News & Insight
Digging digital nuggets out of the dirt: proof of work and incentivisation in a blockchain
In our previous #Block, we looked at the blockchain database methodology. That involves nodes – i.e. devices on a blockchain network – comparing each other’s ledgers in order to validate data or transactions. In doing so, consensus is reached as regards the data stored on the database. We also looked at how decisions are taken as to what information is ‘right’ and ‘wrong’ and how the 50%+ majority can’t always be trusted to take morally virtuous decisions.
In undistributed systems, the role as arbiter of ‘right and ‘wrong’ is fulfilled by a central figure or institution – central banks in the world of finance, the Land Registry as regards registered land, Companies House as regards ownership and control of companies, and so on.
In this third #Block of our series we look at how users of a blockchain can be incentivised to engage in the consensus process in the absence of a single arbiter and originator of value.
Users of a system are generally only willing to provide minimal if any contribution towards maintaining that system without getting something in return. Founders and early adopters of blockchain systems who are still drinking the Kool-Aid might say different, but altruism will only get you so far. When we spend fiat currency in Starbucks we don’t also have to then help verify the transactions of the ten impatient people waiting in line behind.
In a utopian network, where all nodes have the well-being of the system at heart, each node is willing to verify data or transactions without receiving anything in return. In a network applied in the real world, users need to be incentivised in one way or another by some form of fairly immediate tangible reward.
Satoshi Nakamoto, the anonymous person(s) credited with the invention of bitcoin, flagged this problem within the 2008 white paper setting out the methodology for bitcoin. The solution chosen is called ‘proof of work’ (PoW), although it had been invented by others years earlier as a concept pointed at preventing DNS/email spam attacks. And PoW has subsequently been adopted for use within various other blockchains in addition to bitcoin.
Proof of work
In our previous #Block we explained how –
- Data on a blockchain is encrypted by way of hashing
- Hashing involves taking data (of any length) as an input and producing a fixed length of random letters and numbers as the output. It is virtually impossible –
- For two sets of input data to produce the same output hash
- To know what any output hash will be produced by any particular input data save by means of trial and error
- To know what input data was produced by any particular output hash save by means of trial and error
- Blocks in a blockchain are linked together into chains by means of a block header (which contains the new hashed/encrypted information, a date and time stamp and then, crucially, the hash of the previous block in the chain) – techies will say there’s some other stuff in there but we don’t need to go into that for now
- Block headers therefore point backwards block by block all the way to the very first block
- In order to add a new block to a chain of blocks, there needs to be consensus as to whether or not the new block should be accepted (this is the ‘right or wrong’ bit)
- If consensus can be achieved, then – in theory – you have solved the ‘double spend’ problem applicable to any exchange of value in digital form – i.e. the entire network is in agreement as to whether there has been an exchange of value
- Without a centrally controlled ledger, or an asset such as gold that can be dug out of the ground, you need some way of issuing or generating coins or tokens on your blockchain in order to originate value
PoW as a consensus mechanism works as follows –
- In order for any transaction to be verified and accepted by the system (and a new block added to the chain) all nodes on the system have the opportunity to compete to solve a cryptographic puzzle
- Those nodes that choose to participate in the competition to solve the puzzle are called ‘miners’
- The first miner to find the solution is rewarded with the coins or tokens that are the means of exchanging value on that blockchain (hence the term ‘mining’)
- In order to regularise the production of new coins or tokens the relative difficulty of solving the puzzle must be variable. Were this not the case, as miners flocked to use a network, puzzles would be solved faster and faster and coins or tokens would be produced at an exponential rate until they ceased to have any scarcity and therefore lost their value. Therefore, in order for a blockchain to preserve scarcity, the greater the number of miners participating, the greater therefore should be the difficulty of the puzzle they need to solve
- Checking the solution to the puzzle must be extremely simple because the whole network potentially needs to check it so that it can move on to the next one
- The puzzles must be designed for computers to solve, and so that they can also check the solutions, without requiring human involvement
There are many different types of puzzles that potentially fit those requirements.
Bitcoin PoW – guess the nonce
On the bitcoin blockchain, the puzzle works as follows –
- Any nodes on the bitcoin blockchain wishing to transact broadcast their putative transaction, i.e. a new block, across the whole network – e.g. Node A just sent 1 bitcoin to Node B – although each new block could contain up to 1,000 transactions
- The new block usually has a transaction fee attached to it, which helps the miners make a decision as to which puzzles to solve first – the higher the fee, the more miners will compete to solve the puzzle and the quicker that new block will be added to the blockchain. The reward system is hard-coded into the bitcoin blockchain and halves automatically every four years or so. Unsurprisingly, the maths underpinning the reward system is rather involved!
- The new block contains –
- The hashed/encrypted information from the new transactions
- The block header from the prior block, which is the umbilical cord to the entire blockchain
- The network automatically adds a series of digits known as the ‘nonce’ to the hashed information of the new block and then re-hashes the whole thing to create the ‘target hash’. The target hash always starts with a whole number, usually prefaced with quite a number of zeros – the more zeros there are. the greater the difficulty of guessing the nonce (that when added to the known information in the new block will produce a hash that has a value that is equal to or less than the number with which the target hash starts). More simply, as the number of the target hash goes down the chances of successfully guessing the nonce become exponentially improbable
- The target hash, along with all its zeros, is then broadcast to the network – see here for a list of recently mined blocks
- Without knowing the value of the nonce, it is impossible to know what hash will be produced by the information in the new block (even if you were a party to the transaction it records) save by guessing in a process of trial and error – right now that is taking something like an average of 150 quadrillion hash calculations per second for about 10 minutes to solve a bitcoin puzzle!
- Miners run computer programmes – yes, you need special kit to become a miner – that collect the new blocks and –
- Check the prior block to confirm the validity of the transaction – i.e. Node A really does have that bitcoin to transfer to Node B – although note that the bitcoin blockchain does not maintain account balances in the way that will be the case for your current account at your traditional bank
- Compete to guess the nonce so as to produce a hash that is equal to or less than the target hash
- The first miner to guess the nonce broadcasts the solution to other miners, which then verify the solution – easy to do since hashing the solution will immediately show whether the result is less than or equal to the target hash
- Seeing that the solution has been found, the miners add the new block to the blockchain and that version of the blockchain then ripples out across all of the nodes in the system; and the miners then start working on the next new block
- If a miner wants to cheat, and subsequently solve the puzzle and try to add the new block to the blockchain then by that time the network will have moved on and the cheating miner’s version of the blockchain will not tally with the rest of the network and so will be rejected. The only way that a cheating miner can succeed is for it to take over 50%+ of the nodes in the system, a so-called 51% attack
- The winning miner is rewarded with transaction fees collected in that new block, but only after a certain number of new blocks have been added to the blockchain (incentivising the miners to keep digging and adding to the longest blockchain, and helping to disincentivise cheating miners)
- And, finally, the new block header forms an umbilical cord from our new block now on top of the blockchain going right back to the very first block
Mining bitcoin is like trying to crack a safe by guessing the code: not intellectually challenging but rewarding those with the most brute force computer power.
The value of the target hash (and the difficulty of finding it) goes up (easier) or down (harder) automatically by means of a ratio built into the bitcoin code comparing short term past performance with short term expected future performance. Again, the maths is complicated. However, the process of guessing the nonce to end up with a hash that is less than or equal to the target hash does not change.
PoW is a big subject on which a great deal has been written. Some of the criticisms are fairly obvious.
- Miners are incentivised to use exponential amounts of processing power and therefore energy to mine bitcoin or other tokens in analogous PoW blockchains. Not great for the environment then, unless that energy is taken straight from sources of renewable energy – and even then, is this really a useful human endeavour? All the miners that fail to guess the nonce have wasted the energy expended in doing so
- You may have heard of mining ‘farms’ – bitcoin and PoW based blockchains reward those with bigger and better equipment. In July 2018, PwC estimated that all the servers that run bitcoin’s software had an approximate equivalent rate of energy consumption to Ireland
- Since the rewards go to those with access to the most processing power, those with that power can club together and become increasingly powerful within the system. If they end up controlling 50%+ of that system then they are in de facto control and the system is re-centralised (and those users who are miners are incentivised to de-centralise) – see our previous #Block for thoughts on what might happen then
In our next #Block 4 we look at transfers of value between members of a blockchain and how value can be manipulated using a concept that has been around for just about as long as there have been markets anywhere, the ‘pump-and-dump’.
Get in touch
If you are a blockchain venture or investor and want to speak to lawyers who understand how blockchain and crypto-currencies work, then do please get in touch at firstname.lastname@example.org. Do also please reach out if there is a blockchain related topic that you might like us to address in a future #Block.
This piece was written by Henry Humphreys, with input from the HLaw blockchain team.