There has been some discussion in this thread and in the ProgPow-review gitter channel about whether ASIC-resistance is a goal that Ethereum should be striving for.
I thought it might be good to have a more permanent record of these discussions, in a thread that was exclusively devoted to them.
The main arguments in favor of ASICs are:
(1) GPU mined coins are cheaper to attack with rented hashpower
It’s easier to rent a large amount of GPU power than it is to rent a large amount of ASIC power, because the market for rentable GPUs encompasses non-cryptocurrency uses (for instance, machine learning). Amazon and other cloud providers have lots of GPUs for rent which people routinely use for non-mining things. So if you want to do a hashpower rental attack, you’ll be able to rent a higher % of the total hashpower needed if you’re attacking a GPU-mined coin.
Why does this matter? Because as described here by Joseph Bonneau, rental attacks are much cheaper than attacks in which you buy or build out the mining capacity used for the attack. The difference is huge – about three orders of magnitude (millions of USD vs. billions). This video is extremely important to understand to get the context of these arguments.
The main objections to this are that the Ethereum GPU mining network is so large that it’s impossible to rent enough GPUs to get 51% of the total hashrate.
It’s unclear how much GPU hash power could really be rented, because a lot of claims that this wouldn’t work are based on Amazon being unwilling to rent a large portion of its capacity to a random attacker, or based on other cloud providers being unwilling to rent their GPUs to miners because miners are too hard on their equipment.
To the extent that barriers to renting GPU hashpower are social, it’s unclear whether just offering to pay 2x the market rate, or playing a long game where the attacker first builds a positive relationship with the rental service can bypass these issues.
The thing that it’s important to stress here is that a build/buy attack is so much more expensive than a rental attack that an attacker wanting to rent GPUs can throw around a lot of money (hundreds of millions of USD) to get the rental to work out and still create the attack for much cheaper than if they bought/built the capacity. As a general rule if you’re willing to spend many millions of dollars you can usually get special favors and pretty good customer service.
To the extent that there just aren’t enough GPUs available to make a purely rental based 51% attack possible even if everyone involves was perfectly willing to cooperate, this should reduce our concern about these attacks.
However it shouldn’t eliminate these concerns because any amount of hashpower that can be rented serves to reduce the overall cost of the attack. If an attacker can only rent 1/3 of the necessary hashpower for an attack and needs to buy out mining farms to get the other 2/3, they’ve still reduced their attack cost by almost 1/3 by renting.
(2) The risks from ASICs are small
People really don’t like big ASIC manufacturers and ASIC farms, but if we look at the economics and game theory of mining it’s not clear that ASICs post much of a threat.
The main idea is that if a big ASIC manufacturer did want to attack/censor the network, their cost would be in the billions of dollars because Ethereum would likely switch PoW algorithms, making the ASIC manufacturer’s hardware worthless. It’s essentially equivalent to the ASIC manufacturer doing a “build attack” on the network, with the same huge costs.
Worries about ASIC manufacturers usually depend on the idea that once they took over the network and started doing bad things, that they would continue to control the network for a significant period of time.
This doesn’t seem plausible, because I think there would be almost unanimous community agreement to fork away from the attacker ASAP when the alternative is to live under censorship and double spending attacks / long rollbacks indefinitely. Changing PoW is a hassle but far better than accepting that Ethereum will be a censored network from now on.
Concerns about this situation often assume that the ASIC miners would have some power to stop the community from changing to a different PoW algorithm, and could somehow use their haspower to make this switch difficult, but I’m not aware of any actual mechanism by which they could exert any such power. Their ASICs won’t help them at all when the network switches to a new PoW.
If these ASIC manufacturers had been mining honestly for a while before their attack, then it’s true that they would probably have a lot of money. So if they were spiteful they could buy up or rent a bunch of general purpose hardware after the PoW change and attack the network. It seems unlikely that a company big enough to have so much economic power would engage in an act that would bring such bad PR while causing them to lose so much additional money. This would have huge costs to such a company and no apparent benefits.
Another risk from big ASIC manufacturers is that they might place a bet on Ethereum failing or its price falling significantly, and then attack the network in order to profit from their bet. This is possible, but the same opportunity is available to anyone with a lot of money: they could buy some mining farms and make the same bet. To the extent that GPU mined coins are cheaper to do rental attacks on, GPU mined coins are actually more vulnerable to this sort of thing. This would only be an argument against ASICs if we thought that ASIC miners were more likely than any other rich entity to try this.
(3) Ethereum should try to be more resistant to state-sponsored attacks, all else being equal
An argument that I often see is that hash rental attacks won’t be profitable, so we shouldn’t worry about them. I believe that there is a real risk from states trying to disrupt Ethereum. These entities would not be aiming for a profit. The difference between an attacker with a destructive goal needing to spend a few billion dollars vs. tens of millions to disrupt Ethereum, or even 2 billion vs. 3 billion seems like something we should care about.
(4) We don’t know if our current security level is adequate, so if there are no significant tradeoffs we should prefer higher security levels
I’ve heard arguments that since Ethereum has been GPU mined for a while and that we haven’t seen it attacked yet, the status quo is just fine. I see a few problems with this:
(a.) When you’re dealing with probabilistic risks, just because you haven’t seen something bad happen yet doesn’t mean that the risk level is acceptable. If the probability of nuclear war has been 1% every year for each of the last 20 years, we should still want to reduce this probability even though in hindsight everything looks OK.
(b.) Ethereum will presumably grow in prominence in the future (we hope). Powerful entities will see it as more of a threat than they have in the past. This will plausibly make these organizations more interested in attacking it than they have been until now.
(c.) Security depends on price. So even if there is a threshold above which Ethereum is “secure enough”, that threshold varies as price varies. Being far above the threshold protects Ethereum in a market downturn. Whether Ethereum is safe as long as its price stays above $70 vs. safe as long as its price stays above $20 is an important difference.
The main arguments I’ve seen against ASICs seem to focus on rejecting argument (2) above. The claim is that ASIC manufacturers and farms really will be willing and able to significantly harm Ethereum. I’ve described above why I don’t think we should worry much about this, but am curious to hear more arguments for why we should be wary of ASICs. I’m especially interested to hear of cases where big ASIC manufacturers / farms engaged in censorship or other attacks against the network.
There’s also a community-based argument: mining is how a lot of people get into crypto, so having a GPU-mined coin will make the coin more popular and increase its network effect. This could be a good argument. I’m not sure how strong this effect is but am curious to explore it. This argument gets better if people new to Ethereum can profitably mine with GPUs that they already own. If seems worse but possibly still good if miners almost always have to buy a new high end GPU if they want to get into mining (assuming these high end GPUs are cheaper than ASIC hardware would be).
Request for more data / arguments
I’ve presented the rough outline of the pro-ASIC argument and discussed some common counterarguments. I’m very interested to hear additional arguments either for or against the goal of ASIC-resistance, and am especially interested in any concrete data relevant to this topic.
A few interesting comments from the gitter discussion from members of IfDefElse (the group that created ProgPow and has been advocating for its inclusion in Ethereum):
I don’t know how many GPUs there are in datacenters, but back-of-the-envelope calculations says the total number is probably less than the eth hashrate. Datacenters use almost exclusively Nvidia Tesla products. Nvidia’s sold around $3 billion to the datacenter market in the last 2 years (this includes government supercomputers). If we ballpark these expensive datacenter GPUs at $1000 each that’s just 3 million GPUs total, across all datacenters in the world.
Ifdefelse later estimated “The ETH hashrate [is] around 5 million GPUs”
@ohgodagirl provided her perspective:
I cannot comment on AWS’ GPU amount. Apologies.
You want to be considering FPGAs with Ethash, too.
51% attacking Ethereum is significantly hard with GPUs.
I know intimately what each farm has and where GPUs land.
There are less than two farms that have over 800,000 cards.
Most “large” farms range in the 40,000-100,000 range and I can tell you people over exaggerate with how much hardware they have consistently.
A 100,000 GPU farm requires workers. And workers blab all sorts of secrets.
You guys didn’t factor in Azure or Oracle
Or Google Compute Cloud
Or even the private clouds.
But guess what? None of those will ever touch crypto. There are legal risks, operational risks, and if just plain doesn’t make financial sense.