Pages:
Author

Topic: Specialized hardware and the "nuclear option" for >50% attacks - page 2. (Read 2212 times)

legendary
Activity: 2324
Merit: 1125
If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.
hero member
Activity: 714
Merit: 500
Martijn Meijering
If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.
legendary
Activity: 2324
Merit: 1125
The don't need to be radically superior. Just superior will do fine Smiley

Slightly superior isn't a problem because many more computers are in private than in public hands. It might be good enough if ASICs weren't radically superior than GPUs, but it's better to be safe than sorry.

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.
hero member
Activity: 714
Merit: 500
Martijn Meijering
The don't need to be radically superior. Just superior will do fine Smiley

Slightly superior isn't a problem because many more computers are in private than in public hands. It might be good enough if ASICs weren't radically superior than GPUs, but it's better to be safe than sorry.
legendary
Activity: 2324
Merit: 1125
No, he is not. There are algorithms that were specifically designed not to be radically faster on dedicated hardware.

The don't need to be radically superior. Just superior will do fine Smiley

As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization.
hero member
Activity: 714
Merit: 500
Martijn Meijering
No, he is not. There are algorithms that were specifically designed not to be radically faster on dedicated hardware.
legendary
Activity: 2324
Merit: 1125
I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

Here's one of Dan Kaminsky's comments on his article:
Quote
ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.
He seems to think it's possible, and I'm just deferring my judgement on this to him.

ASIC means Application-Specific Integrated Circuit while a CPU in this context is a general purpose processing unit. An integrated circuit designed for one purpose alone can always be made cheaper/more energy efficient than an equivalent integrated circuit that can do more. For one, a chip which only needs to be able to perform scrypt needs a much smaller instruction set.

In other words: If that is indeed a quote from Kaminsky and you didn't take it completely out of context, he is wrong.
legendary
Activity: 2506
Merit: 1010
a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses",

Meh.

When nearly all mining was GPUs, most of that was for people who buying GPUs specifically for dedicated mining rigs.    So even though it was off the shelf hardware, it still was an up-front investment in hardware.

The thing about ASICs is that there is little gain as you scale up.   A 5.5 Ghash/s Jalapeno is about 1/10th the price of a 60 Ghashs/s ASIC.    This means there's not much of an economy of scale as you move up to larger and more powerful hardware.  

The bigger reasons that will determine who mines and who doesn't will have to do with access to capital, but eventually, those with access to cheap electricity.  Currently that electricity consumption is a non-issue because ASIC mining profitability is so high yet (revenue relative to cost of electricity) that it will be another year or so before differences in the cost of electricity will resume to being a factor as to where you would host your rigs.)
sr. member
Activity: 461
Merit: 251
I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

Here's one of Dan Kaminsky's comments on his article:
Quote
ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.
He seems to think it's possible, and I'm just deferring my judgement on this to him.
legendary
Activity: 2324
Merit: 1125
I don't believe your premise is true.
Which one?

Mining algorithms can be designed such that specialized hardware offers relatively less advantage over generalized hardware. 

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).
hero member
Activity: 714
Merit: 500
Martijn Meijering
I believe his premise is true, but I'm worried about governments monopolising use of cryptocurrency ASICs by banning their private use and by buying large numbers themselves. I don't think it is possible to run a black ASIC production facility.
sr. member
Activity: 461
Merit: 251
legendary
Activity: 2324
Merit: 1125
I don't believe your premise is true.
sr. member
Activity: 461
Merit: 251
Any option chosen will have specialized HW created if successful.
Mining algorithms can be designed such that specialized hardware offers relatively less advantage over generalized hardware.  My argument is that "ASIC-resistant" mining algorithms should be avoided.
legendary
Activity: 2324
Merit: 1125
Any option chosen will have specialized HW created if successful.
sr. member
Activity: 461
Merit: 251
I recently heard Dan Kaminsky mention in his recent article: http://www.wired.com/opinion/2013/05/lets-cut-through-the-bitcoin-hype/ that a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses", as it wouldn't require specialized hardware to participate, and thus mining would be that much more decentralized.  I doubt this is much of an advantage though, as most people would have to buy high end general purpose hardware specifically to mine anyway in order to remain competitive and profitable, and the barrier to entry for running specialized hardware (ASICs) will soon be just as low.

Furthermore, having a mining algorithm require specialized hardware appears to be a great strength.  E.g. suppose an attacker amasses >50% of total hashing power.  Then the network could (as a last resort) swap out the mining algorithm, and render all of his equipment useless for attacking the new system and for resale. With general purpose equipment, he could keep attacking the new mining algorithm, or resell his equipment to recoup some of his costs.  While the honest miners would lose all of their investment (this should be considered an inherent risk of being in the mining business), they still collectively lose less than the attacker.  As long as there remains sufficient profit motive to mine - i.e. BTC remains valuable - then ASICs for the new algorithm should be quickly forthcoming to the market while CPUs/GPUs pick up the slack, and any attacker wishing to continue this attack will quickly go bankrupt as he's up against the capital stock of the whole world.

The damage the attacker does - e.g. the drop in BTC value - can be mitigated if such a response is understood by all to always be potentially necessary, and perfectly within the realm of manageability (it seems to me to be, unless I'm missing something).  "Fire drills" might even be done in advance, which would undoubtedly inspire confidence.

tldr; If the mining network relies on specialized rather than generalized hardware, then there is a "nuclear option" available to deal with and deter >50% attacks.
Pages:
Jump to: