Author

Topic: What are the best alternatives to SHA256 ? (Read 3530 times)

member
Activity: 89
Merit: 10


What I meant was to replace the amount of leading zero's "work" with a prime problem instead, but keep the hashing chain. Or have it's own signature hash and piggyback this onto the existing chain.

I have to admit my understanding of how bitcoin works isn't 100% solid.
I would not be surprised if this would not work and unravel in some way, but hopefully somebody could come up with way to do it right  Smiley
legendary
Activity: 1526
Merit: 1134
You need something that allows chaining. The reason SHA is used isn't anything to do with the types of hardware that can do it. It's because the hash of the previous block can be embedded in the next, forming a chain that cannot be altered without requiring the whole chain to be redone.

If you just search for a prime number, anyone can rewrite the chain and reverse transactions by altering the contents of an old block and rebroadcasting all the rest with modified prevBlockHash fields.

member
Activity: 89
Merit: 10

What I meant was Additional security, not optional.
Think of it as another way to verify the transactions/block/chain on top of the existing one. (using different proof-of-work)


So far it seems prime number search is the best for general CPU's people have at home.
From the benchmarks I've found the Core i7 is actually beating GPU's easily.

Folding proteins etc would also be okay. At present GPU's have about 10x advantage on CPU's.
This is way better than the approx 300x advantage they have with SHA256.

Suggestion, Proof-of-not-a-prime:
difficulty could be set by the size/length of the factor found to be part of the test number.
Feasible?  Undecided




member
Activity: 98
Merit: 20
Alternating is a good idea.
Or perhaps one could find a system where different types of work can exist side by side.
Nodes could be free to choose if they wanted the added security or not.
Security is not an option.

One of the big difficulties with different types of work is the added complexity it introduces. Complexity is the enemy of security. The primary goal for Bitcoin must be security, otherwise the entire system can collapse.
member
Activity: 89
Merit: 10
Having big concentrations of specialized hardware makes it much harder to attack using large botnets.

So that's the problem with a proof-of-work suitable for PCs.

The problem is government agencies who can afford to make a custom ASIC and then fill a whole building with them.

And this is the problem with the current proof-of-work suitable for ASICs (and GPUs).

The solution is to alternate between the two and maintain two independent difficulty targets, one for even blocks (PCs) and one for odd blocks (GPUs). Anyone wanting to take over the network would have to be able to generate both types of work.

Even better would be having an altruistically useful proof of work like protein folding or finding Mersenne primes so we could even have people supporting bitcoin incidentally, even though their primary motivation was folding proteins or finding large primes.

A useful proof-of-work would have to have the properties enumerated in the following post
https://bitcointalksearch.org/topic/m.3669

ByteCoin

Wow, nice! thank you Smiley

Alternating is a good idea.
Or perhaps one could find a system where different types of work can exist side by side.
Nodes could be free to choose if they wanted the added security or not.


legendary
Activity: 1526
Merit: 1134
Well, actually I'd say ASICs are better if you're afraid of government takeover too.

It's much harder for an intelligence agency to acquire and install large quantities of specialized hardware without being noticed, whereas the x86 CPU market is so large that buying up a few hundred thousand CPU cores can be done without really being noticed. Especially if you are not in a hurry.

Changing the proof of work is tricky. ByteCoins list is a good start, but I think there are some aspects of BitCoin that require altering the block contents to invalidate the proof of work. I haven't thought about it much but it feels like separating the proofs of work from the block contents would lead to problems.
sr. member
Activity: 416
Merit: 277
Having big concentrations of specialized hardware makes it much harder to attack using large botnets.

So that's the problem with a proof-of-work suitable for PCs.

The problem is government agencies who can afford to make a custom ASIC and then fill a whole building with them.

And this is the problem with the current proof-of-work suitable for ASICs (and GPUs).

The solution is to alternate between the two and maintain two independent difficulty targets, one for even blocks (PCs) and one for odd blocks (GPUs). Anyone wanting to take over the network would have to be able to generate both types of work.

Even better would be having an altruistically useful proof of work like protein folding or finding Mersenne primes so we could even have people supporting bitcoin incidentally, even though their primary motivation was folding proteins or finding large primes.

A useful proof-of-work would have to have the properties enumerated in the following post
https://bitcointalksearch.org/topic/m.3669

ByteCoin
member
Activity: 89
Merit: 10

I see your point and right now SHA256 might be ideal.

The problem is government agencies who can afford to make a custom ASIC and then fill a whole building with them.

Some people on this forum predict a drastic decline in miners/hash nodes when their income only comes from fees, but this may or may not happen.

If all nodes including clients help out with CPU power to secure the network, then all treats would decline as the number of users grows.

I'm asking if somebody has alternatives making the security by "user/client CPU donations" more feasible.


legendary
Activity: 1526
Merit: 1134
Why would you want to do that?

Having big concentrations of specialized hardware makes it much harder to attack using large botnets. The BitCoin network is not very large today but would already need around 250,000 CPUs to attack. Imagine if there needed to be 250,000 distinct miners to achieve that strength instead of relying on particular types of graphics cards. It'd take years to build up that many.

Having smaller numbers of larger scale, more professional miners has other advantages too - like they upgrade their software to keep up with changes in the network, new script types and so on. The recent sendmany changes show a good example of that - just a few people with a good understanding of mining had to upgrade for the new functionality to become available.


member
Activity: 89
Merit: 10

Yes they will always be faster but it's a question of closing the gap.

Example:
Memory ram/flash is "expensive" on die and external memory has bandwidth/latency limitations.
With very large s-boxes/tables you could make general cpu's with few cores much more competitive.


You could also add additional processing stage of the block data before hashing.

Example:
http://en.wikipedia.org/wiki/Context-adaptive_binary_arithmetic_coding   ->  "It is also difficult to parallelize and vectorize"
newbie
Activity: 29
Merit: 0
I'd love to see http://en.wikipedia.org/wiki/BLAKE_(hash_function) used instead of SHA256.
I don't think a more complex algorithm could favor general CPU's, custom ASIC's will always be faster.
member
Activity: 89
Merit: 10

I'm wondering if there are hashing algorithms out there which would favor CPU's with general computing power  (intel, amd ,arm)
Motivation here is for normal peoples computers to be more competitive against custom hardware like GPU's, FPGA's , ASIC's
This could make the donation of CPU power from regular clients a much more effective way to help secure the network.

A while back I vaguely remember reading something about algorithms which was not easy to make into small blocks of logic and then massively copy them on a chip. 

Does such hashing algorithms exist?
If not could  and additional layer be added to facilitate this goal?  (arithmetic coding?)




Jump to: