Bitcoin Proof-of-Work

# 4. Proof-of-Work

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash, rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

> 💡 In plain terms
> Proof-of-Work is best understood as a lottery that requires real effort to enter.
>
> To add a new block to the chain, a computer must find a special number (called a "nonce") that, when combined with the block's data and hashed, produces a result starting with a certain number of zeroes. There is no shortcut — the only way is to try billions of random numbers until one works.
>
> This is expensive in electricity and time. But checking the answer takes a single hash calculation — a fraction of a second. So:
> - Producing a valid block is hard
> - Verifying that a block is valid is trivially easy
>
> Think of it like this: proving you did 10,000 push-ups is hard, but watching you do them is easy to verify.

For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.

> 💡 In plain terms
> "One-CPU-one-vote" solves a classic internet problem: fake identities.
>
> On most online systems, one person can create a million fake accounts and flood a vote. Bitcoin makes this impossible because votes are cast with computing power — real hardware running on real electricity.
> You can't fake CPU work. You either did it or you didn't.
>
> The longest chain wins, and building the longest chain requires the most accumulated real-world effort. An attacker who wants to rewrite history must redo all the work from that point forward AND outpace all the honest miners doing new work simultaneously. The further back the block, the more work that would need to be redone — making older transactions exponentially safer.

To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.

> 💡 In plain terms
> Bitcoin automatically adjusts how hard the puzzle is every ~2 weeks.
> If miners are solving blocks too quickly (because more people joined or hardware got faster), the puzzle gets harder. If blocks are too slow, it eases.
>
> This keeps the block rate stable at roughly one block every 10 minutes, regardless of how much computing power is pointed at the network.
> It's a self-regulating system with no administrator needed.

> ⚡ Why It Works vs. Traditional Finance
> Traditional ledgers rely on access control — only authorized employees can modify records, and you trust the institution to hire honest people and secure their systems.
>
> Bitcoin relies on thermodynamics instead of trust.
> Changing the ledger requires spending real energy. The cost of attacking the network scales with the honest network's size — the more valuable Bitcoin becomes, the more miners join, the more secure it gets. Security and value are self-reinforcing. No bank has a security model that improves automatically as deposits increase.

Bitcoin Proof-of-Work

// COMMENTS

ON THIS PAGE