Possible impacts of ASIC mining and hypothetical scenarios

[Jutarul]

This thread is a spin-off from:
https://bitcointalk.org/index.php?topic=99497.msg1154935#msg1154935

Please use it to discuss the implications of the emerging field of ASIC mining and the role of ASIC hardware companies. Mentioned topics are interest of conflict between using the chips and selling them, secret algorithms and back-doors.

Enjoy!

[1714984291]

1714984291

[1714984291]

1714984291

[1714984291]

1714984291

[1714984291]

1714984291

[1714984291]

1714984291

[niko]

Since consumer ASICs would be online the new algorithm(s) first (as in, immediately), it won't be so simple to 51% attack at that point. If you could, however, I'm not sure any way for Bitcoin to ever really recover - any reason to justify switching to new algorithm(s) is extreme enough that it would never make sense to switch back by force.

I don't understand all the fuss about "secret" backup hashing algorithms (in the ASICMINER thread), and I don't see a problem with implementing a backup algorithm in hard-wired miners (ASICs). For years we've been mining with configurable hardware (CPUs, GPUs, FPGAs) that has practically infinite number of secret algorithms "embedded" - simply reprogramming the devices to a hashing algo of your choice would do. Why is the thought of hard-wired backup hashing algorithm in ASICs so scary?

[Bitcoin Oz]

The thinking goes that if the algorythm needed to be changed to one that ASICs cant use and they are the majority of the network then they could vote not to change the algo simply be owning the majority of the hashing power.
We would get stuck on a broken/substandard algo because of it.

[Luke-Jr]

The thinking goes that if the algorythm needed to be changed to one that ASICs cant use and they are the majority of the network then they could vote not to change the algo simply be owning the majority of the hashing power.
We would get stuck on a broken/substandard algo because of it.

• There is not (AFAIK) any reasonable excuse to lock out ASICs in general.
• Bitcoin protocol changes require support from the economic majority, not the miner majority. That is, hashrates are irrelevant and the only thing that matters is "who people want to pay".
• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

[Mobius]

The thinking goes that if the algorythm needed to be changed to one that ASICs cant use and they are the majority of the network then they could vote not to change the algo simply be owning the majority of the hashing power.
We would get stuck on a broken/substandard algo because of it.

• There is not (AFAIK) any reasonable excuse to lock out ASICs in general.
• Bitcoin protocol changes require support from the economic majority, not the miner majority. That is, hashrates are irrelevant and the only thing that matters is "who people want to pay".
• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

What does "who people want to pay" mean. Can you define or explain this statement specifically?

[Jutarul]

• Bitcoin protocol changes require support from the economic majority, not the miner majority. That is, hashrates are irrelevant and the only thing that matters is "who people want to pay".

As far as I understand it this is correct. But turning the mining community against each other would probably result in a hard fork, where the economy gets splits into two coexisting realities: In one chain my coins might be spent, in the other one they are not.

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

[Luke-Jr]

The thinking goes that if the algorythm needed to be changed to one that ASICs cant use and they are the majority of the network then they could vote not to change the algo simply be owning the majority of the hashing power.
We would get stuck on a broken/substandard algo because of it.

• There is not (AFAIK) any reasonable excuse to lock out ASICs in general.
• Bitcoin protocol changes require support from the economic majority, not the miner majority. That is, hashrates are irrelevant and the only thing that matters is "who people want to pay".
• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

What does "who people want to pay". Can you define or explain this statement?

For example, if you want to pay BitVOIP for some nice VoIP services*, the only thing that matters for that transaction is what Bitcoin protocol they are willing to accept. Inevitably, for Bitcoin to work at any scale, it is the merchants people want to do business with the most who matter.

* No, I don't know anything about BitVOIP or anything like that. I just quickly peeked at the Trade wiki page for a quick example I'm not biased on.

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

I'm assuming that if SHA256 gets broken, any backup variation of it automatically is also broken. The algorithm might need to change anyway, but it would break all ASICs.

[Jutarul]

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

I'm assuming that if SHA256 gets broken, any backup variation of it automatically is also broken. The algorithm might need to change anyway, but it would break all ASICs.

Then it should not be a variation, but a completely different hashing function.

[kano]

...
Bitcoin protocol changes require support from the economic majority, not the miner majority. That is, hashrates are irrelevant and the only thing that matters is "who people want to pay".
...

No. it requires both.

Yes if no one uses bitcoin, then there will be little future for it.

However, if the blockchain doesn't get securely verified - no one can use it

[kano]

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

I'm assuming that if SHA256 gets broken, any backup variation of it automatically is also broken. The algorithm might need to change anyway, but it would break all ASICs.

Then it should not be a variation, but a completely different hashing function.

As I said

...
Yes that is the risk with using ASIC hardware - if sha256 is broken, then it will need to be replaced and all ASIC hardware at the time will become useless.
Damn shame about that hey.

The only reasonable solution to this would be to plan ahead for the failure of sha256 and decide in advance what will be used after sha256 fails.
The word 'secret' doesn't come in there in any way for any reason at all.

That solution, however, would require foresight and planning by the bitcoin devs ... which is not readily apparent in most of what they do ... and is completely missing in most of what you do Luke-jr.
...

[Luke-Jr]

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

I'm assuming that if SHA256 gets broken, any backup variation of it automatically is also broken. The algorithm might need to change anyway, but it would break all ASICs.

Then it should not be a variation, but a completely different hashing function.

That probably doesn't come free. Since it is impossible to know in advance just how SHA256 will be broken (if it ever is), it is also probably not worth any cost to try to add a complete alternative to it, since it could just as well also be vulnerable.

[niko]

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

I'm assuming that if SHA256 gets broken, any backup variation of it automatically is also broken. The algorithm might need to change anyway, but it would break all ASICs.

Then it should not be a variation, but a completely different hashing function.

That probably doesn't come free. Since it is impossible to know in advance just how SHA256 will be broken (if it ever is), it is also probably not worth any cost to try to add a complete alternative to it, since it could just as well also be vulnerable.

Ok, I think I get it now. I just wasted my time with this whole discussion. Everyone pretty much agrees, even Luke-Jr - but he can't stop there but goes on meaningless and confused tangents. I'm out of here.

[kano]

• The backup algorithms would only be useful in a scenario where SHA256 is not itself broken, but a single miner with the "cannot easily change algorithm" weakness is doing something harmful (such as forcing the network to trust them).

Why would you exclude a broken SHA256 scenario? It's a perfectly valid reason to have a backup hashing algo in case the first one breaks.

I'm assuming that if SHA256 gets broken, any backup variation of it automatically is also broken. The algorithm might need to change anyway, but it would break all ASICs.

Then it should not be a variation, but a completely different hashing function.

That probably doesn't come free. Since it is impossible to know in advance just how SHA256 will be broken (if it ever is), it is also probably not worth any cost to try to add a complete alternative to it, since it could just as well also be vulnerable.

LOL - do some reading about hashing algorithms please

[LazyOtto]

ASIC vendors are advised to implement an alternative algorithm ...

In the other thread Luke-Jr twice ignored my request to show where such an advisory was given.

I have yet to see that this entire fracas is anything other than his fevered imagining.

[LazyOtto]

You stirred up the hornet's nest with this unsupported assertion:

ASIC vendors are advised to implement an alternative algorithm ...

There's no reason this statement of fact should be controversial at all.

<sigh> What fact?

I see no fact in evidence.

Merely a fanciful statement you have made and are apparently unable to support via any citation.

[Gabit]

yes please. And Luke Jr., please stop spamming with your baseless stupidity about the algorithm change. It makes no sense to change the algorithm and it would only serve one thing - destruction of bitcoin.

Exactly. Changing the algorithm would only benefit the few big money players, who can build a new ASIC chip fast, and hijack the market. That would be the single most stupidest thing that Bitcoin can do it for it self, destroy all the existing ASIC diversity.

ASIC is the end-of-the-line, and we need as much players to that field as one can get in order to secure Bitcoin's future. There is even a OpenAsic project, why people who are concerned of concentrating of power doesn't support that? Give some BTC love for it, and all is solved? But noo, they will shoot them selves in the leg, because they hate that their GPUs are becoming obsolete. Or they are so stupid that they would agree to hand Bitcoin over on a silver platter to a few rich players.

Support OpenAsic, or start your own (to only mine with them, for all I care). We need all the hashrate we can get, in many hands that's possible.

[Bitcoin Oz]

yes please. And Luke Jr., please stop spamming with your baseless stupidity about the algorithm change. It makes no sense to change the algorithm and it would only serve one thing - destruction of bitcoin.

Exactly. Changing the algorithm would only benefit the few big money players, who can build a new ASIC chip fast, and hijack the market. That would be the single most stupidest thing that Bitcoin can do it for it self, destroy all the existing ASIC diversity.

ASIC is the end-of-the-line, and we need as much players to that field as one can get in order to secure Bitcoin's future. There is even a OpenAsic project, why people who are concerned of concentrating of power doesn't support that? Give some BTC love for it, and all is solved? But noo, they will shoot them selves in the leg, because they hate that their GPUs are becoming obsolete. Or they are so stupid that they would agree to hand Bitcoin over on a silver platter to a few rich players.

Support OpenAsic, or start your own (to only mine with them, for all I care). We need all the hashrate we can get, in many hands that's possible.

Luke just doesnt want to move to litecoin with his GPU's when they are made redundant 

[kano]

yes please. And Luke Jr., please stop spamming with your baseless stupidity about the algorithm change. It makes no sense to change the algorithm and it would only serve one thing - destruction of bitcoin.

Exactly. Changing the algorithm would only benefit the few big money players, who can build a new ASIC chip fast, and hijack the market. That would be the single most stupidest thing that Bitcoin can do it for it self, destroy all the existing ASIC diversity.

ASIC is the end-of-the-line, and we need as much players to that field as one can get in order to secure Bitcoin's future. There is even a OpenAsic project, why people who are concerned of concentrating of power doesn't support that? Give some BTC love for it, and all is solved? But noo, they will shoot them selves in the leg, because they hate that their GPUs are becoming obsolete. Or they are so stupid that they would agree to hand Bitcoin over on a silver platter to a few rich players.

Support OpenAsic, or start your own (to only mine with them, for all I care). We need all the hashrate we can get, in many hands that's possible.

Well, as I have said above (and elsewhere) there is reason why the algorithm could need changing.
Firstly, if the sha256 was broken.
i.e. if someone works out how to factor the hashing process enough to solve blocks rather than hashing (currently) on average 1.05x10^16 double sha256's to find a block.
If that happens, then of course sha256 much be changed - of that there is no doubt.

Though, I have already give a reason why the current hashing process needs to change (not the sha256 algorithm) here:
https://bitcointalk.org/index.php?topic=89278.0
However, I've no idea if that would affect the ASIC implementations, coz it would depend on if they have optimised the double sha256 (that give an extra 6.25% performance) as has been done with GPU hashing, or not.

[Luke-Jr]

Mining majority cannot change the algorithm, only an economic majority can. I don't think anyone would be able to get most BFL miners to switch without a good reason, anyway - it's simply too risky since "greed" won't fly with the non-BFL miners.

This isn't entirely true. As I know you're fully aware, if an ASIC manufacturer with much greater than 50% of the network hashpower has implemented some new secret hashing algorithm, they can declare that the Bitcoin network is switching to their new algorithm and that they'll use their 51% to prevent any transactions ever confirming for users that remain on the old one. They can't force everyone to change to their algorithm, but they can render the existing one useless quite easily.

As soon as BFL ships the ASICs, they have no control over them. Their own customers will be securing the network against such an attack. If they tried to pull off such an attack before shipping, the Bitcoin community could just switch to an algorithm their chips don't support.

[Luke-Jr]

Changing the algorithm would only benefit the few big money players, who can build a new ASIC chip fast, and hijack the market.

As long as that is true, it's obviously not going to happen. The risk of it happening only comes with someone having ASICs online before anyone else.

Luke just doesnt want to move to litecoin with his GPU's when they are made redundant 

Quit putting words in my mouth, kthx.