Why changing algorithms is a mistake

Read about Prohashing, mining, and coins in general!
Forum rules
Sign up to be notified of new posts to the Prohashing Blog at http://eepurl.com/gx1e0j

For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
Post Reply
User avatar
Steve Sokolowski
Posts: 4585
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Why changing algorithms is a mistake

Post by Steve Sokolowski » Wed Oct 07, 2015 7:43 am

Several coins, mostly SHA-256 and scrypt, recently decided to hard fork and change algorithms. You can notice many of these coins are in the coin discontinuation list that Chris maintains. One of the most notable is Monacoin, a valuable and widely used coin in Japan.

The reasons provided for switching algorithms vary, but many developers do so in the hopes of making their coins "ASIC-resistant." According to this philosophy, requiring miners to purchase expensive equipment increases centralization. Allowing miners with cheaper GPUs or CPUs to mine the coin is intended to prevent any one miner or pool from controlling too much of the network. Unfortunately, this logic is flawed and many coins have failed, often in the hard fork process itself. Those that survive remain even more vulnerable to attack afterward.

First, hard forks are dangerous. Since exchanges control whether a fork is accepted or not (not miners, as one might expect), all the miner support in the world can't force a fork that exchanges are unwilling to support. The fork risk is particularly high when a coin is only offered for trade at one exchange. In the case of Cryptsy, which responds to support tickets infrequently, being able to contact someone to upgrade the daemon is unlikely. When a developer has released software and encouraged everyone to upgrade before getting Cryptsy onboard, the coin almost always dies as a result of the miner-exchange disagreement. More importantly, however, even if the fork is successful, the network becomes less secure. There are over 20 algorithms that do not have any ASICs available in use by coins today, so miners can switch between them at will. Owners of ASICs have an interest in keeping the coins the are mining alive, because their ASICs have no value otherwise.

On the other hand, miners using general-purpose computing equipment have no such incentive. If the coin they are mining dies, or even if every coin they can possibly mine dies, they can reassign their computing power to some other purpose, like scientific computing. Furthermore, mining using an "ASIC-resistant" algorithm brings its own vulnerabilities. An adversary can temporarily rent GPU power from a cloud computing service like Amazon's EC2 instances, attack until the network is forked and interest wanes. Costs can be minimized by attacking only when the community thinks the coast is clear, since these services only charge for the amount of computing power actually used. There is no delay to manufacture and ship the ASICs, to set them up, and to sell them after the attack is over; anyone with a small amount of money can attack "ASIC-resistant" coins at little risk.

SHA-256 and scrypt are the most secure algorithms available right now because the requirement for ASICs prevents the instantiation of huge, general-purpose, cloud mining farms. Coin developers should be seeking ASICs as a safeguard against attacks from cloud miners, not running away to less secure algorithms.
Post Reply