|
Original title: "Is the ASIC-resistant algorithm beneficial to the security of PoW?"
Original source: Blue Fox Notes
Preface: This article clearly states that only ASIC-friendly algorithms can allow ordinary mining machine manufacturers to participate, while anti-ASIC encryption algorithms set a high threshold for ordinary mining machine manufacturers, resulting in more competitive advantages for large manufacturers, which makes mining centralized and is not conducive to the security of cryptocurrency. Monero believes that through anti-ASIC algorithms, the most common general-purpose hardware can also participate in mining, which can enhance the network and decentralization. Monero also believes that even if a relatively simple PoW algorithm is adopted, it is impossible for ordinary manufacturers to gain a big advantage, because large manufacturers will win through economies of scale. What do you think about this issue?
Coinbase recently changed the confirmation requirements for four different assets, including reducing Bitcoin's block confirmations from 6 to 3. This post focuses on our thoughts on PoW security that led to the decision to make the change.
Introduction to PoW
All cryptocurrencies define an ownership state within the currency network. In order for a cryptocurrency to be usable, there must be a way to update the ownership state. In most existing cryptocurrencies, the ownership state is defined by a canonical history of all transactions that have ever occurred, which are stored in the network nodes in a data structure called a blockchain.
In order to update the status of ownership, there must be a way to add the most recent transaction to the transaction history stored on the blockchain.
Different cryptocurrencies use different methods to add transactions to their blockchains. In cryptocurrencies that utilize PoW, the blockchain is expanded through a process called mining. Miners package newly announced transactions into a data structure called a block, which is then added to the blockchain.
Miners attempt to add blocks by solving a PoW puzzle unique to the proposed block. If a miner is able to find a solution to the puzzle, the miner announces the block and the solution to the rest of the network.
The rest of the network recognizes the valid PoW solution and considers the proposed block as the latest block added to the blockchain. Note that miners are permissionless in producing blocks, a fact that allows miners to join or leave the network at will.
In order to determine a canonical transaction history when miners may generate multiple valid transaction histories (that is, when there are different valid blocks or even chains of valid blocks), PoW cryptocurrencies define a canonical transaction history using the blockchain with the most accumulated work. (Blue Fox Notes: This is the longest chain rule in the Nakamoto consensus.)
This consensus rule introduces a fundamental property of proof-of-work cryptocurrencies: any participant who can find more proof-of-work solutions than the rest of the network can unilaterally produce a valid transaction history, and the rest of the network will accept it as the canonical transaction history. Please note: this does not mean that this participant has unlimited power on the network.
This paper makes two claims about the security of PoW cryptocurrencies.
Claim 1: The primary utility of mining hardware is the security features of a specific coin mining operation.
If the primary utility of the hardware loses value, the hardware owner loses the value of his investment.
Hardware owners have an incentive to consider the long-term success of their hardware's primary utility. The longer the lifecycle of their equipment, the more invested they are in the long-term success of the hardware's primary utility. At the time of writing, Bitcoin ASIC miners are starting to have longer effective lifecycles, as efficiency gains from newer miners are decreasing.
This idea is related to the Dedicated Cost Principle.
A large number of computing power pools outside the token pose a security threat to the token
What coins have the greatest risk of a 51% attack? Those where there is a large amount of external hashing power that is not actively mining that coin, which could start mining and corrupt the coin’s blockchain.
This is especially important to consider given the motivations of hardware owners for their hardware utility - if the hardware owner has other utilities besides mining from which they can profit from their hardware investment, then the negative consequences of disrupting a token blockchain are minimal. (Blue Fox Note: The author of this article means that if a piece of hardware is not dedicated to a particular token mining, and a large portion of the computing power of the hardware is not involved in the current mining activity, then the owner of the hardware may launch a 51% attack in order to profit, and after the attack, the hardware has other uses and is not worried about being scrapped)
Switching the algorithm to "blocking ASICs" simply allows the world's huge general computing resources to mine, which has the potential to destroy tokens at will. Therefore, tokens that have implemented "anti-ASIC" algorithms are vulnerable to 51% attacks. (Blue Fox Note: The original intention of anti-ASIC is to allow more people to participate and prevent the monopoly of mining machines. What is the logical contradiction here? What is the dilemma here?)
A striking example is that "ASIC-resistant" tokens, including BTG, VTC, and XVG, have all been attacked by 51%. So far, no token that dominates its hardware category has ever suffered a 51% double-spending attack. (Blue Fox Note: This article means that tokens with ASIC-specific mining machines have not suffered a 51% attack)
Case Study: 51% Attack on BTG
In May 2018, BTG was repeatedly attacked by 51% attacks, resulting in millions of dollars in double spending. After this attack, BTG developers announced that they would change their PoW algorithm to Equihash-BTG:
“Because Equihash-BTG is different from the existing regular Equihash hashrate pool, we will effectively be in a separate hashrate pool. This means that BTG will dominate its hashrate on this new PoW algorithm, which is “personalized” for BTG, adding a layer of incompatibility relative to other coins that will move to the <144,5> parameter set, such as BTCZ. (We are already collaborating with many other coin teams.)”
This is a very interesting statement. The BTG developers acknowledge the importance of dominating the hash rate, however, they mistakenly conclude that it is the control of the hashing algorithm that is important, not the hardware that produces the hash rate.
Unless the hardware that generates the hashrate is mining-oriented, there is nothing about the hashrate that is "personalized" to BTG. Miners with general-purpose hardware that can mine other coins can change their mining algorithm at will, allowing the hardware to mine BTG coins without additional investment.
Summary of Proposition 1
The only way a PoW coin can materially reduce the risk of a 51% attack is by becoming a primary utility for mining hardware. A coin that can be mined with widely available general-purpose hardware, such as CPUs and GPUs, lacks this primary security feature.
Claim 2: ASIC-friendly algorithms will increase manufacturing and ownership diversity
No algorithm can be ASIC-resistant forever, and it is only ASIC-resistant.
For any particular computing problem, hardware dedicated to solving that problem is always more efficient than general-purpose hardware. In addition to the advantage of writing application-layer logic directly into the circuit, dedicated hardware does not have to bear other requirements of general-purpose hardware, such as security isolation, clock interrupts, context switching, and other tasks required to support multiple applications. Therefore, no PoW algorithm is always ASIC-resistant, but only ASIC-resistant.
Empirically, ASIC-resistant algorithms have repeatedly failed to prevent the development of ASICs. Prominent examples include scrypt (LTC), equihash (ZEC, BTG), ethhash (ETH), and cryptonite (XMR).
ASIC-resistant algorithms raise the bar for entry into the mining hardware market
ASIC-resistant algorithms are effective in that they make it more difficult to build efficient ASIC miners. As a result, it takes more effort and expertise before chip manufacturers can create effective ASICs.
Therefore, ASIC resistance simply raises the barrier to entry into the ASIC market. The result is greater centralization in the production of mining hardware, which is exactly what ASIC-resistant algorithms are trying to avoid.
Instead, the goal should be to choose an algorithm that makes it cheap and easy to manufacture ASIC miners. This would result in ASICs being effectively a commodity, without creating large expertise or IP barriers to ASIC manufacturing.
This will lead to a diversity of manufacturers, which will more easily encourage a diversity of owners and operators, which is more likely to lead to a decentralized mining network. When developers choose an ASIC-resistant algorithm, they provide a competitive moat for chip manufacturers, because these chip manufacturers will eventually develop ASIC mining machines based on that algorithm. (Blue Fox Note: The logic of this article believes that only ASIC-friendly algorithms can allow ordinary mining machine manufacturers to participate and allow more people to own goods, while ASIC resistance will only increase the threshold, resulting in the strong getting stronger, which is not conducive to a decentralized network)
Case Study: Monero’s Regular Algorithm Adjustment
The Monero development team implicitly acknowledged the fact that the algorithm could not be just ASIC-resistant in the previous strategy of pursuing general hardware mining. They seemed to realize that trying to permanently prevent ASIC development by developing a killer ASIC-resistant algorithm seemed to be ineffective.
Instead, the strategy they settled on was to make regular adjustments to their PoW algorithm every 6 months in the hopes of disincentivizing the production of specialized hardware by quickly making it obsolete.
This strategy underestimates the ability of talented hardware designers to quickly integrate functionality into chip designs. Regardless of the integration model, very skilled chip designers can master the development process and they will inevitably develop mining machines that meet these PoW changes.
This could force a small group of closely guarded developers to try to play a high-stakes, high-secrecy cat-and-mouse game in which they need to hide their algorithmic plans, with huge financial temptations for any member of this team to violate the trust of this small circle and reveal their information to the chip makers.
The criticality of the group’s decisions and the extreme trust placed in them is not a good feature for a permissionless world currency, and arguably creates a more severe centralization risk than miner centralization risk.
The limitations of this strategy are already clear, with at least three different versions of ASIC miners for the mining algorithm having been successfully predicted and developed and deployed on the XMR network.
Ambition only matters if it is achievable
Most arguments in favor of ASIC resistance are ambitious. The overall goal is usually something like this: “Ensure that the network is not controlled by a small number of people.” This is a very good goal. It is essential to ensure that digital currencies deliver on their promises.
In reality, all the good intentions in the world are completely irrelevant when actions taken as a result of those intentions do more harm than good. Ironically, coins that implement ASIC-resistant mining algorithms ultimately lead to greater miner centralization and control.
Summary of Proposition 2
The only thing that ASIC-resistant algorithms accomplish is to increase the cost and expertise required to create efficient ASICs. This, in turn, means that any PoW token of significant value will eventually be mined by ASIC miners, which will lead to highly centralized mining as successful ASIC manufacturers will have a deep competitive advantage.
in conclusion
Cryptocurrency cannot provide a completely egalitarian system that eliminates all power structures or the advantages that come with extra resources. But it does offer a huge improvement over the existing financial system, which is opaque, manual, error-prone, and permissioned.
When trying to change the world, it’s vital to defend your principles fervently. But it’s equally important not to let the illusion of a perfect system become the enemy of achieving a good system.
As digital assets mature, participants must ask themselves whether this industry is driven by hobbyists running old laptops at home to secure assets, or, like nearly every other endeavor in human history, by large-scale self-interest driven groups investing significant resources. Every large, professional industry utilizes specialized equipment, and it would be naive to think that cryptocurrency mining is or should be different.
Blue Fox Notes hopes to get closer to the truth of the matter through different voices. The following are different opinions raised by Monero on this article. Since this article mentions Monero’s previous PoW strategy. Monero responded to this article as follows:
On November 8, 2019, Coinbase published an article written by Mark Nesbitt about its views on PoW. The article is a good explanation of PoW and makes some convincing arguments for the benefits of adopting ASICs. But it also makes some incorrect points and draws a controversial and inappropriate conclusion.
The response to this article corrects the error and argues in favor of the ASIC-resistant path taken by Monero developers. The correction includes pointing out that the efforts to prevent the use of ASICs described in the article are outdated and old, as well as rebutting the technical and philosophical arguments about the benefits of ASICs.
question
That article includes a case study on Monero, which focuses on the 6-month hard fork cycle, each of which changes Monero's PoW algorithm to prevent ASIC utility. Its criticism of the risks and negative effects of the cycle is correct and insightful.
However, this cycle is historical, not current, as it was changed in March of last year. These issues were resolved with the release of Monero software version v0.15.0.0, called Carbon Chamaeleon. After this release, starting in late November, a new PoW algorithm called RandomX will be adopted.
By creating random programs, RandomX makes the CPUs of everyday computers competitive in PoW calculations. RandomX is expected to be ASIC-resistant for many years without the need for a hard fork, contrary to the scenario mentioned in the case study in this article.
The core of the article is that cryptocurrencies are better served by PoW algorithms that encourage the use of ASICs. It mentions the benefit of ASIC resistance, which is "ensuring that the network is not controlled by a few people", but then it argues that doing so will do more harm than good.
In fact, preventing hardware manufacturers from exercising malicious control over the network is key. Historically, control asserted by ASIC manufacturers has had a detrimental effect on cryptocurrencies. For example, it led to infighting in Bitcoin. Control by a small group of people who make hardware undermines Monero’s decentralized model and poses significant risks.
The benefit of remaining independent from hardware manufacturers outweighs the cost of maintaining it, which is the premise of Monero PoW.
Besides avoiding power consolidation, running on commodity CPUs has many other benefits. Commodity hardware is readily available to almost everyone, giving small miners a chance to participate in the economy and a reason to maintain interest and use of Monero.
CPU PoW opens up new utility for Monero, including the ability to earn income from dormant and intermittent everyday computers. It gives access to Monero to people around the world who find themselves left out by traditional exchanges. And, it adds a hidden benefit to newly generated Monero, where individual miners can spend it directly without going through an exchange.
The article argues that simple PoW algorithms will lead to the competitiveness of commodity ASICs and ignore the reality of ASIC design and manufacturing because of its inherent complexity and economies of scale. Even for a hypothetical PoW algorithm with only one construction method, large manufacturers will still be able to control small challengers through economies of scale. (Blue Fox Notes Note: The above mentioned that complex ASIC-resistant PoW algorithms bring barriers to mining machine manufacturing, and the author of this article believes that even if the PoW algorithm is simple, there will still be problems with economies of scale, and large hardware manufacturers will still have advantages, which is not conducive to decentralization)
Even the hashing algorithm SHA-256 is not fully developed, and researchers are still publishing new optimization techniques for it 18 years after its development. ASIC energy efficiency has increased exponentially in recent years, and there is no simple and equal model for ASIC PoW dominance.
The above article cynically asks: “Will this industry be secured by amateurs running old laptops at home?” This is misleading. Cryptocurrency mining, the process of executing the PoW algorithm to secure transactions, follows a power law, with a small number of miners owning the majority of the computing power.
There will be professional mining farms for each PoW algorithm choice. ASIC resistance ensures that amateurs can still participate in mining, which helps to enhance the power and decentralization of the network.
As Howard Chu, founder and CTO of Symas Corp., said of RandomX: “The goal is to use hardware that is already ubiquitous so that participation is not a problem, just like Bitmain.”
General-purpose CPUs in desktops, laptops, and smartphones are among the most ubiquitous and easily accessible computing devices. Howard has been one of the most active people involved in the development and launch of Monero’s new RandomX PoW algorithm.
Furthermore, Monero is driven by grassroots open source development and ideology. It supports decentralization, capital distribution, and privacy and security innovations that are hard to find in large institutions. Distributed and egalitarian PoW mining drives this ethos.
Monroe's Vitality
It’s early days for crypto, and it’s early days for Monero. Any debate about technological change must consider the evolutionary nature of cryptocurrencies, and the fact that decisions won’t stay the same forever. Monero developers have formally discussed this, and can be seen in the public log, which mentions possible future paths after RandomX.
These include using SHA-3 (or similar), a PoW hashing algorithm that can run easily on ASICs. The choice to use RandomX in the coming years will take advantage of this flexibility. The Monero community has a strong track record of integrating new technologies, observing and developing, and can be expected to continue to do so in the future, taking advantage of what has been learned from ASICs and ASIC resistance.
RandomX was developed transparently in a public Github repository and subsequently reviewed by four independent audit teams, demonstrating its potential as a secure and innovative PoW algorithm. We will soon see how effective it is in maintaining the security and decentralization of the Monero network.
Summarize
The article provides a good overview of PoW and makes several useful points about the use of ASICs, which are worth considering. However, its presentation of Monero is outdated and some of its arguments and points are flawed.
In an environment of new technology and uncertainty, the Monero community has taken a forward-thinking approach to protecting its network from being controlled by hardware manufacturers. By using RandomX, Monero stands out for its unique innovation and initiative, and carries it into a bright future.
Link to Monero’s response: https://www.monerooutreach.org/stories/response-to-coinbase.php Original link: https://mp.weixin.qq.com/s/geqejBqHGUAMZckV8XEmtA
BlockBeats reminds that according to the document "Risk Warning on Preventing Illegal Fund Raising in the Name of "Virtual Currency" and "Blockchain"" issued by the China Banking and Insurance Regulatory Commission and other five departments in August 2018, the general public is requested to look at blockchain rationally, not blindly believe in the exaggerated promises, establish correct monetary concepts and investment ideas, and effectively enhance risk awareness; any clues of illegal and criminal activities discovered can be actively reported to the relevant departments.
|
