Image from Shutterstock
Proof of work is a consensus mechanism used to prevent spam and denial-of-service attacks. It operates in very simple terms, requiring the sender of a message (requester) to do some work, usually involving computer processing time, before the message can be sent and verified by the receiver (provider).
The key feature of a proof-of-work system is its asymmetry, meaning the sender of the message needs some time to prepare it i.e. prove that work was done, however, the receiver can verify that the work was done in virtually no time at all. More recently, proof-of-work systems have become popular because of their integral use in cryptocurrencies such as Bitcoin and Ethereum, where they are used by miners to secure the network.
In order to understand Bitcoin’s proof-of-work system, we need to first clarify what a hash is. A hash, or a digest as it is also known, is the result produced by a hash function such as SHA-256 (the one used by Bitcoin’s network).
The idea of a hash function is the following:
More specifically, if we go to Xorbin’s Sha-256 hash calculator and provide “bitcoin” as the data we want to hash, the result will always be “6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b”.
Even a slight change in the message results in a completely different hash. For instance, if we modify “bitcoin” to “bitcoins”, the hash becomes “b1e84e5753592ece4010051fab177773d917b0e788f7d25c74c5e0fc63903aa9”.
As you can see, it looks completely different even though we added just one letter to the input.
It is important to mention that the above strings are the hex representations of the 256 bit sequence of ones and zeros produced by SHA-256.
In short, hashing transforms a message such that the digest doesn’t give away the message in any way and makes it extremely difficult to uncover the message based on a given digest.
Bitcoin uses a proof-of-work system called Hashcash. The way it works is very simple – it requires the service requester, which in the case of Bitcoin is the miner, to find a number that is lower than a given target. The target is a number given by the Bitcoin network and here’s how it works.
The Bitcoin network is set up in a way that wants blocks to be mined, on average, every 10 minutes. Since mining power can go up and down with time, the blockchain self-regulates by modifying a target number, which controls how easy it is for miners to find a new block (we will explain all that in the next section).
This target number is adjusted every 2016 blocks, or about every 2 weeks. If the previous 2016 blocks took more than 2 weeks to be mined, the target number is increased proportionally and vice versa.
The target number is just an extremely big number and is inverse to the difficulty of the puzzle miners need to solve in order to find a valid block.
For example, if the target number was 1,000 for the past 2016 blocks, here’s how it is calculated for the next 2016 blocks. The Bitcoin network finds out how many minutes it took to mine the last 2016 blocks using the timestamps in each block’s header.
For the purposes of our example, let’s say that it took more than 2 weeks – 21,160 minutes (20,160 minutes equals 2 weeks). The new target number for the next 2016 blocks will be the previous target number 1,000 multiplied by (21,160 / 20,160).
That is 1,000 multiplied by 1.0496031746, which is about 1,049. As we explained, increasing the target number decreases the difficulty for miners and that is exactly what we want since, in our example, the past 2016 blocks took more than the desired 2 weeks to get mined.
It is a common misconception that Bitcoin miners try to find a number with a specific number of leading zeros in order to validate their proposed block.
In the simplest terms, to find a valid block, miners have to try and guess a number that is lower than or equal to the target number we mentioned above.
This provides a way of quantifying work done in terms of time since the chance to find such a number is easily calculated, statistically speaking.
In order to explain how, we first need to show what data each block in Bitcoin’s network contains in its header:
Let’s take a look at the specifics. Bitcoin’s proof-of-work system uses SHA-256 for its hashing operations. The number that miners try to guess to be lower than the target number set by the Bitcoin network is the double SHA-256 hash of the entire block header data.
All the aforementioned data is together hashed using SHA-256 and then the result is again SHA-256 hashed, which produces a 256 bit number. If this number is lower than or equal to the target number and the transactions in the block don’t break the validation rules, the block is considered valid. If not, the miner continues guessing.
The way they do that is by incrementing the nonce. As we mentioned in the section where we briefly explained hashing, even a slight change in the message results in a completely different hash.
Thus, changing the value of the nonce by 1 results in a completely different hash and a completely different number to compare to the target number. The miner will keep doing that until a number lower than the target number is found at which point the block is valid and appended to the Bitcoin blockchain.
All the talk about the leading zeros comes from the fact that the target number is usually a very large number with a lot of leading zeros when represented in binary format. Since the number that miners need to find needs to be lower than or equal to the target number, it has equal or more zeros compared to it.
For example, let’s take the Bitcoin genesis block. The first target number set by Satoshi Nakamoto was 26959535291011309493156476344723991336010898738574164086137773096960, which as you can see is a stupendously large number.
To show the leading zeros, we need to convert the above number into binary format with 256 bits and it becomes 0000000000000000000000000000000011111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.
The hash of the genesis block, as explained, aimed to be a number lower or equal to the target number and the one that was found by the first Bitcoin miner ever, was 10628944869218562084050143519444549580389464591454674019345556079.
In binary format (256 bits), it also has a ton of leading zeros – 0000000000000000000000000000000000000000000110011101011001101000100111000000100001011010111000010110010110000011000111101001001101001111111101110110001110101110010001101010001010100110110000010111001010110011111100011011011000001010100011001110001001101111.
Thus all the leading zeros in each of Bitcoin’s block header hashes. Some videos and articles around the internet mistakenly describe the Bitcoin proof-of-work process as a guessing game represented by miners trying to hit a number with a specific number of leading zeros.
It is a guessing game, but a different one as we explained. Since SHA-256 produces a 256 bit hash, the biggest number that can be generated by it is 2256 – 1 (we start with 0), which is an astronomically large number, much larger than the maximum target that can be set by the Bitcoin network.
This is where the inverse relation between the target number and the difficulty comes.
The smaller the target number the more difficult it is for miners to find a valid block hash since the range for valid numbers is smaller and smaller. As the target number increases, more and more valid numbers can be found, thus lowering the difficulty of the network.
In simpler terms, think of it as trying to draw a number less than or equal to 3, when the maximum in this fictitious guessing game is 10. Your chances of drawing a winner are 3 divided by 10, or 30%, where 3 represents the target number from the Bitcoin network.
The guessing game of the Bitcoin proof-of-work system works in the same manner, but uses much larger numbers.
Since we can calculate the chance to find a valid number for a new block, we can easily calculate, on average, how many guesses it would take for a new block to be found.
In the genesis block, the chance to find the right number was 1/4295032832, or about one in 4.3 billion. Thus, after about 4.3 billion nonce tries, statistics dictate that there is a very good chance that a valid block would have been found.
Of course, that is on average. In reality, sometimes blocks are found faster, sometimes slower. But based on probability, we can estimate the average block time.
As we already explained, the Bitcoin network re-adjusts the target number every 2016 blocks, trying to keep up with its promise of finding new blocks every 10 minutes.
And that’s how Bitcoin’s proof-of-work consensus mechanism operates.
In cryptocurrencies based on public blockchains, proof of work is used as a mechanism to deter malicious actors from creating and adding blocks to the blockchain.
Without it, anyone would be able to re-arrange the blockchain as they please, re-writing old blocks to their liking. This is where the proof-of-work consensus mechanism comes in.
The incentive for miners are the block rewards and the transaction fees, i.e. they receive bitcoins every time they “mine” a block. At the time of writing the bitcoin block reward is 6.25 BTC and is set to be halved yet again in 2024.
The Bitcoin proof-of-work system is an extremely clever solution to securing a publicly-shared ledger of monetary transactions, while also creating incentives for miners to keep playing the guessing game.
Miners try to guess a random number that is lower than or equal to a target number set by the Bitcoin network. If they guess right, the block they created is appended to the blockchain and they begin work on the next one.
Every 2016 blocks, the target number is adjusted based on the time it took to create the previous 2016 blocks. If it took more than 2 weeks, the difficulty is lowered and vice versa. The goal is to always make it so new blocks are found, on average, every 10 minutes, no matter the combined hash power of all miners in the Bitcoin network.
And that’s it. That’s how Bitcoin’s proof-of-work consensus mechanism works. If we dive into the intricacies things get a bit more confusing and interesting, but in the simplest terms, the system is designed to secure Bitcoin’s blockchain from malicious actors.