Investigate alternative proof-of-work functions

[maaku]

The deployment of Forward Blocks gives us a one-time opportunity to change proof-of-work functions away from the double-SHA256, non-merge-mined PoW we currently share with bitcoin. The reasons for doing so are many-fold:

1. The exclusive/non-merge-mined status of freicoin's PoW with respect to bitcoin results in a negative feedback loop that puts the freicoin price into a vicious downward spiral in response to bitcoin/freicoin price swings, which has hampered growth of an independent economy. Either adoption of merge-mining or switching to an entirely new proof-of-work would fix this.

2. Unlike in 2012 and 2013, the bitcoin mining ecosystem is presently heavily centralized. There are a few large players that together control a majority of operating mining hardware and/or access to new hardware at competitive cost. Unfortunately merged mining only makes this dynamic worse, as merge mined coins tend to be even more centralized than their parent mining ecosystem. The parent mining ecosystem constrains the level of decentralization that can be reached by a child network.

3. The extremely high efficiency of double-SHA256 ASICs over commodity hardware eliminates the option of a decentralized fallback measure--GPUs are simply too slow and too power inefficient to provide an effective fallback if the naturally centralized mining hardware market became compromised. On the other hand, some experimental projects such as ProgPoW are able to achieve small constant factor differences between an ASIC and a commodity graphics GPU, which would be sufficient to enable a decentralized mining fallback when the mining hardware supply chain has been corrupted.

This issue is to track work towards identifying a credible alternative proof-of-work that could be adopted for forward block share chains, thereby restoring some centralization resistance and decoupling the freicoin/tradecraft scrip price from bitcoin.

[maaku]

In terms of asymmetric proof-of-works, the best candidates I can find from my own research is are the two related algorithms of Itsuku and MTP-1.2. Both are improved versions of the original, now retracted MTP proposal that was found to have significant time-space tradeoff vulnerabilities. They fix these vulnerabilities in different ways. Notably MTP-1.2 has much larger proofs (~200kB) than Ikuru (~10kB). Both use BLAKE2 compression functions, and I wonder what the tradeoff would be to switch to SHA2 for harmonization with the other cryptographic pieces we use.

[maaku]

Having delved deep into Itsuku, this seems like the right tool for the job. I wonder if there are still some improvements that can be made to reduce proof sizes and harmonize choice of cryptographic functions. Additionally I think there is possibility for adding ProgPoW-like random-GPU instructions for the mixing step, in order to further reduce the difference from a GPU to a custom ASIC.

[maaku]

Issue #64 proposes switching to merge mining prior to deployment of forward blocks. This is, alternatively, a chance to deploy a new proof-of-work algorithm. Worth investigating if it makes sense to deploy our new proof-of-work then.

[maaku]

With SHA256d merge-mining now active on Tradecraft, I'm considering this issue closed.