner you choose to run a farm consisted of just 100 s9s. As a result difficulty surges like %50 and you have access to 1/3 of total network hash power and your profitability is 10,000 times more than other competitors. Now are we allowed to consider it a failure and sha256 a bad choice for PoW?

SHA256 was a bad choice for PoW, it was designed to be run by average users with commodity hardware in a one-cpu-one-vote manner but it failed to do so because it was cracked by ASICs. Period.

Cheers bro, long time no see  
Excellent contribution, as always:
Although GPUs support pipelining, it is not the feature one can use in mining because it is typically a part of specialized rendering/streaming and video related modules which is not programmable. 

Essentially an ASIC is composed of a series of combinational circuits typically managed by a sequential one which is pipelined specially just like pipelined rendering operations in gpus.
To make it infeasible for such a chip to use pipes, we have to note that, this architecture is effective as long as 1)all the operations are supported by the combinational units, and as far as 2) each step is not dependent on the result of previous step.

1) the first mitigation to such a pipelined ASIC attack is using a memory hard algorithm which carefully uses a large memory footprint and lot of FETCH operations. FETCH is an operation which no combinational circuit could help with. I say carefully because it is possible to have a large memory bank designed specially to do simple operations in-place on memory words without fetching them to processing unit, like when you do a simple xor between adjacent memory words, etc.

2) To make pipelining even more inefficient an algorithm may impose a pseudo random series of basic (with 1 cycle cost) calculations that consume previous step results.
This way pipes become practically useless.

There are a lot of other techniques including SIMD, Single Instruction Multiple Data, which ASICS use but GPUs are far more specialized in.

ProgPoW combines all the above techniques plus a lot more and current consensus among experts confirms it as being highly difficult to beat when running on a commodity gpu. Intensive analysis suggest that a hypothetical ASIC wouldn't be able to provide more than %20 efficiency and it is not enough to justify design and manufacturing costs of such a device. It seems to be even more unlikely to have such a chip around ever because of it being worthless for other applications and vulnerable to further algorithm changes.

I strongly recommend you to take a look at https://medium.com/@ifdefelse/understanding-progpow-performance-and-tuning-d72713898db3

And this one is also a very interesting reading: https://medium.com/@OhGodAGirl/thank-you-alexander-for-your-constructive-feedback-d39078079186
Author of the second article, K. L. Minehan is the main inventor of ProGPoW, she introduces herself this way: Author. Artist. Aussie. Asshole.  

And we are done with QC issue, because ProgPoW is absolutely better than sha2 in this regard.

You are right about duopoly, but it is not a threat. NVIDIA and AMD are not stakeholders in cryptocurrency and gaming industry is very high profile ways more important than mining. We are speaking of a 200 billion dollars market which is doubling every year and is supposed to keep the pace for a decade. Neither of the two giants have any plans to quit this industry or undermine it in favor of mining.

Still, you are right about it being a problem, having two manufacturers as original source, but it is the same for most essential parts of computing industry RAM, CPU, GPU , ... and when it comes to choose between Bitmain and NVIDIA I rather choose the latter for so many reasons: not being a mining company, absolutely no ways to implant backdoors, potentially subject to a comparably strong competitor (AMD), having a much wider market to be worried about, more transparency, ... you say.


Although I propose a gradual migration, in the beginning it would have disruptive consequences on gpu market and altcoin mining both, but once the dusts are settled we have nothing much different than what we already have right now.
And yes, it is good situation with gpu mineable coins, despite all the hype about 51% attacks. I don't care about this attack at all, as you know.
Let's don't worry about this attack for a moment, and realize that it is a very strong stabilizer mechanism in altcoin mining industry right now. Professional miners, don't switch between coins just because of temporary price fluctuations as reported by coinmarketcap or other indexing services, they consider choosing coins with stronger infrastructure and long term perspective as well. As a result we have an objective measure regarding actual value of coins. When something bad happens for a coin, both price and hashrate will drop and vice versa and mining industry acts more coherent with basic incentive system designed for bitcoin...

On the contrary, ASIC mining is subject to manipulation by the manufacturer. It is why we have experienced a long term weird pattern in bitcoin mining in 2018. Despite steep price decline for months network hashrate and difficulty figures were climbing sharp and stopped just when mining bitcoin proved itself not to be profitable and miners were no longer able to tolerate losses. It is what happens when you have miners as slaves of a manufacturers, even worse.

Let's look closer to the recent event in ASIC industry, Bitmain is launching its 7 nm ASICs while bitcoin is in the lowest price levels in a year, now what do miners have to do other than buying new hardware and dumping their now useless ASICs? See? It is worse than slavery!

This is very different for gpu miners, when the whole market is down, there is a chance to assign other jobs to gpus and more importantly, there is no force to install new hardware.

Unfortunately, I have not made a deep assessment regarding this issue and I have no statistics to present right now, but according to my own experience, ASIC miners are easy targets for the manufacturer but gpu miners are not slaves of NVIDIA or AMD, they have a better chance to back-off or at least not to sink even more.

Please note, having a good balance between incentives and costs is the essence of what makes cryptocurrency a decent industry, so, I'm not talking about miners interests here, I'm talking about how keeping miners safe and secure is critical for a long term stability of the whole ecosystem.  
The way I see it, gpu mining provides a better mechanism for regulating the balance with cryptocurrency total value and its total costs (energy consumption mainly) and a better mechanism for distributing this costs between different coins.

I understand miners being trapped (because of using a specialized device) sounds like kinda 'loyalty' but it is not a good kind, it is even bad because of fragility. Naturally when there is no flexibility we are dealing with fragility, aren't we?
Investment is about opportunity cost which is just one factor and not the most important one. We have electricity, labour and overhead costs involved as well. A miner remains loyal up to the point that other costs have not surpassed the incomes minus opportunity costs substantially and in long run. They start to halt their operations at a certain point while in the same time, ASIC producer pushes for new hardware, hence the gradual elimination of small mining facilities won't act as a relief because the total network hashrate remains high or even climbs up! So the elimination process escalates even more. The net result would be a highly centralized mining scene.

I think people who insist on this kind of 'loyalty' just forget the basics and mistakenly suppose this kind of loyalty, accidentally is good for security of bitcoin because of miners (slaves) who are trapped in the network and are securing it for free!
It is not how it works in socioeconomic systems. Such a security is not considered sustainable and is doomed to centralization. When a coin price is tilting down, you need less hashpower to keep it secure and vice versa. It is the rule and as much as having such a system in its pure form is impractical, violating this rule intentionally or justifying such violations as "fortunate accidents" is not acceptable.

I disagree. 51% attacks for the soul purpose of double spending one or few utxos do not put ordinary txns in danger unless they spend coin base of orphan blocks. Maturity of a coin base txn should be delayed enough proportional to the costs of attacks and if it is not tuned properly, user wallets should issue a warning for such txns (my proposal) so, it is all about how and when the recipient is satisfied with number of confirmations. For ordinary low stake txns there is no risks (supposedly not originated from a recent coinbase) involved as after the re-org it will be re-confirmed if it is not already, for high stake txns, it is totally acceptable to analyze the risks and wait for a substantially higher period of time (number of confirmations).

I think it is all about exchanges and their poor software designs: typically they do not distinguish between a multi million dollar and a one hundred dollar txn and use a same stupid parameter as the number of confirmations. it is really crazy, you don't need to wait like two days to be convinced about my deposit of like 5 etc but if I had enough money to buy like 1,00,000 etc from you, I wouldn't release the funds sooner than a week after the first confirmation. When two entities have chosen a low hashrate coin to do a high stake business, they need to treat it properly.

I have to insist on the above arguments once more: When bitcoin was started 10 years ago and in the first couple of years no body accused it of being insecure, while any data center owner was able to commit a 51% attack against it! As long as we are discussing bitcoin as of its design principles, it is secure not because of its absolute security against 51% attacks but because of the equilibrium between the incentives and the costs involved. Lower prices reduce incentives and attack costs altogether and higher price acts contrarily. it is true because in an idealistic scenario, we have network hashrate and price that are regulated inversely and network hashrate is what determines attack costs.

One ASIC 'trick' is pipelining. I don't know if GPU's support it ? Sounds like they should frankly.. But if they don't.. their Resistance Is Futile ;p

You build a circuit that does SHA256. Great, you can now run SHA256 at the speed of a hardware chip. But only ONCE per iteration. So you can run it once and then when it's finished, check the result, and then run it again. Normal programs will do this. It's very fast to do 1 sha256. A GPU can do this. Lets say it takes 1000 clock cycles.

Or - you build an ASIC that does does sha256.. BUT you can run a separate thread through the circuit per clock cycle. You start one, and then before it has finished, and before you have a result, start another thread one clock cycle behind IN THE HARDWARE CIRCUIT. It takes 1000 clock cycles to get the first result, just as with the first version, but after that you get 1 result EVERY clock cycle. That's 1000x faster. If the algo takes more steps say 10,000, then it gets 10,000 time faster.

That works against any algorithm that isn't running on pipelined hardware.