2.2.1 Proof of Work We use hashes to verify data (where you could see the verification as the transfer of information). So now, we have the availability to put huge amounts of texts into very short outputs. So a cryptographic hash algorithm does nothing more than translating all these numbers resulting from the input (for example from the word KOIOS as done in previous session). The hash function keeps altering the input in a function (formula), until it arrives at a 256 bit output in case of SHA-256. We will show you in the later how that's done. But by altering it with the function, you create the same fixed length of output. This makes it efficient to verify data. Also very important, you can't alter the information. So, it's basically a sort of a stamp, a digital fingerprint. As soon as you change this input, you change the output, as shown before. But how can we use this? We can use this for example, to communicate something as show in the introductory clip cryptography crash course. But also to calculate something. And why do you want to calculate something? Well… Here Proof of Work introduces itself: we use the hash function as a basis for the proof-of-work consensus. algorithm. A computer can calculate a hash in an instant, you could see this yourself in multiple website, but let’s use Anders his website. As you will see, by entering random data in field “data”, is that you will instantly change the hash. As you now know this is done because of the new total number that comes out of your input. By adding data in the data field you change the input and therefore also the output, compressed and represented by the SHA256 hash in this case. So this shows that to calculate one hash you only need a spit second, and this isn’t enough for 10,000 nodes spread across the globe to reach consensus. So we need to delay this hashing process to reach consensus. The goal is to (1) delay the process and (2) incentive people to put in effort to secure the network. This lead to “proof-of-work” where the miners need to score below a certain numeric outcome when they hash input. So every time you hash input (also a number), use this number as a variable in the specific hash formula, you will receive an output. Same input, will lead to the same output number which is then translated to a humanly readable hash (= digital fingerprint is therefore nothing more than a visual representation of a 256 bit number). 256 bits, either 0 or 1, will lead to 2^256 possible combinations. Approximately 10^70, which is a insanely huge number, nearly a large as the amount of atoms in the known universe (10^82). The main goal of the proof-of-work puzzle is to calculate the hash and reach an output number that lies below the difficulty target (= outcome of puzzle). Read more about it here as well. As you can imagine scoring below a certain outcome is quite hard, and keeps getting harder when you lower the target. As you can see in the example below, scoring a hash output below 10^70 is easy (every outcome is okay), scoring output below 10^35 is more difficult (only 50% is below target/difficulty = okay) and scoring < 10% is even harder (90% of hashes won’t suffice. The lower the target number, the higher the difficulty, the more difficult it is to generate an output number based on input. An easy example is a wheel of fortune of 100 numbers and you buy in first example all 100 numbers (10^70). No matter how often you spin the wheel (calculate the hash in analogy), you will win (and solve the puzzle). Want to make it harder? You buy 50 tickets, so this time you only win 50% of the times (you will need to spin statistically twice to win) and even 10 times harder when you have only bought 10 numbers. (Bitcoinwiki, 2020) (Bitcoin, 2019) With mining and hashing it is the exact same concept. Only this time the wheel of fortune is tremendously large (10^70 versus 100 in our example). Luckily you can influence the amounts of spins in the wheel you can do per seconds. By buying better mining hardware, you increase the computing power and by increasing the computing power, you increase the number of hashes you can calculate per second (= spins on the wheel of fortune). But your competition doesn’t sit idle either. So if you all buy more power, you will get more lucky and have a output number below the target (the wheel of fortune spins out your number). If you all together let the wheel pay out more than once per 10 minutes on average over the past 2016 spins, the target will adjust and become even lower, decreasing your chances of winning. pays out more than on average per 10 minute in the last. Keep in mind that “getting lucky” with a spin = solving the block difficulty = adding a new block to the blockchain and receive the block reward. (Frakenfield, Block reward, 2019) Fun fact: the difficulty target is made humanly readable and is often referred to as the “amounts of zeroes” a hash needs to start with. Currently the hash of a block needs to start with 18 zeroes, but remember: this is just a visual representation of a number. In this example you see 19 zeroes + the first transaction in the block a.k.a. the “coinbase transaction” (= not Coinbase the company named after the transaction) paying out the reward for solving the puzzle: (Wikipedia, 2020) So let’s go back to Anders example. This website works with a difficulty target represented by 4 zeroes, like Bitcoin in the Genesis block. This is an easy target, so a very high output number which is easy to score. If you change the data in the field, so for example select a different transaction as a miner, you change the outcome. This is very impractical of course and perhaps not always possible (like in the beginning of Bitcoin when there were no transactions), so we don’t change the transactions but we add a random number called “the nonce”. So try it out yourself: change the data and recalculate the nonce. Adding the tekst “hello world” will lead to a new nonce of 85,640. So by adding the bits of bytes behind number 85,640 we finally have a hash output that scores low enough that the difficulty is solved (and represented visually with four zeroes). In short: proof-of-work uses the hash algorithm, by adding a difficulty number where the output of the hash formula must be under (visually represented by 18 zeroes). This is a very small number and miners therefore need a lot of trials before they finally score below the target. This is done because otherwise it would be to easy to mine blocks and too many truths would be created + the blocks would be to easy to rewrite because it is not difficult to create a block (opening up the history of transactions for malleability). Therefore the miners succeed, on average every 10 minutes, because if they get better in calculating hashes, the difficulty rises and the target number drops (making it more difficult to score below, just like limbo dancing ). Side note: PoW is designed in such a way that there are no short- cuts other than trial and error. You can only solve this faster, by buying computational power, increasing the chances versus your competitors. A very complex game with all kinds of strategies, but more about this later. Note the following: 1. Block 613713 in the example above is 14,776,367,535,688.64 times harder to solve than Genesis block 0!! The harder the block is to solve the harder it is to rewrite history. This is also known as the hash rate. This has risen tremendously over the last few years (for Bitcoin and other PoW based blockchains), mainly caused by the introduction of ASIC mining. Some blockchains, that are ASIC-resistance see a lesser increase (ASIC resistance = hard to calculate the hash, so they use another hashing algorithm than SHA-256). (Bitcoin, 2019) (Bitinfocharts, n.d.) 2. If you want to change the past you need to solve ALL the blocks since that past. So you would also need to solve in the Anders Example the blocks 2,3,4,5. This is doable with such a low difficulty in the Anders example, but in Bitcoin’s case you would need to solve five blocks while outcompeting the rest of the world. Even if you did succeed and rewrite this history, WE ALL SEE! Because you have a different hash than us all. 3. We already all reached consensus that our truth was the SSOT so you would also need to convince us by forming the longest chain. The longest chain is only possible if you act according to protocol, so play by the rules. If you don’t, you would have waisted huge amounts of energy. So rewriting the past and do something invalid is not possible (we honest nodes would your different block, analyse the change compared with out blocks, find out that the transaction is invalid and we would ignore your block because we don’t want to risk building our block and energy power on your new false blockchain (in addition: not only is this economically not profitable, we might also have principles on building on your fraud ledger).