ZenithCoin (ZTC) Proof of Work

[solracx]

ZenithCoin (ZTC) is a new alternative currency.  We are soliciting input as to what proof of work algorithm should be used for its initial release.

Ideally, the selection should be made that gets the broadest acceptance among miners.

[tacotime]

Abandon scrypt and use straight BLAKE512 or KECCAK512 -- pave the way to easy GPU implementation and then FPGA/ASIC mining for the quickest adoption.

[solracx]

Abandon scrypt and use straight BLAKE512 or KECCAK512 -- pave the way to easy GPU implementation and then FPGA/ASIC mining for the quickest adoption.

Could you explain the logic for the 2nd step? 

[Qoheleth]

Multiple proof-of-work algorithms.

SHA-256, mergeable with Bitcoin.
Scrypt, mergeable with Litecoin.
And N additional algorithms at your option.

Give each a separate difficulty, adjusted to make it constitute 1/(N+2) of the blocks mined.

That way, if one of the PoW algorithms gets broken by an attacker, it's not enough, in and of itself, for them to successfully double-spend.

[tacotime]

Abandon scrypt and use straight BLAKE512 or KECCAK512 -- pave the way to easy GPU implementation and then FPGA/ASIC mining for the quickest adoption.

Could you explain the logic for the 2nd step? 

Yeah.  FPGAs won't be much faster than video cards, just more power efficient.  ASICs require millions of dollars to invest, so will never be made for the coin until it's worth it to implement them.  So, unless you want to write your own scrypt implementation with TMTO for a GPU using some non-SALSA20/SHA256 scrypt algorithm, you may as well just use BLAKE512 or KECCAK512 and quickly port it to a GPU.  Actually, save yourself some space on the blockchain and just use KECCAK256.  Switch all the hashes to KECCAK256 from SHA256 as well if you want to give your coin faster throughput in general for transactions.

[forsetifox]

Not scrypt. Make something new for Odin's sake.

 

[solracx]

Multiple proof-of-work algorithms.

SHA-256, mergeable with Bitcoin.
Scrypt, mergeable with Litecoin.
And N additional algorithms at your option.

Give each a separate difficulty, adjusted to make it constitute 1/(N+2) of the blocks mined.

That way, if one of the PoW algorithms gets broken by an attacker, it's not enough, in and of itself, for them to successfully double-spend.

Are you saying that the proof-of-work changes every block.  So it starts with SHA-256, then scrypt, then something else?

How does that make it more difficult to double-spend?

I can see by adding a CPU only proof of work, it gives miners incentive to use the excess capacity of their rigs to mine the coin.

[solracx]

Switch all the hashes to KECCAK256 from SHA256 as well if you want to give your coin faster throughput in general for transactions.

This will make porting of clients more difficult to do.

Ideally, I would like to leverage as much bitcoin source code as possible at the same time providing variation of the proof of work.

[megablue]

just use litecoin's scrypt, using other hashing algo doesn't give you any distinguish features, the usual scrypt implementation isn't broken in anyway... so there is no reason to 'fix' it.

Futhermore, using Blake512 scrypt is just giving unfair advantages to people that already secretly ported the Yacoin's hashing algo into opencl, they will mine your coin far more efficiently than others.    

all being said, unless you want to create gimmicky coin that end up nowhere like yacoin.

[solracx]

just use litecoin's scrypt, using other hashing algo doesn't give you any distinguish features, the usual scrypt implementation isn't broken in anyway... so there is no reason to 'fix' it.

Futhermore, using Blake512 scrypt is just giving unfair advantages to people that already secretly ported the Yacoin's hashing algo into opencl, they will mine your coin far more efficiently than others.    

all being said, unless you want to create gimmicky coin that end up nowhere like yacoin.

If I use LTC, then it will be easier for existing mining operations to adopt the coin.

The downside is there is no stickiness, no lock-in.   Miners can always switch to yet another coin.

So there's got to be some way to have stickiness.... someway to encourage miners to stay around and mine.