Reading | The Evolution of Mining: CPU, GPU, ASIC… Phala
After reading this article, you’ll have an understanding of how traditional Proof of Work systems work, why they are doomed to keep moving towards ASICs, and how Phala network will bring the original dream of CPU mining back to life.
The Dawn of Cryptocurrency: CPU mining
The first cryptocurrency mining was done on the common chip at the center of every computer — the CPU — so the original Bitcoin mining machines were PCs. The first Bitcoins were created on Jan 3rd, 2009, mined by Satoshi Nakamoto on his personal computer.
Many crypto assets, like BTC, LTC, and DOGE, use a PoW（Proof of Work）algorithm in their consensus. This work is sometimes referred to as a “puzzle,” but it really refers to a brute-force effort. It’s just a matter of trying a computation over and over until a qualifying answer is found — so the faster we can find potential answers, the sooner a qualifying answer can be found.
To be clear: the PoW algorithm asks miners to repeatedly increase a “nonce” number (just any number they can only use once) and perform the same hashing algorithm on it, trying over and over until stumbling across a nonce that leads to a hash which qualifies as a solution.
“Mining” serves multiple goals:
- It creates a unique hash for each block of transactions. The Consensus rules of the bitcoin system require specific qualities in the hash, making it “difficult” to find, as well as making the block contents verifiable, unfalsifiable, and trackable.
- The Consensus rules require that each block include the previous block’s hash, forming a chain. But if two miners each produce a different block as the “next” block, they will disagree and the system needs a way to choose which of these new blocks will continue the true chain, so
- The rules also dictate that the chain with the most cumulative work in the hashes is the true chain, settling any disagreement. This also means that any attempt to re-write the last few blocks of the chain would require an enormous amount of work to produce valid hashes: more than all the work already spent for all those blocks combined. The combination of these Consensus rules forms the fundamental basis of the bitcoin’s decentralized security model: the cumulative work performed to create the hashes of a chain of blocks is presumed to be more work than anyone else could perform, which secures the chain against changes without resorting to any “authority” to dictate things.
- Lastly, the Consensus rules allow the miner who finds a qualifying hash to earn some new bitcoin for itself. This reward simultaneously provides incentives for miners to mine, and provides for the issuance of new bitcoin over time.
This fourth point explains why miners mine — for the earnings! But their work is needed to address the first three points above.
To put it all together, a PoW Consensus system inextricably links the work to the security of the network: the work which secures the blockchain is the work which earns the cryptocurrency.
But this work is simply computations made to pick up the fitting hash, which one could argue is wasteful, given the amount of compute resources dedicated to it.
The “Work” of Crypto Mining… and the Rise of the GPU
It turns out that certain kinds of computations are more efficient on GPUs (Graphics Processing Units) than on CPUs, and this applies to the specific kinds of computation used for bitcoin mining (SHA256 hashing). A single GPU could outpace dozens of CPUs. Miners talked about this in the first year of bitcoin mining, and when the first GPU mining software was published on Sep 18th, 2010, many early bitcoiners became GPU miners. Soon, mining rigs consisting of several high-end graphic cards became common. GPUs quickly out-competed CPUs by such wide margins that CPU miners would lose more money on electricity than they could earn in BTC.
What is it that Makes GPUs Better for Mining?
Remember that in PoW miners need to repeat the same hashing computation on numbers they can only use once (nonces) over and over until the stumble upon a nonce that produces a hash that satisfies the difficulty condition?
Knowing this about PoW algorithms, we can now compare CPUs to GPUs and see why one works better.
A CPU chip has a branch prediction unit, storage units, and a few branch modules. A CPU can run a very wide variety of tasks based on varying logic, often running a few tasks in parallel. Of course, in PoW mining, there’s never a change in logic. We need to run the exact same task as quickly as possible, and its ideal is to run the same task many, many, many times in parallel — effectively testing many nonces at the same time.
A GPU chip is much better designed for this. Instead of linear thread management and careful control of scheduling branches, the GPU is tailor-made to run hundreds and even thousands of simultaneous calculations of the same type at the same time. This is also what makes a GPU excellent for geometry while a CPU excels in logic. For example, a GPU may receive a command like “draw a rectangle of this size at these coordinates,” and the GPU will simultaneously compute hundreds of pixels (using the same formula many times at once) to create the rectangle almost instantly. This kind of ability is a great match for a PoW’s processing needs!
This made the graphics card far more efficient for PoW mining and it quickly replaced the CPU as BTC miners learned this. An interesting side note: when Etherum’s miners adopted GPUs for the Ethereum style of PoW mining, there was a long period when regular PC gamers could hardly find NVIDIA RTX30 graphics cards because miners snapped them up!
ASICs: the Era of Centralization
Application-Specific Integrated Circuits (ASICs）are designed to complete very specific computing tasks. Manufacturers design different chips for each PoW algorithm — one chip for BTC’s SHA256 algorithm, a different chip for LTC’s Scrypt algorithm, etc. A machine built with these PoW-specific chips is called an ASIC miner. Because an ASIC chip is designed with a single algorithm in mind, the efficiency can be even better than a GPU, which is designed for many sorts of graphics array work, but it also cannot do anything else!
For example, a mainstream ASIC miner called the Ant S9 is equipped with 189 ASIC chips with a combined computing speed of up to 13.5 TH/s, which is over 10 thousand times the performance of a contemporary flagship graphics card like the GTX 1080Ti. At the same time, the Ant S9 consumes only 1,350 watts of power, which is closer to 10 times the power draw of the graphics card. Since the operating expense for miners is the cost of power, consuming 10X the power to produce 10,000X the work is a huge gain.
In the race to perform more hashes to find a solution more quickly, ASICs will eventually win.
But this leads to another problem: access to ASIC miners is a major up-front hurdle. They are high in cost and low in supply. Not everyone can afford the expense, and even if they can, the hardware is sometimes only available to those with connections (or subject to government controls). In 2017, estimates were that 70% of Bitcoin hashing power came from ASIC miners made by Bitmain, the biggest supplier worldwide. Moreover, Bitmain were, themselves, involved in mining: around 51% of total blocks were mined through BTC.com and Antpool, both of which belong to Bitmain. These facts worried many in the Bitcoin industry because when a single entity controls 51% of the hashpower, it becomes possible to perform a 51% attack to take over the network. Others simply worried that with a huge fraction of the world’s Bitcoin mining machines housed in one place (China), there could be a risk to the Bitcoin mining world if authorities intervened (which, as we know today, actually happened recently. This piece is written in June of 2021.)
Another big problem with ASICs is that they are single-purpose. You cannot even repurpose a BTC ASIC into an LTC-mining one because the hashing algorithms are different. So if a BTC ASIC becomes unprofitable due to improvements in newer models, it becomes useless — all the while being orders of magnitude more powerful than general CPUs or GPUs, but only for this one single purpose, which is hashing the SHA256 algorithm. The problem is that in order to be competitive, these ASICS consume the best silicone chips and require significant engineering effort, which tends to become obsolete once a newer generation of ASICs is out. One could consider this wasteful.
These concerns led to the development of algorithms that make it harder to make an ASIC. Some are more complex, others change frequently, still others are built to require more memory than can be easily built into an ASIC chip: Scrypt, Ethash, Equihash, X17, X13, X16r, and other algorithms showed up over time, used by cryptos like LTC, ETH, ZEC, DASH, BTG, RVN.
As the technology to build more complexity and memory into an ASIC chip progresses, however, many of these “GPU-only” algorithms eventually got replaced by ASICs.
Satoshi Nakamoto saw this coming. Bitcoin’s original design called for miners to “vote with their CPU power” as a way to enforce the rules of consensus. It’s clear that he foresaw the advent of ASICs when he wrote that “as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware”. The seems to refer to ASICs; if Bitcoin became valuable enough to mine, manufacturers would inevitably have an incentive to produce custom machines to mine it.
Why is CPU Mining so Hard to Maintain？
It boils down to technology and economics. Whether focused on GPU or CPU, any “ASIC-resistant” algorithm will delay rather than prevent the appearance of ASIC mining machines. Any high-quality crypto-asset ecosystem with the value being mined on a PoW algorithm will attract professional miners; this is an economic market inevitability. And the market will always develop more efficient tools using the latest technology available. This is an inevitable path to ASICs.
An ASIC-resistant PoW algorithm may also be more vulnerable to attack. The most heavily-mined coin that can be mined by a particular kind of ASIC — for example, Bitcoin is the most heavily-mined coin using SHA256 ASIC miners — has a level of safety against a 51% attack. This is because it’s simply not possible to suddenly find enough additional ASIC mining hardware in the world to produce more hash power than is already being used by honest miners to mine Bitcoin. This safety does not extend to other coins mined with SHA256, because one would only need a small fraction of the world’s SHA256 ASIC miners to perform an attack.
Similarly, Ethereum is the most heavily-mined coin using the Ethash algorithm, which runs on GPUs… but as big as it is, Ethereum is still mined on a minority of the world’s total GPUs. Because it is theoretically possible to acquire enough GPUs to over-power the honest miners, Ethereum is theoretically less safe against this kind of attack than Bitcoin. In this sense, the ASIC can be argued to make Bitcoin safer — but as we discussed above, the centralization created by ASICs or their single-purpose nature can lead to different vulnerabilities.
What are the Externalities of PoW？
Finally, search for optimizations in PoW computations also leads to optimizations in energy consumption. PoW miners search for the cheapest energy possible, as by reducing the electricity cost they become more efficient in computation resources. Some of this cheap electricity comes from fossil fuel-based production, like coal. While the concerns about the energy mix used in PoW mining have been slightly overblown recently, it remains true that a significant portion of it (no less than 40%) is powered by carbon-footprint heavy electricity production. One would even argue that the recent crackdown on Chinese miners who mainly used renewable hydropower forced 20–30% of them to move to areas like Kazakhstan where majority of electricity comes from coal-burning, which ended up more harmful to the environment than officially declared. But overall the trend is strong for miners to opt for renewable energy use over time, which is glowingly cheaper than alternatives, so we don’t think the problem is long-term.
But another way to look at the externalities produced by PoW is the fact that ASIC production requires significant manufacturing efforts and contributes to global chip and engineering talent shortage in hardware — requiring materials and labor to be drawn into a single-purpose product, which has no other use in the world. This is a much bigger problem long-term in our view. Currently, the Bitcoin network is sufficiently secure for the foreseeable future and yet the race to build even better ASICS and for miners to join the network never stops — so all of this computation resource is overproduced while taking away from areas where it could have been used more productively.
It seems that any PoW-based crypto asset, once it has value and is well-known, will be on an inevitable path from CPU mining to GPU mining to ASIC mining. This appears to be a forgone conclusion when using PoW in the Consensus algorithm to secure a chain. This has multiple externalities that can be summarized as significant inefficiencies and waste, as well as risking the network to become more centralized or vulnerable to governments trying to shut it down due to those externalities.
So, what happens to the early Bitcoin dream, where anyone can join the network with their computer, do work, and earn — “mine” — cryptocurrency？ Is this model lost to the world?
Phala Network Mining
Phala Network’s system also ties together a large group of computers who get paid to perform work — a mining network — but Phala has taken the novel approach of separating Consensus from Computation.
For Consensus, Phala relies on NPoS (Nominated Proof of Stake), leveraging Polkadot’s security system. This allows a tremendous level of security without relying on the work from the miners.
For Computation, Phala Network issues PHA tokens to miners as payment in return for doing work. The beauty here is that since the work being done is not providing security to the Consensus model, the work can be any sort of computation desired. Instead of racing to find a random answer (as in Proof of Work), miners on Phala’s network can perform whatever useful computations people want.
To protect the data and computations, Phala makes use of TEEs — Trusted Execution Environments, a technology built into most modern CPUs. Jobs can be sent to miners in encrypted form, which nobody can view. The jobs are taken by the miner and dropped into the CPU’s internal TEE, inside which it is decrypted, the computation is completed, and then the results are encrypted and sent back.
Notably, even the owner of the CPU cannot readily see what jobs or work are being done inside the TEE, and neither the jobs nor the results are visible to anyone on the network! This simultaneously protects the user and their data while ensuring that miners can’t try to refuse certain kinds of jobs, or refuse jobs from certain users. Miners have no idea what work their CPUs are doing, or for whom — all they know is that they will be paid for doing the work (or they will lose money if they don’t do the assigned jobs.)
Since the miners are blind to the work, and the network is blind to the data, all jobs are simultaneously secure from prying eyes and secure against censorship.
Lastly, the whole Phala network is secured and maintained by a set of Gatekeepers, which are similar to validators on Polkadot or Ethereum 2.0. They perform the NPoS Consensus, receive jobs from users, dispatch the jobs to the miners, and then pay the miners for their work. This creates a system where users sending jobs don’t know where the work is done, miners don’t know what work they’re doing or for whom, and the Gatekeepers acting as brokers in the middle are incapable of seeing any of it, apart from “miner X did job Y for user Z and got paid”, or affecting this workflow due to cryptoeconomic security guarantees.
This is how Phala Network tackles the issue of trust in the computation cloud. Because the system does not require us to trust any piece of the system, it becomes trustless: a system where trust is not necessary.
But most importantly any computation capacity Phala acquires is never redundant or wasted, as it linearly scales the network’s throughput in terms of tasks it can perform for multiple users with the growth of the mining community. CPUs used by the network can be found in most general-purpose computers and don’t require excessive energy consumption or industrial grade setups. There is no economic pressure on miners to reduce costs in order to compete for network’s tasks, so there is no explicit need to seek the cheapest electricity or create specialized hardware.
All of these factors combined should significantly reduce the carbon footprint of crypto and cloud industries when Phala grows and takes up significant portions of those.
But how does Phala bootstrap a network and grow fast enough to out-compete less ESG-friendly but larger networks? The answer is: by aligning network participants’ incentives with a token.
Where do the Payments to Miners Come From?
Phala was started with a fixed supply of 1,000,000,000 PHA. Of these, 70% (or 700,000,000) were reserved as Mining Rewards to be paid out to miners. While there will never be more PHA created as Mining Rewards, these 700 million PHA will be gradually paid out in declining amounts over a very long time. (See details and formulas in the Technical Notes at the bottom.)
In addition, users submitting jobs will pay market-based Fees in PHA. The Fees and the Rewards should, together, incentivize enough people to dedicate their CPUs to mining often enough so that there is always a sufficient cloud of CPUs to meet processing demands.
The Mining Reward amounts paid will be large at first, in order to attract a large number of miners to the network while it’s still new and the value per PHA is relatively low. As time passes, the Mining Reward will steadily decline, but increased utilization will mean more in Fees. Over time, the Fee market will comprise a larger and larger proportion of the payments to the miners, and the cloud of miners offering up their CPUs will grow in proportion to the demand created by users.
This will create a similar effect as Bitcoin’s gradually decreasing reward emissions over time: initially, bitcoin miners mostly received Rewards, but over time, more and more of their payment will come from fees. The difference is that Phala Network will push this process along more rapidly — taking years instead of decades to move from “mostly Reward” to “mostly Fees” — and Phala Miners will be doing only as much useful work as people are willing to pay for. The developer team behind Phala is going to build a cloud platform to abstract away the complexities of having to deal with a decentralized network and digital token payments — so that the user experience is similar to Amazon’s AWS or Microsoft’s Azure. Combined with cheaper prices (as miners are subsidized by the network) and enhanced security and privacy, this will help boost use of the network in the mid-term. Additionally, while Bitcoin still needs to solve the fee payment problem in the future as the network’s utility is still being worked out by the world, Phala won’t have to deal with this as the utility of cloud compute services is already well established and growing.
Crucial Differences Between PoW and Phala’s TEE Miners
When a CPU does work in its TEE, the result is a natural “proof of work” because the result of the calculation is proof that the CPU did the work. In this way, it’s similar to a PoW mining system, where miners report “shares” (unqualified solutions) to provide proof that they exist and proof that they are doing their fair share of work.
But Phala’s mining differs in a critical way: PoW miners are always racing to be the first to find the solution, either for themselves or for their pool of miners. Finding a solution first brings more rewards, so the number of miners will always grow in proportion to the value being mind — in proportion to the price of bitcoin.
But in Phala’s TEE Mining there is no race. Miners get paid a small amount for being online and available, and a larger amount if they are assigned work, but the work is randomly distributed. There’s no race. And since the system will quickly transition from Rewards to Fees, in just a few years the size of the cloud of miners will clearly be a function of actual demand for computing resources, instead of work wasted in a race.
Phala TEE mining, therefore, counteracts both of the forces that push PoW systems towards ASICs:
- Because there is no race, there is less incentive to produce the very fastest processor to “win”.
- The nature of a job’s work is neither repetitive nor predictable; it can be for any application a user submits! You can’t build Application-Specific Integrated Circuit without knowing the Application.
- In the Phala system, the computing power of the TEE miners is used for running the world’s Computing tasks trustlessly. The users, jobs, and miners are managed in a decentralized and trustless way by the blockchain, and the blockchain’s Consensus is secured by a nominated Proof of Stake system.
The CPU Mining Dream Becomes a Reality Again
By separating the Consensus and the Computation, Phala has managed to re-create the original state of Bitcoin: nearly anyone with a modern computer that supports TEEs can decide to join the network and start mining to earn some cryptocurrency. But, unlike Bitcoin, their computer will be doing useful work, so there’s no reason for society to try to ban them for wasting energy in a race. Lastly, since the computation is varied and unpredictable, there’s no avenue way for the market to lead to ASICs and thus centralize around the most well-capitalized or equipped few operators.
As a side benefit, if someone decides to stop mining, they still have a useful device: a computer with a CPU. If they want, they can even have their computer do mining when they’re not using it. An ASIC miner serves no other purpose to society; if it isn’t mining, it is just a waste of silicon, metal, and production energy.
* Technical Notes
Phala’s emissions will follow this exponential decline function:
Where t is the block time in Epoch, Iro is the initial release amount, and k is the attenuation decay coefficient factor of each Epoch, which satisfies:
The parameters used by Phala Network are:
The incentivized roles and their reward share ratio in Phala Network are shown in the following table:
Phala Network tackles the issue of trust in the computation cloud.
This blockchain is a trustless computation platform that enables massive cloud processing without sacrificing data confidentiality. Built around TEE-based privacy technology already embedded into modern processors, Phala Network’s distributed computing cloud is versatile and confidential. By separating the consensus mechanism from computation, Phala ensures processing power is highly scalable but not wasteful. Together, this creates the infrastructure for a powerful, secure, and scalable trustless computing cloud.
As a member parachain of the Polkadot cross-chain ecosystem, Phala will be able to provide computing power to other blockchain applications while protecting the data layer, enabling possibilities like privacy-protected DeFi trading positions and transaction history, co-computing DID confidential data, developing light-node cross-chain bridges, and more.
On-chain services currently being developed on Phala Network include Web3 Analytics: high-performance smart contracts from Phala to enable highly concurrent mass data analytics with privacy, paving the way for an alternative to Google Analytics that inherently respects individual confidentiality.