Instead of selecting PoW depending on block height, how about randomizing it depending on last hex digit of the last mined block hash? This randomness of algorithm choice would most likely make this more ASIC resistant.
ASICs don't need all that much time to go from off to mining, so I'm not sure if that'd help.
Interesting idea. What comes to mind first is that it would make PoW mining very sporadic. Essentially each PoW group would have to wait a lot until they can work again.
That's a good point, and other hybrid proposals do usually allow for continuous mining by all PoWs. The reason I did it this way is to ensure that one group cannot have any influence on any others. You know for sure that if a transaction has 4 confirmations then it has gone through all 4 steps and all 3 PoW groups. Whereas with simultaneous mining, it's more difficult to feel confident that this same property will hold. For example, even if you disallow one chain from getting too far ahead of another one, maybe a super-powerful attacker could completely wipe out the *entire* history of one chain, totally screwing things up. Maybe there are ways to do it safely, but it's more difficult.
Requiring miners to pause for a while is sub-optimal, but I think it's workable. Electricity would be saved when not mining, so it might not be that terrible.
Yes, the problem of the mod 4 idea is that miners are idle until it's their turn again. An idle miner consumes less than a working miner, but it sill consumes a lot of power. I think that if can't find a way around this then it's a show-stopper.
Letting all the 4 "channels" run in parallel raises 2 immediate questions:
- When is a block confirmed? 6 pos blocks is not as secure as 4 blocks from different methods. This can be solved saying "1 confirmation is whenever you have 1 block from each method". So 1 confirmation requires at least 4 blocks, and 2 confirmations require at least 8 blocks, but can take many more blocks in case of bad luck.
- How to weigh two competing chains for a reorg? Imagine two chains that have the same length and the same blocks up to height n-1, but block n is method A in one chain and method B in the other one. Which one has more work (or weight, or "trust")? Since different methods have different unrelated difficulties it's not easy to compare. Myriad solved this using factors resulting from empirical tests: scrypt is assumed to be 1000 times as hard as double-sha256, so now the work for different algorithms can be compared. But how do you compare POS vs POW? most hybrid coins don't: they just allow POS to rewrite POW blocks by assigning a constant minimal "trust" to POW blocks.
If you want to avoid someone from rewriting history you can assign exponentially decreasing work to consecutive blocks from the same method. Example: after a SHA3 block, if the following block is also SHA3 then you multiply it's work by 0.5 and so on until a block from another method is found.
wait... you have that same problem with the mod 4 idea: if there are 2 chains that only differ in the last 4 blocks but one chain has more difficulty in the mod 0 block and at the same time less difficulty in the mod 1 block. Which chain is the best?