The need for energy efficient proof of work algorithms

Background

There is a recent (circa May 2021) focus on energy consumption metrics of various proof of work crypto coins due to celebrity tweets, pure misinformation, state actors with hidden agendas, and many people with purely good intentions for the environment. Many claims circulate with “this coin uses more energy than X country”, etc. These claims are generally valid, although they may be based on dubious sources. Clearly there is a need to increase efficiency of proof of work algorithms to free energy consumption for other uses and reduce greenhouse emissions.

This all boils down to one thing — deterministic memory bandwidth.

Analysis

There are a plethora of proof of work algorithms which range in complexity. Bitcoins SHA256 is on one end — extremely simple, almost zero memory usage and highly parallel. On the other end are script based algorithms like those used by Monero.

Point 1- ASIC mining fosters high energy consumption. ASIC manufacturers invest large sums in R&D to create products that need to be consumed at scale for an ROI. This means that their product must be widely deployed and thus, will naturally consume more energy than other solutions due to the sheer scale needed for profitability. ASIC based POW are de facto high energy consumers. Therefore, POW algorithms should endeavor to be ASIC proof — meaning that it will never be profitable for an ASIC manufacturer to invest in the requisite R&D to bring a product to market. This can easily be achieved by frequently changing the algorithm in a random way, on chain, as I have proposed and developed (links below). There is nothing technically special about this — build a mechanism to change the algorithm every 90 days and no ASIC manufacturer is going to look at your coin ever.

Point 2 — Memory access uses power. Algorithms which are memory bandwidth intensive (ETH, KAWPOW, etc) use alot of power. Why? Because the GPU compute unit / global memory interface is power intensive. Moving data takes energy. Any algorithm which builds a DAG (directed acyclic graph) takes alot of power and generates alot of heat. The rationale behind a DAG is that ASIC manufacturers will not be able to achieve significant energy/cost ratio gains over commercial GPUs, which has generally been true, but at an incredible cost — power and heat. Addressing ASIC consolidation with point 1 is much easier. Make the algorithm energy efficient and change it often, on chain, autonomously, without hard forks.

Point 3- Script based algorithms use significantly less power. By “script based” I mean algorithms which cannot be parallelized because they are deterministic — the input of operation N depends on the output of operation N-1. There is -no- way to build parallelization into the algorithm because it all must be executed step by step. In practice these algorithms use 5% of the power of memory hard algorithms that are constantly pounding global RAM. It is possible to make these algorithms GPU friendly by designing the RAM requirements to fit into local compute unit limits and using 32 bit friendly operations which can be optimized in GPU. For example, if an operation requires a 256 bit addition, the implementation can break the add into 8 discreet 32 bit adds and let the 32 bit adds overflow internally instead of globally. This can be easily optimized in OpenCL so that consumer grade GPUs still benefit.

Point 4- POW is superior to POS. Proof of work is the ultimate decentralized security solution. Proof of stake suffers from many centralization issues, such as “nothing at stake” attack, invalid slashing, centralization on compute platforms like AWS/Azure/GCD and ultimately, SEC intervention for violations as an unauthorized security. Proof of stake encourages those who will benefit from the ecosystem to stake, such as exchanges. This is the exact opposite of decentralization. A healthy security ecosystem has multiple parties at odds with each other competing for rewards, not a small number of centralized entities working together for their own benefit. Proof of work miners could care less about the users, and that’s exactly how security should work.

Conclusion

Coin developers should create custom POW algorithms which use the least amount of power possible and are ASIC resistant. Memory hard functions are inherent power consumers and should be avoided. Proof of Stake is an insecure solution which should only be used in conjunction with proof of work. Using a deterministic script based proof of work algorithm, it is possible to reduce energy consumption by an order of magnitude and still maintain high levels of decentralized security.

An implementation of a custom script based proof of work algorithm can be found on the Dynamo coin github which can be access from here: https://dynamocoin.org

Real world field testing of this algorithm shows that power consumption on an RX580 8GB card for Dynamo hash is less than 10% of the power consumption for Ethash.