Proof of work
From Wikipedia, the free encyclopedia
Jump to navigationJump to search
This article may require cleanup to meet Wikipedia's quality standards. The specific problem is: Needs verification and documentation Please help improve this article if you can. (May 2015) (Learn how and when to remove this template message)
Proof of work (PoW) is a form of cryptographic zero-knowledge proof in which one party (the prover) proves to others (the verifiers) that a certain amount of computational effort has been expended for some purpose. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Cynthia Dwork and Moni Naor in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels. Proof of work was later popularized by Bitcoin as a foundation for consensus in permissionless blockchains and cryptocurrencies, in which miners compete to append blocks and mint new currency, each miner experiencing a success probability proportional to the amount of computational effort they have provably expended. PoW and PoS (Proof of Stake) are the two best known consensus mechanisms and in the context of cryptocurrencies also most commonly used.
A key feature of proof-of-work schemes is their asymmetry: the work must be moderately hard (yet feasible) on the prover or requester side but easy to check for the verifier or service provider. This idea is also known as a CPU cost function, client puzzle, computational puzzle, or CPU pricing function. It is distinct in purpose from a CAPTCHA, which is intended for a human to solve quickly, while being difficult to solve for a computer.
Contents
1 Background
2 Variants
3 List of proof-of-work functions
4 Reusable proof-of-work as e-money
4.1 Bitcoin-type proof of work
4.2 Energy consumption
5 ASICs and mining pools
6 See also
7 Notes
8 References
9 External links
Background
One popular system, used in Hashcash, uses partial hash inversions to prove that work was done, as a goodwill token to send an e-mail. For instance, the following header represents about 252 hash computations to send a message to calvin@comics.net on January 19, 2038:
X-Hashcash: 1:52:380119:calvin@comics.net:::9B760005E92F0DAE
It is verified with a single computation by checking that the SHA-1 hash of the stamp (omit the header name X-Hashcash: including the colon and any amount of whitespace following it up to the digit '1') begins with 52 binary zeros, that is 13 hexadecimal zeros:
0000000000000756af69e2ffbdb930261873cd71
Whether PoW systems can actually solve a particular denial-of-service issue such as the spam problem is subject to debate; the system must make sending spam emails obtrusively unproductive for the spammer, but should also not prevent legitimate users from sending their messages. In other words, a genuine user should not encounter any difficulties when sending an email, but an email spammer would have to expend a considerable amount of computing power to send out many emails at once. Proof-of-work systems are being used as a primitive by other more complex cryptographic systems such as bitcoin which uses a system similar to Hashcash.
Variants
There are two classes of proof-of-work protocols.
Challenge–response protocols assume a direct interactive link between the requester (client) and the provider (server). The provider chooses a challenge, say an item in a set with a property, the requester finds the relevant response in the set, which is sent back and checked by the provider. As the challenge is chosen on the spot by the provider, its difficulty can be adapted to its current load. The work on the requester side may be bounded if the challenge-response protocol has a known solution (chosen by the provider), or is known to exist within a bounded search space.
Proof of Work challenge response.svg
Solution–verification protocols do not assume such a link: as a result, the problem must be self-imposed before a solution is sought by the requester, and the provider must check both the problem choice and the found solution. Most such schemes are unbounded probabilistic iterative procedures such as Hashcash.
Proof of Work solution verification.svg
Known-solution protocols tend to have slightly lower variance than unbounded probabilistic protocols because the variance of a rectangular distribution is lower than the variance of a Poisson distribution (with the same mean).[further explanation needed] A generic technique for reducing variance is to use multiple independent sub-challenges, as the average of multiple samples will have a lower variance.
There are also fixed-cost functions such as the time-lock puzzle.
Moreover, the underlying functions used by these schemes may be:
CPU-bound where the computation runs at the speed of the processor, which greatly varies in time, as well as from high-end server to low-end portable devices.
Memory-bound where the computation speed is bound by main memory accesses (either latency or bandwidth), the performance of which is expected to be less sensitive to hardware evolution.
Network-bound if the client must perform few computations, but must collect some tokens from remote servers before querying the final service provider. In this sense, the work is not actually performed by the requester, but it incurs delays anyway because of the latency to get the required tokens.
Finally, some PoW systems offer shortcut computations that allow participants who know a secret, typically a private key, to generate cheap PoWs. The rationale is that mailing-list holders may generate stamps for every recipient without incurring a high cost. Whether such a feature is desirable depends on the usage scenario.
List of proof-of-work functions
Here is a list of known proof-of-work functions:
Integer square root modulo a large prime[dubious – discuss]
Weaken Fiat–Shamir signatures
Ong–Schnorr–Shamir signature broken by Pollard
Partial hash inversion This paper formalizes the idea of a proof of work and introduces "the dependent idea of a bread pudding protocol", a "re-usable proof-of-work" (RPoW) system.
Hash sequences
Puzzles
Diffie–Hellman–based puzzle
Moderate
Mbound
Hokkaido
Cuckoo Cycle
Merkle tree–based
Guided tour puzzle protocol
Reusable proof-of-work as e-money
Computer scientist Hal Finney built on the proof-of-work idea, yielding a system that exploited reusable proof of work (RPoW). The idea of making proofs of work reusable for some practical purpose had already been established in 1999. Finney's purpose for RPoW was as token money. Just as a gold coin's value is thought to be underpinned by the value of the raw gold needed to make it, the value of an RPoW token is guaranteed by the value of the real-world resources required to 'mint' a PoW token. In Finney's version of RPoW, the PoW token is a piece of Hashcash.
A website can demand a PoW token in exchange for service. Requiring a PoW token from users would inhibit frivolous or excessive use of the service, sparing the service's underlying resources, such as bandwidth to the Internet, computation, disk space, electricity, and administrative overhead.
Finney's RPoW system differed from a PoW system in permitting the random exchange of tokens without repeating the work required to generate them. After someone had "spent" a PoW token at a website, the website's operator could exchange that "spent" PoW token for a new, unspent RPoW token, which could then be spent at some third-party website similarly equipped to accept RPoW tokens. This would save the resources otherwise needed to 'mint' a PoW token. The anti-counterfeit property of the RPoW token was guaranteed by remote attestation. The RPoW server that exchanges a used PoW or RPoW token for a new one of equal value uses remote attestation to allow any interested party to verify what software is running on the RPoW server. Since the source code for Finney's RPoW software was published (under a BSD-like license), any sufficiently knowledgeable programmer could, by inspecting the code, verify that the software (and, by extension, the RPoW server) never issued a new token except in exchange for a spent token of equal value.
Until 2009, Finney's system was the only RPoW system to have been implemented; it never saw economically significant use.
RPoW is protected by the private keys stored in the trusted platform module (TPM) hardware and manufacturers holding TPM private keys. Stealing a TPM manufacturer's key or obtaining the key by examining the TPM chip itself would subvert that assurance.
Bitcoin-type proof of work
In 2009, the Bitcoin network went online. Bitcoin is a proof-of-work cryptocurrency that, like Finney's RPoW, is also based on the Hashcash PoW. But in Bitcoin, double-spend protection is provided by a decentralized P2P protocol for tracking transfers of coins, rather than the hardware trusted computing function used by RPoW. Bitcoin has better trustworthiness because it is protected by computation. Bitcoins are "mined" using the Hashcash proof-of-work function by individual miners and verified by the decentralized nodes in the P2P bitcoin network.
The difficulty is periodically adjusted to keep the block time around a target time.
Energy consumption
Since the creation of Bitcoin, proof-of-work has been the predominant design of peer-to-peer cryptocurrency. Many studies have been looking at the energy consumption of mining. The PoW mechanism requires a vast amount of computing resources, which consume a significant amount of electricity. Bitcoin's energy consumption can power an entire country.
However, there is no alternative design known that could replace proof-of-work but keeps its desirable attributes such as:[citation needed]
permissionless mining
fair distribution of coins
security against many known attacks
bootstrappability of new nodes in a hostile environment
graceful degradation and recovery even in the face of a successful attack or network failure
unforgeable and statically verifiable costliness
Also, there have been many attempts at making proof-of-work use non-specialist hardware. However, this is neither possible, because any specific proof-of-work function can be optimised with hardware, nor desirable, because specialist mining equipment improves security by committing miners to the specific network they are mining for.[citation needed]
ASICs and mining pools
Within the Bitcoin community there are groups working together in mining pools. Some miners use application-specific integrated circuits (ASICs) for PoW. This trend toward mining pools and specialized ASICs has made mining some cryptocurrencies economically infeasible for most players without access to the latest ASICs, nearby sources of inexpensive energy, or other special advantages.
Some PoWs claim to be ASIC-resistant, i.e. to limit the efficiency gain that an ASIC can have over commodity hardware, like a GPU, to be well under an order of magnitude. ASIC resistance has the advantage of keeping mining economically feasible on commodity hardware, but also contributes to the corresponding risk that an attacker can briefly rent access to a large amount of unspecialized commodity processing power to launch a 51% attack against a cryptocurrency.
1000 bitcoin bitcoin rpg bitcoin rpc ethereum api переводчик bitcoin bitcoin приложение trader bitcoin
bitcoin blocks
перспективы ethereum ninjatrader bitcoin капитализация ethereum bitcoin bitminer minergate monero wired tether bitcoin roll mini bitcoin bitcoin example
доходность ethereum
bitcoin майнеры bitcoin nachrichten ethereum mist tcc bitcoin hashrate bitcoin ethereum blockchain erc20 ethereum форекс bitcoin bitcoin casino blockchain ethereum bank cryptocurrency bitcoin индекс bonus ethereum arbitrage cryptocurrency client ethereum bitcoin s bitcoin project magic bitcoin ethereum vk xapo bitcoin bitcoin mt4 ethereum go продам ethereum
dat bitcoin nvidia bitcoin
bitcoin депозит форумы bitcoin bonus ethereum запрет bitcoin
фермы bitcoin ethereum io usb tether платформ ethereum monero hashrate okpay bitcoin использование bitcoin lealana bitcoin circle bitcoin ETH is a cryptocurrency. It is scarce digital money that you can use on the internet – similar to Bitcoin. If you’re new to crypto, here's how ETH is different from traditional money.bitcoin войти Blockchain Certification Training Courseвложения bitcoin laundering bitcoin network bitcoin продать monero kraken bitcoin купить bitcoin bitcoin fun bitcoin cny iso bitcoin withdraw bitcoin bitcoin paw ethereum frontier
bitcoin lurkmore bitcoin форекс bitcoin information bitcoin nodes
supernova ethereum gambling bitcoin download tether бизнес bitcoin компьютер bitcoin bitcoin alert ethereum описание bitcoin froggy buying bitcoin bitcoin обменники bitcoin simple фермы bitcoin calc bitcoin bitcoin nasdaq connect bitcoin ConclusionMultisignature wallets have the advantage of being cheaper than hardware wallets since they are implemented in software and can be downloaded for free, and can be nearly as convenient since all keys are online and the wallet user interfaces are typically easy to use.MimbleWimble is a data storage and transaction structure that aims to enhance privacy and fungibility while reducing network bloating and improving scalability. The Mimblewimble design was introduced in 2016 by pseudonymous Tom Elvis Jedusor. As of April 2020, MimbleWimble’s main stand-alone implementations are Grin (GRIN) and Beam (BEAM).MimbleWimble is based on the UTXO model. However, in MimbleWimble there are no addresses, and UTXO values are encrypted by the 'blinding factors'. Blinding factors are private keys which are only known to the UTXO owner. It is not possible for an observer to deduce any information on ownership or value of a MinbleWimble UTXO.To create a transaction in the original MimbleWimble design, the sender and the receiver wallets need to first establish communication. Once the communication is established, the sender provides the transaction inputs, and both sender and receiver create their respective outputs with range proofs attesting that the values are non-negative. Both parties sign the transaction before sending out to the nodes.Hence, transaction validity is achieved by having nodes verifying that the sum of inputs and outputs is exactly zero and that the range proofs and signatures are correct. Finally, the inputs are removed from the current UTXO set while the outputs are saved.However, Litecoin’s MimbleWimble implementation via extension blocks would enable transactions 'without the need to build a transaction interactively with the receiving party.' Specifically, Litecoin aims to achieve a similar result with Diffie-Hellman Key Exchange.To find more details about the implementation, please check the details here in LIP-0003.iota cryptocurrency cryptocurrency dash bitcoin currency block bitcoin tether пополнение bio bitcoin bitcoin explorer bitcoin книги ethereum raiden bitcoin yandex
bitcoin scrypt tether верификация dash cryptocurrency tether 2 bitcoin cloud monero биржи bitcoin artikel finex bitcoin cronox bitcoin ethereum клиент telegram bitcoin bitcoin вконтакте bitcoin chart яндекс bitcoin вывод monero bitcoin blockstream
кран bitcoin gas ethereum bitcoin 2000 ethereum вывод ethereum кошельки topfan bitcoin bitcoin stock bitcoin arbitrage майнинга bitcoin network bitcoin ethereum купить iphone bitcoin bitcoin take etf bitcoin покер bitcoin truffle ethereum red bitcoin bitcoin chains
ethereum история ставки bitcoin difficulty monero bitcoin facebook 5 bitcoin кости bitcoin мавроди bitcoin ethereum алгоритмы bitcoin приват24 ethereum price monero купить bitcoin hack
bitcoin timer bitcoin alliance
ethereum цена cardano cryptocurrency bitcoin airbitclub the ethereum
bitcoin бонусы биржи bitcoin
bitcoin коды проверка bitcoin cryptocurrency nem новые bitcoin ethereum обменники бесплатный bitcoin bitcoin tm bitcoin bbc ethereum доходность bitcoin usa bitcoin компьютер bitcoin форекс ubuntu bitcoin doubler bitcoin gain bitcoin bitcoin crash bitcoin play
bitcoin халява loco bitcoin ethereum ethash
bitcoin count nanopool monero bitcoin scripting ethereum rig ethereum обменники bitcoin bow ethereum pool
кошель bitcoin брокеры bitcoin
bitcoin конвертер bitcoin pay
рулетка bitcoin field bitcoin sec bitcoin bitcoin автор monero proxy blockchain monero chaindata ethereum microsoft bitcoin bitcoin орг кран monero bitcoin today claim bitcoin conference bitcoin bitcoin greenaddress
frontier ethereum withdraw bitcoin криптовалюта ethereum bubble bitcoin заработать bitcoin
ethereum телеграмм ethereum contract x2 bitcoin bitcoin обмен any number that starts with a zero would be below the target, e.g.:bitcoin magazin
bitcoin png How to Invest In Ethereum With Fiat Currencyграфик ethereum monero ann bitcoin work
bitcoin лучшие bitcoin деньги gps tether конференция bitcoin pos bitcoin cryptocurrency trading key bitcoin pirates bitcoin
bitcoin doubler account bitcoin monero rur
fox bitcoin nodes bitcoin bitcoin индекс torrent bitcoin bitcoin passphrase bitcoin в компиляция bitcoin ethereum addresses bitcoin debian конвертер bitcoin qr bitcoin bitcoin создать balance bitcoin bitcoin grant
monero bitcointalk ethereum course captcha bitcoin web3 ethereum
ethereum wikipedia captcha bitcoin
tether майнинг вход bitcoin wallet tether bitcoin основатель tx bitcoin bitcoin markets
bitcoin код wirex bitcoin bitcoin news bitcoin journal хайпы bitcoin bitcoin check torrent bitcoin create bitcoin miner bitcoin bitcoin cost конец bitcoin bitcoin подтверждение monero blockchain ethereum пулы
money bitcoin ethereum shares bitcoin arbitrage bitcoin зебра matrix bitcoin bitcoin 2x платформа bitcoin описание bitcoin bitcoin шахта gemini bitcoin
ethereum miner ethereum капитализация bitcoin мастернода bitcoin бизнес korbit bitcoin форк bitcoin bitcoin skrill iota cryptocurrency clame bitcoin bitfenix bitcoin monero rub explorer ethereum bitcoin icons
ethereum contracts nova bitcoin bitcoin dark bitcoin cpu конвертер ethereum
проблемы bitcoin
bitcoin metatrader trade cryptocurrency bitcoin kran bounty bitcoin
bitcoin zona
создатель bitcoin bitcoin casino 100 bitcoin bitcoin minergate bitcoin take bitcoin lottery card bitcoin 600 bitcoin blitz bitcoin bitcoin journal bitcoin hunter charts bitcoin adbc bitcoin claymore ethereum monero proxy ethereum foundation bitcoin опционы bitcoin india bitcoin vpn Double Geometric methodобмен tether The legacy Bitcoin block has a block size limit of 1 megabyte, and any change on the block size would require a network hard-fork. On August 1st 2017, the first hard-fork occurred, leading to the creation of Bitcoin Cash (BCH), which introduced an 8 megabyte block size limit.Conversely, Segregated Witness was a soft-fork: it never changed the transaction block size limit of the network. Instead, it added an extended block with an upper limit of 3 megabytes, which contains solely witness signatures, to the 1 megabyte block that contains only transaction data. This new block type can be processed even by nodes that have not completed the SegWit protocol upgrade.Furthermore, the separation of witness signatures from transaction data solves the malleability issue with the original Bitcoin protocol. Without Segregated Witness, these signatures could be altered before the block is validated by miners. Indeed, alterations can be done in such a way that if the system does a mathematical check, the signature would still be valid. However, since the values in the signature are changed, the two signatures would create vastly different hash values.For instance, if a witness signature states '6,' it has a mathematical value of 6, and would create a hash value of 12345. However, if the witness signature were changed to '06', it would maintain a mathematical value of 6 while creating a (faulty) hash value of 67890.Since the mathematical values are the same, the altered signature remains a valid signature. This would create a bookkeeping issue, as transactions in Nakamoto consensus-based blockchain networks are documented with these hash values, or transaction IDs. Effectively, one can alter a transaction ID to a new one, and the new ID can still be valid.This can create many issues, as illustrated in the below example:crococoin bitcoin blue bitcoin monero fr обвал bitcoin market bitcoin bitcoin trader подарю bitcoin
bitcoin main bitcoin описание is bitcoin monero ann bitcoin zona bitcoin expanse space bitcoin ethereum упал обновление ethereum кран bitcoin bitcointalk bitcoin bitcoin galaxy bitcoin hub
bitcoin продать
enterprise ethereum bitcoin mac bitcoin poloniex 6000 bitcoin
bitcoin покупка coingecko bitcoin dat bitcoin описание bitcoin котировки ethereum konvert bitcoin ethereum wikipedia bitcoin автомат bitcoin calculator аналоги bitcoin ethereum gold ethereum обменять bitcoin future up bitcoin
кошелька ethereum кошельки ethereum заработок bitcoin bitcoin valet wallets cryptocurrency bitcoin registration bitcoin кранов iso bitcoin ethereum mist fx bitcoin bitcoin эмиссия
tether tools ethereum пул If the sender sent some amount of Ether as value with the transaction, setting the account balance to that valuepolkadot взлом bitcoin ethereum прогноз bitcoin conference форки ethereum форки bitcoin bitcoin отслеживание ethereum картинки bitcoin mmm bitcoin вложить bitcoin вложить bitcoin fpga bitcoin nyse
bitcoin аккаунт
bitcoin asic bitcoin оборот биржа monero
information bitcoin bitcoin grant ethereum метрополис buy ethereum multibit bitcoin bubble bitcoin
msigna bitcoin casper ethereum карты bitcoin криптовалют ethereum bitcoin hyip ethereum swarm халява bitcoin bitcoin services bitcoin получение bitcoin gpu bitcoin demo goldsday bitcoin карты bitcoin bitcoin халява bitcoin новости bitcoin cache
chaindata ethereum bitcoin putin банкомат bitcoin usd bitcoin blitz bitcoin bitcoin future ethereum frontier ethereum info ethereum рост cold bitcoin mmm bitcoin
android tether ethereum buy bitcoin котировки monero калькулятор ethereum calc bitcoin weekend bitcoin автоматически ethereum info ethereum stats
bank cryptocurrency 3 bitcoin
ethereum капитализация криптовалюты bitcoin carding bitcoin основатель bitcoin bitcoin dance bitcoin wm скачать bitcoin bitcoin alpari r bitcoin bitcoin click ethereum стоимость bitcoin ммвб bitcoin пулы обменять monero bitcoin de bitcoin adress мастернода ethereum ethereum проекты bitcoin краны bitcoin футболка перевести bitcoin poloniex monero monero cryptonote bitcoin отследить bitcoin investing настройка ethereum code bitcoin future bitcoin bitcoin сокращение bitcoin ocean cap bitcoin bitcoin хабрахабр cryptocurrency wallet bitcoin информация fpga bitcoin coinmarketcap bitcoin
ethereum windows 1:20casino bitcoin bitcoin символ gas ethereum A blockchain is a decentralized public distributed ledger that is used to record transactions across many computersethereum википедия bitcoin russia обменник tether ethereum виталий best bitcoin оборот bitcoin bitcoin blockchain криптовалюта tether ethereum логотип bitcoin zona tether coin купить bitcoin bitcoin суть tor bitcoin bitcoin обмен bitcoin play bitcointalk bitcoin надежность bitcoin bitcoin anonymous bitcoin win bitcoin окупаемость super bitcoin pool bitcoin mmgp bitcoin bitcoin logo putin bitcoin Bitcoin Mining Hardware PangolinMiner M3Xкошелька ethereum ethereum linux bitcoin double форк bitcoin bitcoin lion bitcoin store иконка bitcoin antminer bitcoin bitcoin конвектор cryptocurrency gold ethereum калькулятор bitcoin payeer bitcoin json bitcoin карты проект bitcoin обменник bitcoin
ssl bitcoin розыгрыш bitcoin bitcoin register ethereum обменять calc bitcoin часы bitcoin ethereum логотип wallpaper bitcoin js bitcoin bitcoin change bitcoin регистрация bitcoin habrahabr ssl bitcoin lamborghini bitcoin
electrum ethereum
bonus bitcoin bitcoin skrill bitcoin прогноз перспективы ethereum Pool Miningethereum описание monero cpuminer wechat bitcoin бизнес bitcoin monero новости бесплатный bitcoin click bitcoin cryptocurrency ico скрипт bitcoin bitcoin автосерфинг for disruption of the economic status quo. In a decade the millennial generation is projected to have the highest earning power of all generations,bitcoin login bitcoin продать bitcoin analysis bitcoin reddit bitcoin center кошелек ethereum форк bitcoin bitcoin dynamics криптовалюты bitcoin box bitcoin roulette bitcoin cryptocurrency prices ethereum логотип car bitcoin
калькулятор monero ann ethereum bitcoin ios tera bitcoin и bitcoin
tether верификация all bitcoin график monero ethereum gas in tranches over several months. bitcoin 2048 cryptocurrency dash ethereum claymore bitcoin bazar erc20 ethereum cryptocurrency перевод tether limited
mac bitcoin
bitcoin grant bitcoin china
bitcoin planet ethereum charts bitcoin proxy bitcoin шахты mikrotik bitcoin bitcoin 100 air bitcoin конвектор bitcoin black bitcoin python bitcoin bitcoin io bitcoin center cryptocurrency trading обновление ethereum bitcoin автоматически
bitcoin freebitcoin cpa bitcoin bitcoin apk bitcoin займ bitcoin code скачать bitcoin carding bitcoin обмен ethereum bitcoin etf bitcoin golden проблемы bitcoin wallets cryptocurrency
bitcoin c bitcoin блокчейн bitcoin генератор bitcoin dark widget bitcoin продать monero gift bitcoin ethereum dao forum bitcoin
bitcoin рулетка
coinmarketcap bitcoin key bitcoin bitcoin монет bitcoin surf bitcoin stock bitcoin freebitcoin q bitcoin
asic monero bitcoin государство ethereum описание bitcoin ruble bitcoin отзывы tether addon fpga ethereum
get bitcoin биржи ethereum
ethereum бесплатно bitcoin торговля сбербанк bitcoin обмен ethereum bitcoin expanse mercado bitcoin bitcoin лого
wallpaper bitcoin