Proof of Work is the first consensus mechanism ever created. It’s famously used by Bitcoin, and was first implemented by its unknown creator under the pseudonym Satoshi Nakamoto. Proof-of-work (PoW) consensus is based on the principle of competition. Different people will compete to solve (or mine) the next block, and whoever is successful will be rewarded with some newly created bitcoins and the transaction fees from any transactions inside the block. This is known as the block reward, and it’s how PoW provides an incentive to users for participating in consensus. So how does it work?
The first thing we need to explain is the ‘crypto’ part of cryptocurrency. A cryptographic hash is a string of random numbers and letters of a fixed size. You can put any amount of data into a hashing algorithm to produce the hash as an output. If a single bit of data from the input is changed, the hashing algorithm will produce a completely different hash. This is really important so keep it in mind!
Anyone participating in the PoW consensus process is called a miner. The first job of a miner is to pick up transactions from the network’s mempool (short for memory pool), then build those transactions into a new block. This block is made up of two parts; the block header and the block body. The block body contains all the transactions inside the block. The block header contains a few other things:
- The version number of the network’s software
- The hash of the previous block (we’ll get to this in a bit)
- The merkle root (a way to verify transactions without checking them one at a time)
- A timestamp
- A difficulty target (how hard it is to find a valid hash)
- The nonce (this is a random number that miners keep changing to get a new block hash. Only certain hashes will be deemed valid by the network, so we need a bit of data such as a number, that we can keep changing to try find a valid hash for the block)
Let’s say you’re a miner. You’ve picked up enough transactions to fill up the block body (technically you don’t need a full block, but that just means more transaction fees for you). You’ve also created a block header with the version number, merkle root, timestamp and difficulty target. You’ve also pointed to the previous block in the chain by listing that block’s hash. What now? Well now you need to calculate a valid hash for your own block. You take all the data in the block (header and body), and then you start running it through a hashing algorithm to calculate a hash, which looks like a random bunch of numbers and letters. However, based on the current difficulty of the network, your hash needs to fall under a certain size to be deemed valid. For example, the network might require four leading zeros, meaning your hash needs to start with 0000. But you’ve run all the data through the hashing algorithm, and your hash doesn’t even start with one zero. So now you change the nonce to a different number. That will completely change the hash because of the way the hashing algorithm works. It might have one zero at the start, or just something completely different. You continue changing the nonce, calculating the hash each time, until eventually you get a hash that starts with enough zeroes to be deemed a valid block by the network. This would take way too much time to do manually, which is why miners will buy expensive processing equipment (such as graphics cards or an ASIC) to run the calculations for them. Because the process takes a lot of time and electricity, by calculating a valid hash you have proved that you have done the work. Hence, Proof of Work! That block is now added to the blockchain along with all the transactions inside it, and you are rewarded with the Bitcoins from the block reward and transaction fees.
The advantage of the PoW approach is that as long as the total hash rate is well distributed between lots and lots of people, the consensus process is very decentralised. Unfortunately most individuals don’t contribute that much hash power, which is a representation of how many hashes they can calculate per second. Instead, these users have to join mining pools to have a reasonable shot at a block reward. These pools are networks of miners who add their hash power together, allowing them all to work together to check as many nonces as possible. When one entity in a mining pool successfully mines a block, everyone in the pool shares the reward based on how much hash power they personally contributed. Although this does get more people involved with mining by sharing the incentive, it also means the person directing the mining pool could potentially take control and use that hash power for their own gain. For example, they could collude with other mining pools to gain 51% of the total hash power on the network, giving them the ability to mine every new block. With this power, they would be able to validate any block they want, so they could prevent new transactions, reverse transactions or even double-spend coins (as long as they were in control of the network when those transactions were made).
It’s worth noting that so far, a 51% attack hasn’t ever happened to Bitcoin, however it has occurred with other less popular PoW-based cryptocurrencies. Whether it will ever happen to Bitcoin really depends on if the operators of those mining pools can be trusted. Considering blockchain is meant to remove trust from the equation, this is not an ideal situation, but it has proven to work so far. There are other significant disadvantages to the PoW approach though; checking hashes consumes a lot of electricity, and it takes a lot of time. It’s a very wasteful process, and it doesn’t scale very well because each block takes so long to produce. Scaling issues can be solved with other technologies, but most modern blockchain projects are moving to more efficient consensus mechanisms instead.
The last issue with Proof of Work is that there is a possibility of two new blocks being created instead of one, each pointing to the same block as the one before it. This is called a fork, because the network is being split into two new chains. The ‘true’ chain is decided by whichever fork is the longest, and that means any transactions on the other abandoned chain are likely to be lost if no one continues supporting that chain by mining new blocks on it. This can mean transactions previously on the blockchain could be lost, so the transactions did not have finality. One way to work around this is to use confirmations (a number that represents how many blocks have been added to the chain after the block containing any particular transaction) because this makes it less likely for the transaction to be undone. However, for most blockchain use cases, this is insufficient and poses an unnecessary risk.