Bitcoin uses Proof of Work to ensure blockchain security and consensus. Fine, but what does that mean?
“Proof of Work”, as its name implies, requires that the decentralized participants that validate blocks show that they have invested significant computing power in doing so. As we saw in “How does Bitcoin work?”, bitcoin validators (known as “miners”) compete to process a block of transactions and add it to the blockchain. They do this by churning enough random guesses on their computer to come up with an answer within the parameters established by the bitcoin program.
Hang on, that’s confusing. So, they wildly guess and hope that their resulting answer ends up in a certain range? Sort of. The main character in this game is called a “nonce”, which for trivia lovers, is an abbreviation of “number used once”. In the case of bitcoin, the nonce is an integer between 0 and 4.294.967.296.
The other main character is a “hash”, which is an algorithm (= a really long and complicated formula) that converts any sequence of characters (it could be the word “dog”, or it could be an entire novel) into a string of 64 letters or numbers.
Hashes are a big part of what makes bitcoin secure. If you change so much as a comma in the text that is hashed (= has the algorithm applied to it), or if you so much as add a space, you get an entirely new hash. It could be a little different, or it could be very different, the outcome is random. Only it’s not really random, because every time you pass a particular text through a hash, you get the same string. If you change something, it’s different. For a given text, it’s always the same. Change one thing, and it’s not.
So, if you hash a real estate purchase agreement or a last will and testament or a stock purchase deal, and put that on the blockchain, no-one can change the details without everyone knowing. If a hash on the blockchain suddenly changes, things get messy. That’s what makes historical bitcoin transactions and records tamper-proof.
Now, let’s leave hashes for a second. You have a block of transactions to process. You want to be the first one to process it, because then you get the “mining reward”. The “mining reward” is an amount of new, fresh bitcoins awarded to the first one to process a block. Fresh bitcoins are a good thing to have. So, how do you get them?
You know the hash of the previous block of transactions. That’s public information, it’s on the blockchain. That will form the beginning of your block of text. Next, you take the current block of transactions, the one you want to process, and add it onto the hash of the previous block. Your block of text is growing.
Now, you pick a nonce, the random number that we mentioned above, and add that to your block of text. You perform a hash of that block (= apply the algorithm to it), which now consists of the hash of the previous block + the transactions + a random number. The resulting hash needs to be a string that has a certain number of zeros in front of it.
That doesn’t sound too complicated, right? Well, bear in mind that to find the number, your computer has to perform approximately 10^21 computations. That’s a LOT. It takes on average 10 minutes to find a nonce that gives you the desired string. That is why it takes about 10 minutes to completely process a bitcoin transaction, to get it registered on the blockchain. There isn’t only one nonce that will do it, there are probably several, but you have no way of knowing what they are.
(And if you know your numbers and thought that the possible range for the nonce given above is not very large, you’re right. In most cases all possible nonces in that range won’t get you the hash you want. So then you go and change a second nonce that is buried in the block, incrementing it by 1 or whatever you want, and you start all over again. Complicated, huh? So the total number of possible nonces from the combination of the two is 4.294.967.296^2, which gives you a really huge number.)
Sometimes computing power improves and the pesky nonces are found increasingly quickly. If that happens, the difficulty is increased. This means that the number of zeros needed in front of the resulting hash for the block to be accepted is increased.
Given the immense amount of work that your poor computers have to do, you can see why this system is called “Proof of Work”.
How does that ensure security and integrity?
Imagine that you wanted to go back and change something in a transaction or a document registered on the blockchain a few blocks ago. As I explained above, if you change so much as a comma, the entire hash changes. And since that hash forms part of the next hash, that would change too. And so on. You would effectively have to re-mine every subsequent block. If one is difficult and expensive, how difficult and expensive would it be to successfully get several re-mined? Prohibitively so. Proof of Work helps maintain bitcoin transactions’ integrity.
It can also prevent double-spending attacks. Let’s say that you send bitcoins to one person. The person that you sent the coins to in the first transactions sees that you did that, and releases or sends the goods you wanted to purchase. A second later, you send the same bitcoins to another address that you own. Given bitcoin’s latency (it can take a few seconds for transactions to spread around the nodes, and your second one may arrive at some nodes before your first one), it’s possible that your second transaction gets processed and validated first. Your first transaction is invalid. Are you going to send back the goods? Probably not. This is why, if you are a merchant accepting bitcoin, it is recommendable to wait for a few blocks to pile on top of the one that sends you the bitcoins, to make sure that yours is the one that got processed, not the “nice try!” fraudulent attempt by the sender.
Now let’s assume again that you’re an unethical bitcoin user (shame on you!). To make it likely that your block with the dodgy transaction is the one processed and added onto the chain, you would need to control over 51% of the validating nodes. If it weren’t for the amount of work that each validating node has to perform, you could create as many as you wanted. As many as you needed, in fact, to get 51% of the network. With Proof of Work, you simply can’t afford to. All of those nodes would have to, you know, do the work. There’s no way that the colossal cost would be compensated by the economic benefit.
What does that have to do with consensus?
For any system to work, you have to assume that at least half of the participants have good intentions. You don’t know who they are, though. With bitcoin, it doesn’t matter. Since there’s no way of knowing who the successful validator will be (because the successful choice of the necessary nonce is random), there’s a greater than 50% chance that it is an honest participant.
But that’s not really consensus, true. That’s where the concept of the chain comes in. In bitcoin you can assume that the longest chain, the one with the most blocks, is the “correct” one, and has the network “consensus” behind it. Why? Because the most amount of work has gone into that chain. We’ve seen how each block requires a lot of computing power. So the one with the most blocks has the highest amount of accumulated work invested in it.
And bear in mind that since the blockchain is distributed amongst all participants, they all know what’s on there. If the validators are adding on to a chain, and if it is impossible to know who the validator is going to be, then we can safely trust that the longest chain has the network’s consensus.
If it turned out that we could not trust at least half of the bitcoin validators, and that there was a strong chance that bitcoin transactions could be filtered, manipulated or duplicated, we would pack up and go home and start work on a new system in which we could rely on that assumption. If that happened, all bitcoin validators would lose not only the value of the bitcoins that they hold, but also the investment they made in the super-fast computers that do the validating (and they’re not cheap). So, the network has an economic incentive to stay honest. The network needs the trust in the system to remain intact.
Another way in which Proof of Work helps consensus is the time it takes for each block to be validated. In 10 minutes, you can be reasonably sure that the latest blockchain has been propagated to all nodes. Everyone has had time to receive the updated version. That version has consensus.
Problem solved, right? Not so fast.
Let’s look at the drawbacks.
First, it’s inefficient. Imagine hundreds of computers all around the world churning power looking for a solution to a pointless puzzle. It sounds crazy, right? But the puzzle is only pointless in that it that it doesn’t solve anything. It just acts as a barrier. It does its best to make mining difficult, so that it would be expensive to fake.
Second, it’s expensive. Electricity costs. The super-fast computers cost. To compensate for the high cost of processing these blocks and churning computer power to find the elusive nonce, the first participant who finds the elusive nonce automatically gets a reward of new bitcoins. This is why the block processors are called “miners”. It’s almost as if they dig fresh “gold” out of the ground.
Third, the high cost is leading to centralization of bitcoin block processing. Remember how I said “hundreds of computers all around the world”? Well, they’re not really. Most of them are in China, where electricity is cheap. A kilowatt/hour in China costs $0.11, vs $0.18 in the US and $0.21 in the UK. In Spain, where I live, the variable rate for heavy users reaches almost $0.17/KwH. There are not a lot of miners in Spain (we had headlines just last week of bitcoin miners getting arrested for, among other things, stealing electricity from the neighbours to run their fast computers). Over 70% of bitcoin computing power (evocatively called “hashing power”) is in China.
So where does that leave us?
That leaves us with a secure and decentralized protocol that solves the problem of verifiable consensus, and incentives. It works. It’s not perfect, but so far it seems to be the best option available, at least for bitcoin. It’s not the only option, though, and we will soon look at alternatives, both conceptual and real. The number of blockchains out there is increasing, and each uses a different way of achieving security and consensus. Some are based on Proof of Work, some aren’t, and each has advantages and disadvantages. And if that weren’t confusing enough, there are more and more ideas emerging to improve on or even radically change the current Proof of Work system. Innovators don’t tend to sit still for long.