In the first part of the article, we explored consensus protocols as a concept and provided a high-level overview of some of the jargon which is commonly associated with the field. This second part focusses on one consensus protocol 'flavour': proof of work.
What is proof of work?
'Proof of work' is the name given to the confirmation mechanism most famously adopted by the Bitcoin blockchain. In proof of work, in order for a node to be elected as a leader (i.e. be allowed to choose the next block containing information to be added to the blockchain, which will then be universally accepted by and replicated across the network), the network participant must find a solution to a particular mathematical problem.
The mathematical problem asked of the nodes can be expressed as follows:
"Given data X, find a number n which, when appended to X, hashed and expressed as a long integer, is a number less than Y."
For the purposes of this article:
Difficulty means how hard it is for the nodes to solve the mathematical problem and is linked to the 'target' (i.e. Y in the mathematical problem above). The lower the target, the more difficult (and therefore the more time-consuming and expensive) the mathematical problem becomes to solve.
Hashing means the transformation of a string of characters into a (typically shorter) fixed-length value or key that represents the original string.
Nonce stands for 'number once' and means the integer value which is appended to the end of the hash of the previous block and the new data (i.e. X in the mathematical problem above) incrementally by miners. The nonce is n in the mathematical problem above.
Let's say the base string (i.e. X in the mathematical problem above), is: "Hello, world!". We first append a nonce to this message. The first nonce will be '0', making the full string: "Hello, world!0" We then hash this string using a cryptographic hash function. There are a number of such functions though, for the purpose of this article, we will use SHA-256, being the hash function used by the Bitcoin blockchain. If we hash our string using SHA-256, we get: 1312AF178C253F84028D480A6ADC1E25E81CAA44C749EC81976192E2EC934C64.
We then convert our hash into a long integer. There are a number of ways in which this can be done, none of which are particularly exciting or interesting. If our example were to be running on the Bitcoin blockchain, our string's hash would be interpreted as 2^252.253458683.
As stated in our mathematical problem above, we are looking for our string to hash to a value which, when interpreted as a long integer, is a number less than Y. For the purposes of our example, let's say that our Y target value is 2^240. Clearly, our string (which, when hashed and interpreted as a long integer is 2^252.253458683) fails in this regard. No problem! We incrementally increase the nonce (i.e. our string is now: "Hello, world!1") and try again.
One of the ideal properties of a cryptographic hash function such as SHA-256 is that even a small change to the string will change the hash so extensively that the new hash appears uncorrelated to the old hash. Our incremental increase to the nonce completely changes our hash – our string now hashes to: E9AFC424B79E4F6AB42D99C81156D3A17228D6E1EEF4139BE78E948A9332A7D8. Interpreted as a long integer, this hash is: 2^255.868431117. Still no luck!
Finding a hash of our string which falls below our Y target value of 2^240 actually takes us 4251 attempts:
"Hello, world!0" => 1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64 = 2^252.253458683
"Hello, world!1" => e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8 = 2^255.868431117
"Hello, world!2" => ae37343a357a8297591625e7134cbea22f5928be8ca2a32aa475cf05fd4266b7 = 2^255.444730341
"Hello, world!4248" => 6e110d98b388e77e9c6f042ac6b497cec46660deef75a55ebc7cfdf65cc0b965 = 2^254.782233115
"Hello, world!4249" => c004190b822f1669cac8dc37e761cb73652e7832fb814565702245cf26ebb9e6 = 2^255.585082774
"Hello, world!4250" => 0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9 = 2^239.61238653
The target has been met and whichever node solved the problem first wins the right to append the new block to the chain. This sounds pretty arduous, but in reality 4251 hashes on a modern computer is not particularly difficult. The Bitcoin blockchain automatically varies the difficulty to keep a roughly constant rate of block generation – the difficulty would be much greater than 2^240! The base string on the Bitcoin blockchain would be all of the unconfirmed transaction which the miner proposes to bundle into a block. The act of solving the problem by the nodes is called 'mining' and nodes are incentivised to mine by the mining reward – the 'winning' miner is rewarded with newly created Bitcoin.
Why proof of work?
Proof of work requires effort (and therefore time and expense in the form of electricity and computing power) to complete. The purpose of this is to deter frivolous or malicious users and helps to preserve the integrity of the ledger. Proof of work has three clear benefits:
- Robust – given the effort required to solve the mathematical problem, an attempt to 'flood' a blockchain with inaccurate/nefarious entries will be so disproportionately expensive that attackers are dissuaded from even attempting to do so;
- Meritocratic – miners must solve the mathematical problem wallet, they must still solve the same mathematical problem – this prevents significant token holders from making decisions for the entire network; and
- Secure – it becomes extremely difficult to alter historic blocks, since any such alteration would require re-mining all subsequent blocks. This is why blockchains are often described as being 'immutable'.
The disadvantages of using a proof of work confirmation mechanism are closely linked to the properties which make it so attractive in the first place. Most pertinently, a blockchain which incorporates a proof of work-based confirmation mechanism is often:
- Expensive – while the effort required to solve the mathematical problem disincentives attackers, it also comes with an associated cost which must be borne by all network participants. As the difficulty increases and more nodes take up mining, this cost can rise exponentially. Miners may seek to gain an advantage by investing in hardware which is optimised for the mining process, though such hardware comes at a cost and somewhat undermines the democratic ideals which blockchains are often held out to represent;
- Slow – the time it takes the miners to solve the mathematical problem (and thereby confirm the transactions) is sub-optimal for many blockchain use-cases.
- Environmentally unfriendly – effort requires computing power and computing power requires electricity. The scale of the Bitcoin network, coupled with the spike in BTC value in late-2017, saw a surge in Bitcoin mining activity and associated energy consumption. In mid-2018 estimates as to the energy consumption of the Bitcoin network were as high as 22 terawatt-hours (TWh) per year – almost the same as the Republic of Ireland. Given that this spike did not coincide with anything like mass adoption of BTC, this is clearly sub-optimal in the long run for high-volume blockchains.
If you have any questions regarding proof of work, consensus mechanisms, blockchain or smart contracts and how they might impact you or your business, please get in touch – firstname.lastname@example.org.