Discussion of the future of the PoW algorithm #316
Comments
|
|
@SChernykh - Will add that. Although, as far as I know Zcash investigated harmony mining and deemed it relatively unsafe insofar as that it would significant raise the attack surface and not add that much additional security. |
|
We need to re-evaluate what Zcash found. Maybe some new bright ideas will pop up. GRIN uses dual PoW, so they seem to have resolved these issues. |
|
The 4GB memory requirement for RandomX worries me more than ASICs. It means hosting the node would cost me 88% more, and I guess I'm not the only one. That, together with elimination of local lightweight nodes, might be a harder blow to decentralization than allowing custom chips. The dual PoW option sounds interesting but also opens a Pandora's box of further questions; especially how to keep the ratio of different blocks. |
We are planning to implement it in Wownero first, which should provide some test data.
The slow verification mode of RandomX is about 3x slower than CNv2 on comparable hardware. CNv4 is also about 3x slower than CNv2 on all non-x86 platforms, including Raspberry Pi (due to missing JIT compiler). So there would be no practical difference between RandomX and CNv4 on ARM hardware. Additionally, RandomX has a fast verification mode, which is about 7x faster than CryptoNight (but it's only usable in some cases).
There is a significant difference between a 20x more efficient ASIC (like the recently bricked CNv2 ones) and a 2x more efficient ASIC. The latter has a much lower potential for attacking the network. For example, electricity prices across the world vary by more than a factor of 2, so there are already miners with this kind of advantage.
The slow verification mode of RandomX requires only 256 MB. |
|
2x more efficient ASIC is not as dangerous indeed. Just look at ETH which still stays the most profitable for most GPUs. |
👍
100% agreed. This plan is infeasible, will damage Monero in the long term, and furthermore there's absolutely no guarantee that 3-4 months will be enough, if the price rises sufficiently. ASIC manufacturers are restless and always improving their methods. What if after a year or two we notice ASICs again, will we switch to a monthly PoW upgrade? I'm actually quite astonished on the fact that this plan is even under consideration, does somebody really think that users/exchanges would like to update their software every 3 months, with a potential Ledger/exchange bug in between? Users will either leave or switch to custodian wallets, leaving to somebody else to deal with the mess of running a full node/wallet; at this point we will ponder whether our "ASIC resistance battles" have led us to a far more centralized situation.
If ones make the assumption that we want ASICs to be introduced in Monero in an as fair way as possible, and avoiding the "early-stage-monopoly" effect as much as possible, 3, 4 and 5 are not optimal:
I believe that will ultimately mean throwing away the big time window RandomX would've given us. The question is not if someone gains an edge, it's when and how. After a year, or two, we'll be back to discussing frequent PoW changes again. Back to zero.
Assuming that RandomX works and is tested for a while, that's the most sensible way to go for the long term, and the only way to take advantage of the (hopefully larger) time window that RandomX will give us if/when ready. Ideally, this time window will be used to gradually introduce the ASIC friendly PoW share to the network a-la Grin.
Many interesting points. I would gladly pitch in for a RandomX audit, and I suspect I'm not alone. If RandomX does not prove to be stable/optimal/whatever, things are more difficult; maybe we can make a few tweaks, all while precommiting to introducing ASICs gradually? Would something along these lines be sensible? |
Grin has resolved those issues not because they just use dual PoW, but because their (temporary) dual PoW system serves as only as a smooth and fair introduction to ASICs for the long term. To their credit, they immediatelly started thinking about this once it was clear that a Cuckatoo ASIC would be inevitable. |
Sounds better. How about committing to be ASIC-friendly with the block when tail emission kicks in? Approaching that goal in GRIN-like manner looks sensible, as we could watch the ASIC development during the transition time, instead of plunging into new world as proposed in point 7. Of course, ASIC-dominated network in tail emission era brings different dangers than in mining era. Like purposeful withholding hashpower to trick people into higher fees. But there's plenty of time to spend on preparations for that moment, instead of adding another tweaks to PoW. |
i would be inclined to support this. with concerted effort (in the form of a funded workgroup) to find a manufacturer that would design and test an open hardware design. |
That will certainly improve the situation, but we can't deny the concept is relatively new and largely untested.
The difference is that CNv4 is meant as temporary stop gap, whereas RandomX is meant as a long-term solution. Furthermore, as far as I know, enabling JIT is still possible for ARMv8, whereas ARMv8 devices would take a large verification performance hit with RandomX. We also have to account for other lower end 64-bit devices.
I agree, but as I said, I have my doubts about whether the theoretically claimed 2x will work out in practice. |
I think there is little support for that option, but as long as it remains an option we have to list it in my opinion. |
Less than you might think. When joining a network at break even equilibrium, an ASIC with 20x efficiency gain has a 95% profit margin. At 2x, the profit margin drops to 50%. So the profit is about half, and the break even is almost twice as long. This is certainly significant, but not the 10x one might infer from the 20x vs 2x comparison. The way the math works out the minimum efficiency improvement is far more significant than the maximum in these comparisons. As long as there is any significant efficiency gain and sufficient revenue, ASICs become feasible. The difference in this equation between 20x and 2x is only a 2x increase in the XMR price. |
|
Just copying a comment I made on Reddit, to make my position clear: I've said from the beginning that ASIC resistance is ultimately futile. As Monero grows bigger, ASIC manufacturers will get smarter and will indeed start to co-opt developers or slip their own developers into the fold. We have no way of telling if our reliance on vtnerd making changes at the last minute is at all meaningful. There's also the very real risk of high-end FPGAs and similar (suggest you look at what NextSilicon and XTend Online are doing) which will make our changes meaningless. I agree that geographical decentralisation is a desirable trait. So one way we can solve for this is by (1) choosing an algorithm where we can dominate the mining capacity; (2) choosing an algorithm that is easy to ASIC, is general purpose, and is easy to validate - I suggest SHA3; and (3) setting that fork date right now so that ASIC manufacturers have a few years to get their act together. By the time we go live there should be a plethora of ASICs available, and if it's something general purpose like SHA3 I can imagine motherboards building it in, CPU manufacturers adding support via an instruction set, and so on. This also gives existing miners enough time to sunset their hardware and make a profit on it, whilst pricing in new hardware, knowing that there's a time limit on how long they'll be able to run that hardware for. We started this as a fight against Bitmain, against a single known-bad manufacturer dominating the mining space. I fully support that, but I do not support a futile attempt at evading ASICs forever, as that is impossible. |
A few years means a few years of uncertainty as to the state of the network and having it get monopolized by secret ASICs, including potentially malicious ones (we seem to have lucked out this time, in that the apparent ASIC builder didn't feel like attacking the network when they controlled 80% of the hash rate, but we can't assume we will always be lucky). RandomX might work out for a few years, in which case great. But it might not. What do we do if RandomX goes live and there are ASICs on the network within months? Continue a tweaking strategy that is actually working against the security of the network? Speed up the tweaking cycle, to which there are valid objections in terms of stability and frequent forks? Etc. Given that we don't have a lot of good options left, I'm not sure a firm plan to wait a few years is really sensible. To be clear on this, I would be perfectly happy waiting a few years if what we do over the next few years actually works better than what we have been doing for the past year. Otherwise, I see dragging out the current state for another few years to be bordering on suicidal. |
|
@iamsmooth the alternative is to switch to SHA3 in the October fork, or to switch to RandomX in October followed by SHA3 in April 2020. This leads to two questions:
|
|
@fluffypony I'm not necessarily saying to switch at a particular time, but I'm saying that if RandomX does not work out, then we must do something else, rather than committing to stick with a failed strategy for some set period of time (say, three years). I don't believe we can make any promises to existing miners any more than we can make promises to the community of "egalitarian mining". If it isn't feasible to accomplish (without putting the network at great risk), then it simply must be dropped out of necessity. It is a shame if this happens, but it is more of a shame if real world conditions require it, yet we deny that reality and make bad decisions as a result. |
|
While there seems to be consensus on this conversation's primary goal being to find a way to free precious dev brain cycles from having to maintain PoW algorithm ASICs/FPGAs-resistance, thus embracing ASICs/FPGAs in the long run, the debate seems to rather be about how this is going to be done or transitionned into. And even then, regardless of the transition strategy (RandomX, etc.), I don't see two points of view being expressed here on the ASIC-embracing algorithm to be transitioned into, only one : that ultimately, the algorithm should be general/useful enough to ASAP 1) be easily implemented by large consumer motherboard/CPU manufacturers 2) be useful as to have the research in acceleration and optimization benefit the whole crypto ecosystem, not just the miners, and if possible, Monero specifically. And still, SHA3 is the only option being mentionned here, so is there consensus on that too or are there other options being investigated ? Should this conversation be divided into two indepentent ones: the first about the transition algorithm (RandomX, etc.) and another one about the algorithm that will ultimately and permanently be transitioned into (SHA3, etc.) ? |
|
@ctrlshp there aren't a lot of options when it comes to PoW algorithms that are (1) lightweight, (2) useful in other things, (3) proven, (4) not used in any other major cryptocurrency. I'm VERY keen on hearing suggestions from the MRL! |
|
@fluffypony My point is similar to yours: I feel that the "ultimate" algo(s) is/are on a different timeframe than the "transition" one(s) and that by forking the conversation, we will give enough time to find a "ultimate" algo as groundbreaking as RandomX as a "transition" algo. I don't know, maybe BigNumber or ECC primitive arithmetics (mod, etc.) ? I'm just saying this on top of my head as examples of where this conversation should allow itself to thoroughly investigate, with the MRL and anybody who has an idea. I might be wrong too: maybe that it doesn't matter and SHA3 could be implemented first and then there could be a permanently ongoing conversation on its eventual replacement. I don't kow for sure, I'm just suggesting. And I do think that "officially" taking the matter before the MRL and giving them enough time to think/research it through is a strict minimun. EDIT: I just realized that I'm not assuming that it has to be a (known) hashing algo and that might not be a "natural" way to think about it. That should, IMHO, also be part of the conversation. I know that if it is not a hashing function per se, it breaks the "workflow", but can it be excluded now ? I don't know. |
|
@ctrlshp if we're looking for an ASIC-friendly algorithm I don't think we'd want to design something, we're not a group of seasoned cryptographers who should be doing so (see: Iota's hash function fail). We'd want something that has existed for some time, has strong pre-image resistance, and is unencumbered. SHA3 is specifically designed to be ASIC friendly, per the original paper:
|
|
I would say that throughput/energy per bit (aka absolute hashrate or hashrate per watt) are not important. What's important is that it must be easy to implement in ASIC, so easy that even a startup company could do it. |
If this happens, we'd be in a hole that we've dug ourselves into. So the question should be, what strategy will get us out of this hole in the long term? Not keep digging, that' for sure. If miners get an edge earlier than expected, which is entirely plausible, their reign in RandomX will end soon anyway. It's risky, sure, but it will be a one time thing instead of something that has a chance to happen every 6 months. |
|
Guys, you are way ahead of me. I'm merely saying that for now, there should be two conversation spaces. Because the two conversations are independent and if done in the same space, they will phagocytize each other and confuse everybody. Can we do that now and then talk ? |
|
@SChernykh from what I can tell, GRIN did not resolve any of these issues. They had committed to a dual-PoW before Zcash began its testing. I personally do not feel confident in a dual-PoW unless new research comes out suggesting it can be safer. Until then, I think we should consider it off the table for the reasons the Zcash team presented. |
|
If one thing is certain about switching to an ASIC-friendly PoW, we should NOT choose one where our global hashrate is a minority (i.e. SHA256). This risks any sufficiently sized pool from the larger network to launch a 51 at any time, and defeats the decentralization aspect from a different angle. |
|
There are 2 separate issues. First, the quest for an ASIC inefficient POW - RandomX and what that means for the need to tweak the algorithm for ASIC bricking. How good is RandomX really? Second, picking an ASIC friendly algo (which one?) and the conditions that need to be met for its orderly adoption. Are we OK with 1 or 2 companies mining Monero? Are we OK with them mining in china? Are we OK with an export ban on the ASICs? Mandatory KYC for ASIC buying? Import ban and confiscation in some countries? What do we want the Monero ASIC manufacturing and mining landscape to look like? There is a clear course of action for RandomX and a success condition, sort of. I don't know what success looks like for the ASIC route, seems like the current failure condition to me. |
|
One more option suggested by hyc on IRC.
Trade-offs (personal addition):
|
|
Firstly, I am disapointed to see what I view as myopicism, fatalism, and incongruence in the current discussion regarding the Monero PoW. I guess I'll start with the incongruence. I know many people came to Monero for many different reasons, so its impossible to state what everyone thinks about this. However, a common starting point for all of us is the cryptonote whitepaper. And yes, there is plenty to question about the motives of So its important to note that even in the whitepaper, it is presented that "Our primary goal is to close the gap between CPU (majority) and GPU/FPGA/ASIC (minority) miners." They go on to further expound that "It is appropriate that some users can have a certain advantage over others, but their investments should grow at least linearly with the power. More generally, producing special-purpose devices has to be as less profitable as possible". Therefore, I view the notion that Monero will switch to an ASIC-only PoW as completely incongruent with what can be considered the gestalt of Monero. I will then move to fatalism. Some view it as an inevitability that the only way for a PoW network to exist when the network has grown to a significant size is through ASICs. And finally, myopicism. Being short-sighted. We don't know whats around the corner, and everyone seems to be talking about 1-2 year timelines. OK, well, I guess framing this ramble in those three things wasn't ideal, because I want to get into some scenarios. ( And also using sublime text, because I apparently haven't install a spellcheck plugin. ) Imagine we somehow swallow this proposed inevitability that ASICs are the only way. We switch to SHA3. A handful of manufacturers are onboard. Everythings going grand for, I dunno, 2 years. And then. Boom. The hashrate quadruples. Not only does some entity have twice the network hashrate. They have twice the network hashrate of twice the the network hashrate. What happens then? Do we just go forward with "Well.... uh, the network is clearly pwned, but... lets build some more ASICs I guess" Because at that point, we're walled in. We're an ASIC coin, and everyones bunkered in. Changing the PoW at this point is as much as an option as is to choose to breathe air. And then to top it off, nations start blocking shipments of SHA3 asics. Hrmmm. Whats happening? Well, the code is ossified and no one will change PoW so there goes any hope of cryptocurrencies doing anything to change the world. I mean, the problem with ASIC manufacturers is they are entirely profit driven. If someone can prove otherwise, great. And do you know what could be the most profitable for an ASIC manufacturer? Providing control of the chain to an adversary. Lets compare this the scenario where we settle on RandomX, or some variant of RandomX that we figure out over the next year or so. Monero network hashrate quadruples. People wanting to defend the network can rent server time from, yah know, anywhere. People wanting to get in can buy computers from, yah know, anywhere. People wanting to go all out and build their own ASICs can, yah know, I basically just can't get it through my head how a tool (cryptocurrency) that is supposed to be permissionless can have this huge gatekeeping mechanism of hardware production and distribution. I mean, the revolution of cryptocurrency is that it enables monetary liberation dependent on ones ability to receive and transmit data. Walls for data are hard to build. And I guess here its important to state that I feel mining decentralization is important not for some egalitarian rewards notion. I mean, yeah thats great, everyone should be able to get rewarded for contributing to the network if they want to. No, decentralized mining is more important for block creation Despite my strong stance against embracing ASICs, I do recognize that specialized hardware can be made to perform operations faster than general purpose hardware. However, I wish to propose a concept that may be more in line with the original concepts that we greater fools found attractive. ASIC equivalence. I ask the reader to ponder the possibility that RandomX performs really well, and that an ASIC developed for it is within 1 to 2x more efficient. Is this any different than AMD or NVIDIA making a new GPU in todays market? Perhaps there are some differences - an ASIC manufacturer won't have the same infrastructure to distribute as effectively as a GPU manufacturer. And there may not be an incentive to distribute, as the Monero mining market is miniscule compared to general purpose hardware. However, now the ASIC manufacturer is directly competing with AMD, Intel, and NVIDIA. They will have to continue to increase their ASICs performance to be more efficient than whatever the leading computational developers are creating. This market force may incentivize them to distribute their hardware, or at the very least get to distribution more quickly than they would have otherwise. And there are factors that can increase development costs for ASICs. For instance, a growing data size (the 4 gb thing) could force ASIC developers to include expandable memory, so the end user could upgrade their memory as time goes on. Additionally, RandomX could lead to commoditization faster than an ASIC friendly PoW, as absurd as that may seem. Motherboard developers or processor developers could create RandomX co-processors. Presumably, AMD and Intel already make CPUs.... so they are already making hardware that is a bloated RandomX ASIC. they could probably make RandomX-ASICs at some ridiculous So in conclusion, I think that if RandomX works, we should stick with it. I think we also need to consider a reality of ASIC equivalence, where a RandomX ASIC does provide a competitive advantage, but it is an advantage that is market appropriate and is exposed to the existing market dynamics. I think we Now is not the time to throw in the towel. For these reasons and many others stated elsewhere, and as lead troll developer of Monero, I hereby proclaim that Monero continue the fight against ASIC centralization and forever speculate bananas. (edited to undo manual 80 char lines) |
|
Never seen ASIC in any local hardware shop, they are available only in some Internet shop specific ASIC importers with long delivery times or out of order sign. I can buy CPU/GPU in every hardware shop, in any country. Still did not see any valid reason for going ASIC-friendly, aside from long term speculations, theories and conspiracies. x86 centralization.. ASIC companies living in a harmony... give me a break |
Intel and AMD are publicly traded companies and are subject to much higher scrutiny and regulation than semiconductor startups in China. I'm sure their shareholders would not be very happy if Intel decided to for example apply KYC to their CPUs.
The annual mining revenue of Monero is less than $40 million, which is about 0.6% of AMD's annual revenue ($6.5 billion in 2018). AMD can make a lot more money in the server market and their Zen CPUs are already very efficient at RandomX. They have basically nothing to gain from designing specialized hardware for mining. |
|
So what stops anyone from building huge ARM A53 SoC low-power clusters that will leave both AMD and Intel CPU owners in the dust? After all this discussion I still believe if we have many types of commodity hardware competing against each other, we'll have the most robust & healthy mining ecosystem, which could be accomplished with a dual PoW, if executed properly: RandomX for CPUs @tarris034 that was a response to @timolson 's GPU/CPU are the same post (from home miner to megafarm perspective). Please stop commenting every my post if you have nothing useful to add, I'd rather see your post as spam, than mine which is a response to another poster's arguments. |
|
@MoneroCrusher we have already talked about pros and cons of dual PoW and GPU PoW. Now you're just pushing your agenda to extend your mining operation, please stop it as it becomes only spam. You have added nothing to the discussion we already had and this is not private discussion but public so I can and will comment on every spam you make. |
|
ASIC companies shitting their pants and claiming unrealistic designs (Sonia-Chen) on RandomX thread: Grab some popcorn, It's getting hilarious. BTW, her company was recently accused of 51% attack on one of the coins. |
|
Interesting discussion over-there but Sonia`s intentions seem to be shady based on how she will not be on point most of the time. This interview is also interesting: https://www.youtube.com/watch?v=ZZZF4BqIDrk Kristy Leigh Minehan (OhGodAGirl) has some interesting ideas regarding decentralization. I am especial interested if her idea of adapting the Monero PoW to only allow a list of valid CPU/GPU ID I am personally in doubt that those ID`s can not be spoofed but i do not have much knowledge in that exact area. I would love a new topic on this if you guys find it plausible. |
|
@WhyIsThisSoSlow no, using chip IDs is pure garbage. https://twitter.com/hyc_symas/status/1109509488091062272 Most of her suggestions in that interview were garbage. |
Report Links 74% of Bitcoin Mining to China, Sees Threat to Network Going ASIC-friendly will centralize the network, as it was discussed in this thread with pure logic and as seen in real life scenario on other coins which are already ASIC-friendly. ALL (if i'm correct) ASIC companies that are into mining are based in China, that means China companies/citizens got the best deal due to lack of import tax, so any big player who will want best deal will create mining facility in China. Why it's bad ? for once, because we are at the mercy of their government which are known for being brutal in many aspects, not only crypto.
Exactly, she is too smart to make such stupid claims. |
|
@hyc |
Just drop the blockchain part and use SGX. FFS what has the crypto community come to? Pushing for device ID’s and a two-manufacturer CPU duopoly? |
Going this track of thinking the best PoW would be one that signs job with our government issued ID number, just to make sure it's decentralized as much as possible and free of ASIC. |
And 0% of CPU’s are made in China. 100% of CPU’s, both Intel and AMD, are made in the USA or in close allies Israel and Ireland*. I’m starting to wonder whether you actually care about decentralization, or whether you just hate China.
That’s an absurd claim to put in writing... * some fraction of AMD’s new 7nm CPU’s will move to TSMC for the first time in 2020. |
But still, you can buy them anywhere in the world for practically the same price.
Would be hard to hate China as I'm writing on Chinese made keyboard wearing Chinese clothes and eating Chinese food, I'm basically living in China.
Could you link here some proofs of other countries involved in building their own ASIC for mining? |
|
I know of at least two North American mining operations that have cheaper power than anything in China. US ASIC manufacturers include Obelisk and Mineority. Genesis Mining has a big presence in Iceland. Russia is building SHA chips, and GMO of Japan started such a project but cancelled. I also know of a BTC chip being designed in South America... When Venezuela recently had major power outages, the number of BTC transactions dropped significantly: That’s usage not mining, but my point is that cryptocurrency interest and usage is global. This whole “China owns crypto mining” narrative is just not true. Also, no one seems to be distinguishing Taiwan and China. Maybe they reunite someday but currently almost all mining ASICs are made in Taiwan, not China... |
|
This article you quoted has some important points for CPU-lovers to consider:
All of this screams centralized control to me. The US owns CPU’s and is not about to let that dominance go. |
|
@WhyIsThisSoSlow The device ID thing would only work if the only miners in existence were:
This works until the program gets unpacked and reverse engineered. You also kill the decentralized crypto coin with this. How can an expert like her spew garbage like that and exhibit magical thinking to this extreme degree? A bullet intercepting drone mining Monero to pay for itself? WTF? A bullet intercepting drone, WTF? In police CQC environments? And it worked by flying itself into the path of it? What is it made of, how fast is it? Can we make an ERC-20 token for it? |
|
@timolson |
|
This is just getting silly at this point. Its not about where they are made, its about how easy you can get them and how hard would it be for them to get restricted. As you might know Intel/AMD/Any other proper company, have regulations and can not be compared to unregulated private Chinese companies in any way. Your are basically comparing oranges to apples. As long as these mining ASIC are not a commodity, they will be a threat to decentralization and freedom. @JustFranz |
|
Let's also stop talking about Intel/AMD/IBM/Other x86 manufacturer monopoly here, those are big companies competing with each other and at least we know for sure they will not be banned as they are not made for specific usage. |
I do not think any of these will be competitive, assuming RandomX works. We’ll have Intel and AMD and that’s it. I can technically write a CPU in under a month, too, but that doesn’t mean anything. Intel and AMD have vast amounts of IP and patents which not only make their chips fast but also legally prevent competition from entering the CPU market. Even if I knew how to compete with them, AMD and Intel could sue me out of business before I even started. It sounds like you people simply trust AMD and Intel to be nice. WTF? Just admit this is not about decentralization. It’s about keeping it so your home CPU can make a few cents each month. “ASIC’s = bad because I don’t have one.” Think like a large miner who CAN make their own chip. Why would a large miner want their upstream supplier to be pinned to two large US corporations? Never. You’d want control over your supply chain. Which Venezuelan revolutionary is pushing for US control of crypto mining? |
|
@timolson can't find any of the mentioned companies by you having ASIC miner for sale, I have found only some pre-orders. So It's still only one country of origin, also lets not mention Genesis mining here, they have very bad reputation and they couldn't answer me even one simple question what kind of GPU's they are using.
Let's keep it professional and talk about the facts. The intentions could be this or other for everyone in this discussion, it shouldn't really matter. What matters is the security of the network, and still can't see why some unknown small company making simple ASIC chips should be trusted on the same level as Intel/AMD/IBM. The discussion in the linked tevador thread with one of the ASIC manufacturer is not helping their reputation, trying to discourage the development by claiming how easy they can make RandomX ASIC, easier than the one for Bitcoin. |
|
Aslo, all of you should know that there is a post meeting version of this discussion and we should concentrate on the issues brought up in it #321 This one is a mess and should be archived. |
|
How can you not find obelisk? This is literally the first result if you
search for "obelisk ASIC":
https://obelisk.tech
Also, Bitfury is a very large bitcoin ASIC company based in Georgia that
doesn't sell directly to the public, but they work with hut-8 which is a
publicly traded Canadian company that mines with bitfury hardware and
hydroelectric power in Canada.
…On Tue, Mar 26, 2019, 12:52 tarris034 ***@***.***> wrote:
@timolson <https://github.com/timolson> can't find any of the mentioned
companies by you having ASIC miner for sale, I have found only some
pre-orders.
So It's still only one country of origin, also lets not mention Genesis
mining here, they have very bad reputation and they couldn't answer me even
one simple question what kind of GPU's they are using.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#316 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFrhk36sHztXcxC2PWMXCVjAoyD6bJ7Wks5vanpggaJpZM4bqRg6>
.
|
|
I've been on their site, can't find any order option. |
|
@johnny1021 as discussed earlier in this issue, you are describing the status quo. The Monero community already forks to remove ASICs when found. The previous upgrade was moved forward a month to specifically address this. I do not understand how this proposal is different than anything else that MoenroCrusher and others have already suggested ('game theory'). There are many moving parts in an upgrade, more than just changing the PoW algorithm. It's not feasible to expect such quick turnarounds from the Monero ecosystem at its current size, let alone if it grows larger. This leads to undesirable consequences to Monero contributors and the rest of the ecosystem. |
|
@SamsungGalaxyPlayer Sorry, I didn't look through all the comments. Please ignore my suggesion. Sorry for the interrupt. I will delete my comment then. |
|
@dEBRUYNE-1 can you please close this? We can open a new discussion if we want to revisit this for a future upgrade imo. |
ghost
mentioned this issue
and others
This ticket is meant as supplement to #315 as well as a place where ideas can be discussed in more detail and outside of the scheduled meeting(s). As far as I can see, we basically have these options:
Maintain the current tweaking schedule. I think we can all agree this strategy has not worked and is potentially dangerous and should thus be abandoned.
Expedite the current tweaking schedule (e.g. fork every 3-4 months). This would, in my opinion, be unsustainable and thus not feasible. Some services already deem our current 6 month schedule as aggressive. Expediting the schedule may even put us at risk of these services delisting us. We also have to keep in mind a future where the Monero ecosystem grows. The more the ecosystem grows, the more difficult forks will become to coordinate and execute.
Switch to an ASIC friendly algorithm in the next scheduled protocol upgrade. Some people are worried the ASIC (manufacturer) ecosystem has not sufficiently matured yet. Presumably, it will mature further once time passes. Whether waiting is worth the incurred trade-offs is the question though.
Perform one more tweak and switch to an ASIC friendly algorithm thereafter. This would allow the current miners to achieve some ROI, which can presumably subsequently be used to invest in ASICs.
Perform
xmore tweaks and switch to an ASIC friendly algorithm thereafter. This seems like an unwise strategy if we deem the tweaks as a failed strategy.Implement RandomX in October or April (in case it is not ready yet, though it would presumably mean one more tweak). Do not precommit to anything thereafter. I think this strategy would be susceptible to a lot of future controversy to the extent that there will be a contentious debate about the future of the PoW algorithm if specialized devices show up for RandomX.
Implement RandomX in October or April (in case it is not ready yet, though it would presumably mean one more tweak). Precommit to an ASIC friendly algorithm after 1.5-2 years. This would enable ASIC manufacturers to already start designing devices. Furthermore, it would give us time to try to find a company that could publish an open-source design. Additionally, this removes future friction and allows us to focus on the protocol.
Explore a GPU centric algorithm.
Explore dual PoW: e.g. RandomX for CPUs, CryptonightR (with tweaks favoring GPUs) for GPUs. As far as I know Zcash investigated harmony mining and deemed it relatively unsafe insofar as that it would significant raise the attack surface and not add that much additional security.
Game Theoretical approach to ASIC resistance (proposed by MoneroCrusher).
Implement RandomX in October. Precommit to switching to an ASIC friendly algorithm (such as SHA3) in case of failure of RandomX. No further tweaks. // Currently preferred path, as can be seen from here.
I'd personally be in favor of option 3, 4, or 7. I have some reservations about RandomX though, which are as follows:
Increases verification time for nodes, especially for lower end devices. This is predominantly caused by 4GB memory requirement. That is, any device with less than 4GB RAM available will take a large verification performance hit. This, in my opinion, is paradoxical to our ethos where we want everyone to have access to Monero. It would, for instance, making running a node on a Raspberry Pi rather difficult if not completely unfeasible. Lowering the memory requirement significantly would resolve this issue as far as I can see. However, it would also make cryptojacking more attractive.This has been addressed in the new version. Verification time is now approximately similar to earlier versions of CryptoNight.To reiterate, the concept of ASIC resistance, in my opinion, better than ASICs. However, if we cannot viable attain it, the subject should be revisited. Some community members also seem to be venturing into an "at all costs" strategy to preserve ASIC resistance, which is potentially dangerous and may be a net negative for Monero.
The text was updated successfully, but these errors were encountered: