2 years of RandomX!


2 long years ago, the year was 2019. The Monero community was coming off of almost 2 years of the ASIC war. A war of machines. A war where the sovereignty of Monero was at stake, the control of the network. Would Monero maintain its status as the cryptocurrency of the people, by the people, and for the people? Or would it succumb to the same fate as so many of its brethren, to become controlled by specialized hardware created under subterfuge by unknown companies? Hardware sequestered by the creators, released to the general public when the profit motives aligned, and even backdoored to deny any sense of control? Would Monero suffer the same capitalist fate as the first cryptocurrency networks brought to life years prior, or would Monero manage to maintain its freedom from silicon cages, and find consensus generating abilities in all silicon? Two years later, we have a sense that we are winning the war, but leading up to the advent of RandomX, it was all up in the air.





The war started in perhaps 2018 with a massive hashrate climb of almost 200% in a matter of 2 months, with rumors abound, Monero developers tweaked the original cryptonight proof of work (2018-04-06). These were stressful times for everyone involved. Doubts flying regarding the validity of maintaining ASIC resistance, the inevitability of ASIC development. But at the time, the thought was that we should fight the good fight, and strive to keep Monero permissionless and decentralized, by countering the attack.


https://www.getmonero.org/2018/02/11/PoW-change-and-key-reuse.html


The strategy was successful

At the same time, the seeds of the end of the war were planted. A random Monero redditor by the name conniedoit makes this post (2018-03-16). https://www.reddit.com/r/Monero/comments/84y3ci/help_new_funky_pow_idea_against_asics_and_for_the/


“Therefore we would need some kind of funky algorithm that creates working source code from arbitrary data (hard to imagine, but probably feasible ?)”


Turns out definitely feasible. hyc took up the idea immediately, creating a proof of concept in javascript. In the meantime, there were ASICs to fight.


And tweaking the PoW worked, for a time. Here’s a good summary of the first ASIC fork. https://medium.com/@ecurrencyhodler/was-moneros-pow-change-a-success-81cfeaa08aae


With the idea that the best offense is a good defense, tweaking the PoW was integrated into the rolling 6 month hardfork schedule. At the time, Monero was still in a stage of development where consensus protocol changes were happening so frequently that every 6 months, a new network upgrade would occur. To counter the possibility of additional ASICs being produced to counter the PoW tweak, further PoW tweaks were included in the 6 month schedule to keep the ASIC industry at bay. The thought was that this policy would deter further ASIC development, because why develop ASICs if you know the PoW will change?


Meanwhile, development of the random program idea continues, still using javascript.

https://www.reddit.com/r/Monero/comments/8s824r/pow_change/


The second tweak was rolled out on 2018-10-18. It’s unknown whether ASICs came to exist for variant 1, so our first counterstrike seemed to have worked. Around this same time, Tevador makes the first commit for RandomX (2018-10-31), the next iteration of the idea spawned 7 months earlier.


(Do note at I am referring to these variants as they were coded in the Monero codebase. The original cryptonight was variant 0. Naming of these variants got confusing because pool operators and miner developers would often use the version name from either the consensus version of the network or the release version of the code. Who needs harmony?)


Variant 2 did not enjoy the same success. A clear run-up is seen leading up to 2019-03-09, when the PoW was changed to Cryptonight-R, a variant of cryptonight that included some random math or something. This was a good one. The hashrate remained flat the entire time this variant was on the network. Indeed, ideas were floated that perhaps CnR was “good enough”. Perhaps. We’ll never know.


Despite the battles continuing and developments occurring, doubts are starting to grow in the moneroverse over the viability of continuous PoW tweaks. The first call to do something different comes to the Monero github on 2019-03-11, days after the CnR fork.


https://github.com/monero-project/meta/issues/315


The discussion continues 2019-03-12


https://github.com/monero-project/meta/issues/316


Then there’s a massive meeting


https://repo.getmonero.org/monero-project/monero-site/blob/b87354501b6343f9146f331805ddadc45696f728/_posts/2019-03-24-logs-for-the-dev-meeting-held-on-2019-03-24.md


And the discussion continues 2019-03-25


https://github.com/monero-project/meta/issues/321


Needless to say, this issue consumed a lot of our brains for a long time.


Somehow, optimism prevailed and RandomX was built, tested, and audited (perhaps the most costly audit for Monero, ever). There have been no PoW forks since. There weren’t many hickups since then, but there was one or two.



You can see in the nethash graph, spikes sometime in the summer of 2020. No, these weren’t ASICs entering the network. It turns out some Azure stuff wasn’t secure, and someone found a way to mine Monero.


https://www.crypto-news-flash.com/hackers-set-up-microsofts-azure-network-to-mine-monero-xmr/


Since then, we haven’t seen any such spikes, and the hashrate seems to follow the price of Monero – gradually up. Here is a 90 day simple moving average of the hashrate and the price.




So where does that leave us? Well, if you read through all the old discussions, there was considerable doubt that RandomX would work as well as it has. The generally accepted notion was that we would give RandomX a chance, and if it failed, Monero would switch to SHA3 asics.


Now, two years later, we can say that RandomX has worked for 2 years. We can’t say whether it will work for another 2 years. But here we are. With a cryptocurrency that can still be mined by anyone with a computer, power, and internet access. Zcash attempted some kind of ASIC resistance but failed out of the gate, and is now switching to PoS. Ethereum’s originally ASIC resistant PoW also failed and they just rolled over as well, with potentially some switch to PoS at some point.


But Monero delivered. And continues to deliver.


So what are you doing? Are you mining Monero? You should be. It’s the only way to make sure the Monero network stays decentralized and remains the people’s money. You don’t mine Monero to make money. You mine Monero to say “Fuck you”, and get a little Monero on the side. You mine Monero because its the only thing you can mine with your computer you have sitting right in front of you. You mine Monero because its the easiest and most private way to obtain Monero, and it might be the only way you can obtain Monero depending on your circumstances. And sure, you can mine Monero to make money.


ASICs restrict access to the consensus generation. Full stop. Monero, and its RandomX proof of work developed by random internet pirates, is ASIC resistant. This means anyone can participate in consensus generation. So you should.




On Proof of Stake vs. Proof of Work.


I’ve seen this question asked many a times, and I just need to put together a definitive thing that I can just link to because apparently this is a thing every cycle.


First and foremost. The thing that cryptocurrency is building is money. It’s not a payment network. It’s not a smart contract platform. It’s not a decentralized distributed mechanism to record chains of ownership.


The “killer app” of “blockchain” is money. Everything else might have a place somewhere and be valuable at sometime for some reason or another, but first and foremost, the unique thing that cryptocurrency is technologically capable of doing, which hasn’t been possible before, is a shift in the control of money to the people. No one was sitting around in 2009 thinking “Hey, you know what we need? A decentralized Uber.”


That being said, what does a new, revolutionary form of money need? It needs to be resistant to the status quo and any adversaries that may arise, because, as we’ve seen, the ability to control money is very powerful. If you control money, well, you can control a lot. At this moment in time, the status quo is fiat money. Fiat currency has a one way ticket death spiral into inflationary nightmare scenarios, and really only benefits those with the ability to print it. And we’re all one here on this one earth, so how does it even work for some subsection of humanity to be benefiting from something while another subsection suffers from it? So I posit that cryptocurrency, if done right, will offset - not become integrated by - the status quo.


Because cryptocurrency is global.


The entire reason bitcoin exists today in its form is because it was designed to exist in an adversarial environment – an environment in which there are players that would prefer that it not exist. Indeed, this environment also has players that want it to exist. It had to be designed such that the players that want it to exist can do so even in the presence of powerful adversaries. This is achieved through Nakamoto consensus - everyone agrees to a protocol and the ledger can only be appended if a player follows the protocol and finds a block solution. Adherence to the protocol is achieved through the economic incentive of the block reward – supporting the protocol provides economic incentive.


The block finding effort was meant to be a random thing. The Bitcoin mining that we know of today is an alien concept to the mind of Satoshi during their initial thinkings on the network (or at least I would imagine). The idea of bitcoin mining equipment - literally industrial-level equipment produced by specialized companies – wasn’t anticipated. The “generating”, as it was called, was meant to be performed by all members of the network that are running nodes. Blocks would be found at random by random players, and the chain would grow. You can see it – this vast network of nodes and a random one finds a block, broadcasts it. The whole network learns, starts a new block hunt, then another random one finds one ….. its beautiful. Just this unimaginably unstructured network of nodes, sending messages to each other, and approximately every n minutes the network achieves consensus because a random member found a block solution.


Interesting how it first was called generating. Because you aren’t mining bitcoin. To mine something means that it exists in the first place. You can’t mine the nothing. You are generating units of value when you use a proof of work. You are following the laws of nature as we know them.


Because block finding was meant to be a random thing, you can see how the consensus was designed to exist in that cooperative agreement between completely random people. This was the strength of nakamoto consensus – that anyone participating was capable of creating a block.


Capable of generating.


And I mean anyone. With proof of work, the barrier to entry was the same barrier as using the network in the first place. If you could run the bitcoin software to move coins around, you could participate in the consensus activity.


That’s it. Permissionlessness.


Now, enter Proof of Stake.


Proof of stake creates a permissioned system. In order to participate in the consensus making, you need to own the token. In order to own the token, you must obtain it from some other party. This was part of the magic of nakamoto consensus – not only did the PoW reward process achieve consensus and help secure the network, it is a way to trustlessly and permissionlessly and freely distribute the cryptocurrency to the participants. In proof of stake, you have to have the permission of the person selling it. Already, it is not possible for many in this world to pass AML / KYC requirements to purchase digital tokens using their fiat. With PoS, these barriers have obvious consequences. They will eventually erect gates around who has the ability to buy these tokens. “Oh, you want to own enough tokens to do this or that? Yes, you need to be registered and licensed.”


I mean, ffs, you need 32 eth to become a full validator. At todays prices (and they’re only going to go up, because of ethereum’s brilliant integration of NGU technology), thats $145,000.00. A HUNDRED AND FOURTY FIVE THOUSAND! Why is the barrier to entry so high? Probably because they think that by making it high it will discourage bad actors from becoming validators.


So why is this permissionless thing such a big deal? Because the only way the cryptocurrency is truly the cryptocurrency of the people is if all the people can access it. Otherwise you’re just re-creating the central banking system, where privileged parties have access to the system and others don’t.


Well folks could say “well even with proof of work networks with commodity hardware, there’s permissions. If you can’t buy a computer and connect to the internet, then you can’t participate in consensus.”


Well sure. But if you can’t get online, you can’t use the cryptocurrency either. So it’s a false equivalent, because its an inherent permission. It’s a given that you have to access the internet to use cryptocurrency, and that you need some kind of computational device.


The primary conundrum this system faces is the adversarial environment. With proof of stake, we’ve attached control of the network with ownership of the network’s currency. So, you can determine consensus by owning these digital assets.


The status quo must love this, because all they have to do is print enough fiat to buy the currency to obtain control of the network. I don’t even know why I need to write more than that. The common retort is “well, with PoW, the status quo can just print fiat to build mining farms, and its the same.” But it isn’t. This “print attack” for PoS is one and done – once a controlling stake has been obtained, it is maintained with zero cost. With a PoW network, the adversary would have to go through the logistics of acquiring and assembling a mining farm, and then continuously feed it electricity. This is an ongoing, astronomical cost and requires human effort. And once the adversary fails (which they will), the network can resume. The only thing achieved by the adversary is a limited period of time in which the network is not stable. Once the adversary abandons the efforts, the network resumes.

And obviously the printing attack can be achieved by acquiring majority of PoS coins by other means. Loans, intimidations, whatever. Oh, Mr. Exchange that holds 55% of the total PoS coin supply because people are lazy and want to store their coins on exchanges? Yes, I’m the State that gives you license to operate and for you to continue operating we’re going to need you to vote a certain way on these consensus rules. Oh, here’s a list of outputs that you should never include in a block, and why don’t we just put a little tax in those stake rewards that dumps right into our treasury why not?


My other favorite retort is “Well, hah! Let them print all the fiat and buy all the PoS coin I have because then I’ll be rich!”. And to this I don’t know what to say because I really don’t want to get into schooling them on the fact that we’re trying to liberate ourselves from financial tyranny by Smart People that Know Better, not buy all the lambos.


So, I think that sums it up. Proof of Stake is a permissioned system that does nothing to protect the self sovereign money of the people that is cryptocurrency. And if you think cryptocurrency isn’t that, well, wake up.