Cryptonight-GPU — FPGA-proof PoW algorithm based on floating point instructions

Graveyard of “ASIC/FPGA-proof” and a need for paradigm shift

Ryo Cryptocurrency
4 min readFeb 16, 2019

To anyone observing development of cryptonight mining algorithms, one thing will become immediately apparent — the claims ASIC resistance simply don’t stack up with historical reality. Current approach, something I call “Look, ma! No hands!”, where the algorithm designers ask “Maybe ASICs can’t do X?”, and then find out how wrong they were, simply does not work.

Can FPGAs do floating point instructions?

Of course they can. In fact in HPC this is a bit of a marketing number — similar to MPG for cars, therefore you will be easily able to find theoretical TFLOPS in their brochure.

So let’s do just that — “Intel boasts of an FPGA chip capable of 10 TFLOPS” … [ 1 ] Hold on… Vega 64 does 12.5 TLOPS… [ 2 ]

To get CN-GPU hashrate, take the TFLOPS and multiply them by 125. Simple is beautiful, no?


Systemic mistakes in algorithm design, namely trying to pull off a memory hard algorithm where an FPGA can be configured to access memory 100x faster than a CPU, led Monero algorithm designers to believe that FPGAs are some kind of metaphysical entities unbound by the laws of physics.

In reality, floating point performance boils down to the physical number of floating point cores on the chip. GPUs, by their very nature of being used to calculate… ummm…. graphics (remember those good old days when we bought GPUs to actually play Crisis?) are packed full of them. This is the primary reason why a $500 graphics card beats $10000 FGPA in TFLOPS.

Can you take a GPU core and strip out everything except FP cores? Sure. But then you have to ask yourself, how much can you strip out? 20% 50% 75%? Assuming the latter, who is going to buy an $6000 ASIC that only does 4x the hashrate of a $500 Vega 64?

Monero FUD Hall of Fame

In a pattern obvious to anyone who is involved in Ryo, when Monero community feels threatened by something we do, they tend to lash out. So I thought we will engage that “feedback” and pretend it is actual constructive feedback, after-all, why not =)?

I can’t read the source code! Do a write-up!

CN-GPU has no description and design rationale published — only source code, so I can’t compare now. What I understood so far is that CN-GPU is not Cryptonight at all — too many parts of the algorithm have changed. It’s also very power hungry on GPU and not suitable for CPUs which goes against what’s stated in the original Monero whitepaper. [SChernykh] [ 3 ]

I’m always happy to help people that might have trouble reviewing the source code, so here we are =). Overall, it turned out that the power usage is on par with MoneroV8.

Our culture is superior to yours!

People interested in “project culture” and “development style” may compare this linked discussion on the Monero GitHub with the genesis of the CN-GPU PoW that for outsiders just pops into existence as finished code. [rbrunner7] [ 4 ]

We are a small team of professionals and we like to move fast. We prefer to deliberate real issues, not magic bit patterns like MoneroV7.

Let’s do a technical word salad and hope the reader is impressed!

FPGA is fundamentally different to ASIC. FLOPs are not a protection against ASICs and the current pattern indicates a rise of ASICs.

Since I’m not aware of a critical review of “CN”-GPU, I’ll assume that a “feature” is hidden somewhere in the maths that allows an ASIC to skip certain values or just being able to afford to produce invalid hashes because the overall (good) hashrate increases by multiples. [Leza89] [ 5 ]

First paragraph shows he hasn’t quite caught onto the paradigm shift here and assumes the protection is that ASICs “need hands” to do floating point, in the same way RandomX assumes they “need hands” to do instruction decoding.

Second paragraph is a good example of something so common we actually put it on Monero Bullshit Bingo square B3 I had “Monero community members” (square B1) trying to bamboozle others with completely fake research [ 6 ]. Another example is here [ 7 ].Take it as you will — in my opinion it shows extreme disrespect towards their own community.

Ryo is too small gambit

[ … ]But it is ryo, of course you phish for monero supporters to get your devtaxed fork going.

And don’t forget ryo is safe from ASICS because no one actually cares to develop ASICS for their pow variant. Easy to throw mud at monero then. [Flenst] [ 8 ]

Second paragraph is an interesting gambit from Flenst’s point of view. Sure, you might be excusing why Monero’s algos fail so much, but he is also suggesting that Ryo is under-priced for the work we are doing. Did he think this one through?

First paragraph perhaps shows what he is really anxious about. After-all poor Monero users must be protected from getting “wrong impressions”. I’m pretty sure that in his tin-foil-hat conspiracy world he imagines us as press gangs impressing poor Monero users into Ryo service =)

“I’m not lashing out — you are lashing out! And you hate me!” strategy

As you can probably tell from the tone of this article, the whole Ryo team had pretty good fun collecting and discussing quotes in this article. Why wouldn’t we? The guys quoted made absolute fools of themselves. If you want to play Monero Bulshit Bingo with us — be sure to drop by out Telegram channel

At the request of a Monero moderator I’m adding a link to a community discussion on the topic here.



Ryo Cryptocurrency

Telegram : @fireice_uk Reddit: fireice_uk Twitter: fireice_uk