Anti ASIC/GPU/FPGA POW-algorithm. New (2019).

[IadixDev]

For several years I was thinking about how to make a POW algorithm that will be stable not only against ASIC devices, but also against GPU miners.

Have you ever heard of RandomX? RandomX is not against anything. It just dont give advantage to anything. No one can build an ASIC that have double efficiency as top CPUs you can buy in computer stores all around the world.

Since Monero is one of the coins that changes its algo to stay anti-ASIC I've posted in their thread a link to this.

Monero should not change mining algo anymore. If RandomX works as is intended to that is it.

ASIC only works because the proof of work is based on each hash computation has a certain probability To gain a reward and a fixed cost, and you can compute an infinite number of them in //. Its the only thing that give asic an advantage.

With sequential computation like this, ASICs will be much less powerfull and cost efficient than even a smartphone, because 90% of the transistors are going to be useless for a simple sequential computation. Any cpu even the cheapest micro controller can do a xor/ror in one cycle, so its only a question of clock rate, which is pretty much capped now, and even common hardware already have close to max frequency,  ASICs dont have very high clock frequency.

Ring algorithm like this can still make it easy To proove the work that has been made by a miner.

[flamehowk]

Since Monero is one of the coins that changes its algo to stay anti-ASIC I've posted in their thread a link to this.
Monero users did fund useful projects (useful for Monero), but I cannot tell if this is indeed good and it's indeed what Monero needs (since afaik Monero is CPU and GPU)

Great! Thank you. I would be glad if they respond and use my suggestions.

Edit: OK, I see that each portion or these rings must be sequential and then they can be combined. Weird wording, maybe I'll delve into this later I have no time today.

Yes, you can see the starting topic again, I added a few pictures to explain. Maybe you will better understand. In addition, I plan to post the first video today, where I will explain my algorithm. And along with this, the source code.

Have you ever heard of RandomX? RandomX is not against anything. It just dont give advantage to anything. No one can build an ASIC that have double efficiency as top CPUs you can buy in computer stores all around the world.

RandomX is not a solution. Any algorithm that can be parallelized is not a solution to the problem. In addition, everything that can be counted on the GPU with sufficient investment can be implemented in the ASIC.
My algorithm (RBF) is the solution. It cannot be parallelized. He does not need a graphics card. He does not need a lot of energy. Over time, you will understand ...


TO ALL.
Guys, today I added a few pictures to the description, maybe this will help you better understand my algorithm.
I also added a link to "My Story", where I explained - who I am and in what position I am.
I also added a link to the video "Myself introduce", where I prove that I am I, showing my documents and old's photos (from the Soviet Union - if anyone is interested).
All this I posted in the starting topic.
Now you know who I am and you can better understand what is happening.

Next, I plan to post the first video in which I will show the code of my algorithm and explain how it works. Wait a bit and I will do it. I think I’ll be in time today.

[IadixDev]

Maybe you should add a time scale on the vertical axis with the amount of work done on horizontal axis to show that its not going to take less time to compute it with // units.

[flamehowk]

Ring Bit Function. 1 part.
https://www.youtube.com/watch?v=yg-G6itsHpU&feature=youtu.be
An explanation of the new POW algorithm, which I call the Ring Bit Function (RBF), with C ++ code examples.

[IadixDev]

If i may offer suggestion in the way you present it because its confusing.

The thing with the ring diagram is you want to show two things in the same time.

There is the ring as the total work to do to complete the ring, and the repartition of the numbers, but the ring on the diagram show the total amount of work to do, not the total space of possible 256 bits numbers. Each round still advance linearly into the ring of total work to do even if the number distribution along the steps is not linear.

As far as i can tell, function like xor/ror are the bread and butter of most simple cypher cryptographic algorithm, so i would think it cannot be easily simulated with linear function, BUT the amount of work to do for a particular ring is still linear so the progression on the ring that represent the amount of work to do should still be linear

Well its just my 2 cents to make it more clear, i can try to make some diagram to explain better

[dasgardo87]

im just waiting for this coin to release, good luck with your funding

[flamehowk]

Ring Bit Function. 2 part.
https://www.youtube.com/watch?v=Ir9Ptfg0Nbg&feature=youtu.be
In this part we make a chain of RBF rings.

The thing with the ring diagram is you want to show two things in the same time.

There is the ring as the total work to do to complete the ring, and the repartition of the numbers, but the ring on the diagram show the total amount of work to do, not the total space of possible 256 bits numbers. Each round still advance linearly into the ring of total work to do even if the number distribution along the steps is not linear.

Yes, you are right - I did not immediately realize this. But I have a lot of work, so I try to explain as much as I can. Perhaps the video will be more clear. Moreover, the function is extremely simple ...

As far as i can tell, function like xor/ror are the bread and butter of most simple cypher cryptographic algorithm, so i would think it cannot be easily simulated with linear function, BUT the amount of work to do for a particular ring is still linear so the progression on the ring that represent the amount of work to do should still be linear

Here I do not quite understand what you were talking about. Indeed, for each ring, the amount of work is known in advance. However, we can change the complexity of the calculations, making the rings larger, as well as complicating the task. In addition, the most important thing is that we cannot predict in advance how much work is needed to calculate the signature. That is - how long will the chain of rings be.
In this sense, everything works exactly the same as with the usual SHA256 algorithm.

im just waiting for this coin to release, good luck with your funding

Thank you...

[IadixDev]

Ring Bit Function. 2 part.
https://www.youtube.com/watch?v=Ir9Ptfg0Nbg&feature=youtu.be
In this part we make a chain of RBF rings.

The thing with the ring diagram is you want to show two things in the same time.

There is the ring as the total work to do to complete the ring, and the repartition of the numbers, but the ring on the diagram show the total amount of work to do, not the total space of possible 256 bits numbers. Each round still advance linearly into the ring of total work to do even if the number distribution along the steps is not linear.

Yes, you are right - I did not immediately realize this. But I have a lot of work, so I try to explain as much as I can. Perhaps the video will be more clear. Moreover, the function is extremely simple ...

As far as i can tell, function like xor/ror are the bread and butter of most simple cypher cryptographic algorithm, so i would think it cannot be easily simulated with linear function, BUT the amount of work to do for a particular ring is still linear so the progression on the ring that represent the amount of work to do should still be linear

Here I do not quite understand what you were talking about. Indeed, for each ring, the amount of work is known in advance. However, we can change the complexity of the calculations, making the rings larger, as well as complicating the task. In addition, the most important thing is that we cannot predict in advance how much work is needed to calculate the signature. That is - how long will the chain of rings be.
In this sense, everything works exactly the same as with the usual SHA256 algorithm.

There should be a way to calculate the number of cycle needed for a certain combination of "keys" ( the number used in the ror/rol ) no ?

In any case for a given combination of keys the amount of work is determined.

The way i see it, it works like simple cypher algorithm, like the simplest cypher is only xoring a number with the key to encrypt and xoring it again to decrypt, here its like using the number itself as a key with bit rotation that cancel itself out after a certain number of iterations because rotation is cyclic.

So its why i tend to think its not easy to reverse, even if maybe certain numbers are going to be weaker than others, but maybe a "salting" or initialisation vector can be used on the start num to make it more random. Otherwise it can have same problem than plaintext cypher if the text and key are too repetitive, it can make the algorithm easier to crack, its possible with certain degenerate numbers the sequence will be more predictible, but in the average it shouldnt matter to much.

But its Nice idea, it looks like Sparta approach, when out numbered in the number of // core force the fight on one vs one

[flamehowk]

There should be a way to calculate the number of cycle needed for a certain combination of "keys" ( the number used in the ror/rol ) no ?

No, there is no such way. This is mathematically impossible. This number has to be calculated by brute force for each key combination.

The way i see it, it works like simple cypher algorithm, like the simplest cypher is only xoring a number with the key to encrypt and xoring it again to decrypt, here its like using the number itself as a key with bit rotation that cancel itself out after a certain number of iterations because rotation is cyclic.

Right...

So its why i tend to think its not easy to reverse, even if maybe certain numbers are going to be weaker than others, but maybe a "salting" or initialisation vector can be used on the start num to make it more random. Otherwise it can have same problem than plaintext cypher if the text and key are too repetitive, it can make the algorithm easier to crack, its possible with certain degenerate numbers the sequence will be more predictible, but in the average it shouldnt matter to much.

This is absolutely impossible! With 256 bits, the number of possible combinations is huge. This decimal number is 10^78 (10**78 - cтeпeнь чиcлa), approximately equal to the number of atoms in the universe. Now this number needs to be multiplied by the number of possible key combinations that will be used for calculations. This is only for a variation of one ring. To this we need to add the same number of possible masks with which we will mask the rings. Now think - what is the likelihood that at least once during the calculations the same combination (starting number + key + mask) will occur? In which computer will you be able to remember all the options encountered? How long will it take you each time to search for similar options in this computer?

It's impossible. This is called transcomputing operations ...

[IadixDev]

Anyway even if there is a problem with that, normally things like  s-boxes can solve it easily. With a good s box worked on the input number, you could as well use 0 or such as input number and it would still be safer.

Maybe im wrong To think this, but if there is let say only 1 bit set in the start number even if Its a big number the sequence with bit operations are going To be more predictible.

In the simple text cypher algorithm, if both the key and the data are "weak" it can be exploited by certain attacks, in the case as the number is both the data and the key, if the number is "weak" there can be some attack to predict the sequence.

Its why adding some salt/initilization vector or an sbox rolled over the sequence of signature at each block could improve that, and wouldnt complexify the algorthm too much, but maybe its not necessary.

Normally its supposed to make block cypher algorithm safer, as the algorithm use the same principle, it would not cost much and make it safer, but not 100% sure

Maybe its not necessary because the cost of the attack is superior than the pow cost, so its more when cracking encryption when the attack time can be long, and its to narrow the possible numbers on brute force attack. But maybe even with weak number and analysis the brute force will be higher than the computation.

[flamehowk]

Anyway even if there is a problem with that, normally things like  s-boxes can solve it easily. With a good s box worked on the input number, you could as well use 0 or such as input number and it would still be safer.

Maybe im wrong To think this, but if there is let say only 1 bit set in the start number even if Its a big number the sequence with bit operations are going To be more predictible.

In the simple text cypher algorithm, if both the key and the data are "weak" it can be exploited by certain attacks, in the case as the number is both the data and the key, if the number is "weak" there can be some attack to predict the sequence.

Its why adding some salt/initilization vector or an sbox rolled over the sequence of signature at each block could improve that, and wouldnt complexify the algorthm too much, but maybe its not necessary.

Normally its supposed to make block cypher algorithm safer, as the algorithm use the same principle, it would not cost much and make it safer, but not 100% sure

Maybe its not necessary because the cost of the attack is superior than the pow cost, so its more when cracking encryption when the attack time can be long, and its to narrow the possible numbers on brute force attack. But maybe even with weak number and analysis the brute force will be higher than the computation.

Oh, I understand what you're talking about, but this is a vain concern. All input data will be hashed, therefore, no “weak” numbers will be input to the algorithm. In addition, even one weak ring out of 1000 (for example) can in no way affect the result of the entire chain of rings.

[IadixDev]

Anyway even if there is a problem with that, normally things like  s-boxes can solve it easily. With a good s box worked on the input number, you could as well use 0 or such as input number and it would still be safer.

Maybe im wrong To think this, but if there is let say only 1 bit set in the start number even if Its a big number the sequence with bit operations are going To be more predictible.

In the simple text cypher algorithm, if both the key and the data are "weak" it can be exploited by certain attacks, in the case as the number is both the data and the key, if the number is "weak" there can be some attack to predict the sequence.

Its why adding some salt/initilization vector or an sbox rolled over the sequence of signature at each block could improve that, and wouldnt complexify the algorthm too much, but maybe its not necessary.

Normally its supposed to make block cypher algorithm safer, as the algorithm use the same principle, it would not cost much and make it safer, but not 100% sure

Maybe its not necessary because the cost of the attack is superior than the pow cost, so its more when cracking encryption when the attack time can be long, and its to narrow the possible numbers on brute force attack. But maybe even with weak number and analysis the brute force will be higher than the computation.

Oh, I understand what you're talking about, but this is a vain concern. All input data will be hashed, therefore, no “weak” numbers will be input to the algorithm. In addition, even one weak ring out of 1000 (for example) can in no way affect the result of the entire chain of rings.

Ha yes its true its hashed before, and its what i was thinking on hundreds of rings even if there is a weaker number it shouldnt matter too much. An s box doesnt cost a lot either if it can improve the security, if a very long ring would happen with a weak number its still a bit of waste, but i dont think its a big problem.

But need to see the brute force attack can be made with // units, so very weak rings could still be vulnerable.

[flamehowk]

Ha yes its true its hashed before, and its what i was thinking on hundreds of rings even if there is a weaker number it shouldnt matter too much. An s box doesnt cost a lot either if it can improve the security, if a very long ring would happen with a weak number its still a bit of waste, but i dont think its a big problem.
But need to see the brute force attack can be made with // units, so very weak rings could still be vulnerable.

IadixDev, I'm sorry, but I don’t understand what kind of "s boxes" you are talking about and how you are going to attack weak rings in general.
Today I will post a video in which I will show an intermediate masking between the rings, and you can describe the algorithm with examples - how you are going to get the “weak ring” and how you want to attack it. And most importantly - what will it give you ...
Ok?

In fact, I have already matured the concept of this project. I want to restart Bitcoin, but with corrections of its main shortcomings. You already see one of these algorithms. The second will be about fixing the BIG blockchain. Additionally, along the way, we will solve the problem of anonymity.
So it’s better to write - can you participate in the development and on what conditions ... what programming languages ​​do you know? I see you have experience in encryption algorithms and other cryptography ... If you want, you can join and do it together. You will analyze my algorithms for vulnerabilities .

[IadixDev]

S box they are like simple substitution tables, like look up table that make sequence less repetitive, you can find this in all advanced block cypher ( des,gost etc)

https://en.m.wikipedia.org/wiki/S-box


https://who.paris.inria.fr/Leo.Perrin/pi.html

The cryptographic properties of the S-box play a crucial role in the security of the algorithm because they are the only source of non-linearity. They are also at the center of the security arguments given by algorithm designers. In fact, designers are expected to explain how the S-box they used was designed and why they chose the structure their S-box has. For example, the AES has an S-box which is based on the multiplicative inverse in the finite field . This choice is motivated by the fact that both the linearity and the differential uniformity 1 of this permutation are the lowest known to be possible.

Its essentially to improve security when data can be predictible. Like if there is a sequence of zero or repetitive it will change it to something else less predictible which can deter certain analysis.

Even a simple compression algorithm could reduce "blanks" or repetitive sequence that can exploited but on short keys like its not very efficient, i think an s box would be more efficient.

Im not sure if its going to be very efficient for this, but could be improve it i guess. Normally its supposed to make bit operation like this more efficient/less predictible.

I know many programming language ( c c++ Java js php assembler).

I dont have strong background in cryptography but i study maths and been into cracking groups before so i know the basics i can never resist when i see numbers grid like this to make sense of them

The attack it can be given a start num and the keys, the possible signatures after X rounds could be reduced and brute forced. Even on good algorithm its possible to divide key size, with a simple algo like it on weak numbers its possible attacks can exists. But need to see if it take more time to brute force than compute, as in the case its "Real time" race, so i dont think there is huge risk.

Not sure how i can help but the idea is interesting

[flamehowk]

S box they are like simple substitution tables, like look up table that make sequence less repetitive, you can find this in all advanced block cypher ( des,gost etc)

The cryptographic properties of the S-box play a crucial role in the security of the algorithm because they are the only source of non-linearity. They are also at the center of the security arguments given by algorithm designers. In fact, designers are expected to explain how the S-box they used was designed and why they chose the structure their S-box has. For example, the AES has an S-box which is based on the multiplicative inverse in the finite field . This choice is motivated by the fact that both the linearity and the differential uniformity 1 of this permutation are the lowest known to be possible.

Its essentially to improve security when data can be predictible. Like if there is a sequence of zero or repetitive it will change it to something else less predictible which can deter certain analysis.

Even a simple compression algorithm could reduce "blanks" or repetitive sequence that can exploited but on short keys like its not very efficient, i think an s box would be more efficient.

Im not sure if its going to be very efficient for this, but could be improve it i guess.

The attack it can be given a start num and the keys, the possible signatures after X rounds could be reduced and brute forced. Even on good algorithm its possible to divide key size, with a simple algo like it on weak numbers its possible attacks can exists. But need to see if it take more time to brute force than compute, as in the case its "Real time" race, so i dont think there is huge risk.

Ok Now it is clear. If I were you, I would forget forever about any cryptographic algorithms that the special services created and adopted the government to standard. I will not use what most likely has a built-in backdoor. I have my own simple, understandable and obviously provable algorithms for encryption, keys and everything that is needed. For them I will be calm.

[IadixDev]

Sbox are very common in many algorithm like this but yeah if you pick one from existing algorithm from service there can always be a backdoor and they are hard to design properly, maybe its possible to find simple one Who can fit for this. But its just in case if there can be too much weak numbers on long ring maybe it could improve, especially that the brute force can be made with // cores.

But the old ones like gost/des they already have been studied many times and their inner working is well known now.

The blowfish they can generate sbox from the data directly. But same never can be 100% sure with already made algorithm.

Maybe even simple huffman coding could remove some problems in case there is lot of zero or repetitive bit sequence. To make the number "more compact" so to speak. Even maybe only as a test like if the number can be easily compressed with huffman it mean if has low entropy and it should be changed.

[flamehowk]

But its just in case if there can be too much weak numbers on long ring maybe it could improve, especially that the brute force can be made with // cores.

Maybe even simple huffman coding could remove some problems in case there is lot of zero or repetitive bit sequence. To make the number "more compact" so to speak. Even maybe only as a test like if the number can be easily compressed with huffman it mean if has low entropy and it should be changed.

I just don’t understand what you’re talking about ... Really. What are the weak numbers? How do you want to crack them? Take any of the small rings already generated by me (in the pictures) and try to crack it in any way known to you. If you succeed - I will start to think about what to do with it. And now I think that you do not understand what you say, because you rely on experience that cannot be compared with this case.
Show in practice what you mean by weak rings and the possibilities of their direct attacks.

[IadixDev]

But its just in case if there can be too much weak numbers on long ring maybe it could improve, especially that the brute force can be made with // cores.

Maybe even simple huffman coding could remove some problems in case there is lot of zero or repetitive bit sequence. To make the number "more compact" so to speak. Even maybe only as a test like if the number can be easily compressed with huffman it mean if has low entropy and it should be changed.

I just don’t understand what you’re talking about ... Really. What are the weak numbers? How do you want to crack them? Take any of the small rings already generated by me (in the pictures) and try to crack it in any way known to you. If you succeed - I will start to think about what to do with it. And now I think that you do not understand what you say, because you rely on experience that cannot be compared with this case.
Show in practice what you mean by weak rings and the possibilities of their direct attacks.

I will do some testing to check the sequence you get from numbers like 0x00010000 or such, number with low entropy, and put that in regression test or check the distribution. If it can find a regression it mean you can compute round N in a single Step. It wouldnt surprise me that with certain numbers some regression can be found on the sequence, if not then good

Roughly speaking, if the number can be compressed a lot, it mean the "entropy" is low and the security would be related to how much you can compress it.

If you have only zero, it can be compressed to just 0 ans it doesnt matter if you have 256 zeroes or one.

The actual size of the key when using Smart brute force is related to the entropy of the key.

If you have 255 zero and 1 one in a 256 bits key it mean the brute force is not on 2^256. And it mean the sequence will be predictible and the brute force will only need small.number of test to find the signature.

In any case it shouldnt be too hard to strengthen it just to avoid degenrate number that lead to predictible sequence.

What make the algorithm hard to reverse is the same principle than cypher algorithm which still can have some weakness in the simple form ( without sbox or any other thing), especially with low entropy input.

With a hash normally it give good entropy, but after many rings the signature could loose entropy and the rings become easy to predict.

But maybe it doesnt matter too much but would need to be sure and not waiting for an attack to show its broken

[flamehowk]

Ring Bit Function. 3 part.
https://www.youtube.com/watch?v=9-7NmuZXbdU&feature=youtu.be
An explanation of the new POW algorithm, which I call the Ring Bit Function (RBF), with C ++ code examples. In this part we will masking our chain of RBF rings.

I will do some testing to check the sequence you get from numbers like 0x00010000 or such, number with low entropy, and put that in regression test or check the distribution. If it can find a regression it mean you can compute round N in a single Step. It wouldnt surprise me that with certain numbers some regression can be found on the sequence, if not then good
Roughly speaking, if the number can be compressed a lot, it mean the "entropy" is low and the security would be related to how much you can compress it.
If you have only zero, it can be compressed to just 0 ans it doesnt matter if you have 256 zeroes or one.

I have long solved this problem. The answer in this video ...

[IadixDev]

Ring Bit Function. 3 part.
https://www.youtube.com/watch?v=9-7NmuZXbdU&feature=youtu.be
An explanation of the new POW algorithm, which I call the Ring Bit Function (RBF), with C ++ code examples. In this part we will masking our chain of RBF rings.

I will do some testing to check the sequence you get from numbers like 0x00010000 or such, number with low entropy, and put that in regression test or check the distribution. If it can find a regression it mean you can compute round N in a single Step. It wouldnt surprise me that with certain numbers some regression can be found on the sequence, if not then good
Roughly speaking, if the number can be compressed a lot, it mean the "entropy" is low and the security would be related to how much you can compress it.
If you have only zero, it can be compressed to just 0 ans it doesnt matter if you have 256 zeroes or one.

I have long solved this problem. The answer in this video ...

Even if there is large part of the number that are eliminated from the brute force, it can still be ok because the attack time is short, essentially the target time between blocks, so in the 10minutes for bitcoin but would still need something a bit stronger.