Key Question
How does βminingβ create an immutable record of transactions without a central authority?
Deep Dive
Proof of Work: find a number (nonce) such that SHA256(block_header || nonce) produces a hash with N leading zero bits.
Block structure:
ββββββββββββββββββββββββββββββββββββββββββββ
β Block Header β
β βββββββββββββββββββββββββββββββββββββββ β
β β Version: 1 β β
β β Previous Block Hash: 0000...a3f2 β β
β β Merkle Root: 5b2a...c91d β β
β β Timestamp: 2026-06-05 12:34:56 β β
β β Difficulty Target: 0000...ffff β β
β β Nonce: 1832457893 β β
β βββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββ€
β Transaction List β
β Tx1: A β B (1 BTC) β
β Tx2: C β D (2 BTC) β
β Tx3: Coinbase β Miner β
β ... β
ββββββββββββββββββββββββββββββββββββββββββββThe mining process:
1. Collect pending transactions
2. Build the merkle tree of those transactions
3. Set previous block hash (from the tip of the chain)
4. Set the difficulty target (adjusted every 2016 blocks)
5. Start with nonce = 0
6. Compute SHA256(SHA256(block_header))
7. If hash < target β block found! Broadcast immediately.
8. Else increment nonce, go to step 6
9. If you exhaust 32-bit nonce, update transaction set (extra nonce) and restartThe difficulty adjusts so blocks arrive every ~10 minutes:
Bitcoin's difficulty adjustment:
hash_target = previous_target Γ (actual_time / 2_weeks)
If blocks came faster than 10 min avg β difficulty β (target β)
If blocks came slower than 10 min avg β difficulty β (target β)The longest chain is the valid one. Satoshi called it βone-CPU-one-vote.β Miners build on whichever block they received first. If theyβre honest, they extend the longest chain.
Longest chain rule:
ββββββββ ββββββββ ββββββββ ββββββββ
βBlock βββββββBlock βββββββBlock βββββββBlock β β honest miners
β 100 β β 101 β β 102 β β 103 β extend this
ββββββββ ββββββββ ββββββββ ββββββββ
β
ββββββββββββββ
βBlock β β orphaned
β 103' β (too short)
ββββββββMining probability: P(you find next block) = your_hashpower / total_hashpower. If the network has 200 EH/s and you have 1 PH/s: P = 10^15 / (200 Γ 10^18) = 1 / 200,000 = 0.0005% per block.
Check Your Understanding
- What must a miner find to create a valid block?
- Why does the difficulty adjust every 2016 blocks?
- If two miners find blocks at the same time, which one survives?
The βSo What?β
PoW turns energy into trust. Each block represents real-world electricity consumption. To rewrite history, youβd need to redo all that work β making the cost of cheating exceed the potential reward. This economic link between energy and security is the foundation of every Proof-of-Work blockchain.
βοΈ Exercises
Exercises: Blockchain & Proof of Work
Exercise 1
If the Bitcoin network has 200 EH/s (2 Γ 10^20 hashes per second) and you have 1 PH/s (10^15 hashes per second), what is your probability of mining the next block?
Exercise 2
What prevents someone from changing a transaction in block #100,000? Be specific β mention the cryptographic structures involved.
Exercise 3
Why is selfish mining with 25% hashpower dangerous? What revenue advantage does the attacker gain?
Exercise 4 (Challenge)
Suppose Bitcoinβs block time is 10 minutes on average. Youβre a merchant who waits for 6 confirmations before shipping. If the attacker has 40% of the total hashpower, whatβs the probability they could produce a longer chain than the honest miners after 6 blocks? Assume the honest miners have 60% and blocks follow a Poisson process. (Hint: this is a variant of the βgamblerβs ruinβ / race problem described in the Bitcoin whitepaper.)
ποΈ View Solutions
Solutions: Blockchain & Proof of Work
Exercise 1
Probability of mining the next block.
P = your_hashpower / total_hashpower P = (1 Γ 10^15) / (200 Γ 10^18) P = 1 / 200,000 P = 0.000005 = 0.0005%
In plain terms: youβd expect to mine a block once every 200,000 blocks. At 10 min/block, thatβs about 3.8 years of continuous mining.
Exercise 2
Why block #100,000 transactions canβt be changed.
Each block contains the hash of the previous block in its header. Block #100,000 links to block #99,999βs hash. Changing a transaction in block #100,000 changes the Merkle root of the transaction tree, which changes the block header, which changes the blockβs hash. That hash is referenced by block #100,001. Youβd need to:
- Recompute PoW for block #100,000 (new nonce)
- Recompute PoW for block #100,001 (different prev_hash now)
- Recompute PoW for all blocks up to the current tip (~857,000+ blocks)
Thatβs more than 757,000 blocks of PoW β computationally infeasible without >50% of the total networkβs hashpower.
Exercise 3
Selfish mining danger.
With 25% hashpower, the selfish miner can gain more than 25% of block rewards by:
- Withholding found blocks instead of broadcasting immediately
- Letting honest miners waste work on competing blocks
- Broadcasting their private chain at the right moment to orphan honest blocks
This breaks the core security assumption (βone-CPU-one-voteβ means fair share). A rational miner with 25% hashpower is incentivized to become selfish, which degrades network security for everyone. At 33% hashpower, the attacker earns ~40% of rewards β a significant unfair advantage.
Exercise 4 (Challenge)
Attacker probability after 6 confirmations with 40% hashpower.
This is Nakamotoβs race: attacker catches up from z blocks behind, where z=6.
q = attacker hashpower = 0.4 p = honest hashpower = 0.6
Probability attacker catches up from z blocks behind:
P = (q/p)^z when q < p
P = 1 when q β₯ pP(attacker catches up from 6 behind) = (0.4/0.6)^6 = (0.667)^6 β 0.0879 β 8.8%
Thatβs an uncomfortably high probability for a $10M transaction. This is why:
- Exchanges wait 30+ confirmations for large deposits
- Zero-confirmation transactions are risky with >0% attacker hashpower
- The whitepaper formula assumes the attacker works continuously; real attackers may be less patient
With q=0.3 (30%), P = (0.3/0.7)^6 = (0.429)^6 β 0.62% β much safer.