CPU friendly Altcoin in development

[msweb]

Some of you like to see an altcoin that is truly GPU,FGPA,ASIC resistant. We would like to see such a coin too so we have started experimenting. We are working on the hashing function right now. It's radix sort based. We use 64 random numbers between 10000 and 75536 (16^4+10k). This 512 char long decimal number is the 'key'. (If we subtract the 10k on each number block and convert it to hex, it's a 256 long hex string in total [or in other words: 1024 bits].) We then change each number block with a specific simple math function and radix sort them by LSD. This gives us a 'hash' (same structure as 'key'). Using a difficulty is already in place. The above explained process for getting a hash out of a key is also depending on the difficulty. The higher the difficulty the more often the hashing has to be done before getting back a hash (simply said). Validating a hash is based on simple math functions depending on the difficulty. The higher the difficulty the less hashes are valid (simply speaking).

I just want to make sure we are on the right track with this.

Possible improvements: I would like to implement tacotime's mentioned tree search algorithm in topic 64239. But it has to be implemented in a way the search is mandatory and that's very hard to do. We may also should use radix sort MSD and LSD instead of LSD only. What do you think?

Do you have any idea what we should change/add to the hashing function?

[1715631044]

1715631044

[1715631044]

1715631044

[1715631044]

1715631044

[1715631044]

1715631044

[msweb]

Just throwing it out there: what about server farm resistant or bot net resistant?

We are aware of that but it's difficult to truly achieve it. You can't just implement some IP restrictions and think it's done. There is much more about this to do. It's a point for later. First of all we want to get the hash function CPU 'friendly'. Any other 'restrictions' will be included after that.

[spoid]

primecoin did this in a way with the early client issues - high-end systems did not outperform $40 CPUs by much. Maybe smuggle in some hard-to-find bottlenecks for the launch.

[DeathAndTaxes]

Why not use Scrypt as intended.  Scrypt with default variables has beyond horrible performance on GPUs.  Litecoin developers modified it to make it roughly 128x less memory resistant (using only 128KB total).

Generally rolling your own crypto ends badly.

[msweb]

Why not use Scrypt as intended.  Scrypt with default variables has beyond horrible performance on GPUs.  Litecoin developers modified it to make it roughly 128x less memory resistant (using only 128KB total).

Generally rolling your own crypto ends badly.

I'm not a scrypt expert. It's new to me that with the default values it's truly GPU resistant. As far as I understand, it's not that the operations aren't hard to be done by GPUs itself, it's just that enough memory is necessary for a certain scrypt hashing (depending on the used values of course). So with enough RAM a GPU should outperform CPUs like they do it on SHA256, no matter what variable values are used. Correct me if I'm wrong.

[barwizi]

Why not use Scrypt as intended.  Scrypt with default variables has beyond horrible performance on GPUs.  Litecoin developers modified it to make it roughly 128x less memory resistant (using only 128KB total).

Generally rolling your own crypto ends badly.

what are the scrypt default variables?

[eule]

From what I heard scrypt miners use the L3 cache of the GPU/CPU, not the RAM. Could it be possible that if enough memory has to be used the performance difference between GPUs and CPUs disappears?
Also, an algo favoring lots of RAM could be interesting, if one exists.

[tytanick]

From what I heard scrypt miners use the L3 cache of the GPU/CPU, not the RAM. Could it be possible that if enough memory has to be used the performance difference between GPUs and CPUs disappears?
Also, an algo favoring lots of RAM could be interesting, if one exists.

exactly!
I made somewhere point on this forum that there should be coin that uses for example 16GB of RAM so that we cant implement this in gpu ?
Or more likely cant do ASICs hmmmm or meaby not

Anyway coin that would require at least 8GB memory would be nice alternative
Based od AES ? (i7 have hardware acceleration) ?

[eule]

It would possibly add some botnet protection too, as users are much more likely to notice a process consuming all their memory.  

[Keldel]

Most important question is WHY? Why would you design a coin that would be botnet friendly and ASIC resistant?

[eule]

Most important question is WHY? Why would you design a coin that would be botnet friendly and ASIC resistant?

Every coin so far is botnet friendly. Read this: http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/
I imagine a botnet resistant coin to be a big success.

[Joe_Bauers]

Just throwing it out there: what about server farm resistant or bot net resistant?

We are aware of that but it's difficult to truly achieve it. You can't just implement some IP restrictions and think it's done. There is much more about this to do. It's a point for later. First of all we want to get the hash function CPU 'friendly'. Any other 'restrictions' will be included after that.

You could make it a QtGui only app which would eliminate running from a console (as much as I hate the sound of that).
Of course, someone competent could just code in a daemon after the fact...

[Lauda]

Most important question is WHY? Why would you design a coin that would be botnet friendly and ASIC resistant?

Every coin so far is botnet friendly. Read this: http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/
I imagine a botnet resistant coin to be a big success.

+1 GPU coins aren't resistant to botnets so this is nothing different. I hope that the coin has rather unique things that will make it stand out from the rest 

[hathmill]

Some of you like to see an altcoin that is truly GPU,FGPA,ASIC resistant. We would like to see such a coin too so we have started experimenting. We are working on the hashing function right now. It's radix sort based. We use 64 random numbers between 10000 and 75536 (16^4+10k). This 512 char long decimal number is the 'key'. (If we subtract the 10k on each number block and convert it to hex, it's a 256 long hex string in total [or in other words: 1024 bits].) We then change each number block with a specific simple math function and radix sort them by LSD. This gives us a 'hash' (same structure as 'key'). Using a difficulty is already in place. The above explained process for getting a hash out of a key is also depending on the difficulty. The higher the difficulty the more often the hashing has to be done before getting back a hash (simply said). Validating a hash is based on simple math functions depending on the difficulty. The higher the difficulty the less hashes are valid (simply speaking).

I just want to make sure we are on the right track with this.

Possible improvements: I would like to implement tacotime's mentioned tree search algorithm in topic 64239. But it has to be implemented in a way the search is mandatory and that's very hard to do. We may also should use radix sort MSD and LSD instead of LSD only. What do you think?

Do you have any idea what we should change/add to the hashing function?

Hash, LSD... MSD I never heard of but presumably you should throw a crack | into the mix or something. Will this be traded on sr? Not sure I like this.

[Impaler]

While bot nets are a moral issue (other people are having their electricity bills increased and their hardware lifespans shortened), this is really no difference on a macro-monetary scale.  Bot nets have a defined cost per Mega Hash and owning your own mining equipment has an amortized cost per Mega Hash.  So your still expending USD resource to create coins which is all that the economics of mining care about.

[fluffypony]

You could make it a QtGui only app which would eliminate running from a console (as much as I hate the sound of that).
Of course, someone competent could just code in a daemon after the fact...

Most botnets have complete access to Windows machines; running a windowed application completely hidden is a trivial exercise.

[msweb]

Right, the lcache is used in scrypt. Reading to and writing from the RAM would be too time intense. So forcing the process to use enough memory does it make harder for GPUs,FPGAs,ASICs to outperfom the lower processors. Anyway: I think you guys are missing the point here. For getting a pure proof of work mechanism done there is no need for an enc/dec function like scrypt. It can be done with simple hashing (what we are looking for). Of course it's interesting to see how scrypt makes the processing cache intense and it may be something we should include in our hashing function too. The GPU resistance should not only depend on simply high memory usage. We should have a hashing function that includes several different ways to make it CPU friendly. The question is still the same: Anything else than radix sort we should include?

Related to the botnet and co resistance I've already mentioned that this is a topic for later. Having a good enough hashing function has to be done first. It's about getting this done step by step. Don't expect another useless altcoin that just clones an existing one with little changes in it.

[redtwitz]

It's new to me that with the default values it's truly GPU resistant. As far as I understand, it's not that the operations aren't hard to be done by GPUs itself, it's just that enough memory is necessary for a certain scrypt hashing (depending on the used values of course). So with enough RAM a GPU should outperform CPUs like they do it on SHA256, no matter what variable values are used. Correct me if I'm wrong.

Unless people start making custom boards for their GPUs (and RAM for GPUs is very expensive), high RAM usage is the way of making parallelization difficult.

Scrypt's RAM usage grows linearly with the number of rounds. Each round requires roughly 128 bytes of RAM (with block size parameter and parallelization
 parameters set to 1), so Litecoin's 1024 rounds require 128 KiB. Bump the number of rounds to 10478576 and it will require 128 MiB. A 7970 video card with 2048 shaders but only 3 GiB of RAM could only use 24 of its shaders.

Most important question is WHY? Why would you design a coin that would be botnet friendly and ASIC resistant?

Every coin so far is botnet friendly. Read this: http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/
I imagine a botnet resistant coin to be a big success.

+1 GPU coins aren't resistant to botnets so this is nothing different. I hope that the coin has rather unique things that will make it stand out from the rest 

Meh. Every computer has a CPU, but only a tiny fraction of them have dedicated GPUs.

Anyway: I think you guys are missing the point here. For getting a pure proof of work mechanism done there is no need for an enc/dec function like scrypt. It can be done with simple hashing (what we are looking for). Of course it's interesting to see how scrypt makes the processing cache intense and it may be something we should include in our hashing function too.

While scrypt uses Salsa20/8 (an encryption algorithm), scrypt itself is not reversible and, therefore, not encryption. Scrypt is designed as a key derivation function and can be used as a deliberately slow hashing function.

[FlyingSpocks]

I sympathize with the concept, but making things harder just for the sake of it seems counterproductive. So many wasted cycles & electricity. Id like to see more coins that do useful work, like Primecoin, creating a social value while doing work. I don't care if it's just calculating a big fractal or something, but I'd like to see all these resources devoted to something real.

[msweb]

I sympathize with the concept, but making things harder just for the sake of it seems counterproductive. So many wasted cycles & electricity. Id like to see more coins that do useful work, like Primecoin, creating a social value while doing work. I don't care if it's just calculating a big fractal or something, but I'd like to see all these resources devoted to something real.

Seems counterproductive in your explained view. Don't get me wrong: I like the idea of actually producing anything 'useful' with the hashing power like your mentioned primecoin is doing (i'm mining XPM btw). But besides that it's still about getting coins out of mining and we don't want certain people to have an advantage against others in that game. Therefore a CPU friendly (and of course 'botnet/server farm' resistant) coin may is the right way to go. We would love to include calculations in the proof of work algorithm that brings what you have called 'a social value' but we don't want to loose the mentioned focus in it. If it somehow can be combined, just let me know..