Here are a few historical references:
-
“A conclusion is that while Equihash is not among the most ASIC-resistant known PoW schemes, its choice by Zcash may pose a reasonable tradeoff considering Zcash’s multiple goals and depending on which properties of the PoW turn out to be actually most important to users of Zcash. Another conclusion is that Zcash’s current n=200, k=9 Equihash parameters are suboptimal and may need to be changed.”
-
our blog post Why Equihash
“Nevertheless, we can’t know for certain that Equihash is safe against these issues, and we may change the Proof-of-Work again, if we find some flaw in Equihash or if we find another Proof-of-Work algorithm which offers higher assurance.”
By the way, in the context when we wrote that, it was during the Bitcoin Blocksize Debate, when a lot of people were arguing that it was immoral for a cryptocurrency community to ever change anything about a consensus algorithm. We didn’t want people (including miners and ASIC manufacturers) to think that the community would be incapable of changing the PoW again, or to think that there was a social contract that would be violated if we were to change the Proof-of-Work again. It never occurred to me that eventually the public conversation would shift to where some people thought there was a social contract that would be violated if we didn’t change the PoW! Remember back then the whole debate was about whether it was possible or morally acceptable to ever change a PoW. If it had occurred to me that the people (including some of my own employees!) would think the opposite social contract held, then I would have spelled it out and said something like:
“Nevertheless, we can’t know for certain that Equihash is safe against these issues, and the community may collectively decide to change the Proof-of-Work again, if we find some flaw in Equihash or if we find another Proof-of-Work algorithm which offers higher assurance. Or the community may collectively decide not the change the Proof-of-Work again, even if some improvement becomes appealing. You can’t count on the community to not do it, and you can’t count on the community to do it. It will be up to them when the time comes.”
If I get my hands on a time machine, I’m going to go back and change that post to say that, right after assassinating Hitler.
-
User Expectations at Sprout Pt. 1: Slow-Start Mining & Mining Ecosystem
“One of the reasons we chose Equihash is for the ASIC-resistant properties which in theory make the network more accessible to “small” miners who are extremely valuable for providing a market balance to other miners with significantly more capabilities.
While the lasting effect of ASIC resistance is, at least at this stage, unpredictable, the more people participating in mining, the stronger the network will be against any future growing disparity and centralization in mining power.”
-
The Zcash FAQ: Is Zcash proof-of-work? What mining algorithm do you use? Is it ASIC resistant?
“Yes, since launch, Zcash has been based on proof-of-work. Maybe the community will choose to change it to proof-of-stake or something someday. We cannot predict what the community or communities will ultimately decide about such things but are very much open to improvement and evolution.
We are currently using Equihash as the proof-of-work for block mining in Zcash. Equihash is a proof-of-work algorithm devised by Alex Biryukov and Dmitry Khovratovich. It is based on a computer science and cryptography concept called the Generalized Birthday Problem. Please read the Why Equihash blog post for more details.
The algorithm is currently not economically implementable in ASIC. We’re still evaluating whether we think it will resist custom hardware (“ASIC”) implementation long-term.”
-
My answer to Shawn’s question “So then what hardware would be the most cost efficient for mining?”
“To be honest, we don’t know the answer to this. Our goals are to make mining profitable for casual enthusiasts, using hardware that they already own, when it is idle (e.g. your smartphone while it is plugged in overnight). This would be a revival of the original Satoshi Nakamoto vision of a very decentralized network of miners.
However, our actual process isn’t guaranteed to achieve that goal — it is just our current best attempt. Our process is:
-
to study Equihash and ask others to do so in order to minimize the chance of us later being surprised by how much of an advantage people can get from proprietary optimizations or custom-hardware-implementations,
-
implement an optimized implementation for 64-bit CPUs (Optimize Equihash implementation · Issue #857 · zcash/zcash · GitHub)
-
choose final parameters (Select feasible Equihash Parameters · Issue #856 · zcash/zcash · GitHub)
maybe we would consider tweaking the algorithm a little if it seems like there is a really valuable tweak to be made to give more advantages to laptops, tablets, and smartphones (in particular I’m thinking of Solar Designer’s MAXFORM tweak for Argon2d, and also his suggestion to make memory reads come in 1 KiB spans in order to reduce TLB misses for CPUs). But we probably won’t have time to mess with that before launch.
Now, what hardware setup will be most cost-efficient after we do the above, and whether the above will succeed in our goal of rewarding enthusiasts who don’t put in a capital investment, your guess is as good as mine.”
-
Would everyone please, from now on when someone makes an assertion about my or the Company’s previous commitments, link them to this post? Thanks!
(Thanks to Simon for hunting down these historical references for me.)