Interesting Commentary from the Creator of Hashcase

I ran across a fascinating post from a few months ago written by the creator of hashcash for the need of Bitcoin to move to sCrypt to avoid the eventual centralization of mining power by ASICs which, otherwise, would result in the eventual control of bitcoin by major corporations inevitably leading to control by government dictate.

“defending ahead of the p2p nature of bitcoin – blending hashcash and scrypt” by adam3us


————- Quote—————

I presume most share the view that “me too” forks of bitcoin that
tweak parameters are a bad thing and should be ignored.  However I
think litecoin is the exception, because even though I am the inventor
of hashcash (the bitcoin mining function – yes I contributed to the
40MW and growing environmental crime;) – even with that personal
interest/attachment I think the scrypto mining function used by litecoin
has advantages and should be partially merged, and I’ll tell you how
why I think this, and how I think it would best be done.

The reason is litecoin is ASIC unfriendly, so that moore’s law chasing
generic CPUs and GPUs will track closer to what is achievable with
custom ASICs because of the intentional memory footprint.  Ok everyone
know how litecoin works, my point is meta, coming next: when the ASIC
wall hits (if butterfly ever ships) its probably going to put the GPU
miners out of business.

I think that is a bad thing for a few reasons: GPU mining is fun, it
adds the visceral gold-like aspect for users, and its inclusive, and
p2p friendly.  ASIC mining is exclusive, not in principle – nice ASIC
PCI cards and USB boxes could be built in $100, $200, $500, $1000
increments etc – but in practice because anyone with skills to make
cards has an obvious incentive to mine them themselves rather than
sell them.

(I just placed my own butterfly order + a two 5GH baby ones for my
teenage sons, one of who is enjoying GPU mining smiley.gif

Now the concern is longer term.  Imagine its 3-5 years down the road.
Rows of data center racks lined with blades chock full of 14nm
hashcash mining cores.  A danger I see is that manufacturers have an
interest to hoard as long as bitcoin price supports a high profit with
next gen hardware compared to what is available to others.  So the big
boys (and I mean financial houses, venture capitalists, kind of level)
will be best placed to be able to buy their way into the line at TMSC,
front millions in design, pre-order fees, circuit board design.  The
risk is p2p miners arent going to be able to get access to equipment
that can financially compete with this equipment.  Butterfly seems like
a small player – maybe they’ll ship.  But what can be done with the
above scale could eclipse their power and efficiency, probably in the
same way ASIC outclasses GPUs and I can see market reasons why
you or I wont be able to buy them.

Now some people might think so what – all’s fair in a moore’s law arms
race – thats part of the design.  And to some extent thats right.
Bitcoin could do fine like that, but it wont be a p2p currency any
more, not really.  That’s because if all the peers are big stock market
listed companies, with corporate lawyers, very statically and easily
identifiable, they will do whatever governments tell them to do.  And
governments will tell them to convert the network into swift 2.0
including government feeds for analysis (yes bitcoin is public anyway,
but not to your legally required truename etc), and legal requests to
block this and that payment entity change the protocol by fiat etc. to
roll back transactions because of some fraud or dispute unrelated to
bitcoin, to freeze and confiscate bitcoins – we’ll be back to square one.

At that point also they’d just as soon stop mining and write contracts
to each other and save the hashcash GWs.  Big companies are largely
scared enough of misbehaving or having their banking or wire transfer
revoked that they’re not going to hack a block chain fork or such

Now I think one reason you might want to listen to me, some random
crypto-hacker, is I think I’ve been here before.  I predicted
something similar about CAs a decade or more ago.  I said one should
not trust CAs (I can probably find the post), one should not build
ecosystems that rely on them implicitly – governments will simply get
them to issue fake certs and intercept or manipulate user traffic.
Roll forward 10 years and it eventually slips out that we have CAs on
the down-low selling rogue CA certs, and some pretty questionable
governments operate some CAs.  Mozilla is debating removing another
CA right now for some malfeasance.  (And Iranians and Syrians etc
critical of their government etc are being identified, rounded up tortured
and murdered with using the info).  Well and western companies with
government blessing or turning a blind eye are making and selling
them the equipment to do it with, and doing backroom deals with
the same dictators in the name of strategic influence

Anyway hopefully you see my point – you do want bitcoin to remain p2p
or there is a risk if too large entities evolve, of that destroying
the p2p nature, and essentially removing the need for or value of
distributed time-stamping using hashcash.

Secondly the p2p miners and users “own” and are the network.  We
should protect their interests.  Keep them interested in bitcoin via
the fun of mining.  Maybe you could do that via easy access to
competitive ASIC and above hardware built with kickstarter or open
source hardware or small companies like butterfly.  But I’m not
confident.  Or if I had influence I’d encourage implementing a backup
plan ready to roll out.

I suspect the network difficulty might even drop facing a wall of
ASICs over the next year or so if GPU mining goes the way of CPU
mining.  I say that because even though the ASICs might get 100x more
MH, they may drive out 1000 GPUs each, and then the ASICs get to
profit even more (they own a bigger than anticipated slice if
difficulty falls).  Doesnt affect bitcoin price necessarily, but
different people will be getting the mining rewards.

So if you buy any of the above here’s how I think it should be done
technically.  Clearly you dont want sudden changes, or it affects
confidence in the definition of bitcoins.  Maybe there are counter
arguments or other approaches.  I understand people are atttached to
the satoshi quo – as it should be sudden changes are bad.  You guys
are now in a EU troika like position you have to be careful what you
do because it can have consequences in the confidence in the BTC.
Maybe soon even what you say!  So I do respect the no sudden or
unconsidered moves concept.

Well my idea is this aim to get to 50:50 hashcash scrypt (or perhaps
even 66:33 so the hashcash which is potentially more vulnerable to
centralization cant control in the 50% sense of forks
if the corporates decide to fork the chain following a government edict)
hashcash and scrypt are accepted as both equally valid whoever
finds the collision of the required difficulty wins the 10min block.

Phase in, maybe be ready to phase in, but dont even do it until
trouble looms.  Start with 2% scrypt and grow every 2 weeks (same cylce
as difficulty adjustment).  But this is the trick: give hashcash and scrypt
independently calculated difficulties, the market will figure out the
fair value between them.  The custom ASIC filled rackmount corporte
guys at the high end may focus on the ASICs they hve 50% to play with.
Maybe they can help make things fast and reliable with nice servers
and bandwidth.  And everyone else can compete on a level field with
scrypt.  Now the corporate guys can get into scrypt also, but the harware
they buy is the same basic class as you or I can buy – Intel CPUs,
GPUs etc with the same power efficiency.

(A more detailed comment one may want to allow the scrypt size
parameter to be network dynamic like difficulty because if a CPU
starts to be common (or is developed custom for mining) with L3
cache larger than the avarage systems minimum assumable main
memory you have a big problem as memory bound computational puzzles like
Moderately Hard Memory Bound functions 2003 (of which scrypt
is an improved derivative)
are sensitive to too much ultra fast ram.  On the plus side the argument
is in general that variation in ram speed is less than variation in core
speed between mid and top range.)

You could consider it a BTC/LTC alloy so I guess I am arguing for a
gold-silver alloy coin.  (Or the BTC shiny coin logo always seem to
be 2 tone anyway already?)  A negative version of that could be call
of currency dilution, however I argue its not because it doesnt create
any new coins, just levels the playing field to lower hardware while
no one gets any particular advantage.

(Midly disgruntled after just having escaped the ignominy of being in
the newbie trap:).  But dont be gentle – bring on he nay saying – Ive
been through USENET flame wars of the early 90s – bring it on.

(My ignominy post towards my 5 to get out of newbie trap! )


ps Its kind of ironic – I got emails from Satoshi in 2008/2009 about
hashcash & inviting comments on his paper, and to try the alpha
software; the irony that I invented the hashcash function all the
CPU/GPU and ASIC miners are burning 40MW on and yet I dont own (nor
ever have) a single bitcoin.  What a foolish person.Surely I
should’ve tried it out mining at the beginning like Hal Finney did.
Well I’m going to fix that via mtgox & an asic miner but there’s no
way I’m going to get to Satoshi’s $100m genesis hoard level as a late
late player.

————- End Quote—————