I worked for 5 years for a company that creates ASIC chips, and I understand the process well enough. My estimation is that it is possible to create such an ASIC that will feed the same power as Radeon 5870 (for example), and calculate 20-100 times more hashes. It is not surprising because the chip is special-purpose, and GPU is universal. I suppose that it is possible to create such an ASIC in 6-12 months. The power of network now is approximately 12 Thash, that is equivalent to ~ 20000-40000 GPUs. That means that 2000 such chips would be enough to attain more than 50% of the computing power. I think, the cost of creating such a number of chips is approximately 5 million dollars. Indeed, the major part of this money would be spent on designing the chip, not on manufacture. Therefore, to create 10,000 chips like this, one would need approximately 10 million dollars. And 10,000 chips is 80% of the nets computing power.
So, I think that ASIC is the most possible way to accomplish 51% attack.
Agree.
What can we invent to prevent net destruction? I have thought about it but I have not found any decision. IMHO, change POW method is useful only for the first time, because we can change our miners quickly, but it is not possible to change an ASIC chip. They would need to make another one (+3-6 months). Adding memory requirements in POW method is good idea, but it changes not much. Let us say, not 10 but 20 million dollars per 80% of the nets computing power.
Not agree. Idea isn't in just adding memory requirements to the POW but making the POW seriously memory-constrained. Say 1 POW needs 1 million sequential computations and 32M of RAM at a whole for each computation and that 32M can't be shared between POWs because there are different data. So the only way to implement such POW in ASIC is to add 32M of RAM to the chip wasting its area and dramatically increasing its cost and reducing its efficiency. And you can't make 32M of on-ASIC RAM cheaper than 32M of DDR module RAM.
I think the better way to find the decision is to think about changing a way of cooperation of nodes. For example it is possible to create a system of trust between nodes. If one node makes some suspicious actions (destributes a new block that not contains a majority part of transactions or new block chain that removes the last 10 blocks), its "rank" decreases. If a node destribute good information, its "rank" increased. Information from nodes with too low "rank" is skipped. Its only a raw idea, I know. I just want to show the direction of how else it could be.
Bad idea. No one can prevent me from making millions of nodes each of which trusts to each other. Newly connected nodes have to trust my malicious sub-network with high probability only because of its size.
If you propose to dedicate one bootstrap node and make it trusted by default (hard-coding certificate into client for example) you just invent PKI in its traditional form and that trusted-by-default node would become a central authority and would perform central-bank like functions. That's not we're all want to happen with Bitcoin.
Anyway, what we can do just now (except finding decision) is to recognize the problem. And change in wiki the status of this vulnerability from "Probably not a problem" to "Might be a problem".
You damn right. It's "Might be a problem".