Proof-of-work system

A proof-of-work (POW) system (or protocol, or function) is an economic measure to deter attacks and other service abuses such as on a network by requiring some work from the service requester, usually meaning processing time by a computer. The concept was invented by and as presented in a 1993 journal article. The term “Proof of Work” or POW was first coined and formalized in a 1999 paper by and Ari Juels.An early example of the proof-of-work system used to give value to a currency is the Shell Money of the .

A key feature of these schemes is their asymmetry: the work must be moderately hard (but feasible) on the requester side but easy to check for the service provider. This idea is also known as a CPU cost function, , computational puzzle or CPU pricing function. It is distinct from a , which is intended for a human to solve quickly, rather than a computer. (PoS) proposals apply the same principle by proving a dedicated amount of memory or disk space instead of CPU time. approaches have been discussed in the context of cryptocurrency. aims at proving that specific data are held by the prover.



One popular system—used in bitcoin mining and Hashcash—uses partial hash inversions<!– *not* hash collisions… –> to prove that work was done, as a good-will token to send an . For instance the following header represents about 252 hash computations to send a message to [email protected] on :

X-Hashcash: 1:52:380119:[email protected]:::9B760005E92F0DAE 

It is verified with a single computation by checking that the SHA-1 hash of the stamp (omit the header name <code>X-Hashcash:</code> including the colon and any amount of whitespace following it up to the digit ‘1’) begins with 52 binary zeros, that is 13 hexadecimal zeros:


Whether POW systems can actually solve a particular denial-of-service issue such as the spam problem is subject to debate; the system must make sending spam emails obtrusively unproductive for the spammer, but should also not prevent legitimate users from sending their messages. In other words, a genuine user should not encounter any difficulties when sending an email, but an email spammer would have to expend a considerable amount of computing power to send out many emails at once. Proof-of-work systems are being used as a primitive by other more complex cryptographic systems such as bitcoin which uses a system similar to Hashcash.


There are two classes of proof-of-work protocols.

  • Challenge-response protocols assume a direct interactive link between the requester (client) and the provider (server). The provider chooses a challenge, say an item in a set with a property, the requester finds the relevant response in the set, which is sent back and checked by the provider. As the challenge is chosen on the spot by the provider, its difficulty can be adapted to its current load. The work on the requester side may be bounded if the challenge-response protocol has a known solution (chosen by the provider), or is known to exist within a bounded search space.
  • Solution-verification protocols do not assume such a link: as a result the problem must be self-imposed before a solution is sought by the requester, and the provider must check both the problem choice and the found solution. Most such schemes are unbounded probabilistic iterative procedures such as Hashcash.

Known-solution protocols tend to have slightly lower variance than unbounded probabilistic protocols, because the variance of a is lower than the variance of a (with the same mean). A generic technique for reducing variance is to use multiple independent sub-challenges, as the average of multiple samples will have lower variance.

There are also fixed-cost functions such as the time-lock puzzle.

Moreover, the underlying functions used by these schemes may be:

  • CPU-bound where the computation runs at the speed of the processor, , as well as from high-end server to low-end portable devices.
  • Memory-bound
  • Weaken signatures This paper formalizes the idea of a proof of work (POW) and introduces “the dependent idea of a “, a “re-usable proof of work” (RPOW) system. as Hashcash
  • Hash sequences
  • Puzzles
  • -based puzzle
  • Moderate
  • Mbound
  • Hokkaido
  • Cuckoo Cycle
  • Merkle tree based

Reusable proof-of-work as e-money

Computer scientist Hal Finney built on the proof-of-work idea, yielding a system that exploited reusable proof of work (“RPOW”). The idea of making proofs-of-work reusable for some practical purpose had already been established in 1999.


External links

  • Bit gold. Describes a complete money system (including generation, storage, assay, and transfer) based on proof of work functions and the machine architecture problem raised by the use of these functions.


See Also on BitcoinWiki