[cryptography] the Zcash Open Source Miner Challenge (and about Zcash in general)

Russell Leidich pkejjy at gmail.com
Mon Oct 10 23:44:03 EDT 2016

Hi Zooko, I have a simple challenge for you. But first of all, let me state
that I think Zcash is the most promising of all cryptocurrencies from a
security standpoint. (Yeah, I know. Them's fightin' words. It's just my
personal opinion and plenty of people will disagree.) I may change my mind
at some point, but so far so good.

Now, considering that Zcash may very well become the world's first
"seriously scalable" cryptocurrency, meticulousness is in order. Hence the
following challenge: post a 16-bit Equihash minimodel (2^16 16-bit hashes,
or 128KiB) somewhere publicly accessible, and allow everyone to inspect its
statistical properties. (If 20 bits or 27 bits or whatever is more
convenient, so be it.) It seems to me that "collision rootishness" has
already been confirmed, which is promising, but so much more can be

To be clear, "minimodel" in this sense means a consistently scaled model of
Equihash. So for example you would generate all 2^16 hashes of 16-bit
values, instead of all 2^N hashes of all N-bit values of the real hash. If
the minimodel looks very unlike true randomness, then we have a problem. If
not, then the test passes and we have nothing further to say by way of
(in)security. Granted, the real hash and the minimodel are not equivalent,
but this is a practical compromise in light of limited computer power.

Obviously I'm biased because I wrote Dyspoissometer, but there are plenty
of other statistical tests that the general public can and should run on
the minimodel in order to enhance the credibility of Equihash.

Russell Leidich

On Tue, Oct 11, 2016 at 2:55 AM, Zooko Wilcox-OHearn <
zooko at leastauthority.com> wrote:

> Hi folks!
> I've been quiet on this list for a while now. I've been hard at work
> on creating a Bitcoin-like cryptocurrency with zero-knowledge-based
> crypto:
> https://z.cash
> This is the most sophisticated crypto that I've ever seen someone
> attempt to deploy at scale to the Internet. (By all means feel free to
> reply and teach me about counter-examples to that generalization.)
> There's a lot going on there. To jump into the technical side, I'd
> suggest the Zcash protocol spec:
> https://github.com/zcash/zips/blob/master/protocol/protocol.pdf . For
> an introduction to the bigger picture, probably our blog
> (https://z.cash/blog/) and FAQ (https://z.cash/support/faq.html).
> Okay the reason I'm writing today is to let you know about the Zcash
> Open Source Miner Challenge:
> https://zcashminers.org/
> The Zcash company has donated $30,000 for prize money to reward better
> open-source implementations of Equihash by Biryukov & Khovratovich:
> https://www.internetsociety.org/sites/default/files/blogs-
> media/equihash-asymmetric-proof-of-work-based-
> generalized-birthday-problem.pdf
> Jump in! The worst that can happen is that you get the fun and
> education of implementing an interesting new proof-of-work algorithm.
> :-)
> Regards,
> Zooko
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20161011/4b5731c4/attachment.html>

More information about the cryptography mailing list