2.3 SHA256 mining vs scrypt mining - Makh1/italcoin GitHub Wiki

For proof of work, Bitcoin uses the highly parallelizable SHA256 hash function, hence Bitcoin mining is an embarrassingly parallel task.

ITAL coin, just like Litecoin, uses scrypt instead of SHA256 for proof of work. The scrypt hash function uses SHA256 as a subroutine, but also depends on fast access to large amounts of memory rather than depending just on fast arithmetic operations, so it is more difficult to run many instances of scrypt in parallel by using the ALUs of a modern graphics card.

This also implies that the manufacturing cost of specialized scrypt hardware (ASIC) will be significantly more expensive than SHA256 ASIC. Since modern GPUs have plenty of RAM, they do prove useful for ITAL coin mining, though the improvement over CPUs is less significant than it was for Bitcoin mining.

The particular scrypt parameters that ITAL coin uses (N=1024,p=1,r=1) let non-mining users who run the full client (and thereby verify and propagate the blocks) multitask in their operating system without affecting the responsiveness.

Pros

  • The market entry costs for ITAL coin mining are cheap, anyone with a computer connected to the internet can mine ITAL coins in order to make a profit and to sustain the ITAL coin network. Even CPUs can be used to mine ITAL coin, albeit less effectively than modern GPUs. The inexpensive market entry cost implies a decentralized mining power.

  • There is a danger that some entities would make a large one-time investment in ASICs and centralize the mining aspect of the Bitcoin network, i.e. the market entry costs for Bitcoin mining would become too expensive for most people (this assumes that the objective of those entities isn't to sell their ASICs on the market). The scrypt algorithm used by ITAL coin ensures that lots of memory is needed per hash attempt, basically by using the input as a seed to fill a large amount of memory with a pseudorandom sequence, and then using another seed derived from the input in order to access this sequence at pseudorandom points while generating the output hash. Since memory is the resource of general-purpose computers which is the most expensive to reproduce for ASICs (in particular it's more expensive than ALUs), this means that a one-time investment in ASICs for ITAL coin mining would be much more expensive [3]. The memory size parameter of scrypt was selected (originally by ArtForz and Lolcust) to fit into 128.5kB, so that it'd only utilize the L1/L2 cache and wouldn't hit the L3 cache and the RAM. This means that it's possible to participate in the ITAL coin network without affecting system responsiveness and with no disadvantage in propagating the blocks on common hardware, while still requiring a significantly large amount of memory per hash attempt.

  • Websites can easily embed a ITAL coin miner so that casual visitors would be able to support the website by contributing their spare CPU cycles while browsing (example). Having OpenCL access through web browsers in order to utilize the GPU of casual visitors is much more problematic.

  • Developers who wish to gain advantage over regular miners might try to create implementations of scrypt that run better on specific types of hardware, which would advance the current state of knowledge in areas unrelated to ITAL coin, e.g. password cracking by brute-force or dictionary attack.

Cons

  • Attacks by botnets. If the botnet operator runs an unmodified litecoind in order to earn coins then such a botnet only attacks the computers under its control, not ITAL coin itself, as it would actually strengthen the ITAL coin network. However, the objective of a crypto-currency is to improve the world rather than to improve itself. Botnets with a high enough proportion of the total hash power could try double-spending attacks on the ITAL coin network.