It is unlikely that any any proof of work system will thwart implementation in an ASIC. Very complex designs, ranging from radios, satellite positioning systems, to inpertreters of the Forth programming language have all been implemented in ASICs. In the past I have proposed using a modification of boolean SAT problems, knowing that there are many potential algorithmic refinements to that problem that could routinely make CPU mining competitive with ASIC mining. Sadly, the protocol proves to have extreme variance in mining time which I regard as unacceptable for the 12 second target mining time.

Rather than try to thwart ASIC implementation, it should be accepted that it is inevitable. As designers, we should hope for the best plan for the worst.

A proof of work mechanism designed to incorporate calculations carried out on the EVM would give an ASIC designer little recourse other than to implement a custom CPU designed to run the EVM instruction set natively (and potentially interact with the distributed database). Ethereum CPUs would naturally out-perform x86 CPU based miners, which are effectively forced to emulate a native EVM.

If Ethereum was later to migrate to a Proof of Stake protocol, then custom CPUs used for mining could be repurposed for contract-code evaluation. This, in my opinion, would be more economically productive use of their computational resources.

To this end, below I sketch a port of the Random Circuit protocol to the EVM. Proof of work consists of:

A nonce

An algorithmically defined, compiled EVM program

The output of the program, which should report gas used (a non-zero value)

Work is verified by running the EVM program, and verifying that the output is correct and non-zero