Scrypt proof of work: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Luke-jr (talk | contribs)
mNo edit summary
Luke-jr (talk | contribs)
→‎References: Remove scamcoin promotion
 
(4 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Scrypt adds memory-intensive algorithms to reduce the efficiency of logic circuits.
'''Scrypt proof of work''' denotes the [[Hashcash]] proof of work using scrypt as underlying hash function.
By using a memory-intensive hash function designed to reduce the efficiency of logic circuits, this was claimed to make only CPU mining remain profitable, even with the advent of GPU mining, and completely failed in that goal.
 
It has been less widely used and analyzed than the SHA2 hashing algorithm used in Bitcoin, so there is some concern about possible weaknesses in its cryptographic scheme being discovered in the future.
It has been less widely used and analyzed than the SHA2 hashing algorithm used in Bitcoin, so there is some concern about possible weaknesses in its cryptographic scheme being discovered in the future.


== History ==
== History ==
Originally introduced as part of the altcoin "Tenebrix" by ArtForz and Lolcust, it was claimed to be resistant to GPU, FPGA, and ASIC implementation<ref>[https://bitcointalk.org/?topic=45667 BitcoinTalk discussion thread for the "Tenebrix" altcoin]</ref>.
Originally introduced as part of the [[altcoin]] '''Tenebrix''' (TBX) by ArtForz and Lolcust, it was claimed to be resistant to GPU, FPGA, and ASIC implementation.
Around mid-2012, GPU-based mining began to become widespread anyway, and in late 2013 ASICs began shipping.
 
=== Specialized hardware ===
Around mid-2012, GPU-based scrypt mining began to become widespread, and by late 2013 scrypt ASICs had began shipping. As scrypt is not GPU-resistant, FPGA-resistant nor ASIC-resistant, it has failed to meet its stated goals entirely.


== Problems ==
== Problems ==
Line 13: Line 17:
However, this argument posits that since scrypt is designed to be inefficient on all common computer components (both CPUs and GPUs), a malicious entity need only produce a small batch of specialized/custom hardware to overtake all the commodity mining systems combined.
However, this argument posits that since scrypt is designed to be inefficient on all common computer components (both CPUs and GPUs), a malicious entity need only produce a small batch of specialized/custom hardware to overtake all the commodity mining systems combined.


==== Memory bandwidth refutation ====
=== Memory bandwidth refutation ===
Some attempt to refute this by arguing that scrypt is not designed to be inefficient, but is instead designed to be highly dependent on memory bandwidth.
Some attempt to refute this by arguing that scrypt is not designed to be inefficient, but is instead designed to be highly dependent on memory bandwidth.
Since the high-speed cache RAM on modern processors already takes up most of the die space, no sizeable improvement could then be made by creating custom chips.
Since the high-speed cache RAM on modern processors already takes up most of the die space, no sizeable improvement could then be made by creating custom chips.

Latest revision as of 00:19, 24 April 2019

Scrypt proof of work denotes the Hashcash proof of work using scrypt as underlying hash function. By using a memory-intensive hash function designed to reduce the efficiency of logic circuits, this was claimed to make only CPU mining remain profitable, even with the advent of GPU mining, and completely failed in that goal.

It has been less widely used and analyzed than the SHA2 hashing algorithm used in Bitcoin, so there is some concern about possible weaknesses in its cryptographic scheme being discovered in the future.

History

Originally introduced as part of the altcoin Tenebrix (TBX) by ArtForz and Lolcust, it was claimed to be resistant to GPU, FPGA, and ASIC implementation.

Specialized hardware

Around mid-2012, GPU-based scrypt mining began to become widespread, and by late 2013 scrypt ASICs had began shipping. As scrypt is not GPU-resistant, FPGA-resistant nor ASIC-resistant, it has failed to meet its stated goals entirely.

Problems

Vulnerability to mining monopoly

"51% attacks" become more difficult to launch and maintain as the hash rate of the network grows. However, this argument posits that since scrypt is designed to be inefficient on all common computer components (both CPUs and GPUs), a malicious entity need only produce a small batch of specialized/custom hardware to overtake all the commodity mining systems combined.

Memory bandwidth refutation

Some attempt to refute this by arguing that scrypt is not designed to be inefficient, but is instead designed to be highly dependent on memory bandwidth. Since the high-speed cache RAM on modern processors already takes up most of the die space, no sizeable improvement could then be made by creating custom chips. If we accept this argument we then estimate the cost of attack utilizing GPUs that are available today.

To do so we start with an estimated cost of hardware at $400 per megahash per second and a reasonable network hashrate of 30 gigahashes per second. The total amount of equipment necessary to match and takeover this network via 51% attack would then be an estimated $12M USD (or about 45,000 AMD HD 7950s).

Variations

In mid-2013, a user nicknamed pocopoco introduced an altcoin ("YACoin") using scrypt with an adaptive "N-factor"[1].

References