Topic: Why does Bitcoin keep using SHA256 in its POW? - page 3. (Read 832 times)

It is the biggest one. That and the fact that SHA256 is very well tested and known to be secure.
Having ASICs mine is one thing, but having a hashing algorithm that is insecure is a complete chaos.

ASICs happen for every algorithm, but there are currencies like Monero that hard fork every time they have a doubt that ASICs are developed.


This is exactly why it never forked and it won't for a very long time. First you need for the almost entire community to agree that fork needs to happen.
Then you need a vast majority of the community to agree to which algorithm we should change.
And after all of that being discussed for years (probably decades based on how much time we needed to simply increase a block size) we would already have some company create an ASIC for the new algorithm.

It is not a simple problem and it doesn't seem to be absolutely necessary.
ASICs do hurt decentralization, but it is not widely established how much they really hurt it.
Anyone can buy ASICs and multiple companies can develop them.
And we still have big mining centers and pools in other cryptocurrencies that don't have ASICs for their algorithms.
And we still have practically only two companies developing hardware used to mine these altcoins.
Centralization in mining is not just an ASIC problem, it is a bit more complicated than that.

I think this is a question that brings up some interesting points. As the Bitcoin algorithm gets harder, and the ASIC dominated mining becomes more centralised and monopolised, it's what's needed to bring it back to the people.

AES is an encryption algorithm, not a hashing algorithm.

It's complicated.

To simplify, this has actually already happened: I think it was Bitcoin Gold (?) that hard-forked from Bitcoin a couple of months ago, on the basis of a more decentralised mining ecosystem by changing PoW to an algo that's difficult to produce an ASIC for. Needless to say, it didn't gain much popularity.


Until the mining cartel start to affect everyday Bitcoin users in a way that forces them to act, I expect nothing will happen. Segwit2x almost forced this situation, but in the end it was averted.

In principle, I think it would be better if PoW was changed, but it needs ALOT of planning to make the change seamless, there must be a minimally disruptive way to transition to the alternative source of hashrate to ensure highest possible confidence in the change. Otherwise the BTC exchange rate could crash badly.

Exactly what that would look like... well, maybe a testnet could be running beforehand, with all the new-PoW miners testing that chain. Then a "hand-over" period of blocks could be specified to permit both SHA256 and new-PoW blocks, after which only new-PoW blocks are accepted when handover is complete. Maybe if the end of the hand-over period is specified by the percentage of blocks produced using new-PoW (say 90% or 95%), it could be a very smooth transition. There would almost certainly be people continuing to mine the SHA256 chain afterwards though, although it's unlikely to gain much traction if they're only doing 5% of the work of the main chain.

Choosing the algorithm to ensure the viability of out-hashing the SHA256 miners would be very important, but that would also be the key to success.

That is a good question. Especially given AES256 is more secure (advanced encryption standards) I think its probably a case that sha is still good enough to do the job

This is a question I've had for some time. It has to do with the hashing algorithm of Bitcoin, namely:

Why Don't We Change the SHA256 in Bitcoin's proof of work?

This question is probably naive, asked many times before, but still I would appreciate your thoughts, especially regarding the current situation.

I get it that no one could've foreseen the appearance of specialized ASIC mining equipment when Bitcoin was in its early days.
If I understand it correctly, over time this has led to centralization, with the majority of computer power for hashing in Bitcoin's POW concentrated in the hands of a few entities.
Or, would this have happened regardless of the ASIC?

How about changing the algorithm? There are other memory intensive hashing functions, or even a combination thereof, which would result in ASIC resistance.

The obvious advantage of switching to ASIC resistant algorithms would be promoting decentralization as more people would be able to enter the mining process with "normal" hardware.
The obvious disadvantage is that implementing other POW algorithms that would be ASIC resistant would require a Hard Fork and we would lose backward compatibility.

Is this the only disadvantage? What else am I missing?

Also, in light of this, and given that Bitcoin is a decentralized system, who decides whether or not changes of this type could or should happen?