@ir.hn:
My algo is derived from a block cipher I built some years ago. The most significant feature of that cipher is an arbitrary block size, typically a few megabytes. It only provides one of the requirements that I think the 'ideal' asic-resistant algo should have, a very high memory-to-thread ratio.
The ideal algo would also take advantage of other, expensive to duplicate, features of the common PC.
My project will be a proof-of-concept level effort only in that it will focus on only two of the performance characteristics that are hard to duplicate without spending nearly as much money as the core of a modern PC. Specifically, I will limit my project to 1) Large memory-per-core, and 2) efficiently utilize the large caches in a PC. As such, it will not attempt to be the ultimate 'asic-proof' finished product.
Therefore, it would still leave a significant cost gap that a purpose-built device could take advantage of -- but would eliminate the huge margins that current asics enjoy over PC's and GPU's. By greatly reducing that gap, PC's would be competitive. In fact, since PC's are already deployed with their costs justified in totally different ways, they are essentially free for the purposes of this algo.
Current asics are economically viable only because PC's are so astoundingly inefficient at mining most algos. An algo designed to require, for example, huge memory-per-thread, a non-trivial portion of the more complex parts of the instrucion set, and large and very fast caches, would make an asic much more expensive to produce -- and it would *not* have an outsized performance margin above the PC. Yet, they would still have to be designed and built from scratch to compete in only the one area.
Thanks for the thoughtful article. I'm working in a similar area and thought I'd add my own perspective on how to deal with the centralization-as-an-attack cryptocurrency problem.
We seem to agree on the idea that the best defense against ASIC's (and other approaches that fill the same functional and economic niche) is an economic defense. For example, my approach to POW is to leverage PC's in a way that is uneconomic to duplicate in a fixed-purpose device. Since many people already own PC's their machines don't have to be counted as part of the cost of decentralized POW.
On the other hand, someone building a dedicated mining farm would have to outlay *extra* money to compete with something that the decentralized community already has in abundance.
This approach failed for bitcoin because the POW algo was too trivial; it required only a few instructions of the CPU and a tiny amount of memory. A $1000 PC was making use of only a tiny fraction of its cost for mining. This left a huge window for exploitation by ASIC's (and GPU's).
A better approach would have been to use more instructions and more complex instructions as well as far more memory in the POW algo, obviously. Further, as as you point out above, the memory should be dynamically used rather than static to reduce the possibility of shortcuts. Ideally, the algo would make use of as many capabilities of the (common) PC as possible. Successfully implemented, this approach would not make ASIC and GPU mining 'impossible', merely impractical.
But, as you say, ASIC resistance, as defined economically, *is* ASIC proof.
My algo is pretty basic in that it mostly makes use of lots of memory and memory bandwidth for each thread, but that alone addresses a significant subset of the 'ideal' requirements of my approach. A GPU would be able to run a few threads, for example, but its performance should pale in comparison to a CPU. It might be worth the electricity at the low usage level -- but the ROI would not be worth the capital outlay of building a GPU rig.
An ASIC (or ASAC) could still be made to be more efficient than a PC, but should not be drastically so. As long as the pay-off period for a piece of special-purpose equipment is measured in multiple years, the risk would be too great for a prudent investment -- especially in the fast-moving space of cryptocurrencies. And, more importantly, it would not provide the economic foundation for a few companies to quickly rise to dominate the space.
Love your name spinning truth but what is this algo you speak of that uses every part of the cpu? Surely you mean my proposed algo which is finding a specific length factor of a large number (over 100-120) digits?
, but guess what? I'm winning this war because the gpu mining industry is far bigger than Jihan's Bitmain and they will support me and guys like me eventually. 
