Pages:
Author

Topic: [LTC] Changing the litecoin Proof of Work function to avoid ASIC mining? - page 8. (Read 33318 times)

rph
full member
Activity: 176
Merit: 100
But if you change the POW periodically in ways which aren't predicable months in advance, and in ways that can't just be generalized with anything more specialized than general purpose consumer hardware... then I do think you would actually have achieved a fairly high degree of asic-proof-ness.

In practice that just means the optimal mining technology will be the world's best FPGA, instead of the world's best fixed-function ASIC. Cheesy
Unless you're capable of creating a substantially different POW function every couple days to defeat skilled, well-funded, and persistent FPGA designers (and C-to-RTL synthesis tools)...

Anyway, I believe it's morally wrong to change the POW 2+ years after launching a coin, if you did not at least mention that possibility when creating it. You would destroy many hundreds of thousands of dollars invested in the "evil" ASIC(s) which, in the long run, will make all cryptocurrencies less secure by encouraging private, secret, centralized ASIC development. And then there's the whole slippery slope aspect - if we can change the POW, what else can we change? How about we increase the block reward 10X so I can haz moar coinz plzz, at the expense of savers?

A significant advantage of existing cryptocurrencies is that the key attributes were made fully public up front, held constant, and not politically revised by any party (so far). If you start making up the rules as you go along, you've just created a less centralized & possibly more democratic, but still politically manipulable, imitation of a Central Bank and fiat currency. Maybe there is demand for that, maybe not, but if you want that, you should at least have the decency to launch it as a new coin, rather than corrupting an existing one.

-rph
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
NO

Changing it will deter the price dramatically, and you will have a lot of people leaving Litecoin (including myself). Nobody wants to invest in something if the rules are just going to be changed later. Change is inevitable. Sure go ahead and modify the code. Someone somewhere will figure something out eventually and you will be doing the same thing all over again.

It's a slippery slope, and you're opening a whole new can of worms.

(and I am a GPU Litecoin Miner)
sr. member
Activity: 360
Merit: 251
As far as a PoW that will be more ASIC resistant. What about Momentum PoW.. what Protoshares is using: http://invictus-innovations.com/s/MomentumProofOfWork.pdf

EDIT: After thinking about if for a bit, the Momentum PoW would not work as it would effectively cut out current GPU miners. Any change of the PoW must allow everyone that is already participating in mining Litecoin to continue to do so.

Don't believe everything you read. These protoshare guys apparently have never heard of cycle detection algorithms (like Pollard's rho) that find collisions while avoiding the space complexity blowup, their whitepaper is nonsense.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
Also.. any poll held on this is going to be pretty biased IMO because of the number of GPU miners that frequent this subforum. Of course most of them will vote Yes.

As far as a PoW that will be more ASIC resistant. What about Momentum PoW.. what Protoshares is using: http://invictus-innovations.com/s/MomentumProofOfWork.pdf

EDIT: After thinking about if for a bit, the Momentum PoW would not work as it would effectively cut out current GPU miners. Any change of the PoW must allow everyone that is already participating in mining Litecoin to continue to do so.

I admit gmaxwell, there very may well be a way to make a coin ASIC proof, but I'm not really sure how it could be done.
sr. member
Activity: 360
Merit: 251
Nothing is ASIC proof,
A point I've argued many times. But in hindsight I was somewhat wrong. No finite collection of fixed algorithms (Even a large set) can be ASIC proof (in fact, large sets probably just lead to ASIC monopolies due to higher NRE).  But if you change the POW periodically in ways which aren't predicable months in advance, and in ways that can't just be generalized with anything more specialized than general purpose consumer hardware... then I do think you would actually have achieved a fairly high degree of asic-proof-ness. There is just the question of the costs of periodic changes being worth the benefits, and what cadence is required to make investment unwise.

Hmm continuously select the params of the PoW hash function deterministically according to pseudorandom bits of future blocks? Interesting idea...

Edit: I think that maybe the idea is that if ASIC miners have a large fraction of the current hashpower, and they try to control the pseudorandom bits that will decide the next PoW params, then they will have a disadvantage in the competition against other miners because they'll have to re-solve blocks multiple times until they get params that they prefer?
staff
Activity: 4284
Merit: 8808
Nothing is ASIC proof,
A point I've argued many times. But in hindsight I was somewhat wrong. No finite collection of fixed algorithms (Even a large set) can be ASIC proof (in fact, large sets probably just lead to ASIC monopolies due to higher NRE).  But if you change the POW periodically in ways which aren't predicable months in advance, and in ways that can't just be generalized with anything more specialized than general purpose consumer hardware... then I do think you would actually have achieved a fairly high degree of asic-proof-ness. There is just the question of the costs of periodic changes being worth the benefits, and what cadence is required to make investment unwise.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
My vote is on NO.

For the most secure network possible, ASICs are needed. Nothing is ASIC proof, changing the PoW is just delaying the inevitable. ASICs will come to Litecoin if they are economically feasible, no matter what PoW is implemented.

Not to mention the electricity that will be saved is a good thing for planet Earth! Grin

GPUs are incredibly inefficient compared to ASICs and waste a lot of electricity.

If ASIC uses 1% of the electricity as a gpu people will just use 100times as many... saves nothing.

now PoS could be a solution to the resources thing.

You have a point. PoS is the only solution to energy savings thus far I agree. I will retract the statement about energy efficiency. Smiley

I think my first point though is very valid.
legendary
Activity: 910
Merit: 1000
PHS 50% PoS - Stop mining start minting
My vote is on NO.

For the most secure network possible, ASICs are needed. Nothing is ASIC proof, changing the PoW is just delaying the inevitable. ASICs will come to Litecoin if they are economically feasible, no matter what PoW is implemented.

Not to mention the electricity that will be saved is a good thing for planet Earth! Grin

GPUs are incredibly inefficient compared to ASICs and waste a lot of electricity.

If ASIC uses 1% of the electricity as a gpu people will just use 100times as many... saves nothing.

now PoS could be a solution to the resources thing.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
My vote is on NO.

For the most secure network possible, ASICs are needed. Nothing is ASIC proof, changing the PoW is just delaying the inevitable. ASICs will come to Litecoin if they are economically feasible, no matter what PoW is implemented.
sr. member
Activity: 360
Merit: 251
tacotime and myself did a few benchmarks with tweaked scrypt params: https://bitcointalksearch.org/topic/m.1316383

The creator of scrypt has said that the he thinks that scrypt params of Litecoin don't use enough memory (link), probably before he fully considered the tradeoffs between cost-effectiveness of ASIC and verification/propagation of blocks by Litecoin (non-mining) nodes. He later said that for the Litecoin scrypt params may be good, estimating that still would 10x advantage over SHA256 in terms of the cost-effectiveness of ASIC vs genereal-purpose hardware like GPUs (link).

gmaxwell: regarding whether it will be too late to change the PoW hash function, as you've said in the past, miners exist at the pleasure of the users (link). To take an extreme scenario, this should supposedly/hopefully mean that if say 90% of the mining power (i.e. ASIC miners) and 10% of the users decide to follow certain protocol rules while 10% of the mining power (i.e. non-ASIC miners) and 90% of the users decide to follow different protocol rules, then the fork with 90% of the users should win. But such scenarios are vague and no one can predict the future, Bitcoin could also have such conflicts with ASIC owners who e.g. wish to change the block size limit to gain higher fees, or other scenarios that we can try to come up with...

I think that doing more scrypt benchmarks with the purpose of trying to see which scrypt params give the best tradeoffs is a good idea, coblee & warren what do you think?

gmaxwell, do you an educated guess regarding which scrypt params should offer the best tradeoff between making ASIC less cost-effective and fast enough validation/propagation of blocks by regular nodes?
legendary
Activity: 1484
Merit: 1005
We're not at a time when BTC mining has reached maturity, really.  In 6 months the market will be flooded with devices and companies will find themselves in a fierce battle to lower prices and try to outsell their competitors.  ASIC manufacturers right now have no idea of the industry that they're seeking to enter, but people who have been involved in the microchip business since the earlier advent of computers are seeing echoes of the past.

I think that repurposing hardware is good for the next big chain, or for finally giving the incentive to complete the primecoin GPU miner, or whatever.
staff
Activity: 4284
Merit: 8808
A lot of the earlier developing staff saw this coming and their response was this: "ASICs are an important means to secure the network and represent that a chain is reaching maturity."
Indeed, I thought LTC's motivations were outright stupid here— and what you were 'quoting' there could easily have been me. I still think resisting ASICs is a not very useful goal, but it is a clearly stated goal of the system, and it does serve to distinguish it from Bitcoin.

After working with a number of ASIC makers in Bitcoin space, I have to say that some of the luster has worn off a bit from my prior enthusiasm too, not enough to disagree with my prior position, but enough to say that was more complicated than I gave it credit for:  ATI never raised their prices (usually after recovering NRE from sucker buyers who eat all the risk, even though the asics have no resale value) to the point where it was difficult to make a return on being a miner yourself, ATI never ran huge farms with substantial chunks of the network hashrate, etc. But this is an aside.  I don't mean to doom and gloom ASICs: so long as specialized hardware is possible— and it always is— having the honest users using it is good... but LTC sold a Bill of Goods that excluded this stuff, and so ASICs showing up is arguably a bug.
 
legendary
Activity: 1484
Merit: 1005
I'm surprised to see you posting this gmaxwell.

A lot of the earlier developing staff saw this coming in 2012 and their response was this: "ASICs are an important means to secure the network and represent that a chain is reaching maturity."

The longer time goes on, the more I see this as true.  There will be other coins to fill the gap.

My response now is: no, there's no need to change the algorithm and ASICs should be embraced, when they finally do come out.
legendary
Activity: 910
Merit: 1000
PHS 50% PoS - Stop mining start minting
One possibility is just a "minimum change". E.g. changing the number of salsa rounds by a few and tossing an xor between them at some spot or another.  It would totally break any fixed function hardware, but would be a 2 LOC for any cpu/gpu miner.   I think something like that would be an unfortunate loss of an opportunity, but it would also keep open the possibility of change in the future by avoiding fixed function hardware.

Bitcoin could use a change... Really someone could just come out with a new coin with a changing algo over time to prevent this once and for all.

And if we change LTC will just get changed Asics.

Also, We would need to make the change soon, before mining voting power is lost.
staff
Activity: 4284
Merit: 8808
One possibility is just a "minimum change". E.g. changing the number of salsa rounds by a few and tossing an xor between them at some spot or another.  It would totally break any fixed function hardware, but would be a 2 LOC for any cpu/gpu miner.   I think something like that would be an unfortunate loss of an opportunity, but it would also keep open the possibility of change in the future by avoiding fixed function hardware.
full member
Activity: 449
Merit: 103
Decentralized Ascending Auctions on Blockchain
There are a lot of options here— including different POWs already deployed other ALTs or something novel.  What got me musing on this subject was the question of: If I threw out an alt that used ECDSA signature validation as its POW would someone write ultra fast GPU code for ECDSA (which would be very useful in helping to scale node performance, even in Bitcoin)?
Maybe you could even convince CK to stop being a prick and put ScryptECDSA/GPU support back in cgminer.

I suspect that if LTC doesn't change POW now that the introduction of fixed function hardware will mean that it never can. Perhaps its already too late, though I don't know: LTC has always advertised itself as being GPUASIC proof, and a violation of that is an outright bug, which arguably should be fixed no different than if it were possible to mine more than 84 million litecoins.
I think it would be funnier and just if they did the switch after BFL and the other bozos dumped 100's of thousands into developing a piece of junk.

Such a change could be made mostly seamlessly— a new version released, and a deadline for upgrade, not too unlike the Bitcoin 0.8 hardfork or the nversion=2 blocks. Existing miners could even use coinbase votes (indicating their ability to support the switch in the blocks they mine) to trigger the change so that it could be done in a way which is assured to not exclude too much of the existing hashrate (though, presumably, using a coinbase vote would fail if there are secretly large asic farms already). Miners would need to upgrade software, but they'd just have to update sometime before the switchover, no tricky synchronization would be required.

I wonder what people think of this? Is this the sort of thing that could get near-unanimous consensus in the LTC community?
+1
I don't see why anyone would object since forks and forced upgrades are a dime-a-dozen in altcoins.
staff
Activity: 4284
Merit: 8808
According to reports scrypt ASICs may soon exist, finally completely eliminating this feature distinguishing Litecoin from Bitcoin— at first LTC was supposed to be CPU only but that failed, then GPU only and thats failing.

I never thought much of the goal here, but at least it was a distinction— if, IMO, a kinda dumb one.  The thing I like least about alts is the lack of distinction and innovation they frequently suffer, and so being another asic mined coins but with different asics seems like such a waste to me.

If the LTC community wanted it could change POW and the practice of being willing to change it would probably be a stronger protection for general purpose hardware than the use of any particularity or set of particular schemes could ever be. Though since (it seems to me) so much of the LTC community is miners the change would have to be to another CPU+GPU friendly one so the existing miners wouldn't be left out.

There are a lot of options here— including different POWs already deployed other ALTs or something novel.  What got me musing on this subject was the question of: If I threw out an alt that used ECDSA signature validation as its POW would someone write ultra fast GPU code for ECDSA (which would be very useful in helping to scale node performance, even in Bitcoin)?

I suspect that if LTC doesn't change POW now that the introduction of fixed function hardware will mean that it never can. Perhaps its already too late, though I don't know: LTC has always advertised itself as being GPUASIC proof, and a violation of that is an outright bug, which arguably should be fixed no different than if it were possible to mine more than 84 million litecoins.

Such a change could be made mostly seamlessly— a new version released, and a deadline for upgrade, not too unlike the Bitcoin 0.8 hardfork or the nversion=2 blocks. Existing miners could even use coinbase votes (indicating their ability to support the switch in the blocks they mine) to trigger the change so that it could be done in a way which is assured to not exclude too much of the existing hashrate (though, presumably, using a coinbase vote would fail if there are secretly large asic farms already). Miners would need to upgrade software, but they'd just have to update sometime before the switchover, no tricky synchronization would be required.

I wonder what people think of this? Is this the sort of thing that could get near-unanimous consensus in the LTC community?
Pages:
Jump to: