[nathan_f77]

> Could you not create a protocol that constantly changes its hashing algorithm to combat ASICs?

It might be interesting to combines all of the popular hash functions in a sequence. You could probably mix in some non-cryptographic hash functions in the middle as long as you use secure functions at the beginning and end of the sequence. e.g. SHA256 => MD5 => MurmurHash => BLAKE-256

You could even write an algorithm that uses the previous block hash to determine the next order of the hash function sequence.

[moreless]

Wouldn't ASICs then just implement all of them and rotate execution?

[nathan_f77]

Yes. It was also a bad idea because it would be expensive to verify the proof. A good proof-of-work algorithm is very difficult to create, and very fast to verify.

After posting that comment, I discovered a far better proof-of-work called the Cuckoo Cycle:

* Blog post: http://cryptorials.io/beyond-hashcash-proof-work-theres-mini... * Whitepaper: https://eprint.iacr.org/2014/059.pdf

It's really a genius solution. You have to fill up 2GB of RAM with random bits in order to find a specific cycle in an enormous graph. This means that even even a very slow CPU would quickly saturate the DRAM memory bandwidth, and it doesn't matter if you use a CPU, GPU, FPGA, or even an ASIC.

This means that a mobile phone with 2GB of RAM can mine just as fast as any server with 2GB of RAM. If you want to increase your mining capacity, you'll have to buy a lot of RAM (or a lot of cheap mobile phones.)

Since it is constrained by memory bandwidth, you spend most of the time just waiting for bits to arrive. This means that it uses much less electricity than other PoWs. The proof is also instantly verifiable.

There are a few cryptocurrencies that are using the Cuckoo Cycle proof-of-work such as aeternity [1], and Mimblewimble / grin [2].

[1] https://aeternity.com/

[2] https://github.com/mimblewimble/grin