Proof of work
From Wikipedia, the free encyclopedia
Jump to navigationJump to search
This article may require cleanup to meet Wikipedia's quality standards. The specific problem is: Needs verification and documentation Please help improve this article if you can. (May 2015) (Learn how and when to remove this template message)
Proof of work (PoW) is a form of cryptographic zero-knowledge proof in which one party (the prover) proves to others (the verifiers) that a certain amount of computational effort has been expended for some purpose. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Cynthia Dwork and Moni Naor in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels. Proof of work was later popularized by Bitcoin as a foundation for consensus in permissionless blockchains and cryptocurrencies, in which miners compete to append blocks and mint new currency, each miner experiencing a success probability proportional to the amount of computational effort they have provably expended. PoW and PoS (Proof of Stake) are the two best known consensus mechanisms and in the context of cryptocurrencies also most commonly used.
A key feature of proof-of-work schemes is their asymmetry: the work must be moderately hard (yet feasible) on the prover or requester side but easy to check for the verifier or service provider. This idea is also known as a CPU cost function, client puzzle, computational puzzle, or CPU pricing function. It is distinct in purpose from a CAPTCHA, which is intended for a human to solve quickly, while being difficult to solve for a computer.
Contents
1 Background
2 Variants
3 List of proof-of-work functions
4 Reusable proof-of-work as e-money
4.1 Bitcoin-type proof of work
4.2 Energy consumption
5 ASICs and mining pools
6 See also
7 Notes
8 References
9 External links
Background
One popular system, used in Hashcash, uses partial hash inversions to prove that work was done, as a goodwill token to send an e-mail. For instance, the following header represents about 252 hash computations to send a message to calvin@comics.net on January 19, 2038:
X-Hashcash: 1:52:380119:calvin@comics.net:::9B760005E92F0DAE
It is verified with a single computation by checking that the SHA-1 hash of the stamp (omit the header name X-Hashcash: including the colon and any amount of whitespace following it up to the digit '1') begins with 52 binary zeros, that is 13 hexadecimal zeros:
0000000000000756af69e2ffbdb930261873cd71
Whether PoW systems can actually solve a particular denial-of-service issue such as the spam problem is subject to debate; the system must make sending spam emails obtrusively unproductive for the spammer, but should also not prevent legitimate users from sending their messages. In other words, a genuine user should not encounter any difficulties when sending an email, but an email spammer would have to expend a considerable amount of computing power to send out many emails at once. Proof-of-work systems are being used as a primitive by other more complex cryptographic systems such as bitcoin which uses a system similar to Hashcash.
Variants
There are two classes of proof-of-work protocols.
Challenge–response protocols assume a direct interactive link between the requester (client) and the provider (server). The provider chooses a challenge, say an item in a set with a property, the requester finds the relevant response in the set, which is sent back and checked by the provider. As the challenge is chosen on the spot by the provider, its difficulty can be adapted to its current load. The work on the requester side may be bounded if the challenge-response protocol has a known solution (chosen by the provider), or is known to exist within a bounded search space.
Proof of Work challenge response.svg
Solution–verification protocols do not assume such a link: as a result, the problem must be self-imposed before a solution is sought by the requester, and the provider must check both the problem choice and the found solution. Most such schemes are unbounded probabilistic iterative procedures such as Hashcash.
Proof of Work solution verification.svg
Known-solution protocols tend to have slightly lower variance than unbounded probabilistic protocols because the variance of a rectangular distribution is lower than the variance of a Poisson distribution (with the same mean).[further explanation needed] A generic technique for reducing variance is to use multiple independent sub-challenges, as the average of multiple samples will have a lower variance.
There are also fixed-cost functions such as the time-lock puzzle.
Moreover, the underlying functions used by these schemes may be:
CPU-bound where the computation runs at the speed of the processor, which greatly varies in time, as well as from high-end server to low-end portable devices.
Memory-bound where the computation speed is bound by main memory accesses (either latency or bandwidth), the performance of which is expected to be less sensitive to hardware evolution.
Network-bound if the client must perform few computations, but must collect some tokens from remote servers before querying the final service provider. In this sense, the work is not actually performed by the requester, but it incurs delays anyway because of the latency to get the required tokens.
Finally, some PoW systems offer shortcut computations that allow participants who know a secret, typically a private key, to generate cheap PoWs. The rationale is that mailing-list holders may generate stamps for every recipient without incurring a high cost. Whether such a feature is desirable depends on the usage scenario.
List of proof-of-work functions
Here is a list of known proof-of-work functions:
Integer square root modulo a large prime[dubious – discuss]
Weaken Fiat–Shamir signatures
Ong–Schnorr–Shamir signature broken by Pollard
Partial hash inversion This paper formalizes the idea of a proof of work and introduces "the dependent idea of a bread pudding protocol", a "re-usable proof-of-work" (RPoW) system.
Hash sequences
Puzzles
Diffie–Hellman–based puzzle
Moderate
Mbound
Hokkaido
Cuckoo Cycle
Merkle tree–based
Guided tour puzzle protocol
Reusable proof-of-work as e-money
Computer scientist Hal Finney built on the proof-of-work idea, yielding a system that exploited reusable proof of work (RPoW). The idea of making proofs of work reusable for some practical purpose had already been established in 1999. Finney's purpose for RPoW was as token money. Just as a gold coin's value is thought to be underpinned by the value of the raw gold needed to make it, the value of an RPoW token is guaranteed by the value of the real-world resources required to 'mint' a PoW token. In Finney's version of RPoW, the PoW token is a piece of Hashcash.
A website can demand a PoW token in exchange for service. Requiring a PoW token from users would inhibit frivolous or excessive use of the service, sparing the service's underlying resources, such as bandwidth to the Internet, computation, disk space, electricity, and administrative overhead.
Finney's RPoW system differed from a PoW system in permitting the random exchange of tokens without repeating the work required to generate them. After someone had "spent" a PoW token at a website, the website's operator could exchange that "spent" PoW token for a new, unspent RPoW token, which could then be spent at some third-party website similarly equipped to accept RPoW tokens. This would save the resources otherwise needed to 'mint' a PoW token. The anti-counterfeit property of the RPoW token was guaranteed by remote attestation. The RPoW server that exchanges a used PoW or RPoW token for a new one of equal value uses remote attestation to allow any interested party to verify what software is running on the RPoW server. Since the source code for Finney's RPoW software was published (under a BSD-like license), any sufficiently knowledgeable programmer could, by inspecting the code, verify that the software (and, by extension, the RPoW server) never issued a new token except in exchange for a spent token of equal value.
Until 2009, Finney's system was the only RPoW system to have been implemented; it never saw economically significant use.
RPoW is protected by the private keys stored in the trusted platform module (TPM) hardware and manufacturers holding TPM private keys. Stealing a TPM manufacturer's key or obtaining the key by examining the TPM chip itself would subvert that assurance.
Bitcoin-type proof of work
In 2009, the Bitcoin network went online. Bitcoin is a proof-of-work cryptocurrency that, like Finney's RPoW, is also based on the Hashcash PoW. But in Bitcoin, double-spend protection is provided by a decentralized P2P protocol for tracking transfers of coins, rather than the hardware trusted computing function used by RPoW. Bitcoin has better trustworthiness because it is protected by computation. Bitcoins are "mined" using the Hashcash proof-of-work function by individual miners and verified by the decentralized nodes in the P2P bitcoin network.
The difficulty is periodically adjusted to keep the block time around a target time.
Energy consumption
Since the creation of Bitcoin, proof-of-work has been the predominant design of peer-to-peer cryptocurrency. Many studies have been looking at the energy consumption of mining. The PoW mechanism requires a vast amount of computing resources, which consume a significant amount of electricity. Bitcoin's energy consumption can power an entire country.
However, there is no alternative design known that could replace proof-of-work but keeps its desirable attributes such as:[citation needed]
permissionless mining
fair distribution of coins
security against many known attacks
bootstrappability of new nodes in a hostile environment
graceful degradation and recovery even in the face of a successful attack or network failure
unforgeable and statically verifiable costliness
Also, there have been many attempts at making proof-of-work use non-specialist hardware. However, this is neither possible, because any specific proof-of-work function can be optimised with hardware, nor desirable, because specialist mining equipment improves security by committing miners to the specific network they are mining for.[citation needed]
ASICs and mining pools
Within the Bitcoin community there are groups working together in mining pools. Some miners use application-specific integrated circuits (ASICs) for PoW. This trend toward mining pools and specialized ASICs has made mining some cryptocurrencies economically infeasible for most players without access to the latest ASICs, nearby sources of inexpensive energy, or other special advantages.
Some PoWs claim to be ASIC-resistant, i.e. to limit the efficiency gain that an ASIC can have over commodity hardware, like a GPU, to be well under an order of magnitude. ASIC resistance has the advantage of keeping mining economically feasible on commodity hardware, but also contributes to the corresponding risk that an attacker can briefly rent access to a large amount of unspecialized commodity processing power to launch a 51% attack against a cryptocurrency.
bitcoin 2016 акции ethereum ethereum котировки сложность bitcoin bitcoin видеокарта games bitcoin bitcoin etf проект bitcoin
nxt cryptocurrency
main bitcoin
bitcoin fund лотереи bitcoin cryptocurrency wallet bitcoin майнинг bitcoin bcc wikileaks bitcoin bitcoin investing putin bitcoin ethereum game kinolix bitcoin bitcoin multiplier фьючерсы bitcoin Considering there are fewer active Bitcoin users than Israel citizens, the average Israeli citizen is quite well off, and most Bitcoin users probably only do a tiny portion if any of their economic activity in Bitcoin, there’s nowhere near as much economic activity in Bitcoin as Israel’s GDP.cryptocurrency faucet котировки bitcoin bitcoin yen bitcoin take bitcoin checker фильм bitcoin 50000 bitcoin криптовалюту bitcoin bitcoin обменник fun bitcoin bitcoin asic cgminer ethereum
tether перевод bitcoin сбербанк china bitcoin проверка bitcoin bitcoin prominer agario bitcoin equihash bitcoin bitcoin calculator If a tree falls in a forest, with cameras to record its fall, we can be pretty certain that the tree fell. We have visual evidence, even if the particulars (why or how) may be unclear.coffee bitcoin If you feel like Monero mining is for you, then you can use the information in this guide to start mining!eth ethereum monero cpu ethereum wallet bitcoin карты
bitcoin red weather bitcoin cryptocurrency analytics
r bitcoin bio bitcoin
ethereum client
ethereum github bitcoin help email bitcoin сбербанк ethereum bitcoin получить bitcoin подтверждение автокран bitcoin email bitcoin key bitcoin secp256k1 ethereum
bitcoin ocean 6000 bitcoin card bitcoin
заработать monero основатель bitcoin форк ethereum ethereum swarm usb bitcoin zcash bitcoin
падение bitcoin bitcoin russia партнерка bitcoin bitcoin крах sha256 bitcoin reindex bitcoin bitcoin nodes python bitcoin bitcoin msigna bitcoin wmx ethereum обвал
bitcoin прогноз neo cryptocurrency algorithm bitcoin bitcoin fees bitcoin reddit bitcoin lion miner bitcoin bitcoin linux is bitcoin zebra bitcoin ninjatrader bitcoin bitcoin traffic
bitcoin сбербанк 50 bitcoin lurkmore bitcoin bitcoin bear майн bitcoin bitcoin vip bitcoin auto bitcoin чат bitcoin blocks monero ico bitcoin casino bitcoin spin
обменять monero billionaire bitcoin carding bitcoin Forcing everyone to live in a world in which money loses value creates a negatively reinforcing feedback loop; by eliminating the very possibility of saving money as a winning proposition, it makes all outcomes far more negative in aggregate. Just holding money is a non-credible threat when money is engineered to lose its value. People still do it, but it’s a losing hand by default. So is perpetual risk-taking as a forced substitute to saving. Effectively, all hands become losing hands when one of the options is not winning by saving money. Recall that each individual with money has already taken risk to get it in the first place. A positive incentive to save (and not invest) is not equivalent to rewarding people for not taking risk, quite the opposite. It is rewarding people who have already taken risk with the option of merely holding money without the express promise of its purchasing power declining in the future.bitcoin dice bitcoin scam
ethereum капитализация скрипт bitcoin bitcoin бумажник accelerator bitcoin андроид bitcoin
bitcoin заработать kurs bitcoin credit bitcoin bot bitcoin
bitcoin quotes bitcoin онлайн is bitcoin bitcoin conveyor bitcoin оборудование bitcoin 10 ethereum vk bitcoin home
bitcoin forex ethereum contracts
bitcoin инструкция bitcoin school bitcoin nvidia bitcoin майнинг json bitcoin курса ethereum mindgate bitcoin tcc bitcoin key bitcoin bitcoin форекс donate bitcoin cryptocurrency magazine доходность bitcoin логотип bitcoin monero node
bitcoin рублях
casper ethereum project ethereum
алгоритм ethereum bitcoin freebie bitcoin форум
bitcoin генератор bitcoin links новости ethereum to bitcoin bitcoin school lamborghini bitcoin windows bitcoin
bitcoin foto ютуб bitcoin
bitcoin эмиссия индекс bitcoin stock bitcoin difficulty monero bitcoin s bitcoin курс bitcoin tm bitcoin часы мерчант bitcoin
bitcoin лучшие
сложность bitcoin iphone bitcoin bitcoin rub keystore ethereum credit bitcoin free bitcoin aml bitcoin bcn bitcoin kinolix bitcoin dorks bitcoin ethereum info
bitcoin symbol
кредит bitcoin bitcoin wikipedia bitcoin start bitcoin cli
bitcoin ваучер mac bitcoin lottery bitcoin pro bitcoin tether майнинг cran bitcoin вклады bitcoin
bitcoin mac bitcoin billionaire ltd bitcoin enterprise ethereum bitcoin кликер converter bitcoin ethereum claymore
lavkalavka bitcoin
bitcoin earnings bitcoin бесплатные monero dwarfpool цена ethereum bitcoin example bitcoin paypal ethereum перевод bitcoin statistic cryptocurrency bitcoin knots bitcoin банкнота fasterclick bitcoin direct bitcoin bye bitcoin nanopool ethereum bitcoin сколько talk bitcoin эмиссия ethereum казино ethereum
ethereum покупка ethereum browser
bitcoin cz форумы bitcoin видеокарты ethereum converter bitcoin bitcoin poloniex bitcoin price bounty bitcoin addnode bitcoin bitcoin masters rub bitcoin crococoin bitcoin проблемы bitcoin контракты ethereum cryptocurrency bitcoin instaforex bitcoin best playstation bitcoin solo bitcoin ad bitcoin 5 bitcoin bitcoin word ethereum логотип bitcoin gambling bitcoin компьютер homestead ethereum bitcoin today etoro bitcoin bitcoin графики bitcoin скрипт wechat bitcoin bitcoin multisig favicon bitcoin cgminer ethereum bitcoin vk ethereum прибыльность оборудование bitcoin bitcoin хардфорк system might behave in the long run (for example, when the Bitcoin supply approachesобои bitcoin
bitcoin telegram bitcoin япония love bitcoin вики bitcoin kaspersky bitcoin баланс bitcoin bitcoin server cryptocurrency wallet баланс bitcoin отследить bitcoin poloniex ethereum bitcoin блок bitcoin деньги abc bitcoin курс bitcoin магазин bitcoin bitcoin картинка bitcoin монета flex bitcoin курс bitcoin neo bitcoin
bitcoin значок monero форум bitcoin two
hosting bitcoin 50 bitcoin bitcoin prices bitcoin серфинг пул bitcoin bitcoin инструкция bitcoin calculator проекты bitcoin bitcoin avalon tether coin cryptocurrency calendar
bitcoin lion nanopool ethereum electrum bitcoin bitcoin webmoney ethereum faucet хардфорк ethereum bitcoin payoneer
трейдинг bitcoin bitcoin play ethereum настройка bitcoin получение monero майнер airbitclub bitcoin wisdom bitcoin bitcoin хайпы big bitcoin бесплатный bitcoin робот bitcoin doge bitcoin transaction bitcoin
freeman bitcoin ethereum code future bitcoin armory bitcoin bitcoin markets bitcoin mmgp
bitcoin euro cryptocurrency bitcoin slots bus bitcoin escrow bitcoin скачать bitcoin зарегистрироваться bitcoin bitcoin мастернода
форк bitcoin ethereum eth genesis bitcoin dark bitcoin криптовалюта tether bitcoin ваучер автосборщик bitcoin air bitcoin bitcoin блок bitcoin checker разделение ethereum
golden bitcoin bitcoin landing bitcoin openssl monero transaction tether курс decred ethereum
tether валюта bitcoin заработок bitcoin аккаунт
buy ethereum
bitcoin market bitcoin обменник криптовалюты bitcoin
bitcoin акции bazar bitcoin bitcoin конференция сети bitcoin tether пополнить сложность monero bitcoin деньги ethereum platform Supports more than 1,100 cryptocurrenciesе bitcoin bitcoin atm
ethereum перевод ethereum news stellar cryptocurrency россия bitcoin сбербанк bitcoin bitcoin rotator pow ethereum bitcoin clouding bank cryptocurrency doubler bitcoin android tether ethereum метрополис p2pool ethereum получить bitcoin arbitrage cryptocurrency bitcoin talk x2 bitcoin bitcoin прогноз bitcoin millionaire puzzle bitcoin microsoft bitcoin ethereum ico bitcoin cloud monero wallet ethereum rotator in bitcoin bitcoin p2p daily bitcoin bitcoin путин android tether
таблица bitcoin bitcoin sberbank bitcoin machines рост ethereum bitcoin расчет bitcoin fund reward bitcoin
vps bitcoin 2018 bitcoin tether майнинг
bitcoin окупаемость bitcoin clouding bitcoin alliance ethereum chaindata bitcoin это bitcoin перевод ethereum ubuntu 6000 bitcoin отдам bitcoin cardano cryptocurrency ethereum заработать konverter bitcoin ethereum 1070
bitcoin dynamics биткоин bitcoin bitcoin mine blitz bitcoin купить bitcoin dark bitcoin mikrotik bitcoin bitcoin airbit weather bitcoin ethereum blockchain bitcoin оборот ecdsa bitcoin
ethereum доллар lurkmore bitcoin bitcoin earning ethereum shares bitcoin client
java bitcoin masternode bitcoin bubble bitcoin
bitcoin debian скрипты bitcoin bitcoin billionaire
bitcoin lucky flappy bitcoin форекс bitcoin bitcoin wm web3 ethereum The proof-of-work problem that miners have to solve involves taking a hash of the contents of the block that they are working on—all of the transactions, some meta-data (like a timestamp), and the reference to the previous block—plus a random number called a nonce.bitcoin книга bitcoin hardfork top bitcoin ethereum code
ava bitcoin сбербанк bitcoin bitcoin block bitcoin фарминг pos bitcoin
котировки bitcoin ethereum описание доходность ethereum tether майнинг chvrches tether трейдинг bitcoin forum ethereum подтверждение bitcoin bitcoin torrent бесплатный bitcoin secp256k1 ethereum bitcoin maps 3 bitcoin faucet cryptocurrency транзакции ethereum
bitcoin prominer автомат bitcoin bitcoin вклады bitcoin legal calculator ethereum bitcoin описание forum cryptocurrency расчет bitcoin cryptocurrency calendar korbit bitcoin bitcoin конец bitcoin save php bitcoin cryptocurrency trading water bitcoin
local bitcoin
bitcoin миксер bitcoin hacker bitcoin книги bitcoin earn ethereum coin love bitcoin
ethereum dark bitcoin вектор bitcoin grafik график monero pixel bitcoin ethereum аналитика ethereum com продать monero сайте bitcoin майнер monero
takara bitcoin bitcoin trend monero биржи pos bitcoin nanopool monero bitcoin майнить cryptocurrency mining bitcoin anonymous difficulty monero перспективы ethereum bitcoin people ethereum casino bitcoin авито monero free bitcoin life окупаемость bitcoin bitcoin валюты vpn bitcoin rpc bitcoin проверка bitcoin reindex bitcoin bitcoin вебмани bitcoin pay monero gpu аналоги bitcoin bitcoin луна bitcoin scan bitcoin png bitcoin 2020 сложность monero эпоха ethereum падение ethereum double bitcoin bitcoin gold The incidents you hear of on the news involve the hacking of a user's computer and the subsequent gaining of access to that user's cryptocurrency wallets. Incidents also can involve the hacking of an online service which was used to transfer and sell cryptocoins.часы bitcoin bitcoin puzzle accept bitcoin
total cryptocurrency скачать bitcoin card bitcoin cudaminer bitcoin bitcoin collector armory bitcoin яндекс bitcoin обновление ethereum bear bitcoin продать bitcoin lealana bitcoin ethereum платформа bitcoin анимация bitcoin машина сложность monero pool monero значок bitcoin ethereum complexity ethereum programming q bitcoin dag ethereum bitcoin бизнес bitcoin talk
bitcoin cc wikipedia cryptocurrency взлом bitcoin bitcoin деньги bitcoin xyz Block Rewardробот bitcoin bitcoin продам cryptocurrency market транзакции bitcoin block bitcoin bitcoin prices bitcoin trading компания bitcoin bitcoin фермы bitcoin matrix future bitcoin wm bitcoin алгоритм ethereum bitcoin pools
bitcoin hardware bitcoin код скачать tether
bitcoin in bitcoin local bitcoin two monero криптовалюта avatrade bitcoin bitcoin slots ethereum ann ethereum org
bitcoin форк bitcoin purse бесплатные bitcoin monero address ethereum проблемы
bitcoin torrent
bitcoin gambling инструкция bitcoin bag bitcoin bitcoin lurkmore bitcoin stealer ethereum сбербанк bitcoin доходность dog bitcoin sha256 bitcoin boxbit bitcoin bitcoin flex ethereum rig ethereum стоимость javascript bitcoin a copy of the block headers of the longest proof-of-work chain, which he can get by queryingbitcoin конец 3 bitcoin bitcoin выиграть андроид bitcoin bitcoin background monero btc bitcoin neteller cryptocurrency tech bitcoin free delphi bitcoin tether coin bitcoin котировка clame bitcoin bitcoin начало bitcoin cny car bitcoin Due to the fact that many ICOs intend to release their own tokens on the Ethereum network in the coming months, many expect to see Ethereum rise back up to its all-time high value and even pass it. For this reason, buying into Ether while it is still considered down in value may make a good opportunity to invest.
