On Tue, Oct 15, 2013 at 11:03:41AM +0100, Cathal Garvey wrote:
The wealthy will always be able to out-mine the poor if it's a straight battle of who-buys-more-hardware.
I dont think that matters so much as that everyone gets the same hashing power per dollar. I had some rant I posted on bitcointalk a while back (first post there) to say using hashcash-scrypt(1) would be better than hashcash-SHA256. (scrypt(1) meaning scrypt(iter=1)). However there are some valid counter arguments. SHA256 is simple and easy to put into silicon blurprints for fabrication replicated multiple times. Even small and seemingly significantly incompetent outfits like butterfly can just about do it. Apparently many more are coming online. Thats good because you could do it yourself with a modest budget and necessary skills. If the mining function was really complex it would create eg $10m or $100m barrier to make a very fast implementation of it, then you hae a real barrier to entry and a mining centralization problem. The not so good part is maybe anyone with the skills will get the chips fabricated and mine them themselves. So it depends on ready market availility from multiple competitors, that question is a bit up in the air at present but there is some evidence of improvements in availability. Dont think mining is a get rich quick scheme, its very easy to lose money at this stage, as its an arms race as the fab tech used quickly catches up to moore's law and then tracks it. Also the miners dont actually have that much power, all they are doing really is ordering transactions, so for double-spends you can chose the first one as valid. A big company or individual who invested millions and is earning big bucks from their mining operation probably doesnt want to commit spending fraud - they'll get sued and lose their investment and freedom. Now if governments or other organized criminals do it, thats a different issue as there is no useful legal sanction at that level. They cant really censor tansactions btw even then see the committed-coins proposal if you want to know how that can be fixed. https://bitcointalk.org/index.php?topic=206303.0
Now that Litecoin's basically GPU only, it's also a little worse than it started, but there's no evidence at this point that it'll go FPGA.
Rumor is there are people working on a litecoin ASIC. Scrypt wasnt even designed to protect against memory-time tradeoffs, nevermind intentional large design mm^2/minimum gatecount. I think if you can make the algorithm complex and dynamic enough, and yet still efficienty verifiable, (and to have no progress so its like a lottery) you should be able to push thing so that whoever does make ASICs is basically making a custom multi-core chip and competing head on with scientific and graphics GPUs. AMD & Nvidia are probably going to win there, or if they dont people will buy your dynamic agile algorithm miners for programmeable scientific uses.
My ideal hash for a 'coin, unrealistic as it is even in theory, is a hash that practically defines the instruction set and architecture of a prototypical CPU, so that translating it into specialised hardware is either impossible, or merely creates a more efficient CPU, which is better marketed as a CPU than a mining rig. In other words, the state-of-the-art in CPUs is exactly the state-of-the-art in CPUcoin mining. :)
I see you had the same idea, and I dont think thats so unrealistic. Making it fast to verify is a bit harder. For example include all 16 AES encryption finalists and 16 SHA3 finalists etc and combine them with data dependent selection of algorithms. This will push the gate count up. Scale that design process a few times and you're there. Mix in some memory (apparently memory is not so fun to put on ASICs, if you need lots of memory per execution instance (whih is not memory cpu tradeable like scrypt) that makes it expensive to ASIC. I do think CPUs are probabl a losing bet should aim for GPUs. Consider they are largely not made but better CPUs can be made for mining than are sold. eg consider a 100 core intel atom. They have the gate-count to do it, its just people would sooner have a faster single thread (via super-scalar design & higher clocks, better cache etc) lower core chip. Most of the silicon on an i7 is wasted in achieving blistering single thread performance, that is a complete waste for mining. https://en.wikipedia.org/wiki/Transistor_count (atom 47mil transistors, and there are multiple 4.7 billion transistor GPUs on the market.) If you succeeded in wedding an algorithm to the intel instruction set, this is what would get built. Its remarkably like a GPU really right? Lots of cores. Clearly if you strip out the intel backwards compat overhead and add SIMD in groups of 16 cores, you can get 2048 cores per chip as that is what AMD is doing in the 7970 (or 7990 two cores!) So be careful what you wish for :) You can always do better in hardware. The harder part is to have a relatively fast verification, but thats probably reasonably doable per scrypt design. Adam