Malignant computation

To properly serve society, cryptocurrencies must support computer hardware that is useful for other things.

Cryptocurrencies, like bitcoin, could revolutionize money to the same degree that the Internet has revolutionized communication. However, like any economic marketplace, human exuberance is the greatest threat to the cryptocurrency phenomenon. Markets fail to the degree that the market can be dominated by those seeking personal gain, and markets succeed to the degree that they resist domination and focus on benefiting society at large.

The cryptocurrency market place is in danger of becoming so focused on profitability, that it loses sight of the potential computational benefits that it could provide to society. I hope that this article will influence designers of cryptocurrencies to attempt to avoid computational malignancy.

Many people regard the success or failure of the market to be the degree that it works for them, rather than for society as a whole. One of the fundamental motivations for cryptocurrency is the general sense that banks, governments and markets have failed to protect the interest of the common man. It is not an accident that the rise of bitcoin began shortly after the sub-prime mortgage crisis.

Cells, typically, prefer to serve the whole organism, but when they get confused and start to multiply without regard for the impact on the organism as a whole, they can morph into a series of diseases that we refer to collectively as cancer. This is why “curing cancer” is so hard. Cancer is not a disease, but a family of diseases that share a common core problem: cells acting in their own interests that betray the body as a collective.

We have a similar problem with the use of computation in markets. We can call this malignant computation. This is when computation starts to ensure its own survival at the expense of the overall marketplace. The Skynet hypothesis is a boogeyman intended to scare the young and the paranoid. The real threat from AI is that it will become so good at the pointless tasks that we have given it that those pointless tasks will become a black hole of resources.

This has already happened with high-frequency trading on Wall Street. There is an ongoing arms race between computers that trade stocks to see which one can get the edge over the other, and entire series of engineering feats that have no purpose whatsoever other than to overcome previous engineering feats. In several respects, the computational trading platforms are the most advanced computation systems on the planet, and they are engaged in a micro-second game of mutual navel gazing. There is so much money being “made” by these super computers that the only thing that is absolutely certain is that further funding for bigger super computers will become available.

Capital markets serve a function in society. They ensure that businesses that provide value to society will have access to large amounts of capital to invest in otherwise too expensive projects. I have not been able to think of a single way in which the high-frequency trading platforms have improved the markets capacity to serve that function. No one has been able to provide me with any contrary insight, although several pointed me to more eloquent statements of the underlying problem. High-frequency trading is the first and foremost example of malignant computing, but it is not the last.

Malignant computing is a problem in cryptocurrencies too, but in order to discuss it clearly, one has to understand how the computational arms race in cryptocurrency mining works. This article does a wonderful job of summarizing the issues of the crypto arms race.

Cryptocurrencies in the bitcoin mold rely on a process called “mining,” which is the process of performing arbitrary calculations that help to ensure that the currency as a whole is functional and secure. Because of the inflated prices of bitcoins, mining has been very profitable, and as a result, we have seen the entire computational infrastructure of bitcoin switch to ASICS, or Application Specific Integrated Circuits. When you see the word ASIC, you should have a mental shortcut to “single purpose computing.” The bitcoin mining ASICs are so specific that they can only be used for the computations for bitcoin mining; they cannot even perform nearly identical computations for different parts of the bitcoin computation process.

I believe that this is another example of malignant computing. Bitcoin mining will continue until 2033. For bitcoin, ASICs will do the vast majority of this work, and assuming the value of a single bitcoin continues to rise, the amount of money invested in specialized hardware to perform bitcoin mining will almost certainly pass into the tens of billions of dollars. The bitcoin mining algorithms rewards miners relative to the whole amount of computational power devoted to bitcoin mining everywhere. If computational power were equated to “lottery tickets,” this would be tantamount to massive changes to “your chance of winning.”

Permit me to digress with this analogy: Let’s imagine a lottery for $100. If you have 10 lottery tickets and there are 100 lottery tickets in total, then you have a 1/10 chance of winning. If the lottery tickets cost less than $1 and you are ensured that there will be many more rounds of the lottery, then it makes sense to purchase tickets in every round. Over time, consistent participation will ensure a profit. If the lottery ticket costs more than $1, then participating repeatedly will guarantee a loss.

Bitcoin-style mining works in much the same way. With one exception: the number of lottery tickets are proportional to the total amount of computation devoted to the process. Let’s imagine that there were several million lottery tickets available. Owners of ASIC computers would be able to acquire hundreds of thousands of tickets each. Owners of programable specialized hardware would be able to purchase tens of thousands of tickets. Owners of commodity hardware with specific graphics cards would be able to buy thousands of tickets. Owners of commodity hardware without graphics cards would be able to buy one or two tickets.

Remember that tickets are not free, running computers requires electricity, and the electricity bill for running a lot of computers can be quite high. In order to profitably participate in cryptocurrency mining, you have to at least make more money than your ongoing electricity costs and the costs required to obtain your hardware. To summarize (data as of the writing):

Total computation devoted to mining (i.e. total lottery tickets) 88,502,557,900 MH/s
Typical ASIC computation 100,000 (2013) 1,000,000 (2014) MH/s
Typical FPGA computation 1000-25,000 MH/s
Typical GPU (graphics card) computation 500-2500 MH/s
Typical CPU computation 10 MH/s

Currently, it is not practical to mine bitcoin without an ASIC. There are so many ASICs that are contributing to the total amount of computation devoted to bitcoin mining that nothing else can justify the costs of electricity to compete against the ASICs for reasonable shares of the mining rewards.

This is a problem because the ASICs represent a tremendous amount of raw computational resources that are permanently devoted to financial busy work. The bitcoin mining network would work just as well if it had far less computation devoted to it. Bitcoins would be mined at exactly the same rate if 1/2 or 1/4 of the computational resources were devoted. This means that bitcoin has incentivized a tremendous amount of computational busy work. So far, the estimate is that the bitcoin has used about 150,000 megawatt hours of electricity, which is about 1/8th of what the state of Hawaii uses in one year. It would not be unreasonable to assume that at the rate of growth, the bitcoin mining network will surpass the yearly electricity usage of a small state soon.

If we include the environmental impact of producing and manufacturing hardware specifically for bitcoin mining along with the electricity costs, then society has invested in a tremendous amount of unnecessary computation. Clearly, this is another example of malignant computation.

The order of usefulness in bitcoin mining is:

1. ASIC 2. FPGA 3. GPU 4. CPU

The order of usefulness for all other computations is exactly the opposite:

1. CPU 2. GPU 3. FPGA 4. ASIC

ASICs achieve their dominance over the mining network by being utterly and totally useless for anything other than bitcoin computation.

But we must give credit where it is due. It is a feat of engineering that bitcoin works at all. It is no trivial thing to engineer a cryptocurrency where none existed and ensure that it is both secure and adoptable. Bitcoin is a trailblazer, and there was no way to know for certain, in advance, that the drive to ASICs would happen.

Litecoin is another matter. Litecoin bills itself as “silver to bitcoin’s gold.” It was designed using mathematics that would resist implementation in an ASIC. Litecoin has proven to be the second viable cryptocurrency, and it won this position in no small part because it advertised itself as CPU-centric and mineable on “consumer” hardware. Essentially, litecoin was intended to be a cryptocurrency that would not succumb to computational malignancy.

Litecoin is facing something of a crisis, as the first ASIC to support litecoin mining will likely be out soon. Silver is distinct from gold because there are notable and substantial differences between the metals. Litecoin is about to lose its central distinction from bitcoin. All of the other distinctions between litecoin and bitcoin are mostly irrelevant, differences of preferences and not of substance. There is a poll and discussion on Bitcointalk that shows there is a preference for changing the litecoin proof-of-work algorithm to make ASIC mining impossible.

To suggest that this happen with bitcoin would be unthinkable. The bitcoin project advertised its method for proof-of-work, and there was never an intention to prevent any approach. But litecoin specifically had CPU-oriented proof-of-work as a goal. I hope that litecoin decides to change its proof-of-work to ensure it does not become a clone of bitcoin. If it is to stay distinct, it must do so in the most fundamental way and stick to its roots. After all, if I have to buy an ASIC, why not just buy one for bitcoin? I hope litecoin gets this one right.

I expect, however, that if litecoin decides not to modify its proof-of-work algorithm, it will be supplanted as “silver” by another cryptocurrency that does take this commitment seriously. YAcoin has committed to intentionally changing its proof-of-work over time to be ASIC resistant, but so far I have found no cryptocurrency that has committed to actually changing its proof-of-work if the current proof-of-work becomes ASIC friendly. So far, at least, no one regards this arms race as a central problem that needs both technology and cultural solutions. Changing the proof-of-work in a mining community would produce a fork unless there was strong consensus around the goal of avoiding computation for the sake of itself.

It order to avoid computational malignancy, a cryptocurrency must support miners who have computer hardware that is useful for other things. Or it could integrate a fundamentally useful process as its proof-of-work (which is the approach that primecoin takes as it attempts to find prime numbers).

Eventually, cryptocurrency mining software should ship with implementations of APIs that allow its computational resources to be accessed for other purposes. The OpenStack protocols are a good place to start for this. In fact, as the OpenStack protocols mature, they should support cryptocurrency remittance. That way, a currency miner who has invested in a data center can say, “Oh, you will pay me 100 litecoin/bitcoin/whatever to view my mining cluster as a Hadoop instance? I would only make 90 mining! OK, sold; here are your access keys.”

Which is the reason that I have an Ox in this ditch. The “Omics” in medical science is going to require super computer resources on a massive scale, and while the most profitable health care inquiries will always be pursued, there will be more and more of a need for computation resources for “orphan” diseases, etc. The capacity to repurpose mining networks to perform genomic, proteomic, or exomic analysis would ensure that the network would be available to serve society, not just itself.

(I should warn that I am not giving investment advice — or more strictly, that if you were to attempt to view the above as investment advise, you will probably lose money.)

Get the O’Reilly Data Newsletter

Stay informed. Receive weekly insight from industry insiders.

  • kevin

    vertcoin uses nfactor algo to be truly asic resistant

    • It does, but its schedule is such that the N factor changes too infrequently to be truly asic resistant

  • DS

    You are absolutely right to call attention to the gross misallocation of resources of recent years — misallocation on a scale so vast as to approach Soviet quality — and are equally right to call attention to HST as a phenomenon that exacerbates this.

    However, you are altogether too quick to identify these as computing problems. HST for instance could be banned next week if the public and government demanded it. Like other speculative vehicles, Bitcoin could be also be subjected to regulation to reduce the risk of fraud.

    This post therefore makes the fatal error of mistaking symptom for disease. Poor fiscal and monetary policy (in short, insufficient fiscal stimulus and excessive monetary stimulus through QE) has ultimately been responsible for the liquidity that has been put mostly to speculative get-rich-quick schemes instead of being directed towards productive capacity.

    There are few circumstances under which Bitcoin is remotely credible as a currency or store of value, and the this mania, as the apotheosis of the current tech bubble, could not be more illustrative of the misallocation of resources you describe.

    In short, Silicon Valley has become Wall Street.

    As the Fed taper cycle begins, funding will dry up, and the tide will go out, just as it did in late 1999 when the Fed tightening cycle began.

    • fred trotter

      I hope I focused on the underlying incentives that cause the problem, but I disagree with your labeling this as a “human only” problem. As Big Data becomes more and more sophisticated we will see more computation that “accidentally arranges itself for self survival”, in a process not unlike the formation of early single celled organisms…

  • onlineflowers

    We can do our best by showering mother with presents that would make her realize how deeply we think of them and want to thank them for being an idol in our life. Send Flowers to India and show your intense love.

  • dlldk8j

    It is sad just how much energy is going to Bitcoin mining…

  • cphv

    I think there are some important distinctions to be made between high frequency trading and Bitcoin mining. HFT is, as you say, hardly of any benefit to “the common man”. Bitcoin mining on the contrary, is used to secure the Bitcoin network, which is of great benefit to us all.

    Bitcoin is a global payment network that anyone with internet access can use. That is actually an incredibly useful way to spend energy since it allows anyone to send money over the internet, fast, easy and virtually free.

    There is an enormous amount of resources used in today’s banking system for heating buildings and securing and moving cash. That is not an issue with Bitcoin.

    Bitcoin mining facilities can easily be (and are already being) placed in areas where energy is cheap and abundant. Typically this means various kinds of renewable energy. Contrary to HFT machinery which is typically placed as close to the stock exchanges as possible to get the lowest possible latency.

    • fred trotter

      I certainly concede that Bitcoin is providing a social benifit, and even that bitcoin mining is an important component in securing the bitcoin network. But there is no justification for the ASIC-only specialized computation, or for the outlandish amount of electricity that is being spent here.

      In order to be “secure” as you mention, mining efforts primarily need to be broken up between many participants, there is no extra security benefit from ASIC-only computation.

      That delta: between what bitcoin needs to handle secure mining and the massive amount of computation that is actually being thrown at it… is how bitcoin mining has become malignant.

      Still, this article should not be taken as criticism of bitcoin, but rather a call for the adoption of further crypto-currencies that do not work in this way. As I mention in my article, there is no way to have predicted that bitcoin would produce excessive computation.. and we should remain amazed that it works at all!!



  • tromp

    I designed the Cuckoo Cycle proof-of-work system at whose README I reproduce below.

    Mining is generally considered to be inherently power hungry but it need not be.
    It’s a consequence of making the proof of work computationally intensive.
    If computation is minimized in favor of random access to gigabytes of memory
    (incurring long latencies), then mining will require large investments in RAM
    but relatively little power.

    Cuckoo Cycle represents a breakthrough in three important ways:

    1) it performs only one very cheap siphash computation for about 3.3 random accesses to memory,

    2) its memory requirement can be set arbitrarily and doesn’t allow for any time-memory trade-off.

    3) verification of the proof of work is instant, requiring 2 sha256 and 42 siphash computations.

    Runtime in Cuckoo Cycle is completely dominated by memory latency. It promotes the use of commodity general-purpose hardware over custom designed single-purpose hardware.

    Other features:

    4) proofs take the form of a length 42 cycle in the Cuckoo graph.

    5) it has a natural notion of (base) difficulty, namely the number of edges in the graph; above about 60% of size, a 42-cycle is almost guaranteed, but below 50% the probability starts to fall sharply.

    6) running time for the current implementation on high end x86 is under 24s/GB single-threaded, and under 3s/GB for 12 threads.

    7) making cuckoo use a significant fraction of the typical memory of a botnet computer will send it into swap-hell, and likely alert its owner.

    • fred trotter

      I am so happy to know that someone is making practical progress on this problem. Can your cryptocurrency change its proof of work over time?

      • tromp

        I don’t have a cryptocurrency, just a proof-of-work algorithm.
        Which has yet to be adopted…

  • e_ducat

    Its very hard indeed to estimate the amount of energy devoted to bitcoin mining precisely because mining can take place in various kinds of context. ASICs are far less power hungry than CPUs or GPUs. Also, if I am mining in the winter at home, I might be saving some energy heating the room. This is not the case with the data centers used by the traditionnel finance system where energy is spent cooling the aisles. Because Bitcoin reduces the scope of traditionnal cash, we are reducing the environmental and social costs of running armored trucks filled with bank notes. Last but not least, there is a logical fallacy in the article: if mining computations can be merged with other purposeful computations, the consequence is lowering the cost of a 51% attack because the opportunity cost of such attack would be lowered.
    Additionnally, on a macro economic level, the hashing power of the bitcoin network is safeguarding it from an easy replication in clones that would dilute its money supply in an ocean of worthless coins. The many socially usefull applications of the bitcoin public ledger will make it worthwhile to spend some amount of energy (the équivalent of a solar plant) to run the network: access to affordable financial services, contract scripts, escrow, electronic votes,etc.

    • fred trotter

      You are not the only one making this point about the reduced environmental impact, or about the service securing the network.

      I expect a rebuttal to appear shortly which should crystalize some of these issues, but I expect my central point will remain unchanged. ASIC computing to secure that bitcoin network does not end up making it that much more secure than GPU mining would but it does result in lots of wasted computation.


      • An interesting point someone made (I think it was Peter Todd, a bitcoin core contributor), about the use the computation for other goals besides security of the ledger, is that it provides further incentives to overpower the network, besides monetary gain (or destruction).

        So, for example, it destroys some of the self-correcting incentives that comes with the Bitcoin network: having a lot of hashing power (say 51%) means you are faced with 2 choices. Take part (and gain), or overpower the chain to your will (making it worthless). Currently, these self-correcting incentives work well, as only monetary gain is at stake. This led to players like BTC Guild and out of their own volition restrict access when they came close to those levels to retain trust in the network and subsequently their value.

        IF it’s doing something else as well, say generating prime chains for the scientific community or even a general purpose API for anyone to use, then the self-correcting incentives becoming weaker. A large mining pool might not out of their own volition remove hashing power as their incentive could be altruistic: “We are helping the scientific community. So we won’t pull back. We are providing benefit.” Except this means, pools larger than 51% suddenly become more okay. Which is a big risk in terms of security.

        • e_ducat

          You have developped with great clarity the point that is missed by OP and that I alluded to: we cant have our our cake and eat it. Multi-purpose computation goes against the design objectives of bitcoin, namely security and decentralization.

  • Zigurd Mednieks

    This is a fascinating article but I suspect the problem of special resources consumed by purpose-built bitcoin ASICs is not a very large problem. If you asked the chip foundries, they would probably tell you demand for these ASICs are no threat to capacity.

    They are neither going to starve any other endeavor of resources, nor will they enable some more worthy pursuit to get significant benefits from piggybacking. Maybe a big ibank’s trading operation has a no-longer-competitive FPGA supercomputer they could give you. There would be a lot of redemption in a deal like that.

    • fred trotter

      recovering hardward is an interesting approach I had not thought of…

  • sizegenetics discount

    hello there and thank you to your information I’ve unquestionably picked up one thing new from correct right here. I did nevertheless expertise some technical concerns working with this website, as I knowledgeable to reload the website a great deal of instances earlier to I could get it to load appropriately.wondershare dr fone

  • fred trotter

    I think you mean “for the foreseeable future”, forever is a fairly big promise…

    I personally choose to call the Hashing process “mining” only while it generates fundamentally new bitcoins, and just call it “hashing” after that. Although I am not sure if there is a “industry standard” terminology that I should be respecting here, the analogy just does not make sense after that point.

  • Mark Rahner

    Bitcoin&Litecoin Investment – 8000% after 48 hours
    PerfectMoney Finance can impress you with the solid experience in professional Forex trading and investment projects, qualified experts and always best service for our clients and partners. ds
    Plan Deposit Return
    PM1 $250-$2,000 8000% after 48 hours
    PM2 $2,001-$5,000 8000% after 36 hours
    PM3 $5,001-$10,000 8000% after 24 hours
    PM4 $10,001-$20,000 8000% after 12 hours
    PM5 $20,001-$49,999 8000% after 6 hours
    PM6 $50,000-$100,000 8000% after 4 hours

    Invest Now

    Investment Insurance