ProgPoW in the context of Grin

Topic has been brought up on Gitter a couple of times without triggering any discussion, let’s see if it does so on the forum.


@OhGodAGirl recently published an article called “The problem with Proof of Work”, that has been doing the rounds lately. This was followed by a critique and response.

In it, she references a Proof of Work algorithm she’s been involved in creating. Called “ProgPoW”, it’s forked from Eth-miner.


After some research I note that:


There’s not much conclusive security & technical analysis done yet to validate that ProgPoW’s construction really discourages specialised ASICs or FPGAs. There’s some discussion in this Reddit thread and also in the Zcash grant proposal thread.

So far, the seemingly most valid critique I’ve found so far is the following:

Questions in the context of Grin:

  1. What are your thoughts on the main premise of ProgPoW + OhGodAGirl’s article, that promoting mining on multi-purpose, widely available commodity hardware (such as GPUs) are in the interests of a coin, rather than encouraging specialised ASIC-chip mining?
  2. To what extent will an approach like ProgPoW be effective in preventing specialised ASIC-chip mining?
  3. How does this in turn prevent hashpower from becoming centralised into a small group of actors? I.e. Does it even matter?
  4. How does ProgPoW compare against the current “pure” Cuckoo30, and/or the “dirty” Cuckoo variant discussed?

Any other thoughts, suggestions, ideas are of course also welcome! :slight_smile:

About the critique on energy consumption:

“In thermodynamics, work performed by a system is the energy transferred by the system to its surroundings”

“Work transfers energy from one place to another, or one form to another.”

You can’t have proof of work without energy consumption. Some PoWs run the machines cool because they are limited by memory access and the processing units are idling most of the time. When an ASIC/FPGA fixes the memory bottleneck for such an algorithm, there appear large improvements in performance/efficiency.

An optimal GPU-friendly PoW would use all the the GPU capabilities, not only the memory controller. Using all the compute resources on a GPU would make it run hot, but so would a comparable ASIC. In practice, you can under-clock the hardware for efficiency (energy consumption is non-linear on clock speed).

1 Like


These criticisms are absurd to me. They simply describe Proof of Work. Of course miners will deal with energy consumption, heat, and electricity cost. If those were not constraints, what other constraints could be imagined for POW?

1 Like

In other words, @Chronos and @OpticFlow, what you both are saying is that these criticisms are not so valid, and that it’s not a bad thing that ProgPoW would be capable of working a GPU close to its maximum. Correct?

What are the risks or limitations you can identify?

Sorry, I’m not competent enough to analyze the specifics of ProgPoW (but I do like the general idea of using commodity HW).

The concept of “Proof of Work” is that mining has a cost. If mining were free, it would be Proof of Nothing. These costs include:

  1. Hardware cost
  2. Electricity cost
  3. Cooling cost (which is more equipment & electricity)

I can see an argument that shortening GPU lifespan which increases (1) relative to (2) and (3) would promote greater environmental damage, which would be a bad thing.

But it sounds like that criticism of ProgPoW is that (1) (2) and (3) are too high. The general argument that “all the costs are too high” makes no sense. That’s what the mining difficulty fixes.

1 Like

Sure. I mean at this point in time, I’m trying to find any kind of valid criticism against ProgPoW. Cause I am not able to find a lot online. Maybe aside from the fact that it’s not as simple in design when compared to something like Cuckoo.

Criticism: Doesn’t utilize floating point (FP32) arithmetic, which is what GPUs are optimized for.

Question: how hard is it to verify a ProgPoW solution? I couldn’t find info on that…

This is what they say about that here (Design Specification section, emphasis mine):

Not really an answer to your question, but the Testing section in the same link as above also has the following info:

ProgPOW aims to make GPUs primary hashpower, CPUs are out. ASIC 10x as effective seem unlikely for ProgPOW (cost x power x speed). PoW verification could be slow (not sure). I see no issue with it drawing more power compared to ethash, it is clearly well designed to milk current generation of GPUs.

Cuckoo30, as it is, aims to be simple, elegant with instant verification. Mineable on CPU, but also on DRAM asic or a large single-chip asic. This is a good property for distant future. It is not designed for any specific architecture or instruction set. But skilled asic team might get 500x advantage over gpu at same power input.

I think the issue is not technical, but ideological. Some people prefer to let the market decide, some would like to see passive anti-asic properties and others want to actively fight even hypothetical mining centralization.

I believe that it is entirely possible to select a PoW scheme that would match any plan and cover worst-case scenarios. But I think there is no common written goal (yet) in grin community or core code contributors, only individual opinions. So it is hard to judge ProgPOW is that missing context.

1 Like

Freshly produced article with performance benchmarks and tech specs:

1 Like

In ProgPoW github page, I saw this comment on Cuckoo Cycle algorithm:
Cuckoo Cycle

** Potential ASIC efficiency gain ~ 100X*

The amount of state required on-chip is not clear as there are Time/Memory Tradeoff attacks. A specialized graph traversal core would have similar efficiency gains to a SHA compute core.

Is that true?