Bitcoin Forum

Alternate cryptocurrencies => Mining (Altcoins) => Topic started by: jvanname on December 09, 2018, 07:17:48 PM

Title: Why are cryptocurrencies still using useless mining problems?
Post by: jvanname on December 09, 2018, 07:17:48 PM
So about a year and a half ago, I became interested in the notion of a useful cryptocurrency mining problem. That is a cryptocurrency mining problem that has value outside the cryptocurrency. I just do not want to see all the resources spent on mining cryptocurrencies go to waste.

Unfortunately, the notion of a useful cryptocurrency mining problem has not received much attention from the cryptocurrency community most likely because people think that other consensus mechanisms can replace proof-of-work or because they think that the completely useless ASIC resistance debate is more important (the idea of ASIC resistance so far has been a complete failure).

The few people who have actually given a moment to think seriously about the notion of a useful cryptocurrency mining problem have proposed such problems which are either incapable of establishing decentralized consensus or are completely useless. For example, the completely useless cryptocurrency mining problems that people claim to be useful include unknotting mathematical knots, playing chess, running Conway's Game of Life, Rubik's cube calculations, elliptic curve calculations, the problem of finding interesting prime numbers, and other calculations which are much less useful than SHA-256. I can argue that SHA-256 is useful for cryptanalysis and ever-so-slightly useful for incentivizing the construction of a reversible computer (this is by accident). After all, we can argue that we know more about SHA-256 because we have plenty of examples of exceptionally small SHA-256 hashes and cryptographers can use this data to construct better cryptographic hash functions. Does the cryptanalytic value of all of these SHA-256 calculations make SHA-256 mining a useful mining problem? No. It does not. Cryptographers have absolutely no interest in the exceptionally low hashes produced from Bitcoin mining. As SHA-256 is not a useful mining problem, the proposals for useful mining problems that I have just listed are also completely useless.

Most computational problems cannot be made into cryptocurrency mining problems since cryptocurrency mining problems must satisfy some fairly strict requirements; for instance, useful cryptocurrency mining problems must be easy to verify, hard to solve, and the practical use of the cryptocurrency mining problem should be comparable to the amount of resources put into solving the mining problem. The solutions to these problems must also depend solely on the random data generated from the blockchain. Nevertheless, even though useful cryptocurrency mining problems must satisfy some stringent requirements, nobody should ever claim that it is impossible to create a useful cryptocurrency mining problem.

My proposal: So a year and a half ago when I became interested in useful proof-of-work problems, I proposed that one should use cryptocurrency mining problems in order to accelerate the development of reversible computers.

If you know anything about CPUs, you know that they get hot and that one needs to use a fan to cool them down. Today, a CPU can consume about 100 W/cm^2 which is a lot of power per volume after you consider the fact that integrated circuits are completely flat. Right now, the energy consumption of integrated circuits is the main bottleneck that forbids people form increasing the performance of these integrated circuits. To make matters worse, there is a fundamental limit to the energy efficiency of reversible computation. Landauer's principle states in order to delete N bits of information, it takes k*T*N*ln(2) energy where k is Boltzmann's constant and T is the temperature (k=1.38*10^(-23)Joules/Kelvin). By deleting, I mean replacing the N bits of information with 0's. Landauer's principle should be considered as a consequence of the second law of thermodynamics since any computer which violates Landauer's principle lowers the entropy of a closed system.

The only way to compute without having to be subject to Landauer's principle is to refrain from deleting information as much as possible. This is where reversible computing comes into the picture. Reversible computation is the type of computation where one deletes as little information as possible in order to save energy and to prevent overheating. Now, since Landauer's limit k*T*ln(2) is quite small, in the past, Landauer's limit has not been an issue in the performance of computers. However, right now, energy usage and heat production is the greatest issue with modern integrated circuits. The only way to lower the energy usage and heat production of integrated circuits in the long term is therefore to start constructing reversible integrated circuits. So, there are currently no integrated circuits out on the free market. However, reversible computing is not completely theoretical either since there are examples of circuits developed for research purposes whose energy efficiency either exceeds Landauer's limit per operation or is quite close, and there are theoretical models of energy efficient reversible computation whose energy efficiency is far below Landauer's limit per operation.

Now, even though reversible computing will consume much less energy per logic gate operation, it usually takes more logic gate operations for reversible computation to perform a task than it takes a conventional computer to perform the same task. Nevertheless, this computational overhead incurred from reversiblity is surprisingly tame, so in the future, we should expect for reversible computers to eventually outperform and replace conventional computers. However, in the near future, it will be difficult to overcome this computational overhead in general. Now, reversible computation does not affect all computational problems equally. There are some problems that can be solved on a reversible computer using just as many steps as they can be solved on a conventional computer.

The cryptocurrency mining problem that I had invented called Hashspin is an algorithm designed incentivize the development of the free market reversible computer.

Hashspin is based upon two linear feedback shift registers (LFSRs) where the first LFSR is 15 bits long and the second LFSR is 17 bits long. Hashspin also needs some other components in order to work, but most of the resources spent on mining Hashspin will be spent on running these LFSRs. These LFSRs are designed to be computed using reversible computers. If you know anything about LFSRs, you will know that they are very simple and they require very little hardware and very little board space. It will therefore be much easier for hardware manufacturers to construct these reversible LFSRs than it would be for hardware manufacturers to construct reversible computers for any other purpose. Since every register in the LFSR must run continuously, the mining hardware manufacturers will set cutting down the amount of energy that Hashspin uses their first priority, and the best way to make these LFSRs more energy efficient will be to make them physically reversible. Hashspin will therefore incentivize these hardware manufacturers to construct the first free market reversible computers.

Reversible computers will undoubtably become the computers of the future, so I do not see how a mining problem can be made more useful than a mining problem that accelerates the development of the reversible computer. In any case, even if you are a skeptic, Hashspin is more useful as a cryptocurrency mining problem than all other mining problems such as SHA-256, Ethash, or any other mining problem.

The current state: I already have the algorithm Hashspin set up, but I need help implementing this algorithm into a new cryptocurrency (I am a mathematician and I do not have the greatest software engineering background). I have done some preliminary tests on the cryptographic security of Hashspin, but since the cryptographic community has not tried to attack Hashspin, we need to be cautious. It should be sufficient for Hashspin to use a larger number of rounds for the first couple of years in a live cryptocurrency. I do not think that we have to worry too much about the cryptographic security of Hashspin since the LFSR component of Hashspin only requires 16 bits of security which is nothing for cryptography (and in a sense Hashspin requires much less than 16 bits of security).

I have made previous posts about this topic on Bitcointalk, but I have since changed the algorithm from an algorithm that does not use LFSRs to one that uses LFSRs. This improvement simplifies the algorithm, increases the cryptographic security, makes the algorithm easier to analyze cryptographically, and it ultimately will make it easier to hardware manufacturers to construct reversible mining machines. Currently, noone else is working on this project.