Yeah, you are right and I was wrong. It seems like the N-way unrolled designs are also N-way pipelined. But the degree of pipelining doesn't have to equal the degree of unrolling.

No, I don't think so. I think that the limitations are due to the heuristics used by FPGA synthesis tools. At least in Xilinxes the registers are essentially free. Pretty much each slice can have direct combinatorial outputs or registered outputs mixed with no restrictions.

I shouldn't have written about no pipelining. The more accurate way would be inflexible pipelining. It would be better to describe level of unrolling and level of pipelining as two variables that are somewhat independent.

I just looked again into the folder that I used to store the Verilog source code for Bitcoin hashers.

It seems like some of them are indeed pipelined, but the level of pipelining is equal to the level of unrolling. It seems like ztex uses 125-way unrolling and 125-way pipelining.  So the design computes in a single clock rounds of hashes for nonces (N-124 to N). When nonce N is on the input the output shows the final hash for nonce N-124.

In general a 125-way unrolled design can be pipelined anywhere from 1 to 125 stages.

There are also other possible ways of pipelining the SHA-256. For example the (W(i) + K(i)) expansion function uses a four-way adder: K(i) + S1(W(i-2)) + W(-7) + S0(W(i-15)) + W(i-16). One could factor out the last two addends S0(W(i-15)) + W(i-16) and precompute them in previous round as S0(W(i-14)) + W(i-15). Or even go two rounds deep and compute S0(W(i-13)) + W(i-14). And so forth.

My guess is that the number of possible valid transformations overwhelm the synthesis tools and they blow up either on memory usage or time.

Anyway, those are just my speculations. I haven't spend much eyeball time analyzing the available codes.

Lets not confuse unrolling with pipelining. Current open-source designs are fully-unrolled, but I have yet to see a propergeneral pipelined design that is open-sourced. Maybe a different scheme of pipelining and unrolling is what BFL did? By flexibly pipelining the unrolled design they could significantly crank up the clock, since the FPGAs are limited more by the propagation delay in the signal routing than in the propagation delay in the actual logic.


No, this is a horrible analogy.

To understand the unrolling as applied to the logic design you need to understand the difference between combinatorial and sequential logic.

In combinatorial logic the outputs are simply a function of inputs.

In sequential logic the outputs are a function of inputs and the internal state. All the current FPGA hashing appliances use a variant of sequential logic called synchronous sequential logic: there is a dedicated clock input and a change on the clock is when the internal state gets updated.

Fully unrolled (128-way or 125-way) Bitcoin hash means that the logic that computes it is fully combinatorial, there is no internal state used inside the cascade of the two SHA246 hashers. The clock is still used in the fully-unrolled design: to increment the nonce counter and to sample the zero-comparator at the output of the hasher.

64-way unrolled Bitcoin hash means that there is one internal state register that stores the intermediate state. During the odd clock cycles it does single SHA-256 of the input (midstate and nonce) and stores it in the internal state. During the even clock cycles it does single SHA-256 of the internal state and presents it on the output. This cicrcuit is only about half the size of the above circuit.

Now fully unrolled and pipelined design would be about the same size as the above fully-unrolled design but it would have some internal state registers. If there is one level of pipelining then in each clock cycle first half of the circuit would compute single SHA-256 for nonce "N" and the second half of the circuit would compute single SHA-256 for the nonce "N-1".

In unpipelined design the input signal have to race through full 128 (or 125) rounds of SHA-256 to the zero-comparator. With one level pipelined design the the inputs have to race through 64 rounds of the first SHA-256 to the internal register simultaneously with another set of signals racing through 64 (or 61) rounds from the internal register to the zero-comparator. Simplistically one could say that the clock rate on this design could be almost double of the clock rate of the non-pipelined design.

Again, I haven't seen anyone publishing open-source designs that are both independently unrolled and pipelined. I think this is due to the limitations of the FPGA synthesis tools. They either require tens or hundreds of GB of RAM or months of CPU time.

Anyway, kano, I suggest that you throw away your domino set. Get yourself a free version of Xilinx ISE or Altera Quartus and use them to play FPGA design game. It is like playing Tetris, chess & contract bridge all on the same board.

Actually genjix himself assigned 0016 for that purpose.

My PM to genjix:

genjix's reply:
Just to settle the score.

Well, I have to thank you for beating me with a clue stick. I deserved this at least once a decade. I wasn't supposed to comment on the matters related to a pending litigation, even if only tangentially and anonymously.

I'm such an idiot.

I'm doing a full quote from Steve just to keep the proof that he cannot read with comprehension.

I never called Ripple "bunk" and I never called Bitcoinica "scam". Pretty much everything you wrote about me is a simple lie, rooted in your compulsion to read between the lines and obsessive search for strawmen to refute:


Bitcoinica is a blend of a pure "bucket shop" with partially hedged own-account speculation by the owner. No matter what it is, it isn't an exchange. Since I never called Bitcoinica "scam" this is a classic strawman.

Ripple is a high speed computer network and cryptographic implementation of the old, well known concept of Wechsel. There is a big problem in explaining this in English because the concept of Wechsel is only known and used in countries with statutory law system, but English-speaking countries have common law system.

The concept of Ripple is to the large extent isomorphic to concept of Wechsel, most of the differences are in the implementation. In particular they both have similar benefits and drawbacks. The most commonly exploited drawback of the vexels will be the most commonly exploited drawbacks of Ripple.

There are thick books written about the vexels and their circulation. Too bad that those books aren't in English. As they say "you can lead a horse to water, but you can't make it drink". The same thing happened here: "you can give Steve links to the documentation, but you can't make him read".

Not all "native English speakers" have problem understanding vexels. Only the subset of them: those who refuse to learn any other human language and assume that if it isn't in English then it isn't worth trying to understand.

I want to thank everyone for the patience. I hope that those of you who can read at least one other language will find intellectual stimulation in the link I gave.

Oh well, I tried.

The system you describe does exist and the difference is that instead of exchanging cryptographic certificates people exchange little paper forms with hand-signatures and stamps (pictures are on the German Wikipedia page I linked.)

The attacks are not "against the system", but "against the users who don't want to learn how the system works."

The little stamps are there to finance the collections: if somebody tries to repudiate the vexel, the stamps are proof that the owner paid the taxes and is entitled to the help of marshals in the attachment of furniture or other valuables.

What I find most interesting about all the discussions I had about RipplePay and Wechsels is that pretty much only the mono-lingual English speakers cannot comprehend the equivalence between the two concepts. On the other hand, if I discuss the two concepts in English and the interlocutor immediately grasps them, it turns out that his/her mother tongue is either Hebrew or Yiddish.

Anyway, this is an international forum and as most of the forums it has at least 10 lurkers for each poster. Anyone who is reading this can learn the underlying concepts on their own, I have nothing to sell.

On the Speculation forum Zhoutong is giving lessons for people who don't bother to understand the difference between a bucket shop and an exchange. His customary charge for that lesson is "all of your deposit (USD & BTC)".

I guess sometime in the future somebody else will be giving lessons to the people who don't bother learning to understand the concept of "negative discount". And his charges for the lesson will be "all the money you've got".

Exactly. Node owners would pay to execute transactions through their node to increase their credit standing. This is an equivalent to a negative additive cost.

The other option is to have a trade that involves currency exchange. This is an equivalent of a multiplicative cost less than 1.

Borrowing from BGP is a certain way to produce bad software that will be easily exploited by any moderately competent trader.

There is one thing I absolutely hate about Ripple-pay: their hardcore anglophone financial schizophrenia. What they are doing is a computerized analogue to the circulation of vexels (German: Wechsel). The problem is that all English language countries are also rooted in the common-law legal system, which never developed a system for circulations of vexels. If you are capable to understand any other language than English you will also understand the concept of statutory-law and the concept of exchange of vexels.

Here is the link to the German Wikipedia page about vexels:

http://de.wikipedia.org/wiki/Wechsel_(Urkunde)

Do not just click over to English translation: promisory note is not an equivalent to a wechsel. To understand the difference you'll need to plod through the automated translation to English or switch to any other language from the country where the vexel-circulation is written into the law statues. At least check if the diagrams and pictures are similar to the ones on German Wikipedia.

I intentionally used the neologism "vexel" in the above reply because the Internet is full of incorrect information about Wechsels translated to English by lawyers unschooled in a non-anglophone legal tradition.

Not really. BGP deals with monotonically increasing cost of transit. Paths in Ripple may have costs that are negative (with regards to the starting node or ending node). The algorithms required for non-monotonically increasing costs are significantly more complex.

Up to the point above I wasn't sure.

This could be an Alan Sokal-style postmodernist writing experiment sprinkled with Bogdanov brothers-taste special sauce.

But now I'm positive.

We have a new Mentifex Mind.Forth in the making.

http://www.nothingisreal.com/mentifex_faq.html

Comcast doesn't block Bitcoinica. Comcast correctly obeys the DNSSEC records advertised by bitcoinica.com. The fault can be blamed either on Zhoutong or his DNS vendor, domaincontrol.com. Or maybe both of them.

Comcast not only cannot be blamed, but they should be praised: they don't resolve misconfigured domain names for their customers. The whole point of DNSSEC is to avoid the possibility of using fake domain name servers.

There is a small possibility that some people can't resolve bitcoinica.com due to the problem in their equipment: some of it crashes/chokes/hangs upon seeing type 43 or type 46 DNS records or IPv6 DNS servers advertised by Bitcoinica.

I posted about this about a week ago:
https://bitcointalk.org/index.php?topic=42267.msg688795#msg688795 .
Since then I tested this on several known working setups and I'm positive that the fault is due to Zhoutong's or his DNS vendor's misconfiguration.

As a temporary workaround you can put:

50.56.4.62 bitcoinica.com

in /etc/hosts or C:\WINOWS\system32\drivers\etc\hosts .

Thank you for your valuable input.

• It bloats all future client implementations with a complex interpreter

The LISP interpreter is probably 2nd or 3rd smallest interpreter possible: smallest is MUMPS, LISP and Forth vie over the 2nd and the 3rd position. BASIC and Javascript are for sure bigger and more complex than LISP. I still think that LISP with a lean theorem prover as a checker is a better choice than a C++ implementation of an RPN calculator and Gavin's wish for a fuzzer to thoroughly test that calculator.

• raises the bar of transaction rule-verification to the mathematical elite

This is very true. However in 21st century this elite no longer have any financial barrier to entry. The required curricula are available for free online, e.g. http://mitpress.mit.edu/sicp/full-text/book/book.html . The other important observation of the elitism of LISP are the original Yahoo! stores. They were all created with LISP back end. They came out as one of the first e-commerce platforms, were always very secure (anyone heard about any exploits for Yahoo! stores?) and had one of the lowest barriers to entry.

• encourages closed source clients

This point is both true and false, depending on the timeline. Lets compare Bitcoin implementation to the web browsers. Currently Bitcoin is in the stage of NCSA Mosaic. Then Netscape Navigator became a de-facto leader by including a client-side interpreter, among other things. Then the whole web exploded and we now have competing open and closed source implementations.

• further strongly couples the protocol to the default client

Initially probably yes. It really raises the barrier to entry for less-than-competent software vendors. I personally think that this will be a good thing: the quarter-brained client implementations are a plague in the Bitcoin-sphere. Later on the things will change: if there's at least one client that is fully ACID and embeddable then the overall software quality expectation will rise to the level demanded by the serious financial applications.

• removes the ability for the block chain to fork in a democratic manor

This is simply untrue. My BIP actually encourages forking and provides tools to do it in a very safe manner. It also facilitates re-joining of the forks that a willing to do so. It supports all forms of self-governance: democracy, republic, autocracy, corporatism, etc. It all depends on the contents of the initial prospectus.

• No matter what I need to edit my BIP to improve its readability

One thing that needs to be repeated: this BIP isn't an urgent thing. It just shows one possible way forward for Bitcoin. I don't expect it to receive any significant attention until at least one or two knees in the coin-generation curve are behind us.

90125!

Exactly: mutual rejection of blocks with slight (but non zero) difference in difficulty. This is actually an interesting and open problem both from the control theory point of view as well as game-theoretic point of view: whom to trust? For the original Bitcoin where the retarget period is two weeks this is a comparatively rare occurence.

There were several threads in this forum postulating changes in the retargeting algorithm. Some even were as aggresive as suggesting new difficulty for each new block using some complex formula.

"chances of this being successful would be minimal" is an intellectual cop-out similar to "chain reorganizations will never happen, right guys?"

Avnet Spartan-6 LX9 MicroBoard

http://www.xilinx.com/products/boards-and-kits/AES-S6MB-LX9.htm

$89.00

Actually it is sufficient to DDoS pools when (block_height modulo 2016) = 2015. Each pool could then compute a different difficulty for the next period. Ultimately the global Bitcoin network will converge to a single longest chain. But the trajectory of the convergence will be different than with regular orphan blocks. The attack is still probabilistic, but the chances are different than during the remaining portion of the re-target period.

Yes, it is 100% safe. You can even run them simultaneously. Just make sure that you use -rpcport flag together with the -testnet flag. Otherwise the two instances of bitcoin will try to fight over the same RPC port.

Probably memory overwrite:

1863138384 == 0x6F0D3C50 == "o\r<P"

or somebody writing in Python used a pointer to value instead of the value itself when calling a C/C++ library.

There aren't any more entertaining subspecies of Homo Sapiens than the Scandinavian kooks.

Kokjo is from Denmark and he advocates starvation for those who can't properly operate the computer.

Pentti Linkola is from Finland and he advocates using nuclear weapons to solve the problem of overpopulation.

http://en.wikipedia.org/wiki/Pentti_Linkola



http://www.counter-currents.com/2011/06/in-praise-of-pentti-linkola/

I think we should all welcome our Scandinavian overlords, before it is too late!