Let’s talk about ASIC mining

It doesn’t matter about the poll, fearless leader has spoken! Zooko does not care if Zcash is ASIC resistant or not. All doubts about it should now be removed.

The clock has been moved forward to 1 minute until midnight

Zooko wrote recently on #zcash-dev:

“ZcashCo engineers have recently been chatting about mining decentralization, including such ideas as changing the Equihash params, switching to a different PoW algorithm, making non-outsourceable PoW, switching to PoS, etc… My current position is that our mission is best served by improving the security, scalability, and usability of the product for end users, and that mining-decentralization is a struggle that is impossible to win in theory, and is long since lost in practice, and it is a distraction to worry too much about it. Instead I think we should design protocols which are censorship-resistant and user-protecting (and usable and scalable) even when there is only one miner in the world.”
https://chat.zcashcommunity.com/channel/zcash-dev?msg=nz8oEHyACF3CHQ6HH

I do want to change the Equihash params anyway

This looks like something that the community might achieve consensus on.

Change parameters to increase memory hardness and reduce proof-size.

Leave aside the question whether further changes are required beyond that at a much later horizon.

@JKDC I don’t see what that thread has to do with this topic. Accusations of a 51% attack by Bitmain in that thread are speculation.

100% agree on this and I would say: let’s make it happen people!

I believe every miner here has a feeling that they’re equihash ASIC miners out somewhere and changing the POW algoryhtm would give direct feedback and knowledge of their existstance…

And IF a substantial part of the newtwork is ASIC right now it would be good to implement some schedule equihash upgrade (every 6 months/1 year) to discourage any future ASIC constructor… I’d personally prefer 1 hardfork a year over than finding out ASICs are around…

A few of the people that correctly talked about the ETH ASIC months ago(code name was F3) only to have it official confirmed with a consumer name of E3, have said they definitely know there is ASIC running zCash and others. They have be tracing block rewards and using other inside sources. There is still talk that there are new FPGA out there that will be reprogrammed at each fork. They are just working to bring the costs down. Xilinx has also said their FPGA will be good for multi algos I believe.

It may not be Bitmain itself but the people are using their ASIC miners. That is why it is relevant. If enough ASIC equipment gets concentrated in one or a few hands they can use it to attack a network for various reasons.

The idea of a yearly friendly Fork upgrade, though it wouldn’t stop asic development, would certainly decrease its practicality. It’s discussed in the most recent seminar as a way to scale and maximize the randomness where old zcash versions of coins would eventually deprecate and could only be spent forward to the new version (effectively forking the chain but not the community). It would set a known time limit for anybody who wanted to figure out how to a Asic mine zcash, produce the Asic miners, mine with Asic Miners, and then sell the Asic miners before the next Fork depreciation. (It also starts a new Merkle tree and a maximalized address pool for security) The seminar is on the price speculation thread, and certainly helped me out with understanding exactly what this friendly Fork thing was all about. (Zookos in the future a lil bit)

Edit- the recent talk of a coming ethereum Fork is most certainly the reason that the Ethereum Asic Miner was released

Heres that seminar, its really good, a lot of review for some but there’s a few funny moments, not just a boring lecture
Edit- also, yearly is arbitrary time frame, there are no set fork times yet after sapling, and also I believe the friendly Fork is still in early proposal

Currently liquidating my farm’s hardware used for ZEC and replacing with XMR rigs. With XMR switching to CryptoNightV7, we have a crystal-clear indicator which crypto wants our support.

I’ve been supporting ZEC since ever since I started mining… but with his recent tweets… I’m having my doubts in it… and trust me, it hurts me to say that.

I haven’t read these tweets but I know India is a strange place, hot and humid, weird food, people everywhere, tigers, and then a work schedule on top of jet lag. Pretty demanding, id wanna see some sights, not talk to people about asics
Again

What if what is out there is not a true ASIC? What if it is like the E3 and can do many coins? What if it is a FPGA that is cost effective, has more memory, and can be easily reprogrammed for each new fork?

Well the final result of the informal Twitter Poll is in:

Screenshot_2018-04-04-09-57-17-11414×1129 198 KB

It’s clear that this is a controversial subject but I think many people are over-reacting to this. Saying things like “I’m selling my Rigs!” “goodbye Zcash!” or “Zookos breaking his promise” aren’t helping further the ASIC discussion and may in fact have the opposite effect.

Think of it as if you were running a team of Developers working on a project. Zcash is very complicated and has cutting edge math that absolutely cannot afford to be broken or screwed up. If the protocol breaks and users lose the Privacy of thier transactions then it is Game Over and Zcash may never be able to recover. So in that respect, I agree with Zookos reasoning the protocol is paramount to the success of Zcash.

Zcash Company is still a small team of engineers (even though they were just able to hire a few more) so diverting resources (now) to battle a theroritical ASIC that may not actually exist is a waste of time compared to the other immediate priorities like Overwinter and Sapling.

As I mentioned in my first post in this thread I am concerned that an ASIC manufacturer who controls a large portion of the network would open the door for an unwanted party to have influence on Zcash. If this can be avoided without sacrifices to the main protocol development then I would advocate for a change in the Equihash parameters to send a message that Zcash is not completely opposed changing the PoW. This alone may be enough to discourage ASIC development.

From my limited understanding of the subject, and based on @str4d s comments on GitHub:

We are now planning several hard forks (HF0 followed by the Sapling upgrade), and will therefore be changing consensus rules, as well as potentially data formats (e.g. #2071). Thus changing or extending the PoW can be done either in concert with another change, or during its own hard fork (via whatever mechanism we introduce with HF0)

So there may still an opportunity to make an adjustment to Equihash to coincide with upcoming hard-forks. If this is possible and doesn’t distract from the main priority then why not use it? If changes to the PoW only happens with already scheduled forks it wouldn’t be reactive, it would be proactive.

Interestingly, we already have a Fork of Zcash (zerocurrency) that changed the Equihash parameters to 192, 7 instead of 200, 9 to make it harder to mine that we can benchmark: Equihash parameters · Issue #2 · zerocurrency/zero · GitHub

So, would that kind of tweak be effective at discouraging the development of ASICs? (Maybe?) Would it still be contoversial because there are GPUs/miners/rigs that would be rendered no longer useful? (ie cards with less than X amount of RAM). What Equihash numbers are “right” for which cards?

These are the kinds of questions that should be evaluated in a clear and level headed way. If the community were able to find some concrete results then they could be presented and discussed with the developers.

Would it still be contoversial because there are GPUs/miners/rigs that would be rendered no longer useful? (ie cards with less than X amount of RAM). What Equihash numbers are “right” for which cards?

Those cards still have resale value and can be re-purposed to mining other coins or assisting in other activities such as distributed processing e.g. protein folding.

Personally, I fully support ASIC resistance.

This was a scheduling and technical risk decision: we don’t have time or sufficient headroom in the complexity+risk budget to change the PoW in Sapling.

For the record, I’m strongly in favour of changing the Equihash parameters to increase memory requirements (which incidentally makes verification more efficient), possibly in the next upgrade after Sapling. The current parameters were chosen before the development of optimised Equihash implementations that happened just before launch, so they’re definitely not ideal. I’m also in favour of researching other ASIC-resistant PoW algorithms as potential replacements in case just changing the Equihash parameters turns out not to be sufficient.

I find the centralization of mining in Bitcoin to be alarming and a serious security vulnerability. I’ve never been convinced by the argument that investment in mining equipment provides adequate incentives not to exploit the network. Consider for instance that a government could take over any majority miner in an instant, and many governments have demonstrated animosity to the whole idea of decentralized currency. If we thought this argument was a basis for an acceptable security model, why would we be using PoW (with the attendant gross environmental cost), rather than a centralized sale of mining rights by the developers of a coin to the highest bidder?

We haven’t done as well in avoiding mining pool centralization in Zcash as I’d hoped. That is a security problem, but it’s a potentially solvable one, and I believe the situation would be very much worse with ASICs.

The fact that Zcash was originally presented strongly as having an ASIC-resistant PoW, and has built its mining community on that basis, needs to be taken into account.

PoS might be part of the solution in the long term, but it isn’t ready, and Zcash’s policy has always been “wait to see how that works out in Ethereum”.

I also think that individual opinions (such as @zooko’s or mine) should not override community consensus if the latter is in favour of hedging against ASICs, as it seems is the case. Technical and engineering feasibility, and security requirements, are always an issue in deciding how the protocol evolves, but in this case, there’s no severe technical/security obstacle to changing the Equihash parameters. That would at least buy some time against ASICs, and also has the (minor) advantage of better PoW verification performance.

[Edit] As noted by @tromp, this would also be consistent with the recommendations of Solar Designer’s Equihash analysis.

I have a question regarding the 51% attack problem. Would it be possible to block a single members of the network from becoming 51% of the hashpower? Maybe by sending him controlled fake work keeping him unnessary busy with already solved problems ?

from a trader’s perspective ASIC hostility’s a good thing:
main reason, imo Zcash Will Replace Bitcoin - #2 by kek

competition’s already starting:
https://www.coindesk.com/motherboard-maker-asrock-confirms-plan-sell-crypto-miners/amp/?__twitter_impression=true

it’s in these companies’ interest to support ASIC hostile currencies.

eventually, we’ll see multiple large hardware manufacturers compete over these markets. when i say support; mean they’ll prolly openly promote some of the currencies. never a bad thing to have large players like this on your side, imo.

kek… ASROCK plans to sell GPU’s… i don’t think it is a competition to the ASIC except the ASIC becomes useless… : )
There is one problem about ASICs nobody can argue against:
Moore’s Law … Every year 1 or 2 ASIC may pop up being alway faster then the last one. The older ASIC’s will become useless and due to the fact they are no universal hardware, they become electric waste…
Everyone not retarded should be against ASIC mining. At least until someone can say: “Come and see! This is the fastest ASIC the laws of physics allows us to build”… then you can count me in… Else please keep the rare resources back and use them for universal HW (CPU or GPU). Because the later ones can be used for other purposes like gaming, physic calculation or just “office” work.

All in one if they keep the in a central place I know where to point a sidewinder from my refurbished predator (which i’ve bought instead of a Lambo) at to correct the market ; )
NSA if you read this, this is just a joke.

This is pointless talk as long as you consider bunch of miners as whole community, they just have one aim: “NO ASIC” they push and talk 10 times more than a normal member due to “My rigs are in danger”. no one even think and talk about PoS because miners never wanna HOLD.