Problem statement: Creating robust, secure, energy efficient and decentralized blockchain network.
Its been discussed many times before but would like to have with community members here.
Pls consider following points before:
ASIC,FPGA,GPU,CPU mining pros/cons
Asics are more enerzy efficient.
GPU are for gamers and inefficient.
Asics brings centralization.
Asics are not available to everyone.
General available low costs asics in market, if any.
Can any algo/FPGA design help to solve the issue.
Is there any other design which can bring good solution.
Is forking every six months to combat asics feasible/good/bad.
What about hidden asics/technologies not open in market ?
Are hidden/undisclosed asics better for network than open/available asics/technology.
…
…
…
We are looking for future and would like to address this issue since beginning.
We are dedicated to the project and ready to invest time and resources to create one of the best blockchain technologies.
Looking back at the problem from 3-4 years in future.
Also if you have come across any discussion/research on how to keep the blockchain network secure with minimum energy. Pls let us know.
Pls submit your views.
The whole idea of mining crypto is it being egalitarian, and accessible to as much people as possible. ASICs in general are much more energy efficient, and reduce waste as they are built specifically for that task. However, in the world we live in, ASICs are available to a very narrow slice of people who have access to Chinese markets, and have the required wealth to finance it. That would push any blockchain now into centralization.
With Bitcoin it’s different. We moved from CPU to GPU, then to FPGAs, then ASICs, and it was very gradual, that allowed it to preserve decentralization along the way.
protection from a 51% attack, which can disable the network or double spend
uniform coin distribution among holders to prevent market manipulation
energy efficiency
For 1) asics have the most to lose from such attack if the hashing algo is unique to the coin. Concentration of power with gpus is prevented only until the hashing algo is introduced to nicehash or miningrigsrental service, then it’s available for hire. CPU-only algo is the worst because it is easy to hire large computational power and typically only a matter of time before at least a gpu miner is developed.
For 2) CPU algo can be the best absent cloud mining by large players. GPU is the next best where almost everyone can mine a little. Interestingly due to cloud mining and nicehash ASIC algos are not far behind because people can buy hashing power. Since CN has a steep decaying emission keeping it CPU-only or GPU-only for the first year or two helps with a more uniform coin distribution.
And 3) is a moot point considering the cost of VISA/Mastercard infrastructure. What matters though is the separation of miners/users, which is negligible in PoS coins.
If we could have a hashing algo restricted by minimum RAM capacity to 4-8 GB per thread or equivalent memory bandwidth requirement with minimum CPU utilization it might be the best. It would be a CPU/GPU-only with little advantage for GPU over CPU and no asics any time soon due to a anique algo for a small coin and hard memory requirements.
But you can’t control number of threads created by hardware or software, and sooner or later someone will be able to abuse that.
My suggestion is to look beyond PoW, and beyond any known proof of (insert concept here). To have an entirely new view of how to mint blocks, while preventing abuse using wealth, and in a way that would allow for tuning depending on competition (like difficulty in PoW)
Then perhaps memory bandwidth limited algo may be easier to implement than proof of memory capacity.
Think of it this way. When people make an ASIC-resistant algo they are trying to improve its efficiency on existing hardware as much as possible to limit any gains specialized hardware may have, GPUs over CPUs, ASICs over GPUs. Ethash was rather good judging by E3 gain over GPUs only in power but not hashrate. If we can come up with a good algo it may stand up to ASICs well.
PoS must be proven first, maybe Casper will show us the way. Design, review and implementation of a new PoS algo will take a long time, typically introduced in a hybrid approach along with PoW.
PoS won’t work with cryptonote, you don’t know how much coins are in the wallet. Layering and sharding will directly impact the ability to have robust smart contracts.
Note: We’re bouncing ideas and thinking out loud, I’m not in anyway degrading your opinion.
PoS can be made to work on CN, just more cumbersome to design it. Nothing is impossible. Will likely need to use validator nodes each requesting info/signatures from clusters of nodes staking their balance.
The downside is the nodes reveal the staking balance to the validator nodes.
Maybe trust factor can be introduced separate from the balance and be public, then it will be easy. If needed a node may need to meet minimum balance requirement by signing a stake for this amount.
Algorand and their references make sense.
Sorry, but I am pretty ignorant on CN protocol, just trying to use common sense and shooting from the hip.
What if a node sends the required stake to itself locking it for N blocks and reveals TX viewkey publicly? Then algorand selects the commitee among those nodes that shared min balance viewkeys using accumulated trust factor as weight.
If you think that even revealing min balance, say, that the participating node owner has at least 100 coins is too much then perhaps only trust factor could be ok, but I don’t think it will be strong enough then.
For fast TXs and little to no forking a requirement of consensus by a small subset of nodes rather than by the whole network is inevitable.
If you look at other cryptocurrencies, the reason they attempt to provide ASIC resistance is decentralization. The core tenant of the cryptocurrency world is zero trust, especially with a coin based on Monero privacy. The focus should be on maximum decentralization and minimum trust, not environmental impact as per the goals of this project.
Personally I would go the route of CrytpoNightV7 for now. There is no need to waste cycles attempting to do something better when there is a proven algorithm already available. Focus on the smart contracts and other roadmap items instead of cycling on this issue.
BTC is NOT decentralized and it’s because of the monopoly Bitmain has on ASICs.
Here’s my 2 cents on this topic:
Kill ASICs and don’t affect CPU miners (monero7) = Give CPU botnets increased ability to launch attacks, but most decentralized approach as barrier to entry remains lower for most people. Not affecting CPU performance sort of balances the impact by GPU pools/NH too.
Don’t kill ASICs (leave algo as is) = Increase centralization but mitigate what botnets can do to the network because ASIC owners have a stake in keeping the system “clean” in order to maximize profits. ASICS are only useful for one task and most operators have an incentive to keep their rig running and generating long-term income. This will all but eliminate any CPU or GPU miners but will also prevent most CPU/GPU botnets from causing damage (unless someone is running an ASIC botnet???).
Kill ASICS and lower CPU performance (CN-Heavy) = Give big ETH or ZCASH pools the ability to launch attacks and/or have a constant HR spike as they auto-switch to different coins. This will deter the impact CPU botnets have though. It’s sort of a middle ground regarding centralization too. The common CPU miner has no stake in this race though.
I’m sure there are other consequences I’m not thinking of right now too.
A change to full PoS leaves room for anyone with deep pockets to QUICKLY take ownership of the network.
IF ASICs where accessible, the same way GPU’s are accessible today, that would not have been an issue. But it’s still much better than what an ASIC driven coin would look like if we ignored the issue today.
The idea here is to look beyond PoW algorithms.
Dero’s article on Medium mentioned that there could be a signing authority for example for things like KYC.
Let’s say the wallet intending to stake, sends the staked amount + data regarding staking period (lock) to a smart contract, that signs it and adds a publicly visible amount (or tier if tiered staking) and stake time, then returns all that to the wallet. Then staking is done using that signature, from that wallet, for the specified period. (A “unlock” option might be provided using same/other contract if needed)
Therefore no view keys are published, staked amounts are declared/verified without exposing all data related to that wallet.
Regarding reducing the effect of “rich gets richer”, we can set a max amount for staking per wallet/node. Therefore, people staking high amounts, would then need additional nodes, adding to their costs AND forcing them to support the network the network as well.
If you want to use the amount in committee sortition and SC can be utilized to conceal the amount then it may work. Limiting the stake size will cause the owner to split his balance into multiple addresses if there is a reward for mining a block via PoS.
For the security of the network PoS may be superior to ASICs unless there is an attack from a competitorbor govt for whom the gain from killing the network outweighs the cost of buying 2/3 of the coins or whatever the threshold is. And if balance is not in the calculation then how to prevent anyone from running enough nodes to kill the network? This is a big problem with PoS. Same argument goes to ASICS: buy enough of them and you can shut down the network at the cost of these ASICs. GPUs/CPUs are more evenly distributed but fungible and can mine ETH after killing DERO for example.
Then let’s assume tiered staking with a max tier.
Anyone who wants to stake more, then they would add nodes and support the network.
Therefore, anyone wishing to “control” would have to face an increasing requirement of wealth. And then once control is established, the value would go down, causing the person attempting control to lose a fortune bying upwards a coin that nobody else wants.
If a country tries to buy 10% of coins in circulation, price spike would be huge. Then if they want to kill the coin, they dump them. That is not an issue of PoS or PoW, just how the markets are.
But then, we face another problem. Emissions.
I’ll have to wait on confirmation from Captain on that, but would a sharded system negatively impact the robustness and reach of smart contracts? That is would then smart contracts operate on a shard, but not the other?
If future plans are not negatively impacted by sharding, we can have a dual PoW/PoS system, with lesser PoW rewards and reduced block size/times.
If they would be impacted. We can have a full PoS system, and add a small reward per block on top of Tx fees.