23
7
GPU-mineable cryptos are arguably more decentralized.
Did he simply miss this design aspect or does this sound fishy to you?
23
7
GPU-mineable cryptos are arguably more decentralized.
Did he simply miss this design aspect or does this sound fishy to you?
70
Bitcoin was not designed to only be mineable with specialized hardware. When Bitcoin was created in 2009, ASIC miners did not exist, SHA256d ASICs did not exist. Even GPU mining software did not exist because mining was a completely new thing. Bitcoin's difficulty was low enough for Bitcoin to be CPU mined on a laptop.
However over time, as more and more people began using and mining Bitcoin, the difficulty increased. Eventually someone figured out how to do GPU mining and wrote software for it, so Bitcoin moved on to GPU mining. Eventually someone figured out how to mine Bitcoin using FPGAs (Field Programmable Gate Arrays) so Bitcoin moved onto being mined with FPGAs. Eventually someone figured out how to build ASICs (Application Specific Integrated Circuits) for mining Bitcoin, so Bitcoin moved onto ASIC mining.
Satoshi did not intend for Bitcoin to be mined with ASICs (or even GPUs or FPGAs); it was meant to be mined on CPUs, but over time, as technology advanced, people figured out better ways to mine.
11
GPU-mineable cryptos are arguably more decentralized.
Sure, but in a bad way.
Say you want to attack or compromise bitcoin. You have to buy ASICs to do it. You could use GPUs or CPUs, but you would be at a tremendous disadvantage. The honest guys would win.
So you have to invest in all these ASICs to attack bitcoin. And if you succeed, you turn your expensive ASICs into space heaters. That makes it very unlikely that such an attack will be cost-effective. That makes the system more secure.
By contrast, there are computing clusters with large numbers of GPUs. You can rent them by the hour. That means you can attack a digital asset secured by an algorithm that runs efficiently on a GPU without having to invest in it. That makes it less secure.
People can argue about how much of a decentralization difference it makes and whether that matters. But this security difference seems, at least to me, to be much more significantly. Satoshi accidentally got it right.
4I wouldn't say "accidentally". Bitcoin was intentionally designed so that the difficulty of mining would increase to compensate for increased computing power. It's doing exactly what it was supposed to do: making sure that it will always be hard enough to mine that it's not feasible for an attacker to dominate the network, no matter how much more powerful our computers become. Think of mining difficulty not in terms of absolute difficulty but in terms of difficulty relative to the average computing power available at the time - the relative difficulty is designed to always remain the same. – Micheal Johnson – 2017-11-10T14:45:56.863
3@MichealJohnson What I mean by "accidentally" is that I don't think Satoshi thought through the consequences of picking an algorithm that has the particular characteristics SHA256d has. He didn't think through what would happen if the algorithm required lots of memory versus what would happen if it required lots of branching. By accident, he picked an algorithm that accelerates on ASICs extremely well. And many people even initially thought that was a bad thing. (And this question shows that many people still do.) But I think time will prove that it's the best choice. – David Schwartz – 2017-11-10T21:22:25.130
The crucial part is that, no matter what algorithm is chosen, the design of the network is such that the computational power required to solve the challenge will increase in proportion to increases in available computational power (for whatever particular algorithm is used). This applies no matter how easy or hard the algorithm is, because the network will compensate to ensure that the work is always the same difficulty. – Micheal Johnson – 2017-11-11T15:01:58.083
1@MichealJohnson I honestly don't see how that's even remotely relevant to the issues being discussed here. – David Schwartz – 2017-11-11T17:51:20.457
He did not "accidentally" choose an algorithm with particular characteristics. The characteristics of the algorithm are irrelevant, the network was designed to give a particular behaviour regardless of the algorithm chosen and the available computing power. If he'd chosen an easier algorithm, the network would've compensated to make the work as difficult, so no matter what algorithm was chosen you wouldn't find people renting GPU clusters because too many people would be using GPU clusters and the difficulty would increase to compensate. – Micheal Johnson – 2017-11-11T20:11:52.593
1@MichealJohnson You are very, very wrong. But I'm not sure I can untangle your confusion in the space here. First: He did accidentally choose an algorithm with particular characteristics. There's no evidence he considered the differences between memory hard, decision hard, and calculation hard algorithms. And that makes a huge difference in the final result because whatever is most efficient at executing the algorithm is what will wind up executing it. – David Schwartz – 2017-11-11T20:25:13.110
1@MichealJohnson Second, you are considering miners who seek to make a profit from mining rather than attackers who seek to disrupt the system (for example, to make a profit by shorting bitcoin). If Satoshi had picked and algorithm that worked best on GPUs, then attackers would rent GPU clusters to attack the system. I'm not sure if you didn't read my answer or didn't understand it, but what you are saying has nothing to do with the issue -- which is attack resistance. – David Schwartz – 2017-11-11T20:25:53.597
I think you're missing my point. My point is that the network was designed to be resistant to attacks of the kind that you describe regardless of the particular characteristics of the algorithm used or what hardware it is most efficient on. If the algorithm worked best on GPUs and a lot of miners/potential attackers were renting them, the network's difficulty parameter would be adjusted so that it was no longer feasible to mine enough bitcoin on a rented GPU cluster. The idea of the difficulty parameter is to limit mining to expensive/not-easy-to-obtain hardware. – Micheal Johnson – 2017-11-12T15:10:03.947
@MichealJohnson Sorry, you still are totally wrong about these issues. First, attackers have no effect on the difficulty, only honest miners who extend the longest chain do. Second, what limits mining to expensive and not-easy-to-obtain hardware is the fact that bitcoin chose an algorithm that runs best on expensive and not-easy-to-obtain hardware, not the difficulty. Had Satoshi used an algorithm that runs best on general purpose CPUs, miners would use general purpose CPUs. – David Schwartz – 2017-11-12T18:17:46.873
This is the point: If Satoshi had used an algorithm that runs best on general purpose CPUs, miners would use general purpose CPUs until the network increases the difficulty to compensate for the number of miners. After that, miners would have to upgrade to more powerful hardware (whether that be CPUs, GPUs, or ASICs is irrelevant). And "attackers" in this case refers to "miners" who modify the block and then complete the proof of work, with the aim to complete the proof of work before anyone else, so the same rules and difficulty applies to both miners and attackers. – Micheal Johnson – 2017-11-14T07:50:44.927
@MichealJohnson No. If the algorithm runs best on general purpose CPUs, then upgrading to "more powerful hardware" would make things worse because they would no longer have the hardware the algorithm runs best on and thus would lose money. But all the evidence we have suggests that Satoshi didn't think about this and just chose the algorithm that is the simplest that can provide the needed security for transactions. As it happened, that's an algorithm that runs best on ASICs because ASICs are awesome at simple algorithms. Intel puts billions into making their CPUs the best at something. – David Schwartz – 2017-11-14T09:25:37.677
If the algorithm runs best on CPUs then the difficulty would be increased until miners have to buy expensive, very powerful CPUs. They'd still use a CPU, but just one that's prohibitively expensive for an attacker to get enough of. (The same applies to algorithms that run best on GPUs, or any other kind of hardware.) – Micheal Johnson – 2017-11-14T17:22:06.513
@MichealJohnson I feel like you're not reading what I said. I specifically said, "if the algorithm runs best on general purpose CPUs". And yet you somehow think that the algorithm will run better on "expensive, very powerful CPUs". If the algorithms runs best on general purpose CPUs, it will be less efficient on expensive, very powerful CPUs. For example, you can design the algorithm to require precisely as much cache per core as general purpose CPUs have. Powerful CPUs tend to have more cache, but that does them no good. Ditto with everything else. – David Schwartz – 2017-11-15T20:07:28.740
Tell me what you think will happen if I take something that runs happily on a general-purpose CPU and then run it on a more powerful CPU. I cannot think of any situation where a more powerful CPU won't perform better than a less powerful CPU. "More powerful" could refer to simply having a faster clock speed, or more cores where calculations could be done in parallel. – Micheal Johnson – 2017-11-15T20:11:42.550
@MichealJohnson "I cannot think of any situation where a more powerful CPU won't perform better than a less powerful CPU." It's not about performing better. It's about being more efficient. If that more powerful CPU has lots of cache that isn't being used but is still drawing power, it will cost more to get the same amount of work done. You can find lots of super-powerful, power hungry CPUs that, for example, don't run games significantly faster than much cheaper CPUs. – David Schwartz – 2017-11-15T20:12:41.857
@MichealJohnson Mainstream CPUs get a huge price/performance boost from the massive quantities they are manufactured in and the billions of dollars companies like Intel and AMD put into optimizing them. – David Schwartz – 2017-11-15T20:14:16.040
There are plenty of high-performance CPUs around as well, and they wouldn't be prohibitively expensive to a serious miner. And if there was demand for high-performance CPUs for mining, more work would be put into making them and the prices would come down. You know, ASICs designed for mining didn't exist on day one, someone had to design and manufacture them and the demand was high enough for this to be profitable, and the benefits were great enough for miners to buy them. – Micheal Johnson – 2017-11-15T20:55:20.713
@MichealJohnson Right, but those high-performance CPUs wouldn't help if the task was specifically designed to run best on commodity CPUs. With such a task, the demand for CPUs optimized for mining would align with the demand for better commodity CPUs (since the tasks have the same requirements), and would just result in more investment in commodity CPUs. (But in any event, you're getting way to into the details of just one hypothetical. The point is that the requirements of the algorithm determine the hardware used to mine.) – David Schwartz – 2017-11-15T20:58:06.103
How is more performance going to "not help" the task? – Micheal Johnson – 2017-11-15T21:28:40.247
Let us continue this discussion in chat.
3
People who say that GPU mining is more decentralized than ASIC mining forget that GPUs don't descend from the sky. There are companies that manufacture them, and since GPUs are incredibly complex pieces of hardware, the barrier of entry to this market is huge. If a startup company wants to start manufacturing GPUs for mining, it can't.
Right now, cryptocurrency mining is still a relatively small part of the business of companies like AMD and Nvidia. but as it grows, these companies will effectively be the controllers of mining.
Much better, in my opinion, is to have the hash function as simple as possible, so as the market grows, plenty of companies will have the opportunity to compete in manufacturing mining hardware.
2
That Bitcoin is only mineable on specialised hardware is not itself a design choice. It is a consequence of hinging the integrity of the system on a proof of work, combined with great interest in mining.
The following is an oversimplification, but it's the concepts that are interesting anyway.
The Bitcoin protocol itself does not mandate that mining must be so difficult that it can only be done with specialised hardware. However, the protocol does mandate that a block should be found on average every 10 minutes by the entire population of miners combined. Therefore the Bitcoin protocol has a difficulty parameter which is continually adjusted so that this 10 minutes goal is approximately followed.
As interest in Bitcoin has increased, so has the interest in mining Bitcoins, and so the population and power of miners has grown. Double the population or power of miners, and you halve the average time to find a block - and so the system will adjust by doubling the difficulty. The reward for finding a block is also independent of the number of miners, so doubling the population of miners also means each miner will on average get half as much mining reward per unit of time.
So: As the miner population grows and the difficulty increases, the profit margin for miners shrinks. Eventually mining is only barely profitable with very efficient hardware. This is not directly a design decision, but a necessary consequence of the decentralised design.
This is false. It's a design choice. He could have, for example, picked an algorithm that runs with maximal efficiency on commodity CPUs. (As some other coins have.) He picked SHA256d which requires very little memory and almost no branching. That's why it's (for practical purposes) only mineable on specialized hardware. It may not have been a conscious choice, but it's the result of that design choice. – David Schwartz – 2017-11-10T21:24:21.907
2@DavidSchwartz, I don't think it's practical to design something that is most efficient on commodity CPUs. If your proof of work makes use of a subset of a CPU's capabilities, then the most efficient way to perform that work is on a device that only provides that subset. If it makes use of the full range of capabilities, then not only is it best performed on commodity CPUs, it is best performed on the one specific commodity CPU you designed it for. – Mark – 2017-11-10T22:14:49.520
@Mark Not so for two reasons: 1) Economies of scale and the billions of dollars companies like Intel put into optimizing commodity CPUs can outweigh the benefits of removing unused functions but losing the economies of scale and optimizations. 2) It is not particularly difficult to make the algorithm tunable such that it continues to perform best on commodity CPUs as they evolve. – David Schwartz – 2017-11-14T18:58:54.513
@DavidSchwartz, I think your being unfair. In my opinion, Satoshi couldn't have known Bitcoin was going to grow as fast as it did. In fact, he himself thought it wasn't going to work. Satoshi picked SHA-256 because it was what Hashcash used for proof of work. – ecavero – 2018-02-02T02:36:22.003
@ecavero I agree that he couldn't have known the future, but nevertheless, he chose a mining algorithm that does not require lots of memory and does not require lots of decision making. That was a design choice. Far from being unfair, he accidentally got it right. – David Schwartz – 2018-02-02T05:09:05.103
0
I wouldn't be surprised if CPUs were more viable to mine with back in 2009 than graphic cards, in terms of hashpower, hence why he only thought of the CPU.
See for example the top notch graphic cards of 2009, vs the best processors,
http://www.tomshardware.com/charts/2009-desktop-cpu-charts-update-1/3DMark-Vantage-1.0.2,1396.html
Now as time advanced, GPUs became much faster and were able to generate much more hashpower, but by that time Bitcoin was already running SHA-256.
The first GPU miner for Bitcoin only appeared around the end of 2010. – Pieter Wuille – 2017-11-09T23:20:52.733
7It wasn't so much that GPUs became faster, as that they became more versatile. In 2009, OpenCL was still in development, CUDA was of limited practical use, and most GPGPU computations were done via the cumbersome process of reformulating them as operations on graphics primitives. – Mark – 2017-11-09T23:47:54.860
0
Your question lacks historical sense.
When Satoshi Nakamoto considered Bitcoin, he had lots of very difficult problems to solve. For instance, the problem of distributed authentication, a problem that was never solved before. You should recall that there was no peer-to-peer electronic cash system before Bitcoin.
So, some of the current problems with Bitcoin could not be foretold, even by geniuses like the creator (or creators) of Bitcoin. It became such a huge phenomenon never seen before.
In any case, it is unfair to state that Bitcoin is not decentralized, since it is mined in many parts of the world, by many companies; it is still peer-to-peer. It is only concentrated, meaning that only large company pools can mine it efficiently.
Satoshi designed it so CPU's would mine making a decentralized network. I don't think he had the foresight to see that ASICs would come out and dominate the market. – Marc Alexander – 2017-11-15T17:33:50.967
3
Just to add, this is mentioned in the original whitepaper which is a short read. I'd recommend anyone interested in Bitcoin to read it as a starting point. https://bitcoin.org/bitcoin.pdf
– Toby Hawkins – 2017-11-09T22:55:05.67754It's not really "someone figured out" how to mine on FPGAs or ASICs: an intelligent first year undergraduate could port SHA256 from C to Verilog. It's more that it began to make economic sense. ASICs in particular require a big enough up-front investment that you need economies of scale. – Peter Taylor – 2017-11-09T23:27:04.040
3@PeterTaylor It is not the case that an intelligent first-year could design an ASIC to efficiently mine Bitcoin. – jwg – 2017-11-10T13:51:56.090
4@jwg: if we're to nitpick and catch words, he said "a student could" not "any student can" and that makes a whole lot of difference :) – quetzalcoatl – 2017-11-10T20:52:23.923
Also keep in mind that it took a while for the hardware to actually be profitable. At the start, I remember tat ASICs were nice but the profit margin was very low. The cost of the device plus the cost of electricity and the cost of cooling meant a very significant investment to see a return higher then say a US$ savings account (which isn't much). As hardware got better and cheaper the profit margins increased, and made it a more viable option. – coteyr – 2017-11-10T21:37:39.917
And don't forget to be a legit miner you may have to pay taxes and other such fees in your region. – coteyr – 2017-11-10T21:41:18.460