|Authors||Paweł Bylica (@chfast), Jean M. Cyr (@jean-m-cyr)|
Provide minimal set of changes to Ethash algorithm to hinder and delay the adoption of ASIC based mining.
- Define hash function
def fnv1a(v1, v2): return ((v1 ^ v2) * FNV1A_PRIME) % 2**32
FNV1A_PRIMEis 16777499 or 16777639.
- Change the hash function that determines the DAG item index in Ethash algorithm from
fnv1a(). In Main Loop change
p = fnv(i ^ s, mix[i % w]) % (n // mixhashes) * mixhashes
p = fnv1a(i ^ s, mix[i % w]) % (n // mixhashes) * mixhashes
The usual argument for decentralization and network security.
Unless programmable, an ASIC is hardwired to perform sequential operations in a given order. fnv1a changes the order in which an exclusive-or and a multiply are applied, effectively disabling the current wave of ASICS. A second objective is minimize ethash changes to be the least disruptive, to facilitate rapid development, and to lower the analysis and test requirements. Minimizing changes to ethash reduces risk associated with updating all affected network components, and also reduces the risk of detuning existing GPUs. It’s expected that this specific change would have no effect on existing GPU performance.
Changing fnv to fnv1a has no cryptographic implications. It is merely an efficient hash function with good dispersion characteristics used to scramble DAG indexing. We remain focused on risk mitigation by reducing the need for rigorous cryptographic analysis.
The 16777639 satisfies all requirements from Wikipedia.
The 16777499 is preferred by FNV authors but not used in the reference FNV implementation because of historical reasons. See A few remarks on FNV primes.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Please cite this document as:
Paweł Bylica (@chfast), Jean M. Cyr (@jean-m-cyr), "EIP-1355: Ethash 1a [DRAFT]," Ethereum Improvement Proposals, no. 1355, August 2018. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-1355.