Bitcoin Forum

I'm having this problem:

http://www.mattcutts.com/images/duty_calls.png

I just want to point out that there is no such thing as an "ASIC Proof" algorithm.

I also want to point out that there's no such thing as an "ASIC-Resistant" algorithm.

While I'm at it I'm going to go ahead and point out that THIS:

http://butterflylabs.com/upload/homepage/header.jpg

Is NOT an asic.

Now for those of you that are crapping yourselves right now and about to flip out and call me crazy, I'll clarify.

That black box is a special purpose computing device, that uses 1 or more ASICs to achieve it's goal.

These:
https://upload.wikimedia.org/wikipedia/commons/7/79/SSDTR-ASIC_technology.jpg

are ASICs (https://upload.wikimedia.org/wikipedia/commons/7/79/SSDTR-ASIC_technology.jpg).

Now anybody that wants to argue that there can be an ASIC-Proof algorithm that a general purpose processor such as an i7 can compute just needs to put on an idiot hat and go sit in the corner.  Yes, I know that's rude as hell but, c'mon.

ASIC Resistance is a real condition, but it has ABSOLUTELY NOTHING TO DO with the encryption algorithm in use.

It's simply an economic situation, and it's fluid.

Litecoin (and other coins) are not ASIC-Resistant in any inherent fashion, and they're certainly not using "ASIC-Resistant Alogrithms".  They're just not currently worth the bother.

If you are backing a coin because you think it is "ASIC Resistant" you're going to learn that this is a self-defeating goal when that coin actually achieves any significant real world use.

I just wanted to make a separate thread for this because there are SO MANY THREADS that I want to post it in. I hope that someone out there feels helped by this explanation.

Whew, all right fit over - Carry on.

The only ASIC resistant crypto is one that doesn't use "mining" or hashing algorithms as a POW and minting.....which is currently only ours (or Ripple of course).

That said, you are indeed correct in your statement that any crypto that uses a hashcash based POW algo can and will indeed be ASIC broken when the return on investment is good enough.

I"m just happy that the current generation of cryptos are abacus resistant.  Otherwise we would be doomed.

Yeah I've pointed a couple of people at emunie. It looks like good stuff. And it looks like it can go a lot further, a lot more effectively than bitcoin.

I think there are many people here who haven't realized that it isn't just another satoshi-clone.

Thank you for the lengthy dissertation of why, mathematically, the number of computations and memory transactions performed doing one sCrypt hash and one SHA256 hash are exactly the same and have comparably easy implementations on application specific integrated circuits.

Thank you for missing the point completely, and making a completely irrelevant response.  It doesn't even qualify as reductio ad absurdum.  Here's your hat.

Maybe the pictures weren't enough.

Not really.  Naked, actual, unlidded ASICs look like this (http://zeptobars.ru/en/read/bitfury-bitcoin-mining-chip).  Beautiful, no?

+1


Care any less to actually define your "real condition" notion of ASIC Resistance? I get that it's an economic situation, and fluid, though ;D

Yes, it is.  the flower is a great touch.  A sign of someone taking pleasure in their work.

According to this randomly googled website (http://ltc.block-explorer.com/charts) the market cap of Litecoin is currently approximately $50,475,892.

I haven't spoken to a Fabricator however let's just go with some numbers bantied around the forum and say it's going to cost 5-7m (USD) to get your ASICs out of the FAB.  This ignores the cost (a couple more million) of integrating them into a special purpose computing device to support the interfaces and off-chip requirements of the ASIC.

So let's just guesstimate that we're about 8m out of pocket and have a litecoin ASIC in our hands.

If anyone, I mean anyone finds out that it exists, miners and traders are going to dump Litecoin like a dead tree dropping leaves.

So now you're 8m out of pocket and practically the only person around to secure a dead block chain.  Meantime people are fleeing every alt that uses any variation of Scrypt as fast as they can.  Because let's face it, no one is going to do a scrypt ASIC at this point and then mount it in a device that can't handle variable n.

It would be self-destructive to create that machine right now.  Your only hope would be to mass produce and sell the first round cheap enough to attract the current large litecoin holders. And you'ld probably have to let them pay in Litecoin, while the majority of holders were in the middle of a massive dump.

If you got a few people to buy, you could all sit around and transfer coins between yourselves. If you got enough, you might be able to start a process of recovery,  But it wouldn't be the same, and you would get all the same "elitist" complaints and exodus of miners that bitcoin is  getting.

So, there's a description of "social" or "economic" ASIC-Resistance for you.  Absolutely nothing at all to do with the algorithm in use for the coin.

EDIT: totally unsubstantiated, but I guess if litecoin breaks ~200M - 250M USD market cap, we will see scrypt ASIC within months. For the same reason we have Litecoin - people sorry they missed the train the first time around.

While thats all sound in theory, Bitcoin said ASIC isn't death.

That black box is not an ASIC, it's an ASIC Miner.

That means a miner filled with ASICS.

BOOM.

/thead.

What was the market cap of BTC when the first -> RETAIL <- ASIC shipped?

1b +?

At the right time, it won't mean death.  Right now, I think it would.  If not for litecoin, certainly for a lot of small alts.

It would just result in a huge new flood of crypto-coins. Probably just using other features of scrypt-jane LMAO.

....."and say it's going to cost 5-7m (USD) to get your ASICs out of the FAB" .... Not true if the DEV was done in China.

Strongly disagree. It is, at least in principle, possible to make an algorithm that an intel core i7 is the ideal chip for (that is, an intel core i7 IS the asic for this algorithm). You'd have to write the algorithm specifically for that task, but it is possible.

Wait, are we in the same thread?

Anyways, no you would have a chip-specific algorithm, this wouldn't magically make the i7 (a general computing device) suddenly become an ASIC.

This would possibly be a way to build social/economic ASIC-resistance into a coin, because it would be illegal to make it, and nearly impossible to compete with Intel on price.

Either way, I'm not exactly sure what you were reading when you wrote that. If you're not a native english speaker I apologize for possibly confusing grammar.

So your ASIC Resistance notion boils down to "economically unviable", and I agree that is a good notion. I just don't get your distinction between it not being an algorithmic property yet a context property of the system built on that algorithm when in fact these limitations in the ultimately static context arise out of the algorithmic properties in the first place. Unless of course you can provide numbers backed by data.

If ever single feature of the i7 were used, every FPU, every ALU, etc are all used in their most efficient way possible for the i7, then the only way you could beat it with a "mining ASIC" would be to just make more i7's. You could make one twice as powerful, but it'd require twice the silicon, twice the cost, twice the power, etc.

General use CPU's are so easy to beat for stuff like bitcoin, because the algorithm isn't optimized at the hardware level for those general CPU chips. If it is, then you can't really do much better.

Such an algorithm would be spectacularly hard to write, but I don't see why the possibility should be discredited.

I apologize if you're not a native english speaker and the technical aspects are hard to understand.

the hatorade for litecoins is coming.
I guess we can thank gox for pulling litecoin in the spotlight.

The algorithmic properties will have a very minor impact on the timing of achieving "economic viability".

It's technically nothing at all to do with "the ability to produce an ASIC" for the POW algorithm.

And to bring it further into the clear, I suspect the majority of the difference in cost between producing a scrypt ASIC Miner and a SHA ASIC Miner is going to be in the supporting miner hardware, which is going to require a lot more activity to occur off-chip than bitcoin does.

I'm going to make a statement here that is absolutely outside of my realm of knowledge. It's actually possible that the design, production and fab of a scrypt asic would end up being cheaper than the same process for a SHA ASIC due to this very fact.  There are probably people on this forum who know the real answer to that, I don't.

Note very carefully the distinction between the ASIC itself, and the ASIC miner.

What sort of numbers do you mean?  We're in practically uncharted waters here (one data point does not make much of a chart).  I don't have any.

That's actually my criticism, you don't seem to have any data. Last time I checked, people with a sophisticated understanding of ASIC design and sCrypt internals determined it is not economically viable, and likely won't be for decades to come, or to put it this way: it turns out the algorithmic properties do have a very major impact on the timing of achieving "economic viability" (and were designed to that end specifically with sCrypt, let's not forget) because the context constraints are ultimately static and therefore I fail to see why you would believe otherwise although there is nothing to back it up, not even a theoretical sketch of a proof of concept design.

+1

It appears the OP assumes implementing scrypt in hardware is identical in difficulty and development effort to implementing SHA256 in hardware, and that the benefits in hash rate would be similar to SHA256 on GPU's vs. an ASIC.  In reality, SHA256 is almost a prime example of an embarrassingly simple problem (Google "embarrassingly simple" if you're not familiar with what that term means in the context of parallel processing), and you can pipeline the whole SHA256 calculation and crank out a hash per clock cycle per core.  It's almost retardedly simple to develop an SHA256 ASIC, there's even multiple Verilog implementations for FPGA's that you can start with to generate the netlist for the SHA256 cores (at which point the development process diverges from that of FPGA's of course).  That's why we've seen several SHA256 ASICs arrive on the market that were designed by novices or people with negligible or no prior VLSI experience.

Implementing scrypt in hardware is not what I'd call "embarrassingly simple" in comparison.  A Radeon 69xx (or maybe a 79xx depending how you value power efficiency) die is fairly close to being a pretty good hardware implementation for scrypt.  Yeah, you can probably do slightly better in a few areas (but worse in others, particularly if you're stuck interfacing to off-chip GDDR5, as AMD kinda has the edge over anything an amateur-developed ASIC is going to have for a memory controller core(s)).  Or else you do on-die SRAM and pick a good spot along the more obvious TMTO curve (lookup gap) and live with burning tons of die area on SRAM.  But it's not going to result in something with an epic performance gap compared to GPU's, as happened with SHA256 for BTC.

In my opinion, OP's points would be valid if developing an scrypt ASIC were of equal difficulty and complexity to slapping an array of open-source SHA256 cores through an open-source ASIC router and layout tool and sending off the placed and routed design to the foundry (oversimplification, but not by much).  So I would say yes, the algorithm does actually matter.  You can spin an SHA256 ASIC design for significantly less than $1M if you do the design work yourself.  You can even screw up the design royally several times and re-run new masks through MOSIS (an ASIC prototype aggregation service) multiple times and still be under that amount.

It takes well under the $8M figure mentioned by the OP to call up AMD and license the Radeon 6950 or 7950 reference design, and produce boards with multiple GPU's on them.

Partially correct on the first point above, and very wrong on the last point.  I'm not sure how you got from "scrypt will require more complicated off-chip support components" to "an scrypt ASIC would could end up being cheaper" than an SHA256 ASIC.  The die area needed to implement an scrypt core (that actually performs with any sort of noteworthy hash rate) is massively larger than for a simple pipelined SHA256(SHA256()) core, regardless of whether there is off-die memory.  And interfacing to external high-speed I/O is one of the hardest things you can deal with in an ASIC design, especially if we're talking about interfacing to something like a very wide bank of GDDR5 at anything close to the clock rates that the Radeon GPU's operate at.  It is, perhaps, very foolish to suggest that addressing an extremely difficult external I/O problem will drive down the cost of developing and fabricating an ASIC, compared with a simple SHA256 core that barely needs to talk to anything (and when it does, can do so over even a dirt simple open-collector bus that just communicates a winning nonce when one is found).

When it comes to development cost, there's also a massive spread.  You can go and pick yourself up an SHA256 core design, for free, that performs fairly well and is fully pipelined, from multiple sources.  For scrypt, you have to go it alone and develop it from scratch, and you end up with an almost infinitely more complex netlist than an SHA256 core (in fact, an scrypt core will tend to contain two SHA256 cores) that is significantly harder to place and route on the die, and much harder to verify gate-level simulations prior to taping out the masks.  The challenge in making an SHA256 ASIC pretty much amounts to placing and routing a fairly simple netlist against the foundry's provided logic cell library, and then just copy'n'pasting the core all over the available die area.  The challenge with scrypt is monumental in comparison.

Maybe people just aren't understanding how dirt simple a hardware implementation of SHA256 really is..  Not exactly ground-breaking technology that demands a cutting-edge process node here.




You're correct on both of these items though.

EDIT - I misquoted the OP above, so went back and replaced "would" with "could" above.

All right, stating in all caps that it has ABSOLUTELY NOTHING TO DO with it may be a bit of hyperbole.

However, the folks you're talking about (just assuming that they are as credentialed as you indicate) don't have any data either.  Or at least, they have only the one data point that I have, which is the point at which someone felt that BitCoin ASICs were economically viable.

Bitcoin had nothing to blaze a trail, there was no reason for anyone to buy in or believe it would get to where it is.  I don't know what the market cap was when the various people and teams now producing bitcoin ASIC miners decided to move ahead on their projects. I know that they've only recently begun to ship.

Litecoin (no haterade here sorry just the best example of a scrypt coin atm) has had bitcoin to blaze a trail.  People are sorry that they missed out on the takeoff of BTC are going to be more eager to speculate, and thus more welcoming to the risk/reward ratio.

Put that burning desire together with moore's law and current research into various computing technologies.  I say we have an unpredictable situation here.

A billionaire might wake up tomorrow and say "fuck it let's have a scrypt ASIC". The odds of that having happened when Bitcoin were $2 apiece were pretty small. The odds of it happening to scrypt because someone is sorry they missed out on the "bitcoin rush" are much, much better.

Economic viability is a social factor. Even though the technicalities certainly do have an impact on those decisions. Or to put it another way, "ASIC-resistance" is a property of the coin and it's economy.  While the POW algorithm is a admittedly a factor, it's unlikely that it's going to be the actual deciding factor.

The actual deciding factor is going to be "fear of not being first".

That's all IMO, and so is anyone else's estimate of the situation. No disrespect intended. There are too many emotional factors this time around.

I've been at dinner and I'm taking in your posts.  Thank you for stopping in, as I do appreciate actually being educated a little.

I want to point this out, while I'm still taking in some of the more technical parts of your posts:


You've substituted the word "would" where I used the word "could" - in context (and with my admission of ignorance) it's an important change in meaning.  If I hadn't gone ahead and speculated I don't think I would have gotten such a thorough answer.

For now I'll take your knowledgability at face value and I'm off to re-read your posts before I say anything else.

I'm going to go read them a couple more times and see if I have anything to say :)

Mis-quote acknowledged, and I went back and fixed my post above to say "could" instead of "would" as you noted.

Based on the rapidly balooning hashrate for litecoin, and the facts that

1. 95% of GPU miners switched to litecoin weeks if not months ago (as it has _LONG_ been more profitable than BTC for GPU miners)
2. Only a complete idiot would continue buying GPUs to mine anything

it's possible that someone has developed an FPGA or ASIC for mining scrypt coins, but is adding hashrate in such a way as to disguise this fact.  It doesn't make $/kWh to buy GPU miners for scrypt coins anymore.

Not at all.  Neither condition is necessary for the point I'm making (well trying to make).  See...



So, what are we talking here.  Let's say $100,000 buys me an extra man-year of engineering time. Let's say it takes 2 man-years, and $200,000 extra.

Preposterous, do you disagree?  Nonetheless.

What's that mean to the overall cost of bringing an ASIC miner all the way to retail from scratch? 5% increase? 3% increase? I'm not going to say it's trivial.  It's no show stopper.



Oh my god, this is entirely new to me.  And absolutely hilarious.  If I recall correctly LiteCoin was actually developed for "GPU Resistance".  The irony here is "thick as butta".

On topic, you keep talking about amateurs.  That was what happened with the original, simple implementation of a blockchain, because "amateurs" were the only ones who cared and it was, as you state, embarrassingly simple.

I know I posted some of this after you but, with the example of BitCoin right in front of them, if a scrypt coin breaks $xx USD (mystery threshold at this time) and holds it for a few months, or shows signs of climbing, the situation is going to be quite different. It won't be about how many years it takes a man, it will be about how many man-years it takes.


The performance gap doesn't have to be epic, it just has to be significant, and "Burning tons of die area on SRAM" may be exactly what would happen.  I'll get back to this in a second. Also a reference back to my comment about your focus on amateurs.


Back to burning up that die space. What if (yes I'm speculating again, and asking for your input) some basic research or, more likely early prototyping/simulation, were to show that you could do it better by burning the whole damn thing on a single die. Stick with me here. The cost of the die will increase immensely.  But your ASIC miner could then consist of a power supply, an I/O interface comparable to a SHA256 asic, if not simpler, and a water (more likely oil) cooler.   

An interesting thought. If you care to analyze it I'm interested in what you have to say.  If you eliminate so many other factors in the design/development/manufacturing process, it might be worth the increased cost per die. Pile on reliability, life span in the field, and a few other factors. Would you be willing to dismiss this out of hand?

If so, I'd like to know what your experience and/or credentials are before I decide how seriously to take your dismissal.


This might be the show stopper. In light of my original point, I want to mention that just because something "isn't the cheapest way" doesn't make it "not economically viable". And it keeping with what I posted after you - the decision to actually create a Scrypt ASIC may be an entirely emotional one, with factors that were nonexistent "when bitcoin did it".

Back to our imaginary billionaire :)  It depends on what kind of guy he is.  If he wakes up and says "I want to pwn crypto" and goes about it as efficiently as possible, he's likely to speak to AMD. If he wakes up and says "I want to be the guy that brought out the scrypt ASIC", all other factors go out the window.

Profit is profit, and if the numbers are big enough, a 1% improvement in over all efficiency (calculated only by coins/joule) may make it "economically viable".


 ::) Good to know I was right about something.  You covered some of the same ground in both posts, if you think me shifting quoted blocks to address similar points changed your meaning, let me know.

I'm also glad no one has showed up to tell me about "an ASIC-proof algorithm".

I believe that there are FPGAs mining Litecoin right now, and have been for some time.  It's pretty silly to think there aren't, IMO.

Not ASICs.  There isn't enough money in all of altcoins to cause secret ASIC development - the costs are so extreme that the only hope for viability would be a sales plan.

Remember it isn't the miners that get rich in the gold rush.

Completely untrue at current profitability rates.  At current rates, mining LTC, a GPU will pay for itself in about 6.5 months.

Since people aren't exactly rushing out to buy GPU's at the moment and ASICS is a remote risk, we can expect the LTC network to stay at about the same hash rate / difficulty for an extended period of time more than sufficient to recoup any initial investment.

And GPU mining profit is WAY above the power cost.  Just run a calculator:

https://give-me-ltc.com/calc

Just absurd to suggest that, at current levels, LTC mining won't pay for the power.  Prove your claim.  And if true, why is 20 gh/s being thrown at LTC and clones ?

As for ASICS, good luck with your BFL pre-order #2,124,123.  Have fun mining with that once it arrives in 2040.  And for FPGA BTC mining good luck competing against the ASICS that have shipped and the hordes of them being run by the manufacturers for easy mining profit

I said this:


And you said this:


Do you see the disconnect, where you sort of confirm what I just said, but seem to be arguing against it?

Regarding ASICs I agree with you whole heartedly.

As for FPGAs, you'll never convince me that there isn't someone who programs FPGAs for a living or a hobby, already had a few sitting around, and set them up to mine litecoins. I'm sure they're out there.

It's not about being "ASIC-proof", more about being "disruption-proof". It's harder to disrupt the current Scrypt mining technology than it is to disrupt SHA-256 mining technology. This sort of protection has value for many people, especially since the Scrypt parameters could be tweaked to change the performance.

Actually, this thread is about being "ASIC-Proof" and/or "ASIC-Resistant".

That's a lovely subject for a different thread, though.

I kind of think maybe we are all bored and wanted a thread were we could all agree with each other ....


{hey digi, that's right i agree !, also i like your point before about where you said we would be agreeing with each other}

{thanks i agree}

{but wait, what about where you said we were bored? , do you mean that's why we made this thread, if so,  then i agree.}

{yeah that's what i said, so i agree with you too. }




also , what is a BOT?

Have you looked up ASIC-Proof and ASIC-Resistant in the dictionary? I have and they're not there, so I guess it's possible there's no canonical definition and we're into semantics now.

I consider two meanings:
1) Can never be mined at all by any custom ASIC hardware
2) It will be unlikely to be worthwhile to develop mass-produced ASICs for mining, which gives significant enough profitability increases that it becomes unprofitable with GPUs - i.e. ASICs are not a real threat in the future to replace GPU mining of the coin.

Isn't 2) more important than 1) ?

Came across this today:

Will you produce a multicurrency device for example Litecoin?
   
Right now we are busy developing the ASIC Bitcoin miners but we have noticed the interest and we are planning to release a multicurrency device later this year. (https://www.kncminer.com/pages/faq)

WindMaster must've got bored. It's a shame, he was educational.

Anyways, these could mean "later this year" in the BFL sense, and still I think that's not going to take "decades to come".

Even I thought it would take a stable valuation of at least $10/coin to push it. We'll see where Litecoin goes between now and then.

LOL. Either BFL BS or they are delusional idiots. "Currently we are busy doing other stuff but because of the interest we are planning to release an scrypt device later this year."

That's not BFL. (though they may not do any better.)

thats actually from kncminer.com  a new asic company. from what i gather (and i could be wrong here) they have an fpga, "the mars" that mines bitcoin they want to convert to scrypt. but who knows.

That was my point.

i agree.

Well ... GPU are good at scrypt because of their multiple computation units and their extremely high performance memory (the best we can do today for a "reasonable" size/price ratio.
Could a specifically designed ASIC be better than GPU ? Sure, of course, especially as GPU embark a lot of things not used for scrypt ... But it may not be a lot faster, more probably much more energy efficient.

Also, litecoin scrypt is designed to use memory, but not THAT much ... ~128KB per core (which can be further reduced if using some lookup gap). It was designed to fit in CPU L1/L2 cache.

If you go YACoin way (when N is large), with a memory limited to a few gigabytes, the number of usable cores drops significantly. But GPU are still much better than CPU because they have access to the best (still reasonably cheap) memory that we can make today.

If you want to make ASICs for scrypt (and especially flavours using more memory per core), you will essentially have to find a better memory than the one GPU makers use ... good luck to be profitable ^^ EDIT: Also, even going for sram, i'm not sure the speedup would be that great ... access latency of GDDR may be greater than sram, but this already can be masked significantly by multi-threading.



Last but not least, to explicitly give an answer to the first post : YES, IT IS POSSIBLE to design a coin to be mining-ASIC resistant ... The algorithm just has to change significantly at regular intervals (a few months should be more than enough). If every time some "hard to implement" features are randomly chosen for the next period, there is not much you can do except to go for circuits such as CPU and possibly GPU.

The fact that there is no ASIC like device when the market cap is fairly low is proof that the reverse feedback systems built by satoshi work, as soon as its worth building, it will be built.  This 'resistance' is built into all coins.

This doesn't change the fact that when it becomes viable to produce such devices, the performance gains will (I assume) not be as noticeable.  Hence the term resistant.

You forgot to double your electricity costs in summer :)


Diff going above 1000.

Asics/FPGAs for scyrpt CONFIRMED.

TRUEFACTS:

2000 khash/sec
1200 Watts
1000 Difficulty AND RISING RAPIDLY.
0.12 c/kWh x 2 (Cost to remove heat!)
2.62$/LTC  AND DROPPING QUICKLY

Profit is less than 1$/day and when you double elctricty costs YOU'RE LOSING 3$/DAY

Now to watch all the """"'unused"""""" 5xxx and 7xxx GPUs hit ebay and see the price of a 7970 hit 80$ used.

Just nitpicking (and I know you're far more experienced in logic design than I am), but SHA256 is almost irrelevant for scrypt, The real issue is the salsa-mix, which is designed to be memory-intensive and highly resistant to pipelining. The PBKDF2_SHA256 operations are just a wrapper around the meat of the algorithm.

You sir are a CryptoKnight +100 for this post.

I would like to refer you to this post: https://forum.litecoin.net/index.php/topic,2702.msg30526.html#msg30526 (https://forum.litecoin.net/index.php/topic,2702.msg30526.html#msg30526)

Please study this specific post as it contains a lot of relevant information on the topic.

I'm going to nitpick your nitpick of my post.  Where is the error in my mention that you have to perform SHA256 in the process of calculating an scrypt hash and checking the resulting difficulty?  Yes, we're all aware that salsa20/8 will consume the most logic area and/or take the most time to perform.  That's the very point I was making, that SHA256 is dirt simple to accomplish in an ASIC, while salsa20/8 is not dirt simple to accomplish in an ASIC.  But you still have to take it all the way through (PBKDF2_SHA256 and all) if you're going to see if your hash met the difficulty criteria, so you're still going to need SHA256 implemented.

You weren't able to avoid including an SHA256 implementation in your Litecoin FPGA miner, right?  A quick look at your Github repository shows that a Verilog implementation of SHA256 is indeed present in your source.  :)

blahblahblah

Unfortunately, that post also contains some significant errors even in the basic explanation of how scrypt works.  If that post's explanation were correct, it would not be possible to store less than the full 128kB buffer and exploit the obvious TMTO (which mtrlt nicknamed "lookup gap", which is a term anyone mining Litecoin with GPU's will probably recognize).  Every GPU scrypt miner exploits exactly that TMTO to speed up the process by not storing the full 128kB.

I completely agree with you. I think I failed to explain myself properly (it was getting late). I just picked up on your "an scrypt core will tend to contain two SHA256 cores" and thought, well mine doesn't! It just got the one SHA256 engine (and a slow 64 cycle one at that) that is used for all of the PBKDF2 operations, and it isn't even remotely stressed (of the roughly 229k 23k clock cycles per hash only around 13k 1.3k are spent on PBKDF2_SHA256, and even those are done in parallel with the salsa so do not affect the overall throughput). [EDIT] OOPS I was thinking in nS steps of simulation (using an arbitrary 10nS clock cycle, the real circuit runs at 25MHz).

I was just looking for an excuse to bump the thread and get some visibility for my github code as feedback has been woefully slow to date (yeah, I know its amateurish stuff, but I'm looking for tips from the pro's so as to improve it, though I fully understand that there is only very limited scope due to the design goals of the scrypt algorithm). Your comments have been very helpful, many thanks for your input  :)

Someone is wrong on the internet. But I won't waste time explaining into depths.



Asic resistance of the scrypt is compared to how much memory would you need to crack 6,7,8+ lenght passwords. You need a lot of memory to crack 8+ lenght passwords. So much memory, that it is not viable option at this moment.


But that does not mean, that you can't make asic chips that would be 10-100 times faster than gpu's at the moment. Memory price has insignificant role in this. You can buy 4GB very fast ram for 20$. Where do you see problem in ram prices?

I believe no Scrypt asics are there just because the process to create chips cost too much. TMSC will not create you chips for 1000$ :p

So whens this fire sale of these 7950's beginning ?? , i can only see the price rising - ?

i think the only time they will be dumped is when they are no longer useful in the whole market - i.e when we see a sCrypt ASIC , and only after they are readily available.   

and a prime numbers ASIC and all kinds more special purpose ASICs.

It might make sense actually if you happen to be a huge multinational corp launching a coin to build your own special ASICs first then launch the coin.

Like playstationcoin or xboxcoin or whatever, mined by a special chip inside the box...

-MarkM-

I think it's just a black box.. maybe, if you are lucky, it gets filled with ASCS during the next few years... dpeending of your order number and of the supplies of PSUs.