Proof-of-Work is an algorithm that ensures consistency and security in decentralized Blockchain networks. PoW solves the fundamental problem of consensus between independent nodes in distributed systems.
The consensus problem is not new. Various algorithms (e.g. Paxos, Raft) to address it in traditional distributed systems were developed as early as the 1970s. The Proof-of-Work algorithm rose to wide prominence in 2009 with the release of Bitcoin, the first blockchain-based decentralized cryptocurrency. In the years that followed, PoW established itself as an effective means of protecting open blockchain networks. Today, alongside the Proof-of-Stake method, it is the most popular consensus mechanism used in cryptocurrencies.
What is consensus
In traditional currencies (e.g. the US dollar), transaction security is guaranteed by a centralized intermediary both parties trust (e.g. a bank). Such an entity maintains a global ledger of all of its customers’ account balances. For example, if Anne transfers USD 10 to John, the bank will debit USD 10 from Anne’s account and credit it to John’s account. If Anne’s account is empty, the transaction will be rejected.
In blockchain-based cryptocurrencies, there is no trusted intermediary operating a centralized database of all accounts and transactions. The very idea of a decentralized network goes against such a solution. This, however, raises issues with the credibility of transactions concluded directly between parties. Once finalized, a transaction should never be changed and the funds spent should originate from the account they were deposited in.
Distributed consensus
In a blockchain network, the transaction ledger is stored by all nodes connected to the network. But how do you keep all nodes up-to-date? Suppose we allow for data to be inconsistent between nodes. In that case, we run the risk of someone trying to spend their bitcoins twice (or even more – double-spending problem).
The answer to this problem is mining. The actual purpose of mining is not to earn money by mining cryptocurrency but rather to validate transactions and force data synchronization between nodes. What the mining process does is group transactions pending confirmation into a block. The block is then validated by other miners and added to the blockchain, which is tantamount to confirming the transactions it holds. The correct decision (block validation) should be taken even if rogue nodes are involved or some nodes fail.
On average, in the bitcoin network, a new block is “mined” every 10 minutes by a random miner. Next, we will discuss how it is possible for miners not to create new blocks anytime they want, scooping up rewards and destabilizing the network in the process.
Algorithm
Proof-of-Work is based on a simple mechanism where one party proves to the other party that it did the right amount of work required towards a specific purpose. The result of the work should be easy to verify but costly to calculate. It is the cost of the work needed to provide a solution that should make fraud impossible or, at the very least, prohibitively expensive.
We will discuss the implementation of the Proof-of-Work algorithm in practice on the example of Bitcoin. Mining consists in generating a hash with the SHA-256 hash function twice. The function returns a 256-byte number encoded in hexadecimal notation.
Computing just any hash does not pose major problems. The challenge lies in calculating a hash conforming to specific requirements. In Bitcoin’s case, the hash value should be lower than the given target number (putting it plainly, it must start with a specific number of zeroes). The miner to first generate a hash that meets the network’s current requirements can attach his new block to the blockchain (the hash becomes the block ID) for which he/she is rewarded with Bitcoin. Miners compete to be first to provide the correct solution and receive the rewards. The chance of a specific miner generating a matching hash is minimal, which presents an element of randomness.
The hash is generated based on the header of the newly created block:
SHA256(Version + Previous block hash + Merkle root + Time + Bits + Nonce)| Field name | Description |
|---|---|
| Version | Protocol version used by Bitcoin client. |
| Previous block hash | Hash of the previous block hash. |
| Merkle root | Transactions in the block are stored in the form of a Merkle tree. The field stores the tree root. |
| Time | Block creation timestamp. Number of seconds elapsed since 1970-01-01T00: 00 UTC |
| Bits | Current target value the hash must meet. |
| Nonce | Number found in the mining process. Proof of work. |
A nonce is a puzzle that must be solved for the final hash to meet the target criterion. The nonce is a number that is found by a miner over a huge number of hash operations.
We will now manually validate actual block number 676060 and check if the generated hash is lower than the defined target value. Thereby, we will manually verify the block’s hash.
The block’s hash 000000000000000000096a64cf8b815041bb0efadc7a785cd5d8925a49ba0efd should meet the target criterion from the Bits field: 386,719,599. The miner was compensated with bitcoins worth 6.25 BTC (plus transaction commission) as a reward for finding the nonce satisfying the hash assumption.
Now, let’s move on to the correct interpretation of these values since both the Hash and Target value (the Bits field) are encoded values that cannot be readily interpreted.
First, we need to use a calculator to convert the hash from hexadecimal to decimal:
Hash (hex): 000000000000000000096a64cf8b815041bb0efadc7a785cd5d8925a49ba0efd
Hash (dec): 901835385203564892682937710280032399122927602378608381Then, we’ll convert the Bits field that stores the compressed target value to hexadecimal format (blockchain.com displays decimal numbers):
Target value (dec): 386719599
Target value (hex): 170CDF6FThe resulting number is still in a compressed index/coefficient format. The first two digits, 0x17, represent the index and the remaining six, 0x0CDF6F, the coefficient.
Finally, we will present the target value as a 256-bit number calculated according to the following formula:
target = coefficient * 2^(8 * (index – 3))
target (hex) = 0x0CDF6F * 0x02^(0x08 * (0x17 - 0x03))
target (hex) = 0x0CDF6F * 0x02^(0x08 * 0x14)
target (hex) = 0x0CDF6F * 0x02^0xA0
target (dec) = 843631 * 2^160
target (dec) = 1.232968088 × 10^54
target (dec) = 1232968087803106959787092839109270560155354027163385856
target (hex) = CDF6F0000000000000000000000000000000000000000 (180 bit)
target (hex) = 0000000000000000000CDF6F0000000000000000000000000000000000000000 (256 bit)After carrying out simple operations on large numbers, we can finally verify whether the block’s hash value is lower than the calculated target value.
Decimal system: Hash (dec) < Target value (dec):
901835385203564892682937710280032399122927602378608381 < 1232968087803106959787092839109270560155354027163385856Hexadecimal system: Hash (hex) < Target value (hex):
000000000000000000096A64CF8B815041BB0EFADC7A785CD5D8925A49BA0EFD < 0000000000000000000CDF6F0000000000000000000000000000000000000000Our calculations confirmed that the hash of block 676060 meets the requirements of the target value. In this article, we will skip validation of whether the hash was created based on the appropriate fields:
SHA256(Version + Previous block hash + Merkle root + Time + Bits + Nonce)A similar validation (and several others) is carried out by all nodes connected to the Bitcoin network which store their own copy of the blockchain and ensure that it stays correct.
Energy cost
Initially, the Bitcoin network used standard CPUs for PoW calculations. As the ranks of miners grew, so did the difficulty of calculating proof of work. Regardless of miners’ ability to compute hashes, a new block in the bitcoin network should be generated approximately every 10 minutes. When blocks are generated faster, the target criterion is reduced appropriately to extend the time it takes to compute a matching nonce value. Suppose blocks are generated in intervals longer than 10 minutes. In that case, the criterion is raised, and the nonce variable is found faster.
CPUs have been replaced by faster graphics cards (GPUs). Over time, GPUs have become too slow and were phased out in favor of application-specific integrated circuits (ASICs) designed with the sole purpose of computing hashes. Interestingly, the energy used for PoW calculations in the Bitcoin network exceeds the electricity consumption of some countries!
According to 2019 data published by the University of Cambridge, the Bitcoin network consumed 143 TWh annually. We believe that, in the wake of this cryptocurrency’s recent spiking popularity, the PoW algorithm currently consumes more electricity than Poland, a country of almost 38 million!
To address the high operating costs of Proof of Work algorithms entirely new group of algorithms, Proof-of-Stake and Proof-of-Space, were introduced.
