A proof-of-work (PoW) system is designed as a deterrent to spamming or denial-of-service attacks by requiring the expenditure of typically computational processing power. This computational work represents an economic cost, which an attacker would have to waste to disrupt the network. A core aspect of any proof-of-work system is that it is difficult to produce an output (proving work was done, sacrificing some sort of economic value), and it is easy for others to verify the work was completed without performing the work again themselves. The idea for PoW was first published in 1993 by Cynthia Dwork and Moni Naor, while the name "proof-of-work" would not be used until 1999 in a publication by Markus Jakobsson and Ari Juels, which built on the original work by Dwork and Naor.
Proof-of-work was introduced in the 1990s to mitigate email spam; the idea was introduced to have computers perform a small amount of work before sending an email that would be trivial for a legitimate email but would require increasing computer power and resources for those intending to send mass emails. It would later be adopted in 2008 by Bitcoin in the cryptocurrency's whitepaper as the consensus mechanism for the cryptocurrency.
The Bitcoin blockchain uses a proof-of-work (POW) system derived from Hashcash, created by Adam Back. For a node to propose a block onto the blockchain, it must find a nonce (an arbitrary number that can only be used once) that prepends to the block and results in a hash within a small range. Bitcoin blockchain adjusts the size of this range such that every block created globally has about a ten-minute interval.
PoW is used in blockchain and cryptocurrencies to maintain decentralization, as there is no centralized ledger to refer back to in order to ensure a transaction is real and to prevent tampering, PoW is used. This ensures that no user is allowed to spend their holdings twice, offers users a chance to detect tampering (which can then be rejected), and originally offered a low cost of entry into the cryptocurrency for potential miners and participants in the Bitcoin network (as users did not need to hold Bitcoin to enter the network and could participate as miners to earn coin).
The low barrier to entry was considered important for Bitcoin's founder and for maintaining decentralization. Since the introduction, and with the increasing popularity and competition between "miners" of Bitcoin, those computational needs have increased, and the barrier to entry has increased as well.
Further, to create a new "block" in Bitcoin, a user has to generate a "hash"—a long string of numbers that serves as the proof-of-work. Bitcoin uses the SHA-256 hash function, and putting data through the hash function will generate only one hash. This hash is a one-way function and cannot be used to obtain original data, only to check that the data generated matches the original data.
Modern computers can generate these hashes quickly, which is where the time interval in Bitcoin comes in, while the network is also able to set a certain level of difficulty to ensure the time intervals are maintained. Setting the difficulty is accomplished by setting a target for a given hash. The lower the target, the smaller set of valid hashes, and therefore the harder it is to generate a hash. This entire process is known as "mining" and is what generates new blocks in the blockchain underlying Bitcoin. "Miners" in this scheme then compete with each other to be the first to solve the mathematical puzzles and prevent anybody from gaming the system.
Proof-of-work and the difficulty adjustment algorithm included in Bitcoin force the marginal cost of mining Bitcoin to be around the cost of Bitcoin itself. This is intended to mirror the economics behind goods in a free market and allows Bitcoin to scale its security: as the price rises, more miners join the network, and the network becomes more secure. It also means Bitcoin miners are all paid roughly the same price for the Bitcoin they create as a consumer pays to buy the token directly.
Proof-of-work is built to incentivize users to continue to build on the blockchain, rather than to undermine the blockchain, through the compute resources necessary to prove the miners' work. As the objective of PoW is to extend the chain, the longest chain becomes the most believable chain because it has the most computational work to prove it. This further makes it almost impossible to create new blocks that erase transactions, create fake ones, or maintain a second chain. Especially as to achieve this, the malicious miner would have to solve the nonce faster than anyone else, which would require a majority of the network, which would require an amount of compute power and energy that are often considered to outweigh the gains made in the attack.
The Byzantine Generals Problem describes a computer science problem in which the different individuals have no way of trusting each other and asks how those individuals are supposed to trust the information they are being given. This is a problem that plagues decentralized consensus-based systems, and proof-of-work tries to solve this problem by creating the mathematical work users must perform and allowing all members of the decentralized system to agree on which version of the blockchain is valid. Part of this, in Bitcoin, is the difficulty adjustment system, which provides objective solutions to the problem and makes it more difficult to solve the problem legitimately, let alone illegitimately. The simple rule, though, for PoW is that the chain with the most work is the most valid, and since the amount of work in each block is objective and immutable, there can be no room for disagreement about which chain has the most work.
Proof-of-work is also developed to make it prohibitively expensive for an attacker to amass a majority of the hashrate on a cryptocurrency using a PoW consensus mechanism. Known as a "51% attack" (so-called for those engaged in the attack holding a majority, or 51%, of the hashrate and thereby gaining control of the network), the compute costs of a PoW consensus mechanism works to make it too expensive to gain a majority of the network, let alone to rewrite the blockchain. Further, with a lower barrier of entry for users, it ensures there are more users trying to make the next hash and therefore increases the difficulty of a 51% attack, almost making it impossible to perpetuate one of these attacks on a PoW blockchain.
There are a few problems with PoW that have held it back from being the most widely adopted consensus mechanism in blockchains. The first, and perhaps most commonly referred to, is the need for more power in PoW. As the blockchain grows, the hashes grow and the compute power required to solve them grows, increasing in energy consumption on the part of miners. This further begins to consolidate miners down to the people who can afford the equipment and pull computing resources into locations with cheap energy, causing consolidation of users and geography.
There are also security issues with PoW. One common example is a firewall around a good portion of network participants that could be run by a malicious actor who could turn the firewall off and partition the networks into two different chains or manipulate the firewall to allow some users through and not others, which results in a different consensus depending on the side of the firewall a user is on.
There is also the question of fairness. With PoW, miners are able to place transactions in any order they wish, and they could leave some transactions out if they want (especially if they are a rival's transactions), which leads to a lack of fairness in ordering and access. Further, there are concerns around the timestamp, as some users clock on the timestamps could be wrong, and there is often no consensus on the timestamps, but that small problem can reduce the fairness of the process. PoW is also not centralization proof. Although it would cost a lot in compute resources and energy, a few mining pools could take over a cryptocurrency or blockchain's hashing activities and thereby control its operations.
Since Ethereum's 2022 switch from a proof-of-work consensus mechanism to a proof-of-stake (PoS) consensus mechanism, the two have been more closely compared (not that they weren't already compared often as the two commonly being considered the most popular consensus mechanisms).
In a PoS system, unlike PoW, a user has to stake a cryptocurrency to become a validator, at which point they validate transactions. The choice for validators tends to be a weighted algorithm, which is weighted based on the amount of stake and the validation experience. The miner who offers a block for verification, if validated, is then rewarded. If the miner's block is not verified, the stake can be lost. Validators found to validate false or incorrect transactions or blocks can then lose their stake. This is to incentivize both miners and validators to remain honest in their validations.
Proof-of-stake is sometimes considered the better consensus mechanism because it consumes far less energy than a PoW system. The amount has been quoted as being 99.5 percent less energy used by PoS than PoW. And the transaction times using PoS tend to be quicker while using that lower energy. Proof-of-stake is sometimes considered to deal with 51% attacks better as well, as if miners are dishonest in PoS, they lose their stake. Also, users are not allowed to double-spend or steal coins without losing their investment, which suggests the cost would outweigh the potential gains of such disruptions.
Blockchain and cryptocurrencies using Proof-of-Work
Companies in this industry
Proof of Stake versus Proof of Work
Proof of work
Proof of Work (PoW)
September 15, 2016
Proof of Work (PoW)
September 15, 2016
Proof of Work and Mining
July 12, 2019