ProgPow / Security Ring
[Council of Denver](https://hackmd.io/s/rklzFyVX4)
Hudson gives an explaination of what ProgPow is.
> IfDefElse created ProgPow, which is an algorithm to replace Ethash. Reduces the optimizations that an ASIC can do.
It is contrivesial because ASICs in the past have come from companies who are precieved as bad actors, for example manufactures are secretly mining. We don't want to obsolete GPU mining so that 51% attachs are harder. Another reason is that the white paper put in ASIC resistance as part of th eprotocol, progpow should hlep.
> Problem is that no one alone can decide, we don't want AllCoreDevs to decide becase thqat makes it a technocracy. Also, AllCoreDevs lack the HW expertese to determine if it would actually help. Also concern it is a distraction from real issues (eth 2, eth 1.x).
> Enter Cat Herders. They are attempting to start a ProgPow audit to validate claims and to benchmark vs AMD and NVidia. One concern is that it is claimed Miss If has NVidia.
> Decision must come by May so it can make the Istanbul hard fork.
Brian - woders if we can work with HW manufactures to make sure ASICs can be reusable and move to pther chains. Incentive Alignment is interesting.
Incentives between manufactures (profit) and users (security) is not totally aligned.
concern about 51% tattachs. Also, will GPUs which are sitting idle be redirected at 51% attacks?
Tech that creates more intermediaries reduces decentralizations.
First principals, what is necessary to keep the network secure?
Is there proof it will work? Can asics just flip a switch?
Monero tried it and they failed. They do small tweaks, such as number of rounds. EtHash designers are not accessible.
FPGAs are used in design of asics. If it's fastwer with FPGA it's even faster in a ASIC.
Quick hand vote we need more data
* see the hardware for an ASIC
* How do they work?
* Don't want to have to do a vote every week to proceed.
Who should decide?
Rough Consensus. We are doing carbon vote, miner vote, twitter vote. Exchanges don't care.
The fear is to quickly becomes a non-technal quesiton.
Spec isn't there, but it's being cleaned up.
Danno thinks we need to have a client implement from the spec alone.
Data collecton point - more quantification mdoeling of 51% attacks under various network conditions. So we can see where the real risks lie. i.e. threat modeling.
Hybrid PoS/PoW model. We can use that data to validate checkpoints. Finality with serenty.
Can we leverage exising roadmap to ensure network without throwing resourcea at it. MArtin spent time working on the progpow algorithm.
Adding mitigation in case the change doesn't work.
Having problems finding auditors. Can find benchmarkers but nto HW people to validate the claims. The ideal would be an unbiased ASIC manufacturer or a samsung/intel engineer to prototype it Was going to use Obliesk but there is a conflict of interest and they cannot do it. Not hopefule we will find someone in th enext 6 weeks it will get called off. Benchmarking is going forward. Looking to be a $100k gitcoin, and sourcing the $$ isn't a given.
Why wouldnt EF fund it? they might but the money discussions have not occured.
ProgPow isn't being promoted by a client developer.
Still gathering Eth1.x data for eth 1.x to see if the state cleanup would help in 3 years. Alexy is working on state fees now. State rent will also require a big all core devs push to the community because it could break lots of other dApps.
sidebar discussion about cat herders.
Developer security - EIP1283 bug is a good example of how we are improving security. And network security.
app seurity, wallet secuiry, and network security.
Has anyonw looked into devp2p security? Libp2p?
LibP2p only has a go daemon. No other platforms have code. Rust and Go, only for a sub section of the spec. The other imple all have interoperability issues between other languages. All langs have a version but not all languages have it all done.
Working on a kotlin libp2p. Likely june or july.
Devp2p - felix and ?. Leaning towards libp2p for Eth 2.0
Eth 2.0 is using a library written by a single dev in Japan. (the peering one).
more investment in peer to peer libraries is needed.
outcome: state a GitCoin grant for LibP2P
Progpow hot swap could be possible.
No concerns about secret keyus and wallets.
Sephan will do the audit. And wants to know if we can do a go fund me.