Author

Topic: Will Litecoin be the first ASIC-proof alt-coin? (Read 3803 times)

sr. member
Activity: 360
Merit: 251
Yes, the scrypt parameters in Litecoin were a compromise, 128k fits into L2 cache.
Still, sha256 only needs to maintain a 512 bits internal state, so the ASIC that runs many hash attempts in parallel only needs 512 bits per hash attempt for sha256, compared to 128 kilobytes per hash attempt with scrypt.
I suspect that BFL couldn't manufacture a cost-effective scrypt ASIC even for the 128k memory buffer parameter.
Maybe coblee or pooler will start a new thread soon, to discuss benchmarks and solicit advise from hardware people on whether modifying the scrypt params of Litecoin (via hard fork) is a good idea.
sr. member
Activity: 360
Merit: 251
Quote
https://bitcointalksearch.org/topic/litecoin-is-more-secure-than-bitcoin-lower-hashrate-is-nearly-irrelevant-103648
You misinterpert that slide.  It is for comparing the cost of various password cracking algorithms.  Yes an ASIC Scrypt hasher would be slower and more expensive than a SHA hashe; this is why I have long advocated bcrypt or scrypt for protecting passwords.   An ASIC doesn't need to be more efficient than SHA256 to be useful for hashing Litecoin; it just has to be more economical than other methods of hashing scrypt which being a dedicated processor it will.

No, he didn't misinterpreted that slide. Since scrypt ASIC is less cost-effective compared to sha256 ASIC, it would be more difficult for an attacker (who invests in ASIC) to outcompete the Litecoin distributed network, than to outcompete the Bitcoin distributed network. It also means more generally that the hashpower will be more decentralized.
sr. member
Activity: 360
Merit: 251
But there are already manufacturing pipelines for the current PC design, so the question is whether retooling factories will be cost-effective? Let's say that we agree that the dedicated scrypt hardware will be 50x faster than regular CPUs, and that sha256 ASIC is 5000x faster than regular CPUs, is it really worthwhile to manufacture dedicated scrypt hardware just for 50x speedup? According to your previous theory, even the botnet operators will outcompete this 50x speedup...
sr. member
Activity: 360
Merit: 251
Um ASIC was always available for the attacker.

The whole point of scrypt is that ASIC won't be available to the attacker.
Let's take tacotime's suggestion to use 8 gigabytes for the scrypt memory buffer... Admittedly, this suggestion is too extreme, but I guess that under this scenario nobody would be able to manufacture ASIC with more than a negligible advantage over a regular PC. It would be more cost-effective for any entity just to use regular PC hardware.
sr. member
Activity: 360
Merit: 251
Do you mean 1-2 gig to verify the hash of single block? How long do you think it'd take for a modern computer? Let's say 1 minute? If the blockchain has 200,000 blocks, then it'd take 139 days to verify the blockchain after you download it for the first time.
I don't know if 1 minute is too little or too much (hardware people, could you provide an estimate?), but keep in mind that blocks are generated 4x times faster with Litecoin compared to bitcoin, so it'd grow from 200,000 blocks to higher numbers more rapidly.
legendary
Activity: 1484
Merit: 1005
every 18 months and start with the memory requirement at 6-8 gigabytes per process

6-8 gigabytes per each hash attempt? Then people who are non-miners and simply want to run the client to send/receive coins won't be able to do it, because verifying each block becomes too difficult for regular computers (that are supposed to multitask and run other apps at the same time).
Well, surely any modern computer can still do 1-2 gigs per thread right? That still makes it gpu proof and adds to asiç cost
sr. member
Activity: 360
Merit: 251
every 18 months and start with the memory requirement at 6-8 gigabytes per process

6-8 gigabytes per each hash attempt? Then people who are non-miners and simply want to run the client to send/receive coins won't be able to do it, because verifying each block becomes too difficult for regular computers (that are supposed to multitask and run other apps at the same time).
legendary
Activity: 1484
Merit: 1005
I heard that Litecoin Scrypt can become more memory intensive by just changing a variable, is that right?
So what? You can make an ASIC that drives a DIMM socket or even a whole bank of DIMM sockets. It really isn't a rocket science.

Same with FPGAs. The only wrinkle is that the current favorite: Spartan-6 has a MCB (Memory Control Block) that is designed to work with single memory chips, not the multiple chip memory modules. So the DIMM memory access logic would have to be soft-synthesized instead of the using hard MCB macro.

The spartan memory controller is sloooooooow... for fast scrypt performance you need a lot of internal memory bandwidth.  If you had quad channel DDR3 clocked at over 1600MHz you might be competitive, but a quad channel controller is expensive too

The really easy way to make a coin that is asic and gpu proof is to simply double the memory requirements of the scrypt algorithm every 18 months and start with the memory requirement at 6-8 gigabytes per process (adjust the values in the paper above).  gpus will never be able to mine it, and asics will require lots of ram to mine effectively.  i'm hoping someone will implement this soon so I can stop mining litecoin and mine this instead.

for whatever reason artforz decided against massive ram requirements (he thought cpu cache would be faster than gpu memory access, but if you look at the bandwidth obviously it is not), but there's still room for a scrypt based coin that gets exponentially more memory hard over time.
newbie
Activity: 45
Merit: 0
Surprised nobody has posted this here, itt explains why it is much more expensive to create ASIC for LTC

www.bsdcan.org/2009/schedule/attachments/86_scrypt_slides.pdf
sr. member
Activity: 360
Merit: 251
Bitcoin can become ASIC-proof by just changing the hashing algorithm.

"can"=="could have", it probably cannot when ASICs control the majority of the hashpower.
If a security flaw in sha256 is discovered then the situation could become messy, because ASICs aren't re-programmable and the people who bought ASICs would have a financial interest to stick with an insecure hash function.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
Why fight against Asic's? Might as well fight the ocean tides.

That said, If litecoin is ASIC resistant, then its a moot point.

I hear that PPCoin supports ASIC mining, & I consider that a good thing. Just like for bitcoin, it will increase the blockchain security.

I think it's a misconception that ASIC increase block chain security. Although it add significantly more hash power to the network, it is also available to anyone who would attack the network. So while Big Bad Bank incorporated might previously needed to buy a whole warehouse of GPU's, now they will just buy a warehouse of ASIC. If anything, ASIC is hash power in a more user friendly package, meaning it's far easier to set up and run then GPUs.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
Bitcoin can become ASIC-proof by just changing the hashing algorithm.  In either case you are talking about a breaking change.  It likely will never happen for Bitcoin because you will never be able to acheive enough of a consensus for the new fork to have value.   It may happen in Litecoin but that would simply mean that Litecoin is so worthless that nobody cares if you change the core hashing algorithm on a whim.

Still nothing is ASIC proof.  There are only two outcomes:
a) Litecoin remains so tiny that it isn't worth the NRE to develop ASIC miners (i.e. sub million dollar market cap, and stagnation forever)
b) Litecoin becomes large enough that it is profitable to develop an ASIC miner for that variant of scrypt


I was thinking that with Scrypt, there was no need to change de hashing algorithm to make it ASIC-proof but, well, never mind... lol
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!

......

So what? You can make an ASIC that drives a DIMM socket or even a whole bank of DIMM sockets. It really isn't a rocket science.
[/quote]

You have answered my question...    =)
legendary
Activity: 2590
Merit: 2156
Welcome to the SaltySpitoon, how Tough are ya?
I'm still trying to figure out if LTC is FPGA proof? I hear some people say yes, FPGAs don't have the ram necessary for Scrypt. I then hear others say, the ram could be added to FPGAs, its just a matter of time until someone makes a miner that supports FPGAs.
legendary
Activity: 2128
Merit: 1073
I heard that Litecoin Scrypt can become more memory intensive by just changing a variable, is that right?
So what? You can make an ASIC that drives a DIMM socket or even a whole bank of DIMM sockets. It really isn't a rocket science.

Same with FPGAs. The only wrinkle is that the current favorite: Spartan-6 has a MCB (Memory Control Block) that is designed to work with single memory chips, not the multiple chip memory modules. So the DIMM memory access logic would have to be soft-synthesized instead of the using hard MCB macro.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
You guys didn't get it...

I heard that Litecoin Scrypt can become more memory intensive by just changing a variable, is that right?

By doing this, ASIC for Litecoin will become more and more a distant "dream"... I' m glad about this because I like my CPU/GPUs... Simple because I can play games with it, unlock cell phones, crack password... With ASIC, there is only one utility for it...  It suckz...
hero member
Activity: 714
Merit: 500
Guys,

 Can someone answer this to me?!

 I read don't know where that Litecoin can "fight" against ASIC by only turning itself into a more memory insensitive coin, by just changing a variable, is that true?

 Note: Sorry my bad English....   :-/

Best!
Thiago

I hear some people saying that it is ASIC resistant.. With that in mind, people said it GPU resistant.. and look at us now. Most of us are GPU mining, and I wouldn't doubt that if the LTC price rises to a good profitable price for all, ASIC development will start...
legendary
Activity: 1736
Merit: 1006
Why fight against Asic's? Might as well fight the ocean tides.

That said, If litecoin is ASIC resistant, then its a moot point.

I hear that PPCoin supports ASIC mining, & I consider that a good thing. Just like for bitcoin, it will increase the blockchain security.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
Guys,

 Can someone answer this to me?!

 I read don't know where that Litecoin can "fight" against ASIC by only turning itself into a more memory insensitive coin, by just changing a variable, is that true?

 Note: Sorry my bad English....   :-/

Best!
Thiago
Jump to: