Proof of work update

Arguable, depending on how you look at “decentralization”.
However, I incline to agree with the next: If something makes money - rich people will always find the way to get more than poor. Buildin ASIC or CPU farms, doesn’t matter. There will always be Bitmain whether it’s SHA256, Cucko or RandomJS. True. And on my opinion it kills decentralization no less than hardforking every 6 months. So the choice: either to hardfork/and tweak PoW forever or tolerate Bitmains.

If I’m not mistaken Grin have chosen the second one.

Thanks for fruitful conversation (for me at least :)).
I’ll be following Grin anyway, whatever path one goes.

We never said we’d hardfork forever. Only the first 2 years and it coincides with planned hard forks we’ve discussed a year ago already to iron out release bumps.

So the choice: either to hardfork/and tweak PoW forever or tolerate Bitmains.

In very simplistic terms, you have come to the correct endgame conclusion. Given the chip die sizes, there may be one chip maker that will have best grin miners two years from now, for a short while. In fact, it would be a miracle if all available asics would run at same efficiency this early on. Making PoW insanely complex would only amplify the gap. So your second conclusion of non-stop hardforks is also correct. Two years is just fine. But think about the ramifications: 1) you keep all verification functions forever 2) you need to have a wise incorruptible immortal wizard that crafts new PoW every few months and publishes it to git - forever - until the Sun expands and the last 5-cubic-kilometer grin verification function datacenter (and the corresponding 3.5" floppy disk with the rest of the grin binary + the poor wizard) on Ceres is lost.

This is the price some people (You know community of which coin I’m talking about) are ready to pay to make coin distribution more fair and prevent manufacturers “own” the major part of emission (therefore own the coin value). I’d rather say this way is more decentralized, though it’s decentralization is somewhat “killed by harforks”.

That’s why I think even if we had a universal CPU PoW (With similar idea to randomJS) or combined CPU+GPU PoW which would of course be asic resistant, having Bitmain put thousand ARM processors (+ probably GPU cores) on board might be far too risky and expansive and who knows whether profitable or not - because millions of people over the world already own millions of CPUs and GPUs. Moreover, those manufacturers would need to raher create own chip factories, because buying chips from Qualcomm, Intel, AMD is way too expansive. And having created such factory, would they really spend their time to mine cryptocurrency? I’d opt for no. But regardles, harforks with tweaking would be innevitable because of evolution, maybe not every 6 monthes though, maybe not even every 2 years. Hope you see my way of thinking and it makes at least slight sense.

1. you keep all verification functions forever

Well, it can be avoided by creating checkpoints that just treat all previous blocks as valid if, say, the hash sum of all of them equals to constant hardcoded somewhere. I know it’s a very simplified way, just for the sake of example. Even if it couldn’t be avoided, keeping all legacy verifications is not a huge price, at least for now.

As for the wizards… Everything evolves, people invent new, Intel, Nvidia and AMD also don’t stand still, wizards get more and more wise. It’s possible and I’d even say scarcely hard to develop a PoW that would take advantage of all (or at least most) capabilities of high-end products that would be widespread and would create a huge obstacle for Bitmains and BitFurys. Your words: it’s not magic. So there shouldn’t even needed a wizard if it’s not.

If Grin is backed and supported by a big community of enthusiasts (M-hint-ero), then there will be enough wizards. But to attract wizards, it’s crucially important to stick to powerful ideology (e.g. fair decentralization ideology)

Yeah, who knows what (and when) quantum-related reserches will lead us to before Sun explodes

A CPU is not an Application SPECIFIC Integrated Circuit

I agree that considering x86 as an “application” is stretching things a little too far. That would leave no distinction between IC and ASIC, since every IC does *something*, and one could always argue that something being an application.

Yes, I said it in a stupid way. So correction:

Intel drops few ALUs, SIMD units, OOE, branch prediction, AES mini-asic, caches, multiple cores, etc into the design and starts printing it. Most programs don’t use all those CPU features.

Tritmain can just buy a (ARM) CPU license, drop Blake2 mini-asics next to array of CPUs, add some other stuff and then they start printing it just like Intel, nvidia, amd etc. This whole package would be optimized to run PoW XYZ, but it would be able to run other stuff with reduced efficiency. But it is a big ASIC made for one PoW that just happens to use many little CPUs on single chip.

Hope you see my way of thinking and it makes at least slight sense.

It makes sense. I tried to paint the idea that any PoW can have application specific chip with varying degree of speedup. If you make it complicated, only the biggest sharks will have those chips. So you gotta keep forking and bricking nodes every few months for 20 years.

If “Tritmain” gets an (ARM) CPU license there’s nothing stopping ANYONE else from doing the same thing. Especially other license holders of which there are a few (ARM Holdings Licensees).

ASICS are not commodity hardware as at this time. I doubt they will be in 2 years time.

Also note that some companies notably “Tritmain” now require KYC to buy an ASIC. Censorship could very easily result from this development.
It’s a bit harder to do that with CPUs and GPUs or perhaps it’s just harder to justify doing that.
The result however is the same.

I second pomidorka’s sentiments, I would like to add the issues of opensource ASIC’s into the conversation because I have seen it mentioned elsewhere as a possible solution. I don’t think anyone has actually thought that through and how hard it would be to actually make. or how long or even if it would be able to compete with proprietary designs. The other issue is if the worst happens and 1 company is making all the asics with most of the mining coming out of one country, what will or can the devs do? At that point you would be at the whim of the asics forking away if you decide to make a change.

I also don’t understand this part

Why not ProgPOW instead of Equihash? For 2 main reasons: 1) Equihash remains a lot simpler 2) ProgPOW places an additional burden on proof-of-work verification making it less suited to light environments (cell phones, small VPCs, etc).

How is 7Gb equigrin suitable for cell phones?

how long or even if it would be able to compete with proprietary designs.

Could you define “compete” in this sense.

The asic races have not broken bitcoin; yet the numbers are disgusting.

Non-specialized hardware comparison - Bitcoin Wiki
3410-------- 0.074
Atom D510 ------ 2.3
Xeon Phi 5100 ------ 140

Mining hardware comparison - Bitcoin Wiki
Avalon Batch 1------ 107
AntMiner U3 ------ 1,000
Ebit E10 ----- 11100

That be a possibility space of 150,000x difference in mining power

If the open source asic is even 10x less effective its such a massive leap in ecosystem health, it would be an achievement all its own

This was already asked ealier and replied to in Proof of work update - #9 by Cafevoodoo

Exactly.

I understand that developers of Grin are striving to make PoW as simple as possible to involve more manufacturers into Cuckoo ASIC development. And it’s a possible scenario. It’s possible that if Grin really becomes very popular, all current (and probably new ASIC manufacturers) start insanely produce Cuckoo ASICs and even selling 10% of produced ASICs to mortals like us. In some years (5? 10? more?) if Grin stays popular - more manufacturers join ASIC production and maybe Grin is going to begin being fairly distributed between miners, although huge piece of emission already belongs to “Titmains” and they decide what the value of coin is.

For me, it’s too many "if"s, too much uncertainty and dozens of alternative scenarios (which to my mind are more likely to happen and are way less healthy for Grin). I don’t really see how Cuckoo is different from SHA256 in terms of ASICs and Titmains.

And the last - ASIC is still ASIC. Cryptocurrency mining ASIC is useless piece of silicon born to do useless job. Mostly, people who treat cryptocurrencies and mining as a mere moneymaking source, or cryptomaniacs buy ASICs - which makes coin distribution less smooth. Less smooth than if it were, say, GPU and CPU with homeminers, GPU farms, botnets, malware, gamers, integrated Web-site mining (as an alternative ads on free websites), etc.

Although, there’s one thing that comforts me to some extent: I hope there will be enough time for everybody to think, before we see first Cuckoo ASICs. Might be devs change their mind by that moment)

I second @pomidorka. Way too many ifs and very likely to lead to centralization of mining power and coin emission

Meanwhile, I have yet to see an alternative PoW proposal with a convincing argument that it gives a fairer distribution…

The good alternative PoW either doesn’t exist yet or isn’t proven to be secure and worthy.
But by and large, is it a question of choosing PoW or choosing a standpoint?

For me it made an impression that there is a steady standpoint “ASICs are not good, but inevitable. If there was a good ASIC resistant PoW, we would take it, but since there isn’t - we’ll rather embrace ASICs and optimize PoW to reduce the harm of unfair distribution”. I’m still not 100% sure this impression reflects reality, but alt least it seems so.

And it’s great deal different from a standpoint “ASICs are evil because they cause unfair distribution, and that’s it. We’ll do our best to resist ASICs by all means, like hardforking every 6 months”.

Meanwhile, I have yet to see an alternative PoW proposal with a convincing argument that it gives a fairer distribution…

Cuckoo will/would give a fair distribution. For some time. Until ASICs are produced.

It’s worth revisiting the original post of this thread.

No, that’s not right. As per the original post of this thread, The problem is the degree of centralization and lack of competition in the ASIC market, not the ASICs per se.

As per the original post of this thread, it is a distinct possibility that Cuckoo ASICs will be in operation by the time of mainnet launch. In that case, it’s also possible they would not be widely available to the general public. This can result in a significant degree of centralisation, at a very early and crucial stage of Grin’s lifecycle. It would be irresponsible to be aware of this risk and simply choose to ignore it and hope it doesn’t happen. The changes are introduced in part as a mitigation against this scenario.

Then, I guess there’s some sort of misunderstanding. Personally I believe that any CPU/GPU ASIC reststant PoW gives less degree of centralization and less lack of competition than any ASIC friendly, by default. The reasons are obvious (for me) and I have specified those in one of my previous posts:

So for me the very incentive to believe that having open-source-ASICs with many independent manufacturers (especially in 2 years, it’s utopia) changes the degree of centralization drastically is wrong.

Anyway, I’m tired to say that ASICs (any ASICs, no matter how many manufacturers and how decentralized is the production) are worse than CPUs+GPUs.

May I rather ask another 2 questions:

1. If after 2 (or more) years, when Cuckoo mining is fully rewarded, Grin community spots the abnormal hashrate spike or gets a leak that someone like Titmain owns major part of stealth hashpower, will it be harforked to resist Titmain?

2. What are the objective reasons to believe that current stage of cryptoeconomics development (or maybe some other conditions?) will lead to Cuckoo be going other way than SHA256, meaning ASIC production not being concentrated in one hands and 2 years would be enough?

We plan to only hardfork to larger cuck(at)oo graph sizes, if there’s evidence of single chip ASICs becoming the most economical way to mine.

We would be quite happy to have the level of ASIC competition enjoyed by bitcoin now, with a multitude of manufacturers.

New idea: can Grin be secured in the same manner as Namecoin, i.e. by merge-mined SHA256 alongside bitcoin mining? I know giving up Cuckoo is a huge loss, but is it something to consider for the sake of decentralization?

What I don’t understand is why the decision needs to be made right now? If we’re not sure, we should keep the PoW simple and hard fork every six months until the answer is clear.

A lot of people seem to think the Monero community is foolish for trying to resist ASICS, but do they really have anything to lose? They can always throw in the towel later on if that makes sense. What’s the downside?