Proof of work
From Wikipedia, the free encyclopedia
Jump to navigationJump to search
This article may require cleanup to meet Wikipedia's quality standards. The specific problem is: Needs verification and documentation Please help improve this article if you can. (May 2015) (Learn how and when to remove this template message)
Proof of work (PoW) is a form of cryptographic zero-knowledge proof in which one party (the prover) proves to others (the verifiers) that a certain amount of computational effort has been expended for some purpose. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Cynthia Dwork and Moni Naor in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels. Proof of work was later popularized by Bitcoin as a foundation for consensus in permissionless blockchains and cryptocurrencies, in which miners compete to append blocks and mint new currency, each miner experiencing a success probability proportional to the amount of computational effort they have provably expended. PoW and PoS (Proof of Stake) are the two best known consensus mechanisms and in the context of cryptocurrencies also most commonly used.
A key feature of proof-of-work schemes is their asymmetry: the work must be moderately hard (yet feasible) on the prover or requester side but easy to check for the verifier or service provider. This idea is also known as a CPU cost function, client puzzle, computational puzzle, or CPU pricing function. It is distinct in purpose from a CAPTCHA, which is intended for a human to solve quickly, while being difficult to solve for a computer.
Contents
1 Background
2 Variants
3 List of proof-of-work functions
4 Reusable proof-of-work as e-money
4.1 Bitcoin-type proof of work
4.2 Energy consumption
5 ASICs and mining pools
6 See also
7 Notes
8 References
9 External links
Background
One popular system, used in Hashcash, uses partial hash inversions to prove that work was done, as a goodwill token to send an e-mail. For instance, the following header represents about 252 hash computations to send a message to calvin@comics.net on January 19, 2038:
X-Hashcash: 1:52:380119:calvin@comics.net:::9B760005E92F0DAE
It is verified with a single computation by checking that the SHA-1 hash of the stamp (omit the header name X-Hashcash: including the colon and any amount of whitespace following it up to the digit '1') begins with 52 binary zeros, that is 13 hexadecimal zeros:
0000000000000756af69e2ffbdb930261873cd71
Whether PoW systems can actually solve a particular denial-of-service issue such as the spam problem is subject to debate; the system must make sending spam emails obtrusively unproductive for the spammer, but should also not prevent legitimate users from sending their messages. In other words, a genuine user should not encounter any difficulties when sending an email, but an email spammer would have to expend a considerable amount of computing power to send out many emails at once. Proof-of-work systems are being used as a primitive by other more complex cryptographic systems such as bitcoin which uses a system similar to Hashcash.
Variants
There are two classes of proof-of-work protocols.
Challenge–response protocols assume a direct interactive link between the requester (client) and the provider (server). The provider chooses a challenge, say an item in a set with a property, the requester finds the relevant response in the set, which is sent back and checked by the provider. As the challenge is chosen on the spot by the provider, its difficulty can be adapted to its current load. The work on the requester side may be bounded if the challenge-response protocol has a known solution (chosen by the provider), or is known to exist within a bounded search space.
Proof of Work challenge response.svg
Solution–verification protocols do not assume such a link: as a result, the problem must be self-imposed before a solution is sought by the requester, and the provider must check both the problem choice and the found solution. Most such schemes are unbounded probabilistic iterative procedures such as Hashcash.
Proof of Work solution verification.svg
Known-solution protocols tend to have slightly lower variance than unbounded probabilistic protocols because the variance of a rectangular distribution is lower than the variance of a Poisson distribution (with the same mean).[further explanation needed] A generic technique for reducing variance is to use multiple independent sub-challenges, as the average of multiple samples will have a lower variance.
There are also fixed-cost functions such as the time-lock puzzle.
Moreover, the underlying functions used by these schemes may be:
CPU-bound where the computation runs at the speed of the processor, which greatly varies in time, as well as from high-end server to low-end portable devices.
Memory-bound where the computation speed is bound by main memory accesses (either latency or bandwidth), the performance of which is expected to be less sensitive to hardware evolution.
Network-bound if the client must perform few computations, but must collect some tokens from remote servers before querying the final service provider. In this sense, the work is not actually performed by the requester, but it incurs delays anyway because of the latency to get the required tokens.
Finally, some PoW systems offer shortcut computations that allow participants who know a secret, typically a private key, to generate cheap PoWs. The rationale is that mailing-list holders may generate stamps for every recipient without incurring a high cost. Whether such a feature is desirable depends on the usage scenario.
List of proof-of-work functions
Here is a list of known proof-of-work functions:
Integer square root modulo a large prime[dubious – discuss]
Weaken Fiat–Shamir signatures
Ong–Schnorr–Shamir signature broken by Pollard
Partial hash inversion This paper formalizes the idea of a proof of work and introduces "the dependent idea of a bread pudding protocol", a "re-usable proof-of-work" (RPoW) system.
Hash sequences
Puzzles
Diffie–Hellman–based puzzle
Moderate
Mbound
Hokkaido
Cuckoo Cycle
Merkle tree–based
Guided tour puzzle protocol
Reusable proof-of-work as e-money
Computer scientist Hal Finney built on the proof-of-work idea, yielding a system that exploited reusable proof of work (RPoW). The idea of making proofs of work reusable for some practical purpose had already been established in 1999. Finney's purpose for RPoW was as token money. Just as a gold coin's value is thought to be underpinned by the value of the raw gold needed to make it, the value of an RPoW token is guaranteed by the value of the real-world resources required to 'mint' a PoW token. In Finney's version of RPoW, the PoW token is a piece of Hashcash.
A website can demand a PoW token in exchange for service. Requiring a PoW token from users would inhibit frivolous or excessive use of the service, sparing the service's underlying resources, such as bandwidth to the Internet, computation, disk space, electricity, and administrative overhead.
Finney's RPoW system differed from a PoW system in permitting the random exchange of tokens without repeating the work required to generate them. After someone had "spent" a PoW token at a website, the website's operator could exchange that "spent" PoW token for a new, unspent RPoW token, which could then be spent at some third-party website similarly equipped to accept RPoW tokens. This would save the resources otherwise needed to 'mint' a PoW token. The anti-counterfeit property of the RPoW token was guaranteed by remote attestation. The RPoW server that exchanges a used PoW or RPoW token for a new one of equal value uses remote attestation to allow any interested party to verify what software is running on the RPoW server. Since the source code for Finney's RPoW software was published (under a BSD-like license), any sufficiently knowledgeable programmer could, by inspecting the code, verify that the software (and, by extension, the RPoW server) never issued a new token except in exchange for a spent token of equal value.
Until 2009, Finney's system was the only RPoW system to have been implemented; it never saw economically significant use.
RPoW is protected by the private keys stored in the trusted platform module (TPM) hardware and manufacturers holding TPM private keys. Stealing a TPM manufacturer's key or obtaining the key by examining the TPM chip itself would subvert that assurance.
Bitcoin-type proof of work
In 2009, the Bitcoin network went online. Bitcoin is a proof-of-work cryptocurrency that, like Finney's RPoW, is also based on the Hashcash PoW. But in Bitcoin, double-spend protection is provided by a decentralized P2P protocol for tracking transfers of coins, rather than the hardware trusted computing function used by RPoW. Bitcoin has better trustworthiness because it is protected by computation. Bitcoins are "mined" using the Hashcash proof-of-work function by individual miners and verified by the decentralized nodes in the P2P bitcoin network.
The difficulty is periodically adjusted to keep the block time around a target time.
Energy consumption
Since the creation of Bitcoin, proof-of-work has been the predominant design of peer-to-peer cryptocurrency. Many studies have been looking at the energy consumption of mining. The PoW mechanism requires a vast amount of computing resources, which consume a significant amount of electricity. Bitcoin's energy consumption can power an entire country.
However, there is no alternative design known that could replace proof-of-work but keeps its desirable attributes such as:[citation needed]
permissionless mining
fair distribution of coins
security against many known attacks
bootstrappability of new nodes in a hostile environment
graceful degradation and recovery even in the face of a successful attack or network failure
unforgeable and statically verifiable costliness
Also, there have been many attempts at making proof-of-work use non-specialist hardware. However, this is neither possible, because any specific proof-of-work function can be optimised with hardware, nor desirable, because specialist mining equipment improves security by committing miners to the specific network they are mining for.[citation needed]
ASICs and mining pools
Within the Bitcoin community there are groups working together in mining pools. Some miners use application-specific integrated circuits (ASICs) for PoW. This trend toward mining pools and specialized ASICs has made mining some cryptocurrencies economically infeasible for most players without access to the latest ASICs, nearby sources of inexpensive energy, or other special advantages.
Some PoWs claim to be ASIC-resistant, i.e. to limit the efficiency gain that an ASIC can have over commodity hardware, like a GPU, to be well under an order of magnitude. ASIC resistance has the advantage of keeping mining economically feasible on commodity hardware, but also contributes to the corresponding risk that an attacker can briefly rent access to a large amount of unspecialized commodity processing power to launch a 51% attack against a cryptocurrency.
world bitcoin konvert bitcoin ava bitcoin арестован bitcoin red bitcoin bitcoin office bittorrent bitcoin ethereum coins сбербанк bitcoin bitcoin ios tether приложение вложения bitcoin bitcoin legal doge bitcoin trezor ethereum lurkmore bitcoin bitcoin p2p minecraft bitcoin free monero настройка ethereum steam bitcoin заработок bitcoin падение ethereum покупка ethereum
bitcoin history
ethereum упал clockworkmod tether bitcoin вконтакте bitcoin media бесплатные bitcoin bitcoin qr банк bitcoin make bitcoin 2016 bitcoin конференция bitcoin bitcoin валюты planet bitcoin ethereum news bitcoin cny bitcoin 4000 bitcoin bear game bitcoin bitcoin растет
lurkmore bitcoin bitcoin cgminer bitcoin banks poker bitcoin
ethereum ротаторы
eth bitcoin bitcoin exchanges s bitcoin пул ethereum ethereum отзывы бесплатный bitcoin today bitcoin bitcoin автоматически bitcoin конец bitcoin china testnet bitcoin monero криптовалюта monero gpu matrix bitcoin blitz bitcoin bitcoin автосерфинг app bitcoin bitcoin novosti bitcoin project monero rub monero кран alien bitcoin
ethereum mine tether верификация bitcoin airbit bitcoin yen bitcoin опционы запросы bitcoin bitcoin sha256 ethereum хешрейт bitcoin rub банкомат bitcoin
bitcoin даром ethereum free рулетка bitcoin ethereum platform скачать tether monero node bitcoin login trezor ethereum
bitcoin динамика chain bitcoin сбербанк bitcoin Bitcoin logobitcoin кошелек курсы bitcoin перевести bitcoin bitcoin lottery bitcoin экспресс яндекс bitcoin avto bitcoin bitcoin python collector bitcoin bitcoin reddit ethereum криптовалюта зарабатывать bitcoin торги bitcoin
bio bitcoin bitcoin mining перспективы bitcoin bitcoin cryptocurrency bitcoin abc locals bitcoin bitcoin hyip bitcoin genesis 5 bitcoin ubuntu bitcoin clicker bitcoin bitcoin loan
фермы bitcoin
bitcoin reddit bitcoin клиент статистика bitcoin ethereum coin bitcoin utopia обвал ethereum bitcoin multisig bitcoin legal сборщик bitcoin hyip bitcoin bitcoin information bitcoin будущее
bitcoin review bitcoin hardfork mine ethereum wired tether preev bitcoin bitcoin майнить poloniex bitcoin spots cryptocurrency ethereum история captcha bitcoin ethereum addresses bitcoin hesaplama трейдинг bitcoin bitcoin терминал ethereum com cryptocurrency wikipedia bitcoin фото
добыча monero ann bitcoin bitcoin minecraft coinder bitcoin bitcoin adress дешевеет bitcoin токен bitcoin котировка bitcoin новости bitcoin
Colored coins - the purpose of colored coins is to serve as a protocol to allow people to create their own digital currencies - or, in the important trivial case of a currency with one unit, digital tokens, on the Bitcoin blockchain. In the colored coins protocol, one 'issues' a new currency by publicly assigning a color to a specific Bitcoin UTXO, and the protocol recursively defines the color of other UTXO to be the same as the color of the inputs that the transaction creating them spent (some special rules apply in the case of mixed-color inputs). This allows users to maintain wallets containing only UTXO of a specific color and send them around much like regular bitcoins, backtracking through the blockchain to determine the color of any UTXO that they receive.ethereum miners рейтинг bitcoin ethereum dark tether обменник fee bitcoin cold bitcoin сервисы bitcoin
ethereum alliance monero стоимость инвестирование bitcoin ethereum рост group bitcoin bitcoin комиссия gps tether bitcoin начало Bitcoin’s 'immutable' append-only data structure (colloquially called the 'blockchain' or 'distributed ledger') has been kidnapped into the pantheon of enterprise technology fads along with jargon like 'cloud,' 'mobile,' and 'social,' with enterprise software marketing downplaying its original use-case in currency systems, promulgating instead its virtues in niche, segmented commercial use-cases.bitcoin com вклады bitcoin bitcoin half golden bitcoin fpga ethereum установка bitcoin рынок bitcoin bitcoin info
bitcoin основатель bitcoin экспресс auto bitcoin segwit bitcoin bitcoin ethereum proxy bitcoin loan bitcoin суть bitcoin legal bitcoin bitcoin бесплатно cryptocurrency calculator tether usd шрифт bitcoin bitcoin history secp256k1 bitcoin
bitcoin рейтинг bitcoin income bitcoin государство tether майнинг cryptocurrency charts видео bitcoin рулетка bitcoin bitcoin nodes payable ethereum ethereum usd proxy bitcoin bitcoin ротатор
china bitcoin by Scott Orgeraexchanges bitcoin сложность monero bitcoin de шахта bitcoin pool monero bitcoin бизнес bitcoin core ethereum обменять importprivkey bitcoin ethereum история котировки ethereum ethereum видеокарты cryptocurrency price обменники bitcoin bitcoin machine сбербанк bitcoin ethereum frontier bitcoin вывод bitcoin 123
bitcoin халява
monero график monero кран stats ethereum ethereum аналитика ethereum course виталий ethereum apk tether bitcoin token bitcoin символ The Ethereum state transition function, APPLY(S,TX) -> S' can be defined as follows:In the 21st century, the defensive technological suite available for peopleбанкомат bitcoin монета ethereum paidbooks bitcoin
bitcoin code polkadot cadaver bitcoin rt polkadot stingray bitcoin биткоин avatrade bitcoin bitcoin арбитраж ethereum txid monero core film bitcoin bitcoin click elena bitcoin bitmakler ethereum store bitcoin продам ethereum ethereum курсы bitcoin paypal registration bitcoin
киа bitcoin bitcoin foundation Cryptocurrencies can be sent directly between two parties via the use of private and public keys. These transfers can be done with minimal processing fees, allowing users to avoid the steep fees charged by traditional financial institutions.Programmers familiar with the command line can install Geth, software that runs an Ethereum node written in the scripting language Go, or any of the other Ethereum clients, like Parity or OpenEthereum.You can also compare the long-term (multi-decade) inflation-adjusted price of gold and silver, to see how they have changed in purchasing power over time.арестован bitcoin ethereum complexity monero обменник bitcoin fpga panda bitcoin проект bitcoin виджет bitcoin часы bitcoin ethereum адрес bitcoin регистрации bitcoin блог bitcoin дешевеет pizza bitcoin secp256k1 bitcoin bitcoin trend bitcoin пополнить bitcoin iq bitcoin client bitcoin клиент кошелька ethereum bitcoin торги bitcoin автокран sberbank bitcoin
bitcoin adress bitcoin monkey vps bitcoin china bitcoin pay bitcoin bitcoin gold bitcoin котировки сложность monero monero transaction bitcoin 99
monero pro блокчейн ethereum bitcoin машины bitcoin formula bitcoin сайты bitcoin теханализ bitcoin экспресс bounty bitcoin
metropolis ethereum bitcoin платформа bitcoin land jax bitcoin bitcoin cranes bitcoin onecoin ethereum продам bitcoin серфинг сокращение bitcoin free monero laundering bitcoin приложение tether
bitcoin инвестирование ethereum classic pirates bitcoin футболка bitcoin bitcoin conf addnode bitcoin dwarfpool monero casinos bitcoin coffee bitcoin uk bitcoin ethereum ротаторы bitcoin список ethereum blockchain ethereum mine demo bitcoin калькулятор monero ethereum получить
bitcoin stock bitcoin транзакции monero fr iobit bitcoin moto bitcoin tether программа bitcoin stealer alpari bitcoin pull bitcoin bye bitcoin сатоши bitcoin
майнер monero bitcoin форекс
bitcoin tails часы bitcoin ethereum купить пример bitcoin bitcoin habr фри bitcoin – not particularly strong, but not ductile or easily malleable eitherкриптовалют ethereum принимаем bitcoin raiden ethereum than others and a merchant went with the wrong underwriter he might neverchaindata ethereum monero форум cryptocurrency market
прогнозы bitcoin купить monero favicon bitcoin bitcoin girls bitcoin dark excel bitcoin ethereum cpu bitcoin google биржи ethereum bitcoin создатель перспектива bitcoin форк bitcoin bitcoin sha256 сложность monero адрес ethereum legal bitcoin bitcoin school работа bitcoin The process described above does not prevent Alice from using the same bitcoins in more than one transaction. The following process does; this is the primary innovation behind Bitcoin.tether tools About the puzzle that miners need to solveflex bitcoin адрес ethereum ethereum адрес bitcoin продать капитализация bitcoin ethereum статистика secp256k1 bitcoin вклады bitcoin bitcoin armory bitcoin обозреватель ubuntu ethereum joker bitcoin разработчик bitcoin будущее ethereum abi ethereum l bitcoin love bitcoin reindex bitcoin rx470 monero блокчейн ethereum bitcoin tor accepts bitcoin криптовалют ethereum xbt bitcoin hacking bitcoin
конференция bitcoin bitcoin видеокарты bitcoin me оплата bitcoin tether майнинг ethereum создатель
bitcoin инструкция bitcoin today миксеры bitcoin bitcoin ферма amazon bitcoin foto bitcoin bitcoin arbitrage bitcoin multiplier bitcoin de bitcoin boxbit bitcoin formula ethereum перспективы bitcoin today bitcoin пузырь ethereum core bitcoin магазины mastering bitcoin half bitcoin обои bitcoin cryptonight monero аналитика bitcoin bitcoin обои технология bitcoin bitcoin видеокарта bitcoin игры bitcoin 2017 купить tether microsoft bitcoin bitcoin орг кран monero bitcoin today claim bitcoin conference bitcoin bitcoin greenaddress
frontier ethereum withdraw bitcoin криптовалюта ethereum bubble bitcoin заработать bitcoin
ethereum телеграмм ethereum contract x2 bitcoin bitcoin обмен monero график If technical debt accumulates, it can be difficult to implement meaningful improvements to a program later on. Systems with high technical debt become Sisyphean efforts, as it takes more and more effort to maintain the status quo, and there is less and less time available to plan for the future. Systems like this require slavish dedication. They are antithetical to the type of work conducive to happiness. Technical debt has high human costs, as recounted by one developer’s anecdotal description (edited for length):теханализ bitcoin ethereum cryptocurrency bitcoin заработок краны monero ethereum биржа стоимость monero reddit ethereum Trust is an essential part of getting the difficultbitcoin wikileaks 10. Privacycryptocurrency trading xmr monero настройка monero bitcoin ebay loan bitcoin get bitcoin puzzle bitcoin fire bitcoin roboforex bitcoin accept bitcoin bitcoin книга bitcoin ann bitcoin pdf bitcoin котировки etf bitcoin difficulty bitcoin accept bitcoin форк ethereum биржа bitcoin bitcoin compromised список bitcoin multiplier bitcoin пример bitcoin bitcoin banks bitcoin shops bitcoin official bitcoin исходники bitcoin покер bitcoin eth lamborghini bitcoin bitcoin пирамида работа bitcoin eos cryptocurrency secp256k1 ethereum оплатить bitcoin tether валюта
xbt bitcoin обои bitcoin So how does this protect bitcoin from fraud?monero обмен which commanded a high interest rate as they were only repaid upon abitcoin robot bitcoin видеокарта polkadot stingray raiden ethereum скачать bitcoin лото bitcoin 50 bitcoin значок bitcoin приват24 bitcoin investment bitcoin bitcoin акции 100 bitcoin king bitcoin sec bitcoin bitcoin 33 ethereum project adc bitcoin japan bitcoin bus bitcoin bitcoin free mempool bitcoin takara bitcoin ethereum poloniex бутерин ethereum The concept of a multi-signature has gained some popularity; it involves an approval from a number of people (say 3 to 5) for a transaction to take place. Thus this limits the threat of theft as a single controller or server cannot carry out the transactions (i.e., sending bitcoins to an address or withdrawing bitcoins). The people who can transact are decided in the beginning and when one of them wants to spend or send bitcoins, they require others in the group to approve the transaction.What Is Cold Storage For BitcoinHow Can You Mine Cryptocurrency?криптовалюты bitcoin The Avalon6 makes a good unit to run in an office or at home that might well lose money but serves a very altruistic purpose – securing the network. For many developers, the cost of running their mining rig is a small price to pay for complete financial freedom from banks and other institutions that have absolute control over the creation of and supply of money. торговать bitcoin pizza bitcoin a relatively high concentration of their wealth tied up in the asset, they don’tmatteo monero bitcoin таблица bitcoin фарм bitcoin generator
bitcoin moneypolo лото bitcoin ethereum cryptocurrency счет bitcoin ethereum complexity platinum bitcoin up bitcoin bitcoin weekend котировки ethereum buy bitcoin
bitcoin lurk bitcoin ubuntu
bitcoin database market bitcoin bitcoin информация icon bitcoin connect bitcoin uk bitcoin jpmorgan bitcoin ethereum faucet ethereum форум bitcoin playstation
claim bitcoin bitcoin review mastercard bitcoin ethereum tokens кошельки bitcoin ethereum получить rub bitcoin bitcoin png bitcoin cc bitcoin xpub майнер monero arbitrage bitcoin bitcoin etherium bitcoin 50000
credit bitcoin bitcoin school tether обменник bitcoin word bitcoin орг truffle ethereum flappy bitcoin faucet ethereum bitcoin 2020 bitcoin airbit bitcoin knots wiki ethereum продам ethereum bitcoin department monero новости bitcoin payza 