Pages:
Author

Topic: Why does Bitcoin keep using SHA256 in its POW? (Read 888 times)

member
Activity: 168
Merit: 47
8426 2618 9F5F C7BF 22BD E814 763A 57A1 AA19 E681
ASIC chip to pow have to be cheap and easy to be produced, so more manufacturer can join the business at a relative low cost.
How many competitors we have producing GPU/CPU chips? thats centralization, also general purposed hardware can be resold, lowering attack costs. Datacenters miners will allways be cheaper than home miners and nothing can stop them to centralize.

Also coins mineable with GPU/CPU are often mined using maleware botnets, or stealing your workplace money so your network will be secured by evil, and thats not good. In any case honest home mining will be unprofitable y a waste of time.

Actual sha256 is great because it is very simple to produce asics to solve them.

Last days, I was thinking about how an emergency pow change can be done if something go wrong with actual double sha256 algo.

A pow change will definetly hit hard all mining industry, and I hope it will almost surely harm virtuos mininers harder than evil miners, so in the end evil will be prizewinner.

Thats a very hard problem to solve.
 think the only way to reduce damage can be, to change pow a little but not so much, so virtuos(but also evil) manufacturer can switch production easly.
In example, actual mining algo use double sha256, a solution to reduce manufacturer damage and to allow miners to get their mining hardware manufactured fast, and come back securing the blockchain ASAP, can be triple sha256.
this will make all previous hardware to be kicked out from the network, and will allow a fast substitution with new hardware.

but, this is a very ugly emergency solution it should not be used as some sort of antitrust to kill bitmain, as bitmain will come back stronger than ever. If you don't like bitmain you can support others manufacturer buying their hardware.
It is only an example, I don't think bitmain is evil, I think they are strong hard invested bitcoin believers. Some their actions can look evil, but they are only testing and provocating to make bitcoin stronger! Afterall bitcoin is an experiment !!!!
legendary
Activity: 1610
Merit: 1183
Electricity consumption is an hard matter
Access to ASICs is restricted and not for the mass of peopl.
If we want to have real consumers to produce coins with their GPUs and CPUs, the road is not this one.

ASICs producer produce devices for their pockets, not convenient at all to  the general public.

Cheap electricity leads to geographical areas that have big probles of "regulations" and i do not know how serious they are.
The market and the goal of the white paper is too huge to leave it to under developed geographical regions of the world just for economic convenience.

Another problem is the centralization of power in the hands of few companies. Many companies from various nations, mining in China or Syberia is not a real problem. The core problem is a single company mining all over the world.

Implementation of new ideas is highly recommended.
I see equihash algo is generating new coins that are mineable from home GPUs and CPUs, creating real communities of real people.



The problem is, if it can be mined with GPU's, it will sooner or later end up in specialized hardware for the task, no matter what algorithm you use, at the end of the day, it's just chips in a GPU, and they can be built upon an specialized machine that will be more efficient. GPU's are using resources for things unrelated to mining, so that power can be allocated to 100% mining in hardware.

Needless to say corporations could in any case stake massive amounts of GPU's rendering the average personal computer miner out of the game again.
jr. member
Activity: 203
Merit: 3
Electricity consumption is an hard matter
Access to ASICs is restricted and not for the mass of peopl.
If we want to have real consumers to produce coins with their GPUs and CPUs, the road is not this one.

ASICs producer produce devices for their pockets, not convenient at all to  the general public.

Cheap electricity leads to geographical areas that have big probles of "regulations" and i do not know how serious they are.
The market and the goal of the white paper is too huge to leave it to under developed geographical regions of the world just for economic convenience.

Another problem is the centralization of power in the hands of few companies. Many companies from various nations, mining in China or Syberia is not a real problem. The core problem is a single company mining all over the world.

Implementation of new ideas is highly recommended.
I see equihash algo is generating new coins that are mineable from home GPUs and CPUs, creating real communities of real people.

legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Wouldn't it be good for the stability of Bitcoin's network to have numerous small miners scattered throughout the world rather than a couple of big miners centralized in those parts of the world where electricity is cheap? Wasn't that the original idea back then in 2009? I believe so. But I also get the reality of this mining business and I know that what I'm asking is probably unrealistic. People with big money will always find a way to game the system.

I am emphasizing the above sentence "couple of big miners centralized in those parts of the world where electricity is cheap?"

I want to ask you this: if some parts of the world have cheap electricity, do you think big miners will not arise there if the best hash implementations are runnable only on wetware brains, CPU, GPUs, or FPGAs, but NOT ASICs?

The issue is not ASICs, but about cheap electricity.

Interesting argument, but the issue still lies with ASICs, in that the access to ASICs is rather restricted -- as opposed to consumer hardware such as GPUs and CPUs -- while ASICs producer also stand to gain money by simpling producing ASICs for themselves rather than the general public.

Cheap electricity leads to geographical hotspots, but the core of the problem is the centralization of power in a handful of companies, rather than territories. A multitude of companies from various nations all mining in China is less of a problem than a single company mining all over the world. Not that the first option would be optimal, mind you.
newbie
Activity: 9
Merit: 19
Quote
The obvious advantage of switching to ASIC resistant algorithms would be promoting decentralization as more people would be able to enter the mining process with "normal" hardware.
Again, what is the real sense of your meaning of decentralization? If you are talking about [more or less] fair coin distribution - just use (a kind of) random distribution. Otherwise, if there is any feasible way to increase one's part of [coin-]cake - one will always do so.
Wouldn't it be good for the stability of Bitcoin's network to have numerous small miners scattered throughout the world rather than a couple of big miners centralized in those parts of the world where electricity is cheap? Wasn't that the original idea back then in 2009? I believe so. But I also get the reality of this mining business and I know that what I'm asking is probably unrealistic. People with big money will always find a way to game the system.

I am emphasizing the above sentence "couple of big miners centralized in those parts of the world where electricity is cheap?"

I want to ask you this: if some parts of the world have cheap electricity, do you think big miners will not arise there if the best hash implementations are runnable only on wetware brains, CPU, GPUs, or FPGAs, but NOT ASICs?

The issue is not ASICs, but about cheap electricity.
legendary
Activity: 1372
Merit: 1252
Another aspect to consider is the likely effect it would have on difficulty.  Along with the new algorithm, it would almost certainly involve having to implement emergency difficulty adjustments to the code so that blocks don't come to a temporary standstill when the hashrate suddenly plummets.  Also, since Bitcoin uses the total cumulative proof of work as part of its consensus mechanism, we should keep in mind the possibility it would make future contentious hardforks easier to pull off.  

Bitcoin currently attracts both the largest accumulated proof of work and the largest economic majority.  All the myriad forks we've witnessed so far haven't been able to keep pace with the proof of work Bitcoin has accumulated, but that wouldn't be the case if those who disagreed with the new algorithm continued to support using ASICs.  The new algo would almost inevitably be the minority chain in terms of hashpower, so supporters of the new algo would have to fall back on purely the "economic majority" argument and would also have to be pretty damn sure they'd win that argument.  Quite the gamble.



CPU mining might suffer from the same problems, and on top of that the network will be at the risk of attacks from botnets

And just to stress that point a little more...  Not exactly something we'd want to encourage in Bitcoin.

Yep, it would be similar to how when BCash forked they had to do some nasty trick with the estimated difficult arguments involving a series of forks... not cool for Bitcoin. An altcoin can pull that circus off but Bitcoin is too serious to go along with that.

Also the BCash side will for sure try to profit from the chaotic period to pump and probably deploy a spam attack while things are attempting to get solved).

Simply put, it's too late for Bitcoin to change PoW. We will need to see some kind of disaster that incentives global consensus to change it, and even then it will create conspiracy theories around the fact and there may not be global consensus even there.
legendary
Activity: 3948
Merit: 3191
Leave no FUD unchallenged
Another aspect to consider is the likely effect it would have on difficulty.  Along with the new algorithm, it would almost certainly involve having to implement emergency difficulty adjustments to the code so that blocks don't come to a temporary standstill when the hashrate suddenly plummets.  Also, since Bitcoin uses the total cumulative proof of work as part of its consensus mechanism, we should keep in mind the possibility it would make future contentious hardforks easier to pull off.  

Bitcoin currently attracts both the largest accumulated proof of work and the largest economic majority.  All the myriad forks we've witnessed so far haven't been able to keep pace with the proof of work Bitcoin has accumulated, but that wouldn't be the case if those who disagreed with the new algorithm continued to support using ASICs.  The new algo would almost inevitably be the minority chain in terms of hashpower, so supporters of the new algo would have to fall back on purely the "economic majority" argument and would also have to be pretty damn sure they'd win that argument.  Quite the gamble.



CPU mining might suffer from the same problems, and on top of that the network will be at the risk of attacks from botnets

And just to stress that point a little more...  Not exactly something we'd want to encourage in Bitcoin.
legendary
Activity: 1372
Merit: 1252
ASIC resistance is a temporary thing, so far many algorithms that were claimed to be ASIC-resistant have lost this status - scrypt, X11 and now ethash ASICs were recently announced by Bitmain. If Bitcoin would do an emergency fork today to some existing algorithm, it would probably take around a year or less until new ASICs arrive, since there's very strong motivation to develop them.

And even with new algo the mining might still be centralized, because if it would be very profitable, miners would buy GPU's in bulk while hobbyists won't be able to make small home farms, because retailers would enforce 1 GPU per buyer like they do now in many places. CPU mining might suffer from the same problems, and on top of that the network will be at the risk of attacks from botnets - imagine Microsoft or NSA sneaking mining malware into Windows update to attack Bitcoin's network with CPU hashpower of millions of users.

So, in conclusion, it's a very complex subject that needs to be discussed and tested for long time before making any moves. There's no immediate need to change algo today, we have plenty of time.

It only takes money at stake in order for specialized hardware to profiler and be developed to it's maximum extreme at any given point in time. So if they change the PoW and there's a ton of money to be made, there will be a new ASIC's race to get first in line for the next PoW algorithm... it's pointless and kicking-can-down-the-road approach.

As some have said, maybe, and just maybe... a random algorithm change could stop this, or at least would put the advantage in different places. Or maybe not, maybe a single entity develops the best ASIC possibles for all possible algos and the monopoly continues.

I don't see how this can be solved other than competition, and so far competition is failing to dethrone the Bitmain empire, we'll see how it goes in the future.

As of right now, forget about any PoW changes... unrealistic, will only lead to BTC and BTC-newAlgo, so that's another altcoin for you, kind of like Bitcoin Gold and so on.
legendary
Activity: 3948
Merit: 3191
Leave no FUD unchallenged
They should submit another hard fork...
In my opinion, changing the sha256 into something "better" like a sha3 or cryptonight, you could only stop with asics.

The asic is created to do something specific.

On the contrary, the current CPUs and GPUs was made to run and work on different things at same time, losing part of the efficiency.
If you want to continue with the proof of work, you will not stop with the creation of the asics, you can only slow down or make more expensive the production of asics, but this will be only a temporarily solution.
I am observing the hard fork of monero about it.

Which is your opinion?

There is no "they" who possess the sole responsibility for announcing hardforks.  It sounds as though you're asking for someone in a position of authority to launch a fork, but we don't have those here.  We've seen BTG fork away with their desire for ASIC resistance, but for the most part, it seems to be a non-event that most people don't care about.  If people did care and it proved to be popular and started to attract lots of hashpower, manufacturers would then start the process of designing an ASIC for the new algo and the initial resistance would be short-lived.

As such, we should probably stop calling it "ASIC resistance", since it's more a case of "ASIC stalling". 

And, as others have alluded to, the more fruitful alternative is to lower the entry barriers and make ASICs more attainable, not less.  Allow time for a greater number of manufacturers to emerge, the competition will generally drive down costs, creating an environment where more people can buy the hardware and mining will become less centralised.

Conversely, if you keep moving the goalposts and changing the algorithm, only a small number of manufacturers will risk developing hardware that might eventually get bricked, which means the small number who do make the breakthrough to create an ASIC will naturally have a monopoly and only the wealthiest participants will be able to afford the hardware.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
IMO, ASICs are fine. With CPU and GPU only coins, the possibility of botnets would still be there. One CPU one vote has never been a reality.

I also think that for the most part the upsides of ASICs outweigh their downsides. ASICs themselves are not problematic, it's when there's too little competition in the mining market that things could get ugly.

Given the recent uptick of Bitcoin's valuation I think it's likely that we'll see new players entering the mining business over the next couple of years though -- keeping the market fresh and flowing.


The question that comes in my mind is not regarded to ASIC resistance, but to the security of the hash function over time. What will happen with the current SHA256 implementation when SHA256 gets depricated and declared unsafe?

Depends on what kind of flaw is found. Keep in mind that the use case of a PoW scheme is different from the use case of eg. hashing your users' passwords.

Best case it's the kind of flaw that makes SHA256 faster to calculate, in which case we'll simply see a new generation of miners.

Worst case Bitcoin needs to hardfork to a new PoW scheme. This would come with a lot of drama on which algo to choose, possibly leading to a multitude of competing PoW hardforks, but sooner or later one blockchain would emerge as the canonical Bitcoin blockchain. Even then we might see the original, SHA256 Bitcoin, continuing its existence although at likely a much lower market rate, corresponding to the severity of the found flaw.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Why is ASIC mining that bad if it is more energy efficient than CPU/GPU mining? The strength of this network is also in the amount of the hashing power that we have, compared to other networks and Alt coins.

Also, if we changed to some other ASIC resistance technology, the ASIC manufacturers will just develop something new to circumvent these restrictions. We should welcome technological advancements, but it should not be centralized or dominated by one nation or company. Let these companies compete in a free market for the best technology to improve mining of Crypto currencies.

jr. member
Activity: 168
Merit: 3
#Please, read:Daniel Ellsberg,-The Doomsday *wk
"Why does Bitcoin keep using SHA256 in its POW?"

The better question to ask would be why do we need POW and how did we ever manage to live without it
before double agent SM from Japan turned up and send Intel chip share prices upwards.

Proof of anything is about establishing trust between nodes but they are always careful to rabbit on
about bitcoin being a "trustless" network but the development team and the miners allowing Tx fees to hit
$55 per transaction has ensured just that, it's now "trustless" but not in the way they wanted it to be.

SHA256 is an odd one to pick if you just want to waste CPU power because even on a Intel I7 CPU it's
runs lightning fast when I bench marked the performance and is not having to spend a fortune on hardware
not a form of POS given the costs or should we not ask questions like that here because it upsets the
resident party faithful and invites attacks.


Wastage of computing cycles is indeed a terrible thing ...  

Quote
PoWs are wasteful of real resources and energy and, in the massive use case of Bitcoin, have even been called an ”environmental disaster” [And13]

source:
Proofs of Useful Work
https://eprint.iacr.org/2017/203.pdf

In the other hand I do hypothesise that build a SHA-256 miner is much simpler than build a machine to mine Keccak ...for instance ... in theory it could help spread bitcoin mining in order to avoid centralisation (word etymology from French centralisation, or centralise +‎ -ation.)
copper member
Activity: 1024
Merit: 513
txbit.io - cryptocurrency exchange
The question that comes in my mind is not regarded to ASIC resistance, but to the security of the hash function over time. What will happen with the current SHA256 implementation when SHA256 gets depricated and declared unsafe?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
In the contrary, the current CPUs and GPUs was made to run and work on different things at same time, losing part of the efficiency.
If you want to continue with the proof of work, you will not stop with the creation of the asics, you can only slow down or make more expensive the production of asics, but this will be only a temporarily solution.
I am observing the hard fork of monero about it.

Which is your opinion?
Indeed. Most algorithms that were once touted as "ASIC-resistant" are not as resistant anymore. The development of ASICs would be viable for a coin that is so valuable. What most coins has done is to have an adjustable variable to adjust and render ASICs useless. They can be expensive to develop and they can't be used for a long time.

IMO, ASICs are fine. With CPU and GPU only coins, the possibility of botnets would still be there. One CPU one vote has never been a reality.
jr. member
Activity: 203
Merit: 3
They should submit another hard fork...
In my opinion, changing the sha256 into something "better" like a sha3 or cryptonight, you could only stop with asics.

The asic is created to do something specific.

On the contrary, the current CPUs and GPUs was made to run and work on different things at same time, losing part of the efficiency.
If you want to continue with the proof of work, you will not stop with the creation of the asics, you can only slow down or make more expensive the production of asics, but this will be only a temporarily solution.
I am observing the hard fork of monero about it.

Which is your opinion?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Proof of anything is about establishing trust between nodes but they are always careful to rabbit on about bitcoin being a "trustless" network but the development team and the miners allowing Tx fees to hit $55 per transaction has ensured just that, it's now "trustless" but not in the way they wanted it to be.
If anything, the fee is not indicative of how the developers or miners have been doing. Its a free market and they are free to decide how much to pay based on the transaction volume. Does the node trust anyone? That should be the main point of trustless.
SHA256 is an odd one to pick if you just want to waste CPU power because even on a Intel I7 CPU it's runs lightning fast when I bench marked the performance and is not having to spend a fortune on hardware not a form of POS given the costs or should we not ask questions like that here because it upsets the resident party faithful and invites attacks.
Mining is not all about how fast your speed is. The speed is more about how fast it is, relative to your competitiveness. Bitcoin could go with a slower algorithm and still function. SHA256 was the newest standard for the SHA family in 2009. POS is whoever has the most coins win while POW is whoever is willing to invest and sacrifice their money for reward the most wins. With POS you don't have to incur any costs other than purchasing the coins and you won't lose any either.
member
Activity: 210
Merit: 26
High fees = low BTC price
"Why does Bitcoin keep using SHA256 in its POW?"

The better question to ask would be why do we need POW and how did we ever manage to live without it
before double agent SM from Japan turned up and send Intel chip share prices upwards.

Proof of anything is about establishing trust between nodes but they are always careful to rabbit on
about bitcoin being a "trustless" network but the development team and the miners allowing Tx fees to hit
$55 per transaction has ensured just that, it's now "trustless" but not in the way they wanted it to be.

SHA256 is an odd one to pick if you just want to waste CPU power because even on a Intel I7 CPU it's
runs lightning fast when I bench marked the performance and is not having to spend a fortune on hardware
not a form of POS given the costs or should we not ask questions like that here because it upsets the
resident party faithful and invites attacks.
member
Activity: 280
Merit: 26
... doesn't mean it's a desired effect.

Well, one is the reverse side of another. As I said, there is no way to be a half-pregnant.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
I remember the concept of periodically switching PoW algorithms being discussed before, but I'm not sure if that discussion ever came to any meaningful conclusion. Are there any alts that have been attempting this approach?
RavenCoin, RVN

Thanks, I'll check it out.


You don't need to refer to any kind of external media, articles, whatever: it is obvious just by common sense that ANY Proof-of-Something concept essentially trends to concentration of the abovementioned Something, and therefore to centralization.

The Pareto principle appears to be inescapable, that's true. Still it's vital for the likes of Bitcoin that the top players keep each other in check. Otherwise we're just back to traditional banking but with extra steps. Even if sub-optimal, there's still a difference between having 4-5 dominating mining operations vs a mining duopoly / monopoly.


A blockchain rewrite caused by dominant hashing power is not a feature though.

It is a feature, since orphaning the blocks is a feature/part of algorithm.
You cannot be a half-pregnant.

Following the chain with the largest accumulated work is a feature, that's true. The possibility of a single entity controlling the network with majority hashpower (ie. > 50%) however, is not. Just because the former leads to the latter doesn't mean it's a desired effect. It's a weakness of PoW that has been accepted for lack of a better alternative.

Regardless of code being law and everything working as intended, a cryptocurrency that can not be accepted for fear of history being rewritten by a third party is a useless cryptocurrency.
member
Activity: 280
Merit: 26
What do you mean by "stability"? Big rock is more stable then small stone. Read-only file is quite stable comparing to one where anyone can write anything.
Blockchain is not about stability, it's about consensus. And if suddenly tomorrow someone having ten times more hashpower will decide to rewrite the entire blockchain - it is not a bug, it's a feature, and it's there by design.

A blockchain rewrite caused by dominant hashing power is not a feature though.

It is a feature, since orphaning the blocks is a feature/part of algorithm.
You cannot be a half-pregnant.
Pages:
Jump to: