Topic: Why does Bitcoin keep using SHA256 in its POW? - page 2. (Read 832 times)

You don't need to refer to any kind of external media, articles, whatever: it is obvious just by common sense that ANY Proof-of-Something concept essentially trends to concentration of the abovementioned Something, and therefore to centralization.

>Re: Why does Bitcoin keep using SHA256 in its POW?

Good question. I really would like to see a more useful POW. Since we burn a lot of energy... we could do it in a more intelligent way ..

I was reading this scientific paper called "Proofs of Useful Work"..


With that in mind I am huge fan of coins like, primecoin, gapcoin, and my favourite one

GridCoin
https://bitcointalksearch.org/topic/gridcoin-grc-first-coin-utilizing-boinc-official-thread-324118

Witch uses BOINC where you can choose a good projects like cancer cure, climate change, etc  ...
https://boinc.berkeley.edu/projects.php


Regards to semiconductor industry centralisation ... how many GPU/CPU manufactures do we have ? Sometimes I think that the centralisation phenomenon is more related to energy price, access to wholesaling market, etc than the hardware architecture itself...    

RavenCoin, RVN

I will not use any microsoft black box software like AES on a windows machine because I know myself that windows copies, encrypts and uploads anything it can get
it's hands on and this is impossible to stop without making the machine useless and X-Boxes are even worse not that I or anyone has managed to get inside one.

They are even using ultrasound now to active apps from your TV on your mobile phones so they will stop at nothing to watch you.

Quantum computers are like hardware network switches, mega fast but very limited when it comes to programming which is why it's all been talk for years
with nothing really happening but the long term dangers does not come from men writing hacking code but more from A.I developing it's own computer language
that we mere humans won't understand and if you think this is science fiction then you are behind the times already.

Some of the self teaching software reconfigure itself and works better than anything the developers could write themselves and they don't even understand
how the output works, it just does and we are already seeing questions being asked about the rights of computers so we are going to be in for some interesting
times me thinks.

https://www.rt.com/op-ed/424709-sexbots-sex-dolls-rights/

I remember the concept of periodically switching PoW algorithms being discussed before, but I'm not sure if that discussion ever came to any meaningful conclusion. Are there any alts that have been attempting this approach?




There are also effectively 2 GPU and maybe 3-4 major CPU manufacturers. Lack of competition seems to be just a small part of the equation, with the main problem being that mining hardware manufacturers have a strong incentive to produce mining hardware for themselves rather than their customers.




SHA256 has nothing to do with curves, it's Bitcoin's private / public key algorithm -- ECDSA -- that is endangered. Which is unfortunately much worse. However it can luckily be mitigated by avoiding address re-use until a new private / public key algorithm has been deployed.




He kinda did though:
https://bitcointalksearch.org/topic/m.6306




A blockchain rewrite caused by dominant hashing power is not a feature though. It's a weakness that is kept at bay by game theoretical incentives, ie. the assumption that no rational actor would waste that much money on an attack of questionable merit. Rewriting transactions is exactly what Bitcoin's consensus algorithm is trying to prevent.




I think that's the heart of the issue -- Bitcoin's growth has turned mining into an industrial endeavour where economics of scale is key and money available to be put into R&D is plenty.

Simply changing Bitcoin's PoW algo won't keep ASICs at bay forever, but would come with a lot of challenges -- both technologically and community-wise. Not only evaluating and selecting a new PoW algo will be challenging -- even how the selection for a new PoW algo takes place would likely result in a lot of drama and hidden agendas. Some parties may secretly benefit from one algo over another.

In other words, I too think that the downsides of changing Bitcoin's PoW algo would outweight its benefits -- for now. As much as I'd love to see a time of hobbyist GPU / CPU Bitcoin mining again, I'm afraid this train has left for good.

The hard fork is the first problem as mentioned.
But if you really want to change the sha256 to something "better" like a sha3 or cryptonight, you could only stop temporarily the problem with asics.
The asic is only a component specially designed to do something, the current CPUs and GPUs was made to run different things at same time, losing part of the efficiency. If you want to continue with the proof of work, you will not stop with the creation of the asics, you can only slow down or make more expensive the production of asics, but this will be only a temporarily solution.
A good case to learn with is the hard fork of the monero.

I wouldn't discard the issue of stability so easily. To reply to your comment, there is an interesting medium article. It nicely illustrates the
concerns and danger of Bitcoin's centralization and having a lot of hash-power concentrated in the hands of several entities.

ASIC resistance is a temporary thing, so far many algorithms that were claimed to be ASIC-resistant have lost this status - scrypt, X11 and now ethash ASICs were recently announced by Bitmain. If Bitcoin would do an emergency fork today to some existing algorithm, it would probably take around a year or less until new ASICs arrive, since there's very strong motivation to develop them.

And even with new algo the mining might still be centralized, because if it would be very profitable, miners would buy GPU's in bulk while hobbyists won't be able to make small home farms, because retailers would enforce 1 GPU per buyer like they do now in many places. CPU mining might suffer from the same problems, and on top of that the network will be at the risk of attacks from botnets - imagine Microsoft or NSA sneaking mining malware into Windows update to attack Bitcoin's network with CPU hashpower of millions of users.

So, in conclusion, it's a very complex subject that needs to be discussed and tested for long time before making any moves. There's no immediate need to change algo today, we have plenty of time.

What do you mean by "stability"? Big rock is more stable then small stone. Read-only file is quite stable comparing to one where anyone can write anything.
Blockchain is not about stability, it's about consensus. And if suddenly tomorrow someone having ten times more hashpower will decide to rewrite the entire blockchain - it is not a bug, it's a feature, and it's there by design.

Good point there!

Theoretically, it's not impossible as you can think about game theoretical scenarios in which doubts about SHA256 would arise, such as the NSA-NIST conspiracy of a backdoor being somehow true, or somehow the curve gets simply cracked by quantum computing (how else could you crack it anyway?)

Both scenarios are sci-fi, if you think about it.

Therefore the ultimate fate of Bitcoin is being stuck with SHA256, which is not necessarily a bad thing, as long as we keep seeing improvements in competition in the mining game. DragonMint is a new hope in mining competition, for instance. Other than that, thinking there's going to be achievable consensus to change SHA256, is in my opinion a waste of time.


Looks like satoshi didn't predict mining pools, which are the cause of centralization, not the actual specialized hardware.

Wouldn't it be good for the stability of Bitcoin's network to have numerous small miners scattered throughout the world rather than a couple of big miners centralized in those parts of the world where electricity is cheap? Wasn't that the original idea back then in 2009? I believe so. But I also get the reality of this mining business and I know that what I'm asking is probably unrealistic. People with big money will always find a way to game the system.

What would be the point of doing so?
People move hashing from CPU to GPU, develop ASICs, etc. in  order to gain more coins, to profit more from their "mining". Just remove the reward from "mining" - and nobody will care to throw tons of dollars into developing a new HW for nothing.
Again, what is the real sense of your meaning of decentralization? If you are talking about [more or less] fair coin distribution - just use (a kind of) random distribution. Otherwise, if there is any feasible way to increase one's part of [coin-]cake - one will always do so.

most of us will be back in nappies before this is a real issue, but it is indeed an issue. personally i'll simply get on with my day and not sweat about it. that's the next generation or two's problem.

if bitcoin is still a thing and still important by then it's gonna get solved by brighter people than me.

If that's really the future of Bitcoin mining, another question comes to mind. What happens with all specialized hardware once the number of bitcoins in circulation comes close to 21 million? As the block reward is not there any more, the usual answer is that the miners will continue to mine just to collect the transaction fees, but that sounds a little bit too far fetched to me.

it is practically impossible, it's too late and anyone that thinks otherwise is most likely delusional. We are stuck with SHA256 until SHA256 is proven to be cracked somehow, which shouldn't happen in our lifetimes, but who knows.

So unless EVERYONE's money on Bitcoin is at risk, there will be no consensus to change, and even if there is a problem, I can see lack of consensus to select what algo to change to, I would like to see how that would resolve like.

the moment ASIC resistance returns, hundreds or thousands of researchers, scientists and programmers set to work breaking it. the rewards are too high not to try it. bitcoin could spend the rest of its days skipping from algorithm to algorithm which would be an endless cycle of ruin and disruption for little gain.

if someone could come out with something forever unbreakable then great, but i don't think anything can be certain. and even if it returned to GPUs there's enough capital out there in a small number of hands to centralise that too.

the little guy is done in bitcoin mining no matter what. it's better to have more diverse machine manufacturers and as many deep pockets as possible competing to find coins. that's about as good as it's gonna get.

Changing SHA256 on live Bitcoin Network is extremely complicated but not at all impossible. The above posters already described the process in details more then enough to satisfy one's curiosity. I would only like to add that necessity of any improvement should be always taken into consideration. In case of deeply rooted into Bitcoin's architecture hashing algorithm it would be very unwise to change or even plan changes unless there is absolutely critical to do so. It's like upgrading perfectly good foundation of a skyscraper - it can be done, may even improve future performance, but hardly worth the effort.

This is really interesting and has never occurred to me as a possibility. It doesn't seem hard to implement. I guess, one would have to modify the difficulty separately for both hashing algorithms to have equal chances to find the solution.

If I'm not mistaken, I think we have seen recent alogs that employ that idea, like X16R, which switches between several algos to discourage the idea hardware built specifically for the purpose of mining.

SHA256 won't necessarily be secure forever though (although how long for is anyone's guess). PoW algorithm will have to be changed eventually.



Having a stack of hashing algorithms would probably solve that problem. Take a pool of proven hashing algorithms, then randomly choose several in a series of hashing operations to constitute Bitcoin's PoW. Arbitrarily change the hashing algos within the series after a minimum of 3 months (not with another hard fork, build that behaviour directly into the consensus rules). CPU's or GPU's could be adapted to that, but an ASIC would be conventionally impossible.



There are only 3-4 manufacturers producing SHA256 ASICs for mining Bitcoin (and they appear to be price fixing)

---

The other alternative is some kind of very sophisticated 3D printing technology that can usurp traditional processor fabricators. But no such tech yet exists AFAIA (and certainly won't be able to compete with bleeding edge nm node processes at first anyway)