Should we change PoW algorithm?

But isn’t the large MTP proof size good for decentralization? For a single desktop computer with 1 GPU it’s not that bad, but for a GPU mining facility, the aggregated bandwidth consumption is quite significant.

Good question. I’ll have to check if a GPU mining facility really has aggregated bandwidth consumption, though I’m sure there are other ways around that. For example if I have like 8 GPUs on one computer, I’m not consuming more bandwidth per se, as the share difficulty adjusts so I can be sending my shares less often.

Originally, I thought the large proof size would lead to pool decentralization as larger pools have to deal with many shares from many miners. However this hasn’t panned out and went actually the opposite way. The high bandwidth required means only a few pools are willing to host it but perhaps I’ll leave it to someone more qualified to comment on these points.

Looks like Redpanda mining started a poll on this.

The results are pretty interesting so far.

I’m sure that poll is biased since I doubt many people weighing in here have even seen the poll - and there needs to be a lot more sharing of facts on this forum before any poll would be valid.

I think the main question that should be asked - is: Should the algo that Zcoin uses try to remain FPGA and ASIC resistant? From what I have seen - the answer seems to be yes - and based on that - people should choose appropriately after a proper analysis.

Without understanding the implications of an algo change, the Zcoin hash can very easily be taken over by FPGAs or ASICs or CPU farms and then be mined and dumped without any concern for the long term health of the coin. This should be a very big concern.

The Zcoin community has shown an interest in keeping Zcoin FPGA and ASIC resistant and keeping it decentralized by allowing it to be mined primarily by individuals running small or medium sized mining rigs (with easily purchased consumer hardware - and not expensive specialized hardware).

After reading recent posts on Discord there should be concerns about FPGA and ASIC companies positioning themselves to jump on all coins switching over to ProgPow over the next few months - this should be factored into the decision the community makes.

The primary reason for Zcoin currently being FPGA and ASIC resistant is that MTP has not been implemented (successfully) by any other coin (Jemcash doesn’t count since it was just a scam) and there is not enough market to justify creating hardware specifically for MTP.

It’s interesting that there is so much interest by FPGA and ASIC developers in ProgPow, and there seems to be a real push by some people in that direction … with their own agendas.

If Zcoin were to switch to ProgPow - and join the existing coins (BCI, HORA, SERO, EPIC, ones that I know of … +?) already using ProgPow - this will give the FPGA and ASIC companies more reason to develop processors for ProgPow, and potentially take control - potentially opening Zcoin up to 51% attacks.

One of the other options that has been mentioned is tweaking MTP to reduce the size of MTP proofs, and reduce the future growth of the Zcoin blockchain, and reduce the bandwidth used by Zcoin mining - and continue using MTP for a while longer - and then see which algos are available in a year from now. This may be the best short term solution - but as with any change in algo there are risks and further analysis needs to be done on all options before the community can weigh in on which option they think is best.

As for RandomX - there has already been a lot of discussion - and I’d like to add one more real-life incident to the analysis: EpicCash uses three algorithims - ProgPow, RandomX, and CuckAToo31+. While mining this coin for a few weeks I learned a lot about how ProgPow and RandomX worked. While ProgPow mined quite nicely on existing GPU hardware (10xx nVidia cards mainly) there is no way of knowing if FPGAs or ASICs will make the difficulty too high to be worth the effort (and similar issues can happen with Zcoin). The problem that was seen by people mining EpicCash with RandomX was that over 95% of the RandomX blocks mined were going to a few wallets located in China (we could tell because of IP addresses used) - not only do they have very large CPU farms there - but they seemed to have found a way to modify the EpicCash opensouce blockchain/wallet code to get an advantage (cheat), and block others from getting many of the blocks.

If Zcoin were to go with RandomX there is no reason not to expect the same issues with CPU farms doing the same thing to Zcoin - and dump the coins and drive the price down even lower than before.

So the Zcoin community has a lot of research and analysis to do

Quick analysis:

Option1: Stay with current version of MTP

Pros - quickest solution - nothing to do

Cons - blockchain bloat and bandwith issues are causing problems and may impede scaling Zcoin to where it needs to go in the future

Option 2: Modify MTP to reduce MTP proof size

Pros - minimum amount of change while buying Zcoin time and holding off FPGAs and ASICs a while longer. On Discord DJM34 suggested removing old proofs after a while to reduce blockchain size

Cons - may take longer than most other options and possibly more risk (but may be worth it)

Option 3: Switch to ProgPow

Pros - other coins use it (already tested in production) - both software and hardware audits already done

Cons - other coins use it (may make it a larger more profitable target for FPGAs and ASICs) - FPGAs and ASICs already looking at ProgPow

Option 4: Switch to RandomX

Pros - likely more FPGA and ASIC resistant than other options

Cons - individual miners will have a hard time competing with very large CPU farms already in place

Option 5: Something else

Pros - dependent on what is chosen - but could be more FPGA and ASIC resistant than other options

Cons - will likely take longer than other options

I hope this helps … Reuben (and Zcoin team) - please feel free to use this (and add to it as required) to help people weigh-in before making a final decision.

2 Likes

Hey! I’ve updated the initial post with your inputs! Thanks! Do take a look. I’ve also made some corrections.

Here my take regarding if zcoin should change POW algorithm or not

First of all, I must say that I am not against an algorithm change however MTP took 2 years to develop before it gets released and changing it after a year, would definitely be bad. Also MTP is very unique in many aspect and is backed by scientific papers. It is clearly not perfect: large proof of work leading to high bandwidth usage and high yearly increase of the blockchain size.

Regarding the size of the proof of work, originally the idea behind having such large Proof of Work, was to keep a certain balance between initialization (creation of the scratchpad) and solution solving, making sure “cheating” couldn’t be achieved faster than a full solution solving. However, this argument became a bit irrelevant with time as new optimization of the mining software started to pop up. Currently if we had to keep up with this argument, we would probably have to increase the size of the L parameter (increasing again the size of the Proof of Work). However as long as there is no way to anticipate a solution (meaning that the access to the scratchpad is still fully random), it isn’t really a problem. So technically it is possible to reduce by some factors the size of the proof of work.

Regarding the storage of the full solution of the proof of work into the blockchain, one could very well keep it only for a certain amount of time (basically the time necessary to make sure that no reorganization of the blockchain can occur and after that time just keep the nonce (from which it is still possible to obtain the solution, however in a much slower way). So basically that would require to keep a server where a recent blockchain could be found, so that it doesn’t impact too much syncing time.

Regarding bandwidth usage, I think it is a false problem. Most ISP nowadays provide relatively cheap and high bandwidth service for both standard and professional users and quality of this service is likely to become even better with time. But yeah mining from your 4G mobile phone subscription isn’t a good idea for sure :smiley:

The only remaining problem in my opinion is the fact that the algo was supposed to give a chance to cpu mining. To do so more work would be needed to rebalance a bit toward cpu mining; but still making sure the coin cannot be abused by large botnet… however I must say that cpu miners, tends to sell a lot less at a loss than some gpu miners tend to do and the price of zcoin was more stable when the cpu mining was more important…

Last but not least, one of the promise of zcoin/mtp was to keep fpga/asic away and so far this promise has been fulfilled. They’ve been a few rumors of fpga firmware release for mtp, however regarding the number they quoted, it was showing that the performance weren’t that good and ihey weren’t getting large advantage over gpu’s…

So to summarize my opinion, I don’t think MTP should be changed as it is a good and original concept, but rather reworked it to make it better. Also considering all the time/money which was spent by zcoin to implement the algo, it is definitely a better solution as the team can capitalize on its experience rather than discarding 2 years of work.

3 Likes

Ok regarding algorithm change (better to do a seperate post :smiley: ).
For some reasons Progpow has been proposed has a possible candidate, and the more I think about it, the less I understand why.

So far zcoin had as philosophy to implement original algo and basically Progpow is many things but not original. It was developed first to be implemented in eth. There was so much hype about that 2-3 years ago that I was thinking it was deal done (and was an effort lead by eth team)… but since nothing happened so far, I guess it was just a few actors trying to create a hype, similar to the one they want to create (or are creating) with zcoin.

What I clearly don’t like about Progpow are the actors, apparently chip and miner manufacturers willing to have a monopoly over mining. Obviously this is bad for the whole mining community of zcoin and for any other coins.

There are enough example from the recent past to see what kind of problem this can lead:
I am pretty sure everyone remember Bitmain trying to impose a different protocol to btc (and threatening for a while to fork bitcoin), so they can have a huge advantage over the competition.
From bitmain again creating an asic only coin, so that they can sell expensive non optimized (as gpu miner happened to be faster than the asic developped by bitmain) new hardware.
Or even the Gaw and Gawcoin debacle (if you don’t know about it, I let you google it :smiley: ) which led to a few persons in prison and some exchange being closed for bankruptcy and/or sued by US authority.

So… do we really want to go that way again ? :smiley:

Another argument regarding ProgPow is its “fairness”, the fact it cannot be optimized more in favor of any specific hardware (asic or fpga). If this argument was coming from some independent group, I would be like “yeah why not” (still keeping an eye on the paper for any optimization I can find).
But considering the algo has strong ties with hardware manufacturers (panda mining/xilinx) it is a bit difficult to believe.

Considering there are lots of gpu in the wild from 2017 mining frenzy, what will make you chose a particular newer more expensive hardware ? Hmmm… what about a large increase in your mining hashrate and profits ? :smile:

This algo could very well had been developed for a specific unreleased hardware on which it has a serious advantage before being presented to the altcoin community in a clever slower version (the one we currently know). Sure it has been audited but what has been audited is the public version not the secret original one.

Sure it is a only a supposition, but that explains a lot why an employee of panda mining (hardware manufacturer) who also works (or worked) for genesis mining (rental mining) is using her work time on a new algorithm.
(I worked for a mining farm, and my boss was pretty much against the fact I use my spare time to work with zcoin… :smiley: or that release any mining algo)

So either she has very understanding bosses (mine wasn’t for sure :D) or they definitely have something to gain in return, which is the point on any business…
That would also explain why they need a rather successful coin rather than developping their new coin (which would be the way to go, considering all the time (and money?) they invested hyping progpow, releasing a new coin wouldn’t have been too difficult for them.

In anyway an algorithm with ties with manufacturer is not only bad but it also goes against against altcoin philosophy which is gain more freedom: Usually from banking system/goverment… but if chosing an algo developped by a company which want to establish a monopoly over altcoin, we also lose our freedom to chose how we mine and become totally dependent of that manufacturer. So it is again a bad decision.

Regarding zcoin philosophy, so far zcoin always tried to implement new and original solutions as well as original algorithm. But progpow has been already implemented by several smaller altcoin (while they were trying to have it implemented in eth) so it isn’t original and has been around for at least 3-4 years, so it isn’t new either.
So progpow being not new nor original, it definitely goes against zcoin philosophy.

Furthermore zcoin always said, that they would remain asic/fpga free, and progpow is definitely an algo where fpga and probably asic are planned.

Basically Progpow goes in the exact opposite direction to what zcoin ever stood for.
Hence it is the worst choice which could be made (even sha256 would probably better, because at least there is no expected surprise to come :smiley: )

3 Likes

I agree 100% djm. We should stay on MTP algo. :slight_smile:

Funny I’m unable to vote. There’s an error when trying to sign up.

so it is a fake poll… damn they are really desperate :smiley:
Anyhow… that shows what kind of trust we can have in people orbiting the progpow sphere…

I think another MTP advantage is that it is unique. When a stranger takes a look at the technical information of Zcoin, the perception won’t be “another ProgPoW”. It has a totally different ASIC/FPGA resistant algo it developed itself.

For the next community meeting or maybe a separate livestream, I have tentatively gotten Henry Quan from Epic Blockchain who has built Grin ASICs and their company is comprised of former AMD engineers. He can talk about MTP, ProgPOW and maybe some RandomX.

Kristy can attend again though I suspect she will also write something to djm34

If @djm34 can come on too it’ll be great so we have some balanced views.

I have also extended an invite to Marc Bevand as well who has helped audit MTP and also ProgPOW.

Personally I want clear technical reasons as to why a particular solution is good or bad hence the invitation to technical people. Code is all available for everyone to inspect.

2 Likes

In my opinion it is a good idea to stick with a GPU friendly algo for 2 reasons:

  1. The current loyal following will be able to continue to mine XZC with their existing hardware
  2. There is a good chance to entice ex-ETH miners to join the network when ETH goes to proof of stake

From a perspective of sustainability - which clearly has to be addressed, like it or not, if this currency is to last into the 2030s and beyond. - I think that another method should be found for securing the network. The move to POS could well be an option, it is one which is used by Tezos, Cardarno and soon Ethereum, all of which are successful projects. I get the argument about the rich getting richer, so how about this; reduce the MN collateral to 100 or even 10 coins, then anyone who wants to get in on the act is not prevented from doing so. the cost of owning a node is reduced to the cost of buying a mining rig. You could even vary the collateral size depending on currency value. Make it so that a node cost no more than a months wages for the average worker in X country.

I like the idea of Optical proof of work, but if the rigs cost a packet to set up then we are back to the rich getting richer argument again.

To summarise, I think that progPOW is the way to go in the short term, but in the long term we need a different solution to burning electricity to secure the network.

The next community meeting will be on the 22nd February 2pm (GMT +8). We will be discussing the possibly of changing the PoW. So if you have an opinion on this this you should attend!

There was a great discussion on the community meeting which discussed the economics of what happens behind the scenes in GPU, FPGA and ASIC mining and hardware productions.

For those who missed it, catch the replay at https://youtu.be/MLnF2YmhcTA

regarding point 2. : First ETH has to implement ProgPow which may take some time and then may-be they will implement POS at some point. So expecting miner coming down mining zcoin from eth is a long way away, and quite frankly I rather see the inverse, depending who would implement progpow first.

If zcoin implement ProgPow first, once eth move to it, many miners will leave, together with dedicated hardware showing up (because there will be then enough incentive to build them, and considering the algo has been out for quite some time, I assume it will be pretty well optimize, I tend to believe that it is already ready at least in the form of a blue print, they just need to wait for the good opportunity to release… )

So say zcoin implement ProgPow and they get impatient and there is some hype around zcoin price (:smiley: too many if already), they release their dedicated hardware obviously faster than GPU… then what will happen is that every GPU miners will move to another coin, then ETH arrives, and the dedicated hardware will move to ETH… so basically zcoin would lose twice.
As I wrote several time on discord, ProgPow is a very bad idea because that put zcoin in the shadow of eth (in terms of image) but also the whole zcoin ecosystem will be too dependent on ETH.

Regarding the Masternode at 100 or 10 zcoins, this is also a very bad idea… For at least 2 reasons:

  • If we put MN at 10 zcoins, we can imagine the large MN owner will just create more MN, other people will joins, so basically it means 10x more MN, which means also longer delay between MN payments so right now it is probably around 20 days… so basically you would get 1 payment every 200 days (yeah sure :smiley: ).
    Personnally, I keep my MN as long as it is viable to do so, which means that the value of monthly payout is bigger than my VPNs monthly fee… so If we end up with one payment every 200days, unless zcoin has increased a lot in value, it won’t be the case anymore and basically people will just spend money without getting any returns (not mentionning the halving which will come at some points…)

For large MN owner, it won’t change anything, because at any time, they will always get the reward from a MN… so the richer still get richers, the ones who are impacted are those who own small numbers of znode… and the new comers who will just pay VPS monthly fee with no returns…

  • Second argument, basically the inverse, comes from the fact that MN are locking very large amount of zcoin away from the exchange, if the collateral is decreased, there is large chance, that people won’t create more masternode (because the VPN cost will start to become prohibitive) and will just keep those they have releasing the locked zcoin (assuming there are at the moment 3k MN that would be releasing 2.97M zcoin on the exchanges… which won’t be good for the price obviously…
    But sure it will make znode cost well below monthly average wage but the return won’t pay the VPS fees… so basically it will be a lost for everyone… (except VPS provider companies…)

The only way you can win with a change of collateral is to take advantage of the mess it will be to reconfigure all the masternode (especially for those having large number of znode), if you are fast enough, you can make a killing for a couple days :smiley:

3 Likes

Right now I think ProgPOW is not happening on Ethereum.

Though in any case, ProgPOW will be modified a little to differentiate it a little and to suit it for our purposes especially since we don’t have issues with requiring Keccak since there is no legacy for that.

One of the things we can do if we implement ProgPOW is to drop the block times further to 2 or 2.5 minutes since the headers are a lot smaller than MTP.

1 Like

If I was in charge I would modify MTP. Whatever you can do to lesson FPGA’s profitablity.

I would also fix these if they aren’t already.
https://blog.zorinaq.com/attacks-on-mtp/

Let monero stay on randomx.

Progpow - Could be a good option but recently a bug was discovered so there may be more bugs to be found.

MTP has been patched against those potential attacks before it was released to public

MTP will be always susceptible to FPGA with the advent of FPGAs with large memory banks.

Those attacks have been fixed and even others addressed. https://arxiv.org/pdf/1606.03588v2.pdf

ProgPOW bug is fixed.

1 Like