Pages:
Author

Topic: Resurrecting the Champ: PoW to become Bitmain/Buterin resistant - page 2. (Read 1099 times)

newbie
Activity: 9
Merit: 1
In a sophisticated marketing maneuver, Bitmain is selling its miner for a price far (more than 3 times) below what an ordinary gpu miner can manage to assemble a comparable mining rig. It pushes ordinary miners out of the market and is a hardware centralization threat and deserves to be classified as an attack. I'll show here that it is an special purpose machine built for taking advantage of a specific vulnerability of a modern PoW algorithm like Ethash. It is nothing less than an attack and for the convenience I'll call it Application Specific Architectured Computer, ASAC.
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
Bitcoin currently attracts both the largest accumulated proof of work and the largest economic majority.  All the myriad forks we've witnessed so far haven't been able to keep pace with the proof of work Bitcoin has accumulated, but that wouldn't be the case if those who disagreed with the new algorithm continued to support using ASICs.  The new algo would almost inevitably be the minority chain in terms of hashpower, so supporters of the new algo would have to fall back on purely the "economic majority" argument and would also have to be pretty damn sure they'd win that argument.  Quite the gamble.
{I've quoted from this topic }
It would also unfairly punish a lot of good actors in the space in an attempt to punish Bitmain.
{from this topic }

For Bitcoin, I've come to a solution for implementing ASIC resistance with minimum side effects and risks. I'll discuss it in more details in a dedicated thread but for now I just use the core idea to show how wide is the range of possibilities:

Suppose we got a gpu mineable practically ASIC-proof algorithm implemented and tested properly and ready to launch, let's call it MemHash.

1-We would choose a blockheight N as the fork point to be mined a couple of months later. Miners , Wallets, ... would have a reasonable time to upgrade.

2- We will use a multi algorithm protocol in which 2 difficulties are independently and more dynamically (revised in shortest periods) adjusted to guarantee a fair distribution of blocks between SHA256 and MemHash.

3-By fairness we refer to a constant, name it RATIO. It is set to 8/1 in favor of SHA256 for the beginning but improves overtime (say, every 6 months ) to become 1/8 ultimately within first two years and approaches to zero within next period.  

Many things to discuss more, I know, but my point is clear: There exists so many possibilities and any challenge has a proper solution.

newbie
Activity: 9
Merit: 1
Bitmain, obviously, has not disclosed anything worth mentioning about E3 other than a picture (of an ugly mini case) plus 800 watts power consumption, 180 Mh/s Ethash power and 800$ price besides a 3 month pre-order requirement for the buyers, if it was not Bitmain, it would look  just like a scam, but it IS Bitmain and something is wrong here.
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
I will unite decent gpu miners and fork not only against Bitmain but also from Buterin and his fans.
Stick with ETC then.

Quite an option, given ETC people are ready for the hard fork against E3.
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
{....}

I'd disagree since there are many algorithm which says ASIC-resistance, but in the end all of these algorithm have their own ASIC. As long as the there's cryptocurrency with big market cap which that use ASIC-resistance algorithm, i'm sure people can manufacture ASIC even though it will be big challenge, costly and time-consuming.

As I have argued before, induction is not a proof. You say ASIC-resistance is deemed to fail, BECAUSE 'there are many algorithms' that claim it and 'at the end' they have failed. It is a false and weak induction, not a solid reasoning.

Bitcoin and its SHA256 cracked by Bitmain because Satoshi Nakamoto was not a god to foresee everything. It was bitcoin community's mission to react but it failed to do so.

failure of X11, Scrypt and CryptoNight is just good news for designers to find better and more resistant approaches.

The details of the latest Bitmain attack against Ethash (E3) has not been publicly disclosed yet but I strongly believe it is not an ASIC attack (yet I think it should be neutralized). Ethash is a memory hard algorithm, for every single hash the processor (Being ASIC or not ) have to access random parts of the RAM bank multiple times. This way the performance will be bound to memory access, It is practically useless to implement this algorithm in ASIC.

Bitmain's E3 has been announced to have almost the same j/h efficiency as a mid-range gpu, it is not what one expects from ASICs, they have typically tens to hundreds times better efficiencies compared to general purpose systems.

Instead, I believe, Bitmain has managed for an architectural attack i.e. making special purpose systems instead of ICs. I'm proposing a theory based on a possible shared memory attack to describe E3 and I have designed a counter attack but my point is a practically ASIC-proof algorithm is absolutely feasible to design and implement and the latest bad news about failing algorithms is just good news for people like me who are committed to the purpose and have a minimum level of expertise needed for the job.

Quote
But i think the real problem is FPGA which still can be used after algorithm-tweak to kill/prevent ASIC with small tweak.


FPGA is expensive and power hungry. Don't count on it as a serious threat to gpu mining.
Quote
Also, hard-fork which change the algorithm where ASIC already have domination would be difficult. Monero/Cryptonight V7 works well because the ASIC haven't dominate the hashrate and the community have good faith on the developer.
I'm sure Monero approach won't work well on other Cryptocurrency such as Bitcoin and Ethereum, at least without community-split and chain-split.

FACTS:
- Ethereum is not attacked by E3s yet(at least significantly)
-Monero was almost dominated by ASIC. After the tweak, network hashrate dropped to less than a half!
-We have practically no gpu miner in bitcoin. It is all about ASICs here.

So, Monero's experiment can be repeated even more successfully in Ethereum while for bitcoin it is complicated and needs a thorough analysis and planning.

sr. member
Activity: 317
Merit: 275
I will unite decent gpu miners and fork not only against Bitmain but also from Buterin and his fans.
Stick with ETC then.
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
Using this as an excuse for saying welcome to an obvious attack like cracking the algorithm by ASIC (it is a crack,, both historically and analytically) is the most weakest argument ever. It looks to me just insane, putting everything in the hands of Jihan Wu and praying for him to keep us safe against botnets!

It would be a weak argument if I was asking to put everything in the hands of Jihan Wu, but that's not the case.  You might want to consider the possibility that changing the algorithm could even be advantageous to Wu, since his company would almost certainly react fastest to any newly announced algorithm.  It would effectively kill any opportunity for another manufacturer to catch up.  You might end up handing them monopoly on a plate through your desire to beat them.  I'd say at least wait to see how quickly it is before another Monero ASIC is designed before you dismiss this notion.  I don't think it'll take that long.  Let them be the guinea pig before we start meddling with things that are largely theoretical at this stage.

As you stated yourself:
2- The very first company that manages to crack the algorithm and produce a specialized machine,  will save its position almost forever because of the gains.
So it makes sense that the company that cracks it first will keep cracking it each time you change it.  Therefore, it's actually more sensible to allow other manufacturers the opportunity to catch up.
I'm completely against the hypothesis that states every PoW algorithm is vulnerable and will be cracked sooner or later by ASICs or other special purpose systems. There is no basis for this assumption other than a false induction or a kind of tautological manipulation of the terms involved.  A cautiously designed algorithm, being practically ASIC proof is definitively possible.

Plus, regular algorithm upgrades, as long as they don't alter the basics and enjoy a semi-autonomous consensus mechanism (like some proposed signaling schemas) won't be that costly. From a programmer's perspective, I see no serious challenge here. I don't think it will be the case but having this as a doom day strategy will de-incentivize further attempts to break the algorithm.

As of your guinea pig, Cryptonight V7, I'm absolutely sure about the outcome: There will be no more crack attempts on the algorithm. The costs involved in the upgrade were negligible and the results were awesome and Sergio is threatening to repeat the procedure every 6 months. The experiment is over
and the results are more than encouraging.
 
First you need for the almost entire community to agree that fork needs to happen.
No we don't! I'm so suspicious about this term 'community' when it is used as a concrete concept.

In Ethereum 'community' we have Vitalik Buterin who shines like a pop star at the same time he is ruining the entire ecosystem with his immature proposal about 'weak subjectivity' and Casper. Buterin is famous for his disbelief in PoW asd enthusiasm about PoS miracle that is promised to scale up blockchains magically! I don't care about Buterin and his fans, I will unite decent gpu miners and fork not only against Bitmain but also from Buterin and his fans.

As of bitcoin, things are so different here, I think once Bitmain started to play his cards in a more dirty game, we have less problems to have the community united. For now I'm just insisting on theoretical development and discussions about the possible ASIC mitigation improvements to SHA256 and the PoW of bitcoin.

Some of your points in this post was important too, I'll discuss them separately. Cheers for now Smiley
legendary
Activity: 3724
Merit: 3063
Leave no FUD unchallenged
Using this as an excuse for saying welcome to an obvious attack like cracking the algorithm by ASIC (it is a crack,, both historically and analytically) is the most weakest argument ever. It looks to me just insane, putting everything in the hands of Jihan Wu and praying for him to keep us safe against botnets!

It would be a weak argument if I was asking to put everything in the hands of Jihan Wu, but that's not the case.  You might want to consider the possibility that changing the algorithm could even be advantageous to Wu, since his company would almost certainly react fastest to any newly announced algorithm.  It would effectively kill any opportunity for another manufacturer to catch up.  You might end up handing them monopoly on a plate through your desire to beat them.  I'd say at least wait to see how quickly it is before another Monero ASIC is designed before you dismiss this notion.  I don't think it'll take that long.  Let them be the guinea pig before we start meddling with things that are largely theoretical at this stage.

As you stated yourself:
2- The very first company that manages to crack the algorithm and produce a specialized machine,  will save its position almost forever because of the gains.
So it makes sense that the company that cracks it first will keep cracking it each time you change it.  Therefore, it's actually more sensible to allow other manufacturers the opportunity to catch up.

Plus, as stated in other threads, botnets aren't the only issue with changing the algorithm:

First you need for the almost entire community to agree that fork needs to happen.
the moment ASIC resistance returns, hundreds or thousands of researchers, scientists and programmers set to work breaking it. the rewards are too high not to try it. bitcoin could spend the rest of its days skipping from algorithm to algorithm which would be an endless cycle of ruin and disruption for little gain.
And even with new algo the mining might still be centralized, because if it would be very profitable, miners would buy GPU's in bulk while hobbyists won't be able to make small home farms, because retailers would enforce 1 GPU per buyer like they do now in many places. CPU mining might suffer from the same problems
Simply changing Bitcoin's PoW algo won't keep ASICs at bay forever, but would come with a lot of challenges -- both technologically and community-wise. Not only evaluating and selecting a new PoW algo will be challenging -- even how the selection for a new PoW algo takes place would likely result in a lot of drama and hidden agendas. Some parties may secretly benefit from one algo over another.
Bitcoin currently attracts both the largest accumulated proof of work and the largest economic majority.  All the myriad forks we've witnessed so far haven't been able to keep pace with the proof of work Bitcoin has accumulated, but that wouldn't be the case if those who disagreed with the new algorithm continued to support using ASICs.  The new algo would almost inevitably be the minority chain in terms of hashpower, so supporters of the new algo would have to fall back on purely the "economic majority" argument and would also have to be pretty damn sure they'd win that argument.  Quite the gamble.
It would also unfairly punish a lot of good actors in the space in an attempt to punish Bitmain.
Also note that requiring ASICs to mine BTC makes it less susceptible to hashrate fluctuations caused by rising alt coins. We got a glimpse of the possible impact of such competition during the early days of BCH. Most alts that share BTC's PoW scheme are irrelevant today, but if BTC were CPU / GPU mineable again this could have serious implications regarding the stability and security of the network. Back then BTC was the only game in town, but nowadays sudden alt price surges could result in network slowdown and thus congestion.

And those are just the things that foresight permits us to see.  Consider the pain when hindsight bites us in the ass with all the repercussions we didn't anticipate.  You keep talking about this like it's a simple change that magically fixes everything with no consequences.  It just isn't going to pan out that way.  And with this many unknown variables, the first example becomes the most poignant.  You need to get almost everyone to agree.  How can we do that if we can't even tell what all the problems are going to be?
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
Plus, I have no idea of such a hypothetical botnet to be sophisticated enough to participate in a PoW protocol effectively.

It's not like the threat is imaginary.  Mining botnets do exist, it's just that they just aren't particularly profitable for any of the coins with a high enough difficulty.  As such, ASICs make it considerably less tempting for anyone to bother trying to create one for Bitcoin.  I'd say the fact people aren't aware of the issues with botnets is a pretty good indicator that we're on the right path, being that people are usually only aware of things like that once they actually become an issue for them.  When it's not a problem for us, we turn a blind eye, even though it might affect others.


botnets are real, of course, and they can mine, yes. But the scenario proposed by @quoheleth, which I was trying to reject, is more complicated than just mining, it is about short range attack on PoW chains and double spending coins. It needs synchronization between the bots to lie in ambush as I have mentioned, by the sentence you quoted, I'm implying that it just doesn't look that easy to write a malware to participate both maliciously and effectively in the protocol. It is why we have not experienced such an attack. It was my fault not formulating my argument properly, perhaps.

Botnets should be categorized as a general computing problem rather than a cryptocurrency one. Typically miners are much more careful about stealing their hash power, when it comes to gpu mining  but even for Cryptonight and cpu mineable algorithms in which botnets are more effective, it is not about anything other than stealing a very small fraction of block rewards with no general impact on the blockchain.

Overtaking a PoW network can't be accomplished by a temporary virus/bot infection, the owners will eventually figure out the attack and do a fresh bootstrap. In other words, a long range attack against the network using botnets isn't feasible.

Overtaking the network doesn't have to be the end goal for it to be an issue.  It still places a large number of coins into the hands of people who are more likely to be bad actors than those who mine using legitimately purchased hardware.  It's probably better if people writing malware designed to infect users' machines aren't rewarded for their efforts solely because we mistakenly decided to declare war on the miners by bricking their ASICs.  When you create a power vacuum, it will often be filled by people who aren't exactly noble in their motives.  

No it is not about 'a large number' of coins. It is just about stealing a small fraction of cpu power from people which is bad generally for cryptocurrency  and any other computing technology, but not an ultimate threat. Attackers can target cpu mineable coins for a fraction of their fresh block rewards, they can't put any crucial characteristic of the blockchain in danger.

Using this as an excuse for saying welcome to an obvious attack like cracking the algorithm by ASIC (it is a crack,, both historically and analytically) is the most weakest argument ever. It looks to me just insane, putting everything in the hands of Jihan Wu and praying for him to keep us safe against botnets!
legendary
Activity: 3724
Merit: 3063
Leave no FUD unchallenged
Plus, I have no idea of such a hypothetical botnet to be sophisticated enough to participate in a PoW protocol effectively.

It's not like the threat is imaginary.  Mining botnets do exist, it's just that they just aren't particularly profitable for any of the coins with a high enough difficulty.  As such, ASICs make it considerably less tempting for anyone to bother trying to create one for Bitcoin.  I'd say the fact people aren't aware of the issues with botnets is a pretty good indicator that we're on the right path, being that people are usually only aware of things like that once they actually become an issue for them.  When it's not a problem for us, we turn a blind eye, even though it might affect others.


Overtaking a PoW network can't be accomplished by a temporary virus/bot infection, the owners will eventually figure out the attack and do a fresh bootstrap. In other words, a long range attack against the network using botnets isn't feasible.

Overtaking the network doesn't have to be the end goal for it to be an issue.  It still places a large number of coins into the hands of people who are more likely to be bad actors than those who mine using legitimately purchased hardware.  It's probably better if people writing malware designed to infect users' machines aren't rewarded for their efforts solely because we mistakenly decided to declare war on the miners by bricking their ASICs.  When you create a power vacuum, it will often be filled by people who aren't exactly noble in their motives. 
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
{...} even if specialized hardware doesn't make sense for a pure mining operation, it will always make sense for an entity trying to execute a double-spend. Such an entity isn't bound by the traditional mining payoff chart; provided they have the start-up capital, all they need to do is reverse some high-profile transactions (or extort "insurance payments" from those trying to transact) to make their money back. For them, only the fixed cost of the hardware - and not the marginal cost of electricity - matters, because they only need to mine when they have someone's kneecaps to break.

But for the sake of argument, let's say you figure it out. Let's say you actually come up with a proof of work scheme that can't benefit meaningfully from custom hardware.

In this situation, the attacker's optimal strategy just shifts from "build a huge fuck server farm" to "build a huge fuck botnet". {...}

What's your plan for mitigating such a strategy?

Overtaking a PoW network can't be accomplished by a temporary virus/bot infection, the owners will eventually figure out the attack and do a fresh bootstrap. In other words, a long range attack against the network using botnets isn't feasible. Current Ethereum network worth 70+ $billions,  and we have no evidence of such an attack while more than enough incentives exist.

The scenario you suggest, according to which the attacker can benefit from a short range attack for the sake of double spending on a specific transaction  is unlikely because typically, large volume transactions take place in a more cautious way by participants and the attacker has to rewrite more blocks with the same long range attack problems. It is worth mentioning that such attack attempts are always discouraged by the weapon disclosure risk. The attacker(s) should lie in  ambush for a multi-million dollars trade (with a foolhardy partner who will release the valuable assets after few confirmations)  worth the disclosure risk.

Plus, I have no idea of such a hypothetical botnet to be sophisticated enough to participate in a PoW protocol effectively.


member
Activity: 210
Merit: 26
High fees = low BTC price
How certain are we that CPUs and GPUs are immune to malicious code in the firmware?  Mining is always going to rely on hardware in some form and we'll have to trust someone to make that hardware.  Declaring war on ASICs doesn't absolve this.  At least monopoly can be somewhat negated.

Well said, "They" try to cover all bases and Intel chip firmware was exposed by a russian company, best blame Putin
like they always do.

Wow the Ministry of Bitcoin Propaganda (MBTCP) took seconds to deleted my last comment, must be using bot's now
or our I am keeping our nazi moderator awake.
legendary
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
Any real solution that makes a cryptocurrency's Sybil resistance closer to democratic (1 person ≈ 1 vote) rather than plutocratic ($1 ≈ 1 vote) is fine by me.

That said, I still have doubts that a good solution exists within traditional PoW.

(this paragraph edited after the fact; I reread and got a better idea of what you were talking about)
The first reason is that, even if specialized hardware doesn't make sense for a pure mining operation, it will always make sense for an entity trying to execute a double-spend. Such an entity isn't bound by the traditional mining payoff chart; provided they have the start-up capital, all they need to do is reverse some high-profile transactions (or extort "insurance payments" from those trying to transact) to make their money back. For them, only the fixed cost of the hardware - and not the marginal cost of electricity - matters, because they only need to mine when they have someone's kneecaps to break.

But for the sake of argument, let's say you figure it out. Let's say you actually come up with a proof of work scheme that can't benefit meaningfully from custom hardware.

In this situation, the attacker's optimal strategy just shifts from "build a huge fuck server farm" to "build a huge fuck botnet". This is something organized crime groups do today anyway, to great success and populations in the millions. How many Bitcoin full nodes are there today? Something like 10,000? They would be drowned out like a sprinkler in a hurricane. Even if you assume that most BTC users, in a world where they could mine, were to install their own full node, that's maybe 30 million users if you make optimistic assumptions - Bredolab could still have outvoted them, or credibly threatened to do so.

What's your plan for mitigating such a strategy?
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
The "ASIC resistant not ASIC proof" theory has one important implication that we should beware of: It question's Nakamoto's PoW innovation to be instrumental for securing decentralized, permissionless systems like bitcoin, Ethereum and alike. Actually proposing such a duality is not less than saying something like:

"The rise of proprietary, closed systems, under the control of corporates that outperform commodity cpu/gpu based computers and monopolize the network, is an inevitable destiny for any network that is secured by a consensus protocol, based on PoW algorithm, it is just a matter of incentive and how much the coin's market cap is and does it worth it?"


It is nothing less than  burying PoW

I don't think that's the case at all.  The existence of ASICs neither undermines the innovation of PoW, nor ensues its demise.  It merely encapsulates the most efficient means of performing the work currently.  Rather than trying to fight against the natural incentive to utilise the most efficient means, it's healthier to make ASICs more attainable for a wider number of both mining participants and hardware manufacturers to level each respective playing field.
Both historically and theoretically the sole purpose of Satoshi's PoW is perceivable as a practical solution to Byzantine Generals problem which any distributed permissionless decentralized system that is open to untrusted players (like bitcoin) should consider it as its canonical challenge.

Care should be taken that in the context of Byzantine Generals Problem, the participants are supposed to be human beings and not machines, because machines have no incentive to take part in any conspiracy, or remain loyal to an agenda. They are simply, tools and devices used by their owners.

PoW is not a protocol to solve machine's malicious behavior, mainly it is about the owner's.

For unfaithful owners reaching to critical majorities (50%+ and 2/3+) needed to break/takeover a well formed consensus protocol (like a blockchain) is much harder when their cardinality is higher and they are more divergent in terms of power, interests, geographical location etc.

If a PoW based system could not guarantee a minimum level of diversity between miners (human beings behind the miners not the machines) it should not be considered safe and needs immediate upgrades.

If it is a normal consequence of PoW and it is a matter of time for any PoW based system to become unsafe, then PoW should not be considered a solution for Byzantine Generals problem at all! Not a good news for Satoshi fans.

The threats involved in introduction of ASICs to a PoW based system are more than obvious:

1- Regarding its technological leverage, the manufacturer uses its advantage to mine far more efficiently it yields a situation in which the ordinary miners disappear gradually and the manufacturer becomes more powerful with almost an unlimited access to required resources for accelerating the process even more, reducing the cardinality and diversity of the participant to a dangerous level.

2- The very first company that manages to crack the algorithm and produce a specialized machine,  will save its position almost forever because of the gains. There will be no room left for competition and leveling the situation and delaying the disaster a bit to buy some time.

3- Such a system no longer could be classified as permissionless because practically you should get permission (buy the hardware) from the manufacturer to participate, i.e. you can not use your general purpose device to take part/leave  whenever you wish without undergoing significant cost.

In bitcoin we are already in the process of experiencing all the above mentioned challenges.

Of course Bitmain plays a sophisticated strategy that keeps everything in a fragile balance, but it is Bitmain's incentives that are summarized to  a determinant. This is not how decentralization is defined and understood.
Monopoly is not the only or even the biggest threat when it comes to ASICs.

Other facts like that manufacturers are always one or two step ahead of the community or they know the exact mission of the device they are building and selling and this gives them options to plant everything they wish in the firmware and ... are of critical importance, too.

How certain are we that CPUs and GPUs are immune to malicious code in the firmware?  Mining is always going to rely on hardware in some form and we'll have to trust someone to make that hardware.  Declaring war on ASICs doesn't absolve this.  At least monopoly can be somewhat negated.  We may as well focus on the things we can actually fix.
Although I'm a critic of all closed systems it is important to mention that there is a huge difference between CPU/GPU reliability problems and ASICs.

Once you go to the market and buy a general purpose AMD GPU for instance, neither AMD nor the shopkeeper have a clue about what you are going to do with their product. Mining Ethereum with that gpu is your decision. It is impractical for them (or very unlikely) to take ownership of your system to act maliciously in Ethash protocol. You choose to participate without their permission, you can leave and use the gpu to play game or render 3D images, whatever, you are free and safe, well almost.

Obviously purchasing and running a specialized device like a S9 is totally different and vulnerable to trojan attack schemas that can take ownership of the device and participate in the protocol maliciously, because they know exactly how you will use it, you are just following their instructions.
legendary
Activity: 3724
Merit: 3063
Leave no FUD unchallenged
The "ASIC resistant not ASIC proof" theory has one important implication that we should beware of: It question's Nakamoto's PoW innovation to be instrumental for securing decentralized, permissionless systems like bitcoin, Ethereum and alike. Actually proposing such a duality is not less than saying something like:

"The rise of proprietary, closed systems, under the control of corporates that outperform commodity cpu/gpu based computers and monopolize the network, is an inevitable destiny for any network that is secured by a consensus protocol, based on PoW algorithm, it is just a matter of incentive and how much the coin's market cap is and does it worth it?"


It is nothing less than  burying PoW

I don't think that's the case at all.  The existence of ASICs neither undermines the innovation of PoW, nor ensues its demise.  It merely encapsulates the most efficient means of performing the work currently.  Rather than trying to fight against the natural incentive to utilise the most efficient means, it's healthier to make ASICs more attainable for a wider number of both mining participants and hardware manufacturers to level each respective playing field.


Monopoly is not the only or even the biggest threat when it comes to ASICs.

Other facts like that manufacturers are always one or two step ahead of the community or they know the exact mission of the device they are building and selling and this gives them options to plant everything they wish in the firmware and ... are of critical importance, too.

How certain are we that CPUs and GPUs are immune to malicious code in the firmware?  Mining is always going to rely on hardware in some form and we'll have to trust someone to make that hardware.  Declaring war on ASICs doesn't absolve this.  At least monopoly can be somewhat negated.  We may as well focus on the things we can actually fix.
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
It was bitcoin community's fault from the first place not to recognize ASIC as a crack and not to take a proper action against it by upgrading to an ASIC resistant PoW, imo.

"ASIC resistant algorithm" is somewhat of a misnomer, since it's only "resistant" up to the point where someone designs a new ASIC for it.  Most altcoins who claim to be ASIC resistant can get away with making that claim, simply because their coin isn't valuable enough for anyone to bother designing a custom chip for it.  Resistance through obscurity, in effect.  The problem Bitcoin has is that it obviously is quite valuable, so the moment you change the algo, all the big manufacturers will start work an a new ASIC designed to work with that algo.  There's simply too great an incentive for it.  
The "ASIC resistant not ASIC proof" theory has one important implication that we should beware of: It question's Nakamoto's PoW innovation to be instrumental for securing decentralized, permissionless systems like bitcoin, Ethereum and alike. Actually proposing such a duality is not less than saying something like:

"The rise of proprietary, closed systems, under the control of corporates that outperform commodity cpu/gpu based computers and monopolize the network, is an inevitable destiny for any network that is secured by a consensus protocol, based on PoW algorithm, it is just a matter of incentive and how much the coin's market cap is and does it worth it?"


It is nothing less than  burying PoW, not a surprise that people like Vitalik Buterin and other PoS enthusiasts never get tired of repeating such claims and they are not alone, we have Jihan Wu and his paid journalism that escalate and propagate this theory just like a proven mathematical theorem.

If anybody is willing to do so, burying PoW, I'm no enthusiast, just asking for paperwork.

Although, It is on claimant to prove the claim, apparently with all these advertisements we have no choice to prove that such duality is ridiculous:
Once you have a good ASIC resistant algorithm (unlike bitcoin's SHA2) you have a 'practical' ASIC proof algorithm in hand. And the practical adjective here is not a weakening factor because this field, public blockchain is a practical context and every single technology or protocol discussed here yields a practical assumption.

Claiming that with enough incentive, resourceful attackers can crack every PoW algorithm by making an ASIC is just saying that PoW can not achieve a practical security et se, as long as it is PoW.
I'm here to show the falsehood of such a predict. But I think I have done half of the job by revealing the importance and destructive nature of such a claim.

I'm deliberately avoiding to criticize 'ASIC is not that bad' discourse for now, first things, first.

Quote
While I don't really keep up with Monero, I read that it somehow managed to split into 4 distinct chains because no one could agree on how their attempt at blocking ASICs should work.  We don't really want a repeat of that omnishambles in Bitcoin.

There is no split in monero and it doesn't make sense to call it split. Monero users are happy and their balances are safe, miners are happier and their profits are becoming interesting. Forks happen, I can fork bitcoin overnight and nobody gets hurt (other than myself, I suppose, because of wasting my resources).

It is all about the community and the devs to reach a consensus, the rest is a piece of cake (at least compared to reaching to a consensus).

Quote
My take is that we just need a wider variety of manufacturers involved.  Other hardware companies need to step up their game and challenge Bitmain's current stranglehold.  Bricking hardware would likely escalate tensions and could even provoke some pools or perhaps Bitmain themselves into some form of retaliation.  That might sound silly, but it's worth pointing out there's a tremendous amount of money involved and when people with lots of money see a threat to their financial future, offence is often seen as the best form of defence.  It may even have other potential consequences like needing to include emergency difficulty adjustments due to a sudden plummet in hashrate, which could potentially unbalance the release schedule of newly minted coins into circulation.  One of Bitcoin's primary strengths is its predictable supply, so not something we should jeopardise lightly.

Caution is strongly advised.

Monopoly is not the only or even the biggest threat when it comes to ASICs.

Other facts like that manufacturers are always one or two step ahead of the community or they know the exact mission of the device they are building and selling and this gives them options to plant everything they wish in the firmware and ... are of critical importance, too.
legendary
Activity: 3724
Merit: 3063
Leave no FUD unchallenged
It was bitcoin community's fault from the first place not to recognize ASIC as a crack and not to take a proper action against it by upgrading to an ASIC resistant PoW, imo.

"ASIC resistant algorithm" is somewhat of a misnomer, since it's only "resistant" up to the point where someone designs a new ASIC for it.  Most altcoins who claim to be ASIC resistant can get away with making that claim, simply because their coin isn't valuable enough for anyone to bother designing a custom chip for it.  Resistance through obscurity, in effect.  The problem Bitcoin has is that it obviously is quite valuable, so the moment you change the algo, all the big manufacturers will start work an a new ASIC designed to work with that algo.  There's simply too great an incentive for it.  

It doesn't matter what algorithm you pick, it's always going to be inherently less resistant to ASICs by mere virtue of the fact that it's Bitcoin and ASICs are what all the miners will naturally want to have, so there will always be an overwhelming demand for someone to manufacture one.  Sooner or later, it's inevitable we'll have ASICs once again.  It's only ever going to be a temporary reprieve and will likely involve a hardfork every time it needs changing again.  You might have noticed, but hardforks tend to be somewhat controversial round these parts.  

While I don't really keep up with Monero, I read that it somehow managed to split into 4 distinct chains because no one could agree on how their attempt at blocking ASICs should work.  We don't really want a repeat of that omnishambles in Bitcoin.

My take is that we just need a wider variety of manufacturers involved.  Other hardware companies need to step up their game and challenge Bitmain's current stranglehold.  Bricking hardware would likely escalate tensions and could even provoke some pools or perhaps Bitmain themselves into some form of retaliation.  That might sound silly, but it's worth pointing out there's a tremendous amount of money involved and when people with lots of money see a threat to their financial future, offence is often seen as the best form of defence.  It may even have other potential consequences like needing to include emergency difficulty adjustments due to a sudden plummet in hashrate, which could potentially unbalance the release schedule of newly minted coins into circulation.  One of Bitcoin's primary strengths is its predictable supply, so not something we should jeopardise lightly.

Caution is strongly advised.
legendary
Activity: 1456
Merit: 1174
Always remember the cause!
PoS proponents, optimistically embrace such junior programmer's tricks and try to convince us that they have not wasted their lives  on a subjective, impractical approach to decentralized systems and they can compete with 'light' versions of subjectivity (Vitalik words).

I agree with your criticism of Slasher and how it's presented to be the "breaking through" idea.
Thank you! It's just ridiculous, isn't it? covering the mess with tv style ads
Quote
Quote
There is no 'light subjectivity', imo, a subjective algorithm is poisoned as much as it is subjective.

"Weak subjectivity" is the term aimed to hide the fact the long-range attack is not solved in PoS. So that, if you selected "wrong nodes" joining the network, you are screwed then.

But won't you have the same set of problems in Bitcoin if: you download wrong client (broken or hacked), someone hacked Bitcoin's main site and patched the wallet, someone hacked DNS service and changed the list of bootstrap nodes? In other words, there is also some kind of subjectivity - not in consensus algorithm, but in other areas.

One can argue that PoS cryptocurrencies are also not immune to these things, but I think what stands them out is that they can deliver real decentralization, not like a PoW coin, mining of which is concentrated in hands on 9-10 organizations.

PoS eventually will lead to a very limited number of 'banks' taking deposits from users, using them as stakes ,  ... leading to ways worse scenarios than what PoW coins are experiencing with pools.
I agree that 'resource sharing' is a problem for both paradigms bot PoS suffers more and implies more threats because of so-called 'mitigation' proposals like Slasher and others which require long term deposit contracts that lead to less flexibility to switch between centres (in PoW you can simply point your miners to whichever pool of your choice).

Plus, running a pool service requires a much less investment compared to what a 'bank' needs, just like a traditional bank does.

As of hacked DNS service and alike, if pools have any bad thing to do with PoW, they are good in this respect and generally speaking a 'bootstrap poisoning' attack for a solo miner or any full node in PoW is very unlikely to succeed while PoS is inherently vulnerable to this attack in its core consensus algorithm, the only mitigation being programming tricks like Slasher that put the network in even more serious centralization dangers because of what I have reminded above.




Quote
Quote

Instead of wasting time and resources on a 'light version' of subjectivism (believe it? What an idiot  Grin ) wasn't it ways better to improve the protocol and produce complementary components to prevent the network from being congested by something like 'cryptokitties' ?

Right, but will Lightning Network and SegWit help to scale Bitcoin to the level that it is possible to run an app store, full of "cryptokitties", which is what mass adoption means?
Sidechains are more favorable solutions for me and sharding is the second while I have very little sympathy to Segwit and don't take lightning serious enough to list it as an ultimate solution.

I think scalability is a major problem and it needs step by step solutions and improvements to be tackled until the ultimate solution (which I believe is of a sidechain class) is operational. We are in no rush, right now.
member
Activity: 182
Merit: 17
¯\_(ツ)_/¯
PoS proponents, optimistically embrace such junior programmer's tricks and try to convince us that they have not wasted their lives  on a subjective, impractical approach to decentralized systems and they can compete with 'light' versions of subjectivity (Vitalik words).

I agree with your criticism of Slasher and how it's presented to be the "breaking through" idea.

Quote
There is no 'light subjectivity', imo, a subjective algorithm is poisoned as much as it is subjective.

"Weak subjectivity" is the term aimed to hide the fact the long-range attack is not solved in PoS. So that, if you selected "wrong nodes" joining the network, you are screwed then.

But won't you have the same set of problems in Bitcoin if: you download wrong client (broken or hacked), someone hacked Bitcoin's main site and patched the wallet, someone hacked DNS service and changed the list of bootstrap nodes? In other words, there is also some kind of subjectivity - not in consensus algorithm, but in other areas.

One can argue that PoS cryptocurrencies are also not immune to these things, but I think what stands them out is that they can deliver real decentralization, not like a PoW coin, mining of which is concentrated in hands on 9-10 organizations.

Quote
Instead of wasting time and resources on a 'light version' of subjectivism (believe it? What an idiot  Grin ) wasn't it ways better to improve the protocol and produce complementary components to prevent the network from being congested by something like 'cryptokitties' ?

Right, but will Lightning Network and SegWit help to scale Bitcoin to the level that it is possible to run an app store, full of "cryptokitties", which is what mass adoption means?

legendary
Activity: 1456
Merit: 1174
Always remember the cause!
POS
thumbs down

PoS is out of context, firstly because it is a naive and immature idea that is not and will not be approved under multi billion dollars incentivized attacks and secondly Ethereum is not a PoS based system and the (hypothetical) PoS based Ethereum, as I mentioned above, should be called Posethereum or something like that.

I doubt you have read my article at all, but thanks for sharing your idea anyway.

Interesting,

In the first part you say "PoS is out of context" because  "it is a naive and immature idea", but provide not support for this statement. Could you please explain why is it naive and immature, especially in the light that some of the multimillion dollars cryptocurrencies are running on it?

Secondly, you mention Posethereum and state as it is not Ethereum, then PoS won't work.

I often see there is no much love for PoS in some circles, genuinely interested why?


I'm not here to argue about PoS and I think it is off topic. They want go PoS let them go and why in the hell they haven't do this already? You know why? Because there is no straight and simple model, no mathematical proof for PoS to be a reliable approach to secure a distributed system and all its proponents  have to say is something like 'this or that kind of attack never happens in real world' ... the most worthless argument ever.

To understand what is wrong about PoS, one should understand the importance of Satoshi's PoW innovation. We had reputation based proposals for decentralized distributed systems, no one capable of solving the problem. It was before Satoshi Nakamoto and his brilliant PoW proposal.

PoS is a descendent of those naive reputation based proposals (your stakes are an index of your reputation) it shares the same 'subjectivity' property in its pure form. Once a participant is staking her coins, she is risking a subjective, virtual asset (her coins/reputation) it is nothing-at-stake, nothing objective. In practice it leads to the infamous nothing-at-stake attack for which Ethereum's idol, Vitalik Buterin has proposed a ridiculous algorithm called 'slasher' just like a undereducated technician who tries to file a patent for his invention of an ideal machine that violates the second law of thermodynamics  Grin

PoS proponents, optimistically embrace such junior programmer's tricks and try to convince us that they have not wasted their lives  on a subjective, impractical approach to decentralized systems and they can compete using 'light' versions of subjectivity (Vitalik words).

There is no 'light subjectivity', imo, a subjective algorithm is poisoned as much as it is subjective. Hybrids, fail because of their inherent weak genes, ultimately and in long term. If it was legitimate and feasible to produce money from air, central banks would be the most legitimate bodys for this job.

Instead, PoW is an objective solution to decentralization, one should consume 'real' resources (computing power, electricity, ...) and there is a cost for every single action in the network and a reward for the well formed protocol compliant behaviors. This is why PoW is rigid and a masterpiece, it is objective, btc, eth, ltc, ... are gaining their values not from a compromise between members of a community (it is not fiat money) but because they consume resources to generate them.

Slasher algorithm (Vitalik's masterpiece  Grin) or other proposed algorithms for nothing-at-stake attack in PoS based systems, can do nothing about this weakness, specifically, I'm telling you, a childish punishment algorithm (for preventing stakeholders from playing in multiple forks)  has nothing to do with the fact that these 'stakes' are nothing, have come from nowhere with no cost.

Current criticism around PoW is worthless, imo. Satoshi's legacy is far more important to be criticized that trivially.

Talking about environmental issues is irrelevant in the first place. It is an industry, you love planet? Go find me some clean and price effective electricity to consume, as a miner, I consume energy to produce a valuable asset that can be used for resisting corrupted banking and financial systems, the most important use case in modern history!

Accusing PoW to be vulnerable to ASIC and its hardware centralization consequences is not acceptable too. I'll do this fork and show the way, the accuser has the same obligation or has to follow me (take the lead or just follow). ASIC vulnerability is not an inherent property, despite some claims, an ASIC proof algorithm is achievable (one may call his general purpose processor ASIC, but it is not).

Naggers, like Vitalik who constantly complain about scalability and performance, are the worst people ever. There are a handful of approaches (sharding, off-chain solutions, ... ) ready to be implemented, if bitcoiners fail to converge and has a governance crisis to overcome, Ethereum community has this idiot idol in charge, hasn't it? Instead of wasting time and resources on a 'light version' of subjectivism (believe it? What an idiot  Grin ) wasn't it ways better to improve the protocol and produce complementary components to prevent the network from being congested by something like 'cryptokitties' ?

Pages:
Jump to: