1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
|
Return-Path: <gmkarl@gmail.com>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 8397BC016F
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 24 May 2020 09:05:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id 6ACFC87614
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 24 May 2020 09:05:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id F1QTzwCr2jOt
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 24 May 2020 09:05:15 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-il1-f179.google.com (mail-il1-f179.google.com
[209.85.166.179])
by whitealder.osuosl.org (Postfix) with ESMTPS id 1588A87610
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 24 May 2020 09:05:15 +0000 (UTC)
Received: by mail-il1-f179.google.com with SMTP id j3so14851479ilk.11
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 24 May 2020 02:05:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=EKadONyJYR0oGtaFhyRpTj/h66EHm1czkHXLwa4Dc6A=;
b=ACoqIbzfu8rM96oFDvZ/9SF7y3QoiS5W3JO0MjqGuCiz5EDakOXuAkNFk51uY54wws
ydNwmLCYNfjj5GjepBt4JlHhMpV0oBkqYzMQ0IPHeBBVTtr4xyn2t1ONjvnL7WJBLgLd
1AuW+t2H12mTSu1w74mMWOpnJZPBgsNHrORIryVrXD/hURVt6L7ekjbfX4z877aUQ3LB
z/wG1sqBIsOLSSjQtvTJ314bpWKc+kpiCWYA7iRG+D7KI9KrPEVhbrbXyUsO1/FVjT9J
+UdQj8P7/gUL8HjAcTpEcyd0EGaaln3m9tX32SlZv6PPOqfpAD1/rKSZwLl0RGMKVA+s
nbFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=EKadONyJYR0oGtaFhyRpTj/h66EHm1czkHXLwa4Dc6A=;
b=ZIYXnYbkxpXkJ+iLGbyevllnCnQf82ER49BKdKy1/cc12mWU3MdL8TuFSGpsb/4aPy
rb5zw78LH3u5wWfR1nBUunne1NIX5mMmVkA0hTO3AP0tbxVBHdiZ5kHRb1vnRlU/MtMW
nx86pbfXmIo7mdyIRY1+12Y74Y6NaWOhCLSyfq8MG7TVDBqsf4B2aAH52xlX5Lxpv3FB
QIwa0kbyGkw+z1On5lUg/8Ls0d8ktgirvWQ6GUgzEiewNk5P1AcGs3eyUhDuNy7VSsEH
4ERAbTgsJy2K+gSvvrlBNjhs2xEXS76QYkvlm7jeabOKBE0ZA5sGJ6bqlMAGV9PDh8kB
I6WA==
X-Gm-Message-State: AOAM532n5t1HjNesLUmd/X5+kPEumIIR6MRmcjiGTxNbcg5yZybPqtYs
5Da/vv4B2teikhjdkKzoQkzVJResSTegDAcrAyk=
X-Google-Smtp-Source: ABdhPJyhE/Q51/DHvOf8PbhsWslAfnZRsSfblV0FlN+JxRCoIURh5uz1br1ALTD5uTCUtXwl353ju4Q2aVgraAUQ3CE=
X-Received: by 2002:a05:6e02:973:: with SMTP id
q19mr20521360ilt.164.1590311114284;
Sun, 24 May 2020 02:05:14 -0700 (PDT)
MIME-Version: 1.0
References: <mailman.2587.1590231461.32591.bitcoin-dev@lists.linuxfoundation.org>
<CALL-=e4Eg=iRbZOV+SAzn3_NhZrS-QviDgZdSmxLQTLvoMduPw@mail.gmail.com>
<k4J1fJMk2ySTLdlj8RgYxgb4_U3gtRH65Au5FLsCsVZPiEBRKU1cqy_S--2IxiRUGI1-5P1SMZkxnwlBf8YJ8ZQM_AM7jeuA6Y6dpT9jwi0=@protonmail.com>
In-Reply-To: <k4J1fJMk2ySTLdlj8RgYxgb4_U3gtRH65Au5FLsCsVZPiEBRKU1cqy_S--2IxiRUGI1-5P1SMZkxnwlBf8YJ8ZQM_AM7jeuA6Y6dpT9jwi0=@protonmail.com>
From: Karl <gmkarl@gmail.com>
Date: Sun, 24 May 2020 05:02:59 -0400
Message-ID: <CALL-=e6_hrT9W2j73==cyX4Q=yt+guJn7RSgW1quA4JAgjD42w@mail.gmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Content-Type: multipart/alternative; boundary="0000000000000ca3c005a661292a"
X-Mailman-Approved-At: Sun, 24 May 2020 20:26:46 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] hashcash-newhash
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 09:05:16 -0000
--0000000000000ca3c005a661292a
Content-Type: text/plain; charset="UTF-8"
Hi ZmnSCPxj,
Thanks for your reply. I'm on mobile so please excuse me for top-posting.
I'd like to sort these various points out. Maybe we won't finish the whole
discussion, but maybe at least we can update wiki articles like
https://en.bitcoin.it/wiki/Hashcash#Cryptanalytic_Risks with more points or
a link to conversations like this.
Everything is possible but some things take a lot of work.
You mention ASICs becoming commoditized. I'd remind you that eventually
there will be a public mathematical breaking of the algorithm, at which
point all ASICs will become obsolete regardless. Would you agree it would
be better to prepare for this by planning algorithm change?
You mention many coordinated hardforks. Would you agree that if we came up
with a way of programmatically cycling the algorithm, that only one
hardfork work be needed? For example one could ask nodes to consent to new
algorithm code written in a simple scripting language, and reject old ones
slowly enough to provide for new research.
You mention the cost of power as the major factor influencing decentralized
mining. Would you agree that access to hardware that can do the mining is
an equally large factor? Even without ASICs you would need the physical
cycles. Including this factor helps us discuss the same set of expected
situations.
You describe improving electricity availability in expensive areas as a way
to improve decentralization. Honestly this sounds out of place to me and
I'm sorry if I've upset you by rehashing this old topic. I believe this
list is for discussing the design of software, not international energy
infrastructure: what is the relation? There is a lot of power to influence
behavior here but I thought the tools present are software design.
On Sat, May 23, 2020, 9:12 PM ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:
> Good morning Karl,
>
> > Hi,
> >
> > I'd like to revisit the discussion of the digest algorithm used in
> hashcash.
> >
> > I believe migrating to new hashing algorithms as a policy would
> significantly increase decentralization and hence security.
>
> Why do you believe so?
>
> My understanding is that there are effectively two strategies for ensuring
> decentralization based on hash algorithm:
>
> * Keep changing the hash algorithm to prevent development of ASICs and
> ensure commodity generic computation devices (GPUs) are the only practical
> target.
> * Do not change the algorithm, to ensure that knowledge of how best to
> implement an ASIC for the algorithm becomes spread out (through corporate
> espionage, ASIC reverse-engineering, patent expiry, and sheer engineering
> effort) and ASICs for the algorithm are as commoditized as GPUs.
>
> The former strategy has the following practical disadvantages:
>
> * Developing new hash algorithms is not cheap.
> The changes to the hashcash algorithm may need to occur faster than the
> speed at which we can practically develop new, cryptographically-secure
> hash algorithms.
> * It requires coordinated hardforks over the entire network at an
> alarmingly high rate.
> * It arguably puts too much power to the developers of the code.
>
> On the other hand, the latter strategy requires us only to survive an
> intermediate period where ASICs are developed, but not yet commoditized;
> and during this intermediate period, the centralization pressure of ASICs
> might not be more powerful than other centralization pressures
>
> --
>
> Which brings us to another point.
>
> Non-ASIC-resistance is, by my understanding, a non-issue.
>
> Regardless of whether the most efficient available computing substrate for
> the hashcash algorithm is CPU, GPU, or ASIC, ultimately miner earnings are
> determined by cost of power supply.
>
> Even if you imagine that changing the hashcash algorithm would make CPUs
> practical again, you will still not run it on the CPU of a mobile, because
> a mobile runs on battery, and charging a battery takes more power than what
> you can extract from the battery afterwards, because thermodynamics.
>
> Similarly, geographic locations with significant costs of electrical power
> will still not be practical places to start a mine, regardless if the mine
> is composed of commodity server racks, commodity video cards, or commodity
> ASICs.
>
> If you want to solve the issue of miner centralization, the real solution
> is improving the efficiency of energy transfer to increase the areas where
> cheap energy is available, not stopgap change-the-algorithm-every-6-months.
>
>
> Regards,
> ZmnSCPxj
>
>
> >
> > I believe the impact on existing miners could be made pleasant by
> gradually moving the block reward from the previous hash to the next (such
> that both are accepted with different rewards). An appropriate rate could
> possibly be calculated from the difficulty.
> >
> > You could develop the frequency of introduction of new hashes such that
> once present-day ASICs are effectively obsolete anyway due to competition,
> new ones do not have time to develop.
> >
> > I'm interested in hearing thoughts and concerns.
> >
> > Karl Semich
>
>
>
--0000000000000ca3c005a661292a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">Hi ZmnSCPxj,<div dir=3D"auto"><br></div><div dir=3D"auto"=
>Thanks for your reply.=C2=A0 I'm on mobile so please excuse me for top=
-posting.</div><div dir=3D"auto"><br></div><div dir=3D"auto">I'd like t=
o sort these various points out.=C2=A0 Maybe we won't finish the whole =
discussion, but maybe at least we can update wiki articles like <a href=3D"=
https://en.bitcoin.it/wiki/Hashcash#Cryptanalytic_Risks">https://en.bitcoin=
.it/wiki/Hashcash#Cryptanalytic_Risks</a> with more points or a link to con=
versations like this.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Ev=
erything is possible but some things take a lot of work.</div><div dir=3D"a=
uto"><br></div><div dir=3D"auto">You mention ASICs becoming commoditized.=
=C2=A0 I'd remind you that eventually there will be a public mathematic=
al breaking of the algorithm, at which point all ASICs will become obsolete=
regardless.=C2=A0 Would you agree it would be better to prepare for this b=
y planning algorithm change?</div><div dir=3D"auto"><br></div><div dir=3D"a=
uto">You mention many coordinated hardforks.=C2=A0 Would you agree that if =
we came up with a way of programmatically cycling the algorithm, that only =
one hardfork work be needed?=C2=A0 For example one could ask nodes to conse=
nt to new algorithm code written in a simple scripting language, and reject=
old ones slowly enough to provide for new research.</div><div dir=3D"auto"=
><br></div><div dir=3D"auto">You mention the cost of power as the major fac=
tor influencing decentralized mining.=C2=A0 Would you agree that access to =
hardware that can do the mining is an equally large factor?=C2=A0 Even with=
out ASICs you would need the physical cycles.=C2=A0 Including this factor h=
elps us discuss the same set of expected situations.</div><div dir=3D"auto"=
><br></div><div dir=3D"auto">You describe improving electricity availabilit=
y in expensive areas as a way to improve decentralization.=C2=A0 Honestly t=
his sounds out of place to me and I'm sorry if I've upset you by re=
hashing this old topic.=C2=A0 I believe this list is for discussing the des=
ign of software, not international energy infrastructure: what is the relat=
ion?=C2=A0 There is a lot of power to influence behavior here but I thought=
the tools present are software design.</div><br><div class=3D"gmail_quote"=
dir=3D"auto"><div dir=3D"ltr" class=3D"gmail_attr">On Sat, May 23, 2020, 9=
:12 PM ZmnSCPxj <<a href=3D"mailto:ZmnSCPxj@protonmail.com">ZmnSCPxj@pro=
tonmail.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Good mor=
ning Karl,<br>
<br>
> Hi,<br>
><br>
> I'd like to revisit the discussion of the digest algorithm used in=
hashcash.<br>
><br>
> I believe migrating to new hashing algorithms as a policy would signif=
icantly increase decentralization and hence security.<br>
<br>
Why do you believe so?<br>
<br>
My understanding is that there are effectively two strategies for ensuring =
decentralization based on hash algorithm:<br>
<br>
* Keep changing the hash algorithm to prevent development of ASICs and ensu=
re commodity generic computation devices (GPUs) are the only practical targ=
et.<br>
* Do not change the algorithm, to ensure that knowledge of how best to impl=
ement an ASIC for the algorithm becomes spread out (through corporate espio=
nage, ASIC reverse-engineering, patent expiry, and sheer engineering effort=
) and ASICs for the algorithm are as commoditized as GPUs.<br>
<br>
The former strategy has the following practical disadvantages:<br>
<br>
* Developing new hash algorithms is not cheap.<br>
=C2=A0 The changes to the hashcash algorithm may need to occur faster than =
the speed at which we can practically develop new, cryptographically-secure=
hash algorithms.<br>
* It requires coordinated hardforks over the entire network at an alarmingl=
y high rate.<br>
* It arguably puts too much power to the developers of the code.<br>
<br>
On the other hand, the latter strategy requires us only to survive an inter=
mediate period where ASICs are developed, but not yet commoditized; and dur=
ing this intermediate period, the centralization pressure of ASICs might no=
t be more powerful than other centralization pressures<br>
<br>
--<br>
<br>
Which brings us to another point.<br>
<br>
Non-ASIC-resistance is, by my understanding, a non-issue.<br>
<br>
Regardless of whether the most efficient available computing substrate for =
the hashcash algorithm is CPU, GPU, or ASIC, ultimately miner earnings are =
determined by cost of power supply.<br>
<br>
Even if you imagine that changing the hashcash algorithm would make CPUs pr=
actical again, you will still not run it on the CPU of a mobile, because a =
mobile runs on battery, and charging a battery takes more power than what y=
ou can extract from the battery afterwards, because thermodynamics.<br>
<br>
Similarly, geographic locations with significant costs of electrical power =
will still not be practical places to start a mine, regardless if the mine =
is composed of commodity server racks, commodity video cards, or commodity =
ASICs.<br>
<br>
If you want to solve the issue of miner centralization, the real solution i=
s improving the efficiency of energy transfer to increase the areas where c=
heap energy is available, not stopgap change-the-algorithm-every-6-months.<=
br>
<br>
<br>
Regards,<br>
ZmnSCPxj<br>
<br>
<br>
><br>
> I believe the impact on existing miners could be made pleasant by grad=
ually moving the block reward from the previous hash to the next (such that=
both are accepted with different rewards).=C2=A0 An appropriate rate could=
possibly be calculated from the difficulty.<br>
><br>
> You could develop the frequency of introduction of new hashes such tha=
t once present-day ASICs are effectively obsolete anyway due to competition=
, new ones do not have time to develop.<br>
><br>
> I'm interested in hearing thoughts and concerns.<br>
><br>
> Karl Semich<br>
<br>
<br>
</blockquote></div></div>
--0000000000000ca3c005a661292a--
|
