monero-project/monero-docs
monero-project/monero-docs
2
1
Fork 0
mirror of https://github.com/monero-project/monero-docs.git synced 2024-12-23 12:09:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
monero-docs/public/proof-of-work/cryptonight/index.html

9 lines
No EOL
30 KiB
HTML
Raw Blame History

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Unofficial Monero Documentation"><meta name=author content="Piotr 'Qertoip' Włodarek"><link href=https://monerodocs.org/proof-of-work/cryptonight/ rel=canonical><link rel="shortcut icon" href=../../assets/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.5"><title>CryptoNight - Monero Documentation</title><link rel=stylesheet href=../../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#ffffff><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../../overrides.css></head> <body dir=ltr data-md-color-scheme data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#cryptonight class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://monerodocs.org title="Monero Documentation" class="md-header-nav__button md-logo" aria-label="Monero Documentation"> <img src=../../images/monero.svg alt=logo> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> Monero Documentation </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> CryptoNight </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </label> <button type=reset class="md-search__icon md-icon" aria-label=Clear data-md-component=search-reset tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg> </button> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list></ol> </div> </div> </div> </div> </div> <div class=md-header-nav__source> <a href=https://github.com/monerodocs/md/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> monerodocs/md </div> </a> </div> </nav> </header> <div class=md-container data-md-component=container> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=https://monerodocs.org title="Monero Documentation" class="md-nav__button md-logo" aria-label="Monero Documentation"> <img src=../../images/monero.svg alt=logo> </a> Monero Documentation </label> <div class=md-nav__source> <a href=https://github.com/monerodocs/md/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> monerodocs/md </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../.. class=md-nav__link> Home </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-2 type=checkbox id=nav-2> <label class=md-nav__link for=nav-2> Interacting <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Interacting data-md-level=1> <label class=md-nav__title for=nav-2> <span class="md-nav__icon md-icon"></span> Interacting </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../interacting/download-monero-binaries/ class=md-nav__link> Download </a> </li> <li class=md-nav__item> <a href=../../interacting/verify-monero-binaries/ class=md-nav__link> Verify </a> </li> <li class=md-nav__item> <a href=../../interacting/overview/ class=md-nav__link> Overview </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-config-file/ class=md-nav__link> Config file </a> </li> <li class=md-nav__item> <a href=../../interacting/monerod-reference/ class=md-nav__link> monerod </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-cli-reference/ class=md-nav__link> monero-wallet-cli </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-gui-reference/ class=md-nav__link> monero-wallet-gui </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-rpc-reference/ class=md-nav__link> monero-wallet-rpc </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-blockchain-export-reference/ class=md-nav__link> monero-blockchain-export </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-blockchain-import-reference/ class=md-nav__link> monero-blockchain-import </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../technical-specs/ class=md-nav__link> Technical specs </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4 type=checkbox id=nav-4> <label class=md-nav__link for=nav-4> Cryptography <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Cryptography data-md-level=1> <label class=md-nav__title for=nav-4> <span class="md-nav__icon md-icon"></span> Cryptography </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../cryptography/introduction/ class=md-nav__link> Introduction </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4-2 type=checkbox id=nav-4-2> <label class=md-nav__link for=nav-4-2> Asymmetric <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Asymmetric data-md-level=2> <label class=md-nav__title for=nav-4-2> <span class="md-nav__icon md-icon"></span> Asymmetric </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../cryptography/asymmetric/introduction/ class=md-nav__link> Introduction </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/private-key/ class=md-nav__link> Private keys </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/public-key/ class=md-nav__link> Public keys </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/edwards25519/ class=md-nav__link> Edwards25519 curve </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/key-image/ class=md-nav__link> Key image </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../cryptography/base58/ class=md-nav__link> Base58 </a> </li> <li class=md-nav__item> <a href=../../cryptography/prng/ class=md-nav__link> PRNG </a> </li> <li class=md-nav__item> <a href=../../cryptography/keccak-256/ class=md-nav__link> Keccak-256 </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-5 type=checkbox id=nav-5> <label class=md-nav__link for=nav-5> Address <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Address data-md-level=1> <label class=md-nav__title for=nav-5> <span class="md-nav__icon md-icon"></span> Address </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../public-address/standard-address/ class=md-nav__link> Standard </a> </li> <li class=md-nav__item> <a href=../../public-address/subaddress/ class=md-nav__link> Subaddress </a> </li> <li class=md-nav__item> <a href=../../public-address/integrated-address/ class=md-nav__link> Integrated </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-6 type=checkbox id=nav-6 checked> <label class=md-nav__link for=nav-6> Proof of Work <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Proof of Work" data-md-level=1> <label class=md-nav__title for=nav-6> <span class="md-nav__icon md-icon"></span> Proof of Work </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../what-is-pow/ class=md-nav__link> What is PoW? </a> </li> <li class=md-nav__item> <a href=../pow-in-cryptocurrencies/ class=md-nav__link> PoW in Cryptocurrencies </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" data-md-toggle=toc type=checkbox id=__toc> <label class="md-nav__link md-nav__link--active" for=__toc> CryptoNight <span class="md-nav__icon md-icon"></span> </label> <a href=./ class="md-nav__link md-nav__link--active"> CryptoNight </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=#background class=md-nav__link> Background </a> </li> <li class=md-nav__item> <a href=#the-goal-is-to-find-small-enough-hash class=md-nav__link> The goal is to find small-enough hash </a> </li> <li class=md-nav__item> <a href=#cryptographic-primitives class=md-nav__link> Cryptographic primitives </a> </li> <li class=md-nav__item> <a href=#input-data class=md-nav__link> Input data </a> </li> <li class=md-nav__item> <a href=#algorithm class=md-nav__link> Algorithm </a> <nav class=md-nav aria-label=Algorithm> <ul class=md-nav__list> <li class=md-nav__item> <a href=#overview class=md-nav__link> Overview </a> </li> <li class=md-nav__item> <a href=#step-1-scratchpad-initialization class=md-nav__link> Step 1: scratchpad initialization </a> </li> <li class=md-nav__item> <a href=#step-2-memory-hard-loop class=md-nav__link> Step 2: memory-hard loop </a> </li> <li class=md-nav__item> <a href=#step-3-hashing class=md-nav__link> Step 3: hashing </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#monero-specific-modifications class=md-nav__link> Monero specific modifications </a> <nav class=md-nav aria-label="Monero specific modifications"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#cryptonight-v0 class=md-nav__link> CryptoNight v0 </a> </li> <li class=md-nav__item> <a href=#cryptonight-v1 class=md-nav__link> CryptoNight v1 </a> </li> <li class=md-nav__item> <a href=#cryptonight-v2 class=md-nav__link> CryptoNight v2 </a> </li> <li class=md-nav__item> <a href=#cryptonight-v3-aka-cryptonightr class=md-nav__link> CryptoNight v3 aka CryptoNightR </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#critique class=md-nav__link> Critique </a> </li> <li class=md-nav__item> <a href=#reference class=md-nav__link> Reference </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../random-x/ class=md-nav__link> RandomX </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../multisignature/ class=md-nav__link> Multisignature </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-8 type=checkbox id=nav-8> <label class=md-nav__link for=nav-8> Infrastructure <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Infrastructure data-md-level=1> <label class=md-nav__title for=nav-8> <span class="md-nav__icon md-icon"></span> Infrastructure </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../infrastructure/networks/ class=md-nav__link> Mainnet, stagenet, testnet </a> </li> <li class=md-nav__item> <a href=../../infrastructure/tor-onion-p2p-seed-nodes/ class=md-nav__link> Tor onion seed nodes </a> </li> <li class=md-nav__item> <a href=../../infrastructure/monero-pulse/ class=md-nav__link> MoneroPulse </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-9 type=checkbox id=nav-9> <label class=md-nav__link for=nav-9> Running a Node <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Running a Node" data-md-level=1> <label class=md-nav__title for=nav-9> <span class="md-nav__icon md-icon"></span> Running a Node </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../running-node/open-node-tor-onion/ class=md-nav__link> Open Node + Tor Onion </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-10 type=checkbox id=nav-10> <label class=md-nav__link for=nav-10> Accepting Monero <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Accepting Monero" data-md-level=1> <label class=md-nav__title for=nav-10> <span class="md-nav__icon md-icon"></span> Accepting Monero </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../accepting-monero/overview/ class=md-nav__link> Overview </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=#background class=md-nav__link> Background </a> </li> <li class=md-nav__item> <a href=#the-goal-is-to-find-small-enough-hash class=md-nav__link> The goal is to find small-enough hash </a> </li> <li class=md-nav__item> <a href=#cryptographic-primitives class=md-nav__link> Cryptographic primitives </a> </li> <li class=md-nav__item> <a href=#input-data class=md-nav__link> Input data </a> </li> <li class=md-nav__item> <a href=#algorithm class=md-nav__link> Algorithm </a> <nav class=md-nav aria-label=Algorithm> <ul class=md-nav__list> <li class=md-nav__item> <a href=#overview class=md-nav__link> Overview </a> </li> <li class=md-nav__item> <a href=#step-1-scratchpad-initialization class=md-nav__link> Step 1: scratchpad initialization </a> </li> <li class=md-nav__item> <a href=#step-2-memory-hard-loop class=md-nav__link> Step 2: memory-hard loop </a> </li> <li class=md-nav__item> <a href=#step-3-hashing class=md-nav__link> Step 3: hashing </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#monero-specific-modifications class=md-nav__link> Monero specific modifications </a> <nav class=md-nav aria-label="Monero specific modifications"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#cryptonight-v0 class=md-nav__link> CryptoNight v0 </a> </li> <li class=md-nav__item> <a href=#cryptonight-v1 class=md-nav__link> CryptoNight v1 </a> </li> <li class=md-nav__item> <a href=#cryptonight-v2 class=md-nav__link> CryptoNight v2 </a> </li> <li class=md-nav__item> <a href=#cryptonight-v3-aka-cryptonightr class=md-nav__link> CryptoNight v3 aka CryptoNightR </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#critique class=md-nav__link> Critique </a> </li> <li class=md-nav__item> <a href=#reference class=md-nav__link> Reference </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content> <article class="md-content__inner md-typeset"> <a href=https://github.com/monerodocs/md/edit/master/docs/proof-of-work/cryptonight.md title="Edit this page" class="md-content__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg> </a> <h1 id=cryptonight>CryptoNight<a class=headerlink href=#cryptonight title="Permanent link">&para;</a></h1> <blockquote> <p>CryptoNight is a memory hard hash function</p> </blockquote> <h2 id=background>Background<a class=headerlink href=#background title="Permanent link">&para;</a></h2> <p>CryptoNight was originally designed around 2013 as part of the CryptoNote suite.</p> <p>One design goal was to make it very friendly for the off-the-shelf CPU-s, by employing:</p> <ul> <li>native AES encryption </li> <li>fast 64 bit multipliers</li> <li>scratchpad fitting exactly the size of the per-core L3 cache on Intel CPUs (about 2MB)</li> </ul> <p>More ambitious design goal was to make it inefficiently computable on ASIC-s. This goal has since failed, as it inevitably happens with "ASIC hard" algorithms. Efficient CryptoNight ASIC was developed in 2017 by Bitmain. </p> <p>Monero inherited CryptoNight as its proof of work in 2014. Since then Monero slightly evolved the algorithm to intentionally break compatibility with released ASIC-s. Currently Monero implements CryptoNight v2, a third iteration of original CryptoNight (v0, v1, v2).</p> <h2 id=the-goal-is-to-find-small-enough-hash>The goal is to find small-enough hash<a class=headerlink href=#the-goal-is-to-find-small-enough-hash title="Permanent link">&para;</a></h2> <p>In hashing based PoW algorithms the goal is to find small-enough hash.</p> <p>Hash is simply an integer (normally, a very large integer). Most hashing functions result in 256-bit hashes (integers between 0 and 2^256). This includes Bitcoin's double-SHA-256 and Monero's CryptoNight.</p> <p>Miner randomly tweaks input data until the hash fits under specified threshold. The threshold (also a large integer) is established collectively by the network as part of the consensus mechanism. The PoW is only considered valid (solved) if hash fits under the threshold. </p> <p>Because hash functions are one-way, it is not possible to analytically calculate input data that would result in a small-enough hash. The solution must be brute-forced by tweaking the input data and recalculating the hash over and over again.</p> <p>Miners have a few areas of flexibility regarding input data - most importantly they can iterate with the nonce value. They also have a power over which transactions are included in the block and how they are put together in a merkle tree. </p> <h2 id=cryptographic-primitives>Cryptographic primitives<a class=headerlink href=#cryptographic-primitives title="Permanent link">&para;</a></h2> <p>CryptoNight is based on:</p> <ul> <li>AES encryption</li> <li>5 hashing functions, all of which were finalists in NIST SHA-3 competition:<ul> <li>Keccak (the primary one)</li> <li>BLAKE</li> <li>Groestl</li> <li>JH</li> <li>Skein</li> </ul> </li> </ul> <h2 id=input-data>Input data<a class=headerlink href=#input-data title="Permanent link">&para;</a></h2> <p>In Monero the input to hashing function is concatenation of:</p> <ul> <li>serialized block header (around 46 bytes; subject to varint representation)</li> <li>merkle tree root (32 bytes)</li> <li>number of transactions included in the block (around 1-2 bytes; subject to varint representation)</li> </ul> <p>See <a href=https://github.com/monero-project/monero/blob/master/src/cryptonote_basic/cryptonote_format_utils.cpp#L1078>get_block_hashing_blob()</a> function to dig further.</p> <h2 id=algorithm>Algorithm<a class=headerlink href=#algorithm title="Permanent link">&para;</a></h2> <div class="admonition warning"> <p class=admonition-title>Warning</p> <p>The article attempts to give reader a high-level understanding of the CryptoNight algorithm. For implementation details refer to CryptoNote Standard and Monero source code. See references at the bottom. </p> </div> <h3 id=overview>Overview<a class=headerlink href=#overview title="Permanent link">&para;</a></h3> <p>CryptoNight attempts to make memory access a bottleneck for performance ("memory hardness"). It has three steps:</p> <ol> <li>Initialize large area of memory with pseudo-random data. This memory is known as the scratchpad.</li> <li>Perform numerous read/write operations at pseudo-random (but deterministic) addresses on the scratchpad.</li> <li>Hash the entire scratchpad to produce the resulting value.</li> </ol> <h3 id=step-1-scratchpad-initialization>Step 1: scratchpad initialization<a class=headerlink href=#step-1-scratchpad-initialization title="Permanent link">&para;</a></h3> <p>Firstly, the input data is hashed with Keccak-1600. This results in 200 bytes of pseudorandom data (1600 bits == 200 bytes).</p> <p>These 200 bytes become a seed to generate a larger, 2MB-wide buffer of pseudorandom data, by applying AES-256 encryption.</p> <p>The first 0..31 bytes of Keccak-1600 hash are used as AES key.</p> <p>The encryption is performed on 128 bytes-long payloads until 2MB is ready. The first payload are Keccak-1600 bytes 66..191. The next payload is encryption result of the previous payload.</p> <p>Each 128-byte payload is actually encrypted 10 times.</p> <p>The details are a bit more nuanced, see "Scratchpad Initialization" in <a href=https://cryptonote.org/cns/cns008.txt>CryptoNote Standard</a>. </p> <h3 id=step-2-memory-hard-loop>Step 2: memory-hard loop<a class=headerlink href=#step-2-memory-hard-loop title="Permanent link">&para;</a></h3> <p>The second step is basically 524288 iterations of a simple stateful algorithm.</p> <p>Each algorithm iteration reads from and writes back to the scratchpad, at pseudorandom-but-deterministic locations.</p> <p>Critically, next iteration depends on the state prepared by previous iterations. It is not possible to directly calculate state of future iterations.</p> <p>The specific operations include AES, XOR, 8byte_mul, 8byte_add - operations that are CPU-friendly (highly optimized on modern CPU-s).</p> <p>The goal here is to make memory latency the bottleneck in attempt to close the gap between potential ASIC-s and general purpose CPU-s.</p> <h3 id=step-3-hashing>Step 3: hashing<a class=headerlink href=#step-3-hashing title="Permanent link">&para;</a></h3> <p>The final step (simplifying) is to:</p> <ul> <li>combine original Keccak-1600 output with the whole scratchpad</li> <li>pick the hashing algorithm based on 2 low-order bits of the result<ul> <li>0=BLAKE-256</li> <li>1=Groestl-256</li> <li>2=JH-256 </li> <li>3=Skein-256</li> </ul> </li> <li>hash the result with selected function</li> </ul> <p>The resulting 256-bit hash is the final output of CryptoNight algorithm.</p> <h2 id=monero-specific-modifications>Monero specific modifications<a class=headerlink href=#monero-specific-modifications title="Permanent link">&para;</a></h2> <h3 id=cryptonight-v0>CryptoNight v0<a class=headerlink href=#cryptonight-v0 title="Permanent link">&para;</a></h3> <p>This is how Monero community refers to original implementation of CryptoNight.</p> <h3 id=cryptonight-v1>CryptoNight v1<a class=headerlink href=#cryptonight-v1 title="Permanent link">&para;</a></h3> <p>See the <a href=https://github.com/monero-project/monero/pull/3253/files>source code diff</a>. </p> <h3 id=cryptonight-v2>CryptoNight v2<a class=headerlink href=#cryptonight-v2 title="Permanent link">&para;</a></h3> <p>See the <a href=https://github.com/SChernykh/xmr-stak-cpu/blob/master/README.md>rationale</a> and the <a href=https://github.com/monero-project/monero/commit/5fd83c13fbf8dc304909345e60a853c15b0de1e5#diff-7000dc02c792439471da62856f839d62>source code diff</a>.</p> <h3 id=cryptonight-v3-aka-cryptonightr>CryptoNight v3 aka CryptoNightR<a class=headerlink href=#cryptonight-v3-aka-cryptonightr title="Permanent link">&para;</a></h3> <p>See the <a href=https://github.com/monero-project/monero/pull/5126>rationale</a> and the <a href=https://github.com/monero-project/monero/pull/5126/files>source code diff</a>.</p> <h2 id=critique>Critique<a class=headerlink href=#critique title="Permanent link">&para;</a></h2> <ul> <li>CryptoNight hash is relatively expensive to verify. This poses a risk of DoS-ing nodes with incorrect proofs to process. See <a href=/proof-of-work/what-is-pow/#strong-asymmetry>strong asymmetry</a> requirement. </li> <li>The hash function was designed from scratch with limited peer review. While CryptoNight is composed of proven and peer-reviewed primitives, combining secure primitives doesn't necessarily result in a secure cryptosystem.</li> <li>CryptoNight ultimately failed to prevent ASIC-s.</li> <li>Complexity of CryptoNight kills competition in ASIC manufacturing.</li> </ul> <p>CryptoNight proof of work remains one of the most controversial aspect of Monero.</p> <h2 id=reference>Reference<a class=headerlink href=#reference title="Permanent link">&para;</a></h2> <ul> <li><a href=https://cryptonote.org/cns/cns008.txt>CryptoNight hash function</a> description in the CryptoNote Standard</li> <li><a href=https://github.com/monero-project/monero/blob/master/src/crypto/slow-hash.c>CryptoNight v2 source code</a><ul> <li>The entry point is <code>cn_slow_hash()</code> function. Manually removing support and optimizations for multiple architectures should help you understand the actual code. </li> </ul> </li> <li>"Egalitarian Proof of Work" chapter in <a href=https://downloads.getmonero.org/whitepaper_annotated.pdf>CryptoNote whitepaper</a> </li> <li><a href=https://da-data.blogspot.com/2014/08/minting-money-with-monero-and-cpu.html>First days of Monero mining</a> by dr David Andersen</li> <li>Some <a href=https://github.com/monero-project/monero/tree/master/tests/hash>test vectors</a> in Monero source code </li> </ul> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid" aria-label=Footer> <a href=../pow-in-cryptocurrencies/ class="md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Previous </span> PoW in Cryptocurrencies </div> </div> </a> <a href=../random-x/ class="md-footer-nav__link md-footer-nav__link--next" rel=next> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Next </span> RandomX </div> </div> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright style="margin: auto;"> <a href=http://bumz4sduzxzlobbgzy5fiufdflg3mo2jyecdwdx5rphrqldms7wlmiid.onion/ >Tor onion version</a> &nbsp; | &nbsp; <a href=https://qertoip.com/ >contact</a> &nbsp; | &nbsp; © 2021 MoneroDocs under <a href=https://opensource.org/licenses/MIT>MIT</a> &nbsp; | &nbsp; built w/ <a href=https://www.mkdocs.org/ >mkdocs</a> and <a href=https://squidfunk.github.io/mkdocs-material/ >squidfunk/material</a> </div> </div> </div> </footer> </div> <script src=../../assets/javascripts/vendor.93c04032.min.js></script> <script src=../../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
app = initialize({
base: "../..",
features: [],
search: Object.assign({
worker: "../../assets/javascripts/worker/search.8c7e0a7e.min.js"
}, typeof search !== "undefined" && search)
})
</script> <script data-goatcounter=https://gc.monerodocs.org/count async src=https://gc.monerodocs.org/count.js></script> </body> </html>
Reference in a new issue View git blame Copy permalink