Poll on Zcoin's PoW Algorithm

    • ProgPoW
    • Stay with MTP
    • RandomX
    • Merge-mine with XMR
    • Others (Please mention why in the comments)

0 voters

We are setting development priorities and want to do a final round of community feedback on this. To prevent sock puppets from voting on this, your votes will be public.

The previous discussion can be seen here.

While I know some in the community favor MTP as it is ‘unique’, I think we need to look at whether it fits the needs that we have and frankly it’s a huge bandwidth and space bloat. Furthermore this severely limits how fast our blocktimes can be. It’s served its purpose in keeping FPGAs and ASICs off but I have reliable sources that there are those seeking to develop FPGAs on MTP.

ProgPOW is still my choice because it is audited, implementation work is not heavy, retains our GPU mining community and has parameters that we can tweak to make it our own. I’ve spoken to coins that have transitioned to ProgPOW such as Raven and they’re pretty pleased with it.

RandomX which is CPU focused is interesting but again is vast departure from our GPU oriented community and will open ourselves to botnets farming us which is something Zcoin suffered from early in our history.

An interesting option is to merge mine with XMR which would possibly open ourselves up to a wider privacy focused audience, but it would alienate our existing miner community and pool ecosystem.

Any other algorithm that we consider should be properly analyzed by experts and not home-brewed but must also be balanced with the development work required to implement it.


I originally voted for MTP back in the day but did not realize how big the blockchain would get. I suspect it is a negative factor for xzc. I think using ProgPOW sounds the best as I want to avoid ASICs and CPU botnets. I voted ProgPOW

Can you explain more about XMR merge mining. That sounds interesting to me as well.

You can read about merge mining here. It means we rely on another coin for our PoW and people who mine XMR also get XZC for free. Those who want XZC would need to mine XMR as well.

I think the decision should be taken by the team since you know the work involved and have the bigger picture.
In general i fully agree with you on the fact that staying with MTP is not the best option if it takes to much time from the team. There are tons more the team can spend their time on which is more valuable for the project.
Since you think ProgPOW is a good option specially after talking to other projects i vote for that.
The second option is the merger mine with XMR. Its a very good option to. They are a bigger project and we can reuse the work they deliver. Its a smart move. Community will understand i think.

Was reading about Ravencoin’s program alternation approach, seems interesting to alternate between 16 algorithms. Maybe some version of this.

I think you’re referring to x16r and x16rv2 algorithms. Those fell victim to asics and/or fpga’s (I’m unsure which if it matters) and they are currently using progpow with their own parameters called kawpow.

1 Like

Thanks for the reply, yea then Progpow it is. Dont think though anything can be fully ASICs resistant, someone will find a way to keep making new hardware.

Make sure to amend your vote then!

  • MTP has served its purpose - and is a bandwidth and blockchain hog - so - no for MTP.
  • switching to Randomx likely not a good idea (CPU botnets, GPU miners will not be happy, etc …) - so - no.
  • merge-mine with XMR would likely be bad for the price of Zcoin and the whole project - since the free coins you get for mining XMR would likely just be dumped - and Zcoin would be in the shadow or Monero - so - no.
  • even though I’m not convinced ProgPow is the way to go (still believe it will have asics very soon), it seems to be working fine for Ravencoin (as KawPow), and their recent inflation bug was associated with other code and not KawPow - so - my vote is for a taylored version of ProgPoW.

I voted for Progpow even though it involves trusting that Solardiz on github is wrong or that the setups he mentions won’t take advantage of it.

There really aren’t a lot of better options.

Something with CPU/GPU dollar parity on efficacy would be the ultimate door opener for participation but none of those solutions are fully audited.


Merge mine with XMR will allow us to gain ahead on development especially mining on web browsers like Chrome, Mozilla, Edge and etc. This case will allow normal users to interested in gain small Zcoin using their browsers. As a effect, more people will know about Zcoin. Another reason, although we suffer from Botnet before, but the other side, botnet mostly involved dark market, it acts as intensive to get them support for Zcoin as in my opinion. While GPU is good guy, but mostly sell to BTC anyway.

a XMR merge-mined setup with chain-locks enabled would provide chain-lock protection to XMR chain also?

Are you essentially saying that something with more dollar parity on hardware would be ideal?
Meaning it does not matter overly if you are mining with 100$ of CPU/GPU/FPGA all should have a similar output.
If that is the case, the most promising, I have seen is the worksize increased version of the initial lyra2z algorithm lyra2z330. It has close to CPU/GPU parity. It might be worthwhile to have a competent FPGA developer or two comment on it.

Thought I’d add some comments here, and give a little background on myself… I’ve been a GPU/CPU Miner since back in early '17, starting with ETH and then on to almost everything else that’s been available at one point or another. I remember mining XZC on linux when Todxx first released his AMD implementation. Part of what made Lyra2z such an awesome algo was how power friendly and cool it was on GPUs, definitely lost that with the move to MTP.

It really depends on who you’re appealing to. You have 4 options: ASIC, FPGA, GPU, and CPU.

Concerning ASICs, it’s fairly obvious they become a point of centralization when their manufacturers can corner a market on a new algo and have first access to hardware the average person doesn’t.
You have similar things with FPGAs. The amount of capital, technical sophistication, high devfees, all contribute to making it unlikely that the average person could reasonably and profitably support the network with an FPGA.

Which leaves you with GPUs and CPUs. Concerning CPUs, I’ll admit I was initially supportive of XMR’s move to RandomX as it seemed a way to democratize and decentralize the hashrate, and I have several ryzen CPUs. The experience so far has been poor for me across the board for RandomX. Whether RandomX for XMR or LOKI or Wownero, the profit margins on RandomX are so small, razor thin, and impractical that even on my Threadripper CPU I don’t even bother. I can speculate why, but no one really knows; typical answers are “server farms” or “botnets” or “AWS instances” for the cause of RandomX’s low profitability. So sure, anybody CAN do it and everybody HAS a CPU, but why would anyone do it? Unless they like being hot and sweaty and throwing money down the drain every month and burning out their computer faster. And it’s not scalable enough for an average user to support the network profitably… existing server farms which can quickly be switched between purposes/uses will maintain an incredible advantage and scale over the average user.

Which leaves GPUs for last I suppose. GPUs are obtainable for practically anyone who wants one, and for a person willing to do more and scale up, it’s not difficult to add GPUs to an existing mining rig (up to a point, obviously). However, in my opinion a GPU farm is a much more risky investment than a Server Farm, as a GPU Farm can’t be shifted to a different use like a Server Farm can if mining profitability tanks. There also is the aspect of constant depreciation of GPU hardware as newer generations are released. As long as a larger entity doesn’t find a way to game the system with an ASIC or FPGA, in my opinion they don’t have a significant enough advantage over a person who can run a rig at home. Sure, they may have better electrical rates, but they also have warehouse overhead and concerns of hardware depreciation, while the home miner has nearly zero “margin”, to the extent they need a home to live in anyways. When ETH Profitability came back I flipped my rigs back on and continued life as normal, and counted my blessings I didn’t have warehouse or employee overhead to worry about.

To the extent that XZC is trying to appeal to users like me to support the network, my vote will be GPU friendly algorithms. To the extent possible, algorithms that are memory-bound as opposed to compute-bound will not only be more power-friendly, but will also provide less advantageous implementations on FPGA’s/ASICs. This is what I think has made dagger-hashimoto/ethash so successful, and to a large extent even Cryptonight algorithms for quite a while. CN algorithms that require larger memory scratchpads (CN-Heavy) can and still are being successfully mined on GPUs. To that extent I think MTP was successful in how it had large memory requirements. On ProgPow this could also be achieved depending on the size of DAG chosen for the implementation, although, there is potentially a lot of orphaned 4GB hashrate that may be looking for a home come later this year when the ETH DAG grows too big. In terms of available options as of today, I’d say ProgPow is likely the easiest options as both AMD and Nvidia GPUs are competitive. One other comment I’d make is that smaller networks should be careful adopting the algorithms of other existing projects; ETC’s 51% attacks over the last month provide an adequate example. To that end, MTP has actually been pretty successful, not only because it’s unique, but the large proof requirements actually made Nicehash delist it; I know that many have complained in the past for how Nicehash provided an easy attack vector against smaller projects because of nefarious actors ability to purchase whatever extra hashrate they needed.

Think I’ve rambled on enough… but hope my commentary was helpful.


Really appreciate your commentary :smiley:

And yes definitely aware of the risk of 51% attacks which is why we should probably only have a PoW change once we implement chainlocks (that provides 51% attack protection) is probably prudent.


I think ProgPow is at this time the best option, the reasons outlined above are convincing enough for me.
Mainly I like that its audited, as we know technology is very complex and minor bugs can cause major catastrophes so to me its important to prioritize safety and a well audited tech.

MTP served its purpose and Random X seems to be giving trouble with botnets so its a no go, in my opinion.

Finally I am totally against merge-mine with XMR, for the simple reason that we strive to be the best privacy coin and being under the shadow of XMR its not a good idea, unless we are satisfied with just being an underdog.


Not just that. I don’t think the merged mining proposal have an actual solution for doing so. Doing what NMC do with BTC is a completely different thing from merging anything with RandomX. It would have technical issues that go well beyond the scope of just being in the shadow of XMR in this case.

ProgPoW 0.9.4, consider tuning the params (and name) so that you’re different to other variations of ProgPoW in use.

Both 0.9.3 and 0.9.4 are proposed for eth, unlikely any will be accepted, but if any more likely 0.9.3. 0.9.4 deals with all known theoretical attacks.

I’d like to see more conversation on keeping the DAG below 3G to include older hardware increasing your number of potential miners. Does this expose you to more Nicehash or make you less ASIC resistant?