There is no such thing as ASIC-proof. You can make an ASIC for any deterministic algorithm.
"ASIC-resistance", in this context, only means that ASICs can be held to a low multiple of CPU/GPU efficiency. So ASICs can be 10x as efficient as a CPU/GPU, but not 10k-1m times as efficient like they can on something like SHA.
Unfortunately, profit trends towards zero (towards cost of production) until prices change, so having a 10x advantage is still actually quite big. That means you're making at least a small profit when everyone else is forced to turn off their rigs.
In practice this means that ASIC-resistance, as a method of decentralizing control of the network, doesn't work. Big farms pay cheaper rates for electricity (in China, sometimes zero, by stealing it or bribing local officials), and have insider access to much more efficient ASIC hardware than the general public does. So when profit declines to zero, they inherit the network by virtue of being the only miners who remain profitable.
There is no such thing as ASIC-proof. You can make an ASIC for any deterministic algorithm.
True. Although you could probably design an algorithm which requires so many of the capabilities of a CPU, like a fast 64-bit FPU and a lot of cache, that the transistor count of an ASIC would approach that of a general-purpose CPU produced in much greater volume. This would make special-purpose hardware not cost effective.
The problem is that you still are only taking an infinitely small chunk of the space of all possible Turing algorithms. For example we are not considering any program that lasts longer than say 12 cache hits and 20 math operations (proposed numbers). That means you don't need as much hardware to implement an ASIC as you would a general-purpose processor.
Such algorithms can never possibly contemplate the full space of Turing programs unless you solve the halting problem (because we can't trust participants to give us a fairly chosen algorithm, and presumably we don't want to select a hashing stage that never terminates). This approach will always consider a tiny, fixed area of the problem space and will thus always be amenable to acceleration from specialized hardware.
Remember that old chestnut, "anybody can come up with a crypto algorithm that they themselves cannot break"? You can add a corollary to that: "anyone can come up with a hashing algorithm that they themselves cannot design an ASIC for".
We've been through this over and over again. I remember when Ethereum was supposed to be impossible to accelerate with ASICs. I remember when Monero and ZCash were supposed to be impossible to accelerate. But when you put hundreds of millions of dollars of free money on the line, very smart people get creative.
The idea of ASIC resistance can be summarized as making specialized hardware no more efficient than general hardware. And that's simply an impossible task. Specialized hardware will always be at least somewhat more efficient than general hardware. Maybe not hugely, but it doesn't need to be hugely more efficient, 5-10x more efficient is more than enough to shift control over to ASIC insiders.
On top of that, ASICs pose massive advantages for deployment even apart from efficiency advantages. One box that you plug a power cable and ethernet cable into replaces two mining rigs with finicky, delicate riser cables and a dozen GPUs precariously strung from wire shelves. ASICs don't crash anywhere near as much either. Literally just having the same efficiency but being 10x as easy to deploy is still a massive win.
You can still rotate algorithms every 6 months, but the clock starts ticking when you propose an algorithm. It took four months from the last switchover before Monero had ASICs on the network again. Presumably they were designing as soon as the algorithm was proposed, and taping out as soon as the switchover was announced.
ASICs are inevitable, and it may be better to simply accept democratic control of ASICs rather than insiders with control of them. If you switch every couple months you disincentivize ASIC holders from releasing them to the public (and revealing their existence), instead they will hold them private so they don't trigger an algorithm change. Which is exactly the centralization that you're supposedly trying to avoid.
However efficient ASICs were able to be constructed for the current (and previous) algorithms.
Monero will make a hardfork, right now actually, to brick the existing ASICs. The new algorithm isn't sufficiently different to prevent them however and we will probably see efficient ASICs in under 6 months.
The long term hope instead lies on a new algorithm[0] which tries to change the POW algorithm all the time. Will it hold up or will someone manage to create efficient ASICs? Your guess is as good as mine.
The issue is that anything that changes the POW has to be to be deterministic, so we'll just see programmable ASICs make a return... so invest in Cisco?
"ASIC-resistance", in this context, only means that ASICs can be held to a low multiple of CPU/GPU efficiency. So ASICs can be 10x as efficient as a CPU/GPU, but not 10k-1m times as efficient like they can on something like SHA.
Unfortunately, profit trends towards zero (towards cost of production) until prices change, so having a 10x advantage is still actually quite big. That means you're making at least a small profit when everyone else is forced to turn off their rigs.
In practice this means that ASIC-resistance, as a method of decentralizing control of the network, doesn't work. Big farms pay cheaper rates for electricity (in China, sometimes zero, by stealing it or bribing local officials), and have insider access to much more efficient ASIC hardware than the general public does. So when profit declines to zero, they inherit the network by virtue of being the only miners who remain profitable.