Bitcoin algorithm change

[cunicula]

I seriously hope we will get to proof of stake with a virtually vanishing transaction fee. Mining does not serve the purpose to make some people rich. It *only* exists to secure our all money of the future and I would be very sad if we ever had to defend bitcoin against claims about it consuming 10% of all energy produced by humanity just because it turned into the dominant currency before block subsidies dropped enough or before we turned away from proof of energy wasted.

I also seriously hope so. Improving on proof-of-work is like improving on nuclear weapons.

[kneim]

Concerning power consumption isn't it better to go ahead with rather rare ASICS than a lot of CPUs/GPUs?

[giszmo]

Concerning power consumption isn't it better to go ahead with rather rare ASICS than a lot of CPUs/GPUs?

The amount of resources put into mining will be about the same as the block reward. It may be more on the energy side, more on the raw material side or more on the profit for the producer side. From an ecological stand-point I prefer profit for the hardware producers and hope this area will yield enough profit so they don't lock competition out with patents and other dirty weapons.

[runeks]

I only voted yes, because I hope down the road they will use a higher bit hash algorithm such as SHA 512 or if one comes along 1024. Not to undermine ASICS and FPGA's, or upset the decentralized balance of mining, but to increase the key space for private keys and bitcoin addresses to make it even harder to brute force someones address, because 40 quadrillion years is to damn short!

The block hashing algorithm (SHA256) isn't related to the number of possible Bitcoin addresses.

But you're probably right. At some point we will have to change the address space, and probably also the block hashing algorithm. But there's really no reason to worry about this yet.

[mobile4ever]

With this Bitcoiners will have to find ways to use BTC to make money and not just create them.

The better the idea the longer it remains useful.

Making Bitcoin more useful is a more worthy goal than just thinking about, "How many Thash can I get out of my ASIC setup?".

[cunicula]

Concerning power consumption isn't it better to go ahead with rather rare ASICS than a lot of CPUs/GPUs?

From miners' perspective, the total amount of resources devoted to mining will be the same. The total rewards will be the same. The industry will remain competitive at the miner level (unless ASIC suppliers decide to mine themselves). Until ASIC suppliers decide to take over mining, the supply of ASICs will remain open and available to all.

From a social perspective, we will be wasting engineering labor rather than electricity. The total amount of resources wasted will be less than the amount spent on equipment by miners. Some of the money will be ASIC manufacturer profit (this profit is a tax on bitcoin users, but it just redistributes resources from bitcoin users to ASIC manufactures. There is no destruction involved). There are large economies of scale in ASIC development. The industry will be dominated by one or two firms. These firms will price ASICs well above cost.

If one company is extremely dominant, it will sell ASICs that are almost pure profit. There will be minimal resource waste. However, the one company will have complete control over the blockchain.
i.e. bitcoin will operate much like a company database.

[bg002h]

Would it be even remotely possible to force the change in sha256 bitcoin algorith to something else that asic and fpga devices couldnt compute?

We started off with a bitcoin that anyone could use and now were forced to buy stuff we dont really want.

I realise that there are some ppl that allready invested in asic and fpga, but ton off ppl are unsatisfied with this.

Do U think btc should move away from sha256 and let "normal" people the chance ?

If the only point of the change is to make it easier to compute hashes....then no, I think it's a bad idea. I think the protocol can be modified in the future to support yet to be invented encryption techniques though...

[Littleshop]

Concerning power consumption isn't it better to go ahead with rather rare ASICS than a lot of CPUs/GPUs?

The amount of resources put into mining will be about the same as the block reward. It may be more on the energy side, more on the raw material side or more on the profit for the producer side. From an ecological stand-point I prefer profit for the hardware producers and hope this area will yield enough profit so they don't lock competition out with patents and other dirty weapons.

I agree with that.

Unmentioned ASIC advantage:
BOTNET miners are mostly out of the picture.  As difficulty rises, the profit of even a huge botnet will drop and probably drop below other more profitable botnet uses.  Assuming botnet herders dump all btc for fiat currency (which may not be true), asics may keep more money in the community. 

[sippsnapp]

Concerning power consumption isn't it better to go ahead with rather rare ASICS than a lot of CPUs/GPUs?

The amount of resources put into mining will be about the same as the block reward. It may be more on the energy side, more on the raw material side or more on the profit for the producer side. From an ecological stand-point I prefer profit for the hardware producers and hope this area will yield enough profit so they don't lock competition out with patents and other dirty weapons.

I agree with that.

Unmentioned ASIC advantage:
BOTNET miners are mostly out of the picture.  As difficulty rises, the profit of even a huge botnet will drop and probably drop below other more profitable botnet uses.  Assuming botnet herders dump all btc for fiat currency (which may not be true), asics may keep more money in the community.  

Indeed this has been mentioned before and as i posted previously the whole botnet issue could have been avoided right from the start by developing the algo for fpga/asic/similar devices only.
What i miss in the fpga/asic development another field where these devices could get used (or at least the tech) for an other purposes than mining.

EDIT: Another guy in this thread somewhere mentioned a ram intensive algo, guess this could also be a solution to ban botnets, lets say 16/32/64gb ram would be required to mine, almost no ordinary pc has it.

[hashman]

One of the larget threats is posed by mining botnets.

Hmm, as some smart observer pointed out earlier the point of mining is to secure the network from attack.  What's bitcoin's problem with botnets again? 

[giszmo]

One of the larget threats is posed by mining botnets.

Hmm, as some smart observer pointed out earlier the point of mining is to secure the network from attack.  What's bitcoin's problem with botnets again? 

The problem with botnets is twofold:
1) a botnet causing many users a high electricity bill might bring bad reputation to bitcoin
2) a huge botnet with an algo that runs on CPU might be used for a democracy51% attack

[muyuu]

Double SHA-256 won't be a concern for a long, long time if ever.

[Come-from-Beyond]

Double SHA-256 won't be a concern for a long, long time if ever.

Do. You. Promise. This. ?

[muyuu]

Double SHA-256 won't be a concern for a long, long time if ever.

Do. You. Promise. This. ?

Yep, will bet with escrow and a deadline in the following few years (a matter of not having to wait forever mostly). 

[Come-from-Beyond]

Double SHA-256 won't be a concern for a long, long time if ever.

Do. You. Promise. This. ?

Yep, will bet with escrow and a deadline in the following few years (a matter of not having to wait forever mostly). 

Your confidence in strength of SHA-256 changes nothing. The algo can be cracked tomorrow... or in 1000000 years.
20 years ago almost everyone was sure that MD4 couldn't be compromised. Now it can be.

[Etlase2]

Your confidence in strength of SHA-256 changes nothing. The algo can be cracked tomorrow... or in 1000000 years.
20 years ago almost everyone was sure that MD4 couldn't be compromised. Now it can be.

Even if there are collision attacks against SHA2, I don't think (IANACryptanalysist) it would even have much of an effect on how bitcoin uses it. There are no passwords being protected by it. Coming up with a hash with lots of leading zeros via a collision attack surely cannot be faster than simply finding one randomly with a nonce. Now that new code prevents any issues arising from new blocks having the same hash as an older block, there really is no particularly effective attack even if SHA2 becomes significantly weakened. If there is a collision attack against RIPEMD160, things are a little more dodgy, but you still have to have a private key that matches a public key that hashes to the RIPEMD hash.

[Come-from-Beyond]

Your confidence in strength of SHA-256 changes nothing. The algo can be cracked tomorrow... or in 1000000 years.
20 years ago almost everyone was sure that MD4 couldn't be compromised. Now it can be.

Even if there are collision attacks against SHA2, I don't think (IANACryptanalysist) it would even have much of an effect on how bitcoin uses it. There are no passwords being protected by it. Coming up with a hash with lots of leading zeros via a collision attack surely cannot be faster than simply finding one randomly with a nonce.

Sorry, but I disagree. If coming up with a hash with lots of zeros is faster than simply finding a nonce, then 51% attack will transform into "less than 1%" attack. This will kill Bitcoin coz everyone will be able to double-spend coins.

[Etlase2]

Sorry, but I disagree. If coming up with a hash with lots of zeros is faster than simply finding a nonce,

But this is extraordinarily, unbelievably, impossibly unlikely. The block has to be 1) a valid bitcoin block, which heavily limits what data can be used to find a collision and essentially goes back to using a nonce, and 2) limits you to ONE SPECIFIC hash whereas searching for ANY hash with the correct leading number of zeros is many, many magnitudes easier. Bitcoin mining is essentially already a partial-collision attack.

[Come-from-Beyond]

Sorry, but I disagree. If coming up with a hash with lots of zeros is faster than simply finding a nonce,

But this is extraordinarily, unbelievably, impossibly unlikely. The block has to be 1) a valid bitcoin block, which heavily limits what data can be used to find a collision and essentially goes back to using a nonce, and 2) limits you to ONE SPECIFIC hash whereas searching for ANY hash with the correct leading number of zeros is many, many magnitudes easier. Bitcoin mining is essentially already a partial-collision attack.

I mean other type of attack. Not attempt to find a collision for an existing block, but attempt to find nonces for new ones with insane rate.

[MysteryMiner]

Sorry, but I disagree. If coming up with a hash with lots of zeros is faster than simply finding a nonce,

But this is extraordinarily, unbelievably, impossibly unlikely. The block has to be 1) a valid bitcoin block, which heavily limits what data can be used to find a collision and essentially goes back to using a nonce, and 2) limits you to ONE SPECIFIC hash whereas searching for ANY hash with the correct leading number of zeros is many, many magnitudes easier. Bitcoin mining is essentially already a partial-collision attack.

I mean other type of attack. Not attempt to find a collision for an existing block, but attempt to find nonces for new ones with insane rate.

So the miner software needs to be updated that will find new blocks via attack method. This is still serving as a valid proof-of-work and the difficulty will adjust for new block rate.