monero-docs/public/proof-of-work/cryptonight/index.html

1403 lines
38 KiB
HTML
Raw Normal View History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Unofficial Monero Documentation">
<meta name="author" content="Piotr 'Qertoip' Włodarek">
<link rel="canonical" href="https://monerodocs.org/proof-of-work/cryptonight/">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.1.2, mkdocs-material-6.2.5">
<title>CryptoNight - Monero Documentation</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.15aa0b43.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.75751829.min.css">
<meta name="theme-color" content="#ffffff">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style>
<link rel="stylesheet" href="../../overrides.css">
</head>
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="white" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#cryptonight" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid" aria-label="Header">
<a href="https://monerodocs.org" title="Monero Documentation" class="md-header-nav__button md-logo" aria-label="Monero Documentation">
<img src="../../images/monero.svg" alt="logo">
</a>
<label class="md-header-nav__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header-nav__title" data-md-component="header-title">
<div class="md-header-nav__ellipsis">
<div class="md-header-nav__topic">
<span class="md-ellipsis">
Monero Documentation
</span>
</div>
<div class="md-header-nav__topic">
<span class="md-ellipsis">
CryptoNight
</span>
</div>
</div>
</div>
<label class="md-header-nav__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</label>
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" data-md-component="search-reset" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header-nav__source">
<a href="https://github.com/monerodocs/md/" title="Go to repository" class="md-source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg>
</div>
<div class="md-source__repository">
monerodocs/md
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="https://monerodocs.org" title="Monero Documentation" class="md-nav__button md-logo" aria-label="Monero Documentation">
<img src="../../images/monero.svg" alt="logo">
</a>
Monero Documentation
</label>
<div class="md-nav__source">
<a href="https://github.com/monerodocs/md/" title="Go to repository" class="md-source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg>
</div>
<div class="md-source__repository">
monerodocs/md
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2" >
<label class="md-nav__link" for="nav-2">
Interacting
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Interacting" data-md-level="1">
<label class="md-nav__title" for="nav-2">
<span class="md-nav__icon md-icon"></span>
Interacting
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../interacting/download-monero-binaries/" class="md-nav__link">
Download
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/verify-monero-binaries/" class="md-nav__link">
Verify
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/overview/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monero-config-file/" class="md-nav__link">
Config file
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monerod-reference/" class="md-nav__link">
monerod
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monero-wallet-cli-reference/" class="md-nav__link">
monero-wallet-cli
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monero-wallet-gui-reference/" class="md-nav__link">
monero-wallet-gui
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monero-wallet-rpc-reference/" class="md-nav__link">
monero-wallet-rpc
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monero-blockchain-export-reference/" class="md-nav__link">
monero-blockchain-export
</a>
</li>
<li class="md-nav__item">
<a href="../../interacting/monero-blockchain-import-reference/" class="md-nav__link">
monero-blockchain-import
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../technical-specs/" class="md-nav__link">
Technical specs
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-4" type="checkbox" id="nav-4" >
<label class="md-nav__link" for="nav-4">
Cryptography
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Cryptography" data-md-level="1">
<label class="md-nav__title" for="nav-4">
<span class="md-nav__icon md-icon"></span>
Cryptography
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../cryptography/introduction/" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-4-2" type="checkbox" id="nav-4-2" >
<label class="md-nav__link" for="nav-4-2">
Asymmetric
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Asymmetric" data-md-level="2">
<label class="md-nav__title" for="nav-4-2">
<span class="md-nav__icon md-icon"></span>
Asymmetric
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../cryptography/asymmetric/introduction/" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="../../cryptography/asymmetric/private-key/" class="md-nav__link">
Private keys
</a>
</li>
<li class="md-nav__item">
<a href="../../cryptography/asymmetric/public-key/" class="md-nav__link">
Public keys
</a>
</li>
<li class="md-nav__item">
<a href="../../cryptography/asymmetric/edwards25519/" class="md-nav__link">
Edwards25519 curve
</a>
</li>
<li class="md-nav__item">
<a href="../../cryptography/asymmetric/key-image/" class="md-nav__link">
Key image
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../cryptography/base58/" class="md-nav__link">
Base58
</a>
</li>
<li class="md-nav__item">
<a href="../../cryptography/prng/" class="md-nav__link">
PRNG
</a>
</li>
<li class="md-nav__item">
<a href="../../cryptography/keccak-256/" class="md-nav__link">
Keccak-256
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-5" type="checkbox" id="nav-5" >
<label class="md-nav__link" for="nav-5">
Address
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Address" data-md-level="1">
<label class="md-nav__title" for="nav-5">
<span class="md-nav__icon md-icon"></span>
Address
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../public-address/standard-address/" class="md-nav__link">
Standard
</a>
</li>
<li class="md-nav__item">
<a href="../../public-address/subaddress/" class="md-nav__link">
Subaddress
</a>
</li>
<li class="md-nav__item">
<a href="../../public-address/integrated-address/" class="md-nav__link">
Integrated
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-6" type="checkbox" id="nav-6" checked>
<label class="md-nav__link" for="nav-6">
Proof of Work
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Proof of Work" data-md-level="1">
<label class="md-nav__title" for="nav-6">
<span class="md-nav__icon md-icon"></span>
Proof of Work
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../what-is-pow/" class="md-nav__link">
What is PoW?
</a>
</li>
<li class="md-nav__item">
<a href="../pow-in-cryptocurrencies/" class="md-nav__link">
PoW in Cryptocurrencies
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
CryptoNight
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
CryptoNight
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#background" class="md-nav__link">
Background
</a>
</li>
<li class="md-nav__item">
<a href="#the-goal-is-to-find-small-enough-hash" class="md-nav__link">
The goal is to find small-enough hash
</a>
</li>
<li class="md-nav__item">
<a href="#cryptographic-primitives" class="md-nav__link">
Cryptographic primitives
</a>
</li>
<li class="md-nav__item">
<a href="#input-data" class="md-nav__link">
Input data
</a>
</li>
<li class="md-nav__item">
<a href="#algorithm" class="md-nav__link">
Algorithm
</a>
<nav class="md-nav" aria-label="Algorithm">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#overview" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="#step-1-scratchpad-initialization" class="md-nav__link">
Step 1: scratchpad initialization
</a>
</li>
<li class="md-nav__item">
<a href="#step-2-memory-hard-loop" class="md-nav__link">
Step 2: memory-hard loop
</a>
</li>
<li class="md-nav__item">
<a href="#step-3-hashing" class="md-nav__link">
Step 3: hashing
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#monero-specific-modifications" class="md-nav__link">
Monero specific modifications
</a>
<nav class="md-nav" aria-label="Monero specific modifications">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#cryptonight-v0" class="md-nav__link">
CryptoNight v0
</a>
</li>
<li class="md-nav__item">
<a href="#cryptonight-v1" class="md-nav__link">
CryptoNight v1
</a>
</li>
<li class="md-nav__item">
<a href="#cryptonight-v2" class="md-nav__link">
CryptoNight v2
</a>
</li>
<li class="md-nav__item">
<a href="#cryptonight-v3-aka-cryptonightr" class="md-nav__link">
CryptoNight v3 aka CryptoNightR
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#critique" class="md-nav__link">
Critique
</a>
</li>
<li class="md-nav__item">
<a href="#reference" class="md-nav__link">
Reference
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../random-x/" class="md-nav__link">
RandomX
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../multisignature/" class="md-nav__link">
Multisignature
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-8" type="checkbox" id="nav-8" >
<label class="md-nav__link" for="nav-8">
Infrastructure
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Infrastructure" data-md-level="1">
<label class="md-nav__title" for="nav-8">
<span class="md-nav__icon md-icon"></span>
Infrastructure
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../infrastructure/networks/" class="md-nav__link">
Mainnet, stagenet, testnet
</a>
</li>
<li class="md-nav__item">
<a href="../../infrastructure/tor-onion-p2p-seed-nodes/" class="md-nav__link">
Tor onion seed nodes
</a>
</li>
<li class="md-nav__item">
<a href="../../infrastructure/monero-pulse/" class="md-nav__link">
MoneroPulse
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-9" type="checkbox" id="nav-9" >
<label class="md-nav__link" for="nav-9">
Running a Node
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Running a Node" data-md-level="1">
<label class="md-nav__title" for="nav-9">
<span class="md-nav__icon md-icon"></span>
Running a Node
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../running-node/open-node-tor-onion/" class="md-nav__link">
Open Node + Tor Onion
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-10" type="checkbox" id="nav-10" >
<label class="md-nav__link" for="nav-10">
Accepting Monero
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Accepting Monero" data-md-level="1">
<label class="md-nav__title" for="nav-10">
<span class="md-nav__icon md-icon"></span>
Accepting Monero
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../accepting-monero/overview/" class="md-nav__link">
Overview
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#background" class="md-nav__link">
Background
</a>
</li>
<li class="md-nav__item">
<a href="#the-goal-is-to-find-small-enough-hash" class="md-nav__link">
The goal is to find small-enough hash
</a>
</li>
<li class="md-nav__item">
<a href="#cryptographic-primitives" class="md-nav__link">
Cryptographic primitives
</a>
</li>
<li class="md-nav__item">
<a href="#input-data" class="md-nav__link">
Input data
</a>
</li>
<li class="md-nav__item">
<a href="#algorithm" class="md-nav__link">
Algorithm
</a>
<nav class="md-nav" aria-label="Algorithm">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#overview" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="#step-1-scratchpad-initialization" class="md-nav__link">
Step 1: scratchpad initialization
</a>
</li>
<li class="md-nav__item">
<a href="#step-2-memory-hard-loop" class="md-nav__link">
Step 2: memory-hard loop
</a>
</li>
<li class="md-nav__item">
<a href="#step-3-hashing" class="md-nav__link">
Step 3: hashing
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#monero-specific-modifications" class="md-nav__link">
Monero specific modifications
</a>
<nav class="md-nav" aria-label="Monero specific modifications">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#cryptonight-v0" class="md-nav__link">
CryptoNight v0
</a>
</li>
<li class="md-nav__item">
<a href="#cryptonight-v1" class="md-nav__link">
CryptoNight v1
</a>
</li>
<li class="md-nav__item">
<a href="#cryptonight-v2" class="md-nav__link">
CryptoNight v2
</a>
</li>
<li class="md-nav__item">
<a href="#cryptonight-v3-aka-cryptonightr" class="md-nav__link">
CryptoNight v3 aka CryptoNightR
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#critique" class="md-nav__link">
Critique
</a>
</li>
<li class="md-nav__item">
<a href="#reference" class="md-nav__link">
Reference
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/monerodocs/md/edit/master/docs/proof-of-work/cryptonight.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
</a>
<h1 id="cryptonight">CryptoNight<a class="headerlink" href="#cryptonight" title="Permanent link">&para;</a></h1>
<blockquote>
<p>CryptoNight is a memory hard hash function</p>
</blockquote>
<h2 id="background">Background<a class="headerlink" href="#background" title="Permanent link">&para;</a></h2>
<p>CryptoNight was originally designed around 2013 as part of the CryptoNote suite.</p>
<p>One design goal was to make it very friendly for the off-the-shelf CPU-s, by employing:</p>
<ul>
<li>native AES encryption </li>
<li>fast 64 bit multipliers</li>
<li>scratchpad fitting exactly the size of the per-core L3 cache on Intel CPUs (about 2MB)</li>
</ul>
<p>More ambitious design goal was to make it inefficiently computable on ASIC-s.
This goal has since failed, as it inevitably happens with "ASIC hard" algorithms.
Efficient CryptoNight ASIC was developed in 2017 by Bitmain. </p>
<p>Monero inherited CryptoNight as its proof of work in 2014.
Since then Monero slightly evolved the algorithm to intentionally break compatibility with released ASIC-s.
Currently Monero implements CryptoNight v2, a third iteration of original CryptoNight (v0, v1, v2).</p>
<h2 id="the-goal-is-to-find-small-enough-hash">The goal is to find small-enough hash<a class="headerlink" href="#the-goal-is-to-find-small-enough-hash" title="Permanent link">&para;</a></h2>
<p>In hashing based PoW algorithms the goal is to find small-enough hash.</p>
<p>Hash is simply an integer (normally, a very large integer).
Most hashing functions result in 256-bit hashes (integers between 0 and 2^256).
This includes Bitcoin's double-SHA-256 and Monero's CryptoNight.</p>
<p>Miner randomly tweaks input data until the hash fits under specified threshold.
The threshold (also a large integer) is established collectively by the network as part of the consensus mechanism.
The PoW is only considered valid (solved) if hash fits under the threshold. </p>
<p>Because hash functions are one-way, it is not possible to analytically calculate input data that would result in a small-enough hash.
The solution must be brute-forced by tweaking the input data and recalculating the hash over and over again.</p>
<p>Miners have a few areas of flexibility regarding input data - most importantly they can iterate with the nonce value.
They also have a power over which transactions are included in the block and how they are put together in a merkle tree. </p>
<h2 id="cryptographic-primitives">Cryptographic primitives<a class="headerlink" href="#cryptographic-primitives" title="Permanent link">&para;</a></h2>
<p>CryptoNight is based on:</p>
<ul>
<li>AES encryption</li>
<li>5 hashing functions, all of which were finalists in NIST SHA-3 competition:<ul>
<li>Keccak (the primary one)</li>
<li>BLAKE</li>
<li>Groestl</li>
<li>JH</li>
<li>Skein</li>
</ul>
</li>
</ul>
<h2 id="input-data">Input data<a class="headerlink" href="#input-data" title="Permanent link">&para;</a></h2>
<p>In Monero the input to hashing function is concatenation of:</p>
<ul>
<li>serialized block header (around 46 bytes; subject to varint representation)</li>
<li>merkle tree root (32 bytes)</li>
<li>number of transactions included in the block (around 1-2 bytes; subject to varint representation)</li>
</ul>
<p>See <a href="https://github.com/monero-project/monero/blob/master/src/cryptonote_basic/cryptonote_format_utils.cpp#L1078">get_block_hashing_blob()</a> function to dig further.</p>
<h2 id="algorithm">Algorithm<a class="headerlink" href="#algorithm" title="Permanent link">&para;</a></h2>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The article attempts to give reader a high-level understanding of the CryptoNight algorithm.
For implementation details refer to CryptoNote Standard and Monero source code.
See references at the bottom. </p>
</div>
<h3 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">&para;</a></h3>
<p>CryptoNight attempts to make memory access a bottleneck for performance ("memory hardness"). It has three steps:</p>
<ol>
<li>Initialize large area of memory with pseudo-random data. This memory is known as the scratchpad.</li>
<li>Perform numerous read/write operations at pseudo-random (but deterministic) addresses on the scratchpad.</li>
<li>Hash the entire scratchpad to produce the resulting value.</li>
</ol>
<h3 id="step-1-scratchpad-initialization">Step 1: scratchpad initialization<a class="headerlink" href="#step-1-scratchpad-initialization" title="Permanent link">&para;</a></h3>
<p>Firstly, the input data is hashed with Keccak-1600. This results in 200 bytes of pseudorandom data (1600 bits == 200 bytes).</p>
<p>These 200 bytes become a seed to generate a larger, 2MB-wide buffer of pseudorandom data,
by applying AES-256 encryption.</p>
<p>The first 0..31 bytes of Keccak-1600 hash are used as AES key.</p>
<p>The encryption is performed on 128 bytes-long payloads until 2MB is ready.
The first payload are Keccak-1600 bytes 66..191.
The next payload is encryption result of the previous payload.</p>
<p>Each 128-byte payload is actually encrypted 10 times.</p>
<p>The details are a bit more nuanced, see "Scratchpad Initialization" in <a href="https://cryptonote.org/cns/cns008.txt">CryptoNote Standard</a>. </p>
<h3 id="step-2-memory-hard-loop">Step 2: memory-hard loop<a class="headerlink" href="#step-2-memory-hard-loop" title="Permanent link">&para;</a></h3>
<p>The second step is basically 524288 iterations of a simple stateful algorithm.</p>
<p>Each algorithm iteration reads from and writes back to the scratchpad,
at pseudorandom-but-deterministic locations.</p>
<p>Critically, next iteration depends on the state prepared by previous iterations.
It is not possible to directly calculate state of future iterations.</p>
<p>The specific operations include AES, XOR, 8byte_mul, 8byte_add - operations that are CPU-friendly (highly optimized on modern CPU-s).</p>
<p>The goal here is to make memory latency the bottleneck in attempt to close the gap between potential ASIC-s and general purpose CPU-s.</p>
<h3 id="step-3-hashing">Step 3: hashing<a class="headerlink" href="#step-3-hashing" title="Permanent link">&para;</a></h3>
<p>The final step (simplifying) is to:</p>
<ul>
<li>combine original Keccak-1600 output with the whole scratchpad</li>
<li>pick the hashing algorithm based on 2 low-order bits of the result<ul>
<li>0=BLAKE-256</li>
<li>1=Groestl-256</li>
<li>2=JH-256 </li>
<li>3=Skein-256</li>
</ul>
</li>
<li>hash the result with selected function</li>
</ul>
<p>The resulting 256-bit hash is the final output of CryptoNight algorithm.</p>
<h2 id="monero-specific-modifications">Monero specific modifications<a class="headerlink" href="#monero-specific-modifications" title="Permanent link">&para;</a></h2>
<h3 id="cryptonight-v0">CryptoNight v0<a class="headerlink" href="#cryptonight-v0" title="Permanent link">&para;</a></h3>
<p>This is how Monero community refers to original implementation of CryptoNight.</p>
<h3 id="cryptonight-v1">CryptoNight v1<a class="headerlink" href="#cryptonight-v1" title="Permanent link">&para;</a></h3>
<p>See the <a href="https://github.com/monero-project/monero/pull/3253/files">source code diff</a>. </p>
<h3 id="cryptonight-v2">CryptoNight v2<a class="headerlink" href="#cryptonight-v2" title="Permanent link">&para;</a></h3>
<p>See the <a href="https://github.com/SChernykh/xmr-stak-cpu/blob/master/README.md">rationale</a> and the <a href="https://github.com/monero-project/monero/commit/5fd83c13fbf8dc304909345e60a853c15b0de1e5#diff-7000dc02c792439471da62856f839d62">source code diff</a>.</p>
<h3 id="cryptonight-v3-aka-cryptonightr">CryptoNight v3 aka CryptoNightR<a class="headerlink" href="#cryptonight-v3-aka-cryptonightr" title="Permanent link">&para;</a></h3>
<p>See the <a href="https://github.com/monero-project/monero/pull/5126">rationale</a> and the <a href="https://github.com/monero-project/monero/pull/5126/files">source code diff</a>.</p>
<h2 id="critique">Critique<a class="headerlink" href="#critique" title="Permanent link">&para;</a></h2>
<ul>
<li>CryptoNight hash is relatively expensive to verify. This poses a risk of DoS-ing nodes with incorrect proofs to process. See <a href="/proof-of-work/what-is-pow/#strong-asymmetry">strong asymmetry</a> requirement. </li>
<li>The hash function was designed from scratch with limited peer review. While CryptoNight is composed of proven and peer-reviewed primitives, combining secure primitives doesn't necessarily result in a secure cryptosystem.</li>
<li>CryptoNight ultimately failed to prevent ASIC-s.</li>
<li>Complexity of CryptoNight kills competition in ASIC manufacturing.</li>
</ul>
<p>CryptoNight proof of work remains one of the most controversial aspect of Monero.</p>
<h2 id="reference">Reference<a class="headerlink" href="#reference" title="Permanent link">&para;</a></h2>
<ul>
<li><a href="https://cryptonote.org/cns/cns008.txt">CryptoNight hash function</a> description in the CryptoNote Standard</li>
<li><a href="https://github.com/monero-project/monero/blob/master/src/crypto/slow-hash.c">CryptoNight v2 source code</a><ul>
<li>The entry point is <code>cn_slow_hash()</code> function. Manually removing support and optimizations for multiple architectures should help you understand the actual code. </li>
</ul>
</li>
<li>"Egalitarian Proof of Work" chapter in <a href="https://downloads.getmonero.org/whitepaper_annotated.pdf">CryptoNote whitepaper</a> </li>
<li><a href="https://da-data.blogspot.com/2014/08/minting-money-with-monero-and-cpu.html">First days of Monero mining</a> by dr David Andersen</li>
<li>Some <a href="https://github.com/monero-project/monero/tree/master/tests/hash">test vectors</a> in Monero source code </li>
</ul>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="../pow-in-cryptocurrencies/" class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
PoW in Cryptocurrencies
</div>
</div>
</a>
<a href="../random-x/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
RandomX
</div>
</div>
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../../assets/javascripts/vendor.93c04032.min.js"></script>
<script src="../../assets/javascripts/bundle.83e5331e.min.js"></script><script id="__lang" type="application/json">{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script>
<script>
app = initialize({
base: "../..",
features: [],
search: Object.assign({
worker: "../../assets/javascripts/worker/search.8c7e0a7e.min.js"
}, typeof search !== "undefined" && search)
})
</script>
</body>
</html>