Friday, May 30, 2014

Darkcoin Specifications

Next up is one of the current trendy cryptocurrencies, Darkcoin (DRK). I happened to stumble upon DRK at the right time and mined thousands of coins in a relatively short period, which I then held for a while as I saw the potential in what DRK was promising -- specifically, a coin built around anonymous transactions (or at least, more anonymous than the standard BTC transactions). The other reason for mining DRK was that it was the first X11 PoW algorithm, and at the time it was CPU-only. There have been additional attempts at "CPU only" coins before and after DRK, and in most cases the all of the algorithms have been successfully ported to GPUs. The reality is that as GPUs become increasingly programmable, it becomes essentially impossible to create something that absolutely cannot be run on a GPU; whether or not an algorithm can be truly efficient on a GPU is another matter. Anyway, let's start with the core specs.
Darkcoin Specifications (5/30/2014)
SymbolDRK
Launch Date2014-01-19
Proof of WorkX11
Starting Difficulty0.0002421875
Block Time2.5 minutes
Block RewardVariable by difficulty - see below
Difficulty AdjustmentDark Gravity Wave (DGW) - see below
Reward AdjustmentSubsidy decreases 7% yearly (every 210240 blocks)
Max Coins~22 million
Block ExplorerYes (Alternate)
OtherDarksend anonymous transactions (WIP)
Masternodes (earn coins for participating in network)

General Points of Interest

So there are many items to cover with Darkcoin, and one of the things that needs to be stated up front is that DRK has gone through a number of changes since it first launched. You can argue for or against any of the changes, but at this point "it is what it is". On the one hand, I like that DRK has a very active developer -- what you would call a "benevolent dictator" as he basically decides what happens with DRK, and so far the community has been willing to follow along. On the other hand, there have been a lot of little hiccups along the way, resulting in quite a few hard forks of DRK to recover from various problems. If DRK were more open about their source, and let the community check the changes before committing to them, some of this could be avoided...but then there would simply be different problems like the "designed by committee" approach of other coins. But let's start with the block reward, as that's a good example of what I'm getting at.

Block Rewards

Initially, the block reward for DRK was supposed to "follow Moore's curve" -- so basically it would decrease as the hashing power and difficulty increased. The initial formula was used until block 5465, at which point it was changed to better deal with the rapidly increasing difficulty. There have been three block reward formulas used, and they apply as follows (and note that "Difficulty" refers to the difficulty of the previous block, not the block being mined):
  1. Blocks 0-5464:
    Reward = 1111 / (Difficulty + 1)2
    Minimum reward of 1, maximum of 500
     
  2. Blocks 5465-17000:
    Reward = 11111 / ((Difficulty + 51)/6)2
    Minimum reward of 25, maximum of 500
     
  3. Blocks 17000+ with difficulty > 75:
    Reward = 2222222 / ((Difficulty + 2600)/9)2
    Minimum reward of 5, maximum of 25
     
  4. Blocks 24000+:
    Reward = 2222222 / ((Difficulty + 2600)/9)2
    Minimum reward of 5, maximum of 25
The first reward option basically resulted in the block reward dropping too fast. At difficulty of less than 0.5 the reward was close to 500, but a doubling in difficulty to 1.0 drops the reward in half, and doubling again drops the reward roughly in half again. The problem is that while this would follow Moore's Curves and half the reward for every doubling of computation power, it also halves the reward if the number of miners doubles. It became clear early on that difficulty was scaling much faster than expected, and the total number of DRK generated in the first several years would end up being very low -- so the early miners would receive a lot higher percentage than latecomers. Basically, any difficulty higher than 32 would result in a block reward of 1 DRK.

The second option assumed GPU miners wouldn't appear until some time after block 17000, and it provided for an alternate reward scheme. From block 5465 to 17000, the reward was changed pay substantially more. Any difficulty greater than ~75 would result in a block reward of 25 DRK, while lower difficulties could pay up to 500. In practice, the difficulty ranged from a low of around 3 to a high of around 35, which means block rewards ranged from a high of 137 to a low of 50 DRK. Had DRK stayed with the original formula, there would be a lot less DRK right now (or a lot less DRK miners).

The third and fourth options are basically the same, except prior to block 24000 there was a requirement that the difficulty be more than 75 to trigger this final reward structure. If the second reward structure paid out too many DRK, the final option perhaps pays out too few. Now the maximum reward is dropped to 25 and the minimum to 5 DRK. At difficulty 75, the second and third options pay about the same amount (~25 DRK), but where the second option is bottomed out, the third allows a slow decline to much lower block rewards. Now a doubling of difficulty (from 75 to 150) only drops the reward from 25 to 23. Double again (to 300) and the reward is 21. In practice, every doubling of difficulty drops the reward by ~2 DRK. The minimum reward of 5 DRK per block is reached if difficulty exceeds 2877, which is generally the case now.

As a final note on block rewards, they will decrease 7% annually, which means if DRK stays close to the current difficulty (or higher), we'll go from 5.0 DRK block rewards to 4.65, 4.32, 4.02... which means when DRK is about 22 years old the block rewards will be 1 DRK. Also note that while the min 5/max 25 values are integers, at the block reduction we'll start seeing non-integer block rewards.

Difficulty: [Oops!] -> KGW -> DGW

Next up, let's talk about difficulty. DRK originally launched with a "normal" difficulty adjustment algorithm where the difficulty was changed every 576 blocks. Pool/coin hopping has become such a problem that this was no longer viable, so starting at block 15200 DRK began using the Kimoto's Gravity Well (KGW) algorithm. There were a few problems with KGW, so a new adjustment algorithm was created called Dark Gravity Well (DGW), and this went into effect at block 34140. The goal was to better deal with difficulty adjustments as well as to avoid some bugs/errors that KGW could expose. Apparently DGW v2 (DGW v1 was never used) also had some issues as it was tweaked again (DGW v3) starting at block 68589. I haven't dug into the code or the issues enough to say for certain what was going on, but in general the difficulty of DRK now deals well enough with coin hopping.

What About X11 PoW?

Now we get to the really interesting debate: how good is the X11 Proof of Work algorithm? Initially designed to be "GPU Proof" or at least "GPU Resistant", that obviously didn't last too long. However, it's worth noting that at present, the speedup from using a fast GPU (e.g. R9 280X) compared to a fast CPU (e.g. i7-4770K) is only around 5X, and what's more that's drawing about three times as much power for the GPU as the CPU. I've measured mining speeds with the latest x11mod sgminer of around 3MH/s for 280X and it draws ~225W, where an i7-4770X will do around 560KH and draw ~75W. So that means GPU mining of X11 is only about twice as efficient (perhaps less) as CPU mining. Compare that with Scrypt where the same CPU and GPU would do around 40KH and 700KH; the GPU is about 17.5X faster and still only uses 3X as much power, so it's nearly six times as efficient.

Okay, but what about ASICs -- Scrypt has ASICs and even faster ASICs will be out soon. Is X11 truly "ASIC resistant"? The answer to that can be a bit technical, but the short summary is that, no, X11 is not ASIC resistant any more than Scrypt is ASIC-resistant. The reason we now have people making Scrypt ASICs is that Scrypt became popular and profitable to mine. With the recent climb in DRK pricing -- and the proliferation of other X11-based coins -- it's more a question of "when" as opposed to "if" we'll see X11 ASICs.

"But there are eleven different hashing algorithms! Surely an ASIC can't do all eleven!" Why not? GPUs were able to run all eleven algorithms once people took the time to write the necessary code, and anything that can be done in software can be done faster in hardware. It's simply a matter of cost/benefit analysis. What's more, you could argue that the eleven hashing functions in X11 are actually less memory hard (i.e. constrained by RAM capacity and speed) than Scrypt/Scrypt-N, and they could be pipelined quite nicely. So instead of one general ASIC that tries to do all eleven functions, you make one ASIC each for blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, and echo. As far as I can tell, not a single one of those hashing functions is any more ASIC-resistant than Scrypt, and arguably less so. Thus, the difficulty is in making ASICs to support those eleven functions, but there's probably some overlap in the hashing functions as well which means in reality you might only need to implement a few different ASICs.

So really, the problem is hardly insurmountable and the only real factor in creating X11 ASICs is a matter of time and resources. Anything that can be done faster on a GPU than a CPU is very likely to port well to an ASIC, if there's a financial incentive to do so. If X11 continues to gain in popularity, I suspect we'll see the first announcement of X11 ASICs before the end of 2014, with the first X11 ASICs shipping in 2015. But here's the important thing to remember: ASICs didn't kill Bitcoin or SHA256 coins, they're not going to kill Scrypt coins, and they won't kill X11 either! They'll merely change the mining game, though of course that means a less decentralized cryptocurrency landscape.

Anonymity and Masternodes

Two of the big promises that people are looking forward to with DRK are the Darksend "anonymous transactions" feature and Masternodes. Darksend is basically a mixing service built into the wallet where you send DRK to Masternodes and your transactions are grouped together with a bunch of other transactions and thus obfuscated. It's not truly anonymous, but it will hide you identity much more than normal BTC-style blockchain transactions. It's funny that this major feature of DRK wasn't even functional or in any way present when the coin launched, but it continues to get a lot of attention.

Meanwhile the Masternodes are a new item where you can receive a percentage of the transactions you process if you're running as a Masternode. Except, the Masternodes code has introduced other bugs and problems and has now been pushed back twice. There's also the worry that people running as a Masternode could behave in a network-hostile manner and try to steal coins. Suffice it to say that there are many hurdles to overcome and we've already seen three hard forks thanks to Masternodes. On the bright side (maybe?), the latest version of the Darkcoin wallet is supposed to have a new mechanism that allows changes without a hard fork. Hopefully that doesn't result in more hard forking down the road....

Summary and Future Outlook

While the history of DRK is certainly a bit checkered, as with most cryptocurrencies I look at the overall "belief" factor. Lots of people believe in BTC and billions of dollars have gone into the BTC ecosystem; the same is true of LTC, though with more like millions instead of billions invested. DRK has recently picked up momentum and is currently the second most traded coin, with only BTC surpassing it, though LTC is still within striking distance. After a run up from 0.0014 BTC to a high of 0.0285 BTC in the past two months, DRK has now backed down a bit into the 0.015-0.02 BTC range.

I suspect in the coming months we'll see continued interest in Darksend and Masternodes, and given the projected coin supply it's entirely possible that DRK could end up being valued at ~4X LTC (assuming a similar overall market cap). I've had a knack for trading my DRK just before the price jumps, but I've held onto 20% of the DRK I mined early on and I doubt I'll be liquidating that asset any time soon. In fact, I actually bought back into DRK after the price dropped below 0.02, and I'm betting I can sell at greater than 0.04 BTC before the end of they year -- and very likely before the end of the summer.


If you like reading these blog posts but don't want to subscribe to my thrice-weekly newsletter, please consider making purchases through my Amazon Affiliate links!

3 comments:

  1. What do you think about the new x13 coin just launched over the weekend?

    ReplyDelete
    Replies
    1. It's basically the same basic idea as X11 but with two more hashing functions added "just because we can". I don't see anything particularly noteworthy about MARU, BOST, or DIGIT personally -- they all have that "been there, done that" vibe. MARU would have had more potential if it had come up with something better than a stupid hedgehog as the logo/theme of the coin. Just my opinion mind you -- I thought DOGE was funny as a joke, but stupid as a real cryptocurrency, and many disagreed with me. :-)

      Delete
  2. Thanks! I agree with you. I mined DOGE for one day only in its heyday and moved back to more serious things. Mining a bit X13 coin now but I think I will move my rigs back to Darkcoin. That's prob the only one I think might have some potential.

    ReplyDelete