Why not go for SHA3-hashing (even for the seemingly insane and currently totally unnecessary 6xSHA3 + 3x random hashing of Quark) right from scratch instead of the old SHA2? I know SHA2 is still considered to be secure, but why not make Ethereum from the beginning extremely future-proof and immune even against future advances of quantum computing? Thanks.
0 ·
Comments
SHA3 is more an alternative to SHA2, not a successor. It uses a completely different approach, it's not an iteration.
"Instead of addresses being the RIPEMD160 hash of the SHA256 hash of the public key prefixed with 04, addresses are simply the last 20 bytes of the SHA3 hash of the public key."
What makes a hashing algorithm ASIC resistant is how much memory it takes to run. Both SHA2 and SHA3 were designed to take very little memory because they were designed with speed in mind, not with ASIC resistance. While SHA3 would prevent the current generation of Bitcoin ASICs from working, it would be very easy for ASIC manufacturers to simply create a version that works with SHA3.
For example, compare a cheap Bitcoin miner with the upcoming Litecoin miner:
Antminer (Bitcoin) https://www.amazon.com/Bitmain-AntMiner-U1-1-6GH-Bitcoin/dp/B00HNYDU4Y
Viper (Litecoin) https://alpha-t.net/product/scrypt-asic-miner/
The Viper is 30x more expensive, requires 35x as much power, and is 450x slower than the Antminer. The reason for this is because Litecoin is based off the Scrypt hashing algorithm, which was built to have higher memory requirements.
The proof of work algorithm that Ethereum uses is called Dagger, and it should be even more resistant to ASICs than Scrypt. The only thing SHA3 is used for in Ethereum is for creating blockchain addresses, which SHA3 is great for because it is fast and collision resistant.
@mlacorte: thanks for the explanation how ASIC comes into play regarding SHA3.