d0s3t3ch
/
RandomWOW
mirror of https://git.wownero.com/wownero/RandomWOW.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Comparison with CryptoNight

This commit is contained in:
tevador 2019-01-13 23:51:12 +01:00 committed by GitHub
parent bf8397b08d
commit c2e0122e15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
doc/design.md Normal file
View File

@ -0,0 +1,39 @@
## RandomX vs CryptoNight
The original [CryptoNight algorithm](https://cryptonote.org/cns/cns008.txt) was designed in 2013 as part of the CryptoNote Standard. It was claimed to be inefficient on GPUs, FPGAs and ASICs. The CryptoNight algorithm specifically targeted the following properties of mainstream CPUs:
- 2 MiB of L3 cache per core
- 64-bit multiplication with 128-bit result
- hardware-accelerated AES encryption
However, these properties were not sufficient to prevent the development of specialized mining hardware. ASIC miners up to 300x more efficient than CPUs were developed in late 2017.
There are 3 main reasons why CryptoNight was not as CPU-friendly as the authors had intended:
1) It uses a fixed sequence of operations. An ASIC can hardwire the whole algorithm, while a CPU has to waste resources on decoding instructions.
2) It uses only a handful of primitive operations: XOR, addition, multiplication and AES round. All other CPU circuits are wasted, most notably the whole floating point unit and all the sophisticated control flow circuits that enable out-of-order and speculative execution in modern CPUs.
3) It relies on the relatively slow L3 cache, which has access latencies of around 30-40 cycles. Most CPU cycles are therefore wasted waiting for data to be propagated through the cache hierarchy.
The RandomX algorithm addresses all of the above points:
1) The sequence of operations is completely different for each hash calculation.
2) It uses the majority of primitive operations supported by most CPUs. The list of operations consists of integer math (including division), bitwise operations (AND, OR, XOR, shift and rotation) and floating point math (including division and square root). Additionally, it uses random branch instructions and utilizes the call stack.
3) The L1 cache is used as the primary data source, while the L2 cache is used occasionally. This is close to an optimal CPU workload and enables high instruction throughput.
These design choices ensure that any custom hardware created for RandomX will not be much more efficient than a CPU, since it will have to include basically the same circuits.
The fact that RandomX uses CPU capabilities much better than CryptoNight can be seen when comparing power consumption:
|algorithm|threads|power [W] <sup>Note a</sup>|
|---------|---------|---------|
|CryptoNight|8 <sup>Note b</sup>|41|
|CryptoNight v2 <sup>Note c</sup>|8 <sup>Note b</sup>|48|
|Prime95 <sup>Note d</sup>|16|82|
|RandomX|16|92|
*CPU: AMD Ryzen 7 1700 (8 cores, 3350 MHz, 1.05 Vcore).*
*a. System power consumption measured using a wall socket wattmeter (±1W). Difference over idle power is listed.*
*b. CryptoNight is limited to 8 threads due to L3 cache size.*
*c. [CryptoNight v2](https://github.com/monero-project/monero/pull/4218) is a modified version of CryptoNight currently used by Monero.*
*d. [Prime95](https://en.wikipedia.org/wiki/Prime95#Use_for_stress_testing) is a popular CPU stress utility. Small-FFT torture test was used.*