Memory-based SHA3 hash function

The idea of moving from pure x13 to x13 + memory based SHA3 function is caused by lack of acceptance of ASIC hardware dependence.

There's nothing wrong with an x13 hashing algorithm family by now (as they are still secure, relatively fast and well-studied) except for the presence of devices, which are designed to calculate x13 extremely fast against standard desktop computers. That gives an unfair advantage to ASIC miner owners and significantly affects network stability and decentralization for any hybrid PoW/PoS cryptocurrency. It's easy to perform 51% attack on network containing thousands of desktop computers using only one modern ASIC x13 device. Moreover, these devices are not improving transaction speed (mostly affected by block size and block generation interval) and can even make network totally unusable by drastically increasing of hashrate and suddenly dropping later.

There are several acknowledged ASIC-resistant algorithms already, and mSHA3 designed by the Scash developer team aims to become one of them. It should provide protection not only against ASICs but GPUs too, by including heavy memory-based computations depending not only on memory speed, but its size too. Desktop computers commonly have plenty of RAM and HDD/SSD space unused. That is why they have a clear advantage against specific devices.

Clear whitepaper is still planned, but let's explain the idea in simple words. SHA3 is well-studied hash function providing strong security and resistance against future possible quantum attacks. It is already implemented in discrete logic (as the one used in ASICs), so we managed to make long chains of SHA3 successive calculations like used in Rainbow tables. Successive calculations still can be done by discrete logic, but that's good starting point for the next part. Exactly like used in Rainbow attacks and in more general time-memory tradeoff attacks we can pre-calculate large amount of commonly used data and store it to improve future calculations speed. ASICs are still amazingly fast, but the desktop computers do not even calculate some parts. They just lookup already stored data and return result instantly. That's what mSHA3 is about.

There are many difficulties involved in implement large data store in ASICs, and it does not look profitable in the near future.

The next question is, what if some node has an extremely large amount of precomputed data to make 51% attack against nodes with smaller amounts of data? That's the reason why we are not moving to mSHA3 completely and looking for a solution based on both functions, x13 and mSHA3 in together. Unlike other projects where the set of hash algorithms is implemented, we don't want to produce several underlying blockchains for each function. The key is to have the balance between difficulty to generate usual x13 blocks and mSHA3-signed blocks over the same blockchain. Technically, the mSHA3 hash will be included in some large (in terms of coin amount) blocks as additional validation data. This can also allow for zero-fee (and reduced security) blocks o be made without this validation data, which can be useful for dust-like transactions (with amounts, of let's say, smaller than 0.01 SCS). It could be a good alternative to Master Nodes or off-chain approaches.

There are still some parts to be researched but this could be one of the key features of SpeedCash project.

One Reply to “mSHA3”

Leave a Reply

Your email address will not be published. Required fields are marked *