ASIC Resistance Is Still Worth the Fight for Egalitarian Mining, This Time With Merkle Tree Proofs (MTP)
ASIC resistance is worth pursuing for egalitarian mining with our new Proof of Work (PoW) algorithm, Merkle Tree Proofs (MTP). Although some projects have given up on ASIC resistance seeing it as an unattainable goal, we at Zcoin believe it is premature to throw in the towel.
The argument for ASIC resistance
ASIC resistance is akin to an arms race, a battle between algorithm designers and ASIC designers. MTP is a Proof of Work (PoW) algorithm which fights cryptocurrency mining centralization that results from ASICs.
We want to level the playing field for cryptocurrency miners, which is why Zcoin has been working to become the first cryptocurrency to implement MTP. Through these efforts, we hope to democratize cryptocurrency mining once again.
An ASIC resistant Proof of Work (PoW) algorithm means:
- The advantage that an ASIC usually gains over widely available commodity hardware, such as CPUs and GPUs, is limited.
- It will be more costly to develop and manufacture ASICs based on algorithms.
Having an ASIC resistant algorithm discourages ASIC developments, allowing those with commodity hardware such as GPUs and CPUs to mine coins on a more or less even playing field.
This has two main benefits: decentralized security and wider coin distribution. Instead of concentrating the security of the blockchain in large mining farms, the security of the network is evenly dispersed among individual miners around the world. There’s also some who believe that decentralizing hashrates also increases censorship resistance.
However, the more important role of ASIC resistance is that it enables a wider coin distribution. With MTP, everyone has a fair playing field to earn coins and can use existing ubiquitous computer hardware, as opposed to buying specialized ASICs that only mine a specific algorithm. We have also seen countries such as Venezuela and Vietnam ban the import of ASICs to try and stop the proliferation of cryptocurrencies. However, banning the import of computer hardware equipment can often have a disastrous impact on a country’s economy.
ASICs are still controlled by monopolies
There are projects that believe ASICs should be embraced, even during the early stages of a coin’s development, provided that ASICs can be commoditized. This means making it widely available for the average consumer, with various manufacturers competing to provide ASICs at competitive prices.
Indeed ASICs do provide many benefits, such as a more stable hashrate as miners are locked into their chosen algorithm and cannot easily switch their mining efforts from coin to coin. It can be argued that this leads to greater network security since most of the hashrate will already be deployed to mining, as opposed to commodity hardware mining where you can rent mining power from places such as from Nicehash.
Coins that do well with ASICs, such as Bitcoin, Bitcoin Cash, Litecoin and Dash, have had many years to develop their community and cannot be likened to newer projects which do not have the benefit of a long period of fair distribution. We believe that embracing ASICs in these early stages is not the right move. There is also talk of creating open-sourced. ASIC technology, allowing a variety of manufacturers to produce them However this would mean larger companies with R&D would likely produce even more efficient ASICs, or have economies of scale to produce them at lower costs.
In the current industry, any algorithm that is ASIC friendly can be taped out by only a handful of large companies like Bitmain very quickly and at relatively low cost. Immediately its hashrate is dominated by ASICs, and mining manufacturers can mine it secretly on their own severely limiting coin distribution.
Projects attempting to control this process, such as the centralized storage platform SIA, spent significant sums of money and time developing their own ASIC, only to have Bitmain beat them to it. SIA is now hard forking to selectively favor their own miners, defeating the aim to commoditize ASICs. It is our belief that cryptocurrency projects are not hardware businesses, and the focus should be on developing software and technology, leaving the companies that are more geared and have the engineers and specialties to develop ASICs.
Furthermore, ASIC commoditization proponents often argue that it doesn’t matter that there are only a handful of companies that can produce ASICs, pointing out to the computer industry where few companies like Intel AMD, Nvidia dominate. Yet what this argument ignores is that unlike these companies where cryptocurrency mining is a small part of their business and their major goal is to sell as many of their chips as possible, ASIC manufacturers have a disincentive to sell their ASICs if it is more profitable for them to make them through mining themselves therefore, they will only sell it at a price that also factors in the potential gains from mining, as was the case with Bitmain, who altered the price of its Ethereum ASIC from 800 USD in the first batch to 2150 USD in the second batch, implying that its cost price maybe many times lower.
ASICs are less efficient with memory hard algorithms
There is a growing group of people who believe that ASIC resistance is futile and there will always be ASICs for any algorithm. Although it is true that ASICs can be developed for any algorithm, if we can increase the costs of development and manufacturing, reducing the potential efficiency gains, this would delay the time before ASICs are developed.
We are already seeing this with SHA256 ASICs (for Bitcoin or Bitcoin Cash), which are many thousands of times faster than a GPU. Scrypt ASICS (for Litecoin/Dogecoin) are several hundreds of time faster, while algorithms such as Equihash (used in Zcash), are five to ten times and Ethash (used in Ethereum) is about two to three times. We can see that with the corresponding increase of use in memory, the advantage of ASICs continuously drops although it is true that ASIC designers and manufacturers are getting faster at developing and rolling out their products.
Algorithm | Memory required | ASIC Advantage |
SHA256 | None | Many thousands of times |
Scrypt | 128 KB | Hundreds of times |
Cryptonight | 2 MB | Hundreds of times (lower than Scrypt) |
Equihash | 144 MB | 5-10x |
Ethash | 2.71 GB | ~2x |
MTP, as implemented by Zcoin, uses 4 GB of memory, and can still use higher values like Ethash, which is already reasonably ASIC resistant, only refreshes its memory pad once every 100 or so hours, MTP requires a refresh every block (5 minutes for Zcoin).
Another benefit of the large use of memory is that it is much less attractive to botnet mining given that infected computers would likely notice a significant degradation of performance.
The costs of developing an MTP ASIC would be high. Given its high memory usage with limited efficiency gains, MTP computations are designed to be as computationally costly as possible for ASICs while remaining the same for normal computers. This will allow time for Zcoin’s community and adoption to grow before ASICs become commercially viable.
PoW hard forks are not sustainable
There are coins such as Monero who also pursue ASIC resistance, but do it in a rather ad-hoc manner by scheduling hard forks every few months with a parameter change of their proof of work algorithm. The theory is that the frequent changes would limit the lifespan of ASICs developed, discouraging manufacturers from developing them. Some coins even release very few details of their planned changes to prevent ASIC manufacturers from getting a head-start.
However, there is mounting evidence that ASICs can accommodate parameter changes albeit with lesser efficiencies. Given the anti-ASIC stance adopted by the projects, even if such miners are developed, there is a strong incentive to keep such miners secret from the public and in fact, there is a belief that Monero was mined by ASICs way before the public release of the ASIC miners.
Each hard fork is also a risk and introduces instability as miners have to transition to the new algorithm and during this period, the security of the coin is more susceptible to 51% attacks. This is further worsened if the POW changes are kept secret. It also tends to spawn new ‘forks’ that are confusing to users, such as as can be seen with Monero Classic, Monero 0, Monero V. It is also a strain to users and the ecosystem to continuously have to stay abreast of software updates, lest they be left on the old chain.
We believe that hard forks just for the sake of fighting ASIC resistance is unsustainable, introduces a lot of risk to the network and the user and introduces another form of centralization through reliance on the development team.
This is why we believe that research and implementation of algorithms such as MTP are still a worthwhile endeavor in providing a sound basis for ASIC resistance. Also, unlike many ad-hoc algorithms, MTP has gone through academic review and a Zcoin funded bounty program to prove its resistance against cheating attacks. MTP also can still be further improved with further future-proofing techniques.
The goals of fair and wide distribution of cryptocurrencies, decentralized security and allowing the average user to become a miner are still within reach if research into ASIC-resistant algorithms is continued. As we have seen the drawbacks of other strategies, we believe that such algorithms are the best way to achieve it despite the ever-growing challenge of increasingly efficient ASIC manufacturers.
We believe MTP is a good solution for coins such as Zcoin that are still early in their distribution phases, though we believe that further work can be done in improving MTP and always welcome feedback. To achieve the original goal of making cryptocurrencies a truly global digital currency, we would like to encourage researchers and the community to not give up the fight for ASIC resistance.