Proposed use and analysis of RandomX on the DERO network.
Since the launch of our Atlantis release to mainnet, the project team has always remained skeptical about the possibility of developing an ASIC-resistant proof-of-work algorithm, that is until details were released about RandomX, which is optimized for general-purpose CPUs and uses random code execution to minimize the efficiency advantage of specialized hardware. The novel algorithm has many features that would benefit the DERO network, so it came as no surprise that the development team was eager to work on implementing a Golang version based on the original specifications.
Test Cases
All of the test cases from the original implementation were used in testing the performance and security of the algorithm. RandomX performed as expected in almost all test cases. As shown in /randomx_test.go, only one test case did not provide the expected results, which is identified as “Test B” on line 44 and referenced in /vm_instruction.go starting on line 851. The CFROUND instruction included in the test defines how rounding is handled in different RandomX modes. During our tests, CFROUND triggered a different round instruction than would be expected on a Golang VM, resulting in unexpected behavior that would have compromised the security of the blockchain.
Proposed Use
An important piece in the security of RandomX depends on the CFROUND instruction. It is also hardware dependent, which means that a chip manufacturer (Intel, AMD, ARM, etc.) can alter or remove their implementation, resulting in unexpected behavior that could lead to forcing invalid proofs on the chain. While we realize that there are trade-offs with respect to minimizing the performance advantage of ASICs, the security risks of placing control in the hands of others do not align with our mandate to provide secure services on our platform. It is at this time that we propose to proceed without implementing RandomX until a viable solution can be found. RandomX is a great attempt at leveling the playing field and may be a great solution for many projects, but use on the DERO network will require additional security safeguards that are not presently available.
Source Code
Below is a link to the DERO Golang code as a proof of concept:
The DERO Foundation has open-sourced the code under the BSD 3-Clause license. It is our hope that the broader community will contribute toward a usable Golang implementation of RandomX.
