Let’s talk about ASIC mining

I love this topic. It shows the community and its strength.

Ok, so to be clear, the memory utilisation is (mainly) determined by the bitlength of the vectors? So if I have 32 bits for each vector I have a theoretical maximum of 4Gb utilisation (minus search/sort overhead) and tending towards an average normal distribution of finding the solution in half that. It is in the direction of reducing the long process times for searches that I devised BAST between considering new hashchain elements, as it would make the discovery more granular to realtime. Branches don’t need to be stored as full vectors, only the coordinate halves, only ones not yet found to form cycles, and the candidates only need to be stored (as they can’t be sorted) but their coordinates will need to be kept in a tree to find them quickly.

I think cycle length would have some bearing on shifting the normal distribution towards maximum, as inherently a dead-end search would fill all the search/storage/sort data structures towards their theoretical maximum.

How exactly does difficulty adjust for this algorithm, if it’s not cycle or bitlength? Same thing as Hashcash? bit width limit?

What do you think about the idea of changing it to a pure hashchain half collision search, and putting a cap on the chain length? Or did I misunderstand and that’s exactly what it is? Being able to set that limit would cap the size of the solutions that need to go into the blocks.

PS: Rather than wait for an explanation I cast my eyes over the code a few times to try and figure out what it was doing, and now I get why the optimisations were called ‘edge trimmers’. The algorithm, appears to be spewing out a chain of hashes, and then passing over it with a sort and eliminating anything with not two match-ups in a row. Only 1 is not part of a cycle, and more than 2 is branched. I mean, I already gathered that bit. I just didn’t see how it was actually found.

In my Hummingbird design, the network sets a consensus on the maximum cost for verification by prescribing the length (and this is part of the solution block, in the header), and rather than storing the literal edge (vector) values it simply stores their position in the hash chain. In this scheme the same nonce can come up more than once if a deeper search finds a bigger cycle in there that did not close before the previous, but of course the cyclehash will of course be different as it is both longer and will not be composed of the same elements previously found. It would be impractical, though not impossible to store the candidate solutions in a very large database (the cycles that did not close for a given solution) but this likely would not greatly advantage the solver and would grow at a pretty ridiculous rate over time.

Oh, and I realised just now, explaining it, that requiring the hashchain position to be given in the solution it mandates that there would have to be a 1D array that stores the whole chain during the solver round in order to avoid having to recompute. Always nice when you realise these things before you get too far into writing an algorithm. I was still at the point of the search/sort function. Probably this position list can be compressed using a shorter hash function than used for the hashchain also, so for 64 bit hashes, only 32 bits need to be stored for the index references (so the position is implied in the array index). Ok, I need to think through that one a bit more…

No, this is not how protocol upgrades work in Zcash. If you have upgraded your node to support the new protocol, then it will follow the new branch at the activation height no matter what (well, short of some serious problem with the consensus rule design or implementation). Miners can’t do anything to prevent that. They can withdraw their hash power from the new branch or attempt to attack it, but that doesn’t prevent it from being followed by upgraded nodes.

So do I, but to reduce vulnerability to 51% and transaction censorship attacks. Not because they can dictate protocol changes, since they can’t.

No, there isn’t. That comment by @str4d was made in June 2017; the window for including a PoW change in Overwinter or Sapling is long gone. (The Overwinter activation height and consensus rules are already set in the 1.1.0 release which has been tagged, incidentally.)

It seems to me that ASIC mining is brittle which results in misaligned incentives.

Consider that changing a single line of code can render millions of dollars worth of ASICs worthless. By contrast, CPU and GPUs can adapt and survive.

Therefore, ASIC manufacturers and miners have a clear incentive to put pressure on key decision-makers and developers to maintain the PoW status quo.

Today, the community can engage in a robust discussion because GPU miners have options…

I suspect if ASICs ever became entrenched and it was necessary to modify the PoW for some reason, ranging from a bug fix to making work socially useful such as protein folding, the conversation would be extremely difficult and there would be Machiavellian games at play, given that ASIC miners would be in a fight for life or death.

Yes, asics are very brittle, monero just proved this. If there is an equihash asic I am sure that Zcash can do similarly and keep a much larger population of long time enthusiasts on board.

I personally regret not getting into it sooner but being homeless kinda made it hard to get started until it was already a year in.

Let’s just make something clear, people, ASIC makers depend on us. We don’t depend on them. It’s complete nonsense that their ‘solutions’ help anyone, if they don’t address the issue that you have to pay 3x as much for the most basic, nearly out of date model, compared to a regular desktop PC with one video card in it, then you can fairly say that their interest in egalitarian distribution of tokens is clearly not existing.

If that is not at the root of all genuine efforts to propel cryptocurrencies to become competent competitors to fiat then I don’t know what this is all about.

Also if ZcashCo isn’t gonna hear the plight of us GPU miners (and I remember a little over a year ago there was none) well, why would we keep loyalty? Two way street, right?

Remember also this, really if the ASICS are going to lift the bar out of reach of the little guy, sooner or later they are gonna get in trouble because of how much they spread themselves out. I mean, Monero now has literally got 4 new asiccoin forks. Do you think that will work well for these competitors? Zcash has FMA and a move away from a new ASIC that lasts another year will hold userbase. If they don’t, well… Zen, Bitcoin Private, Bitcoin Gold, one of them is gonna stump up.

They can withdraw their hash power from the new branch or attempt to attack it, but that doesn’t prevent it from being followed by upgraded nodes.

Correct, that’s what I meant. They can choose to not upgrade. If the majority of miners decided not to upgrade and the new upgrade is a hard fork, there is precedent in other coins for calling the new fork something else where both continue to exist. Bitcoin Cash as an applicable example: Exchanges decided to continue calling the original Bitcoin “Bitcoin” to reduce confusion rather than considering the larger-block upgrade Bitcoin. Obviously it can get messy, but my point is that a large miner in control of the majority of hashpower can cause problems if they choose not to play nicely.

Zcash is different from Bitcoin/Bitcoin Cash in that it’s development is more centralized, giving the Zcash team an authoritative position, so maybe that would prevent any nomenclature ambiguity issues.

@daira I’m interested in your view on non-mining nodes, and if they actually matter towards protocol decentralization at all. If a non-mining node disagrees, they are just removed from the network, correct?

Apologies in advance for any misunderstanding mixed into my analysis, as a lot of these ideas are influenced by BTC/BCH. Also, this may have gone off-topic, sorry about that as well.

Non mining nodes are important to cryptos only in as far as they distribute the load of distributing the consensus created by mining nodes. They mainly ensure the database is distributed. Miners are the verifiers. And while we are on that topic, Pools essentially act as centralising influences, though they compete for hashpower to keep their position, so, if a pool refuses to add a non-asic fork, and their competitors do, they are naturally gonna lose their power to influence. ASIC producers have much higher capital requirements than mining pools, and thus the balance of power is still fairly strongly in favour of us guys running GPU miners, if a fork happens. ASICS can’t switch with a major change in the computation requirements, GPUs can do it in days.

This doesn’t make sense though because if the non-mining node disagrees, they are the ones booted, not the verifying mining nodes. To be honest I think non-mining nodes are all for show and have no real purpose rather than helping the user have a wallet to interact with the network/create their own z_addrs.

Coins that use Equihash: Zcash, Zclassic, ZenCash, Hush, Komodo, LitecoinZ, VoteCoin, Bitcoin Private, BitcoinZ.

[Edit: as @JKDC and @ZC93 and @bitcartel pointed out, also Bitcoin Gold.]

I never heard of any of those others

and Bitcoin Gold as well!

I might add that Equihash and Lyra2rev2 are the only coins really worth mining if you have Nvidia GPU’s and the Equihash coins are always more profitable than the Lyra2rev2 coins. So I don’t understand the “aligns incentives” argument at all. In a sense us miners that bought Nvidia cards to mine Zcash are already “aligned” to Zcash and equihash since it is the more efficient GPU to mine Zcash.

The only way I see that Nvidia GPU miners would leave Zcash mining and equihash mining is if the value tanks below the Lyra2rev2 coin profitability. It is up to the ZCashCo team to make sure that doesn’t happen! So I don’t get the argument unless Zooko doesn’t believe in his team and his project. One should hedge bets a little, but not so much as when you start to hurt your own project.I just don’t believe that Zooko has studied this enough to make an informed decision. The theory sounds good, but the reality makes his point moot.

You forgot Bitcoin Gold. The only coin on the list that is anywhere near Zcash in profits.

So lets look at CryptoNight, Monero has just blazed the trail for everyone to see:
Monero $187, Bytcoin $0.003, Electronium $0.03, DigitalNote $0.01, Karbowanec $1.08, Sumokoin $1.38, Dinastycoin $0.0005, LeviarCoin $0.037, Dashcoin $0.022, Bipcoin $0.04, Fantomcoin $0.13, QuazarCoin $0.008, and Bitcedi $0.008.

So why did the ASIC miners not just start mining one of these other coins after the hard fork? Why are they mining four new coins created from the fork? Because, that is the only option they have. None of the other CryptoNight coins are worth the time to mine, so they are trying to create a new coin that will compete with Monero. Will this be a problem for Monero? Who knows, time will tell.

Todays ASIC miners are not in it to support the network, or loyalty to a coin, or a Dev team, or even the idea of a decentralized currency at all. They are in it for the profits, and only the profits. They have expenses and cant mine at a loss or they will go out of business.

Today, only the small and hobby GPU miners are in it for any of those more lofty ideals.

But wait, Oh Yeah, that is the exact group that Zooko has made clear he no longer wants to deal with. He wants to work with the ASIC miners that would create a new coin to compete with you in a heartbeat.

So now lets see how things look for Equihash:
Zcash $225.39, Bitcoin Gold $45.05, Komodo $3.16, ZenCash $31.82, Zclassic $4.61, BitcoinZ $0.0035, Hush $0.94, Zero $0.50, Bitgem $9.80, Bitcoin Private $30.82, VoteCoin $0.0097

Bitcoin Gold has more than once been more profitable to mine than Zcash, Bitcoin Private is moving up, ZenCash does not look too bad, Komodo has some interesting tech incorporated into their block chain and could move up.

So a miner with an Equihash ASIC could potentially mine some of these other coins.

So now I must apologize to Mario. While not true for CrypoNight, there are several other coins possible for Equihash, and his statement below is in FACT correct for Equihash.

So for Zcash, there is actually several another Equihash coins worth mining, and one in particular that is usually within range of Zcash, also interestingly enough originating from China (Bitcoin Gold).

You probably already know it but i just wanted to add that +95% of these miners who are mining the split coins, are actually bitmain themselves. These are not some independent mining farms nor are just some random guy in his garage. Even if there might be some average Joe in there who bought an ASIC to go after XMR, then i am sorry to say this, but Joe kind of deserve the drop in profits and should have been mining an asic-pro coin like BCH, BTC, LTC, etc instead of trying to attack XMR.

I disagree on this. I am by no means one of the huge farms out there, but i gladly point my +30 rigs to ZCash because i believe in the coin. I could play it lazy and turn on nicehash, or use an autoswitching algorithm to chase the daily most profit but i don’t because i think this coin has a huge future.

No need for apologies my friend. We are all one community here that is about freedom of thought and freedom of controlling our own money. We should be able to express opinion/disagreements/etc passionately without any real life butthurts lol

Hey, I didn’t mean to say I supported ASIC-resistance! I don’t know if that would be a good idea. I just meant if we were going to change the Proof-of-Work, or make any other major change to the protocol, we couldn’t do so until the Sapling+1 release.

This is a great article!

Was it already posted to this thread? The author comes down on the side of being pro-ASIC, at least for the long-term. It is a really well-written and thoughtful article. Things I learned by reading it: Bitmain gaining such dominance because of the Bitcoin winter killing off its competitors, and now that the cryptocoin spring has come, new competitors are appearing, including Samsung.

One thing we should think through is, if we are going to change the PoW algorithm, we might want to choose something which is both high-memory, and substantially different from any other valuable PoW, so that once specialized miners get developed for the new algorithm, those miners are more specific to Zcash, in order to get the incentive alignment effect.

This runs contrary to a very strong other preference I have, which is to use a well-studied and well-implemented algorithm. Equihash with different parameters would be ideal from that perspective. I want to change the parameters anyway in order to make ZECRelay cost less Ethereum gas.

I wonder if it is possible to “personalize” Equihash in a way that renders (typical?) specialized implementations incompatible with other Equihash PoW coins?

No need for apologies my friend. We are all one community here that is about freedom of thought and freedom of controlling our own money. We should be able to express opinion/disagreements/etc passionately without any real life butthurts lol

Love this. Long-run, a positive an open community will do more for Zcash and for humanity than any PoW algorithm will.

Nope, non-mining nodes are just like mirror servers. @root

And as for whether a more substantial defeat to ASIC builders can be delivered by properly designing a PoW so its advantages of large cache and cheap memory or not, too many people are complacent and defeatist about this. There is definitely ways to slow or maybe even stop ASICs from centralising network consensus. General purpose compute hardware has such huge economies of scale that inside them are contained memory cells that are so fast - if you made a GPU that had 1Gb of on-chip cache, it would eat a whole mining farm of 1080s for breakfast. How to keep the 6-20Mb caches in CPUs always stuffed full of relevant data for the solvers really is almost 100% of the way to solve the problem of PoW and ASICs.

Samsung is only making chips; not rigs. Intel thinking about making chips; not rigs. Japanese company thinking about making chips; not rigs. All of them need manufacturers to sell those chips to in order for rigs to be made by competitors.

I’m simply reminding you of the declaration of ASIC resistance in your white paper. You said, “ASIC resistance” in your white paper for a reason, right?

ON A MORE SERIOUS NOTE: I happen to know you have some VIP’s coming to speak with you at ZCon in Montreal in June to discuss cutting edge technology in regards to mining with chips of 144mb memory on the chip or equivalent.

One of the “VIP’s” I know shared that with me. It makes more sense to me now after I read this other post you made below:

So, it appears you are going to discuss “with VIP’s” a SPECIALIZED miner for ZCash after reading that statement, "…so that once specialized miners get developed for the new algorithm.

If a “SPECIALIZED” miner for ZCash was created, don’t you think BITMAIN would get their hands on one and reverse engineer it? THEN we’re back in the same problem again in regards to one company having POW dominance over another awesome coin once again.

If I’m misunderstanding you on the “Spcialized miner,” please clarify.