All cryptocurrency developers who build public proof-of-work blockchains have to face the same challenge: Bitmain, a China-based chipmaker with a monopoly over ASIC miner manufacturing. Bitmain’s dominance over hash power and enormous influence is dangerous for peer-to-peer networks. It makes protocols vulnerable to censorship and rule-changes dictated by a single central authority, upsetting the checks and balances between the various stakeholders.

Researchers behind “ASIC-resistant” networks like Ethereum and Monero believe they can combat centralization by using memory-hard consensus algorithms that make ASIC mining unprofitable. Other networks attempt to solve the “mega-miner problem” by doing away with proof-of-work entirely, in favor of alternative consensus algorithms such as PoS, DPoS, or Threshold Relay, all of which are untested, and may hide other vectors for centralization.

And yet — there are benefits to having ASICs on your network. Specialized hardware is extremely efficient, and boast far more hash power, and thus security, per unit of electricity. They’re more reliable than home-built GPU miners, and allow miners to specialize, professionalize, and scale up. Additionally, ASICs are algorithm-specific, and could align miner incentives better with a specific project compared to GPUs, which are much more flexible. In a political vacuum, an ASIC-mined network is more efficient at processing blocks, plain and simple, and arguably more expensive to attack.

However, ASIC critics believe that silicon manufacturing is an inherently unfair game, where larger chipmakers can use economies of scale to undercut and extinguish competitors. In theory, ASIC-resistant networks wouldn’t be necessary if their creators believed the ASIC manufacturing industry could ever be a level playing field. Monero lead maintainer Riccardo Spagni says that “It’s entirely possible that Bitcoin and Litecoin are the only currencies that have had a fair introduction of ASICs, and it is no longer possible to replicate that, at least until some hypothetical future where there are ASIC competitors on equal footing.”

If the creators of ASIC-resistant networks are wrong, and healthy Bitmain competitors emerge, it could force projects like Ethereum and Monero to embrace ASICs. If the ASIC-resistors are correct about the rigged chip industry, then Bitcoin is doomed, and ASIC-resistant networks will rule the day. What’s the right way to approach this issue?

Sections

Why create ASIC-resistant networks? How does ASIC resistance actually work? Are ASICs inevitable in proof-of-work systems? What are the risks of hard-forking away from ASICs? Is fair ASIC commoditization actually possible? What can we conclude about the future of ASIC mining?

— — — — — — — — — — — — — — — — — — — — — — — — — — — — —

1. Why create ASIC-resistant networks?

Bitcoin’s core attribute is the proof of work consensus mechanism, which allows a network of computers around the world to agree on a shared history. Instead of consensus being enforced by a single entity, anyone can contribute to the security of the network by mining, making the network decentralized, and in theory resistant to collusion.

“As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers.” — Bitcoin Whitepaper

In the Bitcoin whitepaper, Satoshi Nakamoto describes the proof of work algorithm as “one-CPU-one-vote”, where the majority decision is represented by the longest chain. Attackers can overwhelm the network in a 51% attack, but this level of coordination is unlikely if many nodes (CPUs) are running across the world. How are thousands of people across the world going to communicate with each other to collude and attack the network? This type of attack didn’t seem very likely — but it was crucial mining distribution remain distributed and decentralized.

However, as profitability increases, Bitcoin mining has turned into an arm’s race, with GPU mining emerging in 2010 and ASICs in 2013. ASICs (Application Specific Integrated Circuits) are dedicated hardware than can mine cryptocurrencies orders of magnitude more efficiently than GPUs or CPUs. When ASICs were released, mining became clustered in huge data centers located in areas where electricity is cheap. This makes it easier to collude or compromise the proof of work network, as coordinating a few data centers or mining pools is easier than coordinating thousands of individual users around the world.

As a result of ASICs, the idea of an average person mining profitably with their CPU or GPU disappeared. Bitcoin mining is no longer a purely decentralized and egalitarian pursuit, as it requires millions of dollars of capital to participate in. Only large mining companies have the resources to create a competitive ASIC, and they control the supply of this hardware to consumers. There’s a much higher barrier to entry to creating and using ASICs compared to GPUs or CPUs, which can be purchased at your local Best Buy and easily run in a home.

Data from Blockchain.info

Mining concentration from ASICs has resulted in pools controlling more than 51% of the hashrate at times, and Bitmain producing a majority of Bitcoin mining chips. Bitmain is a Chinese mining company founded by Jihan Wu. They design and produce ASICs, and also mine and operate AntPool. Mining entities like Bitmain have become extremely powerful and have come to dominate the production, operation and sale of mining hardware.

As a result of this concentrated mining, many newer projects have opted to use Proof of Work algorithms that are “ASIC-resistant.”

2. How does ASIC resistance work?

It’s important to note “ASIC resistant” doesn’t mean that making dedicated hardware can’t be done. It simply means that the mining algorithm makes it less economical or profitable to produce ASIC chips for the algorithm — not that ASICs are impossible to create. Litecoin, Ethereum, Monero, and Dash currently have confirmed or rumored ASICs.

For example, Bitcoin uses SHA-256, which is not an ASIC-resistant algorithm. When Bitcoin ASICs were introduced in 2013, they were orders of magnitude (1000x) better than GPUs on the market. With “ASIC Resistant” algorithms, the gap in performance between GPUs and ASICs is smaller, meaning that it can still be profitable to mine with GPUs or CPUs, albeit much less than before. Bitmain’s CryptoNight X3 represents a mere 100x increase compared to existing GPUs on the market for Monero.

Additionally, it’s much more expensive to produce chips meant to mine for ASIC-resistant algorithms, meaning fewer designers can afford to start the process. Producing ASICs for different protocols requires a large initial investment in the tens of millions, and a production cycle of 3–6 months. There’s also a global shortage of silicon because of demand from AI, IoT, and mobile devices, resulting in rising costs.

In theory ASIC-resistance is a desirable outcome — ASICs are expensive, noisy, and dominated by a few companies. GPUs are in nearly every household and are much more accessible and easy for the average consumer to use. As a commodity hardware, GPUs have a wide range of applications and have a more distributed production and purchasing process, theoretically creating a more decentralized and egalitarian proof of work system.

The core of the disagreement around ASIC resistance comes down to your view on the chip manufacturing industry. Proponents of ASIC-resistance projects also believe ASIC commoditization is impossible, and that specialized hardware will always be vulnerable to monopolization at every step of the process (development, production, distribution). Their argument is that economies of scale and cheaper electricity will allow a few corporations to perpetually dominate the mining process. ASICs will always be fundamentally incompatible with the idea of a fair and distributed mining process, so pursuing GPUs make more sense.

These are all valid arguments, but my belief is that ASIC-resistance could be unsustainable in the long run. There are many problems with having ASICs on your network, but it’s better than trying to fight off ASICs and losing.

ASICs align miner incentives with specific projects — they are invested in its success and security. If a miner has a lot of SHA-256 ASICs, their options are Bitcoin or Bitcoin Cash. Successful attacks on the network would cause prices to crash, making those ASICs essentially useless and destroying millions of dollars of capital.

GPUs are flexible and can be used to mine many different ASIC-resistant chains, so the attack vectors are greater. Successful attacks don’t render GPUs useless — they can be simply used on other chains. Whereas attacking an ASIC-friendly network guarantees the attacker will burn large amounts of invested capital, this isn’t necessarily true for GPU mining. Attackers with enough GPUs could theoretically execute a 51% cost with no cost.

3. Are ASICs inevitable?

In a successful and growing cryptocurrency network, ASIC development is inevitable. Even if the ASIC is not exponentially more efficient than GPUs, it becomes profitable at a certain point to create specialized hardware and mine it. Sia, at a network value of $450 million, is an example of a project close to this lower bound. Vertcoin most likely does not have any ASICs running on the network because its network value is $100 million, making it impractical for miners to put down the initial investment.

Contrary to popular belief, it can be hard to detect the existence of ASICs. Miners will slowly ramp up production over time to avoid detection, avoiding the abrupt changes in hash rate we saw when Bitcoin ASICs first came out in 2013.

This scenario with latent ASICs happened with Monero this past year. Monero uses the CryptoNight mining algorithm, which is ASIC resistant and meant to be suitable for profitable CPU mining.

In late 2017, hashrate on the Monero network rose exponentially, increasing 400% from November 2017 to February 2017, hitting an all time high of 1 GHz/sec. Many speculated it was purely due to the price increase, or botnets using Coinhive. Most Monero community members did not believe profitable Monero ASICs were possible, much less actively deployed on the network.

However, on March 16th, 2018 Bitmain announced the X3 Antminer, a CryptoNight specific ASIC with a hash rate 10X the most powerful GPUs for Monero. Bitmain is unloading these ASICs now because of Monero’s decision to change the proof of work algorithm in the next hard fork (April 6th). This small change in the mining algorithm will render Bitmain’s X3 useless for Monero. It’s difficult to say how long Bitmain has used the X3 to mine Monero, but it’s likely they played a role in the massive increase in the increase in hash rate.

By the time the X3 Antminers ship, they will only work on small, much less profitable coins that also use CryptoNight such as Electroneum. Consumers who buy these miners will probably not make a fraction of their costs back. These ASICs are coming out of the woodwork weeks before they become irrelevant, and it’s possible Bitmain has been using them for months.

By selling these ASICs (the first batch cost $12,000), Bitmain can receive huge amounts of up front money and potentially make more compared to the actual block rewards received from mining.

Mining companies care about the bottom line, and there are many tactics that can be used to maintain profitability. If a mining company’s bottom line is threatened, they could fork the network and prop up “dead coins” with little development or value. Another example is ASICBoost. When Segwit was proposed via softfork to Bitcoin, Bitmain opposed it because it was incompatible with their likely use of covert ASICBoost, which allowed them to mine 20% more efficiently.

Even Vertcoin had an ASIC created for it in 2013. When this happened, the developers switched to a new hashing algorithm (Lyra2RE), hard forking away from the previous one. To my knowledge, there are no ASICs or even rumors of ASICs on Vertcoin’s network today. But If Vertcoin grows in size, and developers suspect there are ASICs deployed on the network, they will continuously hard fork to fend them off.

Bitmain recently released the E3, an Ethereum ASIC which will ship in July 2018. Some equity research analysts even slashed AMD and Nvidia price targets, anticipating that the existence of Ethereum ASICs would lead to a lower demand in GPUs.

As with the Monero machines, Bitmain is releasing these ASICs to the public despite the fact that Ethereum is supposed to begin the transition to Proof of Stake, which would render these ASICs useless.

When this happens, I anticipate we could see another miner-supported hard fork named “Ethereum Cash” that remains on proof of work. The ASICs would also work on Ethereum Classic, but it’s a relatively small chain compared to Ethereum. The miners could switch back and forth between Classic and Cash, maintaining profitability.

4. The risks of hard-forking away from ASICs

Since we’ve established that ASICs are inevitable, how do communities wishing to maintain ASIC-resistance respond?

The most simple answer is to change the Proof of Work algorithm via a Hard Fork. ASICs (Application Specific Integrated Circuits) will only work for specific algorithms, so small changes can render them useless. This is very different from GPUs, which are more flexible hardware that can be used to profitably mine many different algorithms, whether it’s Monero, Zcash, Ethereum or Vertcoin.

As stated earlier, Monero is changing the hashing algorithm in their next hard fork. Vertcoin has done this in the past. The Sia team has stated they will soft-fork the network if the Bitmain ASICs threaten the safety of the network. Ethereum will have to face this decision if (when) ASICS are confirmed to exist on the network.

Changing the proof of work algorithm can successfully fend off ASICs once or twice, but the long term sustainability of this strategy is questionable. This game of ‘cat and mouse’ requires community consensus and good execution to keep tweaking the algorithm. As open source protocols grow and become more widely used, this consensus will inevitably be harder to achieve. At some point, community stakeholders might realise these constant forks are being done in vain.

Additionally, one could argue that, in a proper public blockchain network, the core development team shouldn’t wield enough influence to repeatedly hard-fork the network:

“Schemes such as “the developers will just change the proof-of-work algorithm if ASIC’s appear” do not even make sense — in a decentralized currency the developers have no such power, while in a centralized currency proof-of-work is a completely unnecessary waste of power” — Andrew Poelstra

Apart from requiring community consensus that will get harder to achieve over time, hard forking every time ASICs are conceived has many risks:

1. The introduction of new bugs or exploits, whether accidental or malicious in nature. Changing a minor algorithm every few months or every year might sound simple in theory, but there are many things that can go wrong. Public blockchains should maximize resiliency, which means they should stray towards the conservative side when making large changes to the protocol.

2. Hard forks will scatter the hash power on the network. If ASICs are successfully removed from the network, the drop in hash rate could be huge, bringing the network to a crawl, and making the difficulty adjustment erratic for some period. Additionally, constant forks will scatter hash power, creating more orphans and decreasing the overall security of the network. It becomes more feasible to rent hash power and attack the network, as only GPUs and CPUs will be operating. As a result of this security vulnerability, the Monero community has called on new users to contribute hashpower after the fork.

3. GPU mining is also susceptible to economies of scale and domination by vertically integrated companies like Bitmain. If developers remain adamant in maintaining GPU mining and keep hard forking, players like Bitmain could also enter the GPU development and mining game, which would likely result in similar mining concentration. The most important reason Bitmain has established dominance of Bitcoin mining is their enormous amount of capital and cheap electricity. These same advantages can be extended to GPU mining.

4. ASIC developers could build more flexible FPGA designs that can adjust to small algorithm tweaks. ASICs work only for specific algorithms, but it is becoming feasible to implement more flexible hardware that can adjust to small changes. These FPGAS are much slower than super focused ASICs, but still much faster than GPUs. This has large implications. If a proof of work algorithm change occurs, it might destroy 3 out of 4 ASIC models, while the 4th FPGA still works on the new algorithm. This is a worse outcome compared to doing nothing at all, as it results in even more centralization.

There’s a lot of problems with constantly hard forking. There’s security concerns, you might scatter the hash rate, and you might not eliminate more flexible FPGAS. Additionally, if players with large amounts of capital enter the GPU Mining space, it could be vulnerable to the same domination by vertically integrated companies.

5. Can ASIC Commoditization happen fairly?

If hard-forking to maintain ASIC-resistance isn’t sustainable, what’s the most likely outcome? Does the existence of ASICs guarantee centralized mining forever? Not necessarily: enter ASIC commoditization.

“ASIC commoditization” refers to an imagined marketplace in the future, where there are many different manufacturers producing ASICs of comparable power and price point. This vision of the future implies that no one manufacturer has a huge advantage in terms of chip cost or hashrate. Commoditization is slow and gradual process that should drive down the price of specialized hardware over time:

“On the other hand, when you embrace ASICs and intentionally make them efficient and cheap, they eventually become commodity hardware over time as they approach the thermodynamic limit and, as such, not only does it become infeasible for a single entity to conduct the aforementioned attack, it also ultimately ends up in more decentralization after the initial inevitable centralization phase while the arms race is going on.” — Dave Collins, Decred

We are now starting to see increased competition and decentralization of bitcoin mining. This is due to a couple of factors:

Increased geographical distribution. Due to government crackdown, some mining operations are moving from China to Iceland, Canada, the US, etc.

An end to China’s cheap electricity policy. Cheap electricity in China allowed miners based there to undercut everyone else and make it unsustainable for those in other countries. However, the government’s crackdown has made this practice less common.

Other chipmakers such as Intel and Samsung have entered the game. Bitmain’s huge margins have forced other companies to get involved in the foundry business.

The most important question becomes — how long will this process take? How long will it take for ASIC production to transform from monopoly to a truly competitive environment? It’s taken bitcoin around 5+ years to begin this process, and it will take many more years to finish. The longer this process takes, the more vulnerable the protocol is to collusion and manipulation by a small set of miners in the meantime. Will the periods of centralized mining damage the protocol beyond repair?

Commoditization for ASICs could eventually happen on a long enough time frame, but it will be very cyclical, with companies going in and out of business as the market changes. Before Bitmain launched in late 2013, there were players already producing ASICs such as Avalon, Butterfly Labs, and Bitfury. By the time Bitmain entered the market in late 2013, the market felt relatively saturated.

After Mt. Gox happened however, Bitcoin endured a multi-year long bear market with weak price action. From 2014–2016, the mining industry consolidated heavily as most mining operations were forced to shut down. Bitmain’s superior products and scale allowed it to weather the storm better than most. They outlasted everyone and increased share when the market was shrinking and margins got thinner. When the market recovered and consumers started looking into purchasing mining hardware again, Bitmain was the only real option available.

With Bitcoin’s price increasing 1000% in 2017, it’s inevitable that competitors will enter the chipmaking and mining market. Many new mining operations have sprung up, and many more plan to enter the market over the next year. The question is what happens when another prolonged bear market occurs. It’s possible many operations will be forced to shut down due to thinning margins.

Bitcoin mining is trending towards decentralization and resembling of a commodity product, but this is a long and slow process. Samsung and Intel could eventually compete with Bitmain, but it will take a while. Many of the younger operations will be shut down during another “crypto winter” happens. I’m skeptical ASICs will ever be as commoditized or widely available as GPUs are nowadays, but mining will be more distributed across locations and producers.

6. What can we conclude about the future of ASIC mining?

Changing the proof of work algorithm often comes with costs and is a never ending game of cat and mouse. Developers can obviate this game by focusing on the creation of a fair and sustainable environment for ASIC production and development.

One way to do this is using an ASIC-friendly algorithm that makes production accessible and inexpensive. The core development team of a given network could also drive development themselves, as the SIA developers have chosen.

Allowing ASICs to develop means mining could be centralized for a time being while the market is immature. However, with the large margins enjoyed by Bitmain, other operations won’t be able to resist competing.

There is no easy way forward, but embracing ASICs is probably the best route. ASIC commoditization is a very complicated issue, and determining whether it’s likely to happen will require more input from foundries, miners, and other stakeholders in the ecosystem. Look for a follow-up to this essay where those questions are explored with subject matter experts.

Disclaimer: The author holds positions in Bitcoin, Ethereum, and Monero.

Originally published on Iterative Capital.

Thanks to Nic Carter, chris dannen, Anders Larson, Leo Zhang, and Eric Turner for feedback on this piece.

Follow me on Twitter for more!