The Bitcoin whitepaper, explained and commented — section 4: Proof-of-Work

8 min readApr 12, 2020
Photo by Massimo Botturi on Unsplash

This is the 4th part of our series dissecting Satoshi Nakamoto’s original Bitcoin whitepaper from 2008. In the previous part, we introduced the idea of timestamps as a solution to the problem of organizing blocks of transactions in a peer-to-peer environment. As previously, quotes are from the whitepaper.

In practice, these timestamps are computed by hashing the previous block’s timestamp together with a bunch of new transactions: hashing means computing a short digital digest, and it is done with tools borrowed from cryptography. In Bitcoin, as we’ll see right now, the cryptographic hash function is called SHA-256.

SHA-256: hashing is mashing

SHA-256 (pronounced as in “shall” or “shark”) was a tool originally published by the NSA in 2001. It can be used free of royalties, which is probably one of the reasons why Nakamoto chose it. SHA-256 produces 256 bits digests out of a digital input of any size. Look at the 2 examples below:

Example 1:
Input: “SATOSHI NAKAMOTO”, Output (SHA-256):

Example 2:
Input: the whole text of War and Peace by Leo Tolstoi, as downloaded from the Gutenberg Project, Output (SHA-256):

You can see from these 2 examples that, no matter what the length of the input is, the output is always the same length: 256 bits, usually presented as a “hexadecimal” string of 64 characters, which means that each character is taken from the set “0,1,2,…,8,9,a,b,c,d,e,f”. What’s more, these outputs really look like a random string of characters.

SHA-256 is considered very secure in the sense that there is no known algorithm to reverse it: from an output, you cannot go back to the input. Hashing works like mashing potatoes: easy to do, impossible to reverse!

Proof-of-work: repeating useless computations

The only way to “reverse” a hash is to try all the possible inputs, which would be a very time-consuming endeavor…