The notion of scrypt being "memory hard" is from 2009. This is when GPU just started supporting 1GiB of RAM [1] 256MiB and 512MiB models were still common place. The 1080Ti supports 11x that [2] its a far cry to buy a GPU that doesn't support at least 4GiB.
Scrypt difficult is 128 bytes × N_cost×r_blockSizeFactor [3]. The "standard" parameters 16384 = N blocksize = 8 results in 16MiB of memory per instance.
On a 512MiB GPU that was only 32 instances in parallel. A modern 1080Ti (with 11GiB) that can be 704 instances. Now we're cooking with gas. Moore's Law it happens.
That's because scrypt is using the wrong memory hardness. The really hard problem in reality is memory load latency (assuming a large memory with random access). We essentially haven't made much progress on that font in decade(s), but have tapered over it with ever increasing levels of cache. If the access is effectively random, then the caches won't help. Base the crypto on that!
Scrypt difficult is 128 bytes × N_cost×r_blockSizeFactor [3]. The "standard" parameters 16384 = N blocksize = 8 results in 16MiB of memory per instance.
On a 512MiB GPU that was only 32 instances in parallel. A modern 1080Ti (with 11GiB) that can be 704 instances. Now we're cooking with gas. Moore's Law it happens.
[1] http://www.anandtech.com/show/2744/2
[2] https://www.evga.com/products/productlist.aspx?type=0&family...
[3] https://stackoverflow.com/questions/11126315/what-are-optima...