Definition: The Bitcoin proof of work is the underlying consensus algorithm for the bitcoin blockchain network. It aims to find a combination of predefined inputs which result in a hash value lower than a certain target threshold.
Process of Proof of Work consensus
In Bitcoin the consensus is created in five general steps.
- Users create transactions and submit them to the network.
- Miners validate transactions (is the signature correct, is there a double-spend attempt).
- Miners solve the hash puzzle.
- Miners propagate the solution in the network.
- Miners express agreement to the hash puzzle solution by using the latest block hash as input for their current hash puzzle.
The PoW algorithm in Bitcoin
As mentioned above the right combination of different input parameters must be found to solve the hash puzzle. The following inputs are used.
- hash of previous block
- hash of Merkle root
- mining difficulty parameter
Now, the miner calculates the hash (SHA-256) of all inputs. If the resulting output is lower than the target threshold, the puzzle is solved and the miner can submit the block to the network.
But if the output is higher than the target threshold, the miner needs to try again with different inputs. He increments the nonce by one (leaving all other parameters constant for now), hashes all values, and checks again whether the result is below the threshold. This is to be done until the miner finds the puzzle solution or until another miner finds it first.
If a miner finds the solution a new block is appended to the blockchain. Now all nodes need to update their input values like the hash of the previous block, the hash of the Merkle root (since new transactions are validated), and timestamp.
All blocks are linked with their block hash to the following block. This is called hash pointer.
Now it could happen that two miners find a correct solution at the same time and there are two valid blocks. The network now needs to decide which branch it follows. This is called race condition. Eventually one branch will succeed and become the longest chain.
Usually, miners take the first block hash the see first as an input of their previous block hash field and start mining on it.
Chain selection rules and fork choice rule
There are different chain selection rules. In Bitcoin the chain with the highest cumulated difficulty is considered as the canonical (correct) chain.
If a block should be changed afterwards, all hash pointers would become invalid (the chain brakes). In order to restore the chain all puzzles after the change need to be solved again. The longer the chain the more difficult it is to overtake all other miner
Example of Bitcoin PoW
Our target is 2^252. So, every hashing output should be below this target. In the following table we used a nonce and the string “HelloWorld!” as parameters.
|input (nonce + rest of parameters)||output in hexadecimal||below target?|
It took us 14 trials to find a hash output which is below the target value. If you choose a lower target it should take more trials on average.
The input parameters
Here we take a closer look at some important input parameters which are crucial for the PoW hash puzzle.
The nonce is a 32-bit unsigned integer number. It is incremented with each try. Due to its rather limited values of approximately 4.3 billion, it overflows quickly given the current hash rate. After an overflow the miner would do the same calculations as before.
Therefore, it needs to update another input value before the nonce can re-start from zero.
Commonly miners use a field called extraNonce for this purpose which is located in the coinbase transaction. If the extraNonce is incremented the Merkle tree needs to be recomputed and the hash of the Merkle root parameter changes. However, recomputing the whole Merkle tree takes time. That’s the reason why some miners use the Unix timestamp parameter before resorting to the extraNonce field. Learn more here. But the timestamp range is limited too since other nodes would reject blocks which are too far in the future or in the past.
The mining difficulty states how high the target value (threshold) is. In Bitcoin it is adapted dynamically every 2016 blocks which is roughly every 14 days given a block time of ten minutes. Learn more here.
The hash of the Merkle root is the digest of the hashes of all transactions included in a block.
An in-depth explanation of all parameters can be found here:
ASICS and Pool Mining in Bitcoin
The Bitcoin proof of work mining algorithm is computationally intensive. It requires relatively little memory but very fast CPUs. That’s why it is profitable to use very specialized hardware (so-called ASICS) for this type of PoW. This hardware is stripped of all unnecessary things and can only perform this very task (in Bitcoin calculating the SHA-256).
In order to have a regular income stream many smaller miners join so called mining pools. They contribute with their hashing power and receive in turn a block reward. A fraction of the block reward goes to the mining pool as a fee.
Miners invest hardware, electricity, and work to take part in the PoW. They are compensated for their efforts with a block reward. Every time a miner finds a solution and adds a block to the blockchain it is allowed to include a so-called coinbase transaction. In this special transaction, the miner can credit itself a certain amount of Bitcoin out of thin air. This is called block reward.
In Bitcoin the block reward decreases every 210,000 blocks (roughly four years) by the half. This process is known as Bitcoin halving.
Critics of Bitcoin proof of work
The proof of work algorithm of Bitcoin is criticized mostly for its huge energy consumption. But it is necessary in order to secure the network.
Beside that the mining community is very centralized due to mining pools. This is a result of the hashing algorithm which is not ASIC-resistant. It gives miners with highly specialized hardware (and access to cheap electricity) a massive advantage over miners with consumer-grade mining hardware (like GPUs).
Although there are several mining pools it is not clear by whom they are controlled. It could be that the same person controls more than 50 % of the total hashing power.
You find an overview of the hash rate distribution here: https://www.blockchain.com/en/pools
Another point of criticism is that with a 51 % attack the chain can be reorganized. This becomes particularly critical in conjunction with the centralization aspect.
Hash rate Bitcoin: https://www.blockchain.com/en/charts/hash-rate
White paper Bitcoin: https://bitcoin.org/bitcoin.pdf