ASICBOOST is an exploit per definition of the word exploit in CS. If you claim otherwise, you are either deluded or you're being paid to spread false information. Maybe reddit posts are above your education level: https://www.reddit.com/r/Bitcoin/comments/667js8/asicboost_isnt_an_efficiency_gain
But then you can say the same about the standard algorithm that re-uses the first compression result of the first 64 bytes of the header, to ONLY calculate the compression of the second block when it loops over the nonce (the (padded to 64 bytes) 16 remaining bytes, containing the nonce). Why is the re-use of the first compression of this block not an "exploit ; not an efficiency-gain" in the usual algorithm, but is inverting both, that is, keeping the data of the second block constant (and hence re-use the key schedule, as is standard done when, for instance, encrypting a big file with AES-256), considered "an exploit" ?
If you are "honest", aren't you supposed to calculate the ENTIRE HASH of the block header if you change the nonce, and not just the "second part of it, re-using the first piece of calculation" ? If the re-use of the compression of the first 64 bytes is not an exploit, why is the re-use of the key schedule of the second part then an exploit ?
From what moment onward is re-using the results of an identical calculation, instead of doing it over like an idiot, "an exploit" ?
BTW, as I said elsewhere, this asic boost optimisation is so trivial, and is standard done in most symmetric crypto, that I have a hard time believing that this can successfully be patented and that the patent will hold up in court.
BTW, the idiot that wrote the post on reddit doesn't understand even the level of security provided by PoW. The level of security provided is not the effort that the "good guy" put into it, but the effort that the "bad guy" NEEDS to spend in order to overcome it. As such, given that the asic boost optimisation is now public knowledge, that has AUTOMATICALLY dimished the security of the PoW (of all hashcash style PoW everywhere), because an attacker now needs to spend less effort to overcome the security. As such, NOT USING this gain by the "good guys" (the miners) would be utterly stupid, because it gives a disadvantage to the "good guys" over an improved attack efficiency for the adversary !
This is like thinking that if you do an elliptic curve signature with more effort, the signature is more secure than if you did it with a smarter calculation. No, the security level is given by the effort needed by the *smartest adversary*, not by the effort you put in YOURSELF. Duh.
The security level of a 256 bit ECC signature is 128 bits. Not because YOU use 128 bits or so (you use 256) ; but because the best method publicly known (Pollard's rho attack) can crack it in 2^128 trials and doesn't need to run over 2^256 trials.
As such, the calculation effort needed to prove work has diminished when the Asic boost principle was published in 2016, and as such, lowered all security of all PoW to which this calculation improvement could be applied.
And the standard calculation, of only compressing the first 64 bytes once, and only compressing the second part that changes, already diminished the PoW security. The invention of ASICS SERIOUSLY diminished the PoW security (because their availability improved the possibilities of an attacker with a given budget to overcome it as compared to when there weren't those ASICS around).
ANY publicly (or privately !) known technique that can render more efficient an attack on a given PoW level, diminishes PoW security in a proportional amount.
(this is BTW, why PoW is a completely ridiculous cryptographic security mechanism).
