Bitcoin (Proof-of-work)

A chain of blocks as a public ledger

  • each block has a header and a body
  • the body has entries of transfers
  • asymmetric encryption scheme (public/private keys) to prevent forging
  • (hash of) public key as address, private key to sign

Proof-of-work for consensus

  • each block header contains the hash value of previous block
  • target: a number (256 bit for bitcoin) with the beginning n bits are zero.
    • lower than or equal to
    • max (easier to computer): 32 bits as 0
      • 2^224-1 : 0x00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    • min (harder to computer): all bits as 0
      • can be possibly extended to more than 256 bits, so really no minimum target
  • each block also has a 4-byte random number (nonce), a participant (miner) can enumerate the nonce to meet the difficulty requirement.
  • on average generating each block will take 2^n tries. If the network has “hashing power” as H, and the expected time to generate next block is t. Then: t*H = 2^n.
  • if the desired time to generate the next block is T, then the difficulty should be set as n=log_2(T*H)
  • difficulty: max_target / current_target
    • min: 1
    • max: no max difficulty (greater than 2^224)
    • current difficulty: 12,720,005,267,390 ~= 12.7T ~= 2^44
      • target = max_target / difficulty ~= 2^(224-44) = 2^180
  • difficulty/target is adjusted every 2016 blocks (approximately 2 weeks given the 10 minutes period)

Timestamp

  • accepted as valid if
    • lower than now + 2 hours
    • greater than the median timestamp of previous 11 blocks

Incentives and mining

  • block reward initially 50 bitcoin for each block, plus transaction fees
  • block reward halves every 210,000 blocks (~4 years), 0 after 64 iterations
    • currently at 12.5 (2019)
  • total amount: ~21 million, over 75% and below 87.5% have been mined (why?)
    • 210000 * (50 + 25 + 12.5 + …)

Merkle tree

  • leaf nodes has data
  • non-leaf nodes has hash of children nodes
  • the merkle root hash (32 bytes) is in the block chain header
  • this enables fast verification of the chain
    • no need to compute hash for all transaction content.

Forking

  • if two miners both generate (different) next blocks, then the chain “forks”. Other clients may accept either chain.
  • eventually, the longer chain wins, that is, a client will replace its own chain with a new chain if the new chain is longer.
  • 51% attack: if one controls most of the hash powers, she can always rewrite a chain, causing issues such as double spending.
  • to avoid frequent forking, the expected time to generate a block should not be too small. 4 minutes in bitcoin. To achieve this, the difficulty is adjusted every 2016 blocks (~2 weeks).