Scribd
Upload
77 views16 pages

Bitcoin PoW Challenges & Solutions

1. The document discusses proof of work as a way to select nodes in proportion to their computing power to propose blocks in a decentralized manner. 2. It explains how proof of work requires nodes to solve hash puzzles by finding a nonce such that hashing the block data and nonce produces a hash below a target value. This makes block creation moderately difficult. 3. The verification of proof of work blocks is trivial and decentralized, as any node can easily verify that the hash of a proposed block is below the target value.

Uploaded by

vedita's show
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
77 views16 pages

Bitcoin PoW Challenges & Solutions

1. The document discusses proof of work as a way to select nodes in proportion to their computing power to propose blocks in a decentralized manner. 2. It explains how proof of work requires nodes to solve hash puzzles by finding a nonce such that hashing the block data and nonce produces a hash below a target value. This makes block creation moderately difficult. 3. The verification of proof of work blocks is trivial and decentralized, as any node can easily verify that the hash of a proposed block is below the target value.

Uploaded by

vedita's show
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Proof of Work

Remaining problems
1. How to pick a random node?

2. How to avoid a free-for-all due to rewards?


• Everybody may want to run a bitcoin node in order to get
this free reward (lock reward and Transaction fee)

3. How to prevent Sybil attacks?


• An adversary may create a large number of Sybil nodes to
subvert the consensus process
Proof of work
To approximate selecting a random node: select nodes in
proportion to a resource that no one can monopolize (we
hope)
• In proportion to computing power: proof-of-work
(Used in Bitcoins)
• In proportion to ownership of the currency: proof-of-
stake (Not used in Bitcoins – but a legitimate model used in
other cryptocurrencies)
Equivalent views of proof of work

1. Select nodes in proportion to computing power

2. Let nodes compete for right to create block

3. Make it moderately hard to create new


identities
PoW
• Bitcoin achieves proof‐of‐work using hash puzzles.
• In order to create a block, the node that proposes that block is required to find a
number, or nonce , such that when you concatenate the nonce, the previous
hash, and the list of transactions that comprise that block and take the hash of
this whole string, then that hash output should be a number that falls into a
target space that is quite small in relation to the much larger output space of
that hash function.
• We can define such a target space as any value falling below a certain target
value.
• In this case, the nonce will have to satisfy the following inequality:
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) < target
• As we saw earlier, normally a block contains a series of transactions that a node
is proposing. In addition, a block also contains a hash pointer to the previous
block.
• In addition, we’re now requiring that a block also contain a nonce.
• The idea is that we want to make it moderately difficult to find a nonce that
satisfies this required property, which is that hashing the whole block together,
including that nonce, is going to result in a particular type of output.
• If the hash function satisfies the puzzle‐friendliness property, then the only way
to succeed in solving this hash puzzle is to just try enough nonces one by one
until you get lucky.
• So specifically, if this target space were just one percent of the overall output
space, you would have to try about 100 nonces before you got lucky.
• In reality, the size of this target space is not nearly as high as one percent of the
output space.
• It’s much, much smaller than that as we will see shortly.
Hash puzzles
nonce
To create block, find nonce s.t. prev_h
Tx
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) is very small Tx

In other words, H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) < target


Output space of hash

Target If hash function is secure (satisfies puzzle-friendliness):


space only way to succeed is to try enough nonces until you get lucky
• This notion of hash puzzles and proof of work completely does away with the
requirement to magically pick a random node. Instead, nodes are simply
independently competing to solve these hash puzzles all the time.

• Once in a while, one of them will get lucky and will find a random nonce that
satisfies this property.

• That lucky node then gets to propose the next block.

• That’s how the system is completely decentralized.

• There is nobody deciding which node it is that gets to propose the next block.
Advantage of such a PoW system?
• It completely does away with the problem of magically picking
a random node (to propose a block)

• Nodes independently compete by attempting to solve hash


puzzles
• Once in a while, one will succeed and propose the next block

• Result: Such a system is completely decentralized  No one


gets to decide which node proposes the next block
PoW property 1: difficult to compute
• Difficulty varies with time

• As of 2015: difficulty level is over 1020 hashes/block


• i.e., size of target space <= 1/1020 size of hash’s output space
• Such a computation not possible with commodity laptops

• Only some nodes bother to compete — miners


• This process of repeatedly solving hash puzzles is called bitcoin mining

• Technically anyone can mine  however mining power is concentrated in


a mining ecosystem
PoW property 2: parameterizable cost
Nodes automatically re-calculate the target (size of target space
as a fraction of the output space) every two weeks

Goal: average time between blocks = 10 minutes

In other words, recalculation takes place after 2,016 blocks!

Prob (Alice wins next block) =


fraction of global hash power she controls
Why is such a re-adjustment needed?
• It is inefficient if blocks are proposed too close to each other

• Would not be able to put multiple transactions in a single


block!

• Why 10 minutes?
• Not significant!
• Can change it to 5 minutes, and system would still work
Solving hash puzzles is probabilistic
10
minutes  
Probability density

Time to next block (entire network)


PoW property 3: trivial to verify
Nonce must be published as part of block

Other miners simply verify that


H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) < target

Advantage?
No centralized verifier needed! Any node or miner can verify
that the block was correctly mined
Mining economics
mining cost
If mining reward
> (hardware + → Profit
(block reward + Tx fees)
electricity cost)
Complications:
• Fixed (hardware) vs. variable (electricity) costs
• Reward depends on rate at which miners propose blocks (ratio of their
hash rate to the global hash rate)
• Cost in dollars, but reward in BTC  profit depends on exchange rate
Solving more than 1020 hashes to obtain 12.5 BTC at current
exchange rate is profitable!
What can a “51% attacker” do?
Steal coins from existing address? ✗

Suppress some transactions?


• From the block chain ✓
• From the P2P network ✗

Change the block reward? ✗

Destroy confidence in Bitcoin? ✓✓

You might also like