Proof-of-Work, Explained

You may have heard blockchains are secure ledgers, but are they really? By default all blockchains are totally insecure; I can edit my copy, you can edit your copy, which one is right?

If you read my previous article “What Exactly is Blockchain, Anyway?, consider this part two. I’ve previously explained what keeps a blockchain decentralised, that being “Proof-of-Work” but I didn’t explain fully how it works, the problems it solves or the problems it faces.

The problem with a true blockchain is that it’s decentralised. This is actually its killer feature, but the problem relates to trust, and working out who to trust in a decentralised network. When a participant of the network wishes to download their own copy of the blockchain, how does the user know they’re downloading the correct blockchain? If there are thousands of computers on the network, what stops several hundred computers all trying to send the new user their own unique version of history that they’ve hacked together?

In computer science, this is known as the Byzantine Generals Problem. This is a very complex subject, but I’ll do my best to keep it as simple as possible.

If you’re familiar with the game Chinese Whispers, you’ll know that the game falls apart very fast as anyone in the game can change the story, be it for laughs or just to embarrass someone. This game works because telling a lie is the same price as telling the truth, but what if telling a lie actually had a financial cost?

What Proof-of-Work (PoW) allows participants of a blockchain network to know is: was this story I’m hearing created for free? Or was it created at great cost?

Why Proof-of-Work Matters

PoW in Bitcoin is used to solve several problems that face a decentralised network where no one is in charge.

Below are the two main problems:

Which version of history is the correct version?

In a network where you need to be able to know who has money, who spent money and who received money, history is everything. In a decentralised network where no one is in charge, it had previously been thought impossible for everyone to be able to reach consensus and agree with each other.

Timing of the network

The timing of the network is critical, for Bitcoin mints new coins every ten minutes. In a traditional system you’d simply say “follow this clock” but in a decentralised global system, whose clock do you follow?

If a new computer joins the network today, an existing computer might say “Hey, here is some money I minted 6 months ago and here is some money I minted 10 minutes later.” How can a new participant on the network validate the past?

To understand how Proof-of-Work plays a part in the above, you must first understand what Proof-of-Work is.

A Breakdown of Proof-of-Work, the Code

When Stephen Hawking was writing his masterpiece A Brief History of Time, a colleague told him that “for each scientific formula you include in your book, you’ll reduce your number of readers by 50%”. So in the end, Hawking only included Einstein’s famous E=MC2. Hawking’s book was then read by millions of people, many of whom had no basic grasp of physics.

As this article is aimed at a non-technical audience, I’ll include as little computer code as possible.

As mentioned in my previous article, a hash function provides a unique digital fingerprint to a piece of data. For example, the unique hash for my name “matt” is this long piece of text:

4f31fa50e5bd5ff45684e560fc24aeee527a43739ab611c49c51098a33e2b469

Basically, if someone sees this above hash, they don’t know what it represents; but I can say, “Hey, if you hash the text ‘matt’ with a computer program, you’ll be able to prove that I know what that hash represents. This is because your program will generate the same hash, hence proving I know what creates that hash.”

When a miner creates a new block for the blockchain, he has to provide the network with two hashes; one being a hash of all the transactions in a block, and the other being a hash that proves the miner has expended a vast amount of energy on creating the block. This cost makes it unprofitable for the miner to lie. However, as mentioned in my previous article, the miners need to also work on a lottery-style system where there can only be one winner. Both of these problems are solved by Proof-of-Work.

Let’s say I hashed my name, but instead of just “matt” I added a zero to the end of my name so we had “matt0”. The resulting hash for this would be c5163e81b6dff231b46b584384718ffb734da51d51009399b4b5c73aaa55a811

When you compare this hash to my previous hash of just “matt”, you’ll notice the two hashes, when compared side-by-side, are totally different:

Hash(matt) = 4f31fa50e5bd5ff45684e560fc24aeee527a43739ab611c49c51098a33e2b469

Hash(matt + 0) = c5163e81b6dff231b46b584384718ffb734da51d51009399b4b5c73aaa55a811

 

Cryptographic hash functions are completely unpredictable, but always return the same value for a given piece of data.

Now let’s say I hash my name plus the number fourteen. This gives me:

Hash(matt + 14) = 0ec48972291a05f8b137468c709bf798dbd8b84bc113b5352e81d2bb20d43120

 

What is the point of this? Well, if you were a computer, you could say to me “give me the first number appended at the end of your name that results in a hash starting with the number 0”.

So what my computer would do is hash:

Hash(matt + 0) = c5163e81b6dff231b46b584384718ffb734da51d51009399b4b5c73aaa55a811

Hash(matt + 1) = 4755a40d3769d7614fb31229fedea4d5e247b3ab8cdc223c4b4f5e3cf9910b4c

Hash(matt + 2) = 3f8aad849c3ac625d61ae58929ac1bbf5626592a28dc5368b19b2ef40f514f59

Etc, etc…

 

Eventually I’d hash “matt14” and get the following hash that starts with a number zero:

0ec48972291a05f8b137468c709bf798dbd8b84bc113b5352e81d2bb20d43120

 

My computer would then respond back with the text “matt14” and include the hash; the receiving computer would simply hash “matt14” and see if the resulting hash matches the hash I sent through.

This proves that my computer has had to count from 0 to 14 to find that hash. So effectively my computer has done 15 pieces of work, but the receiving computer could validate this with one piece of work.

Effectively I’ve provided proof of my work, hence I’ve performed “Proof of Work”.

(I hope I haven’t lost you yet!)

As you could probably guess, my computer could do millions of hashes per second, so hashing a value 15 times is pretty pointless. But imagine if a network of computers said to my computer”: “provide us with a valid block of transactions, provide a hash of the block, plus a number that results in a hash starting with….15 zeros”.

The initial hash of the block would be instant:

BlockHash = Hash(‘All of the transactions in the current block’)

then my computer would grab that hash and go:

Hash(BlockHash + 0)

Hash(BlockHash + 1)

Hash(BlockHash + 2)

Etc, etc…

 

To find a hash with 15 leading zeros at the start would require trillions and trillions and trillions of attempts. A slow computer would take hundreds of years to do this, or a lot of very fast computers could go racing for several minutes before the solution was found.

All of these computers obviously will be burning through a lot of electricity. It’s because of this electricity cost that it’s impractical for a miner to find a valid hash on an invalid block of transactions. That is, a miner would be foolish to not correctly validate a block to prove all transactions are valid and to simply skip to hashing of that block. All other computers on the network would reject the invalid block and the miner would not receive a reward.

One of the things that helps keep mining decentralised is that no two miners are hashing the same block. If I was to hash “a+b”, I’ll get a different hash than if I hash “b+a”. Miners all receive transactions across the network in a different order to each other; because of this plus an individual preference for fees, it means that each miner will create a block slightly different.

Although all blocks may have been correctly validated, only one block can go into the chain at one time. So all the miners will have to keep hashing away, until they find a number that, when appended to their block hash then hashed, returns a result with the leading number of zeros that the network has agreed to accept as valid.

To keep Bitcoin’s monetary policy on schedule, the network ensures a block takes on average 10 minutes to be mined. The network does this by adjusting the mining difficulty every 2 weeks. So if blocks are being found too fast due to a lot of new miners coming online, to prevent an unplanned inflationary rate, the network will increase the difficulty required and miners will have to find a longer number of preceding zeros on a hash.

There is no way to know what this hash is in advance, so miners must work fast using many fast computers. As it’s random, the miner with the most powerful computer won’t always win. The best way to look at this is like a lottery system, where the user with the most tickets has a greater chance of winning but isn’t guaranteed to win everytime.

So to recap:

A miner will create a block of valid transactions, then run Proof-of-Work on that block hoping to find a hash of difficulty set by the network before any other miner on the network achieves this. If so, his block will go into the blockchain and he will receive the network fees plus newly minted bitcoin.

The next time you hear in the media “miners earn bitcoin by solving highly complex math problems”, you’ll understand exactly what it is they’re doing.

Problems with Proof-of-Work

Proof-of-Work mining isn’t the only known method for a decentralised network to reach consensus. However, it is the most secure and, to date, the most decentralised.

There are other systems like Proof-of-Stake, which I’ll cover in a separate article. Proof-of-Stake aims to solve some of the problems associated with Proof-of-Work, but generally will result in a semi-decentralised network.

Here are 2 main problems with Proof-of-Work.

High Energy Consumption

Remember how I said if I hash “matt + 14”, it results in a hash beginning with zero? This takes my computer less than a microsecond. Picture the Bitcoin network which consists of millions of specifically designed microchips constantly hashing non stop every 10 minutes. This requires a lot of energy!

The current hash rate of the Bitcoin network is 20 Exahashes per second, or in more simple terms, the network does 20 billion billion hashes per second. My computer couldn’t even do 1 billion hashes per second; but if it could, then I would need 20 billion computers to have the same total hashing power as the Bitcoin network.

Bitcoin miners use specific chips designed solely to hash. This protects the network from botnet attacks, where a hacker will write a virus that takes over the world’s computers and uses them to mine bitcoin. A hacker could do this, but the world’s computers simply couldn’t outpace the Bitcoin network. So the hacker would simply have to follow the rules, or his blocks would be rejected.

The blockchain keeps a history of all blocks ever created, including each block’s Proof-of-Work. When a new computer joins the network, it will download the whole blockchain and validate every piece of work to ensure the blockchain is correct. A hacker could send the user an incorrect blockchain, but the user’s software will connect to many computers and consider the longest chain with the longest cumulative Proof-of-Work to be the true Bitcoin chain.

This is what we call “thermodynamically secure”, or in simple terms “security protected by the laws of physics”. If a hacker wants to confuse the network, the hacker needs to burn more energy on faster computers than the network has access to. This would cost hundreds of billions of dollars; if a hacker could possess such resources, it would simply make more economical sense to play by the rules and earn bitcoin.

Due to the security model of Bitcoin, where the network is secured by the amount of energy it consumes, Bitcoin is viewed as something very energy-intensive. In a time where the global population is looking to reduce the global carbon footprint, this provides the general media with a target for alarmist news pieces.

As a result of electricity being the largest cost that miners face, Bitcoin mining is not only a race of who can hash the fastest, but who can find the cheapest electricity. The best solution so far for cheap energy has been to use hydro electricity and other renewable sources.

While the general media may like to focus sensationally on Bitcoin mining being energy-hungry, I actually believe that the low profit margin in Bitcoin mining actually increases the acceleration towards renewable energy as Bitcoin becomes a race towards who can find the cheapest electricity.

Miner Centralization

Bitcoin mining profit margins are very slim. So to make a profit, you need to have access to cheap reliable electricity. This results in a lot of the current Bitcoin mining being done in western China, where there is cheap excess hydro electricity. In contrast, a Proof-of-Stake model would have no geographical advantage.

The bigger problem is if there is to be one Bitcoin miner manufacturer, that manufacturer could become power hungry, grow an ego and think they’re irreplaceable, and believe they can dictate rules or create more mining hardware for themselves than for customers and further feed their ego delusion. This would lead towards a point of centralization in the network. However, if the mining manufacturer became too dictatorial, the network users could agree on a Proof-of-Work change; this would make existing hardware instantly become worthless.

In theory, a profitable market should have plenty of competition but in this field consumers will only want to buy the most profitable mining hardware. Some think we’ll hit a wall with Moore’s Law and no miner will really have a lead over the next miner; others think we’ll continually see leading manufacturers come and go as other new entrants out-innovate them.

One thing is for sure, to date Proof-of-Work provides the best security to decentralized networks running a blockchain.

Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone.

– Satoshi Nakamoto

Related: Consensus Algorithms, Explained: What You Need To Know About Proof-of-Work, Proof-of-Stake, and Delegated Proof-of-Stake