Proof of Work (commonly abbreviated to PoW) is a mechanism for preventing double-spends. Most major cryptocurrencies use this as their consensus algorithm. That’s just what we call a method for securing the cryptocurrency’s ledger.
Proof of Work was the first consensus algorithm to surface, and, to date, remains the dominant one. It was introduced by Satoshi Nakamoto in the 2008 Bitcoin white paper, but the technology itself was conceived long before then.
Adam Back’s HashCash is an early example of a Proof of Work algorithm in the pre-cryptocurrency days. By requiring senders to perform a small amount of computing before sending an email, receivers could mitigate spam. This computation would cost virtually nothing to a legitimate sender, but quickly add up for someone sending emails en masse.
What is a double-spend?
A double-spend occurs when the same funds are spent more than once. The term is used almost exclusively in the context of digital money – after all, you’d have a hard time spending the same physical cash twice. When you pay for a coffee today, you hand cash over to a cashier who probably locks it in a register. You can’t go to the coffee shop across the road and pay for another coffee with the same bill.
In digital cash schemes, there’s the possibility that you could. You’ve surely duplicated a computer file before – you just copy and paste it. You can email the same file to ten, twenty, fifty people.
Since digital money is just data, you need to prevent people from copying and spending the same units in different places. Otherwise, your currency will collapse in no time.
For a more in-depth look at double-spending, check out Double Spending Explained.
Why is Proof of Work necessary?
If you’ve read our guide to blockchain technology, you’ll know that users broadcast transactions to the network. Those transactions aren’t immediately considered valid, though. That only happens when they get added to the blockchain.
The blockchain is a big database that every user can see, so they can check if funds have been spent before. Picture it like this: you and three friends have a notepad. Anytime one of you wants to make a transfer of whatever units you’re using, you write it down – Alice pays Bob five units, Bob pays Carol two units, etc.
There’s another intricacy here – each time you make a transaction, you refer to the transaction where the funds came from. So, if Bob was paying Carol with two units, the entry would actually look like the following: Bob pays Carol two units from this earlier transaction with Alice.
Now, we have a way to track the units. If Bob tries to make another transaction using the same units he just sent to Carol, everyone will know immediately. The group won’t allow the transaction to be added to the notepad.
Now, this might work well in a small group. Everyone knows each other, so they’ll probably agree on which of the friends should add transactions to the notepad. What if we want a group of 10,000 participants? The notepad idea doesn’t scale well, because nobody wants to trust a stranger to manage it.
This is where Proof of Work comes in. It ensures that users aren’t spending money that they don’t have the right to spend. By using a combination of game theory and cryptography, a PoW algorithm enables anyone to update the blockchain according to the rules of the system.
How does PoW work?
Our notepad above is the blockchain. But we don’t add transactions one by one – instead, we lump them into blocks. We announce the transactions to the network, then users creating a block will include them in a candidate block. The transactions will only be considered valid once their candidate block becomes a confirmed block, meaning that it has been added to the blockchain.
Appending a block isn’t cheap, however. Proof of Work requires that a miner (the user creating the block) uses up some of their own resources for the privilege. That resource is computing power, which is used to hash the block’s data until a solution to a puzzle is found.
Hashing the block’s data means that you pass it through a hashing function to generate a block hash. The block hash works like a “fingerprint” – it’s an identity for your input data and is unique to each block.
It’s virtually impossible to reverse a block hash to get the input data. Knowing an input, however, it’s trivial for you to confirm that the hash is correct. You just have to submit the input through the function and check if the output is the same.
In Proof of Work, you must provide data whose hash matches certain conditions. But you don’t know how to get there. Your only option is to pass your data through a hash function and to check if it matches the conditions. If it doesn’t, you’ll have to change your data slightly to get a different hash. Changing even one character in your data will result in a totally different result, so there’s no way of predicting what an output might be.
As a result, if you want to create a block, you’re playing a guessing game. You typically take information on all of the transactions that you want to add and some other important data, then hash it all together. But since your dataset won’t change, you need to add a piece of information that is variable. Otherwise, you would always get the same hash as output. This variable data is what we call a nonce. It’s a number that you’ll change with every attempt, so you’re getting a different hash every time. And this is what we call mining.
Summing up, mining is the process of gathering blockchain data and hashing it along with a nonce until you find a particular hash. If you find a hash that satisfies the conditions set out by the protocol, you get the right to broadcast the new block to the network. At this point, the other participants of the network update their blockchains to include the new block.
For major cryptocurrencies today, the conditions are incredibly challenging to satisfy. The higher the hash rate on the network, the more difficult it is to find a valid hash. This is done to ensure that blocks aren’t found too quickly.
As you can imagine, trying to guess massive amounts of hashes can be costly on your computer. You’re wasting computational cycles and electricity. But the protocol will reward you with cryptocurrency if you find a valid hash.
Let’s recap what we know so far:
It’s expensive for you to mine.
You’re rewarded if you produce a valid block.
Knowing an input, a user can easily check its hash – non-mining users can verify that a block is valid without expending much computational power.
So far, so good. But what if you try to cheat? What’s to stop you from putting a bunch of fraudulent transactions into the block and producing a valid hash?
That’s where public-key cryptography comes in. We won’t go into depth in this article, but check out What is Public-Key Cryptography? for a comprehensive look at it. In short, we use some neat cryptographic tricks that allow any user to verify whether someone has a right to move the funds they’re attempting to spend.
When you create a transaction, you sign it. Anyone on the network can compare your signature with your public key, and check whether they match. They’ll also check if you can actually spend your funds and that the sum of your inputs is higher than the sum of your outputs (i.e., that you’re not spending more than you have).
Any block that includes an invalid transaction will be automatically rejected by the network. It’s expensive for you to even attempt to cheat. You’ll waste your own resources without any reward.
Therein lies the beauty of Proof of Work: it makes it expensive to cheat, but profitable to act honestly. Any rational miner will be seeking ROI, so they can be expected to behave in a way that guarantees revenue.
Proof of Work vs. Proof of Stake
There are many consensus algorithms, but one of the most highly-anticipated ones is Proof of Stake (PoS). The concept dates back to 2011, and has been implemented in some smaller protocols. But it has yet to see adoption in any of the big blockchains.
In Proof of Stake systems, miners are replaced with validators. There’s no mining involved and no race to guess hashes. Instead, users are randomly selected – if they’re picked, they must propose (or “forge”) a block. If the block is valid, they’ll receive a reward made up of the fees from the block’s transactions.
Not just any user can be selected, though – the protocol chooses them based on a number of factors. To be eligible, participants must lock up a stake, which is a predetermined amount of the blockchain’s native currency. The stake works like bail: just as defendants put up a large sum of money to disincentivize them from skipping trial, validators lock up a stake to disincentivize cheating. If they act dishonestly, their stake (or a portion of it) will be taken.
Proof of Stake does have some benefits over Proof of Work. The most notable one is the smaller carbon footprint – since there’s no need for high-powered mining farms in PoS, the electricity consumed is only a fraction of that consumed in PoW.
That said, it has nowhere near the track record of PoW. Although it could be perceived as wasteful, mining is the only consensus algorithm that’s proven itself at scale. In just over a decade, it has secured trillions of dollars worth of transactions. To say with certainty whether PoS can rival its security, staking needs to be properly tested in the wild.
Proof of Work was the original solution to the double-spend problem and has proven to be reliable and secure. Bitcoin proved that we don’t need centralized entities to prevent the same funds from being spent twice. With clever use of cryptography, hash functions, and game theory, participants in a decentralized environment can agree on the state of a financial database.