auswalk (OP)
|
|
January 10, 2016, 01:05:26 PM |
|
So is the nonce basically a random value between 1 and 2^32? That is, is the probability that the nonce is 1 the sane that it's any other value?
Thanks
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 10, 2016, 01:14:00 PM |
|
The nonce is used in conjunction with the other block header information to work out the hash of the block.
As the header is based upon a previous hash (which is basically random) then whether you start testing your nonce from 1 or 1,000,000 makes little difference (all that matters is your resultant hash and whether or not it passes the difficulty requirement).
So you just keep on incrementing (or decrementing or randomly choosing) your nonce and re-trying the hash algo to match the current difficulty requirement.
For pools I think that each hasher starts with a different initial nonce value (to avoid any repeated work) but I haven't looked into that stuff for quite a long time.
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
January 10, 2016, 02:15:22 PM |
|
So is the nonce basically a random value between 1 and 2^32? ... between 0 and (2 32-1) to be correct That is, is the probability that the nonce is 1 the sane that it's any other value? There is no abstract probability. Probability where? In confirmed blocks? The answer is: no. In your miner algorithm? Check the sources. It is possible to exclude the number "1" from the range and your program would never return "1"
|
|
|
|
auswalk (OP)
|
|
January 10, 2016, 03:38:05 PM |
|
Ok. So is it fair to say the nonce is purely a random number statistically between 1 and 2^32 ?
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 10, 2016, 03:39:28 PM |
|
Ok. So is it fair to say the nonce is purely a random number statistically between 1 and 2^32 ?
If you want to use the nonce as a source for entropy I wouldnt do it. IIRC there is some bias based on the ASICs used.
|
Im not really here, its just your imagination.
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
January 10, 2016, 03:59:49 PM |
|
Ok. So is it fair to say the nonce is purely a random number statistically between 1 and 2^32 ?
No. In is not fair to say that the digit "4" (I like it more than yours "1") is a random number statistically between 1 and 2^32
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
January 11, 2016, 02:03:11 AM |
|
There is no more likelihood of the number 0 or 2^32-1 (or anything in between) being the "right nonce" as it depends upon the previous block's hash (which is effectively random). https://en.bitcoin.it/wiki/Nonce
|
|
|
|
xhomerx10
Legendary
Offline
Activity: 4018
Merit: 8842
|
|
January 11, 2016, 03:40:11 AM |
|
So is the nonce basically a random value between 1 and 2^32? That is, is the probability that the nonce is 1 the sane that it's any other value?
Thanks
Yes, the nonce of the successful hash has the same probability of being a "1" as it does a "4" or "2 31-1"... BUT For the cryptographic function (with respect to Bitcoin mining): sha(sha(block+nonce)) < target The only variable for any given block is "nonce" which has a finite set of values that would yield the proper result but we can't know what they are without doing the calculation and checking the result against the target. The nonce itself is not a random value but a specific set of values which are unknown. The only way to find the right one is to check the function using different nonces until one of the correct values is found. ...so no, the nonce is not a random number. You might however find a nonce that solves the block by randomly selecting numbers from 0 to 2 32-1
|
|
|
|
xhomerx10
Legendary
Offline
Activity: 4018
Merit: 8842
|
|
January 11, 2016, 03:48:29 AM |
|
There is no more likelihood of the number 0 or 2^32-1 (or anything in between) being the "right nonce" as it depends upon the previous block's hash (which is effectively random). https://en.bitcoin.it/wiki/Nonce I would say the hash of the previous block is constant and unalterable which is how security is built into the blockchain. SHA256 is not a randomization function.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13372
|
|
January 11, 2016, 04:27:27 AM |
|
I think that some (most?) miners start at 0 and go through them sequentially, so I'd guess that lower nonce values are more common in the block chain.
If you're trying to solve a block, any nonce value will have equal probability of solving it. If you can find any bias or pattern, then you've demonstrated a weakness in SHA-256.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
ZephramC
|
|
January 11, 2016, 02:07:07 PM Last edit: January 15, 2016, 03:22:36 PM by ZephramC |
|
It can even happen that for given block header (Merkle Root, timestamp, fixed Coinbase tx) there is NO valid* nonce anywhere in the interval (0,232-1). This means different timestamp/coinbase tx/etc. must be used. * - Resuting in subTarget hash.
I think that in valid blocks so far, lower values of nonce are much more prevalent then higher, because miners tend to start from 0 and (have no reason not to) stop as soon as they find valid nonce.
Edit: This was true in the beginning of mining. See next post from -ck.
|
|
|
|
-ck
Legendary
Offline
Activity: 4284
Merit: 1645
Ruu \o/
|
|
January 14, 2016, 05:15:25 AM |
|
Modern mining hardware exhausts the entire 2^32 nonce range in under 1 milisecond, so there will be no clustering of nonces at the bottom any more. What's left up to the miner these days (as opposed to the fixed component chosen by the pool) is a combination of an extranonce of up to 8 more bytes and the regular nonce giving a hell of a lot more room for variability depending on how the mining hardware/software approaches it. Nonce was of historical relevance only in days where it was the only thing altered to look for a block solve or share.
|
Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel 2% Fee Solo mining at solo.ckpool.org -ck
|
|
|
auswalk (OP)
|
|
January 16, 2016, 07:41:30 PM |
|
So you are saying the nonce is pretty much a random value now when a new block is found. And if it's not truly "random" there's no way to determine a bias anyway, making it "random".
Put it this way, if you were to bet on a nonce value, would you say 1 has as good a chance as any other value < 2^32 of being the next block's nonce?
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13372
|
|
January 16, 2016, 08:48:53 PM |
|
So you are saying the nonce is pretty much a random value now when a new block is found. And if it's not truly "random" there's no way to determine a bias anyway, making it "random".
Put it this way, if you were to bet on a nonce value, would you say 1 has as good a chance as any other value < 2^32 of being the next block's nonce?
No, I think lower values would have higher probability. Even if miners go through the range very quickly, they're going to be going 0, 1, ..., 2^32, 0, 1, ..., 2^32, ... repeatedly, and the place where they stop will almost always exclude some of the higher nonce values, making lower values more likely overall.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
-ck
Legendary
Offline
Activity: 4284
Merit: 1645
Ruu \o/
|
|
January 16, 2016, 11:11:40 PM |
|
So you are saying the nonce is pretty much a random value now when a new block is found. And if it's not truly "random" there's no way to determine a bias anyway, making it "random".
Put it this way, if you were to bet on a nonce value, would you say 1 has as good a chance as any other value < 2^32 of being the next block's nonce?
No, I think lower values would have higher probability. Even if miners go through the range very quickly, they're going to be going 0, 1, ..., 2^32, 0, 1, ..., 2^32, ... repeatedly, and the place where they stop will almost always exclude some of the higher nonce values, making lower values more likely overall. They don't stop any more theymos. They scour the entire range because it's cheaper to do so in ASICs and report all nonces found rather than to abort.
|
Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel 2% Fee Solo mining at solo.ckpool.org -ck
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5376
Merit: 13372
|
|
January 17, 2016, 01:22:39 AM |
|
They don't stop any more theymos. They scour the entire range because it's cheaper to do so in ASICs and report all nonces found rather than to abort.
Oh, OK. Then it'd depend on which one is chosen in case more than one is found, which I suppose is arbitrary.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
-ck
Legendary
Offline
Activity: 4284
Merit: 1645
Ruu \o/
|
|
January 17, 2016, 02:55:30 AM |
|
They don't stop any more theymos. They scour the entire range because it's cheaper to do so in ASICs and report all nonces found rather than to abort.
Oh, OK. Then it'd depend on which one is chosen in case more than one is found, which I suppose is arbitrary. Modern ASICs return all the nonces they find. I did a distribution analysis and it was not uncommon for there to be no diff 1 solves in any of the nonces for some work, and not rare for there to be up to 8 for others.
|
Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel 2% Fee Solo mining at solo.ckpool.org -ck
|
|
|
|