If you write a RandomX code generator and interpreter and customize the CPU hardware using tools like one above you will get an optimized version of the hardware. Take a look at [2] for a results of such codesign attempts for Fourier transform. The optimization in energy efficiency can be as high as 100+ times over general purpose processors and on par and exceeding ASIC implementation.
One would duly note that RandomX employs floating point instructions in some parts of hashing process. I will respond that floating point operations can be expressed as operations on fixed point values and these hardware parts can (and will) be shared with other computations. Basically, the codesign tool will implement for you a split (FP)ALU. This will also increase energy efficiency over GPU and general purpose CPUs which have different paths for FP and integer computations and usually do not share ALU parts between these.
To comclude, first, RandomX is needlessly complicated. Second, I think that ASIC version can be attained without writing everything in Verilog by hand, you may stick with C reference implementation for most of the work. And, last but not least, the gain in hashes per joule from ASIC implementation can be much higher than 2-5 times over CPU or GPU.
What do you mean by "needlessly" complicated? The whole point is to make it very complicated, as that is the main mechanism by which they achieve resistance to ASIC designs for it. How is that "needless"? Even if you say that an ASIC can still be built, the point it to make those ASICs much harder and more expensive to build. That coupled with regular change of PoW scheme (as is done in Monero) means that it is just economically unviable to develop ASICs for Monero.
I also performed analysis of this algorithm as part of a work engagement, and came to similar conclusions to you (that it's not nearly as ASIC resistent as the authors claim).
Notably there was (and still somewhat is, but less so [1]) very low data dependency between the generated instructions, which enables ahead-of-time preprocessing on a CPU to get effective execution on a bunch of independent compute units / datapaths (on an FPGA/ASIC), saturating all of them during a significant amount of time.
This PoW is rather complex and takes nontrivial amounts of time and memory to verify. It accepts these downsides in an attempt to achieve "ASIC resistance", which means limiting the potential efficiency gains of custom chips to a small factor like 2x or 3x. This should make their design and manufacture economically unattractive, with long ROI times. And thus allow commodity hardware to remain competitive.
This just another cat and mouse that just proves how flawed PoW is. It will always favor people who have access to cheap power thus consolidating the chain in the hands of few powerful people.
> And thus allow commodity hardware to remain competitive.
This would make the system more robust, at the expense of increasing the power consumption. Is that correct? Doesn't seem really eco-friendly.
"Commodity hardware being competitive" isn't a desirable thing either? Remember when Ethereum caused a run on desirable GPUs? Miners were buying them by the truckload and locking them away in datacenters, where they basically computed hash collisions and made heat.
Personally I'd rather miners use ASICs for their hash collision wankery and leave the consumer markets alone. But I'd really like to see miners cease to exist because crypto comes with a huge environmental cost and so many externalities.
You can't "set aside" something which a free market has chosen to accept. If you're upset about PoW, invent a superior replacement which the market would prefer over PoW.
However, I suspect you cannot. I'm doubtful that such thing can exist. Bitcoin is now an essential commodity because there is no replacement for it when it comes to saving money or evading warrantless (illegal) surveillance. The central banks and governments around the world caused this, and they aren't capable of reversing it.
Someone should make a PoW algorithm based on useful things like game theory; for example a chess bot competing against other chess bots, the top winner forges the block and gets the rewards. This is still not extremely useful, but better than just hashing useless strings.
Ideally, PoW algorithms should be focused on real science and/or economic problems.
If the work proof additionally became useful, it would develop a secondary market, and the difficulty would reset to that new cost. In other words, the useful problem solving would just obfuscate cost. It misses the point of proof of work, which is to display a costly signal that market participants will understand.
Total sidenote but someone should start a cryptocurrency that is proof of Storage-space(does that exist?), where you have to allocate space to mirror the content of the Internet Archive. Is there a way that could work? (I know almost nothing about cryptocurrency)
The work is useful. It randomly selects a participant out of potentially billions or more to commit the next block, but only the next block, and no others to the blockchain. This ensures the chain remains fair because any potentially malicious actor cannot sustain an attack involving malicious blocks for long - it costs them too much electricity.
There is no known alternative system which is capable of randomly selecting a participant out of the entire pool of participants. Every other "solution" works by limiting the participation, because it is impossible for a network wide agreement at this scale to be done (would require every node communicating with every other node in the network and having a unanimous agreement on who has the legitimate authority to commit the next block).
Any system which doesn't require work to be done to prove that the correct participant was selected is vulnerable to Sybil attacks, where people control more network nodes in attempt to gain more leverage over others. The idea of staking some money doesn't fix this either, because proof-of-stake has the "nothing at stake" problem where stakers aren't actually spending money because they're guaranteed to get it back for being honest. Running many nodes is also fairly cheap and has the "not much at stake" problem. Only proof-of-work has the "much at stake" problem because the irreversible spending of money on electricity happens prior to any reward which may be received, like a lottery.
You might consider Bitcoin as a whole to be a bad idea. However, with recent "printing" in the tune of trillions of dollars, and with Bitcoin providing an inviolable fix for inflation, I think it might just be worth the effort - at least for anybody sensible who wants to save money for the future.
In terms of Monero, which doesn't fix inflation, it is useful for evading unwarranted financial surveillance. I suspect this will be fine for some time to come, but there will be eventually be enough privacy features on Bitcoin to make it unnecessary. For now: save in Bitcoin, spend in Monero.
[+] [-] thesz|5 years ago|reply
I also have a comment about ASIC resistance.
There are tools that allow to customize hardware upon programs it will execute, [1] is an example of one such tool, there are some others.
[1] http://openasip.org/tta.html
If you write a RandomX code generator and interpreter and customize the CPU hardware using tools like one above you will get an optimized version of the hardware. Take a look at [2] for a results of such codesign attempts for Fourier transform. The optimization in energy efficiency can be as high as 100+ times over general purpose processors and on par and exceeding ASIC implementation.
[2] https://www.researchgate.net/publication/321700396_Codesign_...
One would duly note that RandomX employs floating point instructions in some parts of hashing process. I will respond that floating point operations can be expressed as operations on fixed point values and these hardware parts can (and will) be shared with other computations. Basically, the codesign tool will implement for you a split (FP)ALU. This will also increase energy efficiency over GPU and general purpose CPUs which have different paths for FP and integer computations and usually do not share ALU parts between these.
To comclude, first, RandomX is needlessly complicated. Second, I think that ASIC version can be attained without writing everything in Verilog by hand, you may stick with C reference implementation for most of the work. And, last but not least, the gain in hashes per joule from ASIC implementation can be much higher than 2-5 times over CPU or GPU.
[+] [-] Erlich_Bachman|5 years ago|reply
[+] [-] q3k|5 years ago|reply
Notably there was (and still somewhat is, but less so [1]) very low data dependency between the generated instructions, which enables ahead-of-time preprocessing on a CPU to get effective execution on a bunch of independent compute units / datapaths (on an FPGA/ASIC), saturating all of them during a significant amount of time.
[1] - https://github.com/tevador/RandomX/pull/118
[+] [-] deepnotderp|5 years ago|reply
[+] [-] tromp|5 years ago|reply
[+] [-] kabacha|5 years ago|reply
[+] [-] blasrodri|5 years ago|reply
[+] [-] plerpin|5 years ago|reply
Personally I'd rather miners use ASICs for their hash collision wankery and leave the consumer markets alone. But I'd really like to see miners cease to exist because crypto comes with a huge environmental cost and so many externalities.
[+] [-] lvs|5 years ago|reply
PoW should have been set aside as soon as it was generally understood that the network's energy consumption might be unbounded.
[+] [-] sparkie|5 years ago|reply
Who is "we"?
You can't "set aside" something which a free market has chosen to accept. If you're upset about PoW, invent a superior replacement which the market would prefer over PoW.
However, I suspect you cannot. I'm doubtful that such thing can exist. Bitcoin is now an essential commodity because there is no replacement for it when it comes to saving money or evading warrantless (illegal) surveillance. The central banks and governments around the world caused this, and they aren't capable of reversing it.
[+] [-] gingeropolous|5 years ago|reply
[+] [-] cryptica|5 years ago|reply
Ideally, PoW algorithms should be focused on real science and/or economic problems.
[+] [-] somjeed|5 years ago|reply
[+] [-] polytely|5 years ago|reply
[+] [-] david_draco|5 years ago|reply
[+] [-] kolinko|5 years ago|reply
As for „should” - you may not be aware of this, but telling someone they „should” do something if you don’t plan to help is a bit offensive.
[+] [-] polytely|5 years ago|reply
[+] [-] chemmail|5 years ago|reply
[+] [-] jeffrallen|5 years ago|reply
[+] [-] DarthGhandi|5 years ago|reply
[+] [-] hasa|5 years ago|reply
[+] [-] sparkie|5 years ago|reply
There is no known alternative system which is capable of randomly selecting a participant out of the entire pool of participants. Every other "solution" works by limiting the participation, because it is impossible for a network wide agreement at this scale to be done (would require every node communicating with every other node in the network and having a unanimous agreement on who has the legitimate authority to commit the next block).
Any system which doesn't require work to be done to prove that the correct participant was selected is vulnerable to Sybil attacks, where people control more network nodes in attempt to gain more leverage over others. The idea of staking some money doesn't fix this either, because proof-of-stake has the "nothing at stake" problem where stakers aren't actually spending money because they're guaranteed to get it back for being honest. Running many nodes is also fairly cheap and has the "not much at stake" problem. Only proof-of-work has the "much at stake" problem because the irreversible spending of money on electricity happens prior to any reward which may be received, like a lottery.
You might consider Bitcoin as a whole to be a bad idea. However, with recent "printing" in the tune of trillions of dollars, and with Bitcoin providing an inviolable fix for inflation, I think it might just be worth the effort - at least for anybody sensible who wants to save money for the future.
In terms of Monero, which doesn't fix inflation, it is useful for evading unwarranted financial surveillance. I suspect this will be fine for some time to come, but there will be eventually be enough privacy features on Bitcoin to make it unnecessary. For now: save in Bitcoin, spend in Monero.
[+] [-] dmos62|5 years ago|reply
[+] [-] asymptotically2|5 years ago|reply
[+] [-] elcritch|5 years ago|reply
[+] [-] xiphias2|5 years ago|reply