The Bitcoin White Paper: 4. Proof-of-Work

The Bitcoin White Paper: 4. Proof-of-Work...


"Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
October 31, 2008"

Now Satoshi tackles the problem of how to make bitcoin hard to produce. It can't be like digital dollars that the Federal Reserve can create out of thin air.

"4. Proof-of-Work

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash[6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.


Pioneers like Adam Back and his Hashcash showed the way. Bitcoin is now backed by CPU power. And CPU power is backed by energy. Bitcoin can be seen as energy stored in digital form. It is the purest form of storing and transferring value we've ever had. What is the basis of anything including money? It is energy and the ability to do some type of work on your behalf.

"The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added."

Satoshi shows how honesty is the best policy in the Bitcoin network. This has proved true over the 14-year history of Bitcoin.

"To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases."

The difficulty adjustment has ensured there is about 10 minutes between each Bitcoin block. The huge increase in difficulty has made Bitcoin more secure and valuable over time.


6. A. Back, "Hashcash - a denial of service counter-measure," http://www.hashcash.org/papers/hashcash.pdf, 2002. ↩

Thanks to the Nakamoto Institute for making the whitepaper available freely via an Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. More info on that here: https://creativecommons.org/licenses/by-sa/4.0/

Source: https://nakamotoinstitute.org/bitcoin/