# A Trillion-Dollar on Offer to the Puzzle Solver

##### Gonzalo Álvarez Marañón12 April, 2021

Are you a fan of mathematical puzzles? Well, here’s a lucrative one… but hard to beat! If you discover a method to crack the hashes used in Blockchain, you could get your hands on all the future Bitcoins yet to be mined!

Cryptomining is based on a concept called “proof of work” (and on chance). The miners with the most computational resources at their disposal (and who are most favoured by chance) are rewarded with new bitcoins. In this article we will explain the origin of proof of work, linked to the battle against spam, and how it is used today in Bitcoin.

## If Spammers Had to Pay for Every Email They Send, It Would Be a Completely Different Story

That’s what Adam Back thought in 1997. A reputed cryptographer and hacker. He had read an article published in 1992 by Cynthia Dwork and Moni Naor on how to combat spam by forcing expensive mathematical calculations. This article inspired him to design his pay-per-mailing proposal: if you want to send spam, you’re going to have to pay, but not with money, you’ll pay with computer sweat (if it reminded you of “Fame”, you’re too old). The spammer will have to solve a cryptographic puzzle of varying difficulty and will not send his mail until he finds the solution. Solving the puzzle will be very complicated but verifying the solution will be very easy. In other words, either you prove you’ve worked hard, or there’s no spam. And so Hashcash was born.

Back’s proposal calls for adding the X-Hashcash: header to the SMTP protocol, so that if a message arrives at a mail gateway or mail client without this header, it will be immediately rejected. And which token should be used to fill this header in?

First, a secure hash function is required. Although Hashcash proposed SHA-1, today another algorithm would be used, such as SHA-256 or SHA-3.

Secondly, Hashcash uses the following parameters:

1. A work factor w, such that 0 <= w <= L, where L is the size of the hash function output (in bits). This is used to modulate the difficulty of the puzzle.
2. A version number, see.
3. A timestamp parameter: time.
4. A resource identifier: resource.
5. A randomly chosen number of at least 64 bits: trial.

The Hashcash token is composed by joining these fields by the ‘:’ character, in the following way:

token = ver:time:resource:trial

The puzzle consists of repeatedly calculating the hash of the token until the most significant w bits are 0, incrementing the trial value by one each time it is missed. Obviously, the higher the value of w, the more difficult the puzzle. Fortunately for the receiver, verifying that the solution to the puzzle is correct is as trivial as calculating the hash of the token. Moreover, no matter how many puzzles you solve, solving a new one will always take on average the same amount of time: the difficulty remains constant for a given value of w. And if the computational power improves over time, just increase w and sweat it out again.

Of course, tokens are only considered valid if they are not repeated, because then, once one token is resolved, it would be enough to attach it to all spam messages. An inexpensive way to solve the problem of how to store a history of tokens is to set an expiry period, calculated using the parameter time.

Although this idea did not come through in the fight against spam, it did inspire Satoshi Nakamoto to design the Bitcoin proof of work.

## Cryptominers to Mint Bitcoins With the Sweat of Their ASICs

In the mine, the earth is dug up in search of a scarce yet very valuable resource. In Bitcoin, the scarce resource is computing power. Nodes in the Bitcoin network compete against each other in a frantic race to be the first to solve a cryptographic puzzle, called “proof of work”, based on Hashcash.

Explained in a very simplified way, you take the hash of the new block, c, that you want to incorporate into the blockchain, concatenate it with a nonce, x, and calculate the hash of the set. If the value of the resulting hash starts with a predetermined number of zeros, i.e., is less than a certain target, then you’ve won the race! Otherwise, add one to the nonce and start again.

The hash function used in Bitcoin is SHA256, passed twice consecutively. Mathematically expressed:

SHA256( SHA256( c | x ) ) < target( d )

The difficulty of this puzzle can be adapted dynamically, by varying the number d of the leading zeros that the hash must have. Thus, a difficulty of 1 means that the hash must have (at least) one leading zero, while a difficulty of 10 means that the hash value will have at least 10 leading zeros. The higher the difficulty level, the more leading zeros will be needed and the more complicated the puzzle will be, as the difficulty grows exponentially with the number of zeros. Obviously, the more complicated the hash puzzle, the more computing power or time it takes to solve it.

Bitcoin sets the difficulty so that globally a new block is created on average every 10 minutes. The first miner to solve the puzzle receives a reward consisting of bitcoins and collects the fees applied to the transactions contained in the block. The reward for the winner is programmed from the start. Initially, the winning cryptocurrency owner was rewarded with 50 bitcoins for each new block. This reward is reduced by half every 210,000 blocks, i.e. approximately every 4 years. Due to this reduction of the reward per block, the total amount of bitcoins in circulation will never exceed 21 million bitcoins. These economic incentives must compensate for the computational resource expenditure or no one would mine bitcoins.

## I Am a Miner!

In the beginning, a computer with a decent CPU was enough to mine bitcoins. But juicy incentives quickly increased the difficulty of the proof of work mechanism. CPUs were soon replaced by GPUs, GPUs by FPGAs and, as bitcoins became more valuable, application-specific integrated circuits (ASICs) were used. I don’t know if all cryptominers who buy these devices are enriching themselves, but their manufacturers have certainly found their own niche. The barrier to entry in mining is now so high that for many years the mining community has been dominated by a small number of “big player” mining groups.

As a result, the supposedly large and diverse group of peers that collectively maintain the integrity of the system ultimately becomes a very small group of entities, each of which possesses enormous computational power in the form of specialised hardware, hosted in giant farms, the largest of which are spread across China, Russia, Iceland, Switzerland and the US.

These exclusive groups form a kind of oligopoly that divides the responsibility for maintaining the integrity of the system among themselves. This leaves the door open to abuses of power, such as skipping specific transactions or discriminating against specific users. In the end, Bitcoin and Blockchain are not as decentralised as originally intended because the integrity of the system is not distributed among a huge number of entities, but is concentrated in a few very powerful entities, establishing a kind of hidden centrality that undermines the distributed nature of the whole system.

## The Dark Side of the Proofs of Work

And let’s not forget a small problem associated with proof of work. Since solving cryptographic puzzles requires an immense computational power expenditure, the mining/validation process is prohibitively expensive, both in terms of electricity and heat dissipation. This consumption has an incredibly detrimental impact on the environment.

In a paper published in 2019, The Carbon Footprint of Bitcoin, the authors claim that Bitcoin mining accounts for 0.2% of all electricity consumption worldwide and produces as much carbon dioxide as a metropolis the size of Kansas City (about 500,000 inhabitants).

Another research published in Nature in 2018, Quantification of energy and carbon costs for mining cryptocurrencies, calculated that the mining of Bitcoin, Ethereum, Litecoin and Monero combined produced over a 30-month period the equivalent of between 3 and 13 million tonnes of carbon dioxide. And looking at the rising price of all these cryptocurrencies, despite their volatility, all signs are that energy consumption (and emissions) will continue to rise.

Once again it is shown that when cryptography jumps from cryptographers’ blackboards into the real world, things get complicated. After all, Bitcoin does not run on paper, but on processors. And, the more work, the more consumption.