Nothing in a dynamic system like PoW mining can be 100% anticipated, for example there might be advanced in manufacturing of chips which are patented and so on.
It sounds like your take is that this means no improvements can ever be made by any mechanism, however conservative. We do go into a fair amount of detail about Minimum Effective Hardness in our paper https://assets.pubpub.org/xi9h9rps/01581688887859.pdf , which is actually a special case of hardness that we invented for the context of adding an operation to a PoW, and how it applies to random matrix mults. Sent from my iPhone > On May 18, 2021, at 7:58 AM, ZmnSCPxj <zmnsc...@protonmail.com> wrote: > > Good morning Michael, > >> That’s interesting. I didn’t know the history of ASICBOOST. > > History is immaterial, what is important is the technical description of > ASICBOOST. > Basically, by fixing the partial computation of the second block of SHA256, > we could selectively vary bits in the first block of SHA256, while reusing > the computation of the second block. > This allows a grinder to grind more candidate blocks without recomputing the > second block output, reducing the needed power consumption for the same > number of hashes attempted. > > Here is an important writeup: > https://www.mit.edu/~jlrubin/public/pdfs/Asicboost.pdf > It should really be required reading for anyone who dreams of changing PoW > algorithms to read and understand this document. > > There may be similar layer-crossings in any combined construction --- or even > just a simple hash function --- when it is applied to a specific Bitcoin > block format. > >> >> Our proposal (see Implementation) is to phase in oPoW slowly starting at a >> very low % of the rewards (say 1%). That should give a long testing period >> where there is real financial incentive for things like ASICBOOST >> >> Does that resolve or partially resolve the issue in your eyes? > > It does mitigate this somewhat. > > However, such a mechanism is an additional complication and there may be > further layer-crossing violations possible --- there may be an optimization > to have a circuit that occasionally uses SHA256d and occasionally uses oPoW, > that is not possible with a pure SHA256d or pure oPoW circuit. > So this mitigation is not as strong as it might appear at first glance; > additional layers means additional possibility of layer-crossing violations > like ASICBOOST. > > > > > Regards, > ZmnSCPxj >
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
