Coinbase: Safer to ASIC-friendly PoW coins, anti-ASIC will only lead to mining centering

Recently, the digital asset trading platform Coinbase has changed the number of confirmation requirements for the four assets of Bitcoin (BTC), Litecoin (LTC), Large Zero Coin (ZEC) and Ethereum Classic (ETC), among them, BTC The confirmation numbers of ZEC and ETC have all been lowered, and only the LTC confirmation number has been raised. The specific changes are shown in the following table:


What is the reason for this change?

According to the explanation given by Coinbase, this involves the security of PoW coins, and the security level of each PoW currency is different. The security of currencies such as Bitcoin has been improved, so the number of confirmations can be reduced. On the contrary, security The currency with reduced sex needs to increase the number of confirmations.

In this regard, Coinbase security engineer Mark Nesbitt also wrote an article explaining the impact of ASIC on the security of cryptocurrency networks.

The following is the translation content:

Introduction: Workload Proof (PoW)

All cryptocurrencies define the ownership status in the currency network, and in order for the cryptocurrency to be available, there must be a way to update this ownership status. In most existing encryption algorithms, the ownership status is defined by the canonical history of all transactions that have occurred, and is stored by the network node in a data structure called a blockchain. In order to update the ownership status, there must be a way to add the most recent transaction to the transaction history stored in the blockchain.

Different cryptocurrencies add new content to their blockchain in different ways. In cryptocurrencies using the Workload Proof (PoW) Consensus Algorithm, the expansion of the blockchain is done through a process known as mining. The miners bundle the newly announced deals together to form a data structure called a block that is added to the blockchain.

The miner tried to add a block by solving the problem of proof of the workload specific to the proposed block. If the miner can find a solution to the puzzle, the miner will announce the block and its solution to the rest of the network. The rest of the network will identify a valid workload proof solution and treat the proposed block as the latest addition to the blockchain. Please note that the fact that miners can produce a block without permission allows the miners to enter and leave the network at will.

In order to determine the canonical transaction history in the case where the miner may generate multiple valid transaction histories (ie different valid blocks, even valid chains), in the PoW cryptocurrency, we define the blockchain that has accumulated the most work as a specification. Trading history. This consensus rule introduces a basic attribute to the PoW cryptocurrency: any participant who can outperform the rest of the network by finding more workload proofing solutions can unilaterally generate an effective transaction history, while the rest of the network will adopt This history serves as a normative transaction history. (Note: This does not mean that this participant has unlimited power on the network)

This article makes two statements about the security of the PoW cryptocurrency.

Statement 1: For a specific hardware of a certain currency, its main application is mining, which is a security feature.

If the primary application of the hardware loses value, the hardware owner will lose the value of its investment .

Hardware owners are motivated to consider the long-term success of their hardware's main applications, and the longer their equipment lives, the more money they will invest in the long-term success of their main hardware applications. At the time of this writing, as the efficiency of the new model increases, the life of the Bitcoin ASIC miner begins to increase significantly.

This idea is related to the principle of dedicated cost .

The large amount of computing pool outside the field poses a threat to the security of the currency .

Those currencies that do not have active computing power have a high 51% risk of attack.

This is especially important given the above debate about the incentives of hardware owners for their hardware applications. If the hardware owner has other applications besides mining (where the hardware investment can be monetized), the negative impact of the blockchain that destroys the currency is diminished.

The change of the algorithm to "anti-ASIC" will only allow a large amount of general computing resources in the whole world to participate in mining at will, and may destroy the cryptocurrency. For this reason, in practice, those that implement the "anti-ASIC" algorithm are very vulnerable to 51% of attacks. Well-known examples of successful implementation of 51% attacks on ASIC-resistant coins include BTG, VTC, and XVG.

So far, there is no case where the coins supporting the ASIC hardware class have suffered a successful 51% double-flower attack.


Case Study: 51% Attack on Bitcoin Gold (BTG)

In May 2018, Bitcoin Gold (BTG) suffered multiple 51% attacks, resulting in a double-flowered currency worth millions of dollars. After the attack, BTG developers announced the change of BTG's PoW algorithm to Equihash-BTG:

“Because Equihash-BTG is not compatible with existing conventional Equihash computing pools, we will be in a separate workload pool, which means that BTG will dominate the computing power of this new PoW algorithm, which is for BTG. "Personalized", which adds a layer of incompatibility with other coins that move to the <144,5> parameter set (such as BTCZ)"

This is a very interesting statement. BTG developers acknowledge the importance of computing power, but they came to the wrong conclusion: controlling hash algorithms is important, not focusing on hardware that generates computing power. Unless the hardware that produces computing power is primarily used to dig coins, anything that is not a "personalized" for BTG. Miners with common hardware in other currencies can change the mining algorithm at will, allowing the hardware to dig BTG without new investment.

Assertion 1 Summary:

The only way PoW coins can substantially reduce the risk of attack by 51% is to become the main application of related mining hardware. The coins that are mined on widely available general-purpose hardware such as CPUs and GPUs lack this primary security feature.

Assertion 2: Using ASIC-friendly algorithms will improve manufacturing and ownership diversity

No algorithm will be ASIC-proof, they are just ASIC-resistant .

For any particular computing problem, hardware that specifically addresses the problem is always more efficient than general purpose hardware. In addition to the benefits of writing application-level logic directly to the circuit, dedicated hardware does not need to withstand other requirements of general-purpose hardware, such as security isolation, clock interruption, context switching, and other tasks required to support multiple applications. Therefore, no PoW algorithm can eliminate ASICs, they can only resist ASIC.

From an empirical point of view, anti-ASIC algorithms have not succeeded in preventing the development of ASIC. Prominent examples include scrypt (LTC), equihash (ZEC, BTG), ethhash (ETH), and cryptonite (XMR).

Anti-ASIC algorithms effectively increase the difficulty of building an effective ASIC miner. The natural consequence of this is that they need to invest more money and expertise before chip makers can produce an effective ASIC.

Therefore, anti-ASIC algorithms will only increase the barriers to entry into the ASIC market. This has led to the tendency of mining hardware manufacturing to concentrate, and this is in fact contrary to the original intention of anti-ASIC algorithms!

Instead, our goal should be to choose an algorithm that is both cheap and easy to manufacture. This will cause the ASIC to be actually a commodity that does not require expertise or a moat. This leads to a diversity of manufacturers, a greater incentive to encourage the diversity of owners/operators, and ultimately a more likely decentralization of the mining network.

When developers choose an anti-ASIC algorithm, they provide a competitive motive for chip developers, and chip developers will eventually build ASIC hardware for their algorithms.

Case Study: Monroe's regular algorithm adjustment

Monero's development team has implicitly acknowledged the fact that algorithms can't be ASIC-proof, but just ASIC-resistant. They seem to realize that trying to develop a silver bullet ASIC certification algorithm designed to permanently prevent the development of ASIC will not be effective. Instead, they decided to adjust the Monro PoW algorithm every six months in order to suppress the enthusiasm for creating dedicated hardware by quickly making it obsolete.

This strategy underestimates the ability of talented hardware designers to quickly develop new chips. For a highly skilled chip designer, it is almost certain that it can master a development process that can be tailored to the strategy of the Monroe developer. This will force a small group of closely guarded Monroe developers to try a high-risk, highly confidential cat-and-mouse game to hide their algorithmic plans, and this is a violation of this circle of trust for any member of this group. Leaking information to chip makers provides tremendous economic incentives. For an unlicensed world currency, the criticality of the group's decision-making and its extreme trust is not a good feature, and it can be said that this will create a more centralized risk than the miner's centralization risk. .

The limitations of this strategy are already obvious. It is foreseeable that on the XMR network of three different versions of the algorithm, we have seen the success of ASIC.

Ambition is only important if it is achievable.

The vast majority of arguments that support ASIC resistance are accompanied by a statement: “Make sure the network is not under the control of a few people.”

This is naturally an excellent goal, and it is critical to ensuring that the digital currency fulfills its promise.

But in fact, when the actions taken in good faith are more harmful than good, all goodwill in the world is completely irrelevant. Ironically, those coins that implement anti-ASIC algorithms will eventually be centrally controlled by larger miners.

Assertion 2 summary:

The only achievement of anti-ASIC algorithms is to increase the cost and expertise required to create an effective ASIC. This in turn means that any PoW coin of great value will eventually be mined by ASIC, which in turn leads to a high concentration of mining, as successful ASIC manufacturers will have a highly competitive moat.

to sum up

Encrypted currencies do not provide a fully equal system, nor can they eliminate the advantages offered by all power structures or additional resources. Compared to the current opaque, manual, and error-prone financial systems, cryptocurrencies have indeed made tremendous progress. It is vital to actively defend your principles when trying to change the world. However, it is equally important not to make an illusory perfect system an enemy of a good system that can be realized.

As digital assets mature, participants must ask themselves whether the industry will be protected by enthusiasts who run old laptops at home, or whether it will be like almost every other important effort in human history. Large-scale self-interested groups that invest large amounts of resources have advanced on a large scale. Every large-scale professional industry uses specialized equipment, and the idea that cryptocurrency mining should be different is naive.