lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jul 2015 01:24:57 +0200
From: Alex Biryukov <alex.biryukov@....lu>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Memory-hard proof of work with fast verification (CPU Hash)
On Mon, Jul 6, 2015 at 11:24 PM, Bill Cox <waywardgeek@...il.com> wrote:
> On Mon, Jul 6, 2015 at 1:56 PM, Solar Designer <solar@...nwall.com> wrote:
>
>> On Mon, Jul 06, 2015 at 08:25:48PM +0000, Zooko Wilcox-O'Hearn wrote:
>> > Forgive me if this is a naive question, but if you wanted a
>> > Proof-of-RAM for a cryptocurrency to be ASIC-resistant and (maybe)
>> > GPU-resistant (and I do want that!), then what's wrong with Argon2d
>> > with memory size = 1 GiB?
>>
>> I guess Bill meant the "fast verification" bit in the Subject. Filling
>> 1 GiB isn't as fast as Bill would like verification to be.
>>
>
> Yep. 1 GiB would make block-chain verification too slow. This trade-off
> is why LiteCoin is facing an ASIC crisis
> <https://bitcoinmagazine.com/11125/asics-litecoin-come/>.
>
If we want desktop mining back we need 1-2 GiB for botnet resistance,
unless anyone has a better idea. It's not slow with rapid verification.
Alex
Content of type "text/html" skipped
Powered by blists - more mailing lists