Author

Topic: Please help me understand how the covert asicboost worked (Read 110 times)

member
Activity: 64
Merit: 17
I have come to realise that is hard asking a question in Bitcointalk that haven't been answered before so i now just search for any thread relating to my question.
I think this thread might help Why would make the extra merkle commitment asicboost uneconomical?

I don't know if quoting this long is wrong though, since I had an experience of not been able to post a link outside Bitcointalk. I optioned to quoting.

Aside using the forum search, you can use this https://ninjastic.space/search for more accurate search
jr. member
Activity: 38
Merit: 24
I don't really know anything about Bitcoin mining, so is my first time coming across the Asicboost. I tried to read it up but my understanding of it is kinda shallow but believe I need to quote this if it would answer your question
Quote

Introduction
AsicBoost speeds up Bitcoin mining in general (for ASICs and CPUs alike) by reducing the frequency of computing one part of the SHA-256 calculation.

A Bitcoin block header is 80 bytes long. It fits in 2 blocks for SHA-256 hashing. It gets hashed into a 32-byte value, then hashed again (1 block) to get the final value that is compared to the threshold.

Pseudocode
The conventional way to do Bitcoin mining looks like this:

while True:
    blockHeader = ...  # based on Merkle root and other fields
    sha256Block0 = sha256Expand(blockHeader[0 : 64])
    midState = sh256Compress(sha256InitVector, sha256Block0)

    for i in range(2**32):  # Try nonces
        blockHeader.nonce = i
        sha256Block1 = padAndExpand(blockHeader[64 : 80])
        singleSha = sh256Compress(midState, sha256Block1)

        sha256Block2 = padAndExpand(singleSha)
        doubleSha = sh256Compress(sha256InitVector, sha256Block2)
        if doubleSha < target:
            miningSuccessful(blockHeader)  # Jackpot!

Notice above that the inner loop has 2 calculations of block expansion and 2 calculations of block compression.

Now what AsicBoost proposes is that we somehow find a bunch of blockHeader values where sha256Block0 is different but sha256Block1 is the same. Because the Merkle root field straddles both hashing blocks, it means we need to group candidates by the last 4 bytes of the Merkle hash. Now the mining algorithm looks like this:

while True:
    blockHeader = ...  # based on various fields
    candidates = dict()  # 4 bytes -> sets of blocks
    for i in range(...):  # Generate the more the merrier
        tempBh = blockHeader.randomizeMerkle()
        sha256Block0 = sha256Expand(tempBh[0 : 64])
        tempBh.midState = sh256Compress(sha256InitVector, sha256Block0)
        candidates[tempBh.merkleRoot[28 : 32]].add(tempBh)

    for i in range(2**32):  # Try nonces
        for key in candidates:
            tempBh = candidates[key][0]
            tempBh.nonce = i
            sha256Block1 = padAndExpand(tempBh[64 : 80])

            for tempBh in candidates[key]:
                singleSha = sh256Compress(tempBh.midState, sha256Block1)
                sha256Block2 = padAndExpand(singleSha)
                doubleSha = sh256Compress(sha256InitVector, sha256Block2)
                if doubleSha < target:
                    miningSuccessful(blockHeader)  # Jackpot!

Now notice that the inner loop performs 1 calculation of block expansion per candidate group, and then 1 calculation of block expansion plus 2 calculations of block compression per candidate block header.

Thus the technique wins over conventional mining when most candidate groups have more than one candidate, and that the overhead of generating and sorting candidates exceeds the gains from saving at most one calculation of block expansion per candidate.
I have come to realise that is hard asking a question in Bitcointalk that haven't been answered before so i now just search for any thread relating to my question.
I think this thread might help Why would make the extra merkle commitment asicboost uneconomical?

I don't know if quoting this long is wrong though, since I had an experience of not been able to post a link outside Bitcointalk. I optioned to quoting.


jr. member
Activity: 47
Merit: 18
I know that covert asicboost can't be used anymore after segwit.
However, I'm studying it to understand how it worked. I hope you can help me because I am confused.

In particular, I'm studying this doc... https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf

This is the normal mining process (which you are familiar with but which I summarize for completeness) according to that document:
1. in the header there are two chunks
2. the first chunk is modified about once every four billion attempts (maybe even less frequently since we can play with time a bit...but let's not quibble)
3. the second chunk is modified on each attempt by changing the nounce
4. for each chunk an expansion and a compression process is performed
5. the expansion of the first and second chunks are independent of each other
6. on the contrary, the compression of the two chunks must be done in order: first the first, then (starting from the compression of the first) the second
7. then a phase of expansion + compression of the obtained hash (second hash).
8. finally the evaluation of the last hash obtained, to see if it is less than the target

this loop repeats until a hash lower than the target is found. It is not necessary to waste hash power to do the expansion+compression of the first chunk at each attempt: you can 'freeze this process in a 'mid state': at each attempt (that is, at each increase of the nounce) you just do:
(1) chunk expansion 2
(2) chunk compression 2
(3) hash expansion obtained
(4) hash compression obtained

image at page 5 is perfect to show the 4 steps above

With asicboost, you hold the second chunk and only modify the first one (never mind how this was actually done)
this is what I DON'T UNDERSTAND:

image at page 6 is good to show this

according to this figure, 3 steps are taken for each attempt: 2 compressions and one expansion.

But, in my opinion, the 'mid state' assumes an expansion+compression of chunk 1, which with asicboost changes with each attempt (instead of chunk 2 as in normal mining)
therefore, with the asic boost, 5 steps are made at each attempt, and not 3 as the text that I linked says: the 3 that the text says + an expansion + compression for the mid state
so asicboost would be less efficient than normal mining (4 steps).

obviously I misunderstood, and asic boost was not working as it seems to me. I'd like to understand where I'm wrong. I hope I was clear enough and asking a lot but not too much. Thank you!
Jump to: