paint-brush
Bitcoin White Paper: 4. Proof-of-Workby@BitcoinWhitePaper
297 reads

Bitcoin White Paper: 4. Proof-of-Work

by BitcoinWhitePaperJune 27th, 2019
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hash cash [6], rather than newspaper or Usenet posts. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash. The majority decision is represented by the longest chain, which has the greatest proof of work effort invested in it. To modify a past block, an attacker would have toredo the proof of the block and all blocks after it and then catch up with the honest nodes.

Coin Mentioned

Mention Thumbnail
featured image - Bitcoin White Paper: 4. Proof-of-Work
BitcoinWhitePaper HackerNoon profile picture

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hash cash [6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort investedin it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow thefastest and outpace any competing chains. To modify a past block, an attacker would have toredo the proof-of-work of the block and all blocks after it and then catch up with and surpass thework of the honest nodes. We will show later that the probability of a slower attacker catching updiminishes exponentially as subsequent blocks are added.

To compensate for increasing hardware speed and varying interest in running nodes over time,the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.


References: [6] A. Back, "Hashcash - a denial of service counter-measure,"http://www.hashcash.org/papers/hashcash.pdf, 2002.