Any views on Charlie Lee, founder of Litecoin, on X11 being less secure than scrypt?
His comment:
https://litecointalk.org/index.php?topic=18166.msg153436#msg153436The back story to the comment:
https://litecointalk.org/index.php?topic=18166.msg152706#msg152706X11 is Far Worse
X11 suffers from the problems stemming from increased propagation latency and slow verification, and adds even worse susceptibility to ASIC advantage. It is a mere mishmash of 11 separate algorithms that are now GPU mineable (according to Darkcoins homepage). Anything GPU mineable can be implemented in custom hardware. To make matters worse, ASICs could even have a major speedup advantage over GPUs. adam3mus said, it does seem likely that eg if the unused space due to heat can be filled with the other hashes, then it can all be pipelined together and no slowdown. the only cost is replicating different hash functions which doesnt seem particularly hard
So a switch to X11 only delays the inevitable. Switching the hash to X11 would only spite the current manufacturers while ultimately failing in the goal of preventing ASICs later. It gets even worse. If the cost of entry for a particular PoW is very high by design, that increases the chance of fewer competing manufacturers entering a market. This is the worst possible outcome for any Bitcoin-like network that relies upon large quantities of greedy miners to outdo each other to maintain network security.
The quoted adam3mus is a brain on legs. He knows far too much about hashing, I think he invented hashcash wash was used to make bitcoin feasible. He does, however, suffer from alt-coin phobia.
Litecoin/Vertcoin (Scrypt and Scrypt-N) have made two choices that will boomerang in the long-term.
1) Declaring asic immunity (which is false - one only needs to see vertcoin's title that says "no more asics") and using it as a selling point. Litecoin discovered their claim was bogus when it was GPU mineable. They are true when they say that if a hash can be GPU-mined, it can be ASICed. Same is true for scrypt, scryptN, x11 etc.
2) Using much RAM as a cost-deterrent. This will only make ASICs much more expensive than normal ASICs and if it works as they say it will, then it will have the unintended consequence that scrypt and particularly scrypt-N ASICs will be out of reach for most people => worse decentralization in terms of hashing power.
Theoretically x11 hashes are easier to implement on ASIC (as single hashes - as a chained hash we'll see how it goes). But x11 asics will eventually be cheaper for the masses (better asic decentralization) as they do not carry the ram cost that will make scryptN asics much more expensive.
In any case, when a new mining equipment comes out that is orders of magnitude faster, it should be available to everyone for fairness reasons. Coins that will try to remain at the GPU-only phase will always have the threat of ASIC on the horizon on what would happen if an ASIC came along. It will be a dejavu situation with early February over here and cpu mining vs fears of gpu miners being available in the wild. And if a coin like Vert states it will change PoW when ASICs are out, then they've opened their cards and ASIC manufacturers will outplay them: They'll make the ASICs and use it to mine scryptN networks while these networks are oblivious to ASICs existence. I did an estimation that if a manufacturer makes a few ASICs that capture 30% of an enlarged scryptN market in the next year that produces something like 1000 BTC per day in altcoins, then it's 300 BTC per day in profit 9000 BTC per month. Even if BTC is at 500$ it'll be 4.5mn USD per month - and this power will masquarade as GPU power. If BTC is at 1000, we are talking about 9mn per month.
Btw, I laugh when I see gpu miners talk about their "concerns" on decentralization. We all know that miners go to large pools irregardless of the hashpower concentration as they don't care that much. In order to avoid variance, they can go to pools with 20-30-50% of the hashpower and then complain that ASICs will be bad for centralization and bad for the network.
