The released technical brief says "SHA256, used in Bitcoin, has a number of technical shortcomings due to its Merkle–Damga ̊rd construction. These vulnerabilities led to the SHA3 competition for a new hash function based on a different fundamen- tal construction. Decred has chosen BLAKE256 as its hash function, a finalist for the competition [17][18]. The hash function is based around a HAIFA construction that incorporates a variation of the ChaCha stream cipher by Bernstein. The hash function is notable for its high performance on x86-64 microarchitecture, being faster for short messages than SHA256 [19] despite being considered to have a much higher security margin at 14-rounds. " How much faster (hash rate per watt) compared to GPUs can ASICs become when this hash function has high performance on ordinary x86-64? I guess that it's inevitable that ASICs will be faster than our ordinary GPUs, but will it become pointless to be mining using your ordinary GPU, just like it's for SHA256?
As soon as it becomes economically feasible for ASICs to be created, they will be created. This is true regardless of the algorithm used. Some algorithms certainly make it more expensive to create ASICs, but that doesn't change the underlying fact that ASICs are inevitable for any successful and valuable token the moment it becomes economically feasible for them to exist.
What makes Decred less centralised than Bitcoin if eventually a small amount of miners would have the most hash power? Is PoS voting making the difference?
See the Proof of Activity paper for an in-depth treatment of how the hybrid system affects decentralization.
I remember GPU minning in bitcoin. You could made 300Mh/s with a good GPU and over 600Mh/s with the expensive one. Then ASICs appeared and you could have the same power as a good GPU with a little USB stick.
I have been thinking/reading about this and it is a real problem. Centralization itself degrades the security of the currency. To some extent, PoS will address some of the problems that BTC is now experiencing; however, as is described in PoA paper, PoS can be gamed. Maybe it is possible to prevent ASIC development by using some good old-fashioned Game Theory. Is it not the case that some form of an assurance of a change to the algorithm could prevent any investment in ASICs? In other words, it could be written as an amendment to the Decred Constitution that development of the first ASIC would trigger a small change in the code to "break" the ASIC and waste the substantial capital investment required. All small miners could easily download the files and be back up and running in 10 minutes. Then no ASICs, right? Lastly, I am not sure if it is possible to know for certain when an ASIC comes online. In case it is impossible, maybe a periodic small change could be built in to do the trick - a preemptive measure.
ASIC's, or sleds of GPU's, what's the difference? If you have the money, you'll buy as much as you can get your hands on if you want to mine those coins. My GPU does about ~375 MH/s and I see I'm on the low end on the DCR pools. Am I willing to put in money to get the GPU sleds? Maybe. I'm not sure how preventing ASIC's from taking over will keep things in check. I have 5 ASIC's, and I'm still on the low end on the BTC or other SHA256 pools. Why? Because I don't have the deep pockets for that investment either, but corporate mining still does.
GPUs can be purchased anywhere on this planet, immediately, free market. Their availability is not monopolized. The GPU manufacturers don't take your money to mine coins and later send you an outdated electric heater, while they build the biggest farm of GPU miners to dominate the coin. That's the difference to the ASIC thing. Read through Bitcoin history if you haven't been around at that time. There is nothing wrong about people with more money being able to buy more GPUs. For the same reason people with more DCR can buy more PoS tickets. It's not one vote per person or one GPU per person. The problems start when a cartel forms who has exclusive access to the mining hardware. And that's what happens when a coin goes ASIC. Bitcoin totally FUBAR in this regard and since it has no governance model like DCR's and the mining cartel can dictate, it is even more FUBAR.
I like your explanation, so what happens when these cartels get the Blake256 14 round ASIC's? If they refuse to sell them to the general public the DCR community can vote to change the algo?
Exactly, I have only seen two ways to keep mining profitable/accessible for common people. First is to change the algo if there is a chance of centralization via ASICs and second is to use memory hard algos like cryptonote coins do. GPUs are the only devices that give a coin reasonable decentralization & security balance. Its a hard thing to maintain as if you push too strongly towards memory hardness then you have bots waiting for you(e.g. scrypt-jane/chacha algos) and on the other hand is Bitcoin with most secure and possibly most closed & centralized mining. I think coins like DASH & XMR have got it right but then they have not yet seen the price rise like Bitcoin. Also recently we have seen the first X11 ASICs. I think its a hard problem to solve as people are greedy and profit still trumps ethics & decentralization. In an ideal world every one would be using 100GH miners on p2pool. I am interested in DCR because it is trying to solve this mining & governance problem with Hybrid PoW/PoS but its success again depends on community and i mean 10s of thousands of people, rather than few 100 of us, thinking for themselves & participating. I am looking forwards to more detailed voting structure & process in the future and excited for first vote on a critical issue. Bitcoin's current state is reflection of what community of involved people wanted and that is why i say everything depends on what we do as a community.
Seems that a shifting Algo is the easy answer. The main question then is how to administrate the change, when/if necessary. My idea is to separate the network into halves. This would facilitate a complete migration with no more than half the network going down at any one time. Once half shifts, the main Algo shifts and the second comes online. The main point here is that as long as the shift is feasible, it will never be necessary. The assurance of the shift alone will prevent investment in the development of ASIC.
I dont think that is how it works, each block needs whole n/w to agree so the HF occurs at one block only and with size of mining n/w becoming bigger needs to be decided well in advance. I agree that if there is a feasible chance of changing the algo ASICs will remain away but as n/w & ecosystem goes past a certain size, abrupt change in algo becomes unfeasible as there is a chance of more than one chain existing during fork and coins being lost.
I see. That makes sense. It does seem like it may be worth figuring out though. Thanks for your thoughts on it.
We need to be innovative. It's paramount that we prevent centralisation due to ASICs in a scaleable way. If not, then Decred will be a feeble currency. If Bitcoin succeeds then there is no use of Decred and if Bitcoin fails due to centralisation then Decred will also fail. The coin holders are in control and we need to use that mechanism to prevent ASICs. If we cannot figure out a scalable way then that control is IMO useless. My two cents: What about having two PoW algorithms and switching one of them periodically? The switch carries out gradually so during the switch we have three algorithms (the main algorithm, the decremented one and the new one). The second algorithm will be relatively easy to solve but it must be solved or the mined block won't be accepted by PoS. The result of the second algorithm are dependent on the first algorithm's result in a way so that it's computations must be done on the asic/gpu.
This may sound insane to a Dev; but, would it be possible to program a periodic change into the Algo that would be predictable (in order to prevent dual chains) but still render ASICs impossible?