Author’s Note: There are two Monero hard forks planned for spring 2018.
This article pertains to the official Monero network upgrade scheduled for block 1546000 in early April. The following experiment is unrelated to (and unaffected by) the MoneroV fork scheduled for block 1564965 near the end of April.
Due to Monero’s anonymous nature, it is typically extremely challenging to study its users and miners. However, a routine hard fork scheduled to upgrade the network on 6-April 2018 will incidentally conduct an experiment that probes the nature of the Monero miners’ equipment. Observations of the total Monero network statistics around the time of the fork will reveal whether any of the current Monero hashrate is due to ASIC mining.
Many cryptocurrencies are mined primarily by public pools. For instance, at the time of writing, more than 90% of the Bitcoin network’s mining power (“hashrate”) originates from known mining pools. On the other hand, less than a quarter of the Monero hashrate can be connected to public pools; we know nothing about the source of the other 77%.
While there has been plenty of speculation, so far there is no way to study the origin of Monero’s 77% unknown hashrate. Certainly some portion is due to typical miners in unknown pools, and some portion is due to botnets. “Botnets” are collections of devices that have been exploited to mine and export Monero in the background, unbeknown to the device owner. Many instances have been documented, [Kafeine 2018 & Kanaracus 2018] however the overall scale of botnet mining is entirely uncharted. Furthermore, it is possible that specialized machines called ASICs (more in the next section) have been secretly producing a large portion of the hash power, however this was typically thought to be unlikely for Monero.
The next two sections describe the equipment developed for Bitcoin mining, and the aspects of Monero mining that differ significantly. Depending on your familiarity with these topics, you might be able to skim ahead through some of this introduction.
When cryptocurrencies entered the scene, mining occurred exclusively on computer CPUs. Since the mining difficulty adjusts to the current technology, CPU mining was adequately profitable in the early days. Mining efficiency depends on how quickly a device can crunch through a particular set of calculations — this speed is measured in “hashes per second”, abbreviated H/s. Using Bitcoin statistics for illustration, CPU miners have hashing power on the order of 1,000,000 H/s, written as 1 MH/s for convenience.
Soon, graphics cards were repurposed for mining cryptocurrencies. GPUs are able to attack the mining problem orders of magnitude faster, around 100 MH/s. Since the network difficulty adjusted based on the GPU miners, the CPU miners could not compete (i.e. mining rewards were insufficient to pay for the equipment and electricity costs).
Next, application-specific integrated circuits (ASICs) were built for the sole purpose of mining Bitcoin. These special devices are quite expensive, and mine many thousands of times faster than GPUs. For example, the Antminer S9 advertises a whopping 14,000,000 MH/s. By now, the network difficulty has increased to accommodate the ASICs, consequently pushing CPU and GPU miners out of business for Bitcoin.[Murray 2018]
Due to underlying egalitarian principles, the Monero community does not approve of ASICs and their inevitable centralization of mining power.[Monero Project 2018] While the “CPU-hard” hash algorithm (SHA-256) used by Bitcoin is amenable to ASIC optimization, Monero deters ASIC development by using a “memory-hard” algorithm (CryptoNight) that is difficult to accelerate.[CryptoNote 2013] Consequently, CPU and GPU mining are both feasible for Monero, even in 2018. (Note: hashrate statistics for different mining algorithms cannot be directly compared, since the computations are “apples and oranges” distinct)
Since Monero mining is still CPU accessible, it has unfortunately become heavily utilized by malicious software that steals victims’ electricity and processing power to mine Monero for the botnet controller. These attacks are not limited to servers and computers; unauthorized Monero mining software has been found on personal devices ranging from phones to tablets to televisions. [Hui 2018 & Hautala 2018] The overall scale of this phenomenon is unknown, since estimates must be extrapolated from evidence cobbled together piecewise from the few instances of malware that have been caught in the act.
In early March 2018, the Monero community was shocked when Baikal Miner announced the “Giant N” ASIC that purports to calculate CryptoNight hashes 25 times faster than GPU miners.[Figure 2; Baikal 2018] At the time of writing, Baikal Miner’s claims have not been verified by an independent party. If any company were to create the first CryptoNight ASIC, they would presumably use them to secretly mine prior to product announcement and sales launch, in order to accumulate Monero while the network difficulty is still adjusted for CPU/GPUs. If the Baikal CryptoNight miners are legitimate, they have almost certainly been mining extensively in recent months.
Update on 18-Mar 2018: Last week, several companies abruptly announced CryptoNight ASIC miners for sale, including the Bitmain Antminer X3 (advertising 220 KH/s), the DragonMint X1 and X2 Miners (248 KH/s), and the Pascal A1 Miner. All are on back-order until after the network upgrade, so customers hoping to mine Monero will be sorely disappointed.
As shown in Figure 3, the network-wide hashrate for Monero has increased explosively over the last year, starting from 60 MH/s in March 2017, and sustaining > 750 MH/s by February 2018. Naturally, more miners were attracted to Monero during 2017 since the exchange rate rose during this period, from ~$12/XMR to ~$500/XMR. However, the tenfold increase in hashrate represents a concerningly-vast amount of unknown mining power that arrived abruptly from anonymous sources.
Many do not worry about the nature of these miners, believing that any and all additional hashing power improves network security. This ignores the danger of invisible centralization. If a significant amount of the mystery hashrate comes from large-scale botnet(s) or secret ASICs that produce a disproportionate amount of mining power, then centralization may, currently or soon, exist to a catastrophic degree. This mysterious (potentially-botnet) hashpower that conveniently bolsters network security may in fact be a Trojan horse concealing a “51%” majority attack. Apathy toward the composition of the network may be an existential mistake that leads to Monero’s undoing.
The upcoming Monero network upgrade includes a minor tweak to the CryptoNight algorithm [Monero GitHub 2018] that will affect ASICs differently than GPU/CPU miners. This slight variation will not change the difficulty or behavior of the algorithm, and CPU/GPU miners will easily adjust to the new variant when they upgrade with the network.
ASICs, on the other hand, are fundamentally incapable of adapting to new (minor or major) variations. One can think of ASICs as workers that are trained to do one task extremely quickly, but cannot learn to do anything else. The algorithm to be executed is physically etched into the ASIC circuits, so they cannot be reprogrammed or repurposed. The Monero development team has expressed intent to trivially modify the mining algorithm at each network update. Since Monero carries out routine hard forks every 6 months, this should permanently disincentivize attempts to produce Monero ASICs, since each expensive and lengthy redesign would be promptly rendered obsolete.
The inability of ASICs to upgrade with the rest of the network will quickly reveal their alleged existence at the fork. When the rest of the network forks to the new variant, blocks mined by outdated software (or in this case, hardware!) will be promptly rejected. If there are ASICs mining Monero currently, they will be bricked off of the network at block 1546000, and their hashrate will abruptly disappear!
Consider two mutually-exclusive scenarios:
Figure 4 shows expectations for the total network hashrate under each scenario. The left hand side of the plot shows the month prior to the fork. The black trace shows a business-as-usual March 2018 hashrate, which may or may not include ASICs (we won’t know until the fork). The dotted vertical line at day 0 shows block 1546000 near 6-April, when the CryptoNight variant is implemented with the network upgrade hard fork.
If reality reflects Scenario 1 (blue trace), then there are no ASICs and all of the current hashrate comes from CPU/GPU miners. These flexible miners will update their software and proceed as usual without any noticeable change in the overall hashrate trend.
However, if Scenario 2 (red trace) is true and ASICs do exist, there will be a corresponding sharp decrease in hashrate that does not recover quickly. This evaporating mining power would strongly support the existence of CryptoNight ASICs. The Monero community should watch the network hashrate with bated breath as block 1546000 approaches.
It is probable that in either scenario, there will be a transient dip in hashrate (on the scale of hours to days) while devices that missed the hard fork update their software. Portions of the dip that rebound on the scale of weeks can be attributed to CPU/GPU miners, since redesign and fabrication of updated ASICs would take months. Consequently, the hashrate 5–10 days after the fork should be used for the before/after comparison, once traditional miners are up-to-date.
A persistent loss in hashrate would very strongly support the existence of CryptoNight ASICs (scenario 2). This would likely be corroborated by an increase in network hashrate for other CryptoNight coins after the Monero fork (e.g. Electroneum, Bytecoin, Sumokoin, AEON, etc). Owners of CryptoNight ASICs that cannot mine Monero after the update would shift their hash power to those other cryptocurrencies, producing a noticeable increase in their total hashrate!
If CryptoNight ASIC miners are real, their signature should echo across multiple cryptocurrencies’ network statistics at the beginning of April. Are the ASIC rumors true? Are they silently leading Monero’s mining already?
In less than two weeks, we will find out!
When the network hard forked, more than half of Monero’s hashpower evaporated instantly, reflecting the red trace in Figure 4’s prediction of ASIC dropout.
[Kafeine 2018] Kafeine, Smominru Monero mining botnet making millions for operators, 31-Jan 2018, https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators
[Kanaracus 2018] Christopher Kanaracus, New Monero crypto mining botnet leverages Android debugging tool, 5-Feb 2018, https://threatpost.com/new-monero-crypto-mining-botnet-leverages-android-debugging-tool/129777/
[Monero Project 2018] dEBRYUNE, dnaleor and the Monero project, PoW change, 11-February 2018, https://getmonero.org/2018/02/11/PoW-change-and-key-reuse.html
[Murray 2018] Mike Murray, Mining Bitcoin with a GPU in 2018, 2-Jan 2018, https://www.thegeekpub.com/11407/mining-bitcoin-gpu-2018/
[CryptoNote 2013] Nicolas van Saberhagen CryptoNote v2.0 White Paper, 17-October 2013, https://CryptoNote.org/whitepaper.pdf
[Hui 2018] Wang Hui, ADB.Miner: 恶意代码正在利用开放了ADB 接口的安卓设备挖矿, 4-Feb 2018, http://blog.netlab.360.com/early-warning-adb-miner-a-mining-botnet-utilizing-android-adb-is-now-rapidly-spreading/
[Hautala 2018] Laura Hautala, Hackers infect Android phones, TVs to mine cryptocurrency, 6-Feb 2018, https://www.cnet.com/news/hackers-monero-iot-devices-china-mine-cryptocurrency/
[Baikal 2018] Baikal Giant N product page, retrieved 14-Mar 2018, https://www.baikalminer.com/product12.php
[Monero GitHub 2018] Monero Cryptonight variants, and add one for v7 #3253 https://github.com/monero-project/monero/pull/3253
% Generate mockup time series for network hash rate near block 1539500
% MPKT Mar 2018
% Initial time series generated by y=mx+b+noise()
% ASIC dropout emulated by subtracting a constant post-fork
% In figure 4:
% The black and blue (scenario 1: no ASICs) traces show yNoised
% The red trace (scenario 2: ASICs) shows vector yASIC
%% Simulation parameters
b = 1000; % (MH/s), total network hashrate at start of simulation
numDaysSimulation = 60; % Look at a 2 month stretch centered on fork
dHdt = 4; % (MH/s/day), normal network growth trend
HypotheticalASIChashrate = 200; % (MH/s)
%% Generate timebase
dayOfFork = numDaysSimulation/2; % Begin the fork halfway through
simulationTimebase = 1:numDaysSimulation; % [1, 2, 3, … , numDaysSimulation]
%% Generate timeseries
y = dHdt*simulationTimebase+Ho; % y=mx+b, general growth trend
yNoised = y + 20*random(); % Add regular ~20 MH/s daily fluctuations
yASIC = yNoised; % Duplicate yNoised before “removing” ASICs
yASIC = yASIC(index>dayOfFork) — HypotheticalASIChashrate; % dropout hypothetical ASICs post-fork
Update on 28-Mar 2018: the network upgrade originally discussed for block 1539500 in March has been officially scheduled for block 1546000 around 6-April 2018. This article’s title, text, and figures have been updated to reflect the 1546000 fork height. More information and updated software can be found in today’s getmonro.org post: “A Scheduled Network Upgrade is Planned for April 6" https://getmonero.org/2018/03/28/a-scheduled-protocol-upgrade-is-planned-for-April-6-2018-03-28.html