26

GPU-mineable cryptos are arguably more decentralized.

Did he simply miss this design aspect or does this sound fishy to you?

Murch
  • 71,155
  • 33
  • 180
  • 600
parliament
  • 363
  • 1
  • 3
  • 6

7 Answers7

78

Bitcoin was not designed to only be mineable with specialized hardware. When Bitcoin was created in 2009, ASIC miners did not exist, SHA256d ASICs did not exist. Even GPU mining software did not exist because mining was a completely new thing. Bitcoin's difficulty was low enough for Bitcoin to be CPU mined on a laptop.

However over time, as more and more people began using and mining Bitcoin, the difficulty increased. Eventually someone figured out how to do GPU mining and wrote software for it, so Bitcoin moved on to GPU mining. Eventually someone figured out how to mine Bitcoin using FPGAs (Field Programmable Gate Arrays) so Bitcoin moved onto being mined with FPGAs. Eventually someone figured out how to build ASICs (Application Specific Integrated Circuits) for mining Bitcoin, so Bitcoin moved onto ASIC mining.

Satoshi did not intend for Bitcoin to be mined with ASICs (or even GPUs or FPGAs); it was meant to be mined on CPUs, but over time, as technology advanced, people figured out better ways to mine.

Andrew Chow
  • 67,209
  • 5
  • 76
  • 149
  • 3
    Just to add, this is mentioned in the original whitepaper which is a short read. I'd recommend anyone interested in Bitcoin to read it as a starting point. https://bitcoin.org/bitcoin.pdf – Toby Hawkins Nov 09 '17 at 22:55
  • 56
    It's not really "*someone figured out*" how to mine on FPGAs or ASICs: an intelligent first year undergraduate could port SHA256 from C to Verilog. It's more that it began to make economic sense. ASICs in particular require a big enough up-front investment that you need economies of scale. – Peter Taylor Nov 09 '17 at 23:27
  • 3
    @PeterTaylor It is not the case that an intelligent first-year could design an ASIC to efficiently mine Bitcoin. – jwg Nov 10 '17 at 13:51
  • 4
    @jwg: if we're to nitpick and catch words, he said "a student could" not "any student can" and that makes a whole lot of difference :) – quetzalcoatl Nov 10 '17 at 20:52
  • Also keep in mind that it took a while for the hardware to actually be profitable. At the start, I remember tat ASICs were nice but the profit margin was very low. The cost of the device plus the cost of electricity and the cost of cooling meant a very significant investment to see a return higher then say a US$ savings account (which isn't much). As hardware got better and cheaper the profit margins increased, and made it a more viable option. – coteyr Nov 10 '17 at 21:37
  • And don't forget to be a legit miner you may have to pay taxes and other such fees in your region. – coteyr Nov 10 '17 at 21:41
  • FPGAs then ASICs were specifically made not just to be "faster". But also to use much less energy (so then it was more profitable too: yes it was costly to design, but when scaling up, it was more protitable, especially in locations where electricy is costly). But it was not sufficient, and now miners are running mostly in locations where power is very cheap (nuclear or geothermal, it could eventually use gas in Russia or Arab Emirates), including for cooling (e.g. in Iceland and Arctic regions). – verdy_p Aug 19 '22 at 04:10
  • But mininig in regions where power is expensive, limited and polluting, mining is now prohibited or severely taxed (so they are no longer profitable): lot of miners were destroyed or stopped by their owners that just loose their money (notably those using GPUs and all those using CPUs). – verdy_p Aug 19 '22 at 04:13
  • But this also means that less people can mine and mining is more centralized than before and there's a growing risk of some large enough organization to take over 50% of minin power (unless there are lot of people mining in large pools, without ever being profitable, except to avoid a monopolistic control of Bitcoin's consensus to break the market equity). But it is known now that even a 25% share of miniing power is enough to get a significant advantage and progressively take control Bitcoin's value with forked chains: it may explain why Bitcoin's market value has dropped so abruptly. – verdy_p Aug 19 '22 at 04:18
  • So Bitcoin (or any other chainstate) must create an innovative way to regulate its consensus and allow again more decentralization. But it's a very difficult problem (it would probably require some IA to locate chains of transactions that are too much coordinated by a controling entity, and lower the weight of their "votes" in the consensus, and probably introduce some cryptographic-level randomness in the consensus process to break their coordinated strategies). – verdy_p Aug 19 '22 at 04:24
  • Creating a purely decentralized network is a dream: it is already extremely difficult to reach in other Internet domains. Look at what large monopolistic search engines can do, and if Google for e.g. introduces some Quantum Computing (QC), it could have a very powerful IA to break all existing attempts to get a decentralized consensus! This also affects now all automated markets or insurances, all interested in IA (and now also in QC), as well as dictatures (to control the opinions). – verdy_p Aug 19 '22 at 04:29
13

GPU-mineable cryptos are arguably more decentralized.

Sure, but in a bad way.

Say you want to attack or compromise bitcoin. You have to buy ASICs to do it. You could use GPUs or CPUs, but you would be at a tremendous disadvantage. The honest guys would win.

So you have to invest in all these ASICs to attack bitcoin. And if you succeed, you turn your expensive ASICs into space heaters. That makes it very unlikely that such an attack will be cost-effective. That makes the system more secure.

By contrast, there are computing clusters with large numbers of GPUs. You can rent them by the hour. That means you can attack a digital asset secured by an algorithm that runs efficiently on a GPU without having to invest in it. That makes it less secure.

People can argue about how much of a decentralization difference it makes and whether that matters. But this security difference seems, at least to me, to be much more significantly. Satoshi accidentally got it right.

David Schwartz
  • 51,308
  • 6
  • 106
  • 177
  • 4
    I wouldn't say "accidentally". Bitcoin was intentionally designed so that the difficulty of mining would increase to compensate for increased computing power. It's doing exactly what it was supposed to do: making sure that it will always be hard enough to mine that it's not feasible for an attacker to dominate the network, no matter how much more powerful our computers become. Think of mining difficulty not in terms of absolute difficulty but in terms of difficulty relative to the average computing power available at the time - the relative difficulty is designed to always remain the same. – micheal65536 Nov 10 '17 at 14:45
  • 4
    @MichealJohnson What I mean by "accidentally" is that I don't think Satoshi thought through the consequences of picking an algorithm that has the particular characteristics SHA256d has. He didn't think through what would happen if the algorithm required lots of memory versus what would happen if it required lots of branching. By accident, he picked an algorithm that accelerates on ASICs extremely well. And many people even initially thought that was a bad thing. (And this question shows that many people still do.) But I think time will prove that it's the best choice. – David Schwartz Nov 10 '17 at 21:22
  • The crucial part is that, no matter what algorithm is chosen, the design of the network is such that the computational power required to solve the challenge will increase in proportion to increases in available computational power (for whatever particular algorithm is used). This applies no matter how easy or hard the algorithm is, because the network will compensate to ensure that the work is always the same difficulty. – micheal65536 Nov 11 '17 at 15:01
  • 1
    @MichealJohnson I honestly don't see how that's even remotely relevant to the issues being discussed here. – David Schwartz Nov 11 '17 at 17:51
  • He did not "accidentally" choose an algorithm with particular characteristics. The characteristics of the algorithm are irrelevant, the network was designed to give a particular behaviour regardless of the algorithm chosen and the available computing power. If he'd chosen an easier algorithm, the network would've compensated to make the work as difficult, so no matter what algorithm was chosen you wouldn't find people renting GPU clusters because too many people would be using GPU clusters and the difficulty would increase to compensate. – micheal65536 Nov 11 '17 at 20:11
  • 1
    @MichealJohnson You are very, very wrong. But I'm not sure I can untangle your confusion in the space here. First: He did accidentally choose an algorithm with particular characteristics. There's no evidence he considered the differences between memory hard, decision hard, and calculation hard algorithms. And that makes a huge difference in the final result because whatever is most efficient at executing the algorithm is what will wind up executing it. – David Schwartz Nov 11 '17 at 20:25
  • 1
    @MichealJohnson Second, you are considering miners who seek to make a profit from mining rather than attackers who seek to disrupt the system (for example, to make a profit by *shorting* bitcoin). If Satoshi had picked and algorithm that worked best on GPUs, then attackers would rent GPU clusters to attack the system. I'm not sure if you didn't read my answer or didn't understand it, but what you are saying has nothing to do with the issue -- which is attack resistance. – David Schwartz Nov 11 '17 at 20:25
  • I think you're missing my point. My point is that the network was designed to be resistant to attacks of the kind that you describe *regardless of the particular characteristics of the algorithm used or what hardware it is most efficient on*. If the algorithm worked best on GPUs and a lot of miners/potential attackers were renting them, the network's difficulty parameter would be adjusted so that it was no longer feasible to mine enough bitcoin on a rented GPU cluster. The idea of the difficulty parameter is to limit mining to expensive/not-easy-to-obtain hardware. – micheal65536 Nov 12 '17 at 15:10
  • @MichealJohnson Sorry, you still are totally wrong about these issues. First, attackers have no effect on the difficulty, only honest miners who extend the longest chain do. Second, what limits mining to expensive and not-easy-to-obtain hardware is the fact that bitcoin chose an algorithm that runs best on expensive and not-easy-to-obtain hardware, not the difficulty. Had Satoshi used an algorithm that runs best on general purpose CPUs, miners would use general purpose CPUs. – David Schwartz Nov 12 '17 at 18:17
  • This is the point: If Satoshi had used an algorithm that runs best on general purpose CPUs, miners would use general purpose CPUs *until the network increases the difficulty to compensate for the number of miners*. After that, miners would have to upgrade to more powerful hardware (whether that be CPUs, GPUs, or ASICs is irrelevant). And "attackers" in this case refers to "miners" who modify the block and then complete the proof of work, with the aim to complete the proof of work before anyone else, so the same rules and difficulty applies to both miners and attackers. – micheal65536 Nov 14 '17 at 07:50
  • @MichealJohnson No. If the algorithm runs best on general purpose CPUs, then upgrading to "more powerful hardware" would make things worse because they would no longer have the hardware the algorithm runs best on and thus would lose money. But all the evidence we have suggests that Satoshi didn't think about this and just chose the algorithm that is the simplest that can provide the needed security for transactions. As it happened, that's an algorithm that runs best on ASICs because ASICs are awesome at simple algorithms. Intel puts billions into making their CPUs the best at something. – David Schwartz Nov 14 '17 at 09:25
  • If the algorithm runs best on CPUs then the difficulty would be increased until miners have to buy expensive, very powerful CPUs. They'd still use a CPU, but just one that's prohibitively expensive for an attacker to get enough of. (The same applies to algorithms that run best on GPUs, or any other kind of hardware.) – micheal65536 Nov 14 '17 at 17:22
  • @MichealJohnson I feel like you're not reading what I said. I specifically said, "if the algorithm runs best on general purpose CPUs". And yet you somehow think that the algorithm will run better on "expensive, very powerful CPUs". If the algorithms runs best on general purpose CPUs, it will be less efficient on expensive, very powerful CPUs. For example, you can design the algorithm to require precisely as much cache per core as general purpose CPUs have. Powerful CPUs tend to have more cache, but that does them no good. Ditto with everything else. – David Schwartz Nov 15 '17 at 20:07
  • Tell me what you think will happen if I take something that runs happily on a general-purpose CPU and then run it on a more powerful CPU. I cannot think of any situation where a more powerful CPU won't perform better than a less powerful CPU. "More powerful" could refer to simply having a faster clock speed, or more cores where calculations could be done in parallel. – micheal65536 Nov 15 '17 at 20:11
  • @MichealJohnson "I cannot think of any situation where a more powerful CPU won't perform better than a less powerful CPU." It's not about performing better. It's about being more efficient. If that more powerful CPU has lots of cache that isn't being used but is still drawing power, it will cost more to get the same amount of work done. You can find lots of super-powerful, power hungry CPUs that, for example, don't run games significantly faster than much cheaper CPUs. – David Schwartz Nov 15 '17 at 20:12
  • @MichealJohnson Mainstream CPUs get a huge price/performance boost from the massive quantities they are manufactured in and the billions of dollars companies like Intel and AMD put into optimizing them. – David Schwartz Nov 15 '17 at 20:14
  • There are plenty of high-performance CPUs around as well, and they wouldn't be prohibitively expensive to a serious miner. And if there was demand for high-performance CPUs for mining, more work would be put into making them and the prices would come down. You know, ASICs designed for mining didn't exist on day one, someone had to design and manufacture them and the demand was high enough for this to be profitable, and the benefits were great enough for miners to buy them. – micheal65536 Nov 15 '17 at 20:55
  • @MichealJohnson Right, but those high-performance CPUs wouldn't help if the task was specifically designed to run best on commodity CPUs. With such a task, the demand for CPUs optimized for mining would align with the demand for better commodity CPUs (since the tasks have the same requirements), and would just result in more investment in commodity CPUs. (But in any event, you're getting way to into the details of just one hypothetical. The point is that the requirements of the algorithm determine the hardware used to mine.) – David Schwartz Nov 15 '17 at 20:58
  • How is more performance going to "not help" the task? – micheal65536 Nov 15 '17 at 21:28
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/68784/discussion-between-david-schwartz-and-micheal-johnson). – David Schwartz Nov 15 '17 at 21:44
4

People who say that GPU mining is more decentralized than ASIC mining forget that GPUs don't descend from the sky. There are companies that manufacture them, and since GPUs are incredibly complex pieces of hardware, the barrier of entry to this market is huge. If a startup company wants to start manufacturing GPUs for mining, it can't.

Right now, cryptocurrency mining is still a relatively small part of the business of companies like AMD and Nvidia. but as it grows, these companies will effectively be the controllers of mining.

Much better, in my opinion, is to have the hash function as simple as possible, so as the market grows, plenty of companies will have the opportunity to compete in manufacturing mining hardware.

Meni Rosenfeld
  • 19,650
  • 35
  • 70
2

That Bitcoin is only mineable on specialised hardware is not itself a design choice. It is a consequence of hinging the integrity of the system on a proof of work, combined with great interest in mining.

The following is an oversimplification, but it's the concepts that are interesting anyway.

The Bitcoin protocol itself does not mandate that mining must be so difficult that it can only be done with specialised hardware. However, the protocol does mandate that a block should be found on average every 10 minutes by the entire population of miners combined. Therefore the Bitcoin protocol has a difficulty parameter which is continually adjusted so that this 10 minutes goal is approximately followed.

As interest in Bitcoin has increased, so has the interest in mining Bitcoins, and so the population and power of miners has grown. Double the population or power of miners, and you halve the average time to find a block - and so the system will adjust by doubling the difficulty. The reward for finding a block is also independent of the number of miners, so doubling the population of miners also means each miner will on average get half as much mining reward per unit of time.

So: As the miner population grows and the difficulty increases, the profit margin for miners shrinks. Eventually mining is only barely profitable with very efficient hardware. This is not directly a design decision, but a necessary consequence of the decentralised design.

Emil Lundberg
  • 129
  • 1
  • This is false. It's a design choice. He could have, for example, picked an algorithm that runs with maximal efficiency on commodity CPUs. (As some other coins have.) He picked SHA256d which requires very little memory and almost no branching. That's why it's (for practical purposes) only mineable on specialized hardware. It may not have been a conscious choice, but it's the result of that design choice. – David Schwartz Nov 10 '17 at 21:24
  • 2
    @DavidSchwartz, I don't think it's practical to design something that is most efficient on commodity CPUs. If your proof of work makes use of a subset of a CPU's capabilities, then the most efficient way to perform that work is on a device that only provides that subset. If it makes use of the full range of capabilities, then not only is it best performed on commodity CPUs, it is best performed on *the one specific commodity CPU you designed it for*. – Mark Nov 10 '17 at 22:14
  • @Mark Not so for two reasons: 1) Economies of scale and the billions of dollars companies like Intel put into optimizing commodity CPUs can outweigh the benefits of removing unused functions but losing the economies of scale and optimizations. 2) It is not particularly difficult to make the algorithm tunable such that it continues to perform best on commodity CPUs as they evolve. – David Schwartz Nov 14 '17 at 18:58
  • @DavidSchwartz, I think your being unfair. In my opinion, Satoshi couldn't have known Bitcoin was going to grow as fast as it did. In fact, he himself thought it wasn't going to work. Satoshi picked SHA-256 because it was what Hashcash used for proof of work. – ecavero Feb 02 '18 at 02:36
  • @ecavero I agree that he couldn't have known the future, but nevertheless, he chose a mining algorithm that does not require lots of memory and does not require lots of decision making. That was a design choice. Far from being unfair, he accidentally got it right. – David Schwartz Feb 02 '18 at 05:09
1

Your question lacks historical sense.

When Satoshi Nakamoto considered Bitcoin, he had lots of very difficult problems to solve. For instance, the problem of distributed authentication, a problem that was never solved before. You should recall that there was no peer-to-peer electronic cash system before Bitcoin.

So, some of the current problems with Bitcoin could not be foretold, even by geniuses like the creator (or creators) of Bitcoin. It became such a huge phenomenon never seen before.

In any case, it is unfair to state that Bitcoin is not decentralized, since it is mined in many parts of the world, by many companies; it is still peer-to-peer. It is only concentrated, meaning that only large company pools can mine it efficiently.

Hilton Fernandes
  • 111
  • 2
  • Satoshi designed it so CPU's would mine making a decentralized network. I don't think he had the foresight to see that ASICs would come out and dominate the market. – Marc Alexander Nov 15 '17 at 17:33
0

I wouldn't be surprised if CPUs were more viable to mine with back in 2009 than graphic cards, in terms of hashpower, hence why he only thought of the CPU.

See for example the top notch graphic cards of 2009, vs the best processors,

http://www.tomshardware.com/charts/gaming-graphics-cards-charts-2009-high-quality/3DMark06-v1.1.0-3DMark-Score,1829.html

http://www.tomshardware.com/charts/2009-desktop-cpu-charts-update-1/3DMark-Vantage-1.0.2,1396.html

Now as time advanced, GPUs became much faster and were able to generate much more hashpower, but by that time Bitcoin was already running SHA-256.

Community
  • 1
Rutger Versteegden
  • 1,071
  • 7
  • 11
  • The first GPU miner for Bitcoin only appeared around the end of 2010. – Pieter Wuille Nov 09 '17 at 23:20
  • 7
    It wasn't so much that GPUs became faster, as that they became more *versatile*. In 2009, OpenCL was still in development, CUDA was of limited practical use, and most GPGPU computations were done via the cumbersome process of reformulating them as operations on graphics primitives. – Mark Nov 09 '17 at 23:47
-2

Once upon a time a golden dragon arose from its 12-year slumber gazing across the mortal realm. Its booming declaration in fiery breath through pursed lips and laser eyes like slits echoed from sea to sea: "Ridiculousness," roared the dragon!

The People in unison wondered, "WTF?"

Think, People.

There is an amobinable snowman's chance in Hell that Satoshi would have created a system promoting huge concentrations of power and unnecessary waste.

Also, would Satoshi define "Proof-of-Stake" as proof of how rich you are? More money = more votes; sound fair to you?

Is that peer-to-peer? Or is that peer-to-huge-unaccountable-corporation-who-tells-you-what-to-do?

Answer for the OP: Satoshi did not design a decentralized P2P system for exchange with expensive custom hardware in mind. Common sense dictates that is obviously contrary to the entire ethos of decentralization. There are many ways to design a system that defeats all the silly inefficiencies we are witnessing. For example, what if the Proof algorithm was cooperative rather than adversarial? What if it was about ordering or alphabetizing, duplicating and verifying such that the CPU cycles peers spent on calculations built upon and agreed with each other. Ohh of the top of my head, what if it was about averaging transaction timestamps and ordering them in a chain based on the # of times their info was duplicated.. say X number of times instead of N times. i.e. 6 or 10 duplications of transactions instead of a million duplications, for every single node, which come on... why is that necessary? If the blockchain historical proof of what happened is sufficiently far back in the blockchain such that everybody agrees on it, then why wouldn't 6 or 10 duplications suffice? Everybody doesn't need an exact copy of everything that happened. They just need to agree on what happened.

I'm sure several independent blockchain implementations/organizations of thought this through and even worked out the bugs and have implemented working solutions, by now. That's the way to get stuff, a lot of stuff, accomplished at low cost: give your ideas away for free and ask for suggestions.

So there is your answer: forget about it. Find a solution that does what you want then use it. []

Anyways, there are far more pressing existential issues we must address since the money issue has been resolved. Such as interplanetary warfare.enter image description here

Satoshi
  • 1
  • 2