Crypto Economics: How and Why Proof of Work Works
Breaking down the fundamentals of Proof of Work mining to understand how it works, why it exists, and how it relates to crypto economics
If the ultimate goal is to dive deeper into crypto-economics then one should start at the most fundamental level which is the category of Proof of Work blockchains. I find it’s best to start from ground zero such that no stone is left unturned along the path of trying to understand any complex topic.
If you had to distill the genesis of Proof of Work down into one idea, then it would start with the discovery that one can introduce an external economic cost factor to general computation, internally using nothing but cryptography. In other words, bringing real-world exogenous factors into the digital world. That may sound unamazing but it has profound effects, and it was the discovery that first sparked crypto economics into existence with Bitcoin being created.
This early concept of Proof of Work started in 1993 by Cynthia Dwork and Moni Naorm, and then was further developed by Adam Back with the idea to prevent email spam. If you could require email senders to have some fixed economic cost to send an email, along with a mathematical proof that this work was done, then you could reduce spam by making it costly to sent millions of spam emails, but cheap to send one legitimate email. Unfortunately this idea never caught on with the masses, but it’s useful to understand because it’s the same cryptographic discovery that underpins Bitcoin.
The way this works is using a hash function, which is a fundamental building block of cryptography. You don’t need to be a cryptographer to understand how a hash function works, it works like this: A hash is what’s called a one way function, meaning that with some inputs to the function you can follow some mathematical steps and easily derive some output, and with the same input you'll get the same output every time. What makes it a one-way function however, is with just the output alone it's impossible to "move backwards" through the function to derive the inputs. Every blockchain uses different hash functions that each have different properties and strengths, but let’s start from the ground up.
A rudimentary example is multiplying 2 prime numbers, which is broken down in three pieces:
Input: Two prime numbers.
The Function: Multiplying the two numbers.
Output: The answer of multiplying the two prime numbers
As multiplication is simple, it's easy to move one way - forward - through the function and multiply the two prime number inputs to derive an output. However if you try to work backwards with only knowing the output, well then by the nature of prime numbers not being divisible by any number besides 1 and themselves, you then have to iterate through all prime numbers and multiply them together until you get the inputs. This is easy to defeat with small prime numbers, but try doing it with larger prime numbers. For example, tell me what 2 prime numbers I multiplied to get 302233711309. Better start working.
The building blocks of “Work” in Proof of Work
This "work" is work that is best suited for a CPU to do. You start with a list of prime numbers and write a program that iterates through all of them, multiplying them against each other, and checking to see if the answer is 302233711309, if not, then move on to the next prime number in the list. Eventually you'll get there and this method is what’s called “brute force” work.
Based on how fast your CPU cycle is, you can start to derive a formula that will use a similar hash function and will take a predictable amount of CPU cycles = electricity cost = external economic factor to get the answer. By increasing or decreasing the size of the number, you now have a dial to control the economic cost factor to derive an answer.
Mixing the foundational ingredients
The way Adam's Hashcash works is by using the same concepts above.
Sender does the work: The sender runs a similar brute force function until they’re able to produce a "valid number", which we’ll define technically below, and includes this in the email as validation.
Receiver verifies the work: The receiver only accepts valid emails. They can verify an email is valid using the easily computed one way function. They can verify that the number produced was valid by feeding the sender provided inputs into the function. Through this verification method, the receiver can validate that the sender did actually spend the CPU time/energy to do the work because there’s no other way to produce the answer/output to the one way hash function without doing the CPU intensive work to produce it.
Here’s a rough idea how the function works on the inside:
Inputs from sender: The one way verification function takes a few variables as inputs: Today's Date, email address, and a counter variable which we’ll understand why this is important below.
Hash Function: All of the variables are converted into numbers and then used as inputs to run through some series of math computation steps (similar to the prime multiplication example) to get some resulting number. This is called a hash function and it produces a random looking number and it’s quick to calculate. The purpose of doing this is so we can convert real world data (email, date) into a pure number so we can start using maths.
Defining a valid number: The answer/output of the entire verification function is a number. Imagine this number could look like a random number, with many digits just like the prime number example above. Unlike a prime number example, this valid number can start with a 0, or any other number. So just by the mathematics of the function that produces the output number - it will have some probability to start with a 0, or (1-9) etc. So just picking 0, let’s observe that this probability becomes even smaller when producing an output where the first 2 bits start with “00”, and even smaller chance to have its first 3 bits start with “000”, and so on. Based on these probabilities you can determine how many CPU cycles it takes to compute a valid number. CPU cycles have a property of time and electric power to produce one cycle.
Dialing the economic cost factor up: Now let’s create a rule that says to have a “valid number” the first 20 bits must start with all zeros. The reason to require 20 starting “0” bits is that as CPUs can process these hashing functions rapidly, we want ensure it will actually take some time to produce a valid number that actually takes some reasonable duration (eg. more than microseconds).
Work is Proof: Because of the nature of a one-way hash function you can’t just start with the answer and work in reverse, you have to feed the hash function inputs, calculate, and then see what the result will be, repeating this over and over. This takes many CPU cycles which takes time and energy.
Authenticity: Now we need to make sure someone isn’t reusing an old valid number they produced/found once before. We make the function include unique information pertaining to you, in this moment. So this is why we require email and date/time as inputs. The function should also require a random counting variable that you can feed into this hash function along with your info that will produce a valid number with twenty leading zeroes.
Introducing the “Work”: For the counter variable, you basically have to just brute force try every number and see if it produces a valid number output, if not then increment the counter by +1 and try again. As you can see this process happens over and over in a brute force "guessing" fashion until a valid number is produced.
“Proof” of Work
The sender proves authenticity and the receiver can validate the senders ‘valid number’ which we can think of as a cryptographic signature.
So the receiver is really just checking a mathematical proof to validate that the sender did in fact do the work to send the email as there’s no other way to produce that data without significant brute force computation time.
As we can see, it’s quick and easy to validate the answer, but time consuming or costly to produce, just like producing the prime factors. Because it requires many CPU cycles which require time and power, this is effectively our bridge to the outside world to tap into an external economic factor.
The result, this introduces an economic cost factor to “do something” digitally. In this case send emails, but more broadly - proof of work - real exogenous resources.
Taking what we know, you can now account for future technological advances in CPU architecture/power by increasing the number of leading zeros required to have a "valid number". This acts to balance things by increasing the economic factor as computers get faster which decrease the economic compute factor. This is entirely how Proof of Work works.
It may not sound like it, but introducing an external economic factor to the digital online world was absolutely groundbreaking and allowed for Bitcoin to come into existence!
Introducing Bitcoin “Mining”
In the Bitcoin protocol, the number of leading zeros required to produce a valid number is what's called the network difficulty. The difficulty ensures that as more miners with more efficient computers join the network, we can still have a predictable economic factor (eg. CPU time/cost) to produce a valid block so as the total network hashrate grows in perpetuity, the economic factor can stay constant. (Where network hashrate is defined as the sum of all participants CPU hash function calculating power).
In other words, it means the network will adjust and account for an increase in computer processing power over time to support network growth.
This helps ensure a distributed network over time!
Proof of Work Mining Defined
When people say miners are trying to "guess" the answer to a mathematical problem this is what they mean. Mining is essentially just running a program that connects to the Bitcoin network, downloads and syncs to the chain, uses latest block header info as one of the function inputs, and starts doing brute force calculations to produce a valid number based on the current network difficulty, and the first miner to do so wins the right to produce the next valid block. Producing a block means you get BTC for including some pending transactions from the mempool into the block which is then added to the chain forever.
Enter Bitcoin network security and BTC economics
For each additional block added to the chain, new BTC supply is created and given to the block producer to pay for their work. The Bitcoin network wants to incentivize as many honest mining participants as possible as this strengthens network security. The rest of the participants connect to each other and have a common majority consensus on what is the valid sequence of blocks in the blockchain. The more participants, the more decentralized, the greater the trust assumption aka trustlessness.
The Bitcoin network also wants to ensure that there is some economic cost factor to being a network participant (Proof of Work), otherwise if it were free, then some bad actor could spin up an infinite amount of nodes and now become the majority consensus and control what data goes into the blockchain (eg. changing how much BTC they own, or any other historical transaction data).
The idea of one entity acting as many different actors in this group consensus based scheme is called a sybil attack, and Proof of Work is a sybil resistance mechanism. Since Bitcoin doesn’t care about entity or node count, but rather hash compute power, then the primary attack on the network is what’s called a 51% attack, meaning if someone were able to obtain a majority of the total network hash power they would be able to control block production, and literally take over the blockchain, which would shake the entire foundation it’s built on, decentralization, and thus an open network of objective truth.
Decentralization = Security
The entire idea of Bitcoin’s “security” rests on the fact that the economic cost to attack the chain grows increasingly exorbitant as the network grows larger. Without this level of security guarantee, there isn’t much value in block space on the blockchain, so you can see how this is of the utmost importance and clearly decentralization = security.
Because we know how to attach an economic cost factor via Proof of Work we can have resistance against sybil attacks via the property of there being a cost associated with being a node/miner. In order to attract as many participants for a maximally secured blockchain, there is a trade-off between having a significant cost requirement to participate and incentivizing the participant enough to pay for their operation costs plus some profit.
This is how Bitcoin “pays” for security, and thus BTC supply economics are born.
The result of all of this - a succinct summary of BTC supply economics
The Bitcoin network subsidizes security by incentivizing maximum decentralization via encouraging miners to become network participants and paying them in newly minted BTC supply per each new block added to the chain. As more participants join, the network becomes more resilient and security increases.
The amount of BTC created and distributed to miners per block decreases by 50% every 4 years until the hard cap of 21MM BTC supply is reached. This 50% reduction in structural supply flow is referred to as the Bitcoin Halving and upon first glance seems to heavily influence the entire 4 year macro crypto cycle.
Takeaways
There’s a lot more to say on crypto economics but understanding the structural supply economics of Proof of Work blockchains gives you the fundamental building blocks to begin your crypto-economic journey.
Here are the important takeaways:
Proof of Work is a sybil resistance mechanism that finds a fair way for actors to participate by bringing a real world economic cost factor into the equation which also makes attacking the chain expensive.
Decentralization = Security
BTC supply economics are what drives the entire security model of the Bitcoin blockchain.
Security and therefore authenticity of the blockchain is of utmost importance, otherwise there is no value in block space and thus you can’t have a fully trustless crypto economy.
Block space has value because it gives access to objective truth. This is otherwise impossible or expensive to implement over a network by yourself or as business entity. In either case, on legacy centralized alternatives, you would be accessing a permissioned database which can be censored and modified by the controlling parties which begs the argument that it’s no objective truth at all.