Author

Topic: Will there realistically be another major advance in mining before we finish up? (Read 4160 times)

donator
Activity: 2058
Merit: 1054
In summary: Quantum computers are thought to only be inherently twice as effective against SHA-256, compared to classical computers. Therefore any supposed attacks by quantum computers would really just mean a doubling of the difficulty; no different than all current computing technology becoming suddenly twice as powerful.
No, that's not what it means.

And I don't know enough about hashing to be sure what it does mean, but in a very broad way, cracking difficulty is exponential in the number of bits. So cracking a 128-bit code is 2^128 times easier than cracking a 256-bit code.

That said indeed it doesn't look like QC are a serious problem since you could just double the hash length.

There-by eventually ensuring that the only miners will be ones with access to their own gargantuan ASIC arrays or QC's themselves...
No, as long as an unbroken hashing function is used, mining rate is proportional to plain old hash calculation rate. And I don't see any indication that QC will have more hash/s per $/W than classical computers.

And I expect that there will be companies offering special-purpose mining cards to consumers.

That's because you fundamentally misunderstand quantum computing.
Care to explain?
member
Activity: 84
Merit: 10
In summary: Quantum computers are thought to only be inherently twice as effective against SHA-256, compared to classical computers. Therefore any supposed attacks by quantum computers would really just mean a doubling of the difficulty; no different than all current computing technology becoming suddenly twice as powerful.
No, that's not what it means.

And I don't know enough about hashing to be sure what it does mean, but in a very broad way, cracking difficulty is exponential in the number of bits. So cracking a 128-bit code is 2^128 times easier than cracking a 256-bit code.

That said indeed it doesn't look like QC are a serious problem since you could just double the hash length.

There-by eventually ensuring that the only miners will be ones with access to their own gargantuan ASIC arrays or QC's themselves...
No, as long as an unbroken hashing function is used, mining rate is proportional to plain old hash calculation rate. And I don't see any indication that QC will have more hash/s per $/W than classical computers.

And I expect that there will be companies offering special-purpose mining cards to consumers.

That's because you fundamentally misunderstand quantum computing.
donator
Activity: 2058
Merit: 1054
In summary: Quantum computers are thought to only be inherently twice as effective against SHA-256, compared to classical computers. Therefore any supposed attacks by quantum computers would really just mean a doubling of the difficulty; no different than all current computing technology becoming suddenly twice as powerful.
No, that's not what it means.

And I don't know enough about hashing to be sure what it does mean, but in a very broad way, cracking difficulty is exponential in the number of bits. So cracking a 128-bit code is 2^128 times easier than cracking a 256-bit code.

That said indeed it doesn't look like QC are a serious problem since you could just double the hash length.

There-by eventually ensuring that the only miners will be ones with access to their own gargantuan ASIC arrays or QC's themselves...
No, as long as an unbroken hashing function is used, mining rate is proportional to plain old hash calculation rate. And I don't see any indication that QC will have more hash/s per $/W than classical computers.

And I expect that there will be companies offering special-purpose mining cards to consumers.
full member
Activity: 126
Merit: 100
legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
There-by eventually ensuring that the only miners will be ones with access to their own gargantuan ASIC arrays or QC's themselves...

Centralization is a bitch, isn't it?

...even bitcoin is HARDLY immune to it.

Thats hardly centralization. More like speciallization and it makes sense. Less electricity for the same task.
member
Activity: 84
Merit: 10
In summary: Quantum computers are thought to only be inherently twice as effective against SHA-256, compared to classical computers. Therefore any supposed attacks by quantum computers would really just mean a doubling of the difficulty; no different than all current computing technology becoming suddenly twice as powerful.
No, that's not what it means.

And I don't know enough about hashing to be sure what it does mean, but in a very broad way, cracking difficulty is exponential in the number of bits. So cracking a 128-bit code is 2^128 times easier than cracking a 256-bit code.

That said indeed it doesn't look like QC are a serious problem since you could just double the hash length.

There-by eventually ensuring that the only miners will be ones with access to their own gargantuan ASIC arrays or QC's themselves...

Centralization is a bitch, isn't it?

...even bitcoin is HARDLY immune to it.
donator
Activity: 2058
Merit: 1054
In summary: Quantum computers are thought to only be inherently twice as effective against SHA-256, compared to classical computers. Therefore any supposed attacks by quantum computers would really just mean a doubling of the difficulty; no different than all current computing technology becoming suddenly twice as powerful.
No, that's not what it means.

And I don't know enough about hashing to be sure what it does mean, but in a very broad way, cracking difficulty is exponential in the number of bits. So cracking a 128-bit-security code is 2^128 times easier than cracking a 256-bit-security code.

That said indeed it doesn't look like QC are a serious problem since you could just double the hash length.
member
Activity: 115
Merit: 10
I'm talking as major as it was to switch from CPU to GPU. Will there realistically be any such advance before we mine out all the BTC?

There are a number of things that may cause a large advance, not sure if it will be as major as CPU to GPU but maybe.
 * Webpage based miners, there is even one based on webCL.  Individually they may not be that powerful but if a large website gave the option of not seeing ads or some other premium in return for mining then it could really add up.
 * ASICs (but that has been pretty well covered)
 * SHA specific instructions.  New Intel cpus have support for AES and can do one round of it per clock cycle.  If similar support were added for SHA-256 you could see some dramatic speedups.
 * Lower power parts. Raw speed is only half the equation, power usage is also important. AMD released a cpu/gpu combo that has 400 stream processors and 4 cpu cores all with a 35 watt TDP.  If this same process were used on graphics cards you would see a significant reduction in power usage which would allow significantly more stream processors on the graphics card.
 * openCL compute cards.  AMD and NVidia have both been pushing the compute aspect of their graphics cards, bitcoin is just one of many applications.  If they came out with compute cards which had lots of stream processors, no support for video (no silicon for it, no connectors, less memory and lower clocked memory) it would have lower power requirements and better airflow.
hero member
Activity: 560
Merit: 517
Quote
Secure hashing is believed to be secure from quantum mathmatics....
Merkle signature scheme is just that, a signature scheme. It's not a hashing method, and it isn't "the same hashing algorithm [...] used for the blockchain headers themselves." What you are referring to is specifically SHA-256, the hashing function at the heart of both the merkle root calculation, and the block header hash.

Also, the merkle root is not the thing being attacked. The proof-of-work required to create a valid block header would be the target, which again uses SHA-256 at its heart.

A more appropriate quote would be from http://en.wikipedia.org/wiki/Key_size#Effect_of_quantum_computing_attacks_on_key_strength:

Quote
Mainstream symmetric ciphers (such as AES or Twofish) and collision resistant hash functions (such as SHA) are widely conjectured to offer greater security against known quantum computing attacks. They are widely conjectured to be most vulnerable to Grover's algorithm. Bennett, Bernstein, Brassard, and Vazirani proved in 1996 that a brute-force key search on a quantum computer cannot be faster than roughly 2n/2 invocations of the underlying cryptographic algorithm, compared with roughly 2n in the classical case.[8] Thus in the presence of large quantum computers an n-bit key can provide at most n/2 bits of security. Quantum brute force is easily defeated by doubling the key length, which has little extra computational cost in ordinary use. This implies that at least a 160-bit symmetric key is required to achieve 80-bit security rating against a quantum computer.

Emphasis mine*.

In summary: Quantum computers are thought to only be inherently twice as effective against SHA-256, compared to classical computers. Therefore any supposed attacks by quantum computers would really just mean a doubling of the difficulty; no different than all current computing technology becoming suddenly twice as powerful.
legendary
Activity: 1708
Merit: 1010
I hear a quantum computer came out or is coming out. What impact would that have on hashing?

Might be faster, might not.  Can't break SHA-256 with quantum methods, and can't reverse it with any presently known method.

85-bits is far from unbreakable...

EDIT: True to my general form I should be calling you out for the degree of shit you are full of, but I'm pretty laid back right now, so just do some research before you openly reveal your ignorance.

Okay, I'll qualify my statements properly.  Secure hashing is believed to be secure from quantum mathmatics....

"The Merkle signature scheme is a digital signature scheme based on hash trees (also called Merkle trees) and one-time signatures such as the Lamport signature scheme. It was developed by Ralph Merkle in the late 70s and is an alternative to traditional digital signatures such as the Digital Signature Algorithm or RSA. The advantage of the Merkle Signature Scheme is, that it is believed to be resistant against quantum computer algorithms. The traditional public key algorithms, such as RSA and ELGamal would become insecure in case an effective quantum computer can be built (Shor's algorithm). The Merkle Signature Scheme however only depends on the existence of secure hash functions. This makes the Merkle Signature Scheme very adjustable and resistant against quantum computing."

http://en.wikipedia.org/wiki/Merkle_signature_scheme

Note that this is exactly the system used for the internal block structure, and the same hashing algorithm is used for the blockchain headers themselves, although not in a binary tree.

member
Activity: 84
Merit: 10
I hear a quantum computer came out or is coming out. What impact would that have on hashing?

Might be faster, might not.  Can't break SHA-256 with quantum methods, and can't reverse it with any presently known method.

85-bits is far from unbreakable...

EDIT: True to my general form I should be calling you out for the degree of shit you are full of, but I'm pretty laid back right now, so just do some research before you openly reveal your ignorance.
newbie
Activity: 39
Merit: 0
I'm talking as major as it was to switch from CPU to GPU. Will there realistically be any such advance before we mine out all the BTC?

The rise of ASIC mining chips is going to be a pretty big jump, but after that there is no major advances foreable.

Exactly.  What else could there be after ASIC which is specially designed CPU that is a dedicating mining chip?

Then who can design, build and sell the best arrays of ASICs I suppose. 

legendary
Activity: 1708
Merit: 1010
I hear a quantum computer came out or is coming out. What impact would that have on hashing?

Might be faster, might not.  Can't break SHA-256 with quantum methods, and can't reverse it with any presently known method.
sr. member
Activity: 500
Merit: 253
I hear a quantum computer came out or is coming out. What impact would that have on hashing?
donator
Activity: 2058
Merit: 1054
before we mine out all the BTC
Mining will not stop when no more BTC are generated. It will be paid for with transaction fees.
legendary
Activity: 1708
Merit: 1010
Who knows if ASIC mining chips will come (unless they're here and I'm uninformed). The thing about graphics cards is they're multipurpose and wont be useless in their post mining life.

They're here and you're not informed.  They just aren't yet widely available.
newbie
Activity: 56
Merit: 0
Who knows if ASIC mining chips will come (unless they're here and I'm uninformed). The thing about graphics cards is they're multipurpose and wont be useless in their post mining life.
legendary
Activity: 1708
Merit: 1010
I'm talking as major as it was to switch from CPU to GPU. Will there realistically be any such advance before we mine out all the BTC?

The rise of ASIC mining chips is going to be a pretty big jump, but after that there is no major advances foreable.
newbie
Activity: 56
Merit: 0
I'm talking as major as it was to switch from CPU to GPU. Will there realistically be any such advance before we mine out all the BTC?
Jump to: