Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Ballot Proposal: Embracing Simple PoW and ASICs #21
(ballot copied here for discussion's sake)
Ballot Proposal: Embracing Simple PoW and ASICs
A Long-Term Plan to Decentralize Mining
Proposed ballot entry, and convenient TL;DR:
With equal degree fascination and anxiety, I watched the Great ASIC Resistance Debate unfold in Zcash and other cryptocurrencies this year. On the Zcash side, the debate reached fever-pitch after Bitmain released the AntMiner Z9 mini, which resulted in our statement on ASIC Resistance and the ensuing commitment to investigate and prescribe action.
That statement sowed the seeds for this ballot proposal, and in particular this paragraph (bold parts my own):
This ballot proposal is that alternate path, one that I believe is worth discussing—one that flips the debate by embracing ASICs and simple PoW, but only so long as we can encourage open commoditization and access to mining hardware.
Full disclosure: what follows is my personal opinion, and not representative of official Foundation policy. That I am a Foundation employee should not weigh on your evaluation of this proposal, instead let the scales be tipped by the merits of the argument contained herein.
To be blunt: I do not think ASIC Resistant is a long-term, sustainable goal. I do think, based on the data available at the time, it was reasonable to make that a high priority when Zcash launched, and that it helped to encourage broader, fairer distribution of ZEC, but to me it is abundantly clear that it's not the right design goal today. With a high enough economic incentive, a hardware manufacturer will ultimately find some way to make an application-specific circuit...and if it's in a particular position, it could monopolize the development and distribution of such a circuit. That creates a dangerous environment for centralization. On the other side of the coin, if you somehow managed to make a truly ASIC-resistant PoW design (something many consider impossible, myself included), then if you are not the largest coin using general compute power you open yourself up to 51% attacks, potentially by easily-rented, virtual compute cycles.
I won't spend time re-hashing these arguments, but suffice it to say that the following articles have influenced my thinking on ASICs and PoW, and I strongly encourage anyone reading this ballot proposal (and really any cryptocurrency enthusiast) to also consider reading these articles:
Given this perspective on the inevitability of ASICs, I think it's better to consider what an ideal PoW mining environment would resemble, and what proactive steps we can take to get there.
Goals and Assumptions
Here are my explicit goals with this proposal:
And my assumptions:
Given the goals and assumptions, let's consider each part of the proposal.
This is self-explanatory, but why plan a PoW change with a fork so far in the future? Here's my rationale:
I think a hasty PoW change to something more ASIC resistant is short-term beneficial, but long-term serves to widen the gap between any given hardware manufacturer's monopoly position as an esoteric ASIC manufacturer and their nearest competitor. But a long-known-in-advance PoW change could allow others to compete, particularly if the next bullet point in my proposal is met:
The simpler the PoW, the less likely clever hardware tricks can be used to generate competitive advantage for a given manufacturer, and the more likely—and more rapidly—the hardware will be commoditized. Combined with a long lead time to PoW change, it may be possible to have a competitive hardware market months before the fork.
The actual selection could be done like the Zcash Mining Challenge, or via an expert the Foundation hires or contracts.
A competitive, well-maintained, open spec would benefit everyone, particularly new entrants in manufacturing. The Foundation would have to either initiate development or—ideally—work with a number of hardware manufacturers to contribute to an open spec (see next point). This could also be run like the Mining Challenge.
This may be the most difficult, yet most important piece. In effect, this would be an attempt for the Foundation to act as a conduit for co-opetition between manufacturers, sharing development cost while maintaining their own manufacturing business lines. Nothing like this has been done in the mining world before, as far as I know...but that's not to say that it can't work, it's just never been attempted.
Much of this work would be for naught if it resulted in overly centralized pools; instead, we should endeavor to have this hardware work with a standard, open, decentralized-first piece of software. Again, we could use a renewed Mining Challenge to spur development, or (attempt) to build it ourselves. Even better if we could implement this directly in the Foundation's future independent node implementation. And thankfully this work can be done in parallel to the hardware development/consortium/PoW selection.
This is still very hard, but seemingly easier by comparison. :)
There are many risks here, commensurate with the proposal's ambition. My assumptions might be dead wrong. Hardware manufacturers may not be interested in a consortium to build simple PoW equipment. Good UX for hobbyist mining might require centralized pieces. Stealth/more efficient mining might still happen, even if three or four hardware manufacturers agree to an open spec for which they frequently upstream contributions. Hard forks can be difficult to coordinate and organize. The challenges to create good, decentralized mining software and encourage hardware manufacturers might prove too difficult.
And ultimately, it very likely won't prevent the rise of massive mining farms on this PoW. There are huge advantages to running farms, when volume purchases on hardware, in-house hardware development, and access to utility-level electricity create economies of scale. But with the right steps, we could limit the effect those farms have on overall hash power. If the improved UX and cheaper/competitive ASIC market result in 10-20% of hashpower living on farms and 80%-90% in the "fat tail" of hobbyists/users not overly controlled by a single pool, I would consider that a success.
And despite the risks I do think it's worth suggesting this proposal, and getting feedback from the panel on whether this should be a priority for the Foundation. I eagerly look forward to your comments and the community vote.
The ASIC resistance ballot says:
This ballot which talks of "embracing ASICs" says:
Why does one ballot set general direction while the other binds to specific action?
Won't this confuse voters as to what "Agree" really means?
Given that these two ballots are related, what if they both pass?
All good questions @bitcartel.
This was up to the ballot proposers—@amiller took a general direction with his, while I thought it prudent to outline specific actions—particularly since I anticipated many in the community having a problem with this approach if I didn't outline my reasoning and offer concrete steps. I also thought it would be nice to have a more specific ballot proposal to contrast with some of the more general ones.
In the context of both proposals, yes, but independently I thought it was clear that I was seeking approval for this specific plan...if not I can change the wording, open to suggestions there.
That would be a case similar to the Condorcet paradox and one that the Board would ultimately have to resolve if they're separate ballots. @amiller and I could also choose to combine the ballots and offer multiple choices with only one selection—that may be the easier solution, prior to assembling the ballots.
The best that we can hope to do is identify all of the places that manufacturers today have sturdy advantages and determine where we can erode or eliminate those advantages.
The algorithm choice greatly impacts what sorts of optimizations are available to chip teams. The optimization space even for simple chips is massive - there are full time people at AMD whose sole job is to make an AND gate faster. Every level of complexity that you layer into the chip is another tier of full time designers you can productively throw at optimization.
Memory is incredibly complicated to optimize. A lot of people don't realize, but one of the most expensive parts of chip design is moving information from one place to another. Memory is a bunch of moving things from one place to another, and if you can figure out architectures that minimize the physical distance that the data needs to travel, you can create faster and more efficiency chips. For something like equihash, the optimal architecture is very much not obvious, and that means that well funded teams with lots of people looking at every layer are going to have a much bigger advantage over smaller teams vs. a simpler chip or algorithm where the optimal design is reasonably self-evident. Bigger teams will still have a big advantage, but at least we're talking like 25-35% instead of 3x or more.
Embracing ASICs on equihash I think in the long term is going to cause a lot of issues, likely even worse than what Bitcoin is going through with Bitmain today. It's a tough algorithm to develop hardware for, and it seems like there are a very large number of advanced / non-obvious ways to optimize. That just translates to bigger moats for big teams, and bigger risks for small teams.
I support the idea of changing the PoW algorithm to something simpler. And I also strongly urge you to consult and leverage actual hardware developers and chip designers when deciding what counts as simple. A lot of things that are extremely simple in software end up being overwhelmingly difficult in hardware. Two great examples of this are addition and rotate. There are a mountain of research papers explaining how to add two numbers together in hardware when optimizing for various things. And rotates end up being a lot trickier than "just connecting wires" because of all the fancy design rules (literally hundreds of pages of rules) that tell you how close various wires of different types and sizes are allowed to be.
Anyway, I support the general idea. And I also strongly support the idea that the hardfork should happen after manufacturers have had a long time (at least 12 months) to develop hardware for the new algorithm, that way you don't get one manufacturer who is first to market and controlling everything.
@acityinohio Very glad to see some alternative thinking emerging on this topic. Below are some of the concerns that come to mind.
While I would love to see something that is thermodynamically efficient, I believe this may also be long-term unsustainable. PoW is competition by its very nature. This always forces scale. PoW creates security through economic incentive. Because mining rewards are relatively constant, the amount of PoW generally follows the market capitalization. The primary costs to miners are equipment and energy, and it should be assumed that they will be utilized to their limits within the market cap. As the market cap grows, so will the amount of hardware running on the system. It will only stop once it becomes unprofitable.
If the equipment is expensive you immediately alienate a large population of small miners. If the equipment is cheap you may end up better distribution initially, but in the long term, miners will utilize more equipment and therefore more electricity. The efficiency of the equipment does not matter since this is ultimately a system of economics.
If PoW is continued to be used, I believe that it should be assumed that massive amounts of power will always be utilized. The next best scenario is that all this computation power is co-opted and utilized for a productive purpose; possibly in mathematics or science.
Would the primary purpose of this be to prevent a monopoly by a single manufacturer? This may be successful in the short run, but again, I have concern for the long term. Without oversight, competition between manufacturers will likely end with a single market dominator. This seems to be one of the most common scenarios in markets without a geographic constraint. This could be dealt with through some form of a governance model, but IMO this means the purpose of the system has gone astray since it ultimately relies on external trust factors.
I also agree that this is the right way to look at it.
This isn't discussed much here but it seems to me that pursuing this goal has more to do with the expected number of rewards issued per day than with the mining algorithm. For instance, if a blockdag is used and blocks are mined many times a second, a solo miner with modest hash power could expect to see some rewards in a reasonable amount of time (perhaps a few days). This is the main reason I'm interested in blockdags.
Given economies of scale, there will probably only ever be a handful of competitive manufacturers who dominate.
Consider the market for memory chips which are built to an open specification.
When there are only a few players, its easy to collude:
Collusion also occurred, when smaller players were still in the market:
So the end result of this proposal may be no different than what we see with the SHA256 market.
That's going to happen no matter what approach you take. A sha256 chip might see 5 or 6 viable competitors (like DRAM), a complicated equihash chip is more likely to only have 2. (like CPUs and GPUs).
It's important to understand where companies are able to build their moats, how they are able to keep startups and other competitors from entering the market, and understanding what needs to be done to minimize those forces. A simple algorithm with an obvious hardware implementation can weaken or eliminate a lot of the centralization strategies employed by companies like Intel and Nvidia, and where we can get a few easy wins, we should.
To add to @DavidVorick's point, it appears that the SHA256 market is indeed showing signs of a competitive resurgence, which is an argument in favor of a simpler PoW scheme IMHO:
Your point is well taken @bitcartel (and echoed by @jordanmack)—that with a limited number of hardware manufacturers, collusion becomes more probable, and monopolist or duopolist behavior might emerge. The crux of this proposal is an attempt to structurally engineer a competitive marketplace
It seems important to point out the distinction between ASIC manufacturer collusion, and ASIC operator (miner) collusion. We care about manufacturer collusion only as much as it causes miner collusion.
Miner collusion is easy when there are few manufacturers. You get vertically integrated companies like Bitmain, preferential pricing deals, and manufacturers colluding to fix prices and squeeze out new miners.
Miner collusion is hard when there are many competitive manufacturers because new miners can enter the market on even footing. Capex of new mining operations is lowered as manufacturer margins get trimmed. Miners compete on opex, rather than manufacturer capture.
It follows that we should bias towards algorithms that permit many manufacturers. This is how we prevent miner collusion. "Memory-hard" algorithms run on hardware which has been shown in practice for decades to permit few manufacturers. Nvidia has a slight leg up on AMD, and nobody else even tries. On the other hand, Double-SHA256 has an early mover (Bitmain), and upcoming competitors (Halong, GMO). Follows that we should avoid memory-hard algorithms, and research ways to create more easily commoditized ASICs.
I think people also care about an oligopoly of manufacturers inserting backdoors and kill switches into the silicon.
So which is better?
It sounds indeed interesting, and it’s maybe a niche he found but it raises again some general concerns in my opinion:
Just some thoughts, but why not, we will see how such projects work…
The general idea behind launchpad is that the first-mover for ASICs is going to have a hardware monopoly regardless. Especially for smaller projects, it's basically guaranteed that the coin will go through a phase where exactly one manufacturer is making hardware, and most of the manufacturers out there today are very clearly aligned towards profit, vertical integration, secrecy, and centralization as opposed to more open ideals.
If you are going to be saddled with that anyway, you might as well choose which manufacturer gets to be first to market, and you might as well choose a manufacturer with a strong reputation for transparency, open-ness, and being coin focused.
Most early coins can only support a single ASIC manufacturer. As we saw with Sia and Decred, it's very foolish for a startup to go after an early coin, because the execution risk is immense. Zcash is in a bit of a stronger position actually. Zcash block rewards are high enough that it's reasonable to fathom 2 or 3 manufacturers making hardware if you announce a fork date with 12 months lead time. The block rewards are high enough to support multiple tape-outs. But you still aren't likely to see any of them open-source the hardware, and you are likely to see them forming preferential deals with mining farms of larger scale and better connections. I'm not sure if Launchpad is the right choice for Zcash, the key factor there absolutely being the heavy scale of the Zcash block reward.
Obelisk's preferred margin is 20% of the hashrate. We do everything at cost, then we keep some of the hashrate for ourselves. Other forms of profit-taking are negotiable, we don't have to follow that model if that's not what is preferred. Obelisk does not provide the $10mm, the developers (or investors for the developers) do. Everybody is comfortable with something different, and we are willing to be flexible based on that.
A 22nm ASIC will be within 3x of what a 7nm ASIC is capable of. It'll be able to be made obsolete the same way that the S9 made the S7 obsolete - that is, many people continued mining them even a year after it was no longer worth manufacturing more. If you have the capital, we can make a 7nm ASIC as well, and it will be within reasonable distance of what Bitmain can achieve (because the algorithm is simple and obvious to implement in hardware).
So the basic pricing model is that Obelisk charges $10 million and also gets 20% of the hashrate from the initial batch?
@joshmh This is exactly what ZenCash is doing with their Spectre research partnership with IOHK. This could eliminate the absolute necessity of pools for small mining operations and lead to much higher decentralization.
@prestwich It's also important to point out that this may have happened during the GPU shortage of 2017. I have a source that informed me that GPU manufacturers cut deals with certain large scale mining operations which gave them a 6 month lead on the rest of the industry.
@bitcartel Any type of backdoor or kill switch should be of concern, but mitigation of this is difficult. They can exist in any CPU or the firmware of a peripheral device. IMO the danger is compromise of a backdoor by a malicious party, not the manufacturer themselves. If a manufacturer was to maliciously use backdoors they would risk discovery, and destroy their market reputation.
@bitcartel Monopoly vs monopoly. I'd like to see a few more options here.
The pricing is flexible, but we have to make profit somewhere. If we aren't allowed to keep 20% of the hashrate we make, we'll have to increase the ticket price because $10 million to bring a 22nm chip to market really doesn't leave anything for us, even at dirt cheap prices.
Most coins can't afford to pre-pay multiple manfuacturers, because that $10m price is per-manufacturer. For Zcash though, the block reward is large enough that there actually is enough room for multiple manufacturers, potentially even at the 7nm level. And, as long as you give enough R&D lead time, you don't have to worry about keeping the algorithm secret either, just make sure that the hardfork date is sufficiently far in the future that everyone can have machines ready to go when the fork triggers.
The risk you run there is that someone like Bitmain goes ahead and produces enough hardware to make sure that nobody is profitable, sells it off by flooding a la how they did with Dash and Sia, and then also has specs that are 20-30% better than everyone else because they have the resources to go and chase optimizations that nobody else can afford to. (even on a sha256 chip those types of optimizations exist). If you keep the algorithm private, you can do a controlled start that makes sure your diverse manufacturers at least break even on the hardware that gets produced, if it's a completely open start there's a risk that some of your manufacturers end up with craters in their pockets.
DAGs I'd say are off topic here, but I'll drop a link to my two favorite DAG papers. Fair warning about DAGs, the vast majority of them are complete garbage, though they are really cool and I really do think are superior to the standard nakamoto consensus.
Also worth noting that there are fewer GPU manufacturers than there are sha256d chip manufacturers. And the margins on those GPU chips are very high - if Nvidia for example decided to start mining Zcash or Ethereum (and also Zcash and Ethereum were properly ASIC-resistant), they would be able to do so at probably around half of the capex of other mining farms, simply because they don't have to pay their own margins when buying chips. That would centralize mining under the existing giants very quickly.
This is also a concern with Intel actually. Intel owns their own foundries. If Intel decides to start mining, they don't have to pay foundry margins either, and they also get the benefit that their process technology is just simply 15%+ better than everyone else, meaning Intel would likely have the best and cheapest chips. Though, I don't think Intel would be able to compete with the datacenters in terms of electricity cost.
Really appreciate the discussion here everyone; this is exactly what I wanted to see coming from this proposal.
Wanted to highlight one of the things that @DavidVorick mentioned in his last reply that I think is crucial:
Combined with an open hardware spec and encouraged collaboration, IMHO it's this inherent delay that offers the best chance at a competitive manufacturer market at hard fork date; regardless of whether the Foundation or Company partners with a particular manufacturer to start. And despite the risks of this approach (e.g. Bitmain/others chasing crazy optimizations) outlined by @DavidVorick, I'm not sure I'd want the Foundation to operate secretly in something so prominent as a point of policy.
I also tend to agree that AMD/Nvidia have a duopoly on GPU mining, and Intel/AMD have a duopoly on general compute (at least with x86), and that long term they will take advantage.
If nVidia or AMD wanted to move into mining ASICs they could do so fairly easily. IMO the reason they have not entered the space is because there is limited benefit. They are selling their GPUs as fast as they can make them, and at a premium. In the past they've seen the mining markets capitulate repeatedly, so the investment may not be worth the gamble.
I see the operating openly as being an important aspect to any decentralization policy. If it's developed in secret and released to a single manufacturer for an intentional monopoly, it is operating in a traditional centralized model. While I see the obvious benefits from a business perspective, it seems that an important aspect of decentralization is lost. The basis for PoW is economic competition, but this is intentionally anti-competitive.
I've also considered that policy viewpoints are a red herring in the overall picture. If policy is enough to make or break the PoW system then it may be flawed to begin with. If you are ultimately forced to rely on external trust factors, then why even use PoW?
Due to the subtle differences between algorithms in PoW GPU mining, certain chips have historically had clear advantages. In the early Bitcoin days AMD had a clear advantage in SHA256 GPU mining. With Ethereum (Ethash) the AMD chips again dominated in 2016/2017. With Zcash (Equihash) nVidia is the dominant chip. You could argue that single manufacturers already have monopolies over certain coins.
I've mentioned shortly.
"I think on this time hard fork to A(144,5) 704MB and ready for next hard fork in further future A(192,7) 4.2GB plan is better strategy."
It means now Asic miner is so abrupt and miner provider's are almost monopoly,
Finally, Zcash also move to PoW and POS hybrid mode or any newer fantastic consensus algorithm.
Basically, make strategies for Preventing ASIC first way. until complete more good way of mining decentralization and miner provider decentralizations.
if PoW will go on, We never preventing ASIC or FPGA. but several provider's on the market.
I think OpenSource / Open Specification , any who provider mining devices who run company sell miners.
But, Now, ASIC miner providing company is so dominant and Stiff change to GPU investors to failed to get reward for PoW blockchain security contributions.
So, I mean make a some time. until newer good ways comeout.
This more or less matches my understanding as well. Entering mining is currently risky, the industry has only been "high value" for a little while, and as far as the bigger companies are concerned, it's not even that high value. They'd rather (at least for now) earn margins by selling the rigs as opposed to running them.
Though there's another component. If one of the major GPU manufacturers were mining themselves, would we know? Would it be advantageous for them to disclose that, or would it be safer to operate in secret, not letting people realize that there's another player in the market with an extremely unfair advantage?
Yes, we would probably know, as most of the major manufacturers are public companies (listed on a stock exchange) which makes it difficult (perhaps illegal) for officers of the company to hide a secret mining operation from investors, auditors, board of directors, etc.
Actually that's not how it works in bigger corporations/companies that are public.
First of all IF they would setup some mining operation like that it wouldn't be under Nvida directly, makes no sense and that's the reason they (bigger companies) outsource or make sperate companies for a given task. "All" they had to do is to finance a sister company with some millions and write in the Books/Papers something like "Invetement into Blockchain Research", "Testing Facility", whatever and it would be mostly for longer be hidden. Not even talking making it a private company without capital from investors/share holders..... It would take ages to find out ....
Such facilty most likely would be based in china again in my opinion which wouldn't make things more easy to discover. There are soo many examples on big companies doing something without the direct knowledge of Investors/share holders/audit or disguise it so good that it's hard to find out. Normally such "more secret operations" are found out if it's against some law (see Facebook, VW/Audi, for example) while as long as it's law confirm nobody is even on the tracks of the bigger companies......
Just theory and my opinion....
I greatly look forward to the results of the research committed to "ASIC resistance: advantages, disadvantages and potential implementation paths" as stated (the mining research was very informative), for I feel without it, we dont know if its the just path and cannot procede, in so as such de lege ferenda, ex aequo et bono. Ergo, delegatus non potest delegare
@acityinohio I see lots of alignment with this proposal and the one ePIC submitted. As an ASIC Design House we are keen to contribute our hardware design expertise to the communities debate on how to deliver the most secure, decentralized and scalable PoW hardware solution. I am just looking for direction on how to be most useful. Thanks