Bitcoin Forum
February 07, 2023, 03:50:35 PM *
News: Community Awards results
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: Specialized hardware and the "nuclear option" for >50% attacks  (Read 2121 times)
d'aniel (OP)
Sr. Member
****
Offline Offline

Activity: 461
Merit: 251


View Profile
May 04, 2013, 01:18:01 PM
 #1

I recently heard Dan Kaminsky mention in his recent article: http://www.wired.com/opinion/2013/05/lets-cut-through-the-bitcoin-hype/ that a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses", as it wouldn't require specialized hardware to participate, and thus mining would be that much more decentralized.  I doubt this is much of an advantage though, as most people would have to buy high end general purpose hardware specifically to mine anyway in order to remain competitive and profitable, and the barrier to entry for running specialized hardware (ASICs) will soon be just as low.

Furthermore, having a mining algorithm require specialized hardware appears to be a great strength.  E.g. suppose an attacker amasses >50% of total hashing power.  Then the network could (as a last resort) swap out the mining algorithm, and render all of his equipment useless for attacking the new system and for resale. With general purpose equipment, he could keep attacking the new mining algorithm, or resell his equipment to recoup some of his costs.  While the honest miners would lose all of their investment (this should be considered an inherent risk of being in the mining business), they still collectively lose less than the attacker.  As long as there remains sufficient profit motive to mine - i.e. BTC remains valuable - then ASICs for the new algorithm should be quickly forthcoming to the market while CPUs/GPUs pick up the slack, and any attacker wishing to continue this attack will quickly go bankrupt as he's up against the capital stock of the whole world.

The damage the attacker does - e.g. the drop in BTC value - can be mitigated if such a response is understood by all to always be potentially necessary, and perfectly within the realm of manageability (it seems to me to be, unless I'm missing something).  "Fire drills" might even be done in advance, which would undoubtedly inspire confidence.

tldr; If the mining network relies on specialized rather than generalized hardware, then there is a "nuclear option" available to deal with and deter >50% attacks.
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1675785035
Hero Member
*
Offline Offline

Posts: 1675785035

View Profile Personal Message (Offline)

Ignore
1675785035
Reply with quote  #2

1675785035
Report to moderator
1675785035
Hero Member
*
Offline Offline

Posts: 1675785035

View Profile Personal Message (Offline)

Ignore
1675785035
Reply with quote  #2

1675785035
Report to moderator
1675785035
Hero Member
*
Offline Offline

Posts: 1675785035

View Profile Personal Message (Offline)

Ignore
1675785035
Reply with quote  #2

1675785035
Report to moderator
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 01:20:26 PM
 #2

Any option chosen will have specialized HW created if successful.
d'aniel (OP)
Sr. Member
****
Offline Offline

Activity: 461
Merit: 251


View Profile
May 04, 2013, 01:30:50 PM
 #3

Any option chosen will have specialized HW created if successful.
Mining algorithms can be designed such that specialized hardware offers relatively less advantage over generalized hardware.  My argument is that "ASIC-resistant" mining algorithms should be avoided.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 01:34:13 PM
 #4

I don't believe your premise is true.
d'aniel (OP)
Sr. Member
****
Offline Offline

Activity: 461
Merit: 251


View Profile
May 04, 2013, 01:39:35 PM
 #5

I don't believe your premise is true.
Which one?
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 01:39:45 PM
 #6

I believe his premise is true, but I'm worried about governments monopolising use of cryptocurrency ASICs by banning their private use and by buying large numbers themselves. I don't think it is possible to run a black ASIC production facility.

ROI is not a verb, the term you're looking for is 'to break even'.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 01:45:06 PM
 #7

I don't believe your premise is true.
Which one?

Mining algorithms can be designed such that specialized hardware offers relatively less advantage over generalized hardware. 

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).
d'aniel (OP)
Sr. Member
****
Offline Offline

Activity: 461
Merit: 251


View Profile
May 04, 2013, 01:54:01 PM
 #8

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

Here's one of Dan Kaminsky's comments on his article:
Quote
ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.
He seems to think it's possible, and I'm just deferring my judgement on this to him.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1004


View Profile
May 04, 2013, 01:54:17 PM
 #9

a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses",

Meh.

When nearly all mining was GPUs, most of that was for people who buying GPUs specifically for dedicated mining rigs.    So even though it was off the shelf hardware, it still was an up-front investment in hardware.

The thing about ASICs is that there is little gain as you scale up.   A 5.5 Ghash/s Jalapeno is about 1/10th the price of a 60 Ghashs/s ASIC.    This means there's not much of an economy of scale as you move up to larger and more powerful hardware.  

The bigger reasons that will determine who mines and who doesn't will have to do with access to capital, but eventually, those with access to cheap electricity.  Currently that electricity consumption is a non-issue because ASIC mining profitability is so high yet (revenue relative to cost of electricity) that it will be another year or so before differences in the cost of electricity will resume to being a factor as to where you would host your rigs.)

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 02:01:42 PM
 #10

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

Here's one of Dan Kaminsky's comments on his article:
Quote
ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.
He seems to think it's possible, and I'm just deferring my judgement on this to him.

ASIC means Application-Specific Integrated Circuit while a CPU in this context is a general purpose processing unit. An integrated circuit designed for one purpose alone can always be made cheaper/more energy efficient than an equivalent integrated circuit that can do more. For one, a chip which only needs to be able to perform scrypt needs a much smaller instruction set.

In other words: If that is indeed a quote from Kaminsky and you didn't take it completely out of context, he is wrong.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 02:03:58 PM
 #11

No, he is not. There are algorithms that were specifically designed not to be radically faster on dedicated hardware.

ROI is not a verb, the term you're looking for is 'to break even'.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 02:06:20 PM
 #12

No, he is not. There are algorithms that were specifically designed not to be radically faster on dedicated hardware.

The don't need to be radically superior. Just superior will do fine Smiley

As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 02:09:47 PM
 #13

The don't need to be radically superior. Just superior will do fine Smiley

Slightly superior isn't a problem because many more computers are in private than in public hands. It might be good enough if ASICs weren't radically superior than GPUs, but it's better to be safe than sorry.

ROI is not a verb, the term you're looking for is 'to break even'.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 02:12:43 PM
 #14

The don't need to be radically superior. Just superior will do fine Smiley

Slightly superior isn't a problem because many more computers are in private than in public hands. It might be good enough if ASICs weren't radically superior than GPUs, but it's better to be safe than sorry.

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 02:15:22 PM
 #15

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

ROI is not a verb, the term you're looking for is 'to break even'.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 02:16:43 PM
 #16

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 02:18:04 PM
 #17

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

What I meant is that with a CPU-friendly algorithm, society as a whole has the means at its disposal to thwart a 51% attack. It doesn't mean that people would be mining for a profit. For similar reasons the Framers of the US Constitution didn't want standing armies and stipulated that the right to bear arms (i.e. militarily useful ones) should not be infringed.

ROI is not a verb, the term you're looking for is 'to break even'.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 02:20:27 PM
 #18

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

What I meant is that with a CPU-friendly algorithm, society as a whole has the means at its disposal to thwart a 51% attack. It doesn't mean that people would be mining for a profit. For similar reasons the Framers of the US Constitution didn't want standing armies and stipulated that the right to bear arms (i.e. militarily useful ones) should not be infringed.

Okay, then I reject that as well Smiley

I don't think people will do that.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 02:22:17 PM
 #19

If I thought it would make a difference I'd be running a miner on my PC right now.

ROI is not a verb, the term you're looking for is 'to break even'.
Littleshop
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000



View Profile WWW
May 04, 2013, 02:22:52 PM
 #20

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

This has already been proven to be false. 

Littleshop
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000



View Profile WWW
May 04, 2013, 02:25:03 PM
 #21

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

What I meant is that with a CPU-friendly algorithm, society as a whole has the means at its disposal to thwart a 51% attack. It doesn't mean that people would be mining for a profit. For similar reasons the Framers of the US Constitution didn't want standing armies and stipulated that the right to bear arms (i.e. militarily useful ones) should not be infringed.

CPU Friendly = botnet friendly

Unfortunately there are downsides with each approach.  What we really need is more ASICS evenly distributed. 

mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 02:26:01 PM
 #22

CPU Friendly = botnet friendly

Unfortunately there are downsides with each approach.

Good point.

ROI is not a verb, the term you're looking for is 'to break even'.
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
May 04, 2013, 02:41:21 PM
 #23

I recently heard Dan Kaminsky mention in his recent article: http://www.wired.com/opinion/2013/05/lets-cut-through-the-bitcoin-hype/ that a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses", as it wouldn't require specialized hardware to participate, and thus mining would be that much more decentralized.  I doubt this is much of an advantage though, as most people would have to buy high end general purpose hardware specifically to mine anyway in order to remain competitive and profitable, and the barrier to entry for running specialized hardware (ASICs) will soon be just as low.

Furthermore, having a mining algorithm require specialized hardware appears to be a great strength.  E.g. suppose an attacker amasses >50% of total hashing power.  Then the network could (as a last resort) swap out the mining algorithm, and render all of his equipment useless for attacking the new system and for resale. With general purpose equipment, he could keep attacking the new mining algorithm, or resell his equipment to recoup some of his costs.  While the honest miners would lose all of their investment (this should be considered an inherent risk of being in the mining business), they still collectively lose less than the attacker.  As long as there remains sufficient profit motive to mine - i.e. BTC remains valuable - then ASICs for the new algorithm should be quickly forthcoming to the market while CPUs/GPUs pick up the slack, and any attacker wishing to continue this attack will quickly go bankrupt as he's up against the capital stock of the whole world.

The damage the attacker does - e.g. the drop in BTC value - can be mitigated if such a response is understood by all to always be potentially necessary, and perfectly within the realm of manageability (it seems to me to be, unless I'm missing something).  "Fire drills" might even be done in advance, which would undoubtedly inspire confidence.

tldr; If the mining network relies on specialized rather than generalized hardware, then there is a "nuclear option" available to deal with and deter >50% attacks.
For any algorithm can be build a specialized hardware but for some it is more easy to do it. Specialized hardware friendly algorithm has its advantages but asic unfriendly algorithm also.
- For an asic attack it is  needed to invest in asics which should generate 51% of the future hashrate when the attacking  asics are in work so it must be more then the actual hashrate.
Beside of this by an asic attack the identity of attacker is known so the attacker must calculate with some legal consequences unless he puts his asics in a country like Somalia.
- Asic unfriendly algoritm based currencies are more susceptible to Google cluster like or botnet attacks. For cluster attacks they are the same legal consequences like for asic attacks because they may be performed from already existing clusters. Botnet attacks are anonymous and such an attacker doesn't have to face legal consequences because he could remain hidden. However if botnets are put to mine the assic unfriendly currency they could  even improve its security.
- Another aspect is the energy efficiency. by the same level of security the asic mining is more energy efficient.
- Which one is more decentralized ? The asic unfriendly looks to be more decentralized at the first look but if you look on closer this aspect is very unimportant.
Much more threat to decentralization is on the level of the mining pools and PC miner 99.99% are mining in a pool.
Asic miner can afford to mine solo so on the level of the mining pool it is more decentralization by asic mining.


Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1017



View Profile
May 04, 2013, 04:26:13 PM
 #24

In one of the several other threads discussing this exact same topic, I argued that it is best to use an algorithm that is simple enough for casual people to implement (as an ASIC) with a modest budget.

At least 4 groups now have implemented bitcoin mining as an ASIC, in (relatively) short times, with (relatively) little capital.  More are sure to follow.

If some algorithm can be done on a general purpose computer, then a special computer can be made which can do it better (by whatever measure of better).  The question really comes down to "How much effort (time and/or capital) does it take for how much of an improvement?"

Picking a hard algorithm like scrypt doesn't mean that there won't ever be an ASIC for it, it just means that developing that ASIC will be harder, which means that different people will be doing it.

We want ASIC development to be possible for kids in their garages, and it would be extremely foolish to lock them out of the game.  Even more foolish when you consider that we are incapable of barring more powerful entities from doing it anyway.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
wachtwoord
Legendary
*
Offline Offline

Activity: 2352
Merit: 1125


View Profile
May 04, 2013, 05:03:00 PM
 #25

You're making the exact same argument I've been making all across the first page of this thread. It doesn't seem to come across though  Undecided
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 05:09:32 PM
 #26

In one of the several other threads discussing this exact same topic, I argued that it is best to use an algorithm that is simple enough for casual people to implement (as an ASIC) with a modest budget.

Casual and ASIC don't go together. Not even if governments don't interfere, let alone if they do.

ROI is not a verb, the term you're looking for is 'to break even'.
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1017



View Profile
May 04, 2013, 05:12:03 PM
 #27

In one of the several other threads discussing this exact same topic, I argued that it is best to use an algorithm that is simple enough for casual people to implement (as an ASIC) with a modest budget.

Casual and ASIC don't go together. Not even if governments don't interfere, let alone if they do.

So, you probably won't believe me if I tell you that the first bitcoin ASIC was developed like 2 years ago, by one guy.  Right?

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 04, 2013, 05:15:57 PM
 #28

So, you probably won't believe me if I tell you that the first bitcoin ASIC was developed like 2 years ago, by one guy.  Right?

I think you mean an FPGA, that is certainly possible and impossible to suppress too. But that would not be enough to stop an onslaught of government-monopoly ASICs if the algorithm strongly favours ASICs.

ROI is not a verb, the term you're looking for is 'to break even'.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
May 04, 2013, 08:44:36 PM
 #29

Quote
ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.
This is nonsense.

Learn what an ASIC is please

d'aniel (OP)
Sr. Member
****
Offline Offline

Activity: 461
Merit: 251


View Profile
May 04, 2013, 11:36:51 PM
 #30

In one of the several other threads discussing this exact same topic, I argued that it is best to use an algorithm that is simple enough for casual people to implement (as an ASIC) with a modest budget.

At least 4 groups now have implemented bitcoin mining as an ASIC, in (relatively) short times, with (relatively) little capital.  More are sure to follow.

If some algorithm can be done on a general purpose computer, then a special computer can be made which can do it better (by whatever measure of better).  The question really comes down to "How much effort (time and/or capital) does it take for how much of an improvement?"

Picking a hard algorithm like scrypt doesn't mean that there won't ever be an ASIC for it, it just means that developing that ASIC will be harder, which means that different people will be doing it.

We want ASIC development to be possible for kids in their garages, and it would be extremely foolish to lock them out of the game.  Even more foolish when you consider that we are incapable of barring more powerful entities from doing it anyway.
Right, that's my conclusion as well.

My point about >50% attacks being manageable by the "nuclear option" (swapping out the mining algorithm) - and likely completely deterred by its economics which I described - stands if ASICs are sufficiently more economical than general purpose hardware.  I'm only trying to point out that this is an effective recourse/deterrent to >50% attacks on ASIC-friendly mining algorithms.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 05, 2013, 12:16:47 AM
 #31

Picking a hard algorithm like scrypt doesn't mean that there won't ever be an ASIC for it, it just means that developing that ASIC will be harder, which means that different people will be doing it.

Scrypt isn't harder than SHA, it just takes a lot more memory, making the performance difference between CPU and ASIC-implementations smaller. If the intent was to keep CPUs competitive it appears to have failed though, since GPUs are still a lot faster for it than CPUs.

ROI is not a verb, the term you're looking for is 'to break even'.
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 05, 2013, 12:17:30 AM
 #32

Learn what an ASIC is please

Maybe you should learn what scrypt is.

ROI is not a verb, the term you're looking for is 'to break even'.
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
May 05, 2013, 01:01:39 AM
 #33

I recently heard Dan Kaminsky mention in his recent article: http://www.wired.com/opinion/2013/05/lets-cut-through-the-bitcoin-hype/ that a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses", as it wouldn't require specialized hardware to participate, and thus mining would be that much more decentralized.

I haven't read the article yet, but I agree with that proposition.

Quote
I doubt this is much of an advantage though, as most people would have to buy high end general purpose hardware specifically to mine anyway in order to remain competitive and profitable, and the barrier to entry for running specialized hardware (ASICs) will soon be just as low.

In a system such as bitcoin's where everyone fights over a piece of the same pie, this is accurate. However, if mining doesn't secure the network, and coins are generally only created when it is profitable to do so, and you provide a system where only a small profit is made from mining, you have the basis for a currency that is ASIC-resistant because the profitability angle simply isn't there--regardless of the hashing algorithm.

Quote
Furthermore, having a mining algorithm require specialized hardware appears to be a great strength.  E.g. suppose an attacker amasses >50% of total hashing power.  Then the network could (as a last resort) swap out the mining algorithm, and render all of his equipment useless for attacking the new system and for resale. With general purpose equipment, he could keep attacking the new mining algorithm, or resell his equipment to recoup some of his costs.

If you separate network security from mining, this isn't an issue. General purpose hardware can either profitably or unprofitably create money without threatening network security. If the intent is to cause inflation, the attacker is burning value at a consistent loss. If it is unprofitable and there aren't any irrational actors in play, no new money is created.

Quote
While the honest miners would lose all of their investment (this should be considered an inherent risk of being in the mining business), they still collectively lose less than the attacker.

You are willing to cause billions of losses in the form of having to buy new specialized hardware for honest people to not only create the rest of the money supply, but also to secure the network. This is terribly inefficient, and it means the attacker has probably achieved his objective of crashing the network. This isn't a "win" by any means. Instead voting to switch the algorithm to something that is again friendly to general purpose hardware is the solution if an attacker has spent millions creating a specialized one.

For some ideas on how to really fix these problems, I have proposed Decrits. The link is in my signature.

a.denis1
Newbie
*
Offline Offline

Activity: 67
Merit: 0



View Profile
May 05, 2013, 08:50:46 AM
 #34

Any option chosen will have specialized HW created if successful.

I agree . The problem is with sha specialized hardware asics . I don't think it is dengerous for the coin but it is a loss of opportunity .
The network of bitcoins has a computational power of 80Thash and it is about 80Petaflops (?) . If it is not the most computational powerfull network it can become it .

Why don't we develop a coin where the proof of work is general purpose problem solver ?
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
May 05, 2013, 08:58:03 AM
 #35

Why don't we develop a coin where the proof of work is general purpose problem solver ?

One does not simply develop a coin where the proof of work is a general purpose problem solver. It would be very useful if that could be done, but as far as I know no one has found such a proof of work algorithm. It would have to be expensive to compute, with difficulty adjustable over a large range of values, easy to verify and capable of being tied to the hash of a specific block in the chain.

ROI is not a verb, the term you're looking for is 'to break even'.
a.denis1
Newbie
*
Offline Offline

Activity: 67
Merit: 0



View Profile
May 05, 2013, 09:37:35 AM
 #36

Why don't we develop a coin where the proof of work is general purpose problem solver ?

One does not simply develop a coin where the proof of work is a general purpose problem solver. It would be very useful if that could be done, but as far as I know no one has found such a proof of work algorithm. It would have to be expensive to compute, with difficulty adjustable over a large range of values, easy to verify and capable of being tied to the hash of a specific block in the chain.

I think it is not simple to do but it would be amazing.

My idea is to develop a system where anyone can submit problems to be solved the submission must follow specific rules / language.

We need a verification procedure , the problem must be difficult to compute , more than the verificability , well defined for a parallel solver.

The difficulty over the time pheraps can be solved simply by the fact the system solve first simple instances of the problem because are more easy.

We have to find a way to tie to a specific block , etc...

OK , I am optimistic on solving these issues , the problem is how can we compare different problems which others? If I spent a lot of computational power in solving an instance I1 of a problem P1 this must be a of different value from solving an instance I2 of problem P2 and the reward must be different .
We can adjust the reward in automatic on how many instances of the problem are solved during the time in the network such that the system can change how much computational power give to every problem.
Another big problem I see is how to choose  which problems to solve , how the system can select "useful" problems? We can submit absolutely useless problems well suited for the techincism of the system . How can the system choose the best problems ? There can be relatively simples and usefull problems and others relatively difficult and useless  . Pherhaps this is too much.

I am very interested in developing a system in this direction , it would be very interesting to see discussions on this direction .
Pages: 1 2 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!