lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Jul 2015 20:56:57 +0000
From: "Zooko Wilcox-O'Hearn" <zookog@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Memory-hard proof of work with fast verification (CPU Hash)

Okay *one* more follow-up to my own post then I'll give you a chance
to get a word in edgewise. I showed this thread to Greg Maxwell on IRC
and he reminded me that the issue of the stale rate is actually very
important for decentralization of mining. We call this
"progress-freedom" — meaning that you don't get closer to a solution
the more work you put in, but instead it is more of a pure Poisson
process where, the more work you put in, the higher your *chance* of
winning, during each successive moment. The reason this is important
for decentralization of mining is that if the Proof-of-Work algorithm
allows the miner to make progress then a miner with slightly more
power than its competitor will win 100% of the blocks from its
competitor, because each block is a race to the finish line and the
slightly-faster runner will win every race.

In practice nothing is a purely instantaneous Poisson process, and my
rule of thumb is that if the time to run a single trial (to pick a
single nonce, calculate the Proof-of-Work, and check whether you just
found the winning ticket) is less than 1% of the average block time,
that's good enough. The average block time is 10 minutes, so that
means if the time to verify (== the time run a single trial, as long
as we're using the simple approach of verification being the same as
re-running the winning nonce) is less than 6 seconds then I'm not too
worried about progress-freedom.

Regards,

Zooko

Powered by blists - more mailing lists