ASICs work because it’s easy to create hardware to compute just a certain puzzle.
They’re computation bound.
A way to get around the problem of ASIC domination is to make puzzles that rely not only on computation speed, but also on memory, giving rise to the notions of memory-hard and memory-bound problems.
A memory hard problem is one that needs a large amount of requisite memory to solve, and a memory bound problem is a problem that scales based on the amount of memory that you have.
These problems deter ASICs since optimizing computation is useless if memory is the limit agent.
Dogecoin and Litecoin implement a memory-bound hash function called Scrypt (pronounced ess-crypt).
They still use a partial hash-preimage puzzle like in Bitcoin, just with a different hash function.
This means that ASICs that are built for Bitcoin don’t work for Dogecoin or Litecoin.
Scrypt was originally designed to secure passwords and make them hard to brute force, so a memory-bound type of problem makes sense.
Scrypt has two main steps: first fill a buffer with interdependent data, and then access that data in a pseudorandom way.
To see why this is memory-bound, let’s take a look at what happens when you fill a buffer with non-interdependent data.
Looking something up is easy, since you just find the index of the datum you want.
However, if the data is interdependent on other pieces of data, you have to look up those too.
If those aren’t stored in the buffer, then you have to spend time computing them on the fly.
Depending on how much data there is, this can quickly become infeasible, meaning that storing as much interdependent data in memory is the only efficient option.
That’s what makes Scrypt memory-bound.
However, Scrypt also has its drawbacks.
It requires an equal amount of memory to verify, since verifiers have to fill and access an equivalent buffer, with the same parameters.
Remember that puzzles should be easy to verify, so this is not ideal.
In addition, even though Scrpyt was developed to be ASIC resistant, an ASIC has actually been developed for it, so it’s no longer considered ASIC resistant.
Another idea to achieve ASIC resistance that people tried was to chain together a bunch of hash functions.
The idea was that it’s much harder to create an ASIC that can deal with so many hash functions, not just once.
And that was the idea behind x11 and x13, which chain together 11 and 13 different hash functions together respectfully.
The cryptocurrency Dash uses the x11 hashing algorithm, using a chain of SHA3 variants.
Dash’s x11 was designed to be hard to make an ASIC for, but not impossible, so it was never really intended to be ASIC resistant.
Developers wanted to get a good distribution of coin early in Dash’s lifecycle,.
Later on, if someone happened to develop an ASIC for x11, coins would have already been distributed in a fair way.
And that’s exactly what happened.
Another idea that was tossed around was to design coins that periodically switched mining puzzles, making it difficult to optimize.
For example, it could switch around from SHA-1 to SHA-3 to Scrypt for 6 months at a time each.
However, the overhead required to create such an algorithm has historically deterred people from implementing it.
As a closing note, whenever there’s money that can be made, someone’s going to be working to make the most profit.
In cryptocurrencies, that can take the form of working to create ASICs for new hashing algorithms.
Mike Hearn, a Bitcoin Core developer said (quote) “There’s really no such thing as an ASIC-resistant algorithm.”