ECIP-1049: Why Ethereum Classic should Adopt Keccak256 for its Proof of Work Algorithm.
On 2019–01–05, Ethereum Classic (ETC) was 51% attacked. What this means is that attackers sent over 40,000 ETC to an exchange, traded it for Bitcoin, withdrew that Bitcoin, and then released a chain with more accumulated hashpower that gave them back the 40k ETC. This double-spend will forever live on in the Ethereum Classic blockchain as a battlescar and will not be forked out or reversed.
Ethereum Classic Improvement Proposal 1049 is a response to this security breach. It argues for changing ETC’s proof of work algorithm from Ethash, to Keccak256. There are two main arguments made in the proposal, and that this article will be discussing in more detail:
- ETC should follow the lead of Bitcoin and adopt a CPU-hard algorithm, which it will be the biggest coin on that algorithm.
- Keccak256 is the same algorithm that smart contracts on Ethereum Classic currently have access to, and it would allow smart contracts to verify the Proof of Work of the blockchain they are running on.
ASIC-Resistant algorithms, have without exception, been complete failures. Litecoin’s scrypt was supposed to be ASIC-resistant, it failed. Ethereum’s Ethash was supposed to be ASIC-resistant, it failed. The same with Zcash’s Equihash. What this should tell us is that ASIC-resistance is prone to failure, and that if you incentivize miners by giving out block rewards, the market will be incentivized to produce ASICs.
The reason that all of these Blockchain projects listed above have been successful is because they are all the top coins of their respective algorithms. So if I am a miner that has to go out and buy an scrypt miner, I’m very invested in the success of the blockchain using it (Litecoin). The same is true with SHA256 and Bitcoin. If ETC were to adopt Keccak256 and become the largest coin using it, it would also have this property.
Keccak256 is a very secure and powerful algorithm, and similar to Bitcoin’s SHA256. The strength of Ethereum Classic is that the payment system, and the smart contract execution exist in the same layer. No side-chains, no trusted third-parties, no merge-mining. This allows developers to have access to a proof of work based, programmable, sound money. This is a tremendous market opportunity, and the ETC community would do well to heed the success of Bitcoin, the oldest cryptocurrency with no double-spends, and adopt a similar management formula.
The Ethereum (ETH) community has hastily decided to adopt ProgPoW, a proof of work algorithm made by a mining company that claims it to be “ASIC-resistant”. ProgPoW is a complicated algorithm that I doubt more than 25 people around the world actually understand. I have been mining for years and do not understand it myself. Because of its tremendous complexity, if ProgPoW is able to be ASIC’d, that means those that understand this algorithm the best would have a tremendous advantage in building the first ASICs. This first ProgPoW ASIC company could potentially have a headstart of years that would allow them to never release their ASIC and shadow mine the network, giving them absolute control. This scenario is outline very well by David Vorick who opposes ProgPoW.
Keccak256 on the other hand is fast, simple, and thoroughly tested. It is very similar, but not the same as SHA3, and has been through a rigorous five year competition put on by NIST to certify its safety in use-cases ranging from high-cost scientific projects to military-grade encryption. This is an algorithm you use if your life depends on it. Keccak256 is an open standard, and all users and miners would be able to easily verify its implementation. You can perform Keccak256 on a piece of paper if necessary. Its simplicity and provability are its greatest assets, and it would be a wonderful addition to the Ethereum Classic ecosystem.
Will there be ASICs developed against Keccak256? If Ethereum Classic is valuable, the answer is guaranteed to be yes. I would rather be 100% sure that there will be ASICs with Keccak256, than 90% sure there won’t be Asics with ProgPoW- the risks of failure are that high. Right now the only known Keccak256 coin is 0xBitcoin, a mineable token on the Ethereum blockchain that has been around for around 10 months. In that time the small community has achieved multiple GPU miners, and are experimenting with FPGAs. I speculate that the time it will take for a Keccak256 ASIC to be fabricated to be 12–24 months.
The second reason I am in favor of Keccak256 is that it allows smart contract developers and EVM users to be able to verify proof-of-work on-chain in a trustless way. While gas limitations are obviously an issue, Solidity already gives developers access to keccak256(), so a developer can load in the block information into their smart contract and actually confirm that the proof of work was properly done by the miners. This will be expensive, but can be tremendously useful for a life-or-death system that may want to verify its own execution environment.
While I am not arguing for it in this proposal, this at least opens the possibility of Ethereum Classic being able to perform important day-to-day on-chain governance tasks, like difficulty-adjustment, via a Dapp. This also opens the door to better Layer 2 scaling, as Dapp developers building bridges know they have access to the same functions as the core proof of work protocol itself. Research in this area is ongoing and will be added to the ECIP as it progresses.