Heh. I worked on a type of photonic PoW in 2019 (but it wasn't silicon photonics).
- It's faster and lower power for the hash rate. It's worth it. But not as fast and low power as hoped.
- It's a great advantage for the early adopter who can mine that bit faster than everyone else for a short time. That was the motivation for the project.
- Contrary to the title of the article, making hashing faster for less energy doesn't "help with the high energy consumption of the crypto currency mining activities" once the technology becomes available to enough miners.
It's the same as the introduction of ASICs before it: only a temporary advantage to those few who have it first. Of course that's only a few miners, so it doesn't affect energy consumption of the whole blockchain much. As soon as a new technology becomes widespread enough to have a significant effect on the whole blockchain, blockchain proof-of-work returns to exactly the same amount of energy consumption as whatever technology came before it.
It's because of how the mining-price system works, proof-of-work energy consumption is independent of the technology widely used. In other words, you can't solve the proof-of-work energy consumption problem with a new proof-of-work hashing technology.
So whenever you see a headline or article promoting a new proof-of-work solution on the grounds that it will reduce energy consumption of the blockchain - that's false. Snake oil, even.
(On the other hand, other mining methods such as proof-of-stake do reduce blockchain energy consumption for real, in exchange for different problems, perhaps.)
But I think the Eindhoven people have understood this, and it's the journalism that misleads in this respect. From the article:
> From our perspective, the ideal proof of work algorithm would be an algorithm that spends no energy, but time (i.e. pure delay). This kind of proof of work is hardly possible in the real world. So instead, we would love to see some sort of a “computational delay” when only a small fraction of energy is spent on proof-of-work computation, while this computation itself introduces a time-delay. We believe that photonics can help us to achieve such a “computational delay”.
I'm surprised Verifiable Delay Functions (VDFs) are not mentioned. There is has been an emerging field of cryptography focused on delays enforced mathematically, called Verifiable Delay Functions, since about 2018. Rather like the technology race of proof-of-work, VDFs rely on the assumption that underlying technology (logic gates, arithmetic units (like in analogue photonics), etc) is somewhat evenly distributed; that nobody has access to a technology that can perform the calculations with much lower delay than everyone else.
VDFs still won't reduce energy consumption if they are used as another form of proof-of-work. For example if running many delay functions calculated in parallel gives a mining advantage, many will be built and together they will use the same amount of energy as proof-of-work. To provide a real energy consumption benefit, the blockchain consensus method needs to change as well. Think "proof-of-verifiable-delay". As far as I know, no such method has been worked out yet.
> It's because of how the mining-price system works, proof-of-work energy consumption is independent of the technology widely used. In other words, you can't solve the proof-of-work energy consumption problem with a new proof-of-work hashing technology.
This is not strictly true. The cost to mine will converge with the proceeds of that mining -- that is economic law. But the total cost of mining is actually the cost of ownership + the cost of operation of the hardware. As we know, electricity presently dominates the cost of operation and the total cost. But you can imagine a very low power chip that is expensive to make -- like this photonic PoW, maybe -- and then the cost of the chips themselves dominate the total cost and drive down energy usage as a portion of the whole pie.
As an aside, the algorand layer-1 chain uses VDFs to select a validating set per block, weighting member selection by how much crypto each account owns. They call it Pure Proof of Stake. It definitely reduces the energy consumption and increases network throughput, of course with trade offs. See:
One of the most successful implementations of VDFs in crypto right now is Chia, which uses proof of storage space interleaved with proofs of time from VDF servers. There is not an incentive created by the consensus algorithm to have many VDF servers, since only the fastest VDF server participates in block creation.
Also, it alters the PoW economics somewhat by utilizing already-existing general purpose hardware (storage) and has an implementation which does not yet seem susceptible to special purpose hardware attacks (i.e., increasing storage density / decreasing TCO already has a huge bounty)
Appreciate your thoughtful explanation and context. The shortcut on "whenever you see a headline about low energy PoW" is useful, I had been wondering about that.
One thought - has there been anything on something like "Proof of Capability of Work"? ie "Yes, I have all this compute power potential, but I'm not using it".
Oh shit did I just back into what you mean by VDF? Basically Proof of Sitting Around? I'm gonna hit submit before talking myself in circles.
> has there been anything on something like "Proof of Capability of Work"? ie "Yes, I have all this compute power potential, but I'm not using it".
As far as I know, there has not. But I hope you are a physicist, because this idea is genius.
The key role played by counterfactuals in quantum mechanical systems might make it technically possible to prove potential to perform computation that is never performed.
Practicality aside this is either still really wasteful (lot's of unused compute sitting around in some datacenter) or really susceptible to attacks (e.g. "proof of the capability to rent a lot of AWS servers for a few seconds - everybody can do that, and somebody will")
Wasteful: Unused compute sitting around in some datacenter is on the first order less wasteful than having it using tons of electricity to run a random puzzle. Less electricity usage. However, the second order effects may negate the effect i.e. miners instead buy up more units, which puts more pressure on manufacturing, which ends up using that extra electricity, and the energy waste is equal.
Attacks: that's exactly what you would need to build a tool for. You need to prove that you sit around, and not just promising to sit around. It's a tough problem! Proof of Not Work.
Public blockchain systems are distributed databases that anyone can submit write transactions to and where you don't need preauthorisation to join the system. In order to avoid the network being taken over by sybil attacks, it's necessary for participation to be based on locking up / committing / consuming something rare. Anything that becomes cheap or easy is not suitable for basing participation on.
So far I know of systems using computational work (PoW), ownership of cryptocurrency (PoS), or storage space as that rare resource. The idea of using photonics to create a low energy 'proof of time' basis is interesting but there would still be difficult economic considerations. If acquiring the photonics is too hard, then you've got a centralised system, if it's too easy then the sybil resistance and environmental impact benefit goes away (because control of the system devolves into 'who can acquire the most hardware' incentivising massive production).
Perhaps surprisingly, improving the cost efficiency of the work done by a traditional PoW blockchain doesn't reduce its energy usage, because the usage is determined by a competitive market place driven by supply & demand, not by a fixed amount of work needing to be done. Increasing the cost efficiency of the calculations just results in the blockchain doing more calculations.
A huge chunk of the cost is in the electricity used, so power efficiency and cost efficiency are very very similar.
Ultimately I don't think you can improve matters much by attacking power efficiency of the calculations. You may be able to move the economic balance point between upfront/ongoing costs by requiring more or more expensive hardware, but reducing ongoing electricity usage isn't a clear win if it's produced more waste and power usage during the creation and ultimate disposal of the hardware.
One way I've come to think of it is that Sybil resistance comes from having the next block producer chosen by a raffle, with some resource used as the ticket. PoW is an example of the resource being exogenous to the system and PoS is an example of the resource being endogenous.
A problem I see with both is that they are inherently plutocratic, in that the wealthiest participants will have greater economies of scale in the resources they devote to the block production process.
This is true, however it's also not an unusual feature - pretty much every capitalist society has the characteristic that those with capital can gain more capital with a minimum of additional work.
Alternatives that don't have that feature to at least some extent would be regarded as very radical, and difficult to implement.
This has already been implemented in at least one other crypto successfully. See: Nano (formerly Raiblocks).
The crypto community, however, seems to have a very narrow focus on reproducing these plutocratic systems and incentives because everyone wants that power for themselves and wants to be first in whatever the Next Big Thing is. Crypto development as a whole seems to be hampered by these incentives and by an excessive focus on the original technologies of Bitcoin as opposed to its original aims.
No, I think most people (as in, core developers) just want whatever can actually be relied upon. If there were a silver bullet consensus algorithm that was decentralized and secure and also far less wasteful/plutocratic, everyone would probably switch to it.
The idea that there's an easy, superior solution on the other side's grass and bad motives are just keeping people locked into a bad system is a convenient narrative, but rarely true. I don't know the details about Nano, but my guess is the reason other cryptocurrencies haven't adopted their algorithm is because they don't think it's sufficient, for whatever reason.
Nano/Raiblocks has been around for years, the original developer was also one of the first to work on Bitcoin, apparently, and the network has been live for some years and successfully transacting.
I don’t think it’s a matter of the technology being unproven or unreliable. There was recently a 22 million dollar transaction that was both feeless and recorded to the network in <5 seconds.
It seems obvious though that to adopt the protocol means sacrificing a plutocratic winner-take-all mining regime and everyone in the crypto space wants to be that winner.
Why go through the trouble of developing a photonic mining system if there’s already a viable alternative to PoW/PoS in the real world being used? Why all these outlandish schemes to “green” PoW networks (that never come to fruition) when there’s a viable technology transacting at a literal 6 millionth of the cost of a single btc transaction?
At a certain point, you begin to see that a large part of this space is not committed to the aims they espouse but to a kind of delirious financial brinksmanship that yields little in the way of progress but makes small numbers of people very wealthy.
> Why go through the trouble of developing a photonic mining system if there’s already a viable alternative to PoW/PoS in the real world being used?
Nano has some interesting ideas but also some fairly obvious flaws, most notably the fact that there is no built-in economic incentive to run a Representative node and participate in the voting. Running a node is an expensive operation (in CPU time, memory, and bandwidth) and the protocol basically leaves this important function up to individual enthusiasm or goodwill. As a result there are a limited number of active voting nodes making decisions for the network.
The faucet-based initial distribution of Nano (XRB) is also arguably less egalitarian than Bitcoin's PoW-based mining rewards. If you weren't aware of Nano (RaiBlocks) while they were running the faucet then you had no chance to participate in that initial distribution. This is not quite as bad as full pre-mining where all the initial coins go to the developers and other may or may not be able to mine more later at a higher difficulty, but it seems likely that the developers and other early adopters would have received the majority of the output from the XRB faucet, which by design is all the XRB which will ever be produced.
I'm sure there are many people who share the mentality you describe, but I don't think it applies to most core developers of cryptocurrency protocols, and such developers also don't make more money the more expensive mining is.
I don't think it's an excessive focus on BTC technology, so much as that BTC abstracts the core issues to their fundamental essence and forces the tradeoffs on those terms, without obfuscating them. For instance, POW is extremely clear: you make a sacrifice to create blocks / mint transactions. It's almost biblical -- the game theory doesn't work without the sacrifice, and sacrifice is, tautologically, a tradeoff of one precious thing for another. All other crypto projects either want free lunch someplace, or make very different tradeoffs and assumptions.
Bitcoin is not a pure or minimal system, contrary to the hype. There are all sorts of decisions built in to it that can be varied, and if the concept of a cryptocurrency does, in fact, have society altering promise, it's very worthwhile to have other technologies explore the space.
I think widespread institutional adoption of crypto is pretty important in this regard.Operating a photonic miner being hard provides more incentive to be a part of those 'mining' it, as you might expect. So, if it's beyond average user scope but within say .1-1% of a companies budget and could create massive dividends, why shouldn't they invest in this?
It can be a little gross to consider, because no ones like idea of 'the rich getting richer', but that isn't really different from what happens today, anyways. What matters most is that the system has a lot of nodes to work with, and that can still happen here if there's enough adoption in this scenario.
Not to mention that it should be hard to abuse your control in a public blockchain system. Governments could require companies to have an use photonic miner operating license and revoke it if they did something like this, for example. I think its a decent middle ground between centralized and decentralized. And (should?) produce less electric waste overall. I'm not sure, I don't really know much about photonics.
Using PoW crypto at all creates massive waste for no productive use. In a world struggling to avoid catastrophic climate changes, it is completely irresponsible, and should be stopped instantly.
Not to mention, crypto currencies are worse than traditional currencies in every way: much more wasteful than the whole global banking system for a tiny tiny tiny fraction of a percentage of the number of transactions, much more centralized in several ways, deflationary, impossible to control if they spiral. There is no reason to keep this charade going.
Yes, they're worse in many ways, but that is exactly the design decision they made in order to be better in one particular way; to be censorship resistant (and permissionless).
Not all are deflationary; many have a tail emission that makes the supply dis-inflationary.
Nothing is censorship resistant against a determined censor. If crypto sees more and more adoption, exchanges and companies accepting it will likely get pushed to implement KYC and AML just as much as banks are.
Proof of work is wasteful in the same sense that having banks is wasteful. Imagine what it takes to operate a banking institution. It's not just electricity. It would be "efficient" to just write the word "bank" on a shack and then have one or two workers "guard" over all the deposits.
Unfortunately, nobody would be willing to use such a bank. Actual banks that people use need to spend a lot of money just on maintaining the charade of being proper custodians. Yet, they can still lose your deposit, in which case they rely on the government to bail them out.
Perhaps proof-of-stake is something that can mostly replace proof-of-work, but the proof is in the pudding.
> Actual banks that people use need to spend a lot of money just on maintaining the charade of being proper custodians. Yet, they can still lose your deposit, in which case they rely on the government to bail them out.
The major difference is that, collectively, the world's banks are a decentralized system that processes billions of times more transactions every hour than Bitcoin and other major PoW coins have ever executed, while offering many services which are impossible to offer through Bitcoin - loans, insurance, the ability to recover your money from a fraudulent transaction, and many others.
Replacing this entire centuries old system is something that no one wants - not the left, not the right, nor the vast vast majority of crypto owners, who are just in it for a quick buck.
If we want to bring climate change under control then coordination and communication tools that cross national borders are necessary. That is what many of us working in crypto are focused on, you might not yet value it, but we do.
How do we collectively, as a planet, decide what is acceptable usage of energy and what isn't? Who gets to use machines and who doesn't? And how do we do that in a way that isn't authoritarian, and held together with violence?
Is it wrong to use my gpu playing video games all day, or is the moral panic only applying to certain uses of computers?
When you say it should be stopped instantly you should clarify what you mean by that, what action do you see being taken?
If every person on the planet were using their GPU to play a few hours every day, they would probably not reach the amount of energy used by the Bitcoin blockchain alone.
All of the things you are citing require cooperation and discussion and democratic discourse. An algorithmically driven opaque protocol controlled by a handful of technocrats (the people developing the major clients and the ones running the major mining pools) is part of the problem, not a model for the solution.
Not to mention, money as a means of exchange is simply not one of the problems standing in the way of stopping global warming. The biggest problems are caused by rich people who have calculated that they will not be personally impacted, who couldn't care less about the poor 90+% of the planet who will, and who have thus decided to prioritize increasing their wealth today over any sort of urgent changes. It is also perpetuated by organizational systems put in place a long time ago (mainly for profit corporations with lobbying power) that have the same goals - short term profit over any other consideration.
Another thing that was put in place for corporations with lobbying power and wealthy people is the current US monetary policy of quantitative easing to infinity. This makes the rich richer and decimates the purchasing power of those who have few assets (poor and/or working class), and the government which you seem to have so much trust in does this knowingly. Note that even outside of the US, this does matter, since the USD is the de facto global reserve currency.
I do not have that much trust in the government. However, the government, unlike corporations or algorithms, is the one thing I have some minute amount of democratic control over, corrupt though it is. Moving things like monetary policy away from corrupt government control directly into private hands, or moving it into completely inflexible algorithmic control (with the algorithm in turn controlled by private individuals) can only make things worse.
And note that, while QE is useful to the rich, it also permits things like giant infrastructure bills that help everyone. We've seen in Greece what can happen when money supply is constrained (in that case, by EU policy preventing one country from just printing euros), and it's definitely not the rich who lost. QE is being used to serve the rich not because it's inherently in their benefit, but because almost everything in our society is being used to help the rich.
>Is it wrong to use my gpu playing video games all day, or is the moral panic only applying to certain uses of computers?
Is it wrong for you to leave a warehouse full of computers idling to play a computer game? Yes. This is one of the more outrageous false equivalences I've seen.
It stops being a moral panic when crypto consumes more electricity than the entire nation of Argentina.
“crypto consumes more electricity than country X” is such a tired and low-effort talking point. There are things more useless than crypto that consume more energy than certain countries.
>>Not to mention, crypto currencies are worse than traditional currencies in every way
You've never been denied financial services due to discriminatory policies, or you would not claim that.
Everything needs to migrate to the public blockchain: banking, online markets, social media platforms, etc. Giving a handful of corporations and governments control over almost every aspect of every one's lives is dangerous and corrupting.
Yes, much better to give such control to an algorithm and protocol written and controlled by a handful of engineers and mining pool owners.
And make no mistake: in a state that allows or encourages financial institutions to discriminate, you will eventually be discriminated against with Bitcoin as well. The state may not have caught up to the technology yet, but social problems can't be fixed with technology.
Do you think that 'social problems can't be caused by technology'? Because if social problems can be caused by technology then surely they can solve them too.
Yes, I also think social problems can't be caused by technology. Technology is neutral - if we're using it to do harm, it's harmful. If we're using it to help, it helps.
Note that this is not 'guns don't kill people, people kill people'. Guns do kill people, so they must be regulated. The gun violence problem in the USA is not the fault of guns, it's the fault of the way US society chooses to regulate access to guns.
The protocol is publicly defined, and immutable. There is no need to trust any engineers, or give them any control, just as you don't need to trust the developers of open source software in order to trust the software.
And it is much harder for a state to ban a blockchain, than impose laws on centralized financial intermediaries that lead to rampant banking discrimination. The former will cost far more, in economic resources and political capital, to enforce.
The protocol is not immutable, and there have been several changes to it in the early days, and several proposed changes that keep being discussed (such as the famous block size limit change). If the people developing the software and the major mining groups agree on a change, who will stop them?
It is extremely hard to organize a protocol change that succeeds in tampering with existing smart contacts, let alone eliminates the permissionless/neutrality guarantees of a public blockchain with significant adoption.
For a public blockchain with as large a userbase as Ethereum, a protocol change that nullifies its neutrality and permissionless-ness would be nearly impossible for any group to push through.
It's absolutely incomparable to traditional banks, with respect to the degree of resistance to interference from governments.
This isn't actually true at all. Climate problems are caused by competition between governments and their pursue for growth, which forces everyone to consume and produce more than is necessary. Under the current economic system, natural catastrophe is inevitable. Bitcoin actually fixes this, because it makes it impossible for governments to enforce growth through money supply manipulation, which they have to do to compete with each other.
The current economic system is compatible with a carbon neutral world. We managed to ban all kinds of destructive things that provide (short-term) economic benefits without changing our economic system.
The problem is that PoS commitment isn’t binding. You can always stake your money, then if you don’t like the outcome, you can just pretend the first stake never happened and do it again. Cf “grinding” attack. PoW is unique in that any claimed commitment corresponds to a real, physical, irrevertable commitment.
> or storage space as that rare resource.
Every storage coin so far has been some sort of DINO scam. The most interesting one is Chia but it’s absurdly complicated, and I think that complication might mask some centralization/vulnerability. For example, the reliance on “time lord” nodes strikes me as very questionable.
DINO stands for “decentralized in name only”, which refers to the shockingly common case of a crypto-thing advertising itself as decentralized when in fact it is controlled by a single entity or cartel.
I see these things and while interesting they are just a lab curiosity.
From the paper:
By tuning the phase delays of each waveguide at each layer of the directional coupler mesh and the coupling region’s effective optical length using heaters it should be possible to achieve an arbitrary unitary transfer matrix
As these phase sections are thermally tuned, they are slow and will have thermal crosstalk to their neighbors. While this is manageable it’s not exactly fast to create a new matrix transfer. Additionally, these devices drift over time and operating temperature. Changes over time are due to changes in local stress that cause refractive index to change. So this device as published has no ability to put the MZM bias into a known state and keep it there. Drift is a part of working with photonic devices and even when temperature controlled (very inefficient) they still need compensation. This compensation is the difference between a lab device and something that could be commercialized.
Furthermore such devices have what we call parasitic reflections. When the phase is adjusted, the parasitic reflected phase is also adjusted creating an error in the output. For an analog computer that can only look at amplitude any numerical resolution would have to be coarser than the size of these parasitic reflections.
This is just the tip of the iceberg. Yet none of these papers ever address these problems.
Optical devices are physically large with waveguides about 1um and and most devices are a few hundred microns in size. The Mach Zehnders that they discuss are 100’s of microns in physical size. So it’s typical that silicon photonics are fabricated in older nodes in part because the resolution of advanced nodes is not needed and it’s a lot cheaper to use the older nodes. Additionally the sweet spot for silicon photonics is a wavelength ~ 1.3um (1.5um) so the node resolution is sufficient for the wavelength used.
1. Is there reason to believe that the manufacturing of oPoW miners will be more decentralized than ASIC manufacturing currently?
There are no guarantees in decentralized networks, but we think all evidence points to oPoW creating a more decentralized network.
a. Cost of entering oPoW hardware manufacturing will be much lower due to Silicon Photonics using old CMOS nodes (~90 or 220 nm vs. ~7 nm for transistors).
b. Removing electricity prices from the mining equation means that miners do not have to concentrate in regions with cheap power or depend on the sanction of governments that control most energy sources.
2. What other costs would replace energy?
Hardware depreciation
3. Why create Heavy Hash, why not just compute SHA256 optically? This accomplishes the same goal without any changes to the Bitcoin codebase.
Many have tried… there is a large economic incentive. Analog optical computing is limited in the types of computations it can do efficiently. It’s much more feasible to design the PoW around those limitations.
9. When will optical mining hardware be available?
General-purpose photonic coprocessors are being commercialized by multiple companies that have shown interest in supporting mining hardware. Stay tuned for announcements.
10. Is the oPoW algorithm limited to optical devices? If not, will there be miners on the system using digital hardware?
oPoW is reverse compatible with CPUs, GPUs, and ASICs.
11. Is oPoW less secure than SHA256?
oPoW is based on Heavy Hash, a construction that includes SHA3 and inherits all of its security properties. (see Towards Optical Proof of Work above for a cryptographic analysis).
> Cost of entering oPoW hardware manufacturing will be much lower
That just means more mining hardware will be manufactured and used. They might use less energy to run each one, but that likely to be balanced out by the energy costs of manufacture and the e-waste. More mining hardware will mean the difficulty will be increased by the system.
If a Bitcoin is worth $40,000, a miner somewhere will be prepared to spend approaching $40,000 to mine it. That money will be spent on a combination of buying the hardware and energy for running the hardware.
Any reduction in energy use or hardware costs will just mean the $40,000 will stretch further, meaning more e-waste and/or more energy use, and an adjustment in difficulty by the network.
> Cost of entering oPoW hardware manufacturing will be much lower due to Silicon Photonics using old CMOS nodes (~90 or 220 nm vs. ~7 nm for transistors).
If silicon photonics using old process nodes is so competitive, cheap to manufacture and power-efficient, why aren't they planning to use it for general purpose workloads? Matrix-vector multiplication is a key operation for most GPU compute, including for machine learning. They say "...On the other hand, to be competitive in the field of machine learning, one needs to compute billions of multiply-accumulate operations per second" but that kind of scale out applies just as much to crypto mining, and is the part that's supposedly addressed by reusing old process nodes.
HNews people - multiple, lengthy comments here claim that "due to competitive pressures" the "total energy used to mine will be the same" no matter how hashes are calculated.
The challenge problem in BTC is to find a number below a threshhold that fits a pattern. The threshhold changes in a two week regime. Finding the number is not prescribed, only the threshhold. Where is the required energy use here?
If an invention enables hashes to be computed 10x more effectively, miners aren’t going to reduce their energy use by 90% — they’ll switch to the new equipment, increase their hash rate 10x, and keep using the available energy.
The energy usage comes from the economics, and can’t be escaped. The growth of the global hashrate is driven by the profit margin between the mining cost and reward and growing overall mining costs drive btc prices higher.
It's hard to figure out what you really want to know, after many commenters have tried to explain why replacement mining technology doesn't reduce overall energy consumption, which was your broader line of questoning.
So I will focus on this one part:
> Where is the required energy use here?
Fundamentally, the hash calculation is designed so that energy consumption is proportional to required hashrate - regardless of hashing technology.
The required hashrate is reactive. It's governed by the difficulty adjustment algorithm which reacts to economic competition on the blockchain as well as economic competition among miners, so as to create two decoupled markets with money nonetheless flowing between them, which incentivises miners to spend most of the fees offered by blockchain users on energy, regardless of how efficient the mining technology is per hash.
So the required hashrate always adjusts until most of the mining fees offered by blockchain users gets spent on energy.
If your question is, essentially, "why any energy at all", the answer is that calculating things using zero energy isn't possible. If your question is "why can't we come up with a way to calculate these numbers that's so efficient the system won't increase the difficulty to fully compensate", that might be possible, but it would require the brute-force algorithm assumption to be broken. That is a type of breaking cryptography. The cryptography is designed so that it uses energy proportional to the hashrate on any type of computer. There is no known way around that. People try, of course; the incentives are very high for them to succeed.
Merely building a faster computer won't do it. A photonic computer, for example, doesn't challenge this assumption at all. A computer a trillion times more energy efficient would not challenge this assumption either. My limited understanding tells me even a quantum computer doesn't challenge this assumption, because SHA256 hashing is not amenable to Shor's algorithm, and Grover's algorithm only divides the bit-difficulty in half, which the difficulty threshold adjustment would automatically compensate for.
However, switching away from proof-of-work does change this assumption, and that's how to reduce the energy consumption.
> this is a sort of economic framing, but also, not the question
You cannot ignore the economic framing - it is a key technical part of the proof-of-work design.
It is such an important and powerful effect, it has a technical name, cryptoeconomic incentive, and it's treated as a critical technical factor in all major blockchain designs.
Although you can see it as a statistical or human effect, it is a strong and predictable effect. It is almost analogous to statistical mechanics, where we can calculate the properties of physical substances from underlying "random" individual behaviours, because the statistical ensemble behaves in a predictable way.
The difficulty D defines the expected number of double SHA256 hashes E[H] = 2^32 * D that must be computed on average per block to meet the difficulty target, which according to the average efficiency of mining ASICs implies an average amount of energy to be used.
first of all, difficulty D is a float, and there are no floats in the actual computation. Second, a float is not a number of hashes. bzzzzt
edit- In plain English, this explanation is incorrect because it relies on floating point number D. Difficulty D is a convenience representation as float of the ratio of two very large integers; one of those large integers is the fixed MAX Target. The other vary large integer is varied by a prescribed formula, once every two weeks.
Nothing to do with hardware. Quoting again from that bitcoin wiki page:
The highest possible target (difficulty 1) is defined as 0x1d00ffff, which gives us a hex target of
0x00ffff * 2**(8*(0x1d - 3)) = 0x00000000FFFF0000000000000000000000000000000000000000000000000000
As you can see a random hash has a chance of close to 2^-32 to satisfy that target.
It's not about the energy usage, it's about the cost: If you make energy two times as expensive, you would half the mining being done and half the energy usage. If you introduced a 50% global mining tax, you would also half the mining and the energy usage. If you invent technology that can do twice the mining for the same amount of energy, you would get twice the mining and the same energy usage.
- The total mining income is determined by how much blockchain users are willing to pay for blockchain services. It's determined by market demand for transactions on the blockchain, in a grand auction competing with other users.
- There are two markets - competition between blockchain users offering fees in their grand auction, and competition between miners. These are strongly decoupled from each other by the difficulty threshold update algorithm. So the total mining income, offered by users and paid to miners, is independent of hashrate, number of miners, or mining technology. Miners don't change the total mining income, they can just compete to get a share of it.
- Finding the hash number requires a brute force algorithm. There are shortcuts to do it significantly faster, but it is assumed there is no mathematical shortcut which avoids the brute force property. (Brute force means a particular mathematical property of the search algorithm, it does not say how fast or what kind of technology.)
- No matter what technology is used to find the number, it requires some energy, and in proof-of-work, due to the brute force property, the rate of energy consumed is proportional to the hashrate.
- The required total hashrate automatically adjusts, via the difficulty threshold, so that a miner with X% of the total hashrate gets X% of the total network mining fees, no matter what technology they use.
- A miner with X% of the total hashrate can spend anywhere from 0% to X% of the total network mining fees and remain profitable, depending on how energy efficient their rigs are. No more than X%; that would make a loss, so they would stop.
- A miner with access to more energy efficient mining technology (lower rate of energy consumed per hash) will seek to maximise their profit by obtaining more mining rigs, if they can get them. When that technology is widely available, everyone will want it. The effect is to push up the total hashrate for everyone.
- When the total network hashrate goes up, miners without the new technology cease to be profitable (they are spending the same but their X% has reduced due to the total hashrate increase, so they receive insufficient payment), and those have to stop mining unless they can get the new technology. Only miners with the new technology can afford to participate.
- Therefore the network rapidly converges on the new technology.
- The total spent on mining costs must be between 0 and the total mining income.
- When the total spend on mining costs is much below the total mining income, and the new technology is widely available, someone sees a market opportunity and buys a mining rig. It works this way because the network has converged on the new technology, so it's a roughly level playing field to join.
- This raises the hashrate, and pushes up the total mining costs, without changing the total mining income. This keeps happening and converges towards an equilibrium where the total costs are close to the total mining income. As long as there's someone seeing an opportunity to get a little for themselves.
- Because much of mining costs is energy cost, the miner equilibrium is eventually reached when the total spend on energy is close to the total mining income.
- Therefore, total energy consumption is roughly determined by the amount of energy that can be purchased for the total mining income.
- As mentioned at the start, total mining income (before costs) is decoupled from all this mining business. So rolling out new mining technology doesn't change how much total income is available to spent on the whole blockchain mining network, and competitive self-interest among miners means most of that spend goes to energy.
This has two false assumptions, one being that the process number (a marketing number chiefly), has any physical meaing. And another that you can compare it to the wave length of light. And also green light is 500-560nm.
Why would shorter wavelength light make computation faster? Silicon is a great absorber below about 1000nm so infrared wavelengths are used. 200nm is ultraviolet.
One of the limited upsides I see with the cryptocurrency bubble is that it's funded some progress in ASICs, and if it funded progress in photonics that would actually be quite awesome.
Another upside is that it's funded a ton of very interesting cryptography research like SNARKs/STARKs and homomorphic encryption.
This is a great approach. You can see how they're going to change crypto mining through their interview Q&As. I'm just hoping that they will properly execute the plan.
- It's faster and lower power for the hash rate. It's worth it. But not as fast and low power as hoped.
- It's a great advantage for the early adopter who can mine that bit faster than everyone else for a short time. That was the motivation for the project.
- Contrary to the title of the article, making hashing faster for less energy doesn't "help with the high energy consumption of the crypto currency mining activities" once the technology becomes available to enough miners.
It's the same as the introduction of ASICs before it: only a temporary advantage to those few who have it first. Of course that's only a few miners, so it doesn't affect energy consumption of the whole blockchain much. As soon as a new technology becomes widespread enough to have a significant effect on the whole blockchain, blockchain proof-of-work returns to exactly the same amount of energy consumption as whatever technology came before it.
It's because of how the mining-price system works, proof-of-work energy consumption is independent of the technology widely used. In other words, you can't solve the proof-of-work energy consumption problem with a new proof-of-work hashing technology.
So whenever you see a headline or article promoting a new proof-of-work solution on the grounds that it will reduce energy consumption of the blockchain - that's false. Snake oil, even.
(On the other hand, other mining methods such as proof-of-stake do reduce blockchain energy consumption for real, in exchange for different problems, perhaps.)
But I think the Eindhoven people have understood this, and it's the journalism that misleads in this respect. From the article:
> From our perspective, the ideal proof of work algorithm would be an algorithm that spends no energy, but time (i.e. pure delay). This kind of proof of work is hardly possible in the real world. So instead, we would love to see some sort of a “computational delay” when only a small fraction of energy is spent on proof-of-work computation, while this computation itself introduces a time-delay. We believe that photonics can help us to achieve such a “computational delay”.
I'm surprised Verifiable Delay Functions (VDFs) are not mentioned. There is has been an emerging field of cryptography focused on delays enforced mathematically, called Verifiable Delay Functions, since about 2018. Rather like the technology race of proof-of-work, VDFs rely on the assumption that underlying technology (logic gates, arithmetic units (like in analogue photonics), etc) is somewhat evenly distributed; that nobody has access to a technology that can perform the calculations with much lower delay than everyone else.
VDFs still won't reduce energy consumption if they are used as another form of proof-of-work. For example if running many delay functions calculated in parallel gives a mining advantage, many will be built and together they will use the same amount of energy as proof-of-work. To provide a real energy consumption benefit, the blockchain consensus method needs to change as well. Think "proof-of-verifiable-delay". As far as I know, no such method has been worked out yet.