Could an algorithm be made ASIC-resistant by simply adding deterministic permutations depending on the hash of the previous block and the nonce?

I was thinking of permuting bits in a block before it is hashed, in order to require some adaptability from the mining hardware while retaining the security of SHA-256.

Permutations would depend on the hash of the previous block so that they cannot be anticipated. They would also depend on the nonce, so that the permutation step would have to be performed once per hash, preventing a single external CPU from efficiently preprocessing the data.

A simple example of algorithm:

Seed a pseudo-random number generator with the hash of the previous block appended to the nonce. Draw 1000 pairs of pseudo-random numbers between 1 and the length of the block in bits. Swap the bits corresponding to these pairs. Hash with SHA-256.

It seems to me these permutations would be particularly troublesome to implement electronically, and I was thinking this might drive up the cost of ASIC implementations.

arkanaprotego

Posted 2013-12-13T01:23:11.347

Reputation: 41

This would just reduce the security of the cryptocurrency by reducing the advantage those intending to secure the currency have over people who rent supercomputers and botnets just to attack the currency. So why would any sane person want to do this? – David Schwartz – 2013-12-13T02:37:28.930

ASIC resistance is the Holy Grail of many an alt-coin developer.

It is true it might decrease security, but it might help to get a wider user base by making it easier for newcomers to mine. I think this is equally important for the success of a currency.

And I think this would still be GPU compatible, so I am not sure botnets and supercomputers are such a big issue? – arkanaprotego – 2013-12-13T09:56:13.223

I don't understand that ASIC resistence at all actually. The efficiency increase from one generation to the next is already leveling out. The biggest part of the network growth right now is simply more and more ASICs... how would that be different from more and more GPUs? And whatever algorithm you come up with, why would a it be impossible to build a custom almost-GPU-but-mining-specific-chip? – Jannes – 2013-12-13T10:56:41.193

The point is just to make it possible for people who are not yet committed to buying mining-only hardware to give it a try with their regular computers. As of today, it would be insane to try this with Bitcoin, because ASICs are so much more efficient. Also, if you can use your regular computer as a mining rig, it basically means your first rig is free, then the cost increases linearly for every new rig you buy: it makes small players more efficient and increases decentralization. – arkanaprotego – 2013-12-13T11:16:03.610

How do you ensure that you don't end up with an invalid block when you swap arbitrary bits? For example, what if the two bit pairs being swapped is part of a tx signature? You would potentially invalidate the signature if you swap the bits. – greatwolf – 2015-02-14T08:09:12.057

Answers

Your solution will least at most a year until dynamically reconfigurable FPGAs appears in the market. Then creating any logic circuit on the fly will be possible, and so efficient FPGAs will outperform CPUs by a large margin.

See for example: http://en.wikipedia.org/wiki/Partial_re-configuration

SDL

Posted 2013-12-13T01:23:11.347

Reputation: 509

When creating a new crypto-currency, a compromise must be made regarding the proof-of-work algorithm. Should the algorithm selected be CPU-only, or the opposite? Both options have their pro's and con's.

Should the creators use an algorithm that's easy to run on either an ASIC or a GPU, then the bar is raised for potential miners - this means no worms will try to create swarms of 0wned computers to mine the currency, but it also means people who can only mine with CPU won't be interested in mining it at release time precisely because they know they will be set appart really soon.

If, on the other hand, they purposefully select a CPU-only then people galore will attend the launch and start mining the coin, but it'll also mean botnets will start mining it as well and some people will use cloud computing or shared CPUs (theirs or from others to mine it).

To see an actual example, look at what happened when Primecoin was launched: the ultimate CPU-only coin (some experimental GPU miners exist, but alas - they're less capable than CPU ones), some worms started soon propagating to recruit machines to put them to mine.

Also, plenty of people would use their accounts at these services which bill you by the amount of CPU you use and started using their share-time to mine Primecoin - to the point some servers of these server-providers collapsed, whereas others kicked off these miners for violations to terms of service.

Joe Pineda

Posted 2013-12-13T01:23:11.347

Reputation: 2 040