The ASIC resistance still holds the fight for egalitarian extraction, this time with Merkle Tree Proofs (MTP)

ASIC resistance is worth pursuing egalitarian extraction with our new Proof of Work (PoW) algorithm, Merkle Tree Proofs (MTP). Although some projects have given up ASIC resistance as an unattainable goal, we at Zcoin believe it is premature to throw in the towel.

The argument for ASIC resistance

ASIC resistance is similar to an arms race, a battle between ASIC designers and designers. MTP is a Proof of Work (PoW) algorithm that fights the centralization of cryptocurrency extraction from ASIC.

We want to level the playing field for cryptocurrency miners, which is why Zcoin worked to become the first cryptocurrency to implement MTP. Through these efforts, we hope to democratize the extraction of cryptocurrencies once again.

An ASIC resistant Proof of Work (PoW) algorithm means:

• The advantage that an ASIC usually earns on widely available basic hardware, such as CPU and GPU, is limited.
• It will be more expensive to develop and produce algorithms based on ASICs.

Having a robust ASIC algorithm discourages ASIC developments, allowing those with basic hardware like GPUs and CPUs to extract coins on a more or less uniform playing field.

This has two main advantages: decentralized security and wider distribution of coins. Instead of concentrating the safety of blockchain in large mining companies, network security is evenly dispersed among individual miners around the world. There are also those who believe that decentralizing hashrate also increases resistance to censorship.

However, the most important role of ASIC resistance is that it allows a wider distribution of coins. With MTP, everyone has a fair playing field to earn coins and can use the ubiquitous computer hardware, as opposed to buying specialized ASICs that only mine one specific algorithm. We have also seen countries like Venezuela and Vietnam banning the importation of ASICs to try to stop the proliferation of cryptocurrencies. However, prohibiting the importation of hardware equipment can often have a disastrous impact on a country's economy.

ASICs are still controlled by monopolies

There are projects that believe that ASICs should be embraced, even during the early stages of currency development, provided that ASICs can be marketed. This means making it widely available to the average consumer, with various manufacturers competing to provide ASICs at competitive prices.

In fact, ASICs provide many advantages, such as a more stable hashrate because miners are stuck in the chosen algorithm and can not easily switch from one currency to another. It can be argued that this leads to greater network security since most of the husthrate will already be implemented in mining, as opposed to the extraction of raw material hardware where mining energy can be hired. from places like from Nicehash.

Coins that go well with ASICs, like Bitcoin, Bitcoin Cash, Litecoin and Dash, have had many years to develop their community and can not be compared to more recent projects that do not have the advantage of a long period of equitable distribution. We believe that embracing ASICs in these early stages is not the right move. There is also talk of creating open source. ASIC technology, which allows different manufacturers to produce them However, this would mean that larger companies with R & D could produce even more efficient ASICs or have economies of scale to produce them at lower costs.

In the current industry, any algorithm that is ASIC friendly can only be registered by a handful of big companies like Bitmain very quickly and at relatively low costs. Immediately its hashrate is dominated by ASICs and mining producers can secretly extract it from their strictly limiting coin distribution.

Projects that attempted to control this process, such as the centralized SIA storage platform, spent large sums of money and time to develop their own ASIC, only to get them overtaken by Bitmain. BOTH is now working to favor selectively its miners, thwarting the objective of commodifying ASICs. We believe that cryptocurrency projects are not hardware companies, and attention should be focused on software and technology development, leaving the companies more oriented and with engineers and specialties to develop ASICs.

In addition, supporters of ASIC commoditization often argue that it does not matter that there are only a handful of companies capable of producing ASIC, emphasizing the computer industry in which few companies like Intel AMD, Nvidia dominate. Yet what this argument ignores is that, unlike these companies in which the extraction of cryptocurrencies is a small part of their business and their main objective is to sell as many chips as possible, ASIC producers have a disincentive to sell their ASICs if it is more profitable to make them become themselves through mining, they will sell it only at a price that also takes into account potential gains from mining, as in the case of Bitmain, which changed the price of his ASIC Ethereum from 800 USD in the first lot to 2150 USD in the second lot, which implies that its cost price could be many times lower.

ASICs are less efficient with hard memory algorithms

There is a growing group of people who believe that the resistance to ASIC is futile and that there will always be ASIC for any algorithm. Although it is true that ASICs can be developed for any algorithm, if we can increase development and production costs, reducing potential efficiency gains, this would delay the time before ASICs were developed.

We are already seeing this with the SHA256 ASICs (for Bitcoin or Bitcoin Cash), which are many thousands of times faster than a GPU. Writing ASICS (for Litecoin / Dogecoin) are several hundred times faster, while algorithms like Equihash (used in Zcash), are five to ten times and Ethash (used in Ethereum) is about two or three times. We can see that with the corresponding increase in the use in memory, the advantage of ASIC decreases continuously even though it is true that ASIC designers and manufacturers are becoming faster in the development and introduction of their products. .

Algorithm	Memory required	Advantage ASIC
SHA256	None	Many thousands of times
scrypt	128 KB	Hundreds of times
Cryptonight	2 MB	Hundreds of times (less than Scrypt)
Equihash	144 MB	5-10x
Ethash	2.71 GB	~ 2x

MTP, as implemented by Zcoin, uses 4 GB of memory and can still use higher values ​​such as Ethash, which is already quite resistant ASIC, only updates its memory pad once every 100 hours, MTP requires an update every block (5 minutes for Zcoin).

Another advantage of the great use of memory is that it is much less attractive for the extraction of botnets since the infected computers would probably notice a significant deterioration in performance.

The costs for developing an MTP ASIC would be high. Given its high memory usage with limited efficiency gains, MTP calculations are designed to be as computationally expensive as possible for ASICs while remaining the same for normal computers. This will allow the Zcoin community and the adoption to grow before the ASICs become commercially viable.

PoW hard forks are not sustainable

There are coins like Monero that also pursue the ASIC resistance, but they do it in a rather ad hoc way by programming hard forks every few months with a change of parameter of their work test algorithm. The theory is that frequent changes would limit the life span of developed ASICs, discouraging manufacturers from developing them. Some coins also issue very few details of planned changes to prevent ASIC producers from gaining an advantage.

However, there is increasing evidence that ASICs can adapt to changes in parameters, albeit with lower efficiencies. Given the anti-ASIC position adopted by the projects, even if such miners are developed, there is a strong incentive to keep these miners secret from the public and indeed, there is the belief that Monero has been extracted from the ASIC before public publication of the ASIC miners.

Each rigid fork is also a risk and introduces instability while the miners have to move to the new algorithm and during this period, the security of the currency is more susceptible to 51% attacks. This is further aggravated if the POW changes are kept secret. It also tends to generate new "forks" that are confusing for users, as can be seen with Monero Classic, Monero 0, Monero V. In addition, users and the ecosystem must continually keep up with software updates , not to be left on the old chain.

We believe that hard forks only to fight ASIC resistance are unsustainable, introduce many risks to the network and the user, and introduce another form of centralization by relying on the development team.

This is why we believe that the research and implementation of algorithms such as MTP are still a useful effort to provide a solid foundation for ASIC resistance. Moreover, unlike many ad-hoc algorithms, MTP went through the academic review and a bounty program funded by Zcoin to demonstrate its resistance against cheating attacks. MTP can also be further improved with further testing techniques of the future.

The objectives of a fair and widespread distribution of cryptocurrencies, decentralized security and allowing the average user to become a miner are still at their fingertips if the research on resistant ASIC algorithms is continued. As we have seen the disadvantages of other strategies, we believe that these algorithms are the best way to achieve it despite the growing challenge of increasingly efficient ASIC manufacturers.

We believe that MTP is a good solution for coins like Zcoin that are still in the early stages of their distribution, although we believe it is possible to work further to improve MTP and always receive positive feedback. To achieve the original goal of making cryptocurrencies a truly global digital currency, we would like to encourage researchers and the community not to abandon the struggle for ASIC resistance.