Tensority: an ASIC-friendly Proof of Work Algorithm Based on Tensor

Transcription

1 Tensority: an ASIC-friendly Proof of Work Algorithm Based on Tensor Bytom Foundation April 17, 2018 Abstract Consensus mechanism is the core of blockchain system which ensures distributed consensus among all parties. Proof of Work (PoW) is a consensus algorithm that adopted by Bitcoin. According to PoW, more computing power means more security and robustness of the system. However, Bitcoin PoW just adopts direct hash method which is criticized for waste of resource. In this paper, we propose Tensority, a new PoW consensus algorithm, where matrix and tensor operations are introduced into the hashing process. So, miners can be used for AI hardware acceleration services, parallel computing and generating additional social benefits. In other words, Tensority acts as a bridge between Blockchain and AI. Further more, we adopt random analyse method to prove security and fairness of Tensority in theorem. Finally, we operate experiment and apply χ 2 test to show that Tensority have good random property indeed. In summary, Tensority is secure, robust and AI ASCI-chips friendly consensus algorithm which all smart devices can run. 1 Introduction Recently, blockchain has attracted extensive attentions and is considered as the future Internet prototype for its excellent features, such as decentrialization, persisitency, anonymity, auditability and smart contract. Consensus mechanism is the core of blockchain system which enable consensus among distructed network even including some evil nodes who try to destroy the system. Technically, consensus mechanism is solution that solves the Byzantine generals problem[1]. Obviously, consensus mechanism is the source of security, robustness and trust. Bitcoin[2] proposed by Nakamoto in 2008 is the first and most influential blockchain project. PoW, the consensus algorithm adopted in Bitcoin, is a new and incredible strategy to solve the Byzantine generals problem. In PoW, all competitive participants called miners try calculating block header hash to reach the target first by using different nonces continuously. Accordingly, PoW procedure is called mining. As shown in Figure 1, Bitcoin miners have gone through four stages of CPU, GPU, FPGA and ASIC. In the age of CPU and GPU, the mining entry barrier is so low that even a PC or laptop with an independent graphics card can be used for mining. With emergence of FPGA and ASIC, the Moore s Law have its way in the world of Bitcoin mining. At present, the mining chips are measured at GH/S and the manufacturing process of wafer has been raised from 130nm to 14nm, which is close to the current limit of semiconductor manufacturing technology. However, the PoW mechanism is criticized as the machines could be applied to mining only, resulting in a great waste of hardware and energy. 1

2 Figure 1: Four stages of mining On the other hand, Ethereum[3], the most famous blockchain platform supporting turingcomplete smart contract, adopts Ethash[4] as its consensus algorithm. For Ethhash is ASICresistance alogorithm, Ethereum network is maintained by relatively low computing power. So, it is considered less secure than Bitcoin. In addition, it is absent from rapid development of ASIC techniques which support higher computing power, specially AI ASIC chips. Through analysis, we can find that miners could be compared to AI as both rely on underlying large-scale parallel computing. Vast majority of the deep learning algorithms can be mapped into the underlying linear algebraic operations. Linear algebraic operation has two characteristics: first Tensor s flow is very regular and expectable; second is the high density of calculation. These two features make AI deep learning particularly suitable for hardware acceleration. In this paper, we propose Tensority, a secure, robust and AI ASCI-chips friendly PoW algorithm, that overcomes the respective shortcomings of both Bitcoin and Ethereum. In stead of direct hash in Bitcoin, Tensority introduces matrix and tensor operations in the hashing process of mining, making miners friendlier to AI ASICs than GPU and CPU. In addition, Tensority is more secure than Ethash for it attracts more computing power. Tensority make following situations possible: 1. Calculation required for blockchain consensus can also be applied to the AI hardware acceleration service, which will generate greater social benefits. 2. Mining market will stimulate the market for artificial intelligence, expanding needs for the deep learning ASIC chips, just like the boosting effect to GPU market lifted by current GPU-friendly PoW blockchain. 3. Outdated miners can be utilized for AI hardware acceleration services, saving mining costs and thus realize a win-win situation. 2 Tensority Alogrithm Tensority algorithm framework is shown as Figure 2. Tensority alogrithm utilizes seed and block header hash as input and generate work correspondingly. Seed is a byte array of 32 determined by a period of blockchain history. In other word, seed can be considered as a snapshot of historical network consensus. To get a validated block, miners should keep operating Tensority with different nonce until matching the requirement of difficulty. There are mainly five procedures of Tensority: cache calculation, matrix construction, matrix operation, work generation and work validation. It is worth noting that index of array and matrix mentioned in this paper begins with 1. 2

3 Figure 2: Framework of Tensority 2.1 Cache Calculation Cache is generated by seed in Algorithm 1. Compared with block rate, seed renewal is slower. So, cache generated from seed can be reused for a period of time. Furthermore, cache is the intermediary of constructing cache matrix. The main steps are listed as follow: 1. Seed Extention Set seed 0 as seed, calculate sha256 hash of seed 0 and then we get seed 1. Similarly, We can get seed i one after another by calculating sha256 hash of seed i 1. Finally, we string seed 0,..., seed extround together and get extseed. 2. Scrypt Extseed We recursively call Scrypt function to obtain the cache, an unint32 array of 32x1024x128. Scrypt[5] is a kind of KDF alogrithm mainly used as key generation method aimed at preventing low-cost password collision. It is worth to mentioned that Scrypt is used in Litecoin since 2011.[6] So, it has been proved as a reliable seed extension algorithm. 3

4 Algorithm 1: calcseedcache Input: seed - a byte array of 32; Output: cache - an uint32 array of 32x1024x128; 1 Initialize extround = 3; scryptround = 128; 2 extseed = seed; 3 tmphash = seed; 4 for i = 1; i extround; i + + do 5 tmphash = SHA256(tmphash); 6 extseed = Append(extseed, tmphash); 7 end 8 cache = ; 9 tmpv = ; 10 for j = 1; j scryptround; j + + do 11 tmpv = Scrypt(extseed, tmpv); 12 cache = Append(cache, tmpv); 13 end 14 return cache; 2.2 Matrix Construction Technical innovation of Tensority is based on tensor and matrix operations. In this procedure, we construct matrices which are ready for matrix operations in the next procedure. The main steps are listed as follow: 1. Cache Recomposition The design of recomposition method is aimed at improving efficiency of ASCI mining machines, such as faster memory accession. Considering data alignment and memory access of miners, we design following recomposition of cache. At the begining, we partition cache into 128 groups. Each group includes 32x1024 elements. In each group, we cluster 32 elements as a unit. So, we obtain an uint32 matrix tmpmatrix of 32x1024x128. The size of recomposedmatrix is also 32x1024x128. Tmpmatrix elements with odd dimension 2 index equal recomposedmatrix to elements with dimension2 index from 1 to 1024/2 correspondingly. Similarly, tmpmatrix elements with even index are corespondent to recomposedmatrix elements with index from 1024/2+1 to Cache Matrix Construction Spread matrix recomposedmatrix and set it as a int8 array of 256x256x256. Then we get a float64 array of 256x256x256 by type casting. Finally, we obtain a float64 matrix cachematrix of 256x256x256. Algorithm 2: constructcachematrix Input: cache - an uint32 array of 32x1024x128; Output: cachematrix - an float64 matrix of 256x256x256 1 Initialize dim1 = 32; dim2 = 1024; dim3 = 128; dim = 256; 2 tmpmatrix = Matrix(cache, dim1, dim2, dim3); 3 recomposedmatrix = NewMatrix(dim1, dim2, dim3); 4 cachematrix = NewMatrix(dim, dim, dim); 5 recomposedmatrix[:][1 : dim2/2][:] = tmpmatrix[:][all odd index][:] ; 6 recomposedmatrix[:][dim2/2+1 : dim2][:] = tmpmatrix[:][all even index][:]; 7 cachematrix = Float64(Matrix(Int8Array(recomposedmatrix), dim, dim, dim)); 8 return cachematrix; 2.3 Matrix Operation The rate of matrix operation mainly depends on the computing power of miner. In addition, float64 matrix multiplication instead of integer multiplication is adopted because we should enable miners supporting AI algorithms which mainly run under float type environment.the procedure of matrix 4

5 operation (Algrithm 3) utilizes block header hash headerhash as a index to slice cachematrix, an float64 matrix of 256x256x256. After calculating matrix multiplication with slices iteratively for several round, we finally obtain the work matrix workmatrix. Note that there are total 256 rounds of multiplication between matrices of 256x256. The main steps are listed as follow: 1. Generate Index of Matrix Slices We divide block header hash into 4 group first. Then we operate SHA256 to each group and obtain corresponding sequence of 32 bytes. Each byte in sequence is casted to integer as the index of the matrix slice. Obviously, 4x32 matrix slices are generated during this procedure. 2. Matrix Caculation We can obtain the corresponding 256x256 cachematrix matrix slice mb according to the slice index. Matrix mc is the result of multiplication of ma and mb T. Note that ma is initialized to identity matrix in the first round. Then we cast elements of mc to int32. Here we define a operation called Compress32to8. It converts the data type int32 of data b = (b_1, b_2, b_3, b_4) (big endian) into uint8 via the formula (b_3 + b_4)mod2 8. Compress32to8 is introduced to ensure better randomness of multiplication result. After that, we set mc elements as their corresponding Compress32to8 results. Then we cast mc elements to float64 and assign the result to ma until sequence run out eventually. Previous steps should be iterated for 2 times. Finally, we utilize ma to renew hashmatrix. We will get Integer32 sum of ma and hashmatrix. Renew hashmatrix element with low 8 bits value in that position and cast the element to float64. Algorithm 3: constructhashmatrix Input: cachematrix - a float64 array of 256x256x256; headerhash - a byte array of 32 Output: hashmatrix - an uint8 matrix of 256x256 1 Initialize drawround = 4; mulround = 2; dim = 256; 2 hashmatrix = Matrix(dim, dim); 3 drawmatrix = Matrix(headerhash, drawround, sizeof(headerhash)/drawround); 4 for i = 1; i drawround; i + + do 5 ma = I; 6 mc = Matrix(dim, dim); 7 sequence = SHA256(drawmatrix[i]); 8 for j = 1; j mulround; j + + do 9 for k = 1; k sizeof(sequence); k + + do 10 index = Uint8(sequence[k])+1; 11 mb = srcmatrix[index][:][:]; 12 mc = ma x mb T ; 13 for element mc do 14 element = Float64(Compress32to8(Int32(element))); 15 end 16 ma = mc 17 end 18 end 19 for row = 1; row dim; row + + do 20 for col = 1; col dim; col + + do 21 i32vhashmatrix = Int32(hashmatrix[row][col]); 22 i32vma := Int32(ma[row][col]); 23 i8v = Int8(i32vhashmatrix+i32vma); 24 hashmatrix[row][col] = Float64(i8v); 25 end 26 end 27 end 28 return hashmatrix; 5

6 2.4 Work Generation Work generation algorithm use hashmatrix as input and generation 32 bytes hash representing work. The key of that procedure is improving computational efficiency under the premise of randomness. So, we utilize FNV[7] enabling faster hash to hash matrix instead of SH2 or SH3 because it is a non-cryptographic hash algorithm. FNV has also been adopted in Ethereum Ethash for a while. So, its reliability has been proved. In addition, We choose 0x as parameter F NV _prime.[8] Finally, we apply SHA256 to the result of FNV to assure solid randomness. 1. Resize Matrix Hashmatrix Hashmatrix is an uint8 matrix of 256x256. For each row, extract elements with same remainder from dividing 64 by the position as a group. Combine elements in each group into an unint32 element. Then we get an unint32 matrix of 256x64 called mat Binary Forwarded FNV Binary Forwarded FNV (Algorithm 4) is essentially a method to hash matrix. First, we initiate n to dim1 of mat32. For row 1 to row n, operate FNV function to two element in same column with same remainder from dividing n/2 by the row position and set that element with lower row index as FNV result. Then we half n and execute that step unit n equals to 1. Finally, we take the first row of mat32 and convert it to byte array. After operate SHA256 to that byte array, we obtain work. Algorithm 4: hashmatrix Input: mat32 - an uint32 matrix of 256x64; Output: hash - an byte array of 32 1 Initialize dim1 = 256; dim2 = 64; 2 for k = dim1/2; k 1; k = k/2 do 3 for i = 1; i k; i + + do 4 for j = 1; j dim2; j + + do 5 mat32[i][j] = FNV(mat32[i][j], mat32[i+k][j]) 6 end 7 end 8 end 9 hash = SHA256(ToByteArray(mat32[0][:])); 10 return hash; 2.5 Work Validation In this procedure, we compare work value with block difficulty. If the work have lower value, it can be seen as a validated work and miners will broadcast that block before receiving a validated block from others. Otherwise, miners will keep changing nonce value to execute Tensority before receiving a validated block. 3 Random Analysis of Tensority To proof the security of Tensority, we adopt random analysis method. The idea is intuitive. Suppose that we have random matrixs M1 and M2. For the basic operation of Tensority is matrix mutliplication, we just need to prove that M3 which equals to M2 x M3 also keeps randomness. In other words, M3 also obeys uniform distribution respesenting M3 owns max uncertainty according information theory. nonuniform distribution is not secure that attacker can analyse the distribution and utilize points with higher probability. 6

7 3.1 Symbol Definition A 0, A 1,..., A 256 Fill random sequence into those matrixes, per one boasts size of 512*512 H Function of SHA256 algorithm BLOCK n Block without nonce B i ith Byte n Nonce Two adjoined data concatenated together MAC A message authentication code of SHA256 The operator defined in our Tensority algorithm + Addition Multiplication T The target specified to find a valid block ω Sample space of variable X ω Sample space of variable Z N Nonzero nature integer df Block without nonce 3.2 Mathematical Preliminaries Theorem 1 (Central Limit Theorem) Let X 1, X 2,, X n be n independent identically distributed random variables boating finite mean E(X k ) = u and finite variance D(X k ) = σ 2 > 0(k = 1, 2, 3, ), unit-variance random defined by: Y n = n k=1 X k E( n k=1 X k) n D( k=1 X = k) n k=1 X k nu nσ (3.1) then, for x in sample space the cumulative distribution function F n (x) satisfies n lim F n(x) = lim P { k=1 X k nu x 1 x} == e t2 2 dt = φ(x) (3.2) n n nσ 2π Definition 1 (compress32to8) Convert the data type int32 of data b = (B 0 B 1 B 2 B 3 ) ((big endian)) into int8 via the formula D = (B 2 + B 3 )mod2 8 (3.3) Definition 2 Given two matrixes A = (a ij ) mm and B = (b ij ) m with data of data type int8, the operator of matrix is defined as follows C = A B (3.4) where, per c ij in matrix C satisfies c ij = compress32to8( m k=1 a ikb kj ). Definition 3 The entropy H(x) of discrete random variable X with probability distribution p(x) is defined as H(X) = x X p(x) log 2 p(x) (3.5) Theorem 2 (binary entropy function) Given a random bit b with 0, 1, the entropy of it is defined as H(b) = p log 2 p (1 p) log 2 (1 p) (3.6) Note that the b has max-entropy as p = 1 2. Theorem 3 Given any bit sequence X with length of n, it satisfies,while the sample x X with p(x) = 1 2 n, thex has max-entropy. 0 H(X) log 2 n (3.7) 7

8 3.3 Algorithm Proposed 1. Fill random sequence into a series of matrixes A 0, A 1,, A 256 with size of 512x512, 2. For a new block BLOCK n without nonce, select a nonce n to calculate MAC = H(BLOCK n n, then slice the bit sequence MAC owing 256 bits into 32 bytes and convert per byte to data of data type Unint8, x 0, x 1,, x 31 ; finally, evaluate k i = x i mod256, (0 i 31). 3. Evaluate M = A k31 Ak1 Ak0 Ak31 Ak1 Ak0, aggregately operating 64 times left multiplication. 4. Convert M from Matrix to sequence m,and then check H(m) T, if H(m) T is true, the algorithm ends; otherwise, returns to step Random Proof In cryptography and information theory, the random of bit sequence relies on values of entropy. According to Theorem 2 and 3, when a random bit sequence X satisfies a discrete uniform distribution, it has the best indeterministic property - a best random. In our algorithm, given a random variable X of data type int8 is constructed by 8 random bits as where,the probability distribution of bit b i (0 i 7) satisfies X = b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 (3.8) b i = k 0 1 P {b i = k} Note that the per bit variable is mutual independence, so that the value x of data type int8 has the probability P (X = x) = (3.9) Based on structure of data type int8, the random variablex has sample space Ω = { 128, 127,, 126, 127}. Each outcome x in the sample space posses P {X = x} = , according to evaluate formula 3.9. To prove random of the Tensority algorithm, We need to prove that each random variable m in matrix M has same probability distribution with variable X, obeying discrete uniform distribution. Proof. Given two discrete independent random variables X and Y with sample space Ω in which sample data has data type int8. To evaluate a new random variable Z = XY,the formula of probability is designated as P {Z = z} = x Ω p(x)p( z x ) = x Ω = (3.10) x Ω Via evaluating formula 3.10 by computer program,the probability distribution of samples of Z is showed in Figure 3,and the data of probability detailed in Appendix 1. 8

9 Figure 3: Distribution of Samples of Z Theorem 4 Given 2k (k 1) random variables X 1, X 2,, X 2k, the probability distribution of each X i, (1 i 2k) is same as the variable Z. For the random variable U = compress32to8( 2k k=1 X i), the variable U converges discrete uniform distribution if and only if k converges infinite. Proof. a. For 2k=2, the random variable U satisfies U = compress32to8(z 1 + Z 2 ), and the probability formula of it can be defined as P {U = u} = P {Z 2 = ũ z}p {Z 1 = z} (3.11) u=compress32to8(ũ) z Ω Via evaluate the formula 3.11, the probability distribution of U is detailed from Figure 4, probability data in textbfappendix 2: Figure 4: Distribution of U (2k=2) b. For 2k=4, the random variable U satisfies U = compress32to8(z 1 + Z 2 + Z 3 + Z 4 ), and the probability formula of it can be defined as 9

10 P {Ũ = ũ} = P {Z 1 = z 1 }P {Z 2 = z 2 }P {Z 3 = z 3 }P {Z 4 = ũ z 1 z 2 z 3 } z 1 Ω z 2 Ω z 3 Ω P {U = u} = u=compress32to8(ũ) P {Ũ = ũ} (3.12) Via evaluating the formula 3.12, the probability distribution of U is detailed from Figure 5, probability data in Appendix 3: Figure 5: Probability Distribution of U (2k=4) Note, while k > 4, the formula to evaluate probability of random variable is too large, so that we will not list anymore. c. For 2k=8, the random variable U satisfies that U = compress32to8( 8 i=1 Z i). Via evaluating of probability, we can obtain the probability distribution as Figure 6 showing, and probability data in Appendix 4. Figure 6: Probability Distribution of U (2k=8) 10

11 d. For 2k=16, the random variable U satisfies that U = compress32to8( 16 i=1 Z i). Via evaluating of probability, we can obtain the probability distribution as Figure 7 showing, and probability data in Appendix5. Figure 7: Probability Distribution of U (2k=16) e. For 2k=32, the random variable U satisfies that U = compress32to8( 32 i=1 Z i); Via evaluating of probability we obtain the probability distribution as Figure 8 showing, and probability data in Appendix6. Figure 8: Probability Distribution of U (2k=32) f. For 2k=64, the random variable U satisfies that U = compress32to8( 64 i=1 Z i). Via evaluating of probability, we obtain the probability distribution as Figure 9 showing, and probability data in Appendix7. 11

12 Figure 9: Probability Distribution of U (2k=64) g. Given 2k=128, the random variable U satisfies that U = compress32to8( 128 i=1 Z i). Via evaluating of probability, we obtain the probability distribution as Figure 10 showing, and probability data in Appendix 8. Figure 10: Probability Distribution of U (2k=128) h. For 2k=256,the random variable U satisfies that U = compress32to8( 256 i=1 Z i). Via evaluating of probability, we obtain the probability distribution as Figure 11 showing, and probability data in Appendix 9. 12

13 Figure 11: Probability Distribution of U (2k=256) i. Give 2k=512,the random variable U satisfies that U = compress32to8( 512 i=1 Z i),via evaluating of probability we obtain the probability distribution as Figure 12 showing, and probability data in Appendix 10. Figure 12: Probability Distribution of U (2k=512) ɛ > 0, N N, when k > N, according to central limit theorem in Theorem 1 describing, the independent random variable series Z 1, Z 2,, Z 2k satisfy 2k i=1 P { Z i 2ku x} φ(x) < ɛ (3.13) 2kσ,so that the probability function of random variable U satisfies P {compress32to8( 2k i=1 Z i ) x} P {X x} < ɛ (3.14) 13

14 Thus, for k,the unit-variance random 2k i=1 Zi 2ku 2kσ obeys normal distribution,so that lim k compress32to8( 512 i=1 Z i) obeys discrete uniform distribution,a distribution same as random variable X. Theorem 5 Suppose random Matrixes A and B in which the data obeys discrete uniform distribution and matrix C = A B, the elementary in Matrix C obeys discrete uniform distribution. Proof. In process of proving Theorem 4,for k 64, via rounding probability of outcomes u to 8 decimal places, we find that the probability of each u in the variable U satisfies P {U = u} = (3.15) Where u is integer in range from -128 to127, we can get the distribution of U is same as random variable X. For random Matrix A and Matrix B with size of 512*512 in which the elementary boasts data type of int8, the size of two matrixes is greater than 128. Via specified operator in our Tensority algorithm C = A B, each elementary c ij in Matrix C satisfies 512 c ij = compress32to8( a ik b kj ) (3.16) according to Theorem 4, we can see that the c ij obeys discrete uniform distribution. Theorem 6 The result Matrix M obeys discrete uniform distribution. Proof. In our Tensority algorithm, the step of filling random sequence into the series of matrix A 0, A 1,, A 256,and then selecting R 0, R 1, R 2, R 31 from A 0, A 1,, A 256,is to construct 32 random matrixes R 0, R 1, R 2, R 31. Next, the algorithm evaluates result Matrix M via following formula k=1 M = R 31, R1 R0 R31, R1 R0 According Theorem 5,any elementary in the result matrix of any R i Rj obeys discrete uniform distribution, so that arbitrary elementary in matrix M obeys discrete uniform distribution. Hence,based on Theorem 3 and proof of Theorem 4, 5, and 6, we prove our Tensority algorithm boasts max-entropy, and satisfies the best random required. 4 Experiment To show that our Tensority algorithm boasts good random property in the program executing, we execute the Tensority algorithm 100 times and take sample data from result Matrix M. Then, we randomly collect 6 random variables Y 1, Y 2, Y 3, Y 4, Y 5, Y 6 to test by χ 2 test. 4.1 Model Building H 0 :Y i (0 i 9) obeys discrete uniform distribution Assuming Y i satisfies P {Y i = j} = where, j is a sample in Y i, an integer of data type int8. As data in appendix 11 shows,we collect n = 100 sample data, evaluating value of χ 2 according to formula χ 2 = 256 k=1 n p k ( f i n p i) At the level of α = 0.05, we evaluate χ 2 α(df)= if and only if χ 2 χ 2 α(df), we reject H 0 ; otherwise,accept H 0 14

15 4.2 Sample Testing According to the sample in Appendix11,the result of χ 2 test in Table 1 is evaluated by SPSS software. Table 1: Sample Testing Variable Y 1 Y 2 Y 3 Y 4 Y 5 Y 6 χ df Asymptotic significance Via result of Sample Testing in Table 1,we can see that χ 2 of sample of random variables selected Y i in result matrix M is less than χ 2 α(df), so that we can accept assumption H 0, and this confirming that our algorithm can keep good random property in executing. 5 Conclusion and Prospect The paper proposes Tensority algorithm for BTM which introduces matrix and tensor operations to PoW instead of direct hash in Bitcoin. After random proof and experiment, we can discover that the target Matrix of Tensority constructed obeys discrete uniform distribution in theory, a distribution with good random property. During the Tensority algorithm execution,sample data can accept the assumption of H 0 according to the result of χ 2 test, in other words, the variables tested obeys discrete uniform distribution. It s important to note that for a PoW algorithm, fast validation is another important aspect in addition to hard validated work generation. In this paper, we adopt 256 round matrix multiplication between float64 matrices of 256 x 256. It needs relatively reasonable time to verify the block. To further optimize validation time, there are different method in terms of different platform. SIMD[9], a class of parallel computers in Flynn s taxonomy, is an optional optimization technique. Different platforms have different SIMD design framework. Intel x86 platform provides MMX[10], SSE[11] and AVX[12] to support SIMD. AMD also supports related instructions such as 3DNow![13] and so on. For RSIC architecture, ARM proposed NEON[14] instructions supporting vector operations of many types and optimize parallel matrix multiplication. In summary, multiplication round and matrix dimension should be adjusted for different performance needs and scenes. References [1] Leslie Lamport, Robert Shostak, and Marshall Pease. The byzantine generals problem. ACM Transactions on Programming Languages and Systems (TOPLAS), 4(3): , [2] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system [3] Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151:1 32, [4] Ethash. [5] Colin Percival. Stronger key derivation via sequential memory-hard functions. Self-published, pages 1 16, [6] Charles Lee. Litecoin, [7] Fowler-Noll-Vo hash function. E2%80%93Vo_hash_function. [8] Parameters of the Fnv-1/Fnv-1a hash. index.html#fnv-param. [9] SIMD. 15

16 [10] MMX. [11] SSE. [12] AVX. [13] 3DNow! [14] NENO. 16

17 A Appendix In this section,all data about random proof of Tensority is listed. From Appendix1 to Appendix 10 recording the probability data in proof process,the format of data is that Sample:Probability. In evaluating probability process, the sum of total probability of Sample in Matrix of which size is greater than 64 is less than 1, due to precision of machine being limited. The last Appendix 11 records sample data for χ 2 test. A.1 Appendix 1 0: : e-05 2: e-05 3: e-05 4: e-05 5: e-05 6: : e-05 8: : e-05 10: : e-05 12: : e-05 14: : : : e-05 18: : e-05 20: : : : e-05 24: : e-05 26: : : : e-05 30: : e-05 32: : : : : : e-05 38: : : : e-05 42: : e-05 44: : : : e-05 48: : e-05 50: : : : e-05 54: : : : : : e-05 60: : e-05 62: : : : : : e-05 68: : : : e-05 72: : e-05 74: : : : : : e-05 80: : : : e-05 84: : : : : : e-05 90: : : : : : : : e-05 98: : : : e : : e : : : : e : : e : : : : e : : : : : : : : e : : : : : : e : : e : :

18 133: e : e : : : : : e : e : e : : e : e : : : : : : : e : : e : e : : e : : : : e : : e : : : : : : : e : e : : : e : : e : : e : : : : : e : : : : : e : e : e : : e : e : : : e : : : e : e : e : : e : e : e : : e : : : : e : : : : : : e : : e : : : : : : : : e : : e : : : e : e : : : : e : : : : e : : e : e : : : : : : : : : e : : : e : : e : : e : e : : e : : : e : : e : e : : e : : : e : : : : e : : e : : e : : e : : : e : : e-05 18

19 330: : e : : e : : e : e : : e : : e : : : : : : : : e : e : : : e : : : e : : : : : e : : : : : e : : : e : : : e : e : : e : : e : : : : e : e : e : : : e : : : e : e : : e : : : : e : : : e : e : e : : : : : : e : e : e : : : : : e : : : e : e : : : : : : : : : e : : : e : e : : : e : : e : : : e : : : : : e : : : : e : e : : : e : : e : e : : e : : : e : : e : : : : : e : : e : : e : : e : e : e : e : : : : e : : e : : e : : e-05 19

20 555: : : e : : : : e : : e : : : : : : e : : e : e : e : e : : : e : : : : : : : : e : : e : : : : e : : : : e : : : e : : e : : e : : e : e : : : : e : : e : : e : : : e : : : e : : e : : : : e : : : e : e : e : : : e : e : e : : : : : : e : : : : e : : : e : : e : e : : e : e : e : e : : : : e : e : e : : : e : e : e : : : : e : : : : : : e : : e : : : : : : : e : e : : e : : : : e : e : : e : : e : : : : e : e : : e : e : : e : : e-05 20

21 803: e : e : : : e : : : : : e : : : e : : : : e : : : : : : e : e : : : : : e : e : : : e : : : : : e : : e : : e : e : e : : : e : : : : e : : e : e : : e : : : e : : e : : e : e : e : : : e : e : : : e : : e : e : : : e : : : e : : e : : : : e : e : : : : : : e : : e : : : : e : : : : e : : e : : : e : : e : : : e : e : : : : e : e : e : : e : : : e : e : e : : e : : : e : : e : e : e : : : : : e : : : : : : : : e : : : : e : : e-05 21

22 1068: e : e : : e : e : e : : e : : e : e : e : : : e : : e : : : : : : e : : : e : e : : : : e : : : e : : e : : e : : e : e : : e : : e : : : : : e : e : e : : e : e : e : : e : : : e : : e : : : e : : e : : e : : : : e : : : e : e : : : e : : : : e : : : : : e : : : : e : e : : e : : e : e : e : e : : : : : : e : e : : e : e : e : : e : : : : e : : e : e : : : : : e : : : : : : e : : : : e : e : : : : e : : e : : e : : e : : e : e : e : : e : : e-05 22

23 1350: : : : e : e : e : : e : : : : e : : : : : : : : e : e : : : : e : : e : : : e : : : e : e : : e : e : e : e : e : e : : : : : e : e : : e : : e : e : : : : e : : e : : e : : e : : e : : : e : e : : : : : : : : e : e : : : e : : e : : e : : : e : e : e : : e : : e : e : e : e : : e : : : e : : : e : e : : : : e : e : : : : e : : : : e : : e : e : : e : : : e : : e : e : e : : : : : e : e : e : e : : : : e : : : : : : : e : : e : : : e : e : e-05 23

24 1648: e : e : : e : : : : e : e : : : : : : e : e : e : : e : e : : e : e : : : e : : : : : e : e : : : e : e : e : : e : : : : : e : : : e : e : : e : e : e : e : : e : : e : e : : : e : : : : e : : e : e : : e : e : : : : : : : : : : e : : e : e : e : : e : e : e : : : e : e : : e : : e : : : e : : e : : e : : e : e : e : : : : : e : : : : e : : : e : : : : : e : : e : e : : : e : : e : : : e : e : : e : e : : : e : e : : e : : : e : e : : e : : : :