The Anatomy of Proof-of-Work
The Anatomy of Proof-of-Work
By Hugo Nguyen
February 10, 2018
This is Part 1 of a 5 part series
- Part 1 - The Anatomy of Proof-of-Work
- Part 2 - Bitcoin, Chance and Randomness
- Part 3 - How Cryptography Redefines Private Property
- Part 4 - Bitcoin’s Incentive Scheme and the Rational Individual
- Part 5 - Bitcoin: Two Parts Math, One Part Biology
Proof-of-Work (PoW) was originally invented as a measure against email spams. Only later it was adapted to be used in digital cash [1].
What PoW mining actually does under the hood, is that it converts kinetic energy (electricity) into a ledger block. A mining machine repeatedly performs hash operations until it solves a cryptographic puzzle. All hash operations are thrown away except for the one hash that solves it.
This one tiny hash, which itself takes very little energy to compute, is a direct representation of the huge ball of energy that was required to produce it. The “proof” that the block was minted. In order to rewrite the block, an attacker later will have to spend a roughly equivalent number of hash operations that was originally required.
Let’s say that again: reverting takes an equivalent number of hash operations, not an equivalent amount of energy. That is because the hash is only a representation of the energy used, not the energy itself.
Over time, this representation of energy becomes less & less accurate — as improved hardware becomes more efficient. Energy itself doesn’t change, but its old representations “leak”.
Another way to visualize this process, is to think of PoW mining as attaching physical weights to virtual blocks. Over time the older blocks get damaged and get lighter & lighter. This also reduces the total weight of the chain, all else being equal.
Bitcoin combats this attrition process by constantly creating new blocks with fresh weights. This ensures that the tip of the chain is always heavy in the present, protecting the integrity of the entire chain. Heavy chain == secure chain.
(Some have suggested that “heaviest chain” is a better terminology than Satoshi’s “longest chain.” Longest chain can be very misleading when we don’t really mean length in the literal sense.)
SHA256 is the hash function that backs Bitcoin PoW mining. SHA256 protects the ledger from being rewritten. One hash in (to mine), one hash out (to revert). This is what gives Bitcoin its immutability property [2].
It’s amazing when you think about it. Hash operations dedicate their entire existence to the purpose of securing the ledger! Rarely anything in the real world has 100% dedication & efficiency. (e.g.: contrast that with gasoline & the combustion engine).
In reality, it is probably not 100% but something close to it. Because irreversibility relies on the hashed results being uniformly random (just like when you roll a fair dice), and algorithms can’t truly simulate real-world randomness.
Luckily for us, hash functions such as SHA256 have shown to be sufficiently random, aka “pseudorandom”. SHA256 has been reviewed & stress-tested for years, and has a rich research literature behind it. So it’s not something we have to be too concerned about (yet).
Fundamentally, I believe the idea of “attaching energy” to blocks is the right one & probably the only way to simulate immutability virtually.
Using energy burnt to back a block allows us to view immutability objectively. Whereas any non-energy-based method ultimately requires someone’s subjective interpretation of immutability . [3]
By attaching energy to a block, we give it “form”, allowing it to have real weight & consequences in the physical world. We can also think of PoW as the magic that brings a bunch of 0s & 1s into life.
In other words, PoW is the bridge between the digital & the physical.
Compare that to some cryptokitties that someone creates, modifies & removes as they see fit. Their uniqueness & existence are neither guaranteed nor reliable.
Even if the current variant of PoW fails, I’m confident that there will be other ways of attaching energy to a block.
In conclusion, PoW’s application in blockchains might prove to be far more significant & wide reaching than what it was originally invented for. PoW gives us immutability, which gives us uncensorable money, which could potentially change how society organizes itself. (Read Nick Szabo’s wonderful essay on social scalability for more on that.)
*This is part 1 of the Bitcoin Fundamentals series. Check out the full series here: part 1 , part 2 , part 3 , part 4 , and part 5 .
[1]: The idea of using PoW in digital cash might have originated from Wei Dai’s b-money & Nick Szabo’s bitgold proposals in the late 90’s. Hal Finney created the first implementation of PoW in digital cash (RPOW) in 2004.
[2]: Immutability is a relative concept. When we say ‘immutability’ we usually mean it’s practically immutable, not absolutely immutable. Even Gold can be synthesized given enough energy.
[3]: One such method is Proof-of-Stake. Read my article on Proof-of-Stake to understand its pitfalls & why it might be inferior to Proof-of-Work.