Pages:
Author

Topic: Momentum Proof-of-Work (Read 8023 times)

legendary
Activity: 1876
Merit: 1000
October 21, 2013, 12:38:17 PM
#39


MOMCOIN


hero member
Activity: 770
Merit: 566
fractally
October 21, 2013, 11:18:06 AM
#38
THe BitSHares network is designed to change hashing algorithms to maintain mining fairness on commodity hardware.   Any delay that reduces the frequency of switching hashing algorithms is beneficial.
legendary
Activity: 1442
Merit: 1005
October 21, 2013, 10:29:26 AM
#37
This is the main point where I disagree, and I think proponents of memory-hard hashing algorithms would agree with me. An ASIC with the level of tech (smallest, proprietary transistor techs) required to process a memory-hard algorithm as fast as possible would be prohibitively expensive. You're either licensing the transistor tech from IBM, Toshiba, TSMC, or whomever, or developing your own processes. Expensive one-time costs and expensive platform development costs. If you're considering JUST materials, then yes of course a custom Scrypt ASIC would be cheaper. But since when was a gold coin worth only its weight in gold?
So what if it is expensive? The argument is it can be built, and it will be better than a PC. The price only matters once we discuss numbers, such as blockchain rewards, fees, and the possible profit made from these. Was it profitable to invest 5 million dollars to make 1000 ASICS worth 5.000$, say 2 years ago when they could capture 15.000$ a day all together? No. Is it profitable now to invest 5 million dollars to make 1000 ASICS worth 5000$ that can capture 120.000$ a day alone? Looks like it is.

Are you trying to keep an algorithm on consumer PCs forever or delaying it from reaching ASIC until a variable time period where it becomes feasible to make such an ASIC?

Option A: Keeping the algorithm on consumer PCs forever:
- impossible, because even with some slight modifications, a special "PC" can be made that is a beast at hashing it, costs less to use and maybe less to be obtained
- impossible, because at a point if it becomes profitable, the more "budget enabled" peers can buy more expensive new powerful PC parts and drive profitability down for the rest and driving them out

Option B: Delaying ASIC for some time:
- since you can't make the algorithm work better on crappier hardware, and because people with more money than sense will profit while the rest will lose, I assume you just want to delay the ASICs for your algorithm.
- as Bitcoin advances in popularity and growth, it will reach more technical people and companies, the speed at which new or adjusted algorithms will reach the ASIC state will increase drastically, to less than 4 years
sr. member
Activity: 303
Merit: 250
October 20, 2013, 07:44:28 PM
#36
Quote from: BombaUcigasa
So if you build an ASIC for Scrypt, it will be cheaper to make per unit, use less power and produce more hashes than a generic built PC.
This is the main point where I disagree, and I think proponents of memory-hard hashing algorithms would agree with me. An ASIC with the level of tech (smallest, proprietary transistor techs) required to process a memory-hard algorithm as fast as possible would be prohibitively expensive. You're either licensing the transistor tech from IBM, Toshiba, TSMC, or whomever, or developing your own processes. Expensive one-time costs and expensive platform development costs. If you're considering JUST materials, then yes of course a custom Scrypt ASIC would be cheaper. But since when was a gold coin worth only its weight in gold?

Also:

In my post the discussion was in the realm of processing a memory-hard algorithm. In the first Q, you talk about bitcoin. I am not referring to SHA256 as it is not memory-hard.

In the 2nd Q, I did indeed forget about the RAM on video cards which is faster. However, this is still bleeding-edge AND commodity, with vendors pumping out millions of chips for dirt cheap.

Your answer for the 3rd question is circular.

The libertarian in me wants to say that I disagree on your first posed question. I believe the intent of Bitcoin was to put the power of securing the transaction network in the hands of the people MAKING the actual transactions, rather than a government or bank.
But the technologist in me has a need for (hashing) speed.

The answer to your final question is: because it is novel and innovative.

legendary
Activity: 1442
Merit: 1005
October 20, 2013, 03:58:28 PM
#35
Your idea is useless because there can always be ASICs that are better than generic hardware at specific tasks. Which is why they are called ASICs.

You might be confused about the state of art of certain classes of integrated circuits. I'll try to make this simple, as related to cryptography.

Speeding up the processing of a memory-hard algorithm requires two things: (1) faster memory (clock speed), and (2) more memory (parallelism and minimization of data set movement). Consumer RAM ("Memory" as it were) is nearly already AT the state of the art in terms of speed (DDR3 and soon DDR4). Adding MORE of it simply means adding more sticks of RAM. From a customized machine standpoint, this means adding more of the DDR SDRAM ICs (the constituent chips that make up a PC's RAM modules) and optimizing their data transports.

The argument that I recall the Scrypt paper making (and that I see the Momentum paper makes [2nd paragraph of introduction]) is that it becomes economically infeasible to design a system that outperforms a standard PC by such a margin that makes it worthwhile to develop said system. In other words, it costs too much to design a specialized system for a memory-hard algorithm when desktop PCs typically already perform really well with readily-available, relatively cheap hardware.

Q. Is someone going to develop an ASIC to handle the specific functions that the CPU in a desktop PC handles? Are they going to be able to do it faster and cheaper than Intel's latest tech?
A. Probably not, developing for the latest transistor size would be difficult and immensely costly.

Q. Is someone going to develop a memory ASIC that performs better than consumer RAM?
A. Probably not, consumer RAM is already near the state of the art.

Q. If someone DID actually build the above two ASICs and also built an efficient platform around them on such a scale that the (alt-)coin mining market would actually support, would it be economically feasible (that is, would you get at least 100% ROI)?
A. Most certainly not. The licensing alone would kill the hopes for feasibility.

I hope this makes sense. If I have misspoken or misinformed anywhere in the above, please do not hesitate to correct me.

The argument that I don't see made often enough is when economic feasibility isn't the goal, what happens? For instance, if a government wanted to build a system to take over and crumble a cryptocurrency network and [fiat] money was no object -- then yes, they could probably develop such a system. But any economist who knows about the engineering involved (quite a rare subset I would imagine!) would just tell this government to buy as much consumer PC hardware as they could rather than develop new tech. "Why re-invent the wheel?"

p.s. BombaUcigasa, you're coming off very trollish. You ask good questions, but try to lighten up a bit on your accusatory tone and people might take you more seriously. Thanks.
I agree with you that a desktop PC, or let's say a high end desktop PC and not cheapo all-in-one embedded models, are pretty efficient in terms of memory and computing power for the price point, when compared to an ASIC.

However, your point about an ASIC being unfeasible I do not agree with:
- You don't need a 7.1 sound chip, PCI connectors, SATA controllers, fancy BIOS, USB ports, half the northbridge architecture, any kind of storage medium, and many other things in your miner
- You are not restricted to a specific AT form, specification or rule, you can make your case as thermal needs require it to be, you can make smaller and cheaper motherboards
- You don't need super fancy EPUs and VRMs that cope with variable work load modes and power efficiency modes
- You don't need 80% of the CPU's functions to perform a single hash algorithm, things like virtualization, multimedia processing, graphics controller (http://images.bit-tech.net/content_images/2012/04/intel-core-i7-3770k-review/ivb-5w.jpg, http://wccftech.com/images/reviews/hardware/Processor/Intel-Core-i7-975-Extreme-Edition-Processor-Review/Core-Design-Areas.jpg)
- Even if you use a PCI board as implementation, you don't need everything from a GPU, you can discard 40% of the chip/s surface (http://www.ixbt.com/video3/images/titan/diag_smx.png)
- The speed to storage trade-off can be adjusted in any machine, such that it uses less RAM and faster processor, or slower processor and more RAM for the same hashrate

So if you build an ASIC for Scrypt, it will be cheaper to make per unit, use less power and produce more hashes than a generic built PC. Sure, it will have just this purpose, but it will do it better in the long term. If the benefits of owning such a miner for 2 years produce sufficient return to cover the investment then it will be built. KnC miners take like a month to recoup now, don't they?

Most miners are not stupid, they take logical calculated evidence-based decisions. They buy new hardware when they observe opportunity, and stop the hardware or sell it when it is working at a loss. Just like Bitcoin ASICs are removing GPUs from the network, a memory hard algorithm will take out generic desktops from the network using that algorithm in lieu of headless dedicated optimized low-energy ASIC miners.

Q. Is someone going to develop an ASIC to handle the specific functions that the CPU in a desktop PC handles? Are they going to be able to do it faster and cheaper than Intel's latest tech?
A. Yes. KnC, ASICminer and others managed to make dedicated chips that can hash bitcoin faster and cheaper than ATI's chips.

Q. Is someone going to develop a memory ASIC that performs better than consumer RAM?
A. Yes. GPUs already use chips and architectures that offer more than double the speed of consumer montherboard RAM.

Q. If someone DID actually build the above two ASICs and also built an efficient platform around them on such a scale that the (alt-)coin mining market would actually support, would it be economically feasible (that is, would you get at least 100% ROI)?
A. Yes, it could be feasible if it would get 100% ROI.

The question should be: Can a cryptographic blockchain hash algorithm that can run exclusively only on common desktops with maximum efficiency be created?
The answer is: No.

The question is then: Why are we discussing this new proof of work?

I'm not trolling, I'm as sincere as possible even if I look like an asshole. Deceiving people and making fun of them is not my style.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
October 20, 2013, 01:38:26 PM
#34
Nonsense, a home pc has limits on RAM, require other hardware etcetc. An ASIC would have exactly only what is required, in this case tons of memory.

You can't fit "tons of memory" on a single chip, not even an ASIC, since you are fundamentally constrained by transistor size.

So even with an ASIC, more hashpower can only be achieved with more hardware, and not with architecture alone.  For the 10TB of memory mentioned by the OP you would need to manufacture thousands of chips, ASIC or no ASIC.

Sure, an ASIC would be more efficient than a home PC, but in terms of hash per dollar invested it would perhaps only achieve a factor of 2, not a factor of 10,000 like it's the case with the SHA256 algorithm.
hero member
Activity: 503
Merit: 501
October 20, 2013, 01:14:58 PM
#33
So this is like Nascar restrictor plates? Does it incentivize low end mining?
sr. member
Activity: 303
Merit: 250
October 20, 2013, 12:55:11 PM
#32
Your idea is useless because there can always be ASICs that are better than generic hardware at specific tasks. Which is why they are called ASICs.

You might be confused about the state of art of certain classes of integrated circuits. I'll try to make this simple, as related to cryptography.

Speeding up the processing of a memory-hard algorithm requires two things: (1) faster memory (clock speed), and (2) more memory (parallelism and minimization of data set movement). Consumer RAM ("Memory" as it were) is nearly already AT the state of the art in terms of speed (DDR3 and soon DDR4). Adding MORE of it simply means adding more sticks of RAM. From a customized machine standpoint, this means adding more of the DDR SDRAM ICs (the constituent chips that make up a PC's RAM modules) and optimizing their data transports.

The argument that I recall the Scrypt paper making (and that I see the Momentum paper makes [2nd paragraph of introduction]) is that it becomes economically infeasible to design a system that outperforms a standard PC by such a margin that makes it worthwhile to develop said system. In other words, it costs too much to design a specialized system for a memory-hard algorithm when desktop PCs typically already perform really well with readily-available, relatively cheap hardware.

Q. Is someone going to develop an ASIC to handle the specific functions that the CPU in a desktop PC handles? Are they going to be able to do it faster and cheaper than Intel's latest tech?
A. Probably not, developing for the latest transistor size would be difficult and immensely costly.

Q. Is someone going to develop a memory ASIC that performs better than consumer RAM?
A. Probably not, consumer RAM is already near the state of the art.

Q. If someone DID actually build the above two ASICs and also built an efficient platform around them on such a scale that the (alt-)coin mining market would actually support, would it be economically feasible (that is, would you get at least 100% ROI)?
A. Most certainly not. The licensing alone would kill the hopes for feasibility.

I hope this makes sense. If I have misspoken or misinformed anywhere in the above, please do not hesitate to correct me.

The argument that I don't see made often enough is when economic feasibility isn't the goal, what happens? For instance, if a government wanted to build a system to take over and crumble a cryptocurrency network and [fiat] money was no object -- then yes, they could probably develop such a system. But any economist who knows about the engineering involved (quite a rare subset I would imagine!) would just tell this government to buy as much consumer PC hardware as they could rather than develop new tech. "Why re-invent the wheel?"

p.s. BombaUcigasa, you're coming off very trollish. You ask good questions, but try to lighten up a bit on your accusatory tone and people might take you more seriously. Thanks.
hero member
Activity: 770
Merit: 566
fractally
October 20, 2013, 09:17:57 AM
#31
Quote
What manipulation are you talking about?


If you have a bunch of bids and asks being broadcast on a blockchain and the miners get to pick the transactions that go into a block, then you do not want them to tweak their blocks frequently, but rather you want them to commit to the next block as soon as the previous block is found.   Hence having some momentum to the proof of work is helpful in preventing manipulation.
hero member
Activity: 770
Merit: 566
fractally
October 20, 2013, 09:15:07 AM
#30
Imagine a government or Interpol connected network deciding to install a modified miner on their machines, pool together with more hashpower than all your network and force invalid blocks on your blockchain. How do you stop that?

Lets see here... you can never force invalid blocks on to a network, the worst case is a double spend attack and that requires an anonymous purchase.   Worst case is a DOS attack.

Please define how a botnet will tear it apart aside from winning all of the mining rewards.
legendary
Activity: 1442
Merit: 1005
October 20, 2013, 07:19:41 AM
#29
Yes, Bitcoin got absolutely everything right. Stop any form of progress in any way because you're just wasting your time. Roll Eyes
I was thinking more like... stop inventing non-existing problems and focus on the ones that are important, not the ones that have already been solved.
hero member
Activity: 798
Merit: 1000
October 20, 2013, 03:56:26 AM
#28
Bitcoin will not change algorithm until it becomes unsecure.

And this is not an algorithm for Bitcoin as bytemaster has stated.

Quote
There is no reason to do so.

Yes, Bitcoin got absolutely everything right. Stop any form of progress in any way because you're just wasting your time. Roll Eyes
legendary
Activity: 1442
Merit: 1005
October 20, 2013, 02:17:10 AM
#27
Quote
and more time lag for emerging of the specialized hardware.

That is not useless because it means the network has to change hashing algorithms less frequently.  Changing of the algorithm is where I maintain decentralization ultimately, but having some delay is helpful.

I also want an algorithm that prevents manipulation of blockchain based markets by making it 'costly' to restart mining after accepting a set of transactions.
Bitcoin will not change algorithm until it becomes unsecure. There is no reason to do so. The ASIC for the new algorithm will be trivial.

What manipulation are you talking about?

I see someone else commented on the resource waste and efficiency. It doesn't matter if you have 1hash/s or 1Thash/s in each peer, the number of peers owned by an adversary is more important. Look at CPU only coins how they are being ripped apart by botnets.

Imagine a government or Interpol connected network deciding to install a modified miner on their machines, pool together with more hashpower than all your network and force invalid blocks on your blockchain. How do you stop that?
hero member
Activity: 770
Merit: 566
fractally
October 19, 2013, 02:49:06 PM
#26
Quote
and more time lag for emerging of the specialized hardware.

That is not useless because it means the network has to change hashing algorithms less frequently.  Changing of the algorithm is where I maintain decentralization ultimately, but having some delay is helpful.

I also want an algorithm that prevents manipulation of blockchain based markets by making it 'costly' to restart mining after accepting a set of transactions.
legendary
Activity: 1442
Merit: 1005
October 19, 2013, 02:36:57 PM
#25
Hosted ASIC mining contracts is centralized because they could be seized or destroyed by a single national government.  
There are several hosting actors, each competing for the same market on good profit margins (difficulty adjustments and price variations assure this). Why does it matter if one actor goes offline? There are many others, only a small to medium percentage of hash power will be temporarily impeding the Bitcoin network.

Consider that there are mining pools that have 30% of the hashpower. Such a pool going down will warp the block time by 30%, you are clearly not worried about this at all, and it's a more likely event than there being only 3 mining farms in the world.

You also sub-estimate how much some people pay for electricity, or even companies, and how cheap they can offer the mining contracts.

I think the real goal is that the ideal miner should be general purpose and thus advance technology for all.
I think the real goal is to use the least possible resource waste to obtain the maximum network security. Advances in ASIC technology do just that. An attacker has to invest very little in electricity, very much in hardware and have little negative effect on the network. If we don't use the ASICs, the attacker can use less money for hardware and he will win. You want that?

GPU mining is not 'centralized' because the GPU has many uses that justify producing consumer grade parts.  
That comment is just retarded. Centralization is not a nature of the hardware. If it is, then GPU mining is "centralized" because it's all ATI!

See how stupid this argument can be? Centralization would be when all miners go to btcguild and it can control 80% of the network and attack it 3 times a day.

Ask yourself this... how many people must the government control to steal 51% of the hashing power?    
1 or thousands. One developer can push a single change that causes a hard fork (as it happened). One pool operator can luckily get an attack performed. The rest of the network that doesn't act during that time won't be affected at all. It never happened, we don't know.

Economies of scale apply to everything and thus tend to result in centralization.   If you have a proof of work that limits the ability to gain improvements by 'scale' that significantly exceed the benefits of individual nodes then you have a win.   My belief is that the two factors are capital cost and electricity costs.   For home PCs the capital costs are 0.  For many people the electric costs are paid by someone else and thus 0.
If you are whiny poor dreamer, whom can't afford an ASIC, you start dreaming up plans to make lots of money on your Pentium-II. Am I right?

As a result I contend that I have a better decentralization model.
This is again, another retarded argument. Let's play back time again:

2009 - Bitcoin appears
2013 - Bitcoin has high end efficient diversified implementations of the latest possible dedicated chip technology

Where have you ever seen such a short and powerful advancement in service technology? Seriously, in just 4 years, something went from obscure to cutting edge end-of-line technology. Look at Litecoin. The Litecoin ASICS are under development. After 4 years of it being launched, it will have several ASICs to boast.

How much time do you think you will buy? 8 years? 12 years?

Do you not understand that a specially built specifically designed computer will be better than the average desktop at mining your algorithm? You only add a hash counter demultiplier compared to bitcoin, and more time lag for emerging of the specialized hardware. Your idea is useless because there can always be ASICs that are better than generic hardware at specific tasks. Which is why they are called ASICs.

Embrace and respect technology, don't be an ignorant fool! Peace!
hero member
Activity: 770
Merit: 566
fractally
October 19, 2013, 02:03:54 PM
#24
Hosted ASIC mining contracts is centralized because they could be seized or destroyed by a single national government.   

I think the real goal is that the ideal miner should be general purpose and thus advance technology for all.  GPU mining is not 'centralized' because the GPU has many uses that justify producing consumer grade parts.   

Ask yourself this... how many people must the government control to steal 51% of the hashing power?   

Economies of scale apply to everything and thus tend to result in centralization.   If you have a proof of work that limits the ability to gain improvements by 'scale' that significantly exceed the benefits of individual nodes then you have a win.   My belief is that the two factors are capital cost and electricity costs.   For home PCs the capital costs are 0.  For many people the electric costs are paid by someone else and thus 0.

However, with Bitcoin miners the capital costs are always non-0 and the electric costs highly favor centralized ASICs.

As a result I contend that I have a better decentralization model.
legendary
Activity: 1442
Merit: 1005
October 19, 2013, 01:50:11 PM
#23
Bitcoin could end centralization of hash power...


How did you found out bitcoin's hash power is centralized?

Economics of the situation is [..]

In effect mining will centralize where the cost of power and overhead is minimal.  
Oh, so based on a hunch or laymen theory which has no actual basis or tested scenario in real life you concluded as a fact that Bitcoin is centralized NOW and we need to do something about it NOW before this theoretical problem arises? Gotcha... I'll pass.

The simple fact for which I think you're wrong, is because:
- Most GPU miners are made by ATI (holy shit that's so centralized)
- There are a limited list of models that are popular (30 or so models, less than there will be ASIC models for sure)
- They are deployed in a similar fashion, with similar software, by people who can afford buying several of them
- There are GPU farms created by people because they can afford the budget to do so, housed in the "generic individual domicile" mining farm
- NONE of this matters AT ALL because their choice is mining pool is more important than the hardware, year, miner software or favorite color.

What exactly has changed in terms of the distribution of cutting edge miners within the mining pools?

For example I bought several mining contracts on several hosted ASIC miners, made by several manufacturers and hosted in various places (including and excluding manufacturer recommended farm) pointed at various mining pools. What's wrong with this? What makes this centralized? What difference would there be if ALL ASIC miners are in ONE room or TWO rooms? Doesn't it matter more what mining pool they use?
hero member
Activity: 770
Merit: 566
fractally
October 19, 2013, 12:39:54 PM
#22
Bitcoin could end centralization of hash power...


How did you found out bitcoin's hash power is centralized?

Economics of the situation is that specialized ASIC hardware can never be profitable to purchase as a consumer because the added cost of shipping, marketing, and packaging the ASIC vs a centralized mining farm means that hash power will tend to concentrate in large mining farms tightly connected to the latest manufacturing process.  Improvements in technology mean the lifespan of an ASIC is only about 1 year during which the entire cost of development must be recouped.   

In effect mining will centralize where the cost of power and overhead is minimal. 
legendary
Activity: 1442
Merit: 1005
October 19, 2013, 12:32:55 PM
#21
Bitcoin could end centralization of hash power...


How did you found out bitcoin's hash power is centralized?
hero member
Activity: 770
Merit: 566
fractally
October 18, 2013, 09:34:26 PM
#20
The whitepaper states

Quote
Find nonce A and nonce B such that BirthdayHash(A+H) == BirthdayHash( B+H)

Does it mean all 256 bits must be the same?
+1. Would like to hear this as well.

Birthday hash can be any number of bits so long as a collision can be found in a reasonable amount of time. Say 10 seconds for the first collision.
Pages:
Jump to: