by Jamie Holmes
Changing the algorithm of many major cryptocurrencies is on the menu! As concerns about miner centralization begin to intensify, a few cryptocurrency communities are considering a change in the underlying algorithm to kill ASICs, specialized hardware machines that improve the efficiency of mining. Monero will conduct a Proof of Work (PoW) change in the upcoming April 6 release, Lithium Luna, while some in the Bitcoin community are also debating a similar change.
The ASIC Debate: Costs and Benefits
What is an ASIC? It stands for Application Specific Integrated Circuit and allows for greater efficiency in the mining of cryptocurrencies. ASICs followed CPUs, GPUs, and FPGAs, each used successively to mine bitcoin. But as the cryptocurrency ecosystem matures, more and more altcoins are being opened up to ASIC mining. Namely, Decred, Monero, and Siacoin are three prominent examples.
The Costs of ASICs
Proponents of ASIC-resistant schemes like Vertcoin or Cryptonite as used by Monero argue that ASIC’s contribute to centralization. The specialized units are relatively more expensive than GPUs and are less widely available, meaning that the mining power is consolidated into the hands of the few. By raising the entry barriers to mining, ASICs are argued to reduce competition and make the mining sector more like an oligopoly or monopoly whereas those mining ecosystems that are ASIC-resistant are presumed to be closer to a perfectly competitive market.
One of the principles underlying bitcoin was “one CPU, one vote,” referring to how anyone with a computer could join and secure the network. But now if you try to mine with your computer, your contribution will be negligible, since there are now mining farms that have taken advantage of economies of scale. But as a result of mining firms taking advantage of economies of scale, a large proportion of bitcoin’s hashrate is distributed across very few places, making it easy for a government or other entity to shut down these farms and wreck havoc in the bitcoin ecosystem.
This has been a fear for bitcoin, as many mining farms are located in China, and with negative sentiment from authorities regarding ICOs and exchanges, many believe that the government could wade into bitcoin mining farms and shut them down if they really wanted to. The hashrate may enter a downward spiral and make the blockchain network more susceptible to attack. While there are no indications of this happening, it is a real possibility.
Moreover, integrated circuit manufacturers are highly centralized, and there is a risk that these manufacturers can have some bearing on the mining ecosystem. Peter Todd has remarked on the subject:
“There’s only a tiny number of companies in the world that are capable of building performance/cost competitive ASICs, basically the likes of Intel, ASMC, GlobalFoundries, etc.”
The point is that these companies could be pressured by governments or regulations, and as long as ASICs are avoided, it will be very difficult to get miners to censor certain transactions and reduce the tendency of centralization into large data centers.
Moreover, since a few companies have the capability to produce such hardware, the mining rewards would tend to be captured largely by these companies. This is exemplified by the fact that Bitmain has surpassed established companies like Nvidia and AMD in terms of revenue, thanks to the fact that Bitmain’s dominance in bitcoin mining has allowed it to earn massive profits, from selling hardware as well as mining the cryptocurrency.
Finally, CPU and GPU distribution channels are nowhere near as centralized, since they are general purpose and are way less likely ever to be regulated, sabotaged or banned by governments as Monero developer Stoffu states:
“…another concern with ASIC mining even in the far future is that their manufacturing will most likely not be commoditized, and there will be a chance that all or most of the manufacturers are pressured by a powerful attacker to secretly implement things like a “kill switch.” This concern is totally irrelevant for CPU/GPU mining because anyone can compile mining software from source.”
The Benefits of ASICs
On the other hand, advocates of ASICs suggest that these developments in mining cannot be avoided. For instance, lead developer of Decred, Dave Collins, suggests that developing ASIC-resistant algorithms are “an exercise in futility”:
“While you might be able to stave off ASIC development for a time, you simply open the door for other methods to centralization such as botnets. For example, the rotating algorithms suggestion has already been deployed by Vertcoin, and it was effectively defeated by botnets that took over the network. CryptoNote tried CPU-friendly mining with the same result. Litecoin tried a memory hard algorithm (scrypt) and ASICs were eventually developed for it too.”
ASIC-resistant algorithms are not analogous to ASIC-immune algorithms, and Collins doubts that an algorithm with such a property can be formed. He argues that when making a coin ASIC resistant, you are opening up the network to a hostile takeover by ASICs. Similar to how proponents of ASIC-resistance argue that ASICs increase the barrier to entry, Collins argues that by making the algorithm resistant to these specialized forms of hardware, you raise that barrier even higher; only the most wealthy will be able to develop and use these ASICs. We have observed this many times, first with litecoin, then more recently with DASH and then Monero.
But by being open to ASICs, you reduce the likelihood that ASICs will be used to control, kill off or harm a blockchain network, since if they are embraced and are made available and cheap, they will eventually become hardware commodity over time and ends up with greater decentralization once the initial arms race is over. To find out more about ASICs and how they bring us closer to the thermodynamic limit, you can read Andrew Polestra’s paper here. For now, we can think of an irreversible proof of computational work as a proof of physical work, i.e., energy dissipation.
Of course, ASICs are less of a threat to Decred as the protocol is based on a hybrid of Proof of Work and Proof of Stake. While mining could be argued to become centralized as a result, the staking process still keeps Proof of Work miners in check.
Another reason stated in favor of ASICs is that a blockchain network is only as secure as the energy burned, as mentioned above. In Proof of Work systems, miners consume electricity to check and propagate transactions. The more energy burned, the more secure the network is, as more energy would be required in an attempt to rewire the blockchain and conduct an attack. With ASICs, there is more ‘work’ being done, and consequently, more energy would be expended trying to rewrite the blockchain’s history.
Now consider if the entire blockchain network is supported by hobbyist miners using their CPU or GPUs; because the ‘work’ done is relatively lower, it is easier to dedicate resources to an attack to rewrite the blockchain’s history and engage in a 51 percent attack.
Changing Bitcoin’s Proof of Work
The proposal to change Bitcoin’s Proof of Work has been floating around for some time now but has never gained enough support. During late February, Cobra put out a blog post entitled, “An open letter to the Bitcoin community to change the proof-of-work algorithm” arguing for a PoW change to restrict Bitmain’s control over bitcoin.
While not very popular, the amendment to bitcoin has one vocal supporter; Bitcoin core developer Luke Dashjr argues that the PoW change would fix the problems surrounding the monopolistic mining sector:
A change of PoW is needed because SHA2 is no longer a decentralised PoW, but has become merely assigned-by-Bitmain.
— Luke Dashjr (@LukeDashjr) February 24, 2018
Dashjr also stated that diversity of miners is more important than the magnitude of hash power of the Bitcoin network and that ASICs are not the problem, but rather it is down to who is running the miners. The relevance of this is that once Bitcoin’s PoW was changed, GPU miners would be able to pick up the slack and the fears of a dropping hashrate are not as justified as some may think, according to the Bitcoin developer.
The main concerns against with proposal are that there may be many companies in the process of developing ASICs to compete against Bitmain, with Samsung pointed out as one such example. By changing the PoW preemptively, it could discourage companies that would potentially compete with Bitmain from investing in new products suited for bitcoin mining.
Consequences of a one-time change and continuous change in the Proof of Work are examined here by JW Weatherman on different actors in the Bitcoin ecosystem. Another drawback is that without ecosystem-wide support, the PoW change could lead to another fork like Bitcoin Cash and divide the community even further.
Even though he has made strong arguments against ASICs, Peter Todd reckons that changing the PoW is a high-risk move, and he is of the opinion that it should only be carried out if an attack has been observed on bitcoin. The community largely agrees that a PoW change is too risky, especially given that there are reports of other manufacturers entering the ASIC production market.
Monero Moves to Change PoW In Response to ASIC Threat
As stated above, ASICs can be developed and lurk in the wild. It was suspected for a long time that ASICs had been developed for Cryptonite, which contributed to a massive increase in the hashrate of Monero since September 2017. The consensus in the community is that Bitmain, which recently announced Cryptonite ASIC miners for sale (starting at a price tag of $12,000 dropping down to around $2,000), was most likely using these ASICs before announcing them for sale.
Prior to the hashrate spike, ShaolinFry suggested a change to Monero’s Proof of Work to mitigate concerns of centralization. In fact, there is some evidence that Bitmain had been mining using Cryptonite ASICs since January 2018:
Can't believe I missed this earlier, but sure enough – confirmation of @BITMAINtech having #cryptonight chips on January 23rd (#XMR AntRouter). Only goes to confirm the argument that ASICs silently caused the nethash to skyrocket. cc @fluffypony / #monero team pic.twitter.com/L4PEdJdgqp
— eureka [XMR/LTC] (@astraleureka) March 16, 2018
A similar thing happened with Siacoin, who were preparing to bring ASICs into the network, but Bitmain beat everyone else to the market and effectively killed off Obelisk, which is connected to the Sia development team. Now Bitmain dominates the network. No figures were given either on how many they had sold, introducing the problem of information asymmetry; while Bitmain knows how profitable these miners would be, their customers do not. As these machines came online, the difficulty increases, effectively reducing the profitability of their products; this effect is intensified if the company had been mining using their own products before release (which is not unreasonable).
In Contrast to Sia, Monero are not Playing Ball with Bitmain
In early February, as a course of action for the the suspected, covert use of ASICs, the Monero team announced that they would be altering the Proof of Work algorithm in the upcoming release. These alterations will be twice per year to stay ahead of the ASIC manufacturers.
“…We will perform an emergency hard fork to curb any potential threat from ASICs if needed. Furthermore, in order to maintain its goal of decentralization and to provide a deterrent for ASIC development and to protect against unknown or undetectable ASIC development, the Monero team proposes modifying the Cryptonight PoW hash every scheduled fork, twice a year.”
The post goes on to say that the modifications made will be minimal and should not change performance too much. With the first change under testing and ready for the April 6 upgrade, the team will also research alternative Proof of Work functions that may give a strong assurance of ASIC resistance than Cryptonight.
Bitmain is Argued to be a ‘Bad Actor’
It would not be the first time the mining giant has played dirty. For example, the company faced similar accusations when they released ASICs for DASH, where the company produced too many units that could possibly make returns and sold them all. Once all were delivered, difficulty went way up, and from selling the miners, Bitmain made more profit than by capturing the entire hashrate of the coin.
It is also rumored that ASICs for Equihash, the algorithm used by Zcash and Bitcoin Gold, and Ethereum, are already in existence, with Siacoin lead developer David Vorick stating that he strongly believes that some companies beyond Bitmain are mining zcash using these specialized machines.
Bitmain is also rumored to own around two to three percent of total BCH supply, with many of the proceeds coming from the sale of their miners. The company accepted bitcoin cash for a while to prop up demand for the altcoin but has switched back to fiat. Bitmain has also proved again and again it cannot be trusted – with various scandals such as AntBleed and AsicBoost, explaining the reluctance of Monero to acquiesce Bitmain’s newest product.
The disclaimer from Bitmain makes it clear that no one will receive any refunds for the Cryptonite Miner, meaning by the time it ships (the first batch is expected in May), it will be useless, at least on the Monero network. Most Cryptonite-derived coins are also following Monero’s lead, namely AEON, IPBC, and Masari.
However, it is argued that Bitmain has yet to show that it will abuse its position. The mining firm operates at least two bitcoin mining pools and has not engaged in any attacks on bitcoin (as these would be noticeable on the blockchain). Opponents of the Proof of Work change also highlight that the move could consolidate the core team’s control of Monero, and there are fears that the team could commission an ASIC miner in secret and collude with these manufacturers.
Smooth Proposes ASIC-friendly Strategy for the Future
Ensuring that the options remain open, AEON and Monero lead developer Smooth submitted a proposal for an ASIC-friendly PoW change on March 12 as a response to some of the perceived dangers of constantly tweaking the algorithm to maintain ASIC resistance.
His main points are; such frequent changes could lead to accidental exploits, the potential for favoritism as highlighted above, manufacturers may account for slight tweaks and changes the project is implementing, and the efforts may ensure ASICs cannot be produced with the exception of one business, which in effect, would hand them a monopoly position over Monero ASICs.
In response to the document linking the concepts of Proof of Work, ASICs, and the thermodynamic limit, Smooth stated that the failure to achieve ASIC resistance might be a strong argument for creating an ASIC-friendly algorithm:
“…the document takes the position that effective ASIC resistance is impossible. That may or may not be correct in practice, but the idea that ineffective ASIC-resistance may make matters worse seems valid to me.”
Although details are still scarce, there could even be a drive to delay ASICs with the hard fork tweaking the algorithm every six months, until there is amore level playing field in the ASIC market. It is even proposed that the community could deliver an open-source design of an ASIC for Monero – however, the feasibility and timeframe for this are uncertain.
Other Proposed Solutions for Monero
The debate is still ongoing for the Monero community, as relying on the developers to hard fork every six months and change the algorithm is not an ideal strategy over the long term. One interesting proposal, as outlined on the project’s GitHub page, is to develop four PoW algorithms and randomize them, which would get around the problem of an ASIC manufacturer corrupting the developer team; none of the devs would know before the change which PoW will be used and therefore cannot give any inside information to manufacturers.
Tevador stated, “These issues can be solved by designing for example four PoW candidates at once, testing all of them thoroughly for six months and then choosing which change will be implemented based on the hash of a block that is for example two weeks before the scheduled hard fork date.”
Speaking on this proposal, SRCoughling replied that “the random strategy is the best defense possible against ASICs because it can easily be tuned to kill all returns on investment” and he is currently working on a whitepaper to explore this avenue more formally.
The ASIC Debate is Certain to Persist
There are strong arguments on both sides for altering the Proof of Work, and in the case of Monero, it will be interesting to see how the strategy of altering the algorithm every six months will pan out. Of course, with the higher popularity and value of bitcoin, there is more at stake than with monero.
But the altcoin could finally let us empirically observe whether the price of a cryptocurrency follows the hashrate. Once the PoW is changed for the Cryptonite coin, we should see a drop in the hashrate as the ASICs are booted off the network – which is an important reason why Monero supporters should contribute their resources to the network in this rocky period (note: you can solo mine in the official GUI). There is a tiny possibility that Bitmain has accounted for this response, and has another ASIC developed already.
Whatever the case, one thing is for sure; the debate revolving around ASICs and cryptocurrency will not die down anytime soon.