17
2
I know that proof of work shows that the person has put in some time and power into the processing. I also know that bitcoin mining is adding a transaction into the blockchain and then the miner will need to solve a pow problem.
Why do we need this? What if we eliminated the proof of work step for the miners and what are the consequences of doing so?
10
Imagine I have 1 bitcoin. And imagine I can form a transaction to send that bitcoin to Alice or I can form a transaction to send that bitcoin to Charlie.
Now, what stops me from forming both transactions? Nothing.
So, if I do that, how will people know which transaction is valid? Clearly, without some reliable way to tell which of those two transactions are valid, the system is doomed.
This is what PoW does. A miner cannot contribute PoW to both transactions at the same time -- he must pick one.
"Clearly, without some reliable way to tell which of those two transactions are valid, the system is doomed." Computationally, it's not required to produce PoW in order to verify that all the transactions packed in a certain block are mutually valid according to the current blockchain. If you pack both transactions into one block, the block will not be valid. If you pack one transaction into a block and it ends up in the blockchain, then any future block that my be added could not include the other transaction. No need for PoW to verify these conditions. – rapt – 2019-08-25T20:14:20.913
@rapt Can you explain how this would work? Say I have a blockchain that ends with block A, you have a blockchain that ends with block B, and block A has a transaction that conflicts with block B. How do I know which of those two conflicting transactions I can rely on without PoW? – David Schwartz – 2019-08-25T20:38:53.733
@DavidSchwartz To you as an outside observer, what you first care about is that all the current versions of the blockchain (BC) are valid. I.e., that for each version of the BC, the transactions within that BC are valid and not contradicting each other. This is "easy" to do, without PoW, by every user independently (no mutual trust is needed). Now, to you as an outside observer, the PoW process simply randomly picks one of the valid competing BCs. You don't really care how one is chosen (by work, lottery, etc). All you care is that the network accepts this process of picking the winner. – rapt – 2019-08-25T22:02:33.040
@rapt I guess I have no idea what your point is. You're saying a bunch of things that, while technically correct, are worded confusingly. What are you trying to accomplish? Are you trying to clarify something? If so, I think you're failing. Are you trying to correct what you perceive is an error? If so, can you be precise about what you think is incorrect? – David Schwartz – 2019-08-25T22:06:01.130
Ok, I see how PoW is related to double spending, thanks – user153882 – 2017-02-10T00:27:08.370
"This is what PoW does. A miner cannot contribute PoW to both transactions at the same time -- he must pick one." Can you elaborate on this one? I am sure many users would appreciate this. as your answer stands now I can't see how and why POW is used in bitcoin still – None – 2017-07-27T06:13:16.930
@user200300 I'm not quite sure what you're unclear about. Do you understand the problem I'm describing? Someone can form two valid transactions and we need some way for everyone to eventually agree on which one to accept. (Maybe it would help to ask your own question about what specifically you don't understand?) – David Schwartz – 2017-07-27T07:29:43.860
Hi David. How does the miner decide which transaction to commit POW to? And how does this selection help maintain the integrity of the blockchain? Also, isn't POW performed on a block, not on a transaction per se? – nanonerd – 2017-12-11T03:17:29.377
PoW is performed on a block, but that block cannot form a chain that includes both transactions or that chain is invalid and will be ignored. A miner wants to get paid, so he mines on top of the longest chain he can find. – David Schwartz – 2017-12-11T04:56:07.353
I think this explanation is quite inadequate. All it says is that PoW grabs one of possibly competing transactions--fine. But what it doesn't explain is this: You send 1 bitcoin to BOTH Alice and Charlie as two separate transactions before either one is accepted. Now let's say the Alice transaction gets successfully added in a block after PoW. Now the Charlie transaction is still pending. Your explanation glosses over what the fate of the Charlie transaction will be... – Jazimov – 2018-01-08T19:12:57.300
@Jazimov Nothing can ever happen to it. – David Schwartz – 2018-01-08T19:36:46.603
Why is that? PoW enters the first transaction successfully onto a block that's verified by other nodes and added to the blockchain. When the second transaction is encountered, what blockchain mechanism causes it to be ignored? – Jazimov – 2018-01-08T23:20:55.127
It's not valid because it tries to claim an unspent output that no longer exists. No node will allow anything to happen to an invalid transaction. A block that tries to include it will be ignored. – David Schwartz – 2018-01-09T00:54:53.760
"So, if I do that, how will people know which transaction is valid? Clearly, without some reliable way to tell which of those two transactions are valid, the system is doomed." What about a conflict resolution consensus: if one wallet attempts to double spend, the transaction with a lower hash is considered to be the valid transaction? – Calmarius – 2018-01-24T16:18:12.307
@Calmarius That would be a disaster. No transaction would ever be final until and unless you could see every transaction that was ever going to happen to ensure that there didn't exist any conflicting transaction with a lower hash. How would you do business if you never when you could rely on a transaction not losing conflict resolution? – David Schwartz – 2018-01-24T18:13:50.533
Nodes can locally timestamp the transactions and declare it final if it's old enough (let's say 1 hour old) at that point no updates accepted. The bigger problem is making sure that nodes are in consensus and all of them are building the same chain, and I don't think that's possible without artificially slowing down the network with PoW and letting the blocks probagate to all nodes before the next comes. – Calmarius – 2018-01-24T22:07:44.833
@Calmarius No, they can't. What if one node thinks it's 1 hour old and another node thinks it's 59.9 minutes old when a conflicting transaction is discovered? How would they ever agree? A malicious user could create a thousand conflicting transactions, send the one with the highest hash, then wait 59 minutes, then send the other 999 (in hash order, highest to lowest) over the next two minutes and the network would never agree again. – David Schwartz – 2018-01-24T22:09:52.533
I don't understand how to double spend without PoF, I have created a new question maybe is easier to understand explaining a step by step problem: https://bitcoin.stackexchange.com/questions/76294/why-we-need-mining
@David Schwartz answer: I can not fully understand how a PoW is related to mitigate for example double spending?! As I understood the PoW algorithm asks that hash of an string should start with some zeros..which is hard to find the proper number, etc, etc..but if the hash of some string (let's say the transaction that is added to the blockchain) starts with zero, it does not prove that the transaction is a valid one! It is highly appreciated if some one clarify this issue to me.. Thank you – M F – 2018-07-04T15:00:46.557
@MF The challenge is not to know which transactions are valid. The challenge is to know which of two valid, but conflicting, transactions everyone else will eventually accept. – David Schwartz – 2018-07-05T01:41:32.650
8
Proof of Work (PoW) basically makes sure that miners don’t cheat.
There is no way to trust that everyone in the network is honest, so there has to be some way to prevent miners from creating new blocks that benefit themselves. The way it works is that you have a bunch of people all trying to guess the answer to the math problem and no one knows who is going to get the correct answer first. Whoever does get the right answer first gets a reward, but only if all the other miners agree to accept that transactional record (If it becomes apparent that a certain miner is creating fraudulent transactions then the other miners can collectively refuse to accept their contributions). This is why the process of creating a new block is designed to be energy intensive, so that there is a cost associated with creating each new block. This prevents miners from simply creating a whole bunch of new fraudulent blocks with the hopes that maybe they’ll get accepted, because the cost of doing so offsets the potential reward. It helps to think about proof of work as a possible solution to email spam. If there was a requirement for each computer to spend a minute on a PoW problem before every piece of mail was sent, then only people with genuine messages would agree to expend the effort. One minute of computer time is a very low cost for an individual, but the guy who is blasting 10 million spam emails couldn’t afford to wait 10 million minutes to do so. So going back to bitcoin, the chance of each individual miner being the one to solve each block is pretty small, and since it takes a lot of effort to solve the blocks they can’t just spam the network with solutions. This means that they are incentivized to only expend the effort if their contribution is going be accepted by the network.
Hope that makes sense.
This is the best breakdown I could find (http://nakamotoinstitute.org/mempool/the-proof-of-work-concept/)
@Calmarius, indeed there exists two levels of consensus: Transaction level and Block level. So, spamming fraudulent transactions is quickly detected through consensus voting which handles Byzantine faults. – Mohamad-Jaafar NEHME – 2019-10-22T12:08:23.243
"This prevents miners from simply creating a whole bunch of new fraudulent blocks with the hopes that maybe they’ll get accepted" But nothing prevents nodes spamming the network with fraudulent transactions, of course eventually all peers will block those nodes after certain amount mishaps, I don't see why wouldn't this work for blocks as well. – Calmarius – 2018-01-24T16:28:19.697
3
The way I understand how proof of work (PoW) works is this: its fundamental goal is to prevent cheating, or creating an inconsistent view of the distributed ledger.
Imagine a double spend scenario - where in participant A has only 1 BC to spend. But, he creates two independent transactions or "spends" each with 1 BC. He then presents each spend transaction to two different parties B and C as valid payments. Since there is no notion of serialization of transactions (as one would have in a centralized database with atomic commits), it is possible that some participants in the network have recorded A's payment to B first, while others have recorded A's payment to C first. At the same time, some will end up rejecting the latter payment (since A has only 1 BC to spend).
In the ideal world, if both transactions can be strictly serialized (as, for example - A's payment to B will be recorded in the distributed ledger before A's duplicate payment to C might be recorded), there will be no need for distributed consensus. In an ideal world, where in the transactions can be time-stamped using a "central" clock visible to every participant, we would have an easy solution.
The PoW process solves this problem algorithmically by forcing a non trivial finite delay for submitting and committing a block a transactions. In the bitcoin scheme, where transactions must be committed in a block level granularity, A's double spend transaction has two possibilities:
In the latter case, the inconsistency is easily detected and flagged. In the former case also, it is easy to detect the inconsistency & flag the same - but it is possible to do so only when both transactions (the good one and the bad one) are grouped in the same block. This is not possible if either the block sizes are too small or can be committed by the nodes very quickly. This is where PoW comes handy - it forces enough time to elapse in order compose a new block and have it committed by all participants.
The question that was not clear to me is this: Bitcoin uses a certain variation of computing the pre-image of a SHA-256 hash value. Since the purpose of PoW is only to delay the creation of new blocks by a sufficient time lag, this puzzle to solve could be anything - as for example, solving a 16-queens placement problem on a chess board, or something like that. It is not clear if the puzzle really needs to have a correlation with the actual data in the block being committed.
2It is important the the puzzle's solution has a deterministic relationship with the blocks contents. This is because a mechanism is required to verify which block a new block was built on top of. It is also provides a way to quickly verify that transactions were included in a block. Lastly, using a function with properties like strong hash functions ensures that once a solution has been found, the contents on the blockchain cannot be changed with out detection. The puzzle needs to provide a tamper prevention mechanism. – Matthew Charles Stannard – 2018-01-07T08:04:17.850
2
Without proof of work, anyone can start from the genesis block and the create a long chain of fake transactions. How can one decide which ledger is the correct one?
This is where the proof of work comes into play. The nodes accept the chain which took the most work to create and reject all others. This strongly incentivize the miners to build upon the established chain and also makes it hard to create a fake chain. To create a fake chain an adversary will need to work faster and also needs to catch up to rest of the network to get his fake chain accepted, which is practically impossible for established cryptocurrencies like Bitcoin.
1
short answer :
the proof of work is a protection and a solution for the Byzantine general problem without it miners will cheat easily without losing anything so they set this system POW to enforce the participants to loose money if they cheat (you loose the invested money in the POW process (electricity consumption and useless invested budget in the hardware)) instead you have an incentive if you don't cheat. Besides the POW is used to control the mining time windows (10 min) we could control the difficulty to make the mining easy or hard.
0
It provides a Proof of Consensus among the Bitcoin nodes that establishes the validity of any given block once it has about 6 blocks mined on top of it and it is the longest chain on the network
Since it is computationally expensive to mine blocks, it is unlikely that a single miner would be able to mine multiple blocks in a row. The rest of the mining community would mine the blocks much faster and create a longer chain.
Thus, given block A, to have 6 blocks mined above block A in the longest chain, a large percentage of the miners in the bitcoin mining community must all be working on the chain that includes block A.
The fact that so many miners have been proven to be working on a chain that includes block A implies that the community has come to the consensus that block A is a valid block.
Thus Proof of Consensus has been achieved.
Why is this Proof of Consensus needed? It protects against the block chain from being forked (intentionally or unintentionally). Other answers describe why someone may try to intentionally fork the blockchain (see the Double Spend scenario).
I also know that bitcoin mining is adding a transaction into the blockchain and then the miner will need to solve a pow problem.Mining is constructing a block of transactions, and, with luck, solving the PoW problem for that block before any other miner adds a block, then adding the block to the blockchain. – brec – 2017-12-24T23:51:41.707closely related: https://bitcoin.stackexchange.com/q/331/5406
– Murch – 2018-02-11T02:03:43.097