Score:10

Proof of work designed for CPUs?

sg flag

My naive understanding of proof-of-work algorithms is that they are essentially a p=np type problem where it's easy to check a solution, but difficult to produce a solution.

I have recently read that some cryptocurrencies are based on algorithms that are designed to be resistant to ASIC mining - they're built to live on the GPU. This got me wondering if there is a proof-of-work algorithm that could be designed to run on CPU (and therefore GPU/ASIC usage would give poorer performance)?

My first instinct was no, but then I remembered that we don't use GPUs for the main operation of our computers and there is probably a reason. So is it possible to make CPU based proof-of-work algorithm that wouldn't translate to GPUs or ASICs?

sg flag
As a side note, I tried to search for similar questions, but I'm on the andriod app and it wasn't giving me much help! (I know it's no longer supported)
fgrieu avatar
ng flag
I'm not confident enough to make that an answer, but I think you are looking for [Argon2](https://github.com/P-H-C/phc-winner-argon2).
sg flag
@fgrieu thanks that does look like what I'm looking for. I'll read more into it to find out!
PrincePolka avatar
cn flag
RandomX is faster on CPU than GPU
ckamath avatar
ag flag
Also relevant: [memory-hard functions](https://eprint.iacr.org/2014/238) and [bandwidth-hard functions](https://eprint.iacr.org/2018/221).
ma flag
Although CPU mining seems more egalitarian, this [long article](https://medium.com/@nic__carter/its-the-settlement-assurances-stupid-5dcd1c3f4e41) argues that ASIC mining can be a good thing. Because ASICs are only useful for a particular coin, purchasing the hardware is a sunk cost so that the miner is committed to upholding that coin and potentially producing better long-term stability.
jp flag
Not a "P=NP type problem". Just a "NP type problem". NP problems are hard to solve but easy to check. P=NP is a separate question. If P=NP (unlikely) it means those problems are actually easy to solve after all.
marstato avatar
sa flag
Notice that GPUs are really only ASICs for 3d geometry calculations (and other stuff needed for rasteritation Rendering) with the latest generations adding circuitry specifically for Ray tracing. CPUs on the other hand are, by definition, the opposite. They must be able to carry out **almost any** calculation at a **reasonable** speed. As a result, they really aren't the best at anything. For almost any algorithm that one can conceive one can also make specialized ASICs that beat a CPU in that task. So as soon as your cryptocurrency offers large revenues someone will build one.
SEJPM avatar
us flag
As pointed out by others: You are looking for memory-hard and bandwidth-hard functions which are typically found in the context of password hashing / password-based key derivation which try to be formulated that the best hardware implementation is reasonably close to current CPU designs.
Score:11
cn flag
jjj

CryptoNight, the pow function used by Monero is such a function. https://monerodocs.org/proof-of-work/cryptonight/ Basically it needs more random memory accesses, and GPU memory is not designed for that. So the bottleneck is not the computing power, but the access to the memory. The CPU needs fast and random access to the memory all the time to execute programs, so it is designed to be good at that. Additionally CryptoNight is designed to work great with the L3 cache size of most CPU for really fast access.

Edit: Monero uses RandomX now and not CryptoNight, as I was told in the comments. The principle of relying on random memory access stays the same. In addition the instructions used for calculation depend on the input, what is really bad for gpu, since the cores can only perform the same instructions (they don't have separate program counters)

baro77 avatar
gd flag
just to specify that actually Monero isn't using CryptoNight anymore, RandomX instead
ar flag
It is worth noting that CryptoNight is no longer used by Monero, since the emergence of ASICs that outperform CPUs - contrary to what they expected. This has proved to be something of a cat and mouse game.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.