|
|
@@ -36,7 +36,7 @@ A low-memory, GPU and ASIC-resistant hash algorithm called **Random Hash** is pr
|
|
|
### Overview
|
|
|
|
|
|
1. Hashing a nonce requires ```N``` iterations (called rounds)
|
|
|
-2. Each round selects a random hash function from a set of 16 well-known hash algorithms
|
|
|
+2. Each round selects a random hash function from a set of 18 well-known hash algorithms
|
|
|
3. The input at round ```x``` is salted with the outputs of all prior rounds
|
|
|
4. The input at round ```x``` is salted with the output of all prior rounds **of a different nonce**, randomly determined
|
|
|
5. The input at round ```x``` is a compression of the transitive closure of prior/neighbouring round outputs to the size of ```100 bytes```
|
|
|
@@ -201,7 +201,11 @@ As a result, it's expected that GPU performance will at best never exceed CPU pe
|
|
|
|
|
|
#### ASIC Resistance
|
|
|
|
|
|
-ASIC-resistance is fundamentally achieved on an economic basis. Since 16 hash algorithms are employed the R&D costs of a RandomHash ASIC are equivalent to that of 16 ordinary mining ASICs. Furthermore, due to the non-deterministic branching and executive decision making arising from Mersenne Twister, expansion and contraction, an ASIC implementation will inevitably result in densr and highly inter-connected cells, impacting performance. It is the opinion of the author that such an ASIC design would, in some ways, require "re-creating a CPU" wihtin the ASIC, defeating its purpose. However, fundamentally it is expected that since the costs to develop will far exceed the ROI, no rational economic actor will undertake ASIC development of RandomHash.
|
|
|
+ASIC-resistance is fundamentally achieved on an economic basis. Due to use of 18 sub-hash algorithms it is expected that the R&D costs will mirror that of building 18 independent ASICs. This moves the economic viability goal-posts by an order of magnitude. For as long as the costs of ASIC development remain in relative parity to the costs of consumer grade CPUs, a RandomHash ASIC will always remain "not worth it" for a "rational economic actor".
|
|
|
+
|
|
|
+Furthermore, RandomHash offers a wide ASIC-breaking attack surface. This is due to it's branch-heavity, serial, recursive nature and heavy dependence on sub-algorithms for hashing and generating randomness. By making minor tweaks to the high-level algorithm, an ASIC design can be mostly invalidated and send back the drawing board.
|
|
|
+
|
|
|
+This is true since ASIC designs tend to mirror the assembly structure of the algorithm rather than the high-level algorithm itself. Thus by making relatively minor tweaks to the high-level algorithm but that result in major assembly-level changes, the ASIC design is obsoleted. So long as this policy is maintained by the PascalCoin Developers and Community, ASIC-resistance is guaranteed.
|
|
|
|
|
|
#### RandomHash Variations
|
|
|
|
|
|
@@ -346,7 +350,7 @@ This PIP is not backwards compatible and requires a hard-fork activation. Previo
|
|
|
|
|
|
## Reference Implementation
|
|
|
|
|
|
-A reference implementation will be provided in the coming weeks.
|
|
|
+A reference implementation of RandomHash can be found [here][3].
|
|
|
|
|
|
## Acknowledgements
|
|
|
|
|
|
@@ -356,6 +360,7 @@ Refinements to improve GPU-hardness were provided by Ian Muldoon.
|
|
|
|
|
|
1. [Mersennne Twister Implementation (Lazarus/FPC)][1]
|
|
|
2. [MurMur3 Implementation (Lazarus/FPC)][2]
|
|
|
-
|
|
|
+3. [RandomHash Reference Implementation][3]
|
|
|
[1]: http://wiki.freepascal.org/A_simple_implementation_of_the_Mersenne_twister
|
|
|
[2]: https://github.com/Xor-el/HashLib4Pascal/blob/master/HashLib/src/Hash32/HlpMurmurHash3_x86_32.pas
|
|
|
+[3]: https://github.com/PascalCoin/PascalCoin/blob/master/src/core/URandomHash.pas
|
Herman Schoenfeld