Coin Prices →

# How the biggest proof-of-work algorithms for cryptocurrencies compare

Proof of work cryptocurrencies leverage a variety of mining algorithms, and some even use several – Jan Vermuelen explores how each of the major algorithms compare.

Written by Published on

Not all coins are created equal.

Some cryptocurrencies require the equivalent of hours of computing time and energy to mine, while others are produced in a matter of minutes.

The term “mining” in cryptocurrencies refers to a collection of techniques to validate transactions known as proof of work (PoW). This is when a computer performs many calculations to try and solve a mathematical puzzle.

These puzzles use are typically based on cryptographic hash functions, which are designed to be one-way. The nature of these functions is exploited so that a miner must make many millions or even trillions of guesses per second to find a solution. It is then usually possible for any other computer to easily check that the solution is true.

In the case of distributed ledger systems like Bitcoin, other computers on the network can easily check someone else’s calculation, and must then build upon it to generate solutions for the next block of transactions.

Each block of transactions is its own mathematically difficult puzzle to solve, and becomes part of the puzzle for the next block of transactions, creating a chain. Hence the term “blockchain”.

By building the next block of transactions on one which came before, a network is able to come to a consensus of which transactions are valid. Proof-of-work algorithms are therefore also referred to as a consensus mechanism.

Other examples of consensus mechanisms is proof-of-stake and Istanbul Byzantine Fault Tolerance, but this article is only going to look only at proof-of-work algorithms, and how they compare.

Among the factors mentioned below will be resistance to mining hardware based on application specific integrated circuits (ASICs).

Application-specific integrated circuits, as the name implies, are chips designed for a specific use, as opposed to general-purpose computers. In the case of blockchains, they are chips designed to perform the calculations of a particular proof-of-work algorithm as efficiently as possible.

Criticism of ASICs is that they are expensive and make it difficult for people to participate in mining a blockchain without a significant capital investment. They also skew the ability mine a particular coin in favour of companies who can develop their own ASICs.

While some mining algorithms are designed with ASIC resistance in mind, it is worth keeping in mind the comments the lead developer of Sia made earlier this year: “At the end of the day, you will always be able to create custom hardware that can outperform general purpose hardware.”

### SHA–256 — Bitcoin, Bitcoin Cash

What better place to start with a comparison of algorithms than where the cryptocurrency craze all began — Bitcoin.

The Secure Hash Algorithms are a family of cryptographic hashing functions published by the National Institute of Standards and Technology.

Short for Secure Hash Algorithm, the first variants of the SHA family, SHA–0, SHA–1 and SHA–2, were developed by the U.S. National Security Agency. SHA–256 and its bigger brother, SHA–512, are part of the SHA–2 family.

SHA–256 is not designed to be ASIC resistant, and ASICs to mine Bitcoin are readily available.

### Scrypt — Litecoin, Dogecoin, Neo

Scrypt was designed to make it more difficult for specialised hardware like ASICs to be used to crack passwords that were hashed using the algorithm.

It did this by using a large amount of memory compared to similar functions, making it more expensive for an attacker to target.

However ASIC-based miners for cryptocurrencies which use Scrypt, like Litecoin, have been available since at least 2014.

### Ethash — Ethereum, Ethereum Classic

Ethereum’s proof-of-work algorithm is a modified version of Dagger-Hashimoto, which was designed to be memory hard and ASIC resistant.

This means it tends to favour graphics cards with higher memory bandwidth, and has been the domain of people who want to mine a cryptocurrency with standard computer hardware (like high-end graphics cards) rather than specialised components.

Bitmain has produced a specialised Ethereum miner, but the creator of the platform, Vitalik Buterin, surmises that the “ASIC” is just an optimised regular computer with non-essential components stripped out.

### Equihash — Zcash, ZenCash, Bitcoin Gold

Similar to Ethereum, the developers of Zcash created a memory-oriented proof-of-work algorithm for their cryptocurrency to make it ASIC resistant.

It uses Blake2b in the proof-of-work, and as a key-derivation function.

Bitmain has sold ASICs for Equihash, defeating its originally stated goal of democratising mining, rather than having it limited to only those who could afford specialised gear.

### Blake, Blake2, and Blake2b — Siacoin, Decred

Blake was an entry into the competition by the U.S. National Institute of Standards and Technology for a new SHA algorithm to complement its older SHA-1 and SHA-2 standards.

It made it to the final round, but ultimately lost to Keccak.

The algorithm is fast, and was not designed specifically with resistance to ASIC mining in mind.

Bitmain has released as ASIC miner for Blake2b-based coins. The developers of Siacoin themselves also launched an ASIC project called Obelisk about a year ago, and reported in detail about their findings of the state of the mining space.

### Keccak — SmartCash, MaxCoin

Keccak won a competition in 2012 to become SHA–3, the next variant of the Secure Hash Algorithms family.

It proved to be faster than all other entrants to the competition, and faster than SHA–2 and SHA–1.

While Keccak was not designed to resist ASIC mining, it was built to resist cryptanalysis and brute-force attacks with specialised hardware like ASICs.

Keccak is therefore currently considered ASIC resistant, and there are no ASICs on the open market which target the algorithm.

### CryptoNight — Monero, Bytecoin

CryptoNight was designed to be ASIC-resistant, and accessible. The aim was to close the gap between miners who only have access to consumer CPUs and can’t afford hardware like graphics cards and ASICs.

This is to foster more egalitarian mining, and greater decentralisation.

However, Bitmain announced in March that it developed an ASIC for the algorithm and was going to sell a specialised miner called the Antminer X3.

In response, the developers of Monero announced an emergency fork to update its hashing algorithm. They also announced that they will be forking Monero twice a year to try and ensure that it remains ASIC resistant for as long as possible.

### X11 — Dash

X11 is an algorithm originally built for Dash which uses multiple rounds of 11 different hashes: Blake, BMW, Groestl, JH, Keccak, Skein, Luffa, Cubehash, Shavite, SIMD, Echo.

It was not designed to be ASIC resistant, and ASICs for X11 are available from several manufacturers including Bitmain, Baikal, iBelink, Innosilicon, and Pinidea.

Variants of this idea—in the form of X13, X15 and X17—are used by several other cryptocurrencies.

### Multi-algorithm coins — Verge, Myriad

Where X11 uses multiple rounds of a number of different hashing algorithms to mine a coin, there are also coins which allow many different algorithms to be used to mine them.

The aim is to allow CPU, GPU, and ASIC miners a fair opportunity to mine the coin, and enhance the security of the cryptocurrency.

Essentially, multi-algorthm cryptocurrencies adjust the difficulty of mining their tokens for each algorithm independently to prevent one algorithm from becoming dominant.

In theory, this should also make “51% attacks” more difficult. Such attacks are possible when one person or group control the majority of the hashing power for a coin, allowing them to rewrite the blockchain as they see fit.

Verge supports Scrypt, X17, Lyra2rev2, Myr-Groestl, and Blake2s.

Myriad supports SHA256-D, Scrypt, Myr-Groestl, Skein, and Yescrypt.

## Written by Jan Vermeulen

Technology journalist, coder, and speaker. He runs Relative Entropy and lives as a knight-errant of the keyboard. @ sigstart