Score:10

Crypto

Proof of work designed for CPUs?

user6916458

10/29/22, 7:17 PM

My naive understanding of proof-of-work algorithms is that they are essentially a p=np type problem where it's easy to check a solution, but difficult to produce a solution.

I have recently read that some cryptocurrencies are based on algorithms that are designed to be resistant to ASIC mining - they're built to live on the GPU. This got me wondering if there is a proof-of-work algorithm that could be designed to run on CPU (and therefore GPU/ASIC usage would give poorer performance)?

My first instinct was no, but then I remembered that we don't use GPUs for the main operation of our computers and there is probably a reason. So is it possible to make CPU based proof-of-work algorithm that wouldn't translate to GPUs or ASICs?

2419

1 + 9

proof-of-work

cpu

user6916458

10/29/22, 7:18 PM

As a side note, I tried to search for similar questions, but I'm on the andriod app and it wasn't giving me much help! (I know it's no longer supported)

fgrieu

10/29/22, 7:29 PM

I'm not confident enough to make that an answer, but I think you are looking for [Argon2](https://github.com/P-H-C/phc-winner-argon2).

user6916458

10/29/22, 7:39 PM

@fgrieu thanks that does look like what I'm looking for. I'll read more into it to find out!

PrincePolka

10/29/22, 8:59 PM

RandomX is faster on CPU than GPU

ckamath

10/30/22, 4:11 AM

Also relevant: [memory-hard functions](https://eprint.iacr.org/2014/238) and [bandwidth-hard functions](https://eprint.iacr.org/2018/221).

Nayuki

10/30/22, 6:12 AM

Although CPU mining seems more egalitarian, this [long article](https://medium.com/@nic__carter/its-the-settlement-assurances-stupid-5dcd1c3f4e41) argues that ASIC mining can be a good thing. Because ASICs are only useful for a particular coin, purchasing the hardware is a sunk cost so that the miner is committed to upholding that coin and potentially producing better long-term stability.

user253751

10/30/22, 9:08 AM

Not a "P=NP type problem". Just a "NP type problem". NP problems are hard to solve but easy to check. P=NP is a separate question. If P=NP (unlikely) it means those problems are actually easy to solve after all.

marstato

10/30/22, 10:19 AM

Notice that GPUs are really only ASICs for 3d geometry calculations (and other stuff needed for rasteritation Rendering) with the latest generations adding circuitry specifically for Ray tracing. CPUs on the other hand are, by definition, the opposite. They must be able to carry out **almost any** calculation at a **reasonable** speed. As a result, they really aren't the best at anything. For almost any algorithm that one can conceive one can also make specialized ASICs that beat a CPU in that task. So as soon as your cryptocurrency offers large revenues someone will build one.

SEJPM

10/30/22, 10:45 AM

As pointed out by others: You are looking for memory-hard and bandwidth-hard functions which are typically found in the context of password hashing / password-based key derivation which try to be formulated that the best hardware implementation is reasonably close to current CPU designs.

Score:11

Crypto

jjj

10/29/22, 9:54 PM

CryptoNight, the pow function used by Monero is such a function. https://monerodocs.org/proof-of-work/cryptonight/ Basically it needs more random memory accesses, and GPU memory is not designed for that. So the bottleneck is not the computing power, but the access to the memory. The CPU needs fast and random access to the memory all the time to execute programs, so it is designed to be good at that. Additionally CryptoNight is designed to work great with the L3 cache size of most CPU for really fast access.

Edit: Monero uses RandomX now and not CryptoNight, as I was told in the comments. The principle of relying on random memory access stays the same. In addition the instructions used for calculation depend on the input, what is really bad for gpu, since the cores can only perform the same instructions (they don't have separate program counters)

0 + 2

baro77

10/30/22, 9:35 AM

just to specify that actually Monero isn't using CryptoNight anymore, RandomX instead

James_pic

10/30/22, 9:36 AM

It is worth noting that CryptoNight is no longer used by Monero, since the emergence of ASICs that outperform CPUs - contrary to what they expected. This has proved to be something of a cat and mouse game.