Bitcoin Forum

Would it be even remotely possible to force the change in sha256 bitcoin algorith to something else that asic and fpga devices couldnt compute?

We started off with a bitcoin that anyone could use and now were forced to buy stuff we dont really want.

I realise that there are some ppl that allready invested in asic and fpga, but ton off ppl are unsatisfied with this.

Do U think btc should move away from sha256 and let "normal" people the chance ?

It's like a beautiful castle was built and everyone wants a job as a janitor.

You aren't forced to provide hashes to help secure the network, if you don't want to do it in the most efficient way, then do it at a loss or don't do it.

Why stop there?  Shouldn't we just change the block reward subsidy and stick with 50 BTC per block while we are at it?  

</snark>

I personally think that's a really good thing.

It really is time that Bitcoin steps away from mining (print free money) thing to attract new users.

It's time that the Community grows because of the awesome possibility BTC provides. And I personally think, that ASICs and reward halving appearing at nearly the same time will force this development.

With this Bitcoiners will have to find ways to use BTC to make money and not just create them.

I really look forward to the next month to come.

No. For one thing, ASICs and FPGAs can be constructed for any computable function, ie, anything a CPU can do, an ASIC can be constructed to do it more efficiently. It's just a question of whether it's worth the development cost.

This is the second thing. The purpose of mining is not to allow "anyone" to create free money by burning spare CPU cycles all day. The purpose of mining is to secure the network from attack. Nothing more. One of the larget threats is posed by mining botnets, and such botnets will have access to a lot of powerful CPUs and some decent GPUs, but almost certainly no suitable FPGAs or ASICs. Litecoin and other "CPU-friendly" coins are ipso facto botnet-friendly, and there is a very real danger that an attacker with a reasonably sized botnet could pull off a 51% attack against Litecoin. On the other hand, by requiring specialised hardware to mine efficiently, Bitcoin also requires specialised hardware to attack efficiently, making it much more secure against attackers using conventional hardware.

Just start your own cryptocurrency, and stop talking about this. The point has been revisited over 9000 times, and everyone is tired hearing about it.

No. Even if SHA256 was hacked I doubt bitcoiners would come to any consensus regarding a new algo.

Mining bitcoins doesn't equal using bitcoins. Anyone can still start using bitcoins in a few minutes. Download a lightweight client create your wallet and you are done.

I seriously hope we will get to proof of stake with a virtually vanishing transaction fee. Mining does not serve the purpose to make some people rich. It *only* exists to secure our all money of the future and I would be very sad if we ever had to defend bitcoin against claims about it consuming 10% of all energy produced by humanity just because it turned into the dominant currency before block subsidies dropped enough or before we turned away from proof of energy wasted.

It doesent change a bit on a 51% attack, now we dont need to fear botnets but people with decent pockets full of playmoney, just my thought.

What i find annoying is that its even possible to build specialized hardware that has such a difference in performance over the existing hardware. I like to compare that to the invention of automated mining equipment from mining with a shovel.

So this just leads to the thought it should have been a requirement right from the start to use specialized mining boards, this would have avoided botminers and a promt rise effectivity as now by asic vendors claimed. Am i wrong??

EDIT:
So my conclusion is, probably it was the wrong algo right from the start that allowed effective cpu/gpu mining.

Ever bought some usb stick at the corner with some gimmick? Bitcoin mining could just be such a gimmick if production prices drop due to mass adoption, so for sure you will get cheap bitcoin mining equipment at every corner later next year ;) if you don't change the protocol.

Changing the protocol in ever shorter intervals to stop that trend is totally pointless as with the current $ rates >=2 companies built ASICS with a 1 year time to develop for customers buying them for a ~1 year life span. Changing the protocol in 2 years intervals would stop these businesses. With $100/Ƀ this 2 years might be just 1 year. FPGA have much shorter development cycles and aren't in every home neither. Should we agree on a new algorithm every 3 months?

Also changing the protocol should happen at a schedule so it is no hurting any product currently being developed. Rendering the investment of the most passionate Bitcoin miners worthless is very crazy. Rendering the development costs of the most passionate Bitcoin mining gear producers worthless would be a very sad thing. Rendering the brands of mining companies worthless is a damage I would take to get to proof of stake.

I say let it happen.

Uuhhhh the GPU/FPGA cockroaches wich cry because their investment is suddenly useless. "you" do not want, WE want asics


No. The "ton of ppl" are the GPU/FPGA ppl who spent tons of money thinking "yay now i become super rich" and now are "i don't became super rich"

So no, bitcoin algorithm is FINE.

Exactly. If you don't like ASICs, switch to a different crypto currency and see how shitty they are compared to bitcoin.

Beside the current state that bitcoin is the market leader in crypto currencies - if not the basis for crypto currencies ,the cards are shuffled again.

As mentioned in my previous post, my guess the currency has had to be build with an algo optimized for fpga/asic devices or smilar without possible drastical changes in hashpower and energy consumption.
If this was a real mistake i wonder what else might be missed out.

What i wonder right now is, the currently developed cpu/s and gpu/s seem to have a complete different structure than the mining devices required for bitcoin, these cpu`s /gpu`s are widely used and have a purpose, now there is a lot of "energy" invested to create entirely different cpu`s for bitcoin asics, but for what else beside bitcoin can these devices get used. Lets say bitcoin disappears or gets replaced by another algo, for what could these asic devices get used?

If there would be no usage beside bitcoin for these devices, i would consider this another point to think about.

Why don't you join the litecoin project then (if its still alive) ?
It's a dead end but it makes more sense for you than to hope for the change you are suggesting.
Since we know BIPs (Bitcoin Improvement Proposals), maybe it's time to start reviewing BDP (Bitcoin Deterioration Proposals).

I think the voting results sums the situation up pretty fine.

I only voted yes, because I hope down the road they will use a higher bit hash algorithm such as SHA 512 or if one comes along 1024. Not to undermine ASICS and FPGA's, or upset the decentralized balance of mining but to increase the key space for private keys and bitcoin addresses to make it even harder to brute force someones address, because 40 quadrillion years is to damn short! (http://www.reddit.com/r/Bitcoin/comments/yua6m/even_science_fiction/)

:))

sure, and I hope SHA256 will turn obsolete in a way that rig producers can produce future-save rigs, so fast hardware doesn't turn obsolete at some random we-switch-the-algorithm-day. Maybe SHA512 will also co-exist for a year or so. Why not.

Or sign up for an account at Walletbit (www.walletbit.com (http://www.walletbit.com)) and you have a wallet instantly. No downloads or special software needed - just a browser. WalletBit solves the problem of the bloated block chain for new users.

He didn't say it would have to be something a CPU could do, did he? He just said something an ASIC or FPGA couldn't do. For example, an algorithm that required 1TB of memory could not be computed by a CPU, ASIC, or FPGA. (Without additional hardware that would determine the performance and be the same for all three implementations.)


That's not true either. As a silly counter example, consider this algorithm: "Given a sequence of x86 assembly instructions, run them until they return, and tell me what's in the registers". You really think you can make an ASIC that's faster at that task?


Exactly. What matters is not theoretical but practical. Whether it is worth the development cost depends primarily on how big an advantage the ASIC would have over a CPU. If the algorithm were constructed such that CPUs were already nearly-optimal (for example, if it required lots of branches and lots of memory), there would be no cost justification for developing an ASIC. Instead, miners would just use lots of CPUs.

I think if we had it to do over, we'd pick a mining algorithm that requires lots of memory and lots of branches. But I don't think it's at all possible to change things now.

I also seriously hope so. Improving on proof-of-work is like improving on nuclear weapons.

Concerning power consumption isn't it better to go ahead with rather rare ASICS than a lot of CPUs/GPUs?

The amount of resources put into mining will be about the same as the block reward. It may be more on the energy side, more on the raw material side or more on the profit for the producer side. From an ecological stand-point I prefer profit for the hardware producers and hope this area will yield enough profit so they don't lock competition out with patents and other dirty weapons.

The block hashing algorithm (SHA256) isn't related to the number of possible Bitcoin addresses.

But you're probably right. At some point we will have to change the address space, and probably also the block hashing algorithm. But there's really no reason to worry about this yet.

The better the idea the longer it remains useful.

Making Bitcoin more useful is a more worthy goal than just thinking about, "How many Thash can I get out of my ASIC setup?".

From miners' perspective, the total amount of resources devoted to mining will be the same. The total rewards will be the same. The industry will remain competitive at the miner level (unless ASIC suppliers decide to mine themselves). Until ASIC suppliers decide to take over mining, the supply of ASICs will remain open and available to all.

From a social perspective, we will be wasting engineering labor rather than electricity. The total amount of resources wasted will be less than the amount spent on equipment by miners. Some of the money will be ASIC manufacturer profit (this profit is a tax on bitcoin users, but it just redistributes resources from bitcoin users to ASIC manufactures. There is no destruction involved). There are large economies of scale in ASIC development. The industry will be dominated by one or two firms. These firms will price ASICs well above cost.

If one company is extremely dominant, it will sell ASICs that are almost pure profit. There will be minimal resource waste. However, the one company will have complete control over the blockchain.
i.e. bitcoin will operate much like a company database.

If the only point of the change is to make it easier to compute hashes....then no, I think it's a bad idea. I think the protocol can be modified in the future to support yet to be invented encryption techniques though...

I agree with that.

Unmentioned ASIC advantage:
BOTNET miners are mostly out of the picture.  As difficulty rises, the profit of even a huge botnet will drop and probably drop below other more profitable botnet uses.  Assuming botnet herders dump all btc for fiat currency (which may not be true), asics may keep more money in the community. 

Indeed this has been mentioned before and as i posted previously the whole botnet issue could have been avoided right from the start by developing the algo for fpga/asic/similar devices only.
What i miss in the fpga/asic development another field where these devices could get used (or at least the tech) for an other purposes than mining.

EDIT: Another guy in this thread somewhere mentioned a ram intensive algo, guess this could also be a solution to ban botnets, lets say 16/32/64gb ram would be required to mine, almost no ordinary pc has it.

Hmm, as some smart observer pointed out earlier the point of mining is to secure the network from attack.  What's bitcoin's problem with botnets again? 

The problem with botnets is twofold:
1) a botnet causing many users a high electricity bill might bring bad reputation to bitcoin
2) a huge botnet with an algo that runs on CPU might be used for a democracy51% attack

Double SHA-256 won't be a concern for a long, long time if ever.

Do. You. Promise. This. ?

Yep, will bet with escrow and a deadline in the following few years (a matter of not having to wait forever mostly).  :P

Your confidence in strength of SHA-256 changes nothing. The algo can be cracked tomorrow... or in 1000000 years.
20 years ago almost everyone was sure that MD4 couldn't be compromised. Now it can be (http://www.iacr.org/archive/fse2007/45930331/45930331.pdf).

Even if there are collision attacks against SHA2, I don't think (IANACryptanalysist) it would even have much of an effect on how bitcoin uses it. There are no passwords being protected by it. Coming up with a hash with lots of leading zeros via a collision attack surely cannot be faster than simply finding one randomly with a nonce. Now that new code prevents any issues arising from new blocks having the same hash as an older block, there really is no particularly effective attack even if SHA2 becomes significantly weakened. If there is a collision attack against RIPEMD160, things are a little more dodgy, but you still have to have a private key that matches a public key that hashes to the RIPEMD hash.

Sorry, but I disagree. If coming up with a hash with lots of zeros is faster than simply finding a nonce, then 51% attack will transform into "less than 1%" attack. This will kill Bitcoin coz everyone will be able to double-spend coins.

But this is extraordinarily, unbelievably, impossibly unlikely. The block has to be 1) a valid bitcoin block, which heavily limits what data can be used to find a collision and essentially goes back to using a nonce, and 2) limits you to ONE SPECIFIC hash whereas searching for ANY hash with the correct leading number of zeros is many, many magnitudes easier. Bitcoin mining is essentially already a partial-collision attack.

I mean other type of attack. Not attempt to find a collision for an existing block, but attempt to find nonces for new ones with insane rate.

So the miner software needs to be updated that will find new blocks via attack method. This is still serving as a valid proof-of-work and the difficulty will adjust for new block rate.

If an attacker reveals a way how to make an attack. He will, likely, keep it in secret. Also, if the attack lets to find a hash with ALL zeros then "difficulty" will make no sense anymore.

The probability of SHA256 being completely cracked is very low. All zeroes will not make sense of difficulty anymore, that is completely true.

But in my opinion the greatest threat for Bitcoin existence is global internet blackout. Bitcoin might be completely decentralized, the internet infrastructure is very centralized. ISP providers must comply with ever increasingly totalitarian laws to operate. Most countries in European Union have silently passed laws that enable total internet kill switch in "cases of emergencies, natural disasters or civil unrest". This might not be relevant to original question about SHA256 being cracked, but this total blackout is more realistic threat to be worried about. The alien invasion also can cause Bitcoin to fail because aliens might start >50% attack with spaceship's onboard computer, but we don't think that this is a way how Bitcoins will fail, right?

I agree. Peer-to-peer (WiFi) network of mobile devices could help us though. But it's for discussion in other thread.

This is not how attacks on hashing algorithms work. At least, no one has ever studied the possibility of it because it would normally be retarded. In bitcoin's case, it would make a bit more sense, but I don't know if such a thing is even possible. Hashing algorithm attacks fall under the category of collision attacks, where m1 != m2 but h(m1) == h(m2) or pre-image attacks such that given a hash h find a message m that hashes to it. There is no such attack as "given m + nonce, find h < difficulty faster than brute force". Even MD4 and 5 are not broken in this sense at all and could potentially be used for bitcoin without repercussions other than being only 128-bit.

I have read that Bitcoin can relatively easy replace SHA256 with another hash algorithm if SHA256 security is at question. This will cause all clients to update but it will not change how Bitcoin operates.

Relatively is a relative word. It is a hard fork and not an easy thing at all to accomplish. It will also void all ASIC hardware.

Voiding asic mining was the general idea :)  it is not so super duper awesome to everyone.
cheers

I still like the idea of a ram intensive algo (eventually ram speed could play a role) maybe combined with something only multi cpu/gpu can solve effectively.
This way you ban botnets and make asic manufacturers/buyers wet eyes.
I still would like to know for what else beside mining an asic or its technology is useful/applicable, maybe it would be smart to invent a technology if this is not the case that would be useful for other computing operations, with multi cpu this would be the case i guess.

+1

ASIC always will be more effective at this! That's why they are called Application Specific Integrated Circuit.I did not know that computers in botnets have no CPU's or GPU's. The bots probably run on vacuum valves and punch card printers.

Yeah sure, my idea was, almost no conventional pc has 32 or even 64 gb of ram, it was just a thought that would allow to mine cpu/gpu like devices without the so feared botnets.
Thats why i mentioned to eventually make the ram speed a factor, but hell ,yeah, i just dont have enough technical insight to provide really useful contributions here, all i can do is guesswork too.

So if this really is a topic that could be considered people with a technical insight should take over here, otherwise i see no real reason to continue this thread.

In next 2 to 3 years your average gaming rig might have this much RAM. And for high-end servers this is a norm already. Change Bitcoin algo again then? And it is two different things RAM size and RAM speed. And the largest RAM is often the slowest with increased latencies. The CPU cache is faster than any RAM.Why are you afraid from botnets? Are they attacking you? Or are you a part of botnet? Try to rent some you might actually start to love them! ;)

Computing is computing. As long as it plays by bitcoin rules it helps Bitcoin to survive!

I never had a problem with botnets mining bitcoin, why should i, its just a sideeffect of either asics or higher required ram or whatever that botnets can not participate anymore.

Who is actually in charge of such a descision btw?

The majority of users who run Bitcoin nodes.

There was no such decision made previously. Satoshi decided on the initial hashing method and we use it today. Probably if such change is needed then much hated Bitcoin Foundation and Gavin Andersen as a lead developer will start discussion about it.

While it is true that ASICs can be better at many given tasks, the changing the protocol and VOIDING the ASICs is the attack against them.  They adapt (which takes months or even half a year) then you change it again killing them financially.  I am NOT FOR THIS, just pointing it out. 

And why do that? To have no ASICs in distributed miners possession but to allow government to make the ASICs and attack Bitcoin with 51% attack? Think something like Bombe that cracked Enigma codes in WW2.

I am not for it as said above.  Just pointing out the strategy that some may be in favor of.  I believe having ASICs made by two or more companies makes bitcoin stronger not weaker then having no ASICs.  I also believe in keeping the protocol the same unless there is a problem with it.  Having the winners and losers change via the free market is NOT A PROBLEM. 

So instead of spending money on ASICs I have to buy a bunch of friggin RAM?  How does that lower the barrier to entry you're so angry with?

"what else beside mining an asic or its technology is useful/applicable"


Uuuhhh do you know that every hardware piece is an "asic"? Your cpu, your graphic card etcetcetc

And do you know that if you make a ram intensive algo with cpu and gpu you can make an asic optimized for it without problems, exactly like now?

Seriously guys at least learn what asic means and how computers work before "suggesting" things  :D

You exactly know what we talking about, dont pretend you dont understand it.

Maybe we can force everybody to print out the bit-coin on a piece of specially manufactured paper, say with a watermark or something that changes colour with heat, that way we will know who used a GPU.

No. Your CPU is not application specific.

No. Making an ASIC that's significantly more efficient than commodity hardware at accessing large amounts of memory is qualitatively different from making an ASIC that's significantly more efficient at bit twiddling tasks that don't require unpredictable branching or large amounts of memory. These two tasks are not at all exactly alike.

One can easily make ASICs that are thousands of times faster than commodity CPUs at SHA256. One cannot easily make ASICs that are even ten times faster than commodity hardware at accessing large amounts of memory.

Agreed.  And one could make a task that used required BOTH a GPU and an X86 processor with a certain amount of RAM.  A well designed task could be made that required equal parts of both and could not be optimized for ASIC.  A miner would need to have both a healthy CPU and GPU.  Even if one offloaded tasks to an ASIC a miner would still need an x86 CPU core for each ASIC.  There are many possibilities.   

A huge downside is with a task this complex, there could be an unforeseen shortcut or even a known shortcut (to few people) that gives someone an advantage.  I am not for any of this.  I think SHA256 is fine until there appear to be some cracks in it. 

er actually the CPU IS application specific.
It takes a finite number of preprogrammed states and produces predictable outputs for those states.

The fact that you can "re-arrange" those states EXTERNALLY to perform another task, does not make the CPU non 'application specific'

The same way that an ASIC inside a software radio, does not work with only one type of spoken language.


Infact Intel take it a step further, in that the  CPU is an ASIC that can be re-arranged via a microcode insert.

HC

By your logic nearly all chips are ASICs.  But ASIC is an industry term for a chip that is designed to a specific application.  The part that is not explicitly said but CLEARLY IMPLIED is that an ASIC is for a narrow application, not  a broad one.  A 7404 TTL chip is application specific for inverting TTL, that does not make it an ASIC. 

When it is cracked bitcoin is dead and a new currency will take its place.

You are using the term "ASIC" differently from the way everyone else is using it. If you are doing this deliberately, then you are a malicious jerk out to waste everyone else's time. If you are doing this inadvertently, then you are an ignorant fool claiming to correct those who know more than you do. I don't know which, but either way, it's not too good for you.

The difference between an ASIC and a general-purpose component like a CPU is that an ASIC is specifically designed to be used in a specific application whereas a general-purpose component like a CPU is designed to be flexible and find use in many different applications.

I could not have said it better.

Actually it is you that is the jerk, for taking such a high handed  Holier than thou attitude.

http://www.open-silicon.com/company/news-events/press-releases/open-silicon,-mips-technologies,-and-dolphin-technology-achieve-asic-cpu-performance-of-over-24ghz-in-tsmc-40nm/ (http://www.open-silicon.com/company/news-events/press-releases/open-silicon,-mips-technologies,-and-dolphin-technology-achieve-asic-cpu-performance-of-over-24ghz-in-tsmc-40nm/)

When SHA-256 is cracked?

I doubt the community would be strong enough to achieve that kind of agreement. However, there is no better alternative now so I doubt Bitcoin would be dead, it would be just set back noticeably, but it would continue ahead.

Most of the community would just blindly follow what ever Gavin and the dev team puts out.

That's the forums. The valuation would tell you a different story.

That is only needed if there were a crack exploited suddenly, and not the more likely scenario where the weakness is known years before it can become a problem.   If it were to occur suddenly, a lot more is affected than just Bitcoin.

replying to OP first post.

back in the medieval times people could easily mine gold with just a bucket and filter out all the minerals to keep the shiny stuff.. now'a days you need expensive machinery, experts in mechanics, explosives and geology...

so this is the natural progression of mining a limited resource.

so trade in your bucket (GPU) for a box of TNT and a drill (FPGA) and if you have the money an excavator/ gold wash filtering machine(ASIC).

i understand you want to keep your bucket so u can mine gold, and know it has other uses such as making sand castles or fetching water from a well. but times move on. gold miners wouldn't take their kids to school in a excavator, but they do see the benefits in having one.

Even if there was an algorithm change, someone would create an ASIC Bitcoin miner for the new algorithm.

Also, by having dedicated Bitcoin mining hardware (as opposed to using GPUs), the money that miners pay for their hardware goes directly back into the Bitcoin economy most of the time. For instance, by paying for an ASIC mining unit in BTC, your BTC is being paid to the employees in the company manufacturing it, who then will spend it elsewhere. When miners buy GPUs, they're giving fiat money to AMD. While their employees may use Bitcoin, I would imagine their use is at a much lower level than that of employees in a Bitcoin-centric company.

If you change the algo to repell custom hardware producers, you will do so every now and then. Result would be some mistery miners that still do custom hardware for their benefit under the radar so the algo keeps stable longer.

Please don't hurt those that are more into bitcoin than anybody else. Please don't hurt those that cast our beloved algorithms in silicon.

+1