Change Pow for next fork

[sebseb7]

In precense of a nicehash market larger than network hashrate, these rollbacks won't go away. They will kill all the smaller pools and destroy decentralization.

The 207700-fork will not improve the situation. suggestion: break AES or implement a differend change to the PoW to make it incompatible to the global cryptonight hashrate market.

2018-10-29 05:29:26.747 REORGANIZE SUCCESS! on height: 205870, new blockchain size: 205893 2018-10-30 03:57:58.877 REORGANIZE SUCCESS! on height: 206539, new blockchain size: 206562 2018-10-30 05:17:28.573 REORGANIZE SUCCESS! on height: 206576, new blockchain size: 206602

[sebseb7]

"break AES" = apply a small change not breaking the security, but compatibility to AES-NI

[Swericor]

I second that.

[SChernykh]

Breaking AES is a bad idea. AES is the only thing in the main Cryptonight loop that brings randomness into scratchpad. If you need modified Cryptonight, I can assist.

[SomethingGettingWrong]

Nice hash is a problem yes! However mainly its FPGA's and ASICS that have a profitability ratio that is different from GPU's when mining the same coin. Which means they can dump at a different rate for profit. Keeping Gpu's unprofitable meaning only those with the same profitability ratio would mine. As of now the last Monero Fork made it where FPGA's and ASICS would still work if designed with the new algo. But as of now they haven't created bitstreams and even if they do it would be closer in efficiency to GPU's. While Nice hash is a problem anyone with 1000 vegas could do just as much damage. The idea is to get a high enough network hashrate to keep nicehash from controlling the network. Im sure there are people out their who will do whatever they want regardless of the coin just to prove points but I digress. The best situation would be to change something small but not AES portion.. otherwise you get rid of older CPU's and other GPU's that cant do aes-ni.. and leave just VEGAS and the likes. That way if there were any 51 percent attacks we would know it wouldn't be nice hash or fpga or asics.

[sebseb7]

"Breaking AES is a bad idea. AES is the only thing in the main Cryptonight loop that brings randomness into scratchpad. "

a modified AES, no longer following the "standard" does the exact same thing.

[sebseb7]

"The idea is to get a high enough network hashrate to keep nicehash from controlling the network."

nicehash will keep nethash down.

[sebseb7]

"The best situation would be to change something small but not AES portion"

AES was one example with side effects. Of course it's not the only option.

"otherwise you get rid of older CPU's"

no older CPU is mining any cryptonight v8

"and other GPU's that cant do aes-ni"

name one.

[SChernykh]

a modified AES, no longer following the "standard" does the exact same thing.

Technically yes, but it's not AES anymore and you don't have its cryptographic guaranteed/studied properties anymore.

[sebseb7]

there is other variants of rijndael that are still equally secure. one of those variants is called AES.

[SomethingGettingWrong]

Seb what would you suggest would be the best way to fix this situation directly in the algo?

[sebseb7]

there is no "best" way. something unique is certainly "better"

[chrisclausie]

Hello @Patrickdurbin, how can we get this issue back to the limelight, worked on and solved? This is a serious concern if exploited and publicised.

[sebseb7]

it's public knowledge already. thats why tradeorge takes 200 blocks to confirm.

[SomethingGettingWrong]

They probably forking to cn-gpu. I hope

[avastar]

@mbg033 while i believe there is discussion about changing the pow again to block fpga, i believe this issue can be closed