Bitcoin and other cryptocurrencies only work if there is a distributed network of people willing to verify transactions.
Maintenance is upheld by those willing to lend their computing power to the network, known collectively as “miners”. Here we’ll discuss the process of mining, the incentives for doing so, and the basics of how the system maintains network security. We’ll also check in with our pal, Miner Moe.
Creating a transaction
Let’s walk through a blockchain transaction. I agree to send you 1 bitcoin in exchange for one Double Chocolatey Sprinkle Cone™ (that’s an expensive cone…). You give me your public address, and I “announce” the transaction to the blockchain (in reality, my wallet announces the transaction). My announcement includes how much money I’ll be sending, your public address, and my digital signature.
(which proves that it’s really me sending you a bitcoin). The first two parts are self-explanatory, but the digital signature requires some digging to fully understand. After all, how can you sign something digitally in the first place? Couldn’t you forge a signature by simply copy and pasting?
Pause. Before we dig deeper, we need to define the cryptographic hash function. These functions are complicated math-y instructions designed to produce outputs that are seemingly unrelated to their inputs, making it impossible to determine the input from the output.
For example, if you enter the number “1” into a hash function, it would return a seemingly random output of 1's and 0's. The same would happen if you entered “3”–and importantly, the hash output from “1” bears no correspondence to the output from “3.” The outputs mirror randomness.
Any by the way, Bitcoin uses a hashing algorithm called “SHA-256,” meaning that the output is made up of 256 1’s or 0’s. This means that the odds of luckily guessing the input from the output are unfathomably low. If you still aren’t convinced, visit our section on Security & Cryptography.
So, how do hashing functions relate to digital signatures? The answer is, we use hashing functions to create complicated digital signatures that cannot be faked. Signatures are created by feeding your private key and transaction information into the hashing function, so an entirely new digital signature is created for each transaction.
I need to send you a bitcoin for the Double Chocolatey Sprinkle Cone™. So, I input to a hashing function the amount of crypto I want to send you, your address, and my private key. Out pops my signature for the transaction (in the form of a bunch of 1’s and 0’s). I include this with the transaction itself when I broadcast it to the network.
Verifying a Transaction
Because I’m using a hash function, if any piece of the transaction is changed (my private key, your address , the transaction amount), the resulting signature is totally different! If you were to compare two signatures from the same person on two different messages, you wouldn’t be able to see any relationship between the two. However, we can verify that the signature is valid using a “verification algorithm.”
We input the transaction (including the address of the recipient and the amount), the address of the sender, and the digital signature. The verification algorithm takes this information and gives us a true or a false. Simple!
If everything checks out, the transaction is valid. If not, then something is amiss. The verification algorithm works because the public address of the sender and their private key are related in a very complicated way (take our word for it, or see Elliptic Curve Cryptography).
Thus, the verification function will tell us whether or not the signature is real. The details of public key cryptography and cryptographic hash functions will be covered in detail in the Security & Cryptography section. For now, keep in mind that these hashing algorithms make it functionally impossible for a person to sign a message without the correct private key.
Back to our transaction. I generated it, signed it using my private key, and broadcasted it out to the network. Thousands of miners received my transaction due to the magic of the Internet, and the miners checked the transaction using the verification algorithm to ensure two things:
That it was really me sending you a bitcoin. If it had been an imposter, the transaction would have been rejected by the network.
That I have enough bitcoins to complete the transaction (remember, no overspending, and consequently no debt, is allowed on a blockchain).
Great! Everything checks out. So, our transaction has been verified and is added to the pool of transactions that haven’t yet been officially added to the blockchain, waiting to be indelibly etched into digital history. My job as a participant in the ecosystem is complete–the miners take it from here. Yay!
The Escapades of Miner Moe
Miner Moe, nearby, is getting ready to start mining for the first time and he wants one thing: to earn bitcoins. And there’s only one way for a miner to earn them: Add the next block to the blockchain . If Moe is able to do so, he will receive a block reward of newly minted bitcoins, plus the transaction fees from those conducting transactions. These transaction fees are included voluntarily by the sender, in this case me, along with every transaction broadcasted to the network.
Why? Miners choose which transactions will be added to the next blocks, so offering a high transaction fee improves the chance that your transaction will be included as soon as possible.
For instance, let’s say that Moe is mining on a fictitious blockchain that includes only one transaction per block. Because Moe and other miners get to choose which transactions they will attempt to add to the blockchain first, the transaction with the highest fee will always be the one added first. So if you care about transaction speed, you also care about transaction fees.
Returning to our example: Moe wants to mine the next block. If he does so, he receives newly minted bitcoins and transaction fees.
He selects the proper number of transactions to fill a block, taking those with the highest transaction fees and working his way down until the block is full. To fully understand what takes place next, we need the following additional information:
Simultaneously, every other miner around the world is doing the same thing as Moe, and there are many.
The transactions Moe selected are compressed into a very long number representing them. This number will eventually be combined with two other pieces of information and fed into the SHA-256 hashing algorithm. These are:
A number associated with the previously mined block (known as the hash of the previous block), and
a newly generated, random number between 0 and 2^32 known as a nonce.
Let’s go over that again. In the final hash of this process, there are three inputs:
A number representing all of the transactions in the new block.
A hash representing all of the transactions in the last block.
A new number, chosen at random, called a nonce.
After feeding these things into SHA-256 (Bitcoin’s hashing algorithm), we get a new hash. Remember, hashes are 256 1’s or 0’s.
The goal of the miner is to find a nonce that makes a hash with a predetermined number of 0’s at the beginning. These 0’s are called “leading zeros”.
Why? SHA-256 only operates in the forward direction, and the only way Miner Moe can produce this special hash is by trying random nonces till he gets lucky and finds a hash with enough leading zeros.
Moe’s computer picks a nonce at random, combines it with the two other inputs, feeds the result into SHA-256, and checks the resulting hash for the correct number of leading zeros over…and over… and over… before finally finding a lucky nonce that generates the desired hash. Miners can also, and may need to, change the transactions in the block to generate this hash.
The randomness of SHA-256 comes into play here. There is no way for Miner Moe to calculate which combination of nonce, transactions, and previous hash will be correct. The most efficient way to find the hash with the right number of zeroes is to guess and check different combinations.
So why is this important? Well, only the first miner to produce the hash with the correct number of zeros is rewarded. Finding a block is akin to winning the lottery (or, aptly, luckily discovering a gold deposit, hence the term mining).
If you win, your computer happened to come across the right random nonce before anyone else’s did, and you collect a reward as result. Mining, at its core, is a combination of luck and immense computing power. The more computing power you have, meaning the more hashes you can produce, the more luck you will have.
The number of 0’s required for a block’s hash to be considered valid changes depending upon how much computer power is attempting to find each block. In the case of the Bitcoin protocol, the number of 0’s is adjusted so that a block is mined roughly every 10 minutes. If more computing power begins mining, the number of 0’s required at the beginning of the hash increases. If miners leave the network, decreasing total mining power, the number of 0’s decreases.
Remember that in Miner Moe’s final hash, the one where he chose a nonce, he included the hash of the previous block as an input. The hash Moe made, the one with the right nonce and leading zeros, will be used by miners as part of the next block.
Because the hash of each block is partially dependent upon the hash of the block before it, all of the blocks in the chain are connected. If, for instance, I were to change a single transaction in a single block, that would change:
The transaction itself, invalidating the signature.
The hash of the block (the number produced when the transactions in the block, the nonce, and the hash of the previous block are fed through SHA-256). The block’s hash, when utilizing the previously correct nonce, would no longer be preceded by the correct number of 0’s due to the nearly completely random nature of the cryptographic hashing algorithm. Even a small change in the block will completely change the hash.
The hash of every block following this block. The hash of each block includes the hash of the block that came before it, so changing the hash of the first block invalidates every block that follows it in the chain.
This ripple effect prevents even the slightest attempted changes in the blockchain from going unnoticed. More importantly, it requires someone attempting to rewrite history to find the new, correct, nonce and hash for every single block following the changed one.
Huh. Wait, couldn’t someone just… do that?
Well, sure. But remember, it takes an enormous amount of computing power, time, and electricity to calculate these things. Also, keep in mind that the Bitcoin protocol instructs miners to follow whichever chain is longest.
Let’s dig into the implications of this statement a bit: Moe's brother, Joe. Joe is a "bad actor" in the network.
Moe’s brother Joe wants to cheat the system. A week ago, he paid for a haircut in bitcoins, received the service, and now wants to go back and change the record of the transaction. Instead of sending the bitcoins to the barber, he will instead send them to a different account that he himself owns. Then, he’ll mine a block that contains this fake expenditure and not the real one.
He’s only changing the one transaction, but it will invalidate every block following the one containing his payment.
“So be it!” he says with disdain. “I’ll just re-mine all the blocks following the changed one back to the present.”
At this point, you may be confused (we certainly were at first) – if he can just re-mine old blocks, then how can the blockchain be safe?
Fortunately, he can’t. The blockchain is immutable, so every block that’s ever been mined is still in existence. It is impossible for him to “write over” existing blocks. He’ll have to create a separate chain of blocks, each containing the same transactions as the original chain (except for the one change he made). The chains will be identical up until the changed block, and separate after that point, because the blocks they are composed of will have different hashes and different nonces.
The Bitcoin “proof of work” protocol states that when two chains are created, as in this case, the computational power of the miners is pooled for both chains. Only one block can be mined every 10 minutes. This means that it is just as hard for Joe to find a nonce as the rest of the miners, and they have much more computational power than he does.
As long as more computational power is mining the correct chain, it will be statistically more likely to have blocks added to it and will grow more quickly. Thus, as the honest chain grows, the dishonest one falls further and further behind.
Miners only trust the longer chain–the honest one–and only accept transactions that are valid on the honest chain. Transactions on Joe’s chain will be invalidated. Joe’s attack has failed! And remember, we assumed that Joe was able to instantaneously mine all the blocks after his fraudulent block up to the present instantaneously. In reality, it is nearly impossible for a lone attacker to catch up.
Unless…Joe made a side deal with thousands of other miners, who all agree to mine on his fraudulent chain. If there are more dishonest collaborating miners than honest independent ones, they are able to add blocks to their alternate chain more quickly.
Eventually, their chain will be the longer one and the honest miners will switch to it (because they follow the longer chain). This is known as the 51% attack, and it has the potential to undermine the fraudless nature of the blockchain. It’s called a 51% attack because whichever chain has 51% of the mining power will grow more quickly over time.
Fortunately, a 51% attack is incredibly difficult to execute for several reasons:
As more and more miners join the network, it becomes more difficult to arrange collusion among 51% of the members.
Assuming you want to go back in time and change an old transaction, it is extraordinarily expensive to re-mine a significant number of blocks.
Miners have an incentive to prevent dishonesty and collusion. If a 51% attack were to happen, the security of the blockchain would be compromised and no one would accept the cryptocurrency as payment. This will cause the price to crash as everyone loses trust in the system. Because miners make their living by selling the bitcoins they have mined, they are economically motivated to prevent this from occurring. In fact, in some cases early on in Bitcoin’s history, miners have actively altered their behavior to stop this from happening.
Man, was that a lot of information.
To sum it all up in few sentences: miners race to find new blocks, receiving newly minted coins as a reward if they are successful. This is done by “guess and checking” exceedingly large numbers in an attempt to produce a hash with a predetermined number of 0’s at the front.
The number of 0’s is adjusted (making the mining process proceed more quickly or more slowly) so that blocks are mined roughly every 10 minutes (this is true of Bitcoin specifically). Guess and checking is called “computational work” in fancy-pants-computer-science language. Whichever chain has the most computational work behind it (which will, inevitably, be the longest chain) is considered the true chain by miners.
You’ve made it through most of the technical jargon surrounding mining. Does your brain hurt? Yeah, ours too.
Let’s talk about how mining works today.
Mining Today and Fancy Computers
The method discussed previously for ensuring the absence of fraud is known as “proof of work,” due to the computational work (in the form of energy, time, and calculation) required to produce a block. Because the mining difficulty is adjustable, as more miners have joined the network it has become more difficult to mine. This has lead to a sizable increase in the amount of electricity consumed per block produced, and many are concerned about the environmental impacts of such consumption.
Alternatives to proof of work are discussed in our Proof of section.
The faster you can check nonces, the faster you can find a hash, the more likely you are to find the right hash, and the more likely you are to get a block reward (lots of money). Thus, mining has contributed to a market for specialized computer chips designed specifically for finding nonces and running hashing algorithms.
Application Specific Integrated Circuits (ASICs) have significantly multiplied our ability to run through nonce possibilities as quickly as possible, and large conglomerates now purchase them by the thousands. Because mining is an all or nothing business, many individual miners saw a dramatic drop in the consistency of their rewards when large players entered the market, making it difficult to pay the high energy bills.
And so came mining pools: collections of many individuals, each contributing a small amount of mining power but together representing a vast amount. Rewards generated by any person in the pool are distributed according to computing power contributed to the pool. This allows miners to take profit more consistently and compete against larger, better funded opponents.
The downside? As mining pools draw more and more individual miners, computing power becomes more concentrated among specific groups, making it even more difficult for solo miners without lots of funding to sustain themselves. Given that Bitcoin was designed to be decentralized, this is concerning to many.
It is likely that, as better computing technology develops (which it invariably will), mining technology will change. And, as we said, there are some cryptocurrencies which aren’t even mined at all! You can read about that in the Proof of section.