Bitcoin Forum
November 15, 2024, 01:47:08 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Random generation for Bitcoin  (Read 3696 times)
Anders (OP)
Full Member
***
Offline Offline

Activity: 126
Merit: 100



View Profile
July 08, 2014, 04:52:50 PM
 #1

The quality and speed of random number generation is surely important for Bitcoin such as in mining. I found a list of random generators: http://www.cacert.at/cgi-bin/rngresults

"This is a project to make statistics about all random number generators on the market." -- http://www.cacert.at/random/
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
July 08, 2014, 04:56:58 PM
 #2

The quality and speed of random number generation is surely important for Bitcoin such as in mining. I found a list of random generators: http://www.cacert.at/cgi-bin/rngresults

"This is a project to make statistics about all random number generators on the market." -- http://www.cacert.at/random/
There is absolute no random number generation in mining. There is no performance sensitive random number generation anywhere in the bitcoin system.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
July 08, 2014, 05:06:07 PM
 #3

How do the miners choose which nonce to start with when trying to solve a block?
Surely they don't all start with "1" ?

Anders (OP)
Full Member
***
Offline Offline

Activity: 126
Merit: 100



View Profile
July 08, 2014, 05:15:39 PM
 #4

The quality and speed of random number generation is surely important for Bitcoin such as in mining. I found a list of random generators: http://www.cacert.at/cgi-bin/rngresults

"This is a project to make statistics about all random number generators on the market." -- http://www.cacert.at/random/
There is absolute no random number generation in mining. There is no performance sensitive random number generation anywhere in the bitcoin system.

But isn't there usually a brute force approach to finding a hash with enough leading zeros? And that would require guessing randomly since the search space is so astronomically huge. Or are there algorithms for finding such leading zeros without using any random or pseudorandom generator?
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
July 08, 2014, 05:15:51 PM
 #5

How do the miners choose which nonce to start with when trying to solve a block?
Surely they don't all start with "1" ?

Why not?
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 08, 2014, 05:17:14 PM
 #6

My guess is that mining pools probably allocate a different starting *nonce* to each miner (but I haven't looked into it).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
July 08, 2014, 05:18:23 PM
 #7

My guess is that mining pools probably allocate a different starting *nonce* to each miner (but I haven't looked into it).
They all start at zero (or any other number) it doesn't matter as they're all working on work which is merkle root distinct.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
July 08, 2014, 05:19:27 PM
 #8

How do the miners choose which nonce to start with when trying to solve a block?
Surely they don't all start with "1" ?

Why not?

Because if your set of transactions chosen for the block is the same as another miner, you
will lose assuming they are bigger than you.

Oh I get what you're saying.... can be the same transactions but different sequencing
gives it different merkle root?  but then how do they choose the sequence?

infested999
Hero Member
*****
Offline Offline

Activity: 854
Merit: 500



View Profile
July 08, 2014, 05:19:37 PM
 #9

The quality and speed of random number generation is surely important for Bitcoin such as in mining. I found a list of random generators: http://www.cacert.at/cgi-bin/rngresults

"This is a project to make statistics about all random number generators on the market." -- http://www.cacert.at/random/
There is absolute no random number generation in mining. There is no performance sensitive random number generation anywhere in the bitcoin system.

https://www.bitaddress.org/

Move your mouse around the screen.

              ▄███▄   ▄███▄
              █████   █████
      ▄███▄    ▀▀▀     ▀▀▀    ▄███▄
      █████     ▄██▄ ▄██▄     █████
       ▀▀▀ ▄██▄ ▀██▀ ▀██▀ ▄██▄ ▀▀▀
 ▄███▄     ▀██▀           ▀██▀     ▄███▄
 █████ ▄██▄                   ▄██▄ █████
  ▀▀▀  ▀██▀                   ▀██▀  ▀▀▀
                       ▄█
▄███▄ ▄██▄            ███ ███  ▄██▄ ▄███▄
█████ ▀██▀  ████      █████    ▀██▀ █████
 ▀▀▀         ▀███▄    ████           ▀▀▀
       ▄██▄    ████   ███     ▄██▄
 ▄███▄ ▀██▀     ▀███  ███     ▀██▀ ▄███▄
 █████            ███▄██           █████
  ▀▀▀              ▀████            ▀▀▀
                     ███
                     ███
                     ██
                   ███

████    ██
  ████    ██
    ████    ██
      ████    ██
        ████    ██
          ████    ██
          ████    ██
        ████    ██
      ████    ██
    ████    ██
  ████    ██
████    ██










White Paper
Yellow Paper
Pitch Deck
Telegram
LinkedIn
Twitter
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 08, 2014, 05:19:58 PM
 #10

They all start at zero (or any other number) it doesn't matter as they're all working on work which is merkle root distinct.

Wouldn't they be *repeating the same work* if they started with the same nonce?

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
July 08, 2014, 05:20:30 PM
 #11

They all start at zero (or any other number) it doesn't matter as they're all working on work which is merkle root distinct.
Wouldn't they be *repeating the same work* if they started with the same nonce?
Absolutely not. They are working on block headers which have a different merkel root, always.  Existing mining protocols do not even have a facility to set the nonce position/range.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
July 08, 2014, 05:20:45 PM
 #12

But isn't there usually a brute force approach to finding a hash with enough leading zeros?

Yes.

And that would require guessing randomly since the search space is so astronomically huge.

No.

Or are there algorithms for finding such leading zeros without using any random or pseudorandom generator?

Yes.

  • Start with a nonce of 0.
  • Compute sha256(sha256(header))
  • Is the hash value lower than the target?
  • If so, hurray, you're done.
  • If not, is the nonce equal to the maximum nonce?
  • If not, increment the nonce, and return to the "Compute sha256(sha256(header))" step.
  • If so, modify some other part of the block (for example extranonce, or the transaction list), and return to the "Start with a nonce of 0." step
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 08, 2014, 05:22:29 PM
 #13

Absolutely not. They are working on block headers which have a different merkel root, always.  Existing mining protocols do not even have a facility to set the nonce position/range.

I guess I still don't understand the details of this part - is that due to them using different txs?

Perhaps you could explain that a little clearer for someone like me that doesn't quite understand it.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
July 08, 2014, 05:25:47 PM
 #14

I guess I still don't understand the details of this part - is that due to them using different txs?
Perhaps you could explain that a little clearer for someone like me that doesn't quite understand it.
Well one transaction in particular is always distinct: the coinbase.  Every miner will be paying their winnings to a different address.  In the case of pooling, pools usually put a worker-distinguisher in the coinbase field of coinbase transaction to keep the work of the hashers they are paying distinct.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 08, 2014, 05:27:53 PM
 #15

Well one transaction in particular is always distinct: the coinbase.  Every miner will be paying their winnings to a different address.  In the case of pooling, pools usually put a worker-distinguisher in the coinbase field of coinbase transaction to keep the work of the hashers they are paying distinct.

Of course - silly that I didn't see that - thanks for the clarification (now it makes sense why starting at 0 for the nonce is what you'd do - although I guess if you were running multiple threads as a hasher then you might have them each start with a different nonce).


With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
July 08, 2014, 05:31:15 PM
 #16

I guess I still don't understand the details of this part - is that due to them using different txs?
Perhaps you could explain that a little clearer for someone like me that doesn't quite understand it.
Well one transaction in particular is always distinct: the coinbase.  Every miner will be paying their winnings to a different address.  In the case of pooling, pools usually put a worker-distinguisher in the coinbase field of coinbase transaction to keep the work of the hashers they are paying distinct.

Ahh..makes sense.

And I suppose there's no reason to believe
a higher starting number than 0 would be
any more effective.

DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
July 08, 2014, 05:32:42 PM
 #17

There are a variety of areas where data differs between different pools and/or different hashers even when they are using the same nonce.

Some of them are:

  • block timestamp
  • transaction inclusion
  • transaction order

As gmaxwell has pointed out, even when all of these are the same, the coinbase transaction is modified to make the merkle root unique.

Think about how fast the fastest ASIC machines are, and it becomes obvious that they are running through all 4,294,967,296 (about 4 gigahash) nonce possibilities in less than a second.  Clearly the nonce isn't the main source of variation in block solving.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
July 08, 2014, 05:34:10 PM
 #18

And I suppose there's no reason to believe
a higher starting number than 0 would be
any more effective.

Nope.  As a matter of fact, by skipping the lower numbers you could very well be missing a potential solution entirely (unless you rolled back around to 0 after you reached max nonce).
Anders (OP)
Full Member
***
Offline Offline

Activity: 126
Merit: 100



View Profile
July 08, 2014, 05:34:41 PM
 #19

But isn't there usually a brute force approach to finding a hash with enough leading zeros?

Yes.

And that would require guessing randomly since the search space is so astronomically huge.

No.

Or are there algorithms for finding such leading zeros without using any random or pseudorandom generator?

Yes.

  • Start with a nonce of 0.
  • Compute sha256(sha256(header))
  • Is the hash value lower than the target?
  • If so, hurray, you're done.
  • If not, is the nonce equal to the maximum nonce?
  • If not, increment the nonce, and return to the "Compute sha256(sha256(header))" step.
  • If so, modify some other part of the block (for example extranonce, or the transaction list), and return to the "Start with a nonce of 0." step


Ok, but couldn't the use of a random generator produce a correct nonce faster than the above approach? Of course, the random generator would have to be very fast to be useful.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
July 08, 2014, 05:37:22 PM
 #20

Ok, but couldn't the use of a random generator produce a correct nonce faster than the above approach? Of course, the random generator would have to be very fast to be useful.

Why would it be any faster to search through nonce values in a different order?

If the correct nonce for a solution is 1 and you search in the order:
5,8,3,9,2,4,0,3,8,2,7,4,3,9,7,0,6,1

Why would that find the solution any faster than if you searched in the order:
0,1,2,3,4,5,6,7,8,9

Huh
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!