ProgPoW Audit Delay Issue

Message me if you don’t understand how this relates to ProgPoW or Ethereum.

[edit, for people glancing over this thread: News says boss of EIP-1057 author Kristy now sits on a board of megaminer Squire Mining together with Dr. Craig Wright, who Vitalik called a fraud which Vitalik and others are now being sued for. :thinking:]

@OhGodAGirl relax, the truth will come out. Happy writing.
Wish everyone a relaxing Sunday.

I spoke in the context of whether to pay an audit of how ASIC-resistant ProgPow is–I believed that would just put the auditor into a conflict of interest. And in general I don’t believe any performance claims until I see measurements. Not even my own.


This issue doesn’t seem that relevant to me. Our goal with mining is the security of the Ethereum network. Whether some miners are given an “unfair” advantage or not only matters to the extent that it affects security.

I’m somewhat skeptical that many GPU miners give up significant profits to mine on ETH just because they’re loyal to it. What’s the evidence for that?

But even if it were true, I don’t think ETH should rely on miners loyalty for its security.

It’s not bad that they speak about it. If miners bring up arguments relating to ETH’s security those arguments should be evaluated on their merits. But simply the fact that miners want ProgPow needs to be considered in light of their CoI.

Again, go back to my example of MacDonalds supporting a law that will transfer $2 from every American to their company. This law impacts MacDonalds much more than anyone else. You could even say it’s a “MacDonalds-related” law, and not much of a “Kristy-related law”. So when you object and say “Hey, this seems just like a pointless giveaway to MacDonalds” should they be able to claim their opinion has extra weight because they’re most affected by the law?

It seems completely irrelevant who will do the mining, except to the extent that it effects ETH’s security level.

I keep seeing a sentiment in the ETH community that it’s a goal of the network rules to keep miners happy. This seems like a bad goal, and I’d like to see people argue for it explicitly if they think it’s a valid goal.

The thing about security is that it’s not binary. We want to reduce the risk of any harmful attacks on Ethereum. If switching to ProgPow changes the risk of a sustained 51% attack against ETH from 1% per year to 2% per year, then we should definitely not do it. You can’t just look at the network and check “security provided” off your list.

I have been quietly following this thread since the beginning. Sonia, your constant attempt to spread fear, and spiteful conspiracy theories against other members is not welcomed here. As far as I’m concerned, your credibility has been zero ever since you first joined, attempted to spread false information (Jun 3), only to be immediately rebuked by timolson and epic.henry.


[typical Kristy way of saying hi]

Good morning Kristy. @MrAndrewAu @OhGodAGirl @epic.henry

The kind of attack ProgPoW is pulling off is anticipated, and will repeat in the future. It’s too logical not to try. Make a list of possible motivations for a PoW change, and expect someone to start with the easiest and most profitable ones, the low hanging fruits.

We talk about ProgPoW - Programmatic Proof-of-Work.
Programmatic means ‘according to a program’. The rarely used ‘programmatic’ is then substituted by people for the more common ‘programmable’. Other confusing terms such as dynamic and random are mixed in.

How can a PoW algo be programmable when it always needs to be verifiable?
PoW is work that someone else can verify, so it cannot be programmable and will always fully derive from a seed, with a series of 100% predictable and repeatable steps. No matter which linguistic trickery someone may be trying to sell the story.

Real innovation in PoW would allow user defined programs to be passed to the PoW algorithm, which would then need to be stored alongside the PoW result, and clients would need to construct a zero-knowledge proof to check that the program was fully executed (limiting CPU time).

None of such real innovation is in ProgPoW, because all it is is superficial pseudo-technology trying to coverup a corporate scheme (follow the links, DYOR).
We can do better, and we will never loose our optimism.

Noted. You really think people are dumb.
Let’s double down, your company is making news again so this needs to be added to the thread:

I won’t paraphrase, at this point it’s obvious what’s happening. The only thing we will most likely never see are the ProgPoW-related agreements between Nvidia and Core Scientific, and Core Scientific and Squire/nChain. If anyone wants to leak them, DM me.

@OhGodAGirl That should be easy to denounce Craig Wright as a fraud.

How many TH Ethash does Squire/Core Scientific control today, how much will they benefit from ProgPoW? You can ask the CTO right here, she will know and she’s oh so trustworthy :rofl:
I hope we don’t see Ethereum in Coingeek conferences ever.
For Kristy and her sockpuppets (Amel, Jean Cyr, Epic Henry, Teddy Ghannam, Jon Stevens, more created as needed - Andrew Au, Sarah Osbourne, …), what remains is this:

Zero facts, a lot of emotions - but what is the agenda? DYOR

It is quite disheartening to see what an EIP discussion has devolved to - an ASIC company, of all people, attempting to spread a narrative of fear, asking people for private leaks through DMs, and accusing those who are in disagreement as merely “created.” If anyone is silly enough that this is a fake account, my LinkedIn page can be found in my profile, and I’ll reply to anyone who messages me on LinkedIn.

The reason question is, how much will Linzhi benefit from a no-go to ProgPow? The average GPU can do 24-30 MH/s, but the Linzhi ASIC is capable of 1400 MH/s. After factoring in power consumption, the difference in hash rate versus a GPU is astronomical. Kudos to your achievement, but unfortunately, it is exactly the reason why ProgPow needs to exist.

1 Like

Is there a source for these numbers?

Yes, it’s on Linzhi’s website.

1 Like

Ah, I was hoping there were independent verification of these numbers instead of marketing materials. Guess we’ll have to wait until it comes out to verify it.

1 Like

I can’t speak for Sonia, but every time I publicly draw attention to your less-than-stellar 2-year tenure in the crypto space (DYOR research, Kristy did not exist before December 2017), I am met with boat-loads of new business opportunities stemming from others you’ve fucked over in this space. I can honestly say that my professional career has benefited tremendously from calling you out with regards to your previous scams.

@kotarius Oh sure, same here.

Randomshortdude has been digging out some spectacular stuff, that should be added to this thread for people who care to do homework.

On a lighter note, Kristy’s been working so hard this past year, the auditors will turn around every line of her 50 lines of code many times, so in the meantime we can think about the truth behind ASICs.
Straight from the source, the 25 ASIC truths!

ASICs are specialized devices
ASICs are single-purpose devices
ASICs are fixed-function devices
ASICs lead to centralization
ASICs are scarce, inaccessible, subject to tariffs
ASICs are from China
ASICs are at war with the home miner
ASICs create backdoors
ASICs are biased against evolution
ASICs are chasing one incentive, and that incentive is to make money
ASICs are a malignant tumor for the network, rather than an antibody
ASICs are locked into a dead-end route
ASICs are desperately focused on finding a reason for this hardware to exist
ASICs let the tail wag the dog
ASICs make decentralization highly implausible, if not improbable
ASICs want to attack the networks they secure
ASICs are nomadic
ASICs gamed the mining metric in a way that encourages everyone to buy more
ASICs attack without rhyme or reason
ASICs will go out of their way to protect their investment, whatever the cost
ASICs have the flavor of the lemon tart almost
ASICs are the king
ASICs are a cancerous element extending to blogs and forums where they spread misinformation and fearmonger to hide their motives and damage they do
ASICs attacks are constant and pervasive
ASICs have guided the evolution of Bitcoin into a version of the traditional banking system, where they now hold all the keys


Please stop with the ad-hominem attacks. Technical discussion is welcome, but find a different venue for political discussions.


The initial audit is out:


@souptacular emailing didn’t work for me (delivery failure, you may not have permission, may need to join, group may not be open to posting).

Referring to the initial audit, dated 16 August 2019

Key Omissions

1. Most of the Areas of Concern (p.3) not addressed:

Security of the algorithm: “security” not defined.
Cost of a 51% attack: No reasonable calculation attempted.
Other security risks from a change of PoW: Not attempted.
Impact on “fair mining” and uneven distribution: No calculation.
Possible changes to hash power and miner balance: No data, no calculations.
Other potential effects impacting the ecosystem: Not attempted.

2. No measurement for “centralization” proposed or attempted

How centralized is the 170 TH network today, how could one model the effect of ProgPoW towards centralization?

3. Background and motivation of ProgPoW proponents not considered

The ProgPoW author is CTO of Craig Wright’s hosting company Core Scientific. Together with two anonymous co-authors.
The identities and motivations of the ProgPoW team remain a mystery and were left out of the audit.
Serious consideration of Core Scientific’s and Nvidia’s business interests with regards to ProgPoW are warranted to understand security implications.

4. No definition of “attack” proposed

PoW is a control vector for the entire decentralized network.
Measurement of real-world centralization is a prerequisite for the mitigation of attacks. “Attack” needs to be defined. An optimization of the PoW algorithm, sold in an ASIC, is not an attack in our opinion.
“Attack” is not when someone openly plays by the rules. “Attacks” come from behind. A trojan horse is an attack.

5. Economies of Scale

The audit does not clarify whether economies of scale are seen as positive or negative factors towards decentralization.


1. Random & Pseudo-Random

p.5 “Our review and analysis results in our agreement that the KISS random number generator is sufficient to make the sequence of math in the main loop unpredictable

KISS is a pseudo-randon number generator. The difference between random and pseudo-random is fundamental. The audit uses the term “random math” 8 times. One would hope that everyone understands that this is pseudo-random and thus predictable.
If it was unpredictable as the audit states, it would be unverifiable.
With traditional PoW one needs to remember that no matter which calculation the algorithm performs, it needs to be verifiable, meaning it needs to derive from a seed.

2. Keccak optimized for 32-bit

p.4 “We examined the hash function, a non-standard instance of the Keccak function that is optimized for 32-bit architectures

The audit fails to ask the question why the change to the non-standard 32-bit optimization may have been made.
With sufficient and actual study of the business interests of the parties involved and their potential agendas, we came to the conclusion that 32-bit multiplication was pushed under the pretense of it being inefficient on both Nvidia and AMD but that turns out to be a lie as on Nvidia it was only inefficient on Pascal. The algorithm is tuned to still let Pascal utilize full memory bandwidth due to simply sheer compute capacity difference coming partially from higher die size which is why comparing GPUs based on price is being pushed as of late. It’s not a secret that 4xx & 5xx series AMD GPUs are not high-end but because ProgPoW’s compute to memory bandwidth ratio is tuned to match Nvidia GPUs, AMD GPUs are not utilized to their fullest, most importantly losing the full memory bandwidth utilization which is the very basic foundation of the Ethash algorithm.

3. Limiting Efficiency Gains
p.7 “the circumstances in ProgPoW are much more favorable due to the additional random math core
p.7 “the random math core likely prohibits the build of a light-evaluation based ASIC
p.8 “the additional use of random math sequences extends the ASIC resistance of Ethash substantially

These statements support the key ProgPoW claim (from the EIP) that ProgPoW results in “minimal, roughly 1.1-1.2x, efficiency gains. This is much less than the 2x for Ethash”.

Both the EIP claim as well as the auditor’s confirmation of that claim are wrong. The pseudo-random math core increases the efficiency gains an ASIC can achieve, because an ASIC can implement the math logic more efficiently than a GPU.

4. Sarah Osbourne
p.17 “Sarah Osbourne Response to the Linzhi ASIC post

The audit cites the Sarah Osbourne response in the rather short list of third party resources consulted for the audit.
How can an account that was created the day before the post, and has since only posted that one response purporting to possess highly specific knowledge about ProgPoW and GPU/ASIC design,
not be further scrutinized?
Who is “Sarah Osbourne”, who pays her/him/them, what is the agenda?

If the people that are behind “Sarah Osbourne” are in fact Nvidia or Core Scientific employees, writing under pseudonym has the pleasant side-effect of not even affecting their reputation, shall the response be proven wrong. We would just prove “Sarah Osbourne” wrong, an anonymous one-post-only person from the Internet. Then the next anonymous person would show up with new claims.

What is happening here is FUD marketing. The Sarah Osbourne response is the “D” in FUD - doubt. It’s written to cast doubt over the Linzhi post, and does so effectively.
We have removed the intentionally deceptive Sarah Osbourne post from under our article.
Trust Sarah Osbourne or trust Linzhi or trust neither of us and verify yourself.

5. Asymmetry of Proof and Verification Workloads
p.10 “it would change the amount of cycles required for verification

The asymmetry in workload between proof and verification is a key attribute of PoW. The audit fails to show to which degree ProgPoW worsens the asymmetry, which impact this has on mobile clients and how one could model the impact of this on the decentralization of the network.

6. Programmatic and Programmable
p.8 “The rationale of extending Ethash into a programmable PoW, by integrating a random math core

ProgPoW is not “programmable” as in the typical meaning of that word among software developers. It cannot be programmable because it would then be unverifiable.
A real programmable PoW would need to store the program along with the proof, and define a system of verifying that the program was executed in less time than the actual execution, similar to a zk-proof.
ProgPoW adds a convoluted pseudo-random math logic to Ethash.

Keccak does not use multiplication at all.


Thanks for reading, and you are right! I saw “32-bit” and jumped to a conclusion. The gems are hidden. Thanks for the correction!


Apologies it took me a moment but I wanted to get permission from hyc and sech1 to quote them here.
What do you think are the reasons for choosing int32 math?

hyc and sech1 are key contributors to Monero’s RandomX PoW algo, with deep knowledge around ASIC Resistance, or rather chip economics and performance. Both RandomX and the people behind it are highly recommended.
The following is an excerpt from the #monero-pow channel on Freenode today:

< hyc >
the fact that progpow only uses integer math leaves the door wide open for ASIC optimization.
GPUs are loaded with floating point math units
none of which would be needed in an eth/progpow ASIC
IMO progpow will widen the gap btw ASICs and GPUs, with GPUs losing out

< sech1>
yes, I have the same feeling. While with ETH you could underclock/undervolt GPU core and have most power used on memory, it’s not the case with ProgPoW.
ASIC could save on core power, but it’s a smaller part of GPU power usage on ETH
but it’s different in ProgPoW
and their reasoning for not using FP32 is just false
RandomX has no problems with FP

< linzhi-sonia>
hyc: sech1: do you mind if I post your statements (the last few lines) about progpow in an eth/progpow thread? (attributing to hyc and sech1)?

< sech1>
I stand by my words
yes, I think ProgPoW makes it worse
What I would do with progpow is I’d minimize computations (even less than in Ethash) while adding randomness and FP32
same size of mix state, same number of parallel lanes, but much less computations and FP32 instead of int would be perfect for progpow
that would make ASIC chips bigger anyway but potential advantage smaller because GPU core would run at minimal clocks and voltage
and then maximize amount of calculations for these clocks and voltage to still have >90% of memory bandwidth used
so they kind of did everything right except they made progpow more power hungry
should’ve been the other way
and not using FP32 is a big mistake
even with existing progpow, simply tweaking parameters until it’s less power hungry than ETHash will reduce ASIC advantage for real, by all metrics
yeah, now that I think of it more
progpow team did everything right except for not using the most efficient GPU clock/voltage when tweaking parameters
they probably ran everything at stock
which is stupid if you ask any miner

< hyc>
linzhi-sonia: sure, fine to quote me. this is a public channel

Hey everyone! Following up on Hudson’s request on Twitter for a complete, clean for / against primer on ProgProw, I’ve started a Kialo debate - please submit claims, vote on veracity of claims and submit participation requests!

1 Like