The Bitcoin whitepaper, explained and commented — section 4: Proof-of-Work
This is the 4th part of our series dissecting Satoshi Nakamoto’s original Bitcoin whitepaper from 2008. In the previous part, we introduced the idea of timestamps as a solution to the problem of organizing blocks of transactions in a peer-to-peer environment. As previously, quotes are from the whitepaper.
In practice, these timestamps are computed by hashing the previous block’s timestamp together with a bunch of new transactions: hashing means computing a short digital digest, and it is done with tools borrowed from cryptography. In Bitcoin, as we’ll see right now, the cryptographic hash function is called SHA-256.
SHA-256: hashing is mashing
SHA-256 (pronounced as in “shall” or “shark”) was a tool originally published by the NSA in 2001. It can be used free of royalties, which is probably one of the reasons why Nakamoto chose it. SHA-256 produces 256 bits digests out of a digital input of any size. Look at the 2 examples below:
Input: “SATOSHI NAKAMOTO”, Output (SHA-256):
Input: the whole text of War and Peace by Leo Tolstoi, as downloaded from the Gutenberg Project, Output (SHA-256):
You can see from these 2 examples that, no matter what the length of the input is, the output is always the same length: 256 bits, usually presented as a “hexadecimal” string of 64 characters, which means that each character is taken from the set “0,1,2,…,8,9,a,b,c,d,e,f”. What’s more, these outputs really look like a random string of characters.
SHA-256 is considered very secure in the sense that there is no known algorithm to reverse it: from an output, you cannot go back to the input. Hashing works like mashing potatoes: easy to do, impossible to reverse!
Proof-of-work: repeating useless computations
The only way to “reverse” a hash is to try all the possible inputs, which would be a very time-consuming endeavor…