Proof of work: how Bitcoin reaches consensus
Previous versions of digital cash ran into the 'double spend problem'. How do you ensure everyone keeping a decentralised currency ledger agrees with each other, and avoid clashes where one person tries to spend their coins twice? The answer is a system called proof of work. The University of Cambridge's Mansoor Ahmed-Rengers explained how it works to Phil Sansom and Eva Higginbotham...
Mansoor - The creator of Bitcoin wanted something that was completely, what he calls, permissionless. And so anyone with a computer could be able to join the network. And the only thing that is sort of common between all computers is the ability to compute, right? Proof of work exploits that commonality. And what it does is it says, "okay, all of you computers in this network, we're going to do a puzzle. And what we're trying to find is a number which, when it is hashed with the previous block, gives us another number which has a certain number of zeros as its prefix." And this puzzle is going to determine who gets to be the next leader who decides what goes into the next block."
Eva - I don't understand. So who came up with this number that you add to it? Who's in charge deciding this is the way it works?
Phil - The underlying code of Bitcoin sets this criteria for what the eventual answer has to be, but who's in charge of finding out what the number you add to it is to get there: that's the puzzle! Right? Here's the puzzle: I try adding one, okay, that was wrong. I try adding two, that was wrong. I try adding three, that was wrong. On and on and on, until I try something and it ends up being right. You're basically doing this hashing over and over again with different values until you get the answer. And that is your proof of work - your proof that you have done the work.
Eva - Okay. Yeah. Like show your work. Yeah.
Phil - Show your working, yeah. Proof of work.
Eva - If you are a regular person who just buys some Bitcoin, you're not involved in any of this, this is just the people who are really into building the blockchain that controls everything?
Phil - Exactly. And the mechanics of the system mean that if you're one of those people, you're supposed to accept someone else's proof if it shows that they, quote unquote, 'won'.
Mansoor - The proof of work principle is that we accept the chain which is the longest,. So let's say that you and I both came up with the solution at the same time, which can happen. On an average half of the network will receive yours and half of the network will receive mine. And when, let's say Alice, receives my block, she'll start building her proof of work on top of that. Let's say Bob receives yours and he'll start building his proof of work on top of your block. Now the probability of another clash keeps going down. Now let's say Alice got there first. Alice's blockchain has one more block than your blockchain does at this point. So everyone who received your block will now abandon it and take Alice's, because we always go with the longest chain.
Phil - Okay. Mansoor does this work, does everyone actually end up agreeing?
Mansoor - In practice everyone does agree on the chain, let's say 10 blocks down from the most recent one and the transactions that are kind of set in stone.
Phil - I mean, that's kind of weird, right? That opens the door to a lot of messing around!
Mansoor - It is, you know! And one of the interesting thought experiments that I like to do with this is: we can imagine that there is a supercomputer which is more powerful than all the other computers in the Bitcoin network, and has already gone, let's say, a thousand blocks further than we are today. Now if the supercomputer suddenly decides to publish that blockchain to the network, we will all just have to accept it.
Phil - How powerful a supercomputer would I need?
Mansoor - It would have to be the most powerful supercomputer ever made.
Eva - What I don't understand is there must be so many people all over the world with computers who are doing this all at the same time. How on earth are they keeping track of every single Bitcoin transaction that's happening?
Phil - The hard part isn't collecting all the information of people sending Bitcoin transactions. I mean, computers are really good at using the internet to collect lots of that kind of information. The hard part is hashing and hashing and hashing until you find the right answer.