Bitcoin Forum
November 15, 2024, 10:53:38 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: The ASIC miners: an eventual danger for bitcoin  (Read 3174 times)
Shevek (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
May 01, 2013, 10:00:56 AM
 #1

Everybody knows what ASIC is: a goal-driven device, hardware coded for a precise task; a small computer who runs a single program. This specialisation gives an extraordinary efficiency and velocity to the programmed task.

Also, everybody knows about a generation of ASIC chips programmed with the task SHA256d, that will arrive to bitcoin universe to process blocks with huge amount of hashes per second. The expectation of hashrate growth is ten times or more the actual HR. And, the most important fact, the biggest proportion of this HR will be held by ASIC chips. And this will happen in some months

If somebody didn't understand yet, I repeat: ASIC-chip knows to do only ONE task. It does not serve for other thing.

So, let's see the scenario of a vulnerability on the SHA256d algorithm. The traditional answer of the bitcoin community to this question is: a hardfork will replace SHA256d to other trustworthy algorithm. But, in the next months, this hardfork will be simply impossible, because ASiC-miners, who will have the HR-power, will dictate to continue with SHA256d, because otherwise they can't afford the new algorithm. And they will have the vote-power to do this. The blocks eventually generated by the hardforked clients will be orphaned from the main chain dictated by ASICs.

Comments, links and tips are welcome.

Proposals for improving bitcoin are like asses: everybody has one
1SheveKuPHpzpLqSvPSavik9wnC51voBa
Therion
Member
**
Offline Offline

Activity: 104
Merit: 10



View Profile
May 01, 2013, 10:46:51 AM
Last edit: May 01, 2013, 11:02:50 PM by Therion
 #2

There is indeed a big danger that the ASIC miners could somehow dictate the protocol, however once the GPU miners have no incentives to just waste electricity by mining they will either get frustrated and abandon the whole thing or will migrate to mining other cryptos (like "chickun"...chm...chm). That in turn would drop the BTC value by a considerable amount. This will not happen over night however because I strongly suspect that ASIC sellers are inentionally holding back their deliveries to protect the network from a sudden flood of Terra hashrates and sending the BTC value to a possible unrecoverable oblivion. In other words "It's not verry good for busines to be good for busines" However if this were to happen then we would see a massive uproar  from the new adopters complaining that it's not about empowering "anyone" anymore. All this can go in a lot of directions but get ready for a lot of frustration. This will be a very big test for the very ideea of cryptos in itself and the market as well.
Sergio_Demian_Lerner
Hero Member
*****
expert
Offline Offline

Activity: 555
Merit: 654


View Profile WWW
May 01, 2013, 12:47:55 PM
 #3

I'd start designing the SHA-3 ASIC miner right now.... Smiley

Seriously, keep in mind that even if SHA-2 is broken because of collisions found, this does not pose any risk to mining.
And even if pre-image attacks were found, it does not pose any risk to mining either, because SHA-256 is applied twice.

So we could in theory still use SHA-256 for 50 years without problem because of classical cryptanalysis.

The ONLY problem is quantum computing.


kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
May 01, 2013, 01:00:26 PM
 #4

Is searching really so hard?  There are dozens of threads discussing this.

First, let me say that there is no vote.  A change to the hashing system is automatically a hard fork.  If SHA weakens enough to concern us, the support for a transition will be overwhelming, so approximately everyone will follow.

Second, modern cryptosystems don't typically have sudden catastrophic breaks, they get weaker over time.  Bitcoin's design gives us even more safety margin.  MD5 is considered to be hopelessly broken, and should not be used   And yet, if mining was based on it, we'd still be fine because all of the preimage attacks require more freedom of input than bitcoin allows.

Third, an orderly transition away from SHA is certainly possible, even in the ASIC world.  In other threads on this topic, I've described one possible way to make the transition, but there are certainly others.  It would take time to happen, but, as described above, we'd have plenty of it. 

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Shevek (OP)
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
May 01, 2013, 01:38:05 PM
 #5

Is searching really so hard?  There are dozens of threads discussing this.

The answser is: yes, it is really hard searching something in these vBulletin, SMF, etc boards. But I've tried without success. That's why I kindly asked for links.

First, let me say that there is no vote.  A change to the hashing system is automatically a hard fork.  If SHA weakens enough to concern us, the support for a transition will be overwhelming, so approximately everyone will follow.

The "vote" is the confirms of the solved block. If the majority of power confirms its own blocks, the chain will fork.

If I'd have a huge farm of ASIC miners, I'd give away any hardfork that put my inversion into ruin.

Second, modern cryptosystems don't typically have sudden catastrophic breaks, they get weaker over time.  Bitcoin's design gives us even more safety margin.  MD5 is considered to be hopelessly broken, and should not be used   And yet, if mining was based on it, we'd still be fine because all of the preimage attacks require more freedom of input than bitcoin allows.

I didn't mention sudden catastrophic blowups of the algorithm. Any analysis that shows slight departure from the Random Oracle model, in such a way that given the freedom of input, it is possible to construct hashes lower than target with tiny higher probability than random, is enough IMHO to move away from SHA256d.

Third, an orderly transition away from SHA is certainly possible, even in the ASIC world.  In other threads on this topic, I've described one possible way to make the transition, but there are certainly others.  It would take time to happen, but, as described above, we'd have plenty of it. 

I'd love to read these threads. I'll search more intensively...

Proposals for improving bitcoin are like asses: everybody has one
1SheveKuPHpzpLqSvPSavik9wnC51voBa
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!