What I can say is this:
1. X11 is trivial to obliterate via FPGAs and ASICs, and will be obliterated in the near future if X11 coins continue to appreciate.
2. Designs that focus on branching also play towards the strengths of ASICs and FPGAs. ASICs and FPGAs evaluate branches in parallel.
3. When engineering ASICs, going from most expensive to least: RAM > I/O bandwidth* > Compute * I/O bandwidth is really a proxy for RAM, think DDR.
ANY design that relies on difficulty to code rather than cost to manufacture WILL fall to ASICs/FPGAs (i.e. X11).
Recommendations:
Scrypt was a good start. Scrypt does the following things well:
1. Focuses on the economics of ASICs and FPGAs (i.e. RAM > Compute)
Hashcash with a memory bound hash function like Scrypt is a dead-end for CPU-friendly PoWs because verification time is linear in memory usage, which prevents the use of the large amounts of memory required to present a serious obstacle to ASICs. The ultimate CPU-friendly coin will have a PoW that takes GBs to prove, but can be verified instantly.
|
|
|
any coins using this algo atm?
Nope...
|
|
|
two reasons I can think of:
somewhat boring selection of proof-of-work algorithms (4 sha-alikes and scrypt)
if your mining equipment is setup and tuned for one particular proof-of-work, you might be under the illusion that it's better to devote it to coins that use that pow exclusively. or perhaps you don't like the idea of competing for blocks with people having different setups.
|
|
|
You r right. That's why we are mining this coin. BCN is the first coin based on better algorithm in compare with other altcoins.
How is it better than MemoryCoin 2?
|
|
|
Not really my claim. I do believe its happening.
It is to be expected. Make a new proof-of-work by throwing a bunch of ASIC-friendly hash-functions together => expect to resist ASICs for a few years => expect to resist FPGAs for a few months => expect to resist GPUs for a few weeks Better to have true resistance by requiring hundreds of MB of memory...
|
|
|
It is time to say good bye to GPU scrypt mining .Then where will you go ?X11 ?
All these random collections of hash-functions are a dead-end for ASIC-resistance... You get ASIC-resistance from the use of memory. scrypt, at 128KB, doesn't use even nearly enough, nor does scrypt-N. You should be requiring at least a thousand times more memory: hundreds of MB, if not GBs. For verification to remain fast, you need an asymetric proof-of-work, where verifying the proof is MUCH easier than a single attempt to find it.
|
|
|
So while your statement is true, it's not necessarily the right truth. Is Cuckoo Cycle better or worse than adaptive scrypt-N? Is it better than a variant of Invictus's Momentum PoW that has an adaptive N factor?
Neither of us knows the answer to this question. There is a chance that it's stronger. But there's also a very real chance that the requirement to find a cycle, instead of a simple collision, will mean that the approach can yield to something with sublinear memory requirements and, in fact, underperform compared to Momentum in its memory requirements.
It cannot "underperform compared to Momentum in its memory requirements" because Cuckoo Cycle generalizes Momentum. Momentum looks for collisions of a hash function mapping 2^{26} nonces to 50-bit outputs. Each nonce corresponds to an edge in a bi-partite graph on nodes M union L, where M is all possible 25-most-significant bits of hash output, and L is all possible 25-least-significant bits of hash output, and so each collision is a 2-cycle in this graph. Thus, it is more likely that Momentum, being a special case of Cuckoo Cycle, underperforms in its memory requirements.
|
|
|
Goodbye x11 when people figure out FPGAs can mine them with little effort
FGPAs are expensive... http://elinux.org/Parallella_HardwareOnly $99 for a board with both a Parallella manycore and Xilinx Zynq 7010 or 7020 FPGA...
|
|
|
If you want to strengthen the ASIC resistance of CryptoNight and avoid the slowness of verification, why not use an a-symmetric memory-bound proof-of-work like Momentum or my Cuckoo Cycle?
Thank you for suggestion, will look at this. How long it do one check in microseconds? 42x2 siphashes and 2 sha256 hashes can't take more than a few microsecs...
|
|
|
It is a research cluster (xeons) used for my day job. Mining is done during idle time. I am authorized to do this.
What is the largest number of cores sharing the same main memory on your cluster?
|
|
|
Let's open hash-function discussion friends.Just want to uncover our approach and show differences with CryptoNote that we use in our project announced here: https://bitcointalk.org/index.php?topic=577267.0First of all I want to say that CryptoNote hash function (so called cn_slow_hash) is actually a very strong protected from ASIC's with different CPU instructions set as well as memory consuming algo. cn_slow_hash works hard on 2MB scratchpad and most of this scratchpad are fits in CPU cache. Shortcomings 1. H1, as well as final hash (keccak) have to be very fast, otherwise memory consuming accent will be slight. If H1 is slow than possible to implement some specific hardware working similar to Instruction pipeline2. Despite the first, H1 have to have modern cpu instructions set - 64-bits numbers multiplication, AES/SSE instructions to make ASIC engineers bloody mad. Wellcome to comment. If you want to strengthen the ASIC resistance of CryptoNight and avoid the slowness of verification, why not use an a-symmetric memory-bound proof-of-work like Momentum or my Cuckoo Cycle?
|
|
|
Just don't turn it, or you'll end up confusing it with 999 coin...
|
|
|
If I understand the ASIC miners correctly it would be difficult to give them enough memory or they would end up bandwidth constrained. Most ASIC miners use multiple chips. For one chip to work efficiently you would need the entire blockchain available on the ASIC. I believe the Bitcoin blockchain is around 15GB and growing, so that is far more RAM than practical to build into one chip. An ASIC
An ASIC for this could just store the first 10% of the whole blockchain, which, considering that early blocks were very small, probably takes much less than 1% of that 15GB. Then it just keeps generating inner hashes until the index falls within the first 10%. But I have to wonder: doesn't this whole scheme break down with an insane memory requirement for every single client that needs to verify proofs-of-work? I thought clients, esp. smartphones, have to be able to verify with minimal resources.
|
|
|
Agreed. This would be nice info. I'm interested in CPU coins like quark, particle.
For Cuckoo Cycle of size 2^{30}, aka cuckoo30: single-threaded: 0.00018 42-cycles/second 4-threads: 0.00061 42-cycles/second These are average rates, since running a single cuckoo30 instance has about 2.2% chance of finding a 42-cycle. Multiply the above rates by 45 to get instances/second.
|
|
|
If you heard of Tenebrix and Fairbrix back in the day, then Monero is to Fairbrix what Bytecoin is to Tenebrix
I think it's much clearer if you say: Monero is to Bytecoin what Fairbrix is to Tenebrix
|
|
|
So we have a couple of CryptoNote technology implementations and a lot of discussions around them.
I ask you not to deteriorate existing solutions, but to create a new version of CryptoNote based cryptocurrency that will suit us all.
I'm ready to develop it, but I need to clarify your wishes concerning: *Coin name *Emission curve *Additional features
Why do you prefer the CryptoNight proof-of-work over other CPU-friendly alternatives, like my Cuckoo Cycle?
|
|
|
been mining for hrs with 4h and on other comp at 2h.... nothing found. yet 150k coins out out already. well that was yesterday. more now that more blocks are found...
whats the point to keep mining this. if i will find 15 coins in 24 hrs while others have in tens of thousands. This was suppose to be a fork of bytecoin to fix their problems...
but if i cant mine this. few days from lunch , how will this be appealing later?
also there must be an enhances miner or a private mining pool mining this. there no way 150k coin are mined in 5 days but i can't mine any with 2-4 H
Theres a lot of miners. its not like there are only a handful of miners.. I went all weekend and didn't find a block on hashrate 11.xx. You people are going nuts over some of this stuff. Its like a scrypt release if your GPU mining solo and there is high demand guess what, you don't get blocks! Happens to me all the time. Luckily with this it can be mined in the background and even a low hashrate should net a few blocks by the end of the week its not about me not mining a block. its about being 5 days late and not mining anything. its about me having a normal computer chip with 6 threads and not being able to mine anything 5 day later. while few people own 150k+ coins already. this coin was forket because it was too late to mine Byte coin and %80 already were mined in bytecoin. this coin was forket to give people a new chance to use cryptonotes. it was suppose to be fair. Well guess what, it is not. disclaimer: i currently own 0 bytecoin, have not tried to mine byte coin due to all the coins being mined already. Could the difference between a successful and an unsuccessful miner be explained by one having a recent intel-cpu with hardware AES support?
|
|
|
I pulled MMC from the list a few days ago. There is no dev and it still uses KGW. KGW can be exploited.
I feel that potential exploitability should be left out of consideration for what CPU-coins to list. PS: please update the Cuckoo Cycle synopsis as follows, to reflect recent implementation improvements: This PoW requires finding a 42-cycle in a huge graph whose edges are generated by the siphash-2-4 hash function. The amount of memory needed (with no known practical trade-off for time) is configurable from a few KB to several GB, while remaining instantly verifiable. 67% of run time is spent waiting for memory latency, making this an extremely low-power and GPU unfriendly algorithm.
|
|
|
I don't have a machine with a decent CPU. Does it mean I will forever banned of mining and will have to resort to buying? Talk about fairness. What about the increasingly growing mobile phone and tablet-only population?
it's only fair that crappy hardware makes for poor mining...
|
|
|
|