What exactly is AsicBoost? It has caused a stir in the mining industry.

Last night, a piece of news exploded the mining circle. It said that Bitmain released a new S9 firmware, which is used to implement the "Explicit Asic Boost" function. Many friends asked me what technology this is and why everyone is paying so much attention to it. In fact, from the perspective of the miners' immediate interests, using this technology can reduce power consumption by 10%-20% (as shown by the AsicBoost official website data). So what exactly is AsicBoost? Today we will unveil its mystery.

(Figure 1)

1. Bitcoin’s core algorithm: SHA256

First, let's briefly review the principle of Bitcoin mining. Bitcoin mining is to perform two SHA256 operations on the block header, and the result of the operation must be less than the difficulty target corresponding to the current difficulty cycle. The block header has 80 bytes, including a 4-byte version number (Version), a 32-byte parent block hash (Previous Hash), a 32-byte Merkle Root of the current candidate block package transaction, a 4-byte timestamp (timestamp), a 4-byte difficulty, and a 4-byte random number (Nonce). During the mining process, the version number, parent hash, and difficulty are all determined. The mining machine needs to constantly modify the random number to calculate, and the random number is only 4 bytes and can only perform 2^32 operations. Therefore, miners also need to modify the Coinbase transaction to obtain a new Merkle Root, that is, change it once every 2^32 hashes. With the surge in computing power, independent mining machines can hardly produce blocks, and miners choose to join mining pools to mine. The mining process becomes a mining pool sending different jobs to different mining machines, and the shares calculated by the mining machine can be submitted.

(Figure 2)

When doing SHA256 of the block header, 64 bytes are needed to process. Obviously 80 bytes are exceeded, so 48 bytes of padding bits are needed to supplement the block header to 128 bytes. The padding bits are all filled with 0, so it is called padding-zero.

In this way, the block header is divided into two groups for calculation. Combined with the above figure, it can be seen that the first 28 bytes and the last 4 bytes of the Merkle Root are separated.

2. AsicBoost

As can be easily seen from Figure 2, Merkle Root is awkward, being divided into two groups, and the structure of the block header is hard-coded and cannot be modified, so AsicBoost was born. In March 2016, Dr. Timo Hanko proposed a white paper, which was then continuously improved and eventually determined to be two optimization methods, one is Version-rolling, and the other is Merkle Root Collisions. However, the first method is currently used, and no one has claimed to use the second method yet.

Here I will focus on Version-rolling.

Version- rolling. The 4-byte Version has a total of 32 bits, only the first 3 bits are fixed, and the other bits are used for voting during technology upgrades or soft forks. However, in actual applications, it is impossible to have 29 soft fork votes at the same time. If we only use 4 bits, then there will be 2^4 more times, that is, after receiving the same task, 2^4 rounds of 2^32 operations can be performed, reducing the number of times the mining machine receives data, thereby reducing power consumption. According to AsicBoost.com, it can reduce power consumption by about 20%. Of course, the actual use effect still needs to be tested for a long time. As more and more people flock to the blockchain world, the computing power of the entire network has been in a stage of continuous rise, and the profit of mining may further decline. The 20% power saving may also be a lot of money for miners .

Interested friends can also learn about Merkle Root Collisions. As shown in Figure 2, the 32-byte Merkle Root is divided into two groups for SHA256 operations, the first part is 28 bytes and the second part is 4 bytes. The principle of Merkle Root Collisions is to construct many Merkle Roots with the same last 4 bytes, so that when the random number is fixed, we only need to perform SHA256 operations on the first half of the block header, and the second half remains unchanged. The essence of this method is a 32-bit hash collision. According to the "birthday paradox", the number of attempts required to find a set of collisions is actually not many. There are usually two ways to try a new Merkle Root: one is to modify the Coinbase transaction, but there is a problem here. The mining pool may maliciously hit an empty block, because when the block only has a coinbase transaction, it is much easier to ensure the last 4 bytes of the Merkle Root; the second is to exchange the order of any transaction. The problem with this method is that in Segregated Witness (Segwit), the amount of hash operations will double. Segregated Witness introduces a new Witness Merkle Tree and Witness Merkle Root (see Figure 3). If the transaction order is modified, the Witness Merkle Tree will also change, which will lead to further changes to the coinbase transaction in the original Merkle Tree, so that the entire Merkle Tree needs to be recalculated from bottom to top, doubling the workload. As we all know, the previously updated bitcoin core version already fully supports segregated witness.

(Figure 3)

Yesterday’s official announcement also stated that new firmware for R4, T9, T9+, S9i, and S9j that can activate the “Explicit Asic Boost” function will also be released this week, and Poolin Mining Pool (Poolin.com) has taken the lead in supporting Asic Boost. After miners update the firmware, they do not need to perform any additional operations and can directly start mining by connecting to the mining pool!

Reference Links

Firmware download address:

https://service.Bitmain.com/support/download

Official announcement:

https://blog.bitmain.com/en/new-firmware-activate-overt-asicboost-bm1387-antminer-models/

AsicBoost official website:

https://www.asicboost.com/

BDPL official website:

https://blockchaindpl.org/

Slushpool’s stratum extension protocol:

https://github.com/slushpool/stratumprotocol/blob/master/stratum-extensions.md

Bitmex’s statement on invisible AsicBoost:

https://blog.bitmex.com/graphical-illustration-of-a-bitcoin-block/

Gregory Maxwell's proposal for AsicBoost:

https://lists.linuxfoundation.org/pipermail/bitco in-dev/2017-April/013996.html