SHA3

ifreedomifreedom Member Posts: 12
Why not go for SHA3-hashing (even for the seemingly insane and currently totally unnecessary 6xSHA3 + 3x random hashing of Quark) right from scratch instead of the old SHA2? I know SHA2 is still considered to be secure, but why not make Ethereum from the beginning extremely future-proof and immune even against future advances of quantum computing? Thanks.

Comments

  • FlavienFlavien Member Posts: 7
    It isn't clear that SHA3 is more secure than SHA2.
  • ifreedomifreedom Member Posts: 12
    Yes, it's clear but as far as I understood from the white paper ( http://www.ethereum.org/ethereum.html ) Ethereum Project wants to implement SHA2 hashing. If a team member would comment on this... Thanks.
  • yoyoyoyo Member Posts: 34 ✭✭✭
    He said it is *not* clear.
    SHA3 is more an alternative to SHA2, not a successor. It uses a completely different approach, it's not an iteration.
  • grapagrapa Member Posts: 10
    Since Bitcoin mining hardware can SHA2 hash at light speed, shouldn't we be looking at SHA3?
  • joeyjoey Member Posts: 6
    Am I missing something here guys?
    "Instead of addresses being the RIPEMD160 hash of the SHA256 hash of the public key prefixed with 04, addresses are simply the last 20 bytes of the SHA3 hash of the public key."
  • ifreedomifreedom Member Posts: 12
    There is a reference to "SHA3 public key" but not "SHA3 hash" in the white-paper. Under the title "Mining algorithm" they speak about hosting a contest in the future to develop ASIC-resistant mining algorithms. I think they should only allow submissions based on SHA3 encryption in the contest. Any thoughts to this idea devs? Thanks.
  • VitalikButerinVitalikButerin Administrator Posts: 84 admin
    Well, it's entirely possible to have a proof of work with no hashes at all; we're looking somewhat at cellular automata and X86 instructions. But if the PoW definition ever calls for a hash, then SHA3 is definitely very much preferred.
  • mlacortemlacorte Los AngelesMember Posts: 27 ✭✭
    @ifreedom I think you have a bit of a misunderstanding about what makes for a good proof of work algorithm.

    What makes a hashing algorithm ASIC resistant is how much memory it takes to run. Both SHA2 and SHA3 were designed to take very little memory because they were designed with speed in mind, not with ASIC resistance. While SHA3 would prevent the current generation of Bitcoin ASICs from working, it would be very easy for ASIC manufacturers to simply create a version that works with SHA3.

    For example, compare a cheap Bitcoin miner with the upcoming Litecoin miner:

    Antminer (Bitcoin) https://www.amazon.com/Bitmain-AntMiner-U1-1-6GH-Bitcoin/dp/B00HNYDU4Y
    Viper (Litecoin) https://alpha-t.net/product/scrypt-asic-miner/

    The Viper is 30x more expensive, requires 35x as much power, and is 450x slower than the Antminer. The reason for this is because Litecoin is based off the Scrypt hashing algorithm, which was built to have higher memory requirements.

    The proof of work algorithm that Ethereum uses is called Dagger, and it should be even more resistant to ASICs than Scrypt. The only thing SHA3 is used for in Ethereum is for creating blockchain addresses, which SHA3 is great for because it is fast and collision resistant.
  • ifreedomifreedom Member Posts: 12
    @vitalik: thank you, you have answered my question.
    @mlacorte: thanks for the explanation how ASIC comes into play regarding SHA3.
Sign In or Register to comment.