Proof of Work: Limit node hashrate to improve decentralisation?

[mindphuq]

Maybe for Bitcoin and all other Proof of Work coins: Would it be possible to somehow limit the hashrate the network accepts from a node? Like what if you limit the hashrate per node down to what a normal desktop CPU can do. This would cause all ASICs become irrelevant and/or increase the effort to set up huge mining farms as these, that generate thousand and million times the hashrate of a CPU, would need to run as many nodes as their hashrate is above the abilities of a standard desktop CPU. It would also stop the need to create new algorithms that are ASIC-resistant just to be cracked a few years later.

[1715391596]

1715391596

[monsterer2]

Maybe for Bitcoin and all other Proof of Work coins: Would it be possible to somehow limit the hashrate the network accepts from a node? Like what if you limit the hashrate per node down to what a normal desktop CPU can do. This would cause all ASICs become irrelevant and/or increase the effort to set up huge mining farms as these, that generate thousand and million times the hashrate of a CPU, would need to run as many nodes as their hashrate is above the abilities of a standard desktop CPU. It would also stop the need to create new algorithms that are ASIC-resistant just to be cracked a few years later.

You need to look up sybil attack. What constitutes a node? A port? So all the mining farms do is to split their existing hash rate over whatever you're defining as the limit so they're achieving the same goal.

[HeRetiK]

monsterer2 is correct. It is worth noting that exactly this inability to ensure that every node / user / market participant has only "one vote" (ie. the max hashrate permitted) is why PoW is applied to cryptocurrencies in the first place.

To add to that, the network doesn't know anything about a hashrate per node. It only knows about block intervals and periodically adjusts the network difficulty (ie. the average amount of work / hashes required per block) to keep this block interval the same. The network "knows" that the hashrate of the network as a whole has increased or declined. But it has no means to reliably derive the hashrate share a single node (eg. mining pool) holds.

[mindphuq]

Maybe for Bitcoin and all other Proof of Work coins: Would it be possible to somehow limit the hashrate the network accepts from a node? Like what if you limit the hashrate per node down to what a normal desktop CPU can do. This would cause all ASICs become irrelevant and/or increase the effort to set up huge mining farms as these, that generate thousand and million times the hashrate of a CPU, would need to run as many nodes as their hashrate is above the abilities of a standard desktop CPU. It would also stop the need to create new algorithms that are ASIC-resistant just to be cracked a few years later.

You need to look up sybil attack. What constitutes a node? A port? So all the mining farms do is to split their existing hash rate over whatever you're defining as the limit so they're achieving the same goal.

Proof of Stake solves the sybil by just making it irrelevant on how many nodes your coins are sitting on...

[mindphuq]

monsterer2 is correct. It is worth noting that exactly this inability to ensure that every node / user / market participant has only "one vote" (ie. the max hashrate permitted) is why PoW is applied to cryptocurrencies in the first place.

But that brings the known issues like that the BTC network is much less decentralized than intended by Satoshi. Originally it was meant to be mined on *every single user of the network*, with their mere CPU or lets say GPU. But the ASICs and mining farms totally wrecked this concept. Getblocktemplate lowers the dangers of (pool) centralisation a little but not the issue of huge farms like Bitmain providing alot of hashrate alone already.

ASIC-resistant algorithms are not a solution too to save PoW, as every ASIC "resistantce" has been broken sooner or later.

[HeRetiK]

You need to look up sybil attack. What constitutes a node? A port? So all the mining farms do is to split their existing hash rate over whatever you're defining as the limit so they're achieving the same goal.

Proof of Stake solves the sybil by just making it irrelevant on how many nodes your coins are sitting on...

Likewise PoW solves sybil attacks by making it irrelevant from how many nodes your hashrate is coming from.

Also keep in mind that PoS based schemes are arguably more prone to centralization than PoW. Their initial monetary base needs to be centrally issued as otherwise there'd be nothing to stake with, the rich get richer by definition and unlike PoW coins where you usually have a "division of power" into devs, miners and holders with PoS coins all three usually fall into the same, exclusive circle.

monsterer2 is correct. It is worth noting that exactly this inability to ensure that every node / user / market participant has only "one vote" (ie. the max hashrate permitted) is why PoW is applied to cryptocurrencies in the first place.

But that brings the known issues like that the BTC network is much less decentralized than intended by Satoshi. Originally it was meant to be mined on *every single user of the network*, with their mere CPU or lets say GPU. But the ASICs and mining farms totally wrecked this concept. Getblocktemplate lowers the dangers of (pool) centralisation a little but not the issue of huge farms like Bitmain providing alot of hashrate alone already.

ASIC-resistant algorithms are not a solution too to save PoW, as every ASIC "resistantce" has been broken sooner or later.

Actually Satoshi did foresee mining farms:
https://bitcointalk.org/index.php?topic=532.msg6306#msg6306

In a way, at least.

I concur that centralization and the current dominance of Bitmain is problematic. I also fully agree that any attempts at creating ASIC resistant algorithms is likely to fail.

This doesn't change anything about the inability to limit the hashrate of individual nodes though. I'm afraid that's an inherent property of PoW. And I'm afraid that for all its flaws PoW is currently the most decentralized, secure consensus algorithm cryptocurrencies have to offer.

[ir.hn]

ASIC resistant algorithms are not doomed to failure.  The problem is they are implemented so poorly because they just have to cater to GPU's and therefore they make the memory requirement too small.  Even monero made it small enough to fit in the processor cache.  It is just not big enough.  You may say well the asics will just add more memory, the problem is that random memory accesses take lots of processor speed, which GPU and ASIC need to minimize to be competitive.  Scrypt, the classic alt algorithm only picked 1024 for its memory size (N value) where for real asic resistance you need 20,000 even up to 50-100,000 is no problem for CPU"s.  You can't have your cake and eat it too, if you want GPU's to be fast at mining then you will have an ASIC problem, if you design it so GPU's will struggle and GPU miners won't like mining your coin, then you are safe.  We need to mature as a community I feel.  It is time to drop our GPU love affair.  The ideal algorithm will require a CPU and GPU in tandem, and this algorithm is called "Factorization of large numbers" wherin an ASIC has never been created though a incentive has existed for decades.  A miner for this algorirhm requires a CPU and GPU.

[twokei]

ASIC resistant algorithms are not doomed to failure.  The problem is they are implemented so poorly because they just have to cater to GPU's and therefore they make the memory requirement too small.  Even monero made it small enough to fit in the processor cache.  It is just not big enough.  You may say well the asics will just add more memory, the problem is that random memory accesses take lots of processor speed, which GPU and ASIC need to minimize to be competitive.  Scrypt, the classic alt algorithm only picked 1024 for its memory size (N value) where for real asic resistance you need 20,000 even up to 50-100,000 is no problem for CPU"s.  You can't have your cake and eat it too, if you want GPU's to be fast at mining then you will have an ASIC problem, if you design it so GPU's will struggle and GPU miners won't like mining your coin, then you are safe.  We need to mature as a community I feel.  It is time to drop our GPU love affair.  The ideal algorithm will require a CPU and GPU in tandem, and this algorithm is called "Factorization of large numbers" wherin an ASIC has never been created though a incentive has existed for decades.  A miner for this algorirhm requires a CPU and GPU.

Right, there are actually quite a number of ASIC resistant one-way functions out there that really can go on to dis-incentiving Sybil attacks. The easiest solution is to look into mechanisms for anti-denial of service which I believe alluded to Bitcoin's choice for Hashcash originally purported for anti-mail spam.

Apart from Scrypt, there is the memory-hard function Argon2, and a whole paper titled "Asymmetrically and Symmetrically-hard Cryptography" from ASIACRYPT 2017 that denotes the enabling of resource-hardness through plugs in a wide variety of cryptographic hash functions.

The key to creating anti-DDoS mechanisms (such as the ones you'd see in node identity derivation is S/Kademlia) really is to make a function that is only really computable on general-purpose computing devices. Ones that are selective in their forms of resource-hardness only enable ASIC resistance for ever-so-long (as we could see out of Equihash) given an ASIC's capability in specialization towards computing very selective, specific tasks.

[mindphuq]

You need to look up sybil attack. What constitutes a node? A port? So all the mining farms do is to split their existing hash rate over whatever you're defining as the limit so they're achieving the same goal.

Proof of Stake solves the sybil by just making it irrelevant on how many nodes your coins are sitting on...

Likewise PoW solves sybil attacks by making it irrelevant from how many nodes your hashrate is coming from.

Also keep in mind that PoS based schemes are arguably more prone to centralization than PoW. Their initial monetary base needs to be centrally issued as otherwise there'd be nothing to stake with, the rich get richer by definition and unlike PoW coins where you usually have a "division of power" into devs, miners and holders with PoS coins all three usually fall into the same, exclusive circle.

That's not inherently true. The coins can be issued with another algorithm, including PoW, where as PoW-problems will not be such an issue, since in an early stage of a coin's existence there won't be ASICs (if it's using a new algorithm) or alone farms for the coin.

It is only true for premine coins, but it should be clear, that premining a PoS coin is a totally retarded thing to do, unless you provide a plan for a proper distribution before you activate PoS.

Blackcoin for instance started with a PoW/PoS hybride that ran for a week and then was designed to switch to 100% PoS. A few thousand nodes participated in the initial mining and before the first bigger pools adapted the coin, the PoW was closed. The developers of Blackcoin never owned a significant amount of coins.

Similar for coins that already exist like Ethereum, these are decentralized enough to run a PoS.

Also with PoS the richer don't get more rich than other. Everyone gets the same interest rate for their balance, no matter if they own 1 coin or 100k, so the distribution of coins remains roughly the same and doesn't cluster up on a few addresses that been rich from the beginning. In PoW the rich, these that can run mining farms, get everything and everyone else gets nothing.

Bitcoin currently has 3 pools that provide almost 55% of the hashrate and Bitmain miners frequently get over 51%. That means the manufactor of the miners could attempt an 51% attack on Bitcoin with a good chance of success.

As said, getblocktemplate-protocol, if implemented thoroughly, lowers the direct danger of pool centralisation but only to some extend. The big pools and mining farms still have a political power in the coin discussion and need to follow coin updates in order to prevent a fork and manufactors of miners could hide a remote control in their firmware to attack the network.

Actually Satoshi did foresee mining farms:
https://bitcointalk.org/index.php?topic=532.msg6306#msg6306

Every wallet has build in a solo mine function. That's unused for years now since pools and ASICs took over and no one bothers to mine on their CPU let alone solo-mine. The initial idea was to run a decentralized peer to peer currency where every participant can at anytime participate to provide support for the infrastructure. That idea is completely broken by now as Bitcoin, Ethereum and other significant PoW coins are almost entirely operated by big mining farms and manufactors in China, who don't have any other interest in the coin but their mere profit. With that motivation, they run the network and influence the coin politics. And that is a bad thing and everything else but a dencentralized peer to peer solution for assets.

[still_looking]

I wanted to do the same, I think, but for energy saving. The only way I found to be ok-ish was serially hashing in the protocol. Every (efficiently used) additional parrellel node has to wait, but also every user that just wants to verify transactions, so it gets really unusable if you don't have some other measures like trusting serial hashings that have already been done, as a pool would in effect do. https://bitcointalk.org/index.php?topic=3281690.msg34215094 And the other idea in the last post in that thread, higher rewards for waiting, is dangerous because there is of course no objectivity whether waiting took place.

[mindphuq]

ASIC resistant algorithms are not doomed to failure.  The problem is they are implemented so poorly because they just have to cater to GPU's and therefore they make the memory requirement too small.  Even monero made it small enough to fit in the processor cache.  It is just not big enough.  You may say well the asics will just add more memory, the problem is that random memory accesses take lots of processor speed, which GPU and ASIC need to minimize to be competitive.  Scrypt, the classic alt algorithm only picked 1024 for its memory size (N value) where for real asic resistance you need 20,000 even up to 50-100,000 is no problem for CPU"s.  You can't have your cake and eat it too, if you want GPU's to be fast at mining then you will have an ASIC problem, if you design it so GPU's will struggle and GPU miners won't like mining your coin, then you are safe.  We need to mature as a community I feel.  It is time to drop our GPU love affair.  The ideal algorithm will require a CPU and GPU in tandem, and this algorithm is called "Factorization of large numbers" wherin an ASIC has never been created though a incentive has existed for decades.  A miner for this algorirhm requires a CPU and GPU.

Well Monero at least aimed at the CPU miners and didn't cater to GPUs. That is, until ASICs for Monero appeared and all what Monero can do against this is frequently hardforking their coin to a new algorithm to prevent ASICs from taking over.

[mindphuq]

I wanted to do the same, I think, but for energy saving. The only way I found to be ok-ish was serially hashing in the protocol. Every (efficiently used) additional parrellel node has to wait, but also every user that just wants to verify transactions, so it gets really unusable if you don't have some other measures like trusting serial hashings that have already been done, as a pool would in effect do. https://bitcointalk.org/index.php?topic=3281690.msg34215094 And the other idea in the last post in that thread, higher rewards for waiting, is dangerous because there is of course no objectivity whether waiting took place.

Yes, that's basically what Sybil attack means. This would have to be solved to have a hashrate-limit taking place.

Maybe you could tie the hashrate to coins you own. So let's say to issue a block you must prove ownership of a balance and that bail on these coins decays over time before you can use the same coins again to issue a new block. You can not limit nodes but you can utilize other limits everyone has like coin ownership.

[still_looking]

When uitilizing other things, my thoughts often went in the direction of lottery draws. Just make the protocol combine the blockhash with that and you will have to wait until saturday and wednesday before you can go on. So, that "clock" could be replaced by a second coin (complete system), so that the blockchain becomes a hybrid, but then, there's the next thing, the clock, that you can attack, it's infinite regress. I would rather wait for the lottery draws myself if they were each hour, but nobody else would trust it. Some people argue about nuclear war and shooting blockchain data into space. There's no way to convince them of a lottery not being rigged.

[mindphuq]

When uitilizing other things, my thoughts often went in the direction of lottery draws. Just make the protocol combine the blockhash with that and you will have to wait until saturday and wednesday before you can go on. So, that "clock" could be replaced by a second coin (complete system), so that the blockchain becomes a hybrid, but then, there's the next thing, the clock, that you can attack, it's infinite regress. I would rather wait for the lottery draws myself if they were each hour, but nobody else would trust it. Some people argue about nuclear war and shooting blockchain data into space. There's no way to convince them of a lottery not being rigged.

But how do you determine when someone's clock is running? You need to have entities verified and that verification needs to be based on something someone can not easily create out of thin air. You could use addresses to verify but each pool could for each block they issue create a new address. That's why I brought up coin ownership, because that's what PoS uses to limit the amount of blocks someone can create with something they can not create out of thin air. So if you would like to create a block also send a transaction of part of your coins to a stake and then these coins get market as "bail" for the block, this "bail" decays over time until you can use the same coins to issue a new block.

[Wind_FURY]

OP, the miners "arms race" for more hash power is a beautiful thing as it illustrates that the higher the cost, the more scarce Bitcoin is, then the higher the value.

Bitcoin monetization should require high costs and low production if you want high value.

[mindphuq]

OP, the miners "arms race" for more hash power is a beautiful thing as it illustrates that the higher the cost, the more scarce Bitcoin is, then the higher the value.

The miner's "arms race" has become the biggest issue for the Blockchain. It doesn't simply work as intended and changes are neccessary to fix this problem.

Yes, the problems are not immanent in the protocol or the design of the Blockchain but rather in the people who use it/respectively try to profit from it. That has allowed manufactors like Bitmain to literally take full control over Bitcoin. And while getblocktemplate was implemented against malintent pool owners or -attackers, the power of miner-manufactors over the blockchain remains unsolved.

Bitmain's own proprietary firmware controls 70% of the global hashrate in Bitcoin.

http://www.antbleed.com/

The mining industry doesn't give a damn for the coin or it's health, all they are interested in is their profit. And PoW enables them to operate and control the Blockchain without requiring them to hold any value in it. If things like "antbleed" continue to exist, PoW is to be considered broken.

Limitation of hashrate, as difficult as it might be to implement, would render all ASICs useless and require people to return to their GPUs and CPUs and thus diverse the hashrate again over a lage variety of firmwares and hardware implementations. If one'd require miners to put a bail on the blocks they create using their own coins they hold, they would be forced to have a value in the blockchain, hold a certain amount of coins for their daily mining business and also risk their bail when they attempt to manipulate the blocks they issue.

Although I am aware that changes like this will probably never be implemented due to the political power miners have over the Blockchain and a change like this would damage their mining business as all ASICs would become worthless over night. That is, unless a huge portion of the community puts pressure on the Chinese mining industry and forces them to comply.

Bitcoin monetization should require high costs and low production if you want high value.

This is true for a commonity like Gold but not for a currency. A currency needs to be stable and fluid.

[Wind_FURY]

OP, the miners "arms race" for more hash power is a beautiful thing as it illustrates that the higher the cost, the more scarce Bitcoin is, then the higher the value.

The miner's "arms race" has become the biggest issue for the Blockchain. It doesn't simply work as intended and changes are neccessary to fix this problem.

Yes, the problems are not immanent in the protocol or the design of the Blockchain but rather in the people who use it/respectively try to profit from it.

I believe Bitcoin "fixed" that "problem" by embracing the miner' greed. The side effect of a mining "arms race" would be a more secure network.

That has allowed manufactors like Bitmain to literally take full control over Bitcoin. And while getblocktemplate was implemented against malintent pool owners or -attackers, the power of miner-manufactors over the blockchain remains unsolved.

Bitmain's own proprietary firmware controls 70% of the global hashrate in Bitcoin.

Bit the miners don't have full control of the network. Read BIP148 and NO2X.

The mining industry doesn't give a damn for the coin or it's health, all they are interested in is their profit. And PoW enables them to operate and control the Blockchain without requiring them to hold any value in it. If things like "antbleed" continue to exist, PoW is to be considered broken.

Before imtroducing "antbleed" give us a short explanation about it. But miners have always kept interest in their profit be it they are mining using GPU, CPU, or Asic.

Limitation of hashrate, as difficult as it might be to implement, would render all ASICs useless and require people to return to their GPUs and CPUs and thus diverse the hashrate again over a lage variety of firmwares and hardware implementations. If one'd require miners to put a bail on the blocks they create using their own coins they hold, they would be forced to have a value in the blockchain, hold a certain amount of coins for their daily mining business and also risk their bail when they attempt to manipulate the blocks they issue.

Although I am aware that changes like this will probably never be implemented due to the political power miners have over the Blockchain and a change like this would damage their mining business as all ASICs would become worthless over night. That is, unless a huge portion of the community puts pressure on the Chinese mining industry and forces them to comply.

Bitcoin monetization should require high costs and low production if you want high value.

This is true for a commonity like Gold but not for a currency. A currency needs to be stable and fluid.

POW change would be better in my opinion, but only as a last resort.

[mindphuq]

I believe Bitcoin "fixed" that "problem" by embracing the miner' greed. The side effect of a mining "arms race" would be a more secure network.

How does that fix the problem I described?

Before imtroducing "antbleed" give us a short explanation about it.

That's why I posted the link, it's explained there in detail. The code backdoor was fixed already but the problem remains, when a single manufactor basically has control over a large part of the hashrate. In "antbleed" there was a code in the firmware, that allowed Bitmain to shutdown miners, collected metadata about miner usage, expose miner users to government and also could be exploited by third parties due to vulnerability in the backdoor code.

With Bitmain's maschines providing most of the global hashrate, this is still an issue since there is still the possibility for more intended or unintended vulnerabilities in the firmwarecode.

[Wind_FURY]

I believe Bitcoin "fixed" that "problem" by embracing the miner' greed. The side effect of a mining "arms race" would be a more secure network.

How does that fix the problem I described?

Before imtroducing "antbleed" give us a short explanation about it.

That's why I posted the link, it's explained there in detail. The code backdoor was fixed already but the problem remains, when a single manufactor basically has control over a large part of the hashrate. In "antbleed" there was a code in the firmware, that allowed Bitmain to shutdown miners, collected metadata about miner usage, expose miner users to government and also could be exploited by third parties due to vulnerability in the backdoor code.

With Bitmain's maschines providing most of the global hashrate, this is still an issue since there is still the possibility for more intended or unintended vulnerabilities in the firmwarecode.

Maybe "fixed" is not the right word. But we already know that mining is more complicated than "profit" and "greed". There are risk and reward ratios at play if the miner or a group of miners do foul play.

The miners remember BIP148 and NO2X very well.

[mindphuq]

I believe Bitcoin "fixed" that "problem" by embracing the miner' greed. The side effect of a mining "arms race" would be a more secure network.

How does that fix the problem I described?

Before imtroducing "antbleed" give us a short explanation about it.

That's why I posted the link, it's explained there in detail. The code backdoor was fixed already but the problem remains, when a single manufactor basically has control over a large part of the hashrate. In "antbleed" there was a code in the firmware, that allowed Bitmain to shutdown miners, collected metadata about miner usage, expose miner users to government and also could be exploited by third parties due to vulnerability in the backdoor code.

With Bitmain's maschines providing most of the global hashrate, this is still an issue since there is still the possibility for more intended or unintended vulnerabilities in the firmwarecode.

Maybe "fixed" is not the right word. But we already know that mining is more complicated than "profit" and "greed". There are risk and reward ratios at play if the miner or a group of miners do foul play.

The miners remember BIP148 and NO2X very well.

Yes, there are risks but the risks are at 0% when you have 51% of the network weight. Anything below 51% can make your foul play fail, at 25% you have a 1% chance of success over 10 confirmations. But as soon as you pass 50% you have 100% of success for your foul play, no matter how many confirmations from the network (all full nodes) you get. The propability graph is expotential with reaching 100% at >50%



(see https://bitcoil.co.il/Doublespend.pdf).

BIP148 and NO2X don't fix the majority attack at all.

The "profit and greed" issue has a slightly different aspect. Attacking a PoW coin with 51% would make you lose no money other than what you have spend on energy cost. The mining rig you used for that attack (if it's yours at all) could be sold after the work is done and compensate a part of the energy cost. With PoW you don't need to have any value in the Blockchain, you can point your miners at any Blockchain you desire and the coins you earn will be spend for your profits. In other protocols you risk your own investment in the Blockchain when you attempt to attack it, or as Vitali put it: "Attacking proof of stake is like buying the biggest mining rig and set it on fire".