5
1
Miners can mutate nonce (32 bits) + time (mutates once a second). This allows for 232 (~4 billion) hashes per second. That's not enough anymore for our ASICs as they perform in the TH/s now rather than GH/s. So we allowed miners to mutate the coinbase transaction, but this requires us to generate a new Merkle tree. This means that a miner needs to generate a new Merkle tree every 232 hashes. at 1 TH/s The miner must generate a new Merkle tree 250 times per second.
TLDR: Is Bitcoin PoW actually SHA256 + Merkle tree generation? And not pure SHA256?
If I'm correct in asserting that Bitcoin PoW is SHA256 + Merkle tree, does this slow the commoditization of ASICs and therefore slow decentralization, as ASICs now must be more complex than if they did with just SHA256 + nonce mutations?
2Thank you for your answer Pieter,
I understand that it does not require much compute. But my criticism is towards the added complexity of doing two things to get a new hash, as opposed to one, just using the nonce (and extending it to 64bits).
It seems to me that there is accidental complexity we can shave off here. We can reduce the complexity of the miners, pool operators, RPC interface, stratum.
Why have we chosen to increase the complexity of the software, rather than increase the nonce to 64bits?
Thank you for your contributions to bitcoin, I'm a huge fan of yours. – ascendzor – 2019-07-21T11:04:06.003
4@ascendzor Changing the header format like that requires a hard-fork. – CodesInChaos – 2019-07-21T14:30:38.940
6Yes, things would have been slightly simpler if the nonce field was 64 bits in size. As @CodesInChaos points out, this would require a hard fork, and because of that it'll probably never happen. All infrastructure relies on 32-bit nonces, and already includes the complexity of grinding Merkle trees. Convincing the whole world to change that, and the risks for forks while doing so, just isn't worth the gain. – Pieter Wuille – 2019-07-21T16:55:17.400