Author: Natanael 2017-04-18 10:34:04
Published on: 2017-04-18T10:34:04+00:00
In an email dated April 18, 2017, Natanael proposed that the best option for changing proof-of-work (PoW) is an algorithm that is moderately processing heavy and resists partial state reuse. The algorithm should have an existing reference implementation for hardware that is provably close in performance to the theoretical ideal implementation of the algorithm. For miners, cost primarily depends on correctly computed hashes per joule, which is directly related to the number of transistor activations per computed hash. An implementation must be near optimal, meaning that there is a minimum number of necessary transistor activations per computed hash and that the implementation is within a reasonable range of that number. To prevent ASICBOOST-style optimization, the implementation should not allow much internal state reuse and the PoW step should always be the most expensive part of creating a complete block candidate. Any proof of an implementation being near optimal must consider the possibility of designs that deliberately allow errors just to reduce the total count of transistor activations per a certain amount of computed hashes. The algorithm should be reasonably easy to verify and difficulty must be easy to adjust. It should also have cryptographic strength, predictable and close to constant PoW computation performance, no significant reusable state, no meaningful precomputation possible, and rely only on transistors for implementation. The mining PoW should be highly parallelizable, with minimal or no gain from batch computation, and performance scaling should be linear with increased chip size and cycle speed. Overall, the algorithm should have a constant verification speed, be reasonably fast even on slow hardware, have no hidden shortcuts, and be reasonably compact in implementation with small inputs and outputs.
Updated on: 2023-06-12T00:29:42.535308+00:00