Being ASIC-resistant or not?

[cross-post from Gitter]

Following up on something that was posted in /dev yesterday by @beardofmerlin, I discovered apoelstra’s ASIC paper through the Gitter channel last week, and after reading and digesting it, the conversations here, and what’s happening elsewhere in crypto, I had similar questions as him around the community’s position regarding ASICs.

I’m not a miner. I’m curious to hear the different positions and thinking of others around this. To me, it seems to be very much a question of framing it in shorter-term versus longer-term thinking, but I’m not sure I’m right about that.

Where on the one hand, the community and the coin itself would benefit in the shorter term from being ASIC-resistant, as it allows early adopters, developers, fans, to pick up some coin fairly and get somewhat rewarded for their work improving/growing the coin early on. Before the big boys/girls step in with inevitable efficiency improvements once it becomes worth while for them to do so. I.e. basic transition from cottage industry to corporations. But whenever someone “cracks” Cuckoo and build an ASIC (or similar) for it, we can safely assume it will most likely be done in stealth, and not as widely disseminated knowledge. So if that eventual ASIC-cuckoo design does not become shared, what happens then?
-> More decentralisation day one / Less decentralisation day later?

Versus a more longer term view from the get go of: Okay, ASICs are inevitable, economies of scale are inevitable, it is not a bad thing, we shouldn’t fight it, and if the coin is worth it, it will be mined, and if we pick a ‘solved’ algo, over time, ASICs for that algo are likely to be better available, which will lead to better decentralisation. Maybe. This leads to less mining success for the cottage industry community members in the early days, and more towards the big boys/girls from day one.
-> Less decentralisation day one / More decentralisation day later?

Is that a good outline of the different thinking? Have I missed / misunderstood something?

If I had to pick a side today, I would probably lean towards Cuckoo and the current approach, with the rationale that right now, there is no ‘longer term’, and anything that motivates as wide of a community as possible to grow and improve the coin, improves the chances of a successful launch and with it the chances of the coin ever reaching ‘longer term’. And then it’s a privilege to have the ASIC issue to worry about.

What are your thoughts around this?

[Including points raised by @haarts:]

The one addition I think is worth mentioning is that if you pick a ‘solved’ hashing algo large farms already have enormous hashing power. That will allow them to ‘dump’ hashing power on the nascent coin messing with the difficulty/do 51% attacks.
Re the stealth development; I don’t think it is that big of a problem. There is no magic involved in Cuckoo, it is just that memory is expensive. Building an ASIC is not hard just not worthwhile ATM.
Optimizing the silicon yields a relatively small performance increase. Not worth the investment now, but if the coin picks up, more money is to be made and eventually it IS worth the investment to squeeze the couple of percent performance.

[Including points raised by @chri2:]

asics: furthermore as I understood @tromp part of the idea is to offer an incentive to industry to improve memory development - make it faster and more energy efficient. That gives back something really valuable to the general computer usage and not only a thing that can sha at speeds that are otherwise of little use. I like the thought a lot to help push the market in a much desirable direction.

4 Likes

The idea about the incentive for industry to make better memory affordable is part of @tromp description of cuckoo and can be found here https://github.com/tromp/cuckoo#an-indirectly-useful-proof-of-work.

Thanks for the good summary!

2 Likes

I fully expect Cuckoo Cycle ASICs to become available, possibly within the first year. I don’t know yet whether these will be of the lean or mean variety. Cuckoo Cycle is designed to be the simplest possible PoW, with the hope that ASICs can remain simple as well, and easy to optimize (easier than SHA256 ASICs).

They should also be easy to evolve to larger instances. At some point, cuckoo30 will be phased out to make room for cuckoo31 and later on to cuckoo32 and beyond. These are to prevent single chip ASICs and to preserve the off-chip memory bottleneck.

There should be no other tweaking done to Cuckoo Cycle and I recommend that ASIC averse coins do not adopt Cuckoo Cycle as PoW. I do hope there will be some healthy competition in the ASIC market.

1 Like

Maybe it would be a good idea to create incentives to develop something as open hardware. Later there could be a bounty like for the software algorithms to optimize an inicial design or counter it with other open hardware designs. The license should in all of this be restricted to something that allows others to produce the hardware without restriction and to develop improved versions as long as those are put under the same license. As an incentive it could be allowed to sell the first batch (restricted by a time period starting from market availability) before the design has to be published.

1 Like

I agree it would make sense to offer bounties on improving Cuckoo Cycle designs for the most common FPGA platforms that people use for memory hard PoWs. I plan to offer those in future once I feel a reasonable amount of optimization has been achieved.

1 Like

@tromp that’s very interesting. Do you expect ASICs to have a big advantage over FPGAs for Cuckoo?

Yes, ASICs have large advantages in power efficiency and unit production cost (discounting the huge startup costs). But FPGAs are great for experimenting with different possible ASIC designs and can be very useful in predicting their performance.

One of the purpose of Grin is to incentivize memory R&D. I’m wondering about another incentive.

As I understand it, and contrary to FPGAs (vhdl/verilog), there’s no asic development standard : each foundry has its own.

Do you think pushing for open FPGA code to mine new coins (such as grin) can incentivize foundries to standardize asic developpement processes? As in, foundries that pushed for a new standard would see increased profit?

I don’t have anywhere near enough knowledge of ASIC development and disparities between different foundries to answer that question. Sorry:-(

Webchain’s so-called ASIC resistance has nothing to do with its Pow (which is pretty ASIC friendly and thus only egalitarian in a very limited sense) but is based solely on the dev’s promise to change it frequently.

I think Grin has no interest in frequent PoW changes.