Specialized hardware and the "nuclear option" for >50% attacks

[d'aniel]

I recently heard Dan Kaminsky mention in his recent article: http://www.wired.com/opinion/2013/05/lets-cut-through-the-bitcoin-hype/ that a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses", as it wouldn't require specialized hardware to participate, and thus mining would be that much more decentralized.  I doubt this is much of an advantage though, as most people would have to buy high end general purpose hardware specifically to mine anyway in order to remain competitive and profitable, and the barrier to entry for running specialized hardware (ASICs) will soon be just as low.

Furthermore, having a mining algorithm require specialized hardware appears to be a great strength.  E.g. suppose an attacker amasses >50% of total hashing power.  Then the network could (as a last resort) swap out the mining algorithm, and render all of his equipment useless for attacking the new system and for resale. With general purpose equipment, he could keep attacking the new mining algorithm, or resell his equipment to recoup some of his costs.  While the honest miners would lose all of their investment (this should be considered an inherent risk of being in the mining business), they still collectively lose less than the attacker.  As long as there remains sufficient profit motive to mine - i.e. BTC remains valuable - then ASICs for the new algorithm should be quickly forthcoming to the market while CPUs/GPUs pick up the slack, and any attacker wishing to continue this attack will quickly go bankrupt as he's up against the capital stock of the whole world.

The damage the attacker does - e.g. the drop in BTC value - can be mitigated if such a response is understood by all to always be potentially necessary, and perfectly within the realm of manageability (it seems to me to be, unless I'm missing something).  "Fire drills" might even be done in advance, which would undoubtedly inspire confidence.

tldr; If the mining network relies on specialized rather than generalized hardware, then there is a "nuclear option" available to deal with and deter >50% attacks.

[wachtwoord]

Any option chosen will have specialized HW created if successful.

[d'aniel]

Any option chosen will have specialized HW created if successful.

Mining algorithms can be designed such that specialized hardware offers relatively less advantage over generalized hardware.  My argument is that "ASIC-resistant" mining algorithms should be avoided.

[wachtwoord]

I don't believe your premise is true.

[d'aniel]

I don't believe your premise is true.

Which one?

[mmeijeri]

I believe his premise is true, but I'm worried about governments monopolising use of cryptocurrency ASICs by banning their private use and by buying large numbers themselves. I don't think it is possible to run a black ASIC production facility.

[wachtwoord]

I don't believe your premise is true.

Which one?

Mining algorithms can be designed such that specialized hardware offers relatively less advantage over generalized hardware. 

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

[d'aniel]

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

Here's one of Dan Kaminsky's comments on his article:

ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.

He seems to think it's possible, and I'm just deferring my judgement on this to him.

[Stephen Gornick]

a mining algorithm friendly to general purpose hardware is superior because it is more inclusive to "the masses",

Meh.

When nearly all mining was GPUs, most of that was for people who buying GPUs specifically for dedicated mining rigs.    So even though it was off the shelf hardware, it still was an up-front investment in hardware.

The thing about ASICs is that there is little gain as you scale up.   A 5.5 Ghash/s Jalapeno is about 1/10th the price of a 60 Ghashs/s ASIC.    This means there's not much of an economy of scale as you move up to larger and more powerful hardware.  

The bigger reasons that will determine who mines and who doesn't will have to do with access to capital, but eventually, those with access to cheap electricity.  Currently that electricity consumption is a non-issue because ASIC mining profitability is so high yet (revenue relative to cost of electricity) that it will be another year or so before differences in the cost of electricity will resume to being a factor as to where you would host your rigs.)

[wachtwoord]

I don't believe something can be devised were specialized HW does not have an advantage. As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization. I like the current algorithm, and believe it will happen the other way around. Double SHA-256 ASIC will become very common leading to a relatively stable amount of decentralization. Furthermore companies will compete with each other, leading to another level of decentralization (between companies).

Here's one of Dan Kaminsky's comments on his article:

ASICs are faster than CPU's at SHA-256. They're not necessarily faster at scrypt. I'm actually doing a lot of work in this space, stay tuned.

He seems to think it's possible, and I'm just deferring my judgement on this to him.

ASIC means Application-Specific Integrated Circuit while a CPU in this context is a general purpose processing unit. An integrated circuit designed for one purpose alone can always be made cheaper/more energy efficient than an equivalent integrated circuit that can do more. For one, a chip which only needs to be able to perform scrypt needs a much smaller instruction set.

In other words: If that is indeed a quote from Kaminsky and you didn't take it completely out of context, he is wrong.

[mmeijeri]

No, he is not. There are algorithms that were specifically designed not to be radically faster on dedicated hardware.

[wachtwoord]

No, he is not. There are algorithms that were specifically designed not to be radically faster on dedicated hardware.

The don't need to be radically superior. Just superior will do fine

As long as there is an advantage the magnitude is irrelevant (long term) due to marginalization.

[mmeijeri]

The don't need to be radically superior. Just superior will do fine

Slightly superior isn't a problem because many more computers are in private than in public hands. It might be good enough if ASICs weren't radically superior than GPUs, but it's better to be safe than sorry.

[wachtwoord]

The don't need to be radically superior. Just superior will do fine

Slightly superior isn't a problem because many more computers are in private than in public hands. It might be good enough if ASICs weren't radically superior than GPUs, but it's better to be safe than sorry.

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

[mmeijeri]

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

[wachtwoord]

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

[mmeijeri]

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

What I meant is that with a CPU-friendly algorithm, society as a whole has the means at its disposal to thwart a 51% attack. It doesn't mean that people would be mining for a profit. For similar reasons the Framers of the US Constitution didn't want standing armies and stipulated that the right to bear arms (i.e. militarily useful ones) should not be infringed.

[wachtwoord]

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

What I meant is that with a CPU-friendly algorithm, society as a whole has the means at its disposal to thwart a 51% attack. It doesn't mean that people would be mining for a profit. For similar reasons the Framers of the US Constitution didn't want standing armies and stipulated that the right to bear arms (i.e. militarily useful ones) should not be infringed.

Okay, then I reject that as well

I don't think people will do that.

[mmeijeri]

If I thought it would make a difference I'd be running a miner on my PC right now.

[Littleshop]

If something is slightly superior int he end it will be the only thing that survives. For all intended purposes slightly superior is completely identical to radically superior.

No, people will continue to use general purpose CPUs precisely because they are general purpose devices that are mainly used for other purposes. This means there is a large pool of computing power outside government or corporate control that can be used to secure a block chain and prevent a 51% attack. ASICs could threaten that.

No, in general people won't mine at a loss. You are forgetting about the power it costs to run HW.

This has already been proven to be false.