All right. Now we're going to talk about what hardware miners use to achieve this computation which I just spent time telling you is really, really difficult to do. So first of all, what exactly is this computation? So we've mentioned hash function and we've SHA-256 in particular. What exactly is SHA-256? Well it's a general purpose cryptographic hash function. It's actually part of a bigger family of functions that was standardized in 2001. It did come out of the NSA, which has led to a couple of interesting conspiracy theories by some people about its relationship to Bitcoin, but it's generally considered a fairly strong hash function. It's not broken cryptographically, although there are some theoretical weaknesses that are starting to show up. As a result the replacement, the SHA-3 family, has already been picked actually, and it's in the final stages of standardization today, but it wasn't available at the time Bitcoin was designed. This was a good choice, this was strongest general purpose cryptographic hash function available at the time. It is possible that it will become less secure over the lifetime of Bitcoin, but for now it's pretty good. So what does it look like? This is a diagram of what the SHA-256 state looks like, and we don't need to know all of the details of this to understand how Bitcoin works, but I'll give a high-level overview to give an idea of the task that needs to be solved by the miners. So there's a 256-bit state in SHA-256, it's split up into eight 32-bit words, so this is very much optimized for 32-bit platforms. And in each round some of those words are taken, there's four different tweaks that are applied to those words that are at the bit-level. So each one of these is two or three bits being flipped or added together, basic logic operations. And then a number of words in the state are taken, some with these tweaks applied and added together mod 32 in a pipeline here. And then the result of all of these additions, [COUGH] is wired over to the first word of the state and the entire state shifts over. So some of the design here, some of the design ideas date back to classic linear feedback shift registers, which was one of the earliest approaches to cryptographic design. So all of this happens, this is just one round of the SHA compression function, and a complete computation of SHA-256 does this 80 times, for 80 iterations. And in each iteration there are slightly different constants applied at that one step there so that every reiteration isn't exactly the same. So this is the task ahead of miners to compute this specific function, only this, as fast as possible. And so you can see that to do this you need to be able to deal with 32-bit words, you need to be able to do 32-bit addition, and you need to also be able to do some bitwise logic. So the first generation of mining when Bitcoin was originally proposed was all done on general purpose computers, general purpose CPUs. In fact, it was as simple as this code here, and it simply searched over nonces in an linear fashion, computed SHA-256 in software and checked if the result was a valid block. And one quirk which I haven't mentioned yet, this is probably a good time to mention it if ever there was one, is that for reasons that aren't completely specified, you actually compute the SHA-256 function twice. So it's just doubled up, that's a fact of life that miners have to live with. So how fast will this run on a general purpose computer? Well, if you're doing pretty well, if you have a high-end desktop PC, you might be able to do this in about 2 to the 24 hashes per second which would be about 20 megahertz. Remember that even though hertz often are applied for processor speed, the basic idea of hertz is it just means something that you're doing that many times per second. Okay so if you're hashing at a rate of 20 megahertz, what does that get you with today's difficulty? Well, it would actually take you over a hundred thousand years, at this rate, to find a block. So we talked about how mining was gonna be a difficult slog. If you're mining on a general purpose PC today, it's a really, really big hill to get up, [COUGH] cuz it's gonna take you that 140,000 years. So as a result, today and even for the last few years, anybody trying to do mining on a CPU probably didn't understand how Bitcoin worked, and were probably pretty disappointed that they never made any money doing it. So CPU mining was the first generation of mining. The second generation, when people started to get frustrated with how slow their CPUs were, was to try to use their graphics card, their graphics processing unit, or GPU. So what is a GPU? Almost every computer now has a GPU built in for high performance graphics. They're designed to have high parallelism which does help with Bitcoin mining because you can parallelize and compute multiple hashes at the same time for different nonces that you want to try. And they're also designed for high throughput, so there's a highly pipelined design in graphics cards. And around 2010, the first implementation came out, written in a language called OpenCL, which is a general purpose language to do things other than graphics on a GPU. And it's a high level language, so it took a little while before people started tweaking the code even further to run quickly on specific graphics cards. So what's the advantage of using a graphics card? Well, [COUGH] for one thing, they're easily available and they're easy for amateurs to set up. You can order graphics cards online, you can buy them now at most big consumer electronic stores, so they're just the most accessible high end hardware that's available to most people. They also have some properties that make them specifically nice for Bitcoin. They're designed for parallelism, so they have a lot of arithmetic logic units, ALUs, that you can use in parallel to do different SHA-256 computations, and some of them also have some specific instructions to do Bit fiddling that work out quite nicely for SHA-256. They also have the property that you can drive many graphics cards from one motherboard and CPU, so you could take your one computer and attach multiple graphics cards to it if you want. Most graphics cards can also be overclocked which is a property that gamers demand, so you can run them faster than they're actually designed for, if you want to take the risk on. And with Bitcoin mining, [COUGH] it might be a good idea to run the chip much faster than it was designed for, even if you introduced some errors into the process. So there's a measure of mining success called Goodput, which is the throughput, how quickly you're finding blocks, times the success rate, how often does the computation actually have errors? An interesting observation is that it may be worth while to go much faster even if you make a large number of errors if it leads you to find valid blocks more quickly. So [COUGH] if you can tweak one knob and run your graphics card 50% faster, even if you have an error in SHA-256 computation 30% of the time, you just multiply 1.5 times .7 And you're still finding blocks faster than running the chip at normal speed with no error. So this is something that people spent a long time optimizing exactly how much should they over-clock the chip and what errors it would introduce. So people started trying to scale this up. They said, ah-ha. I have a graphics card, I'm mining faster than I was on my CPU. What's better than one graphics card? Lots of graphics cards. And you started to see these really interesting home brew setups like this one here. Where people hand built their own racks, they had their own custom cooling setup which was often as simple as buying a bunch of fans or a bunch of air conditioning units. And trying to run as many GPUs as possible in their basement or whatever other room was available to them. So this was obviously in the early days of Bitcoin when it was still mostly hobbyists who didn't know a lot about running a modern data center, but they came up with some quite ingenious designs to pack. A lot of graphics cards fit in a small place and try to keep them cool. Now what are the disadvantages of doing this? Well, GPUs actually have a lot of other hardware specifically for doing video. Specifically, they have floating point units that you don't use at all in SHA256. So you're actually wasting a lot of the hardware from what the factory built. They also don't have the greatest cooling characteristics when you put a lot of graphics cards next to one another. They're not designed to be run all in a row like I showed on the previous slide. They're designed to be run one graphics card and one box doing graphics for one computer. They can also have a fairly large power draw, so a lot of electricity is being used by these relative to a computer. And initially there was the problem that you had to build your own board or buy expensive boards to actually house multiple graphics cards. So what's the upshot of this, what kind of performance can you get? Well, on a good card, a really high end graphics card, with a lot of aggressive tuning, you might get as high as 200 MHz. Which is about 2 to the 27 hashes per second. So that's up to an order of magnitude better than you would be doing in the CPU case. But even without improved performance, and even if you're really aggressive and you say, I want to get 100 graphics cards together from my mining rig, that setup would still take you 174 years to find a block at the current difficulty. So it it was a fun era while it lasted, but graphics cards for Bitcoin mining is basically dead. So what replaced graphics cards? Well around 2011, people started to use FPGA or Field Programmable Gate Arrays. That was around the time of the first implementation of Bitcoin mining came out in Verilog. Which is the hardware design language that's used to program FPGAs. And FPGAs are something that maybe you've programmed before if you've taken a hardware design course. They're defined to have hardware like performance but to have customers or the owner of the card being able to customize it or reconfigure it in the field unlike a chip which is made in a factory and does the same thing forever. So they do offer better performance than graphic cards. Particularly on some of the bit fiddling operations. That kind of stuff is very easy to spec out on FPGA. And if you know what you're doing, you can get the cooling to work out better with an FPGA. You're wasting a little bit less of the card then you would be with a graphics card. And you can pack more of these together and drive them from one central unit. So just like with the graphics cards, people said, once I have the FPGA working, why don't I try getting a lot of FPGAs? And now this doesn't look quite as messy as the graphics card setup looked. This is a relatively neat rack with neat wires. You don't see the cooling set up here, you still needed a cooling set up with air conditioning or with fans. But it was possible to build a big array of FPGAs a little more neatly and cleanly than you could with graphics cards. The disadvantages of using FPGAs are that they were being driven harder for Bitcoin mining by being on all the time and working as hard as possible, that a lot of consumer grade FPGAs were really designed for. So a lot of people found a number of errors and malfunctions in their FPGAs as they were doing Bitcoin mining. It was, also it turned out to be difficult to optimize a 32-bit ad step, which as we said is critical for doing SHA256. They were also just less accessible for people. It's harder to buy a FPGA, you can't buy one at most stores. There are fewer people who know how to program FPGAs or know how to set them up. And it turned out that the cost, even though the performance on FPGAs went up, the cost for performance was only an incremental, very marginal gain over using graphics cards. So it was a pretty short-lived reign whereas people were mining on graphics cards and graphics cards were king for maybe a year or so. It was a much shorter matter of months where FPGAs were a popular solution for Bitcoin mining. But if you were using an FPGA and using it well, you might get up to about a gigahertz. And now it sounds like we're making some real progress, we're doing a billion hashes per second. But even with a one gigahertz setup on a FPGA and even if you had 100 boards. So again even if you bought a lot of FPGAs and shoved them on to your amateur mining rig, it would still take you 25 years to find a BitCoin block at that rate. So this is still not looking like a really attractive thing to jump into. And you might be asking if all these solutions are so intractable today, what are people actually doing. Well, mining today is essentially dominated by Bitcoin ASICs, or Application Specific Integrated Circuits. So these are chips that were designed and built from scratch to do nothing except mine Bitcoins. They were fabbed out at a factory, packaged up, and sold to a consumer solely to be Bitcoin miners. And if you go online today, you can find a lot of people willing to sell you Bitcoin mining ASICs. There's a couple of big vendors that now do this as a full-time product. So these companies have sprung up in the last two years. And the main product, in some cases the only product that they sell as a business is Bitcoin mining ASICs. And now you'll notice when you're buying an ASIC you have a lot of options. You can choose between the slightly bigger and more expensive models, more compact models. And they'll throw a lot of numbers at you in terms of what the performance is gonna be, the cost, how much power it's going to use. But the most important thing to look at in a lot of these cases is how quickly they're going to ship to you. So, a lot of ASIC's have a pretty strong disclaimer that you have to pre-order them before they're even available and they don't make any firm guarantees on when they're going to be delivered. So again, since these are new companies selling the ASICs, they've had to be funded as they went which means they need to essentially pay for the production run of ASICs with consumers' preorders. And that means there's a lot of pressure on people, on consumers to pay before the chip is ready. In a lot of cases, the chip have been shipped late and this has caused considerable consternation, heartache for customers. There are a lot of dramatic complaints and stories, and tales of woe of people who spent good money on a Bitcoin ASIC and were hoping to really strike it rich when the thing came in the mail. Only it came in the mail later than they were expected. Like I said, these are special purpose. They're designed to be run at full speed, constantly, for life, to do nothing other than mine BitCoins. They require a lot of expertise and a long lead time to design, so much more complicated to actually tape out a chip than to just write an implementation in OpenCL or in Verilog. But the amazing thing about BitCoin ASICs is that as hard as they were to design, analysts who've looked at this have said, this may be the fastest turnaround time, essentially in the history of integrated circuits, for specifying a problem, which was mining BitCoins, and turning it around to have a working chip in people's hands. So this was really a rush job. People realized the need to have BitCoin mining ASICs, and the fact that they could sell them for a lot of money. They designed them extremely quickly and started shipping them to the consumers. And as a result you can probably expect there were a lot of bugs in the first few generations of these things. Some of them didn't deliver, in fact most of them probably didn't deliver quite the performance that they were promising. Some of them, in fact, were quite buggy, but it's evolved a lot over the past year and there are now fairly reliable ASICs being shipped. So what does it look like if you actually wanna buy one of these things? So here's just a case study of something that's been available for about six months now, so it's already a little bit out of date. But this TerraMiner IV is this nice, big, fancy box you see here, and this hashes at about 2 TH, so it's 1000 times faster than that hypothetical array of a hundred 100 really good FPGAs that we were talking about previously. So you had to pay about $6,000 for this. Even with these incredible performance, it will still take 14 months on average to find a block. So even if you think that you are investing on a fairly nice hardware it's still extremely difficult to find a block. And the market dynamics are really interesting here. So, most boards that have been coming on the market since ASICs came out, have been effectively obsolete in maybe six months. And on top of being obsolete within six months, the bulk of the profits are made upfront. Often in the first six weeks is when you'll make half of the expected profits in the lifetime of a mining ring. The fact that such a high proportion of the profits are made in the first six months, means that there is an incredible premium on shipping speed. If your thing ships a week late, you may have lost one sixth of that optimum time, in fact, you'll have lost the most valuable week in a lifetime of the ASIC because it's value's only going to go down over time as mining gets more and more difficult. And this is really the motivation for why so many companies require pre-orders, the fact that there's so much competition to get the ASICs first. And there's a lot of speculation that some company's have actually manufactured the ASICs, tried to run themselves for a couple of weeks before shipping them and then ship them off to consumers. So the dynamics of this are still very unfavorable to the small miner who wants to go online, order an ASIC and start making money. And in fact in almost all cases, people who have placed orders for mining hardware should have lost money based on the calculation that they made at the time. Except for one thing, which is that the price of BitCoin has been rising for most of the history of BitCoin. It has levelled off a lot in the last six months or so, but during the period when prices were rising, the rising prices often bailed out miners who would have lost money if prices had stayed constant. So in effect buying BitCoin ASICs has been an expensive and convulated way to simply bet that the price of Bitcoin would rise. And a lot of miners, even though they've made money mining BitCoins would've been better off it they have just taken the money that they were going to spend on mining equipment, invested it in BitCoins, held them while they appreciated in value, and then sold the BitCoins at the end. And now we're firmly in the era of professional mining. So the details are often pretty scant because companies doing this don't want to share exactly what their setup is. But it is known that there are some professional mining centers popping up around the world now. And here's just one picture that's been made available, one that came online in the last couple months in the Republic of Georgia. So if you want to open a professional BitCoin mining center, where should you go? You basically need three things. You need cheap electricity, you need good network connectivity so that you can hear about new boxes as they're announced and not miss out. And ideally you'd like a cool climate so that you don't have to pay too much in your cooling bill to cool all this equipment down. So in addition to Georgia, places like Iceland have been popular destinations for people to try to [COUGH] start their BitCoin mining data center. So if we zoom out a little bit and we think about the evolution of mining, we can see really interesting parallels between BitCoin mining and gold mining, or really any other kind of mining. But especially gold mining because it's led to the same kind of gold rush mentality, when initially a lot of young amature folks wanted to get into the business. So whereas with BitCoin mining we've seen this slow evolution from CPUs to GPUs to FPGAs to now ASICs. With gold mining we saw the evolution from individual people with a gold pan to maybe a small team of people with a sluice box, to placer mining, which was a big group of people blowing away hillsides with water, to modern gold mining, which is a giant open pit extracting tons and tons of raw material from the Earth. And in both cases, the friendliness to small people trying to jump into this has gone down. And there's been a consolidation with large companies owning most of the action over time. So a couple of questions for the future are, are small miners out of BitCoin mining forever? Is there any way to make it as a small miner in this game? And does that violate the original spirit of BitCoin? Does the existence of these ASICs and these large mining centers go against the original vision of Satoshi Nakamoto, which was to have every individual in the network being a miner running on their own computer? So some people, who think that this has been a violation of the original vision, wonder would we be better off if there were no mining ASICs? If the only way to mine BitCoin was using your CPU like in the good old days. Well, we're gonna have a lecture later on in this series, which I'll point forward to a number of times in this lecture, where we look at alternative formulations of mining that might be possible. So I won't say anything more about how we could design mining to be less friendly for ASICs here, but that will be a topic that will come up in the future, that will be quite interesting.
