Bitcoin Forum
January 23, 2020, 02:36:29 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 »  All
  Print  
Author Topic: Ethereum Anti-ASIC fork, is it the right time for bitcoin too?  (Read 2043 times)
aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 11, 2019, 03:22:51 AM
Last edit: January 11, 2019, 03:34:14 PM by aliashraf
Merited by Stedsm (7), Welsh (5), ETFbitcoin (1), HeRetiK (1)
 #21

I have to admit though that this point becomes utterly moot under the assumption that Bitcoin's future PoW scheme is as resistant against QC as it is against ASICs.
And we are done with QC issue, because ProgPoW is absolutely better than sha2 in this regard.

Quote
Regardless of this, economics of scale would still apply and whether big miners buy ASICs or GPUs wholesale seems to make little difference to me. However I'm not quite up-to-date with the current mining hardware market and Bitmain's stranglehold may be worse than I think.

It would be interesting to see what sharing mining hardware with Bitcoin would mean for alts though (and vice versa).
GPU industry is far more competitive and healthy than its ASIC counterpart and more importantly, gpus are distributed around the globe more evenly. A gpu friendly algorithm of any type has a large memory footprint (to resist being cracked by ASICs like what happened to bitcoin) and memory banks are a rare resource with limited global supply, a scene that is unlikely to change for near future.
IMO, there is nothing to worry about gpus being monopolized, nobody could afford such a huge investment because the demand for mining is a fraction of the total demand for gpus and manufacturers won't sacrifice their market for a tricky one time business.

Is it though? The GPU industry is essentially a duopoly of NVIDIA and AMD, with Bitcoin's GPU mining era having been an AMD monoculture. Additionally the 2017 bubble had enough of an impact on the GPU market that regular gamers were facing a supply shortage and prices inflated way beyond the original release date prices. And that was just alt coin mining, even excluding Scrypt-based coins.

GPUs are definitely wider distributed than ASICs, but don't underestimate the market impact of crypto. Given a crazy enough market high-end GPUs (ie. the ones that are relevant for mining) can become just as hard to attain for the common mortal as ASIC miners.
You are right about duopoly, but it is not a threat. NVIDIA and AMD are not stakeholders in cryptocurrency and gaming industry is very high profile ways more important than mining. We are speaking of a 200 billion dollars market which is doubling every year and is supposed to keep the pace for a decade. Neither of the two giants have any plans to quit this industry or undermine it in favor of mining.

Still, you are right about it being a problem, having two manufacturers as original source, but it is the same for most essential parts of computing industry RAM, CPU, GPU , ... and when it comes to choose between Bitmain and NVIDIA I rather choose the latter for so many reasons: not being a mining company, absolutely no ways to implant backdoors, potentially subject to a comparably strong competitor (AMD), having a much wider market to be worried about, more transparency, ... you say.


As of altcoin gpu miners, I believe it is really interesting because they can act as another stabilizing factor.
Funny, I personally assume quite the opposite as I'm instantly reminded of the BCH / BTC hashrate fluctuations and the recent 51% attacks on minor alt coins. Not necessarily a problem for Bitcoin, but definitely not stabilizing for the ecosystem as a whole.

That's just my thoughts though, what leads you to the conclusion that Bitcoin sharing hashrate with alts would be stabilizing?
Although I propose a gradual migration, in the beginning it would have disruptive consequences on gpu market and altcoin mining both, but once the dusts are settled we have nothing much different than what we already have right now.
And yes, it is good situation with gpu mineable coins, despite all the hype about 51% attacks. I don't care about this attack at all, as you know.
Let's don't worry about this attack for a moment, and realize that it is a very strong stabilizer mechanism in altcoin mining industry right now. Professional miners, don't switch between coins just because of temporary price fluctuations as reported by coinmarketcap or other indexing services, they consider choosing coins with stronger infrastructure and long term perspective as well. As a result we have an objective measure regarding actual value of coins. When something bad happens for a coin, both price and hashrate will drop and vice versa and mining industry acts more coherent with basic incentive system designed for bitcoin...

On the contrary, ASIC mining is subject to manipulation by the manufacturer. It is why we have experienced a long term weird pattern in bitcoin mining in 2018. Despite steep price decline for months network hashrate and difficulty figures were climbing sharp and stopped just when mining bitcoin proved itself not to be profitable and miners were no longer able to tolerate losses. It is what happens when you have miners as slaves of a manufacturers, even worse.

Let's look closer to the recent event in ASIC industry, Bitmain is launching its 7 nm ASICs while bitcoin is in the lowest price levels in a year, now what do miners have to do other than buying new hardware and dumping their now useless ASICs? See? It is worse than slavery!

This is very different for gpu miners, when the whole market is down, there is a chance to assign other jobs to gpus and more importantly, there is no force to install new hardware.

Unfortunately, I have not made a deep assessment regarding this issue and I have no statistics to present right now, but according to my own experience, ASIC miners are easy targets for the manufacturer but gpu miners are not slaves of NVIDIA or AMD, they have a better chance to back-off or at least not to sink even more.

Please note, having a good balance between incentives and costs is the essence of what makes cryptocurrency a decent industry, so, I'm not talking about miners interests here, I'm talking about how keeping miners safe and secure is critical for a long term stability of the whole ecosystem.  
The way I see it, gpu mining provides a better mechanism for regulating the balance with cryptocurrency total value and its total costs (energy consumption mainly) and a better mechanism for distributing this costs between different coins.

In cryptocurrency we have no assumption about loyalty, all in all it is about being rational instead of loyal. I know you are aware of this point I just don't get it why should you make such a weird argument tho.
If your investment is at stake and you can't use it for anything else (as is the case with ASICs), loyalty becomes the rational choice. Granted, it's the kind of "loyalty" that only lasts until the hardware becomes obsolete, but that's still a couple of months of hashing that you would otherwise need to continuously compete for.
I understand miners being trapped (because of using a specialized device) sounds like kinda 'loyalty' but it is not a good kind, it is even bad because of fragility. Naturally when there is no flexibility we are dealing with fragility, aren't we?
Investment is about opportunity cost which is just one factor and not the most important one. We have electricity, labour and overhead costs involved as well. A miner remains loyal up to the point that other costs have not surpassed the incomes minus opportunity costs substantially and in long run. They start to halt their operations at a certain point while in the same time, ASIC producer pushes for new hardware, hence the gradual elimination of small mining facilities won't act as a relief because the total network hashrate remains high or even climbs up! So the elimination process escalates even more. The net result would be a highly centralized mining scene.

I think people who insist on this kind of 'loyalty' just forget the basics and mistakenly suppose this kind of loyalty, accidentally is good for security of bitcoin because of miners (slaves) who are trapped in the network and are securing it for free!
It is not how it works in socioeconomic systems. Such a security is not considered sustainable and is doomed to centralization. When a coin price is tilting down, you need less hashpower to keep it secure and vice versa. It is the rule and as much as having such a system in its pure form is impractical, violating this rule intentionally or justifying such violations as "fortunate accidents" is not acceptable.

Let's forget about 50%+1 attack, not everything is about such an attack and it will never happen for a big fish like bitcoin or ethereum and smaller ones should take care of their business by smart measures, I've proposed one earlier: require more confirmations for more precious txns.

Requiring more confirmations is the obvious solution, but also an incredibly impractical one. Having your customers wait for a day worth of confirmations on the off-chance that a someone is about to mount a 51% attack is rather crippling, even if you only apply it to larger transactions.
I disagree. 51% attacks for the soul purpose of double spending one or few utxos do not put ordinary txns in danger unless they spend coin base of orphan blocks. Maturity of a coin base txn should be delayed enough proportional to the costs of attacks and if it is not tuned properly, user wallets should issue a warning for such txns (my proposal) so, it is all about how and when the recipient is satisfied with number of confirmations. For ordinary low stake txns there is no risks (supposedly not originated from a recent coinbase) involved as after the re-org it will be re-confirmed if it is not already, for high stake txns, it is totally acceptable to analyze the risks and wait for a substantially higher period of time (number of confirmations).

I think it is all about exchanges and their poor software designs: typically they do not distinguish between a multi million dollar and a one hundred dollar txn and use a same stupid parameter as the number of confirmations. it is really crazy, you don't need to wait like two days to be convinced about my deposit of like 5 etc but if I had enough money to buy like 1,00,000 etc from you, I wouldn't release the funds sooner than a week after the first confirmation. When two entities have chosen a low hashrate coin to do a high stake business, they need to treat it properly.

I have to insist on the above arguments once more: When bitcoin was started 10 years ago and in the first couple of years no body accused it of being insecure, while any data center owner was able to commit a 51% attack against it! As long as we are discussing bitcoin as of its design principles, it is secure not because of its absolute security against 51% attacks but because of the equilibrium between the incentives and the costs involved. Lower prices reduce incentives and attack costs altogether and higher price acts contrarily. it is true because in an idealistic scenario, we have network hashrate and price that are regulated inversely and network hashrate is what determines attack costs.


1579790189
Hero Member
*
Offline Offline

Posts: 1579790189

View Profile Personal Message (Offline)

Ignore
1579790189
Reply with quote  #2

1579790189
Report to moderator
1579790189
Hero Member
*
Offline Offline

Posts: 1579790189

View Profile Personal Message (Offline)

Ignore
1579790189
Reply with quote  #2

1579790189
Report to moderator
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579790189
Hero Member
*
Offline Offline

Posts: 1579790189

View Profile Personal Message (Offline)

Ignore
1579790189
Reply with quote  #2

1579790189
Report to moderator
aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 11, 2019, 04:35:50 AM
Last edit: January 11, 2019, 12:41:12 PM by aliashraf
Merited by Stedsm (5), Welsh (3)
 #22

One ASIC 'trick' is pipelining. I don't know if GPU's support it ? Sounds like they should frankly.. But if they don't.. their Resistance Is Futile ;p

You build a circuit that does SHA256. Great, you can now run SHA256 at the speed of a hardware chip. But only ONCE per iteration. So you can run it once and then when it's finished, check the result, and then run it again. Normal programs will do this. It's very fast to do 1 sha256. A GPU can do this. Lets say it takes 1000 clock cycles.

Or - you build an ASIC that does does sha256.. BUT you can run a separate thread through the circuit per clock cycle. You start one, and then before it has finished, and before you have a result, start another thread one clock cycle behind IN THE HARDWARE CIRCUIT. It takes 1000 clock cycles to get the first result, just as with the first version, but after that you get 1 result EVERY clock cycle. That's 1000x faster. If the algo takes more steps say 10,000, then it gets 10,000 time faster.

That works against any algorithm that isn't running on pipelined hardware.
Cheers bro, long time no see  Smiley
Excellent contribution, as always:
Although GPUs support pipelining, it is not the feature one can use in mining because it is typically a part of specialized rendering/streaming and video related modules which is not programmable. 

Essentially an ASIC is composed of a series of combinational circuits typically managed by a sequential one which is pipelined specially just like pipelined rendering operations in gpus.
To make it infeasible for such a chip to use pipes, we have to note that, this architecture is effective as long as 1)all the operations are supported by the combinational units, and as far as 2) each step is not dependent on the result of previous step.

1) the first mitigation to such a pipelined ASIC attack is using a memory hard algorithm which carefully uses a large memory footprint and lot of FETCH operations. FETCH is an operation which no combinational circuit could help with. I say carefully because it is possible to have a large memory bank designed specially to do simple operations in-place on memory words without fetching them to processing unit, like when you do a simple xor between adjacent memory words, etc.

2) To make pipelining even more inefficient an algorithm may impose a pseudo random series of basic (with 1 cycle cost) calculations that consume previous step results.
This way pipes become practically useless.

There are a lot of other techniques including SIMD, Single Instruction Multiple Data, which ASICS use but GPUs are far more specialized in.

ProgPoW combines all the above techniques plus a lot more and current consensus among experts confirms it as being highly difficult to beat when running on a commodity gpu. Intensive analysis suggest that a hypothetical ASIC wouldn't be able to provide more than %20 efficiency and it is not enough to justify design and manufacturing costs of such a device. It seems to be even more unlikely to have such a chip around ever because of it being worthless for other applications and vulnerable to further algorithm changes.

I strongly recommend you to take a look at https://medium.com/@ifdefelse/understanding-progpow-performance-and-tuning-d72713898db3

And this one is also a very interesting reading: https://medium.com/@OhGodAGirl/thank-you-alexander-for-your-constructive-feedback-d39078079186
Author of the second article, K. L. Minehan is the main inventor of ProGPoW, she introduces herself this way: Author. Artist. Aussie. Asshole.  Grin





aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 11, 2019, 06:09:46 AM
 #23

when a cryptographic algorithm get ASICed, it should be considered a failure and fixed instead of being justified as 'inevitable', 'not a big deal' or even 'a good thing'!
It is just ridiculous how is it possible to have a cryptographic system of any kind being cracked by a specialized circuit and considered safe meanwhile?

For an algorithm to be "cracked", we'd first have to agree that designing hardware to perform a task more efficiently is effectively breaking some sort of implied lock.  I'm still yet to be convinced there's a lock to break, let alone that ASICs are somehow breaking them.  It's unlikely we're ever going to see eye-to-eye on this.

Perhaps if an algorithm was specifically designed with ASIC resistance in mind, then you could make that claim.  But that doesn't apply here.
Of course it does break a lock, how would it be possibly considered otherwise? We are talking about cryptography after all!

Quote from:  Satoshi Nakamoto, bitcoin whitepaper, section 4
If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.
Satoshi was not an expert of chip manufacturing industry and had no clue about how a stupid algorithm like sha256 is vulnerable to ASIC attack. This is it.

Suppose as a result of ignorance, whatever, nobody have attempted this attack until now and we have still gpu/cpu mining of sha256 with like 2,000,000 gpus installed. Now you manage to build a s9 which outperforms a gpu by being like 10.000 times more efficient with almost the same price and instead of selling your miner you choose to run a farm consisted of just 100 s9s. As a result difficulty surges like %50 and you have access to 1/3 of total network hash power and your profitability is 10,000 times more than other competitors. Now are we allowed to consider it a failure and sha256 a bad choice for PoW?

SHA256 was a bad choice for PoW, it was designed to be run by average users with commodity hardware in a one-cpu-one-vote manner but it failed to do so because it was cracked by ASICs. Period.
DooMAD
Legendary
*
Online Online

Activity: 2226
Merit: 1441


Leave no FUD unchallenged


View Profile WWW
January 11, 2019, 07:57:27 AM
 #24

For an algorithm to be "cracked", we'd first have to agree that designing hardware to perform a task more efficiently is effectively breaking some sort of implied lock.  I'm still yet to be convinced there's a lock to break, let alone that ASICs are somehow breaking them.  It's unlikely we're ever going to see eye-to-eye on this.

Perhaps if an algorithm was specifically designed with ASIC resistance in mind, then you could make that claim.  But that doesn't apply here.
Of course it does break a lock, how would it be possibly considered otherwise? We are talking about cryptography after all!

And how do ASICs break the cryptographic hash function?  The idea of mining is to solve the nonce.  Finding a way to do it as efficiently as possible is not breaking any cryptographic element.


Quote from:  Satoshi Nakamoto, bitcoin whitepaper, section 4
If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.
Satoshi was not an expert of chip manufacturing industry and had no clue about how a stupid algorithm like sha256 is vulnerable to ASIC attack. This is it.

So ASICs are bad but GPU mining is okay?  It's nice to see where we draw the arbitrary lines.  The centralising element doesn't come from the hardware used, but from the quantity of units one person can utilise.  If I mine on my home CPU, while some billionaire has 50 warehouses dotted around the globe with 10000 CPUs mining away, it's literally no different in terms of centralisation.


Suppose as a result of ignorance, whatever, nobody have attempted this attack until now and we have still gpu/cpu mining of sha256 with like 2,000,000 gpus installed. Now you manage to build a s9 which outperforms a gpu by being like 10.000 times more efficient with almost the same price and instead of selling your miner you choose to run a farm consisted of just 100 s9s. As a result difficulty surges like %50 and you have access to 1/3 of total network hash power and your profitability is 10,000 times more than other competitors. Now are we allowed to consider it a failure and sha256 a bad choice for PoW?

It would be a bigger failure if we switched the algorithm to one that could allow that to happen in future.  Attempting to restrict ASICs and someone managing to do it anyway is the only way this scenario could occur now.  For me, personally, your ideology isn't worth the potential cost to the network.  Others may feel differently.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 856


Crypto-Games.net: Multiple coins, multiple games


View Profile
January 11, 2019, 08:05:44 AM
 #25

In governance Ethereum is far more centralized than bitcoin, they have Vitalik both as a celebrity and a spiritual leader and believe it or not they have a roadmap  Cheesy

IMO, a cryptocurrency with a leader,  is not reliable in the first place, but when the leader turns out to be a PoS believer in charge of a PoW coin things get even more confusing. I believe that Eth 2018 falling down 3 times worse than bitcoin has some thing to do with this fact.

Still there are good news as well: Vitalik is growing up and stepping down, well, not officially and completely but there exist signs.


He has no choice as Ethereum centralizes more and more away from him, and to Infuria running and controlling most of the dapps, and the nodes. Hahaha.

Vitalik will become something like a mascot.


Quote

Most importantly, in January 5 latest Ethereum core dev meeting ended with a long-waiting admission, tentatively tho, of implementing ProgPoW as an anti-asic algorithm to retire Ethash. ProgPoW is designed to utilize gpu strengths such that it is almost impossible for asic manufacturers to build a considerably more efficient chip for mining it and not ending to to a gpu design project.


Ok.

Quote

It is an important event in cryptocurrency and I think we will be witnessing a new wave of debates and discussions in bitcoin community regarding the situation with ASICs and the potentials for an anti-ASIC fork.


Or, in Ethereum's situation, will it be an assurance that there will never be another anti-ASIC hard fork again?

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 11, 2019, 03:31:16 PM
 #26

And how do ASICs break the cryptographic hash function?  The idea of mining is to solve the nonce.  Finding a way to do it as efficiently as possible is not breaking any cryptographic element.
QC hypothetically can solve ECDSA problem and ECDSA is about to be considered as a failed algorithm already.People are working hard to find an alternative instead of denial or justification.

So ASICs are bad but GPU mining is okay?  It's nice to see where we draw the arbitrary lines. 
Believe it or not, there is a line between NVIDIA/AMD/Intel/... on one side and Bitmain on the other side.

mixoftix
Member
**
Offline Offline

Activity: 104
Merit: 147

..


View Profile WWW
January 12, 2019, 10:52:10 PM
 #27

I do not agree with people saying ASICs are a threat for x coin, it's not true.

I think I could explain it in other words.

each threat must assess in 2 different ways: "1- severity 2- expanse". the problem with ASICs is because of its severity in a possible threat, but this could not prevent the expanse of a threat that you mentioned it very well - and in fact this is what I try to express. Disabling ASICs is necessary, but not enough. an example for the arrangements that we could take for controlling the EXPANSE factor of a thread, would be flash-back-pinning:

https://bitcointalk.org/index.php?topic=5089384.0

من مست و تو دیوانه، مارا که برد خانه!؟
translation from Persian:
I am drunk and you are insane, who will take us home!? --Rumi
DooMAD
Legendary
*
Online Online

Activity: 2226
Merit: 1441


Leave no FUD unchallenged


View Profile WWW
January 13, 2019, 01:26:49 PM
Last edit: January 13, 2019, 04:10:50 PM by DooMAD
Merited by Welsh (2)
 #28

So ASICs are bad but GPU mining is okay?  It's nice to see where we draw the arbitrary lines.  
Believe it or not, there is a line between NVIDIA/AMD/Intel/... on one side and Bitmain on the other side.

So the question then becomes:

Is your issue truly with ASICs?  Or with Bitmain?

My stance remains that it's far more practical and safe to encourage a larger number of companies to get involved in the production of ASICs, rather than trying to stuff the genie back in the lamp, burying it and then hoping that the clear and obvious financial incentive to let it back out again is never discovered.

Competition works best when there isn't the potential for one competitor to obtain a major advantage over the others.  This is why you raise the bar and not just politely ask the competitors to perform to a lower level than they're capable of.  Sooner or later, their desire to win will override your desire to lower the bar.  If multiple manufacturers can make ASICs, no one company has a major advantage over the others.  But if you make a supposedly ASIC-resistant algo, you open the potential to one company "cracking" it (it's not really a crack, though) before the others do.  And the companies with the most disposable income will have the best chance of gaining the advantage.  That's a weaker system than the one we currently have and I will continue to argue against it.

I mean, you've seen movies, right?  That overused trope where the good guy and the bad guy agree to settle their differences with a fair fist fight, but then when the bad guy is losing, they pull out a knife/gun/whatever?  You can't trust hardware manufacturers to agree to a fair fight.  It won't work.  They want to win and I sincerely doubt they'll lose any sleep if they don't conform to your noble ideals.  

Mining is an arms race.  It was an arms race long before ASICs.  It'll continue to be an arms race if someone comes up with something better than ASICs.  But at no point will it be ever be safe to believe that everyone will lay down their arms and go back to a fist fight.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2618
Merit: 2173



View Profile
January 13, 2019, 06:49:24 PM
Last edit: January 20, 2019, 11:28:32 AM by Carlton Banks
Merited by Welsh (2), ETFbitcoin (1)
 #29

For an algorithm to be "cracked", we'd first have to agree that designing hardware to perform a task more efficiently is effectively breaking some sort of implied lock.  I'm still yet to be convinced there's a lock to break, let alone that ASICs are somehow breaking them.  It's unlikely we're ever going to see eye-to-eye on this.

Perhaps if an algorithm was specifically designed with ASIC resistance in mind, then you could make that claim.  But that doesn't apply here.
Of course it does break a lock, how would it be possibly considered otherwise? We are talking about cryptography after all!

And how do ASICs break the cryptographic hash function?

They don't.


Hash algorithms are broken when you find a collision, efficiently. "Efficient" in practice means devising a different algorithm to SHA256 that can find collisions on a practical timescale. SHA256 ASICs cannot be used to look for collisions efficiently, they are designed to do one thing only: perform the actual SHA256 algorithm on data being fed to them.

It's possible they could find a collision, but checking that would have to be programmed by the controller, not an SHA256 ASIC. It's unlikely though, and certainly has nothing to do with making SHA256 unusable for authentication etc. That would require an efficient method of finding collisions, not an inefficient method (i.e. brute forcing). If you want to man-in-the-middle someone, using a hash farm to brute force their connection's shared secret key is going to be frustratingly expensive if the target renegotiates their HMAC secret at almost any frequency more than, say, once every 1000 years.

There's never been a report I've heard of an SHA256 ASIC being used to find even 1 hash collision, despite the inconceivable number of hashes performed in Bitcoin mining since 2009.

Vires in numeris
aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 13, 2019, 08:28:48 PM
 #30

For an algorithm to be "cracked", we'd first have to agree that designing hardware to perform a task more efficiently is effectively breaking some sort of implied lock.  I'm still yet to be convinced there's a lock to break, let alone that ASICs are somehow breaking them.  It's unlikely we're ever going to see eye-to-eye on this.

Perhaps if an algorithm was specifically designed with ASIC resistance in mind, then you could make that claim.  But that doesn't apply here.
Of course it does break a lock, how would it be possibly considered otherwise? We are talking about cryptography after all!

And how do ASICs break the cryptographic hash function?

They don't.


Hash algorithms are broken when you find a collision, efficiently. "Efficient" in practice means devising a different algorithm to SHA256 that can find collisions on a practical timescale. SHA256 ASICs cannot be used to look for collisions efficiently, they are designed to do one thing only: perform the actual SHA256 algorithm on data being fed to them.
َWho says that?

Breaking a cryptographic system, is just about finding a solution much cheaper and faster than what is expected as the processing cost and time by the inventor. SHA256 ASICS are not cracking the hash function, they are a crack against how bitcoin is using it as a cryptographic system. They are breaking PoW, not SHA256.

To be more specific, a cyberpunk Satoshi Nakamoto, devised a one cpu, one vote system for a decentralised system named bitcoin, instead of finding a collision the problem was defined to find a nonce that hashes to a value close enough to a target. just like collision problem which is hard to find the new problem was supposed to be hard, not that much but reasonably hard to solve, the inventor designed the whole system on this simple concept: AS the problem is equally hard for all the participants, the ones who consume more energy and allocate more cpus have more chance to solve it sooner and deserve to be rewarded more.

It is what then happened, some greedy douche bags found a flaw in Satoshi's schema: the whole algorithm (SHA256 being its core but not the whole) has very small memory footprint and can be accelerated dramatically by a specialized chip, an ASIC. End of the story.

The thing with people like you is that you are addicted to this situation at the same time that you are taking advantage of it. All those stupid and worthless arguments that you guys repeat over and over about how inevitable are ASICs because every algorithm is vulnerable to ASICs, ASICs are not a big deal, GPUs are not that much different than ASICs, ASICs are good because they can't jump in/out the network, ASICs are good because they are immune to botnets, bla,blah, ... they are just pure garbage, they do not deserve to get an answer, they are just some desperate justifications mad by some addicts who have no choice other than living in the jails made by a bunch of greedy crackers who are mocking them at the same time that are making money out of their misery.
DooMAD
Legendary
*
Online Online

Activity: 2226
Merit: 1441


Leave no FUD unchallenged


View Profile WWW
January 13, 2019, 09:04:41 PM
 #31

Breaking a cryptographic system, is just about finding a solution much cheaper and faster than what is expected as the processing cost and time by the inventor.

And yet this is the first time I've ever heard this definition.  Curious.  Someone might think you just came up with it.   Roll Eyes

An inventor can't protect their invention against the passage of time.  There's no cure for progress.  It's what people do.  We find solutions to do stuff faster and cheaper.  Why is this such an outrage all of a sudden?


SHA256 ASICS are not cracking the hash function, they are a crack against how bitcoin is using it as a cryptographic system. They are breaking PoW, not SHA256.

This seems to be more of an opinion rather than a statement of fact.


To be more specific, a cyberpunk Satoshi Nakamoto, devised a one cpu, one vote system for a decentralised system named bitcoin, instead of finding a collision the problem was defined to find a nonce that hashes to a value close enough to a target. just like collision problem which is hard to find the new problem was supposed to be hard, not that much but reasonably hard to solve, the inventor designed the whole system on this simple concept: AS the problem is equally hard for all the participants, the ones who consume more energy and allocate more cpus have more chance to solve it sooner and deserve to be rewarded more.

Arguably, the system was devised so that the incentive to build a valid blockchain is greater than the incentive to attack it.  A multitude of other coins with different algorithms thought they could do better and subsequently fell at this very hurdle.  What's the rush to repeat their mistakes?


All those stupid and worthless arguments that you guys repeat over and over about how inevitable are ASICs because every algorithm is vulnerable to ASICs, ASICs are not a big deal, GPUs are not that much different than ASICs, ASICs are good because they can't jump in/out the network, ASICs are good because they are immune to botnets, bla,blah, ... they are just pure garbage, they do not deserve to get an answer, they are just some desperate justifications mad by some addicts who have no choice other than living in the jails made by a bunch of greedy crackers who are mocking them at the same time that are making money out of their misery.

Opinions again.  You haven't actually countered any of those arguments.  Calling them garbage does not constitute a rebuttal.  Thanks for repeating some of reasons why changing the algo has downsides, though.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2618
Merit: 2173



View Profile
January 13, 2019, 09:16:27 PM
 #32

Actually ASIC is a crack against cryptography, it has always been since WWII and nothing has changed, when a cryptographic algorithm get ASICed, it should be considered a failure and fixed instead of being justified as 'inevitable', 'not a big deal' or even 'a good thing'!
It is just ridiculous how is it possible to have a cryptographic system of any kind being cracked by a specialized circuit and considered safe meanwhile?



you're backpedalling the above claim, and you knew you were wrong when you made it. I won't be replying further

Vires in numeris
aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 13, 2019, 10:02:50 PM
 #33

Breaking a cryptographic system, is just about finding a solution much cheaper and faster than what is expected as the processing cost and time by the inventor.

And yet this is the first time I've ever heard this definition.  Curious.  Someone might think you just came up with it.   Roll Eyes
Still, it is the most correct definition ever. Cryptography has always been about time and cost and crack is always about designing special circuits to surprise the cryptographer. It has always been so and will remain always so.

Quote
An inventor can't protect their invention against the passage of time.  There's no cure for progress.  It's what people do.  We find solutions to do stuff faster and cheaper.  Why is this such an outrage all of a sudden?
It is no progress, who told you making ASICs is progress? Progress is about a technology that solves human kind civilization to produce better and cheaper goods and services. In cryptography, ASICs are just used for one purpose: stealing money from miners.

Quote
SHA256 ASICS are not cracking the hash function, they are a crack against how bitcoin is using it as a cryptographic system. They are breaking PoW, not SHA256.
This seems to be more of an opinion rather than a statement of fact.
Nop. It is absolute fact, the bare truth, bitcoin PoW was broken by these douchebags and nothing can ever change this fact. Satoshi invented a way to compare the amount of energy and resources miners allocate to mining and to distribute rewards according to this comparison then some cracker showed up by an ASIC that was thousands of (and not two or three) times more efficient than average commodity devices laughing at Satoshi and bitcoin miners. Definitively it was a crack and deserved mitigation, immediate mitigation.

Quote
To be more specific, a cyberpunk Satoshi Nakamoto, devised a one cpu, one vote system for a decentralised system named bitcoin, instead of finding a collision the problem was defined to find a nonce that hashes to a value close enough to a target. just like collision problem which is hard to find the new problem was supposed to be hard, not that much but reasonably hard to solve, the inventor designed the whole system on this simple concept: AS the problem is equally hard for all the participants, the ones who consume more energy and allocate more cpus have more chance to solve it sooner and deserve to be rewarded more.

Arguably, the system was devised so that the incentive to build a valid blockchain is greater than the incentive to attack it.  A multitude of other coins with different algorithms thought they could do better and subsequently fell at this very hurdle.  What's the rush to repeat their mistakes?
Nop. Incentive mechanism is irrelevant in this context, we are discussing PoW, it is about how much resources are required to do a job socially.

Quote
All those stupid and worthless arguments that you guys repeat over and over about how inevitable are ASICs because every algorithm is vulnerable to ASICs, ASICs are not a big deal, GPUs are not that much different than ASICs, ASICs are good because they can't jump in/out the network, ASICs are good because they are immune to botnets, bla,blah, ... they are just pure garbage, they do not deserve to get an answer, they are just some desperate justifications mad by some addicts who have no choice other than living in the jails made by a bunch of greedy crackers who are mocking them at the same time that are making money out of their misery.

Opinions again.  You haven't actually countered any of those arguments.  Calling them garbage does not constitute a rebuttal.  Thanks for repeating some of reasons why changing the algo has downsides, though.
I don't GAS about such arguments that have been made up AFTER the event to be used for justification purposes only. If ASIC was a good idea, Satoshi or the community should have been discussing it long before douchebags started secretly using it to get rich enough to make a better version and sell the old one to stupid people. I personally never bought an ASIC other than for experimental purposes, not a stupid after all.
aliashraf
Hero Member
*****
Offline Offline

Activity: 966
Merit: 727

always remember the cause


View Profile WWW
January 13, 2019, 10:19:10 PM
 #34

Actually ASIC is a crack against cryptography, it has always been since WWII and nothing has changed, when a cryptographic algorithm get ASICed, it should be considered a failure and fixed instead of being justified as 'inevitable', 'not a big deal' or even 'a good thing'!
It is just ridiculous how is it possible to have a cryptographic system of any kind being cracked by a specialized circuit and considered safe meanwhile?



you're backpedalling the above claim, and you knew you were wrong when you made it. I won't be replying further
So, you are happy with Bitmain and the stupid mining scene of bitcoin? Good for you, but pleas don't try to convince me about your reasons, there is no reason other than giving up and being a coward for being a supporter of an entity that its business by definition is ruining PoW algorithm and taking cryptocurrencies as hostage and turning miners to its slaves.
squatter
Legendary
*
Offline Offline

Activity: 1344
Merit: 1030


STOP SNITCHIN'


View Profile
January 13, 2019, 10:34:22 PM
 #35

Given the size of the industry nowadays I also have my doubts that a mere switch to GPU / CPU mining would help decentralization all that much; at least not without additional measures to make pool mining significantly less attractive.

This seems to be the important question. What tangible benefits can we expect from ensuring the viability of GPU or FPGA mining? At large scale, how different are the economics of general purpose vs. application-specific processors? In both cases, it seems like mining hardware production would still be fairly concentrated among a few giant producers. Also, if we look to historical pool hash rate distribution of, for example, Ethereum vs. Bitcoin, the former is not necessarily less concentrated. So, what's the goal here?

I think a lot of people look at the advent of ASICs in 2013 and the subsequent rise of Bitmain, and they automatically blame ASICs for how the industry developed. However, I think a lot of it has to do with industry consolidation and concentration of capital that you'd see develop in any growing market over time.

mixoftix
Member
**
Offline Offline

Activity: 104
Merit: 147

..


View Profile WWW
January 13, 2019, 11:20:37 PM
 #36

SHA256 ASICS are not cracking the hash function, they are a crack against how bitcoin is using it as a cryptographic system. They are breaking PoW, not SHA256.

This seems to be more of an opinion rather than a statement of fact.

No. look my friend, there are many reports that show us the speed of providing processing power now is more than Moore's Law [1] and the processing power that is available is at the level of a mouse brain. this is also expected that after 2020 we will enter the age of processing by optical, quantum and DNA computing that will lead us to the singularity point. I am not going to elaborate the technological aspect of singularity here (this is obviously off topic) but I personally believe that cryptocurrencies could survive economies within age of singularity and PoW is vulnerable here. this is one of the most clear visions from the future that shows us how machine could overcome the human kind.

this is very simple to see that PoW rewards the density of processing power and who provides denser processing power than 51%, the whole network will move under his control (in ETC case, better say extortion [2]). really, what happens if we sleep and tomorrow morning when we wake up, see top 3 pools of bitcoin are joined together and have the majority of processing power!? then we just ASK them to divide their power and we pray in silent they do that?! till now the crypto world was in its earliest stages, but in the beginning of 2019 how we ever could call it a consensus model [3]:

Quote
In five years, that’s never happened, because the BTC mining community has aggregated into a number of large players rather than a single network with disproportionate influence. Now, for the first time, that’s changed — Ghash.io passed the 51% mark for more than 12 hours this week, after promising to never do so back in January 2014

byzantine generals problem never been based on "thanks to good relation among our generals (pools) a traitor could not threaten the consensus model.."




[1] https://en.wikipedia.org/wiki/Moore%27s_law

Quote
Although the rate held steady from 1975 until around 2012, the rate was faster during the first decade. In general, it is not logically sound to extrapolate from the historical growth rate into the indefinite future. For example, the 2010 update to the International Technology Roadmap for Semiconductors predicted that growth would slow around 2013, and in 2015 Gordon Moore foresaw that the rate of progress would reach saturation: "I see Moore's law dying here in the next decade or so."

[2] https://www.trustnodes.com/2019/01/13/etc-block-rewards-go-crazy
[3] http://www.extremetech.com/extreme/184427-one-bitcoin-group-now-controls-51-of-total-mining-power-threatening-entire-currencys-safety


من مست و تو دیوانه، مارا که برد خانه!؟
translation from Persian:
I am drunk and you are insane, who will take us home!? --Rumi
DooMAD
Legendary
*
Online Online

Activity: 2226
Merit: 1441


Leave no FUD unchallenged


View Profile WWW
January 13, 2019, 11:57:53 PM
Merited by Wind_FURY (1)
 #37

crack is always about designing special circuits to surprise the cryptographer. It has always been so and will remain always so.

Come again?  Maybe you've taken too much crack or something.


It is no progress, who told you making ASICs is progress? Progress is about a technology that solves human kind civilization to produce better and cheaper goods and services.

CPU -> GPU -> ASIC appears to follow a technological progression.  Each faster and more efficient than the last.  Ergo, progress.  ASICs can't be uninvented.


In cryptography, ASICs are just used for one purpose: stealing money from miners.

Even if that were the case (and I don't think anyone here is convinced that it is), I'm still yet to hear anything other than how you think ASICs are bad.  Your ASIC-proof unicorn has yet to materialise here in the real world.  


I personally never bought an ASIC other than for experimental purposes, not a stupid after all.

Are you sure?  You're taking all this rather personally.



I think a lot of people look at the advent of ASICs in 2013 and the subsequent rise of Bitmain, and they automatically blame ASICs for how the industry developed. However, I think a lot of it has to do with industry consolidation and concentration of capital that you'd see develop in any growing market over time.

There's also the notable issue of a number of other hardware suppliers at the time being shady as shit.  It almost seems like there were more manufacturers and suppliers embroiled in scandals and frauds than there were legitimate companies operating in the scene.

AGD
Legendary
*
Offline Offline

Activity: 1862
Merit: 1060


Keeper of the Private Key


View Profile
January 14, 2019, 05:00:38 AM
Merited by Wind_FURY (1)
 #38

ASIC's are just a logical step in Bitcoins evolution, since it is designed to have a value and optimizing hardware/code to achieve more value is unavoidable.

Bitcoin is not a bubble, it's the pin!
+++ GPG Public key FFBD756C24B54962E6A772EA1C680D74DB714D40 +++ http://pgp.mit.edu/pks/lookup?op=get&search=0x1C680D74DB714D40
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 856


Crypto-Games.net: Multiple coins, multiple games


View Profile
January 14, 2019, 05:29:25 AM
Merited by gmaxwell (2), Welsh (2)
 #39

ASIC's are just a logical step in Bitcoins evolution, since it is designed to have a value and optimizing hardware/code to achieve more value is unavoidable.

Plus proposals to hard fork to disable ASICs will never gain wide consensus from the community. Never. Who wants to amputate the network of nodes and hashing power?

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
mixoftix
Member
**
Offline Offline

Activity: 104
Merit: 147

..


View Profile WWW
January 14, 2019, 10:14:10 AM
Last edit: January 14, 2019, 10:34:06 AM by mixoftix
 #40

ASIC's are just a logical step in Bitcoins evolution

we could consider self-driven cars as an evolution for man-driven cars. vehicle detector cameras could also consider as an evolution for classic speed cameras. but my friend, how could we consider vehicle detector cameras as an evolution of cars at all? a camera is an environmental threat (or opportunity) that is growing out there - out of control of car manufacturers.. now if you drive faster than declared speed limit in a road (do not regulate yourself and improve your driving algorithms), then you will penalize by the speed camera (a consensus fork happens).

ASIC technology always exists and grows out there - out of control of bitcoin. if you want to talk about the evolution of bitcoin, you need to bring a new idea as a BIP. bitcoin is just an algorithm. BTW, evolution is not only about survival, it is also about perish and letting others survive..

Reminder:

"it is not the most intellectual of the species that survives; it is not the strongest that survives; but the species that survives is the one that is able best to adapt and adjust to the changing environment in which it finds itself -- Professor Darwin"

UPDATE:
Plus proposals to hard fork to disable ASICs will never gain wide consensus from the community. Never.

it is alright. this is enough for everybody to know the truth that the PoW will die when Moore's law dies. accepting a problem is the first step for providing a solution.

من مست و تو دیوانه، مارا که برد خانه!؟
translation from Persian:
I am drunk and you are insane, who will take us home!? --Rumi
Pages: « 1 [2] 3 4 5 6 7 8 9 10 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!