Jul 7, 2018
Apr 4, 2018
Sep 22, 2017
Sep 26, 2016
All cryptocurrency developers who build public proof-of-work blockchains have to face the same menace: Bitmain, a China-based chipmaker with a monopoly over ASIC miner manufacturing--and a knack for activism. Bitmain’s dominance over hashpower and market narratives is dangerous for peer-to-peer networks. It makes protocols vulnerable to censorship and to rule-changes dictated by a single central authority, upsetting the checks and balances between the various stakeholders.
Researchers behind “ASIC-resistant” networks like Ethereum and Monero believe they can combat centralization by using specific consensus algorithms that reduce the incentives to manufacture dedicated miners. Other networks attempt to solve the “mega-miner problem” by doing away with proof-of-work entirely, in favor of alternative consensus algorithms such as PoS, DPoS, or Threshold Relay, all of which are untested, and may hide other vectors for centralization.
And yet--there are benefits to having ASICs on a network. Specialized hardware is extremely efficient, and boasts far more hashpower, and thus security, per unit of electricity. These machines are more reliable than home-built GPU miners, and allow operators to specialize, professionalize, and scale up. Additionally, ASICs are algorithm-specific, and could align miner incentives better with a specific project compared to GPUs, which are much more flexible. In a political vacuum, an ASIC-mined network is more efficient at processing blocks, plain and simple, and arguably more expensive to attack.
The problem, say ASIC critics, is that silicon manufacturing is an inherently unfair game, where larger chipmakers can use economies of scale to undercut and extinguish competitors. In theory, ASIC-resistant networks wouldn’t be necessary if their creators believed the ASIC manufacturing industry could ever be a level playing field. Monero lead maintainer Riccardo Spagni says:
"It’s entirely possible that Bitcoin and Litecoin are the only currencies that have had a fair introduction of ASICs, and it is no longer possible to replicate that, at least until some hypothetical future where there are ASIC competitors on equal footing."
If the creators of ASIC-resistant networks are wrong, and healthy Bitmain competitors emerge, it could force projects like Ethereum and Monero to embrace ASICs. If the ASIC-resistors are correct about the rigged chip industry, then perhaps Bitcoin is already doomed, and ASIC-resistant networks will rule the day. What’s the right way to approach this issue?
Bitcoin’s core attribute is the proof of work consensus mechanism, which allows a network of computers around the world to agree on a shared transaction history. Instead of consensus being enforced by a single entity, anyone can contribute to the security of the network by mining, making the network decentralized, and (in theory) resistant to collusion.
“As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers.” - Bitcoin Whitepaper
In the Bitcoin whitepaper, Satoshi Nakamoto describes the proof of work algorithm as “one-CPU-one-vote,” where the majority decision is represented by the longest chain. Attackers can overwhelm the network in a 51 percent attack, but this level of coordination is unlikely if many nodes (CPUs) are running across the world. How are thousands of people across the world going to communicate with each other to collude and attack the network? Hard to say; this type of attack didn’t seem very likely until the emergence of Bitmain and other large mining pools, but it was important to the design of the network that mining remain distributed and decentralized.
However, as profitability has increased, Bitcoin mining has turned into an arms race, with GPU mining emerging in 2010 and ASICs in 2013. ASICs (Application Specific Integrated Circuits) are dedicated chips than can mine cryptocurrencies orders of magnitude more efficiently than GPUs or CPUs. When ASICs were released, mining became clustered in huge data centers located in areas where electricity is cheap. This makes it easier to collude or compromise the proof of work network, as coordinating a few data centers is easier than coordinating thousands of individual users around the world.
As a result of ASICs, the idea of an average person mining profitably with their CPU or GPU disappeared. Bitcoin mining is no longer a purely decentralized and egalitarian pursuit, as it requires millions of dollars of capital to participate in. Only large mining companies have the resources to create a competitive ASIC, and they control the supply of this hardware to consumers. There’s a much higher barrier to entry to creating and using ASICs compared to GPUs or CPUs, which can be purchased at your local Best Buy and easily run in a home.
Data from Blockchain.info
Mining concentration from ASICs has resulted in two outcomes:
The locus of this concentration is Bitmain, the aforementioned Chinese ASIC manufacturer founded by Jihan Wu, which in addition to manufacturing also operates AntPool, one of the largest mining pools. (Miners typically combine hashpower in order to maximize their chances of receiving a block reward, then split the proceeds proportionally.) Mining entities like Bitmain have become extremely powerful and have come to dominate the production, operation and sale of mining hardware.
As a result of this concentrated mining, many projects emerged in 2014 that opted to use Proof of Work with modifications that make it “ASIC-resistant.”
It’s important to note that the moniker “ASIC resistant” doesn’t imply that dedicated mining hardware can’t be built. It simply means that the mining algorithm makes it less economical or profitable to produce ASIC chips for the algorithm. Litecoin, Ethereum, Monero, and Dash currently have confirmed or rumored ASICs.
When Bitcoin ASICs were introduced in 2013, they were orders of magnitude (1000x) better than GPUs on the market. (Bitcoin uses SHA-256, which is not an ASIC-resistant algorithm.) With “ASIC resistant” algorithms, the gap in performance between GPUs and ASICs is smaller, meaning that it can still be profitable to mine with GPUs or CPUs, albeit much less than before. Bitmain’s CryptoNight X3 represents a 100x increase in mining power, compared to existing GPUs or CPUs.
Additionally, it’s much more expensive to produce chips meant to mine for ASIC-resistant algorithms, meaning fewer designers can afford to start the process. Producing ASICs for different protocols requires a large initial investment in the tens of millions, and a production cycle of 3-6 months. Making matters worse, there’s also a global shortage of silicon because of demand from AI, IoT, and mobile devices, resulting in rising costs.
In theory ASIC-resistance is a desirable outcome: ASICs are expensive, noisy, and dominated by a few companies. GPUs are in nearly every household and are much more accessible and easy for the average consumer to use, making them ideal for hobbyist miners. As a commodity hardware, GPUs have a wide range of applications and have a more distributed production and purchasing process, theoretically creating a more decentralized and egalitarian proof of work system.
But, the core of the disagreement around ASIC resistance actually comes down to your view on the chip manufacturing industry. Proponents of ASIC-resistance projects believe that ASIC manufacturing can never commoditize fairly; that is, specialized hardware will always be vulnerable to monopolization at every step of the process, from development, to production, to distribution. The cynical argument goes that economies of scale and cheaper electricity will allow a few corporations to perpetually dominate the mining process; ASICs will always be fundamentally incompatible with the idea of a fair and distributed mining process, and so relying on GPUs make more sense.
These are all valid arguments, but my belief is that ASIC-resistance could be unsustainable in the long run. There are many problems with having ASICs on your network, but it’s better than trying to fight off ASICs and losing.
It's only fair to assert that ASIC manufacturers aren't malevolent, at least not at the outset. Their incentives align with specific projects: if a miner owns a lot of SHA-256 ASIC machines, their most profitable option is to mine Bitcoin or Bitcoin Cash, and keep the rewards--not to attack the network. Adding miners to a network makes the network more secure, and in theory, makes the whole network more valuable, while successful attacks would cause prices to crash, making those ASICs essentially useless and wasting millions of dollars of capital.
GPUs are flexible and can be used to mine many different ASIC-resistant chains, so the attack vectors are greater. Successful attacks don’t render GPUs useless; they can be simply used on other chains. Whereas attacking an ASIC-friendly network guarantees the attacker will burn large amounts of invested capital, this isn’t necessarily true for GPU mining. Attackers with enough GPUs could theoretically execute a 51 percent attack without the wasted hardware cost.
In a successful and growing cryptocurrency network, yes, ASIC development is inevitable. Even if the ASIC is not exponentially more efficient than GPUs, it becomes profitable at a certain point to create specialized hardware and mine it. Sia, at a network value of $450 million, is an example of a project close to this lower bound. Vertcoin most likely does not have any ASICs running on the network because its network value is only $100 million, making it impractical for miners to put down the initial investment.
Contrary to popular belief, it can be hard to detect the existence of ASICs. Miners will slowly ramp up production over time to avoid detection, avoiding the abrupt changes in hash rate we saw when Bitcoin ASICs first came out in 2013.
This scenario with latent ASICs happened with Monero this past year. Monero uses the CryptoNight mining algorithm, which is ASIC resistant and meant to be suitable for profitable CPU mining.
In late 2017, hashrate on the Monero network rose exponentially, increasing 400% from November 2017 to February 2017, hitting an all time high of 1 GHz/sec. Many speculated it was purely due to the price increase, or botnets using Coinhive. Most Monero community members did not believe profitable Monero ASICs were possible, much less actively deployed on the network.
However, on March 16th, 2018 Bitmain announced the X3 Antminer, a CryptoNight specific ASIC with a hash rate 10X the most powerful GPUs for Monero. Bitmain is unloading these ASICs now because of Monero’s decision to change the proof of work algorithm in the next hard fork, on April 6th. This small change in the mining algorithm will render Bitmain’s X3 useless for Monero. It’s difficult to say how long Bitmain has used the X3 to mine Monero, but it seems likely they played a role in the massive increase in the increase in hash rate.
By the time the X3 Antminers ship, they will only work on small, much less profitable coins that also use CryptoNight, such such as Electroneum. Consumers who buy these miners will probably not make a fraction of their costs back. These ASICs are coming out of the woodwork weeks before they become irrelevant, and it’s possible Bitmain has been using them for months.
By selling these pricey machines--the first batch cost $12,000 per unit--Bitmain can receive huge amounts of up-front money from foolish miners, adding to the windfall they presumably got from operating the machines.
Mining companies care about the bottom line, and there are many tactics that can be used to maintain profitability. If a mining company’s bottom line is threatened, they could fork the network and prop up “dead coins” with little development or value. Another example is ASICBoost. When Segwit was proposed via softfork to Bitcoin, Bitmain opposed it because it was incompatible with their covert use of ASICBoost, which allowed them to mine 20 percent more efficiently than competing OEMs.
Even Vertcoin, small as it is, had an ASIC created for it in 2013. The developers quickly switched to a new hashing algorithm (Lyra2RE), hard forking away from the previous one. To my knowledge, there are no ASICs or even rumors of ASICs on Vertcoin’s network today. But If Vertcoin grows in size, and developers suspect there are ASICs deployed on the network, they will continuously hard fork to fend them off.
Bitmain recently released the E3, an Ethereum ASIC which will ship in July 2018. Some equity research analysts even slashed AMD and Nvidia price targets, anticipating that the existence of Ethereum ASICs would lead to a lower demand in GPUs.
As with the Monero machines, Bitmain is releasing these ASICs to the public despite the fact that Ethereum is supposed to begin the transition to Proof of Stake, which would render these ASICs useless.
When this happens, I anticipate we could see another miner-supported hard fork named “Ethereum Cash” that remains on proof of work. The ASICs would also work on Ethereum Classic, but it’s a relatively small chain compared to Ethereum. The miners could switch back and forth between Classic and Cash, maintaining profitability.
Since we’ve established that ASICs are inevitable, how do communities wishing to maintain ASIC-resistance respond?
As discussed above, changing the proof of work algorithm can successfully fend off ASICs once or twice, but the long term sustainability of this strategy is questionable. This game of "cat and mouse" requires community consensus and good execution to keep tweaking the algorithm. As open source protocols grow and become more widely used, this consensus will inevitably be harder to achieve. At some point, community stakeholders might realise these constant forks are being done in vain.
Additionally, one could argue that, in a proper public blockchain network, the core development team shouldn't wield enough influence to repeatedly hard-fork the network:
“Schemes such as 'the developers will just change the proof-of-work algorithm if ASIC’s appear' do not even make sense — in a decentralized currency the developers have no such power, while in a centralized currency proof-of-work is a completely unnecessary waste of power” - ASICS and Decentralization FAQ - Andrew Poelstra
As enumerated by Monero community member Javier Smooth in the Monero Github project, forking away carries inherent risks which include:
The introduction of new bugs or exploits, whether accidental or malicious in nature.
Scattering of hashpower on the network could lead to vulnerabilities. If ASICs are successfully removed from the network, the drop in hash rate could be huge, bringing the network to a crawl, and making the difficulty adjustment erratic for some period. Additionally, constant forks create more orphans and decreasing the overall security of the network. It then becomes more feasible to rent hash power and attack the network, as only GPUs and CPUs will be operating. As a result of this security vulnerability, the Monero community has called on new users to contribute hashpower after the fork.
GPU mining is also susceptible to economies of scale and domination by vertically integrated companies like Bitmain. If developers remain adamant in maintaining GPU mining and keep hard forking, players like Bitmain could also enter the GPU development and mining game, which would likely result in similar mining concentration. The most important reason Bitmain has established dominance of Bitcoin mining is their enormous amount of capital, which allows them to invest more and beat others to market by many months.
ASIC developers could build more flexible FPGA designs that can adjust to small algorithm tweaks. ASICs work only for specific algorithms, but it is becoming feasible to implement more flexible hardware that can adjust to small changes. These FPGAs are much slower than super focused ASICs, but still much faster than GPUs. This has big implications. If a proof of work algorithm change occurs, it might destroy most ASIC models, while some FPGAs still works on the new algorithm. This is a worse outcome compared to doing nothing at all, as it results in even more centralization.
There’s a lot of problems with constantly hard forking. There’s security concerns, you might scatter the hash rate, you might not eliminate FPGAs. Additionally, if players with more capital enter the GPU mining space, it could be vulnerable to the same domination by vertically integrated companies.
If hard-forking to maintain ASIC-resistance isn’t sustainable, what’s the most likely outcome? Does the existence of ASICs guarantee centralized mining forever? Not necessarily: enter the phenomenon of ASIC commoditization.
"ASIC commoditization" refers to an imagined marketplace in the future, where there are many different manufacturers producing ASICs of comparable power and price point. This vision of the future implies that no one manufacturer has a huge advantage in terms of chip cost or hashrate. Commoditization is slow and gradual process that should drive down the price of specialized hardware over time:
“On the other hand, when you embrace ASICs and intentionally make them efficient and cheap, they eventually become commodity hardware over time as they approach the thermodynamic limit and, as such, not only does it become infeasible for a single entity to conduct the aforementioned attack, it also ultimately ends up in more decentralization after the initial inevitable centralization phase while the arms race is going on.” - Dave Collins, Decred
Is a broad and diverse ASIC market an idealistic dream? We are now starting to see increased competition and decentralization of Bitcoin mining. It could be a temporary result of December 2017's high Bitcoin prices, and other factors including:
Increased geographical distribution. Due to government crackdown, some mining operations are moving from China to Iceland, Canada, the US, etc.
An end to China’s tolerance of electricity freeloaders. Cheap electricity in China allowed miners based there to undercut everyone else and make it unsustainable for those in other countries. However, the government’s recent crackdown has made this practice less common.
Other chipmakers such as Intel and Samsung have entered the game. Bitmain’s huge margins have forced other companies to get involved in the foundry business.
The most important question around commoditization becomes: how long will it take for ASIC production to transform from monopoly to a truly competitive environment? It’s taken Bitcoin around 5+ years to earn the attention of chipmakers bigger than Bitmain, and it will take many more years to finish. The longer this process takes, the more vulnerable the protocol is to collusion and manipulation by a small set of miners in the meantime. Will the periods of centralized mining damage the protocol beyond repair? In the end, will Bitmain's monopoly simply be gobbled up by an even bigger fish?
It may depend in part on the price of Bitcoin. Commoditization for ASICs will be cyclical, with companies going in and out of business as the market changes. Before Bitmain launched in late 2013, there were other players already producing ASICs such as Avalon, Butterfly Labs, and Bitfury. By the time Bitmain entered the market in late 2013, the market felt relatively saturated.
After Mt. Gox happened however, Bitcoin endured a multi-year long bear market with weak price action. From 2014-2016, the mining industry consolidated heavily as most mining operations were forced to shut down. Bitmain’s superior products and scale allowed it to weather the storm better than most. They outlasted everyone and increased share when the market was shrinking and margins got thinner. When the market recovered and consumers started looking into purchasing mining hardware again, Bitmain was the only real option available.
With Bitcoin’s price increasing 1000 percent in 2017, it’s inevitable that competitors will enter the chipmaking and mining market. Many new mining operations have sprung up, and many more plan to enter the market over the next year. The question is what happens when another prolonged bear market occurs. It’s possible many operations will be forced to shut down due to thinning margins.
Bitcoin mining is trending towards decentralization and a commodity product, but this is a long and slow process. Samsung and Intel could eventually compete with Bitmain, but it will take some time. Many of the younger operations will be shut down during another “crypto winter” happens. I’m skeptical ASICs will ever be as commoditized or widely available as GPUs are nowadays, but mining will be more distributed across locations and producers.
Changing the proof of work algorithm often comes with costs and is a never ending game of cat and mouse. Developers can obviate this game by focusing on the creation of a fair and sustainable environment for ASIC production and development.
One way to do this is using an ASIC-friendly algorithm that makes production accessible and inexpensive. The core development team of a given network could also drive development themselves, as the SIA developers have chosen.
Allowing ASICs to develop means mining could be centralized for a time being while the market is immature. However, with the large margins enjoyed by Bitmain, other operations won't be able to resist competing.
There are is no easy way forward, but embracing ASICs is probably the best route. ASIC commoditization is a very complicated issue, and determining whether it’s likely to happen will require more input from foundries, miners, and other stakeholders in the ecosystem. Look for a follow-up to this essay where those questions are explored with subject matter experts.
*Disclaimer: The author holds positions in Bitcoin, Ethereum, and Monero.
Thanks to Nic Carter, Chris Dannen, Leo Zhang, Anders Larson, and Eric Turner for feedback on this piece.
This article is also published on Medium.