## What are bitcoin miners really solving?

152

91

As with mining, what are the bitcoin miners really solving? I read they are solving hashes, but what does that really mean. Can we see what they are solving? Can someone give an example of what a bitcoin mining machine sees to solve?

2

– Stephen Gornick – 2013-02-28T23:52:30.587

Ok but WHAT data are we mining! Nobody seems to know. I don't care how it works I want to know where the data is coming from that bit mining is decryption or encrypting. – None – 2013-12-05T20:18:23.387

44

They try to find a random nonce (a little random data) that goes into a block and makes the block have a (SHA256) hash that (in binary) starts with a certain amount of 0's. The more zeroes the more rare hash is. A good hash' outcome is not predictable, and so you have to try a lot of times to find a good nonce.

The amount of zeroes are based on how difficult it is supposed to be to find a block. In Bitcoin it adjusts to have a new block every 10 minutes (on average, given the rate at which previous blocks are found).

Interesting: because the hashes are unpredictable it doesn't matter how the nonce changes! Most of the time it's just a number counting upwards from 0!

152

Here is an extremely simplified sketch of the problem, but it should give a pretty good idea of what the problem is.

The data:

This is the hash of the lastest block (shortened to 30 characters):

00000000000001adf44c7d69767585


These are the hashes of a few valid transactions waiting for inclusion (shortened).

5572eca4dd4
db7d0c0b845


And this the hash of one special transaction that you just crafted, which gives 25BTC (the current reward) to yourself:

916d849af76


Building the next block:

Now, let's use a gross approximation of what a new block might look like (the real one uses binary format). It contains the hash of the previous block and the hashes of those 3 transactions:

00000000000001adf44c7d69767585--5572eca4dd4-db7d0c0b845-916d849af76--


Now let's do mining by hand! Our goal is to complete this block with a nonce (a piece of garbage) such that the hash of the new block starts with 13 zeros (considering the previous hash, it seems that 13 zeroes is the current difficulty!).

Mining (trying to finalize this block):

Let's try with nonce=1, and compute the hash of the block (I'm using the md5 hash algorithm, but Bitcoin uses double sha256):

> echo "00000000000001adf44c7d69767585--5572eca4dd4-db7d0c0b845-916d849af76--1" | md5sum
8b9b994dcf57f8f90194d82e234b72ac


No luck, the hash does not start with a 0… Let's try with nonce=2

> echo "00000000000001adf44c7d69767585--5572eca4dd4-db7d0c0b845-916d849af76--2" | md5sum
5b7ce5bcc07a2822f227fcae7792fd90


No luck…

If we pursue until nonce=16, we get our first leading zero.

> echo "00000000000001adf44c7d69767585--5572eca4dd4-db7d0c0b845-916d849af76--16" | md5sum
03b80c7a34b060b33dd8fbbece79cee3


For nonce=208, we get two leading zeroes!

> echo "00000000000001adf44c7d69767585--5572eca4dd4-db7d0c0b845-916d849af76--208" | md5sum
0055e55df5758517c9bed0981b52ce4a


Continue like this… If you finally find a hash that has 13 leading zeroes… you're a winner! Other miners will now build upon your block, you've just got 25BTC.

But you'll have to be fast!

Back to step 1…

If someone manages to build a block before you do, you'll have to start again from the beginning with the new block's hash (the one of the winner).

Note that you're not actually "counting zeroes". In reality approximately the first four non zero numbers are being compared with something called a "target". This is stored in compact form in each block in a field called "bits". – halfbit – 2013-03-01T18:50:18.043

9Also your example is conceptually heading in the right direction, but the real success is when the sha256 hash of the header is less than the target. Example target: 00000000000001ae00000000000000 is greater than 00000000000001adf44c7d69767585 <-- this would be a valid hash. – halfbit – 2013-03-01T18:54:20.690

"And this the hash of one special transaction that you just crafted and which gives 25BTC (the current reward) to yourself: 916d849af76" How is this transaction crafted? – Leonardo Marques – 2013-07-01T17:05:07.803

@Reonarudo: the simplest is to use one of your addresses to produce a single standard output to be spent, but you can forge any kind of custom transaction with custom scripts as well if it pleases you (you are allowed a +25 BTC total balance for this transaction, additionnal inputs were not allowed some time ago, but maybe they are now). – Stéphane Gimenez – 2013-07-01T20:33:13.513

So normally I would just append my wallet address in the end between - and --? – Leonardo Marques – 2013-07-01T20:35:40.780

3@Reonarudo, not exactly, this is a very simplified sketch of what is actally done. Transactions are made with scripts which are often made from adresses, you can find more info on the Bitcoin wiki. – Stéphane Gimenez – 2013-07-01T20:39:13.757

3This basically sounds like a nice (simplified) summary, but at what point does the bitcoin network accept this as the next valid block, and what happens in the (unlikely) event that two different miners managed to submit a valid block almost simultaneously? – Tobias Kienzler – 2013-12-02T09:13:02.080

1Wow, great answer! There're a couple of things I still couldn't get my head around though: Let's say you've been searching for a solution for 6 minutes and there comes a new transaction. 1) what happens now? if I have to start over, then that sounds like everyone has to start over. Then how can blockchain guarantee to find a block in ~10 minutes? 2) How does that transaction come to me anyway? 3) What if I find a solution for this block and then a new transaction comes to me from some other node who accepted it for the block I just closed? – keremispirli – 2014-04-28T17:24:18.810

2>

• Yes everyone starts over, if you build on top of an old block there's little chance your blocks will be part of the longer chain and they will be disregarded by the rest of the network. There is no guaranty that a block is find within 10 minutes, it's just an average statistical outcome. 2) What transaction? Blocks are broadcast by whoever mined them and relayed by other nodes. 3) Nothing forces you to include all pending transactions, but the more transactions you include the more fees you can collect.
• < – Stéphane Gimenez – 2014-04-30T10:47:50.153

start="2">

• The transaction to be added to current block, the one that caused me and all(?) others to restart the calculation. How does it come to me? And also, 3) Why would I accept it for 0.001 btc if I am to find a new block and get 25 btc?
• Thanks Stephane! – keremispirli – 2014-05-01T12:39:53.640

67

The following is a description of the global, statistical gamble which is played every 10 or so minutes. The interval of the game is controlled by the difficulty which says how many "hashes" are needed per interval.

In other words, the difficulty and target define the "odds of the house" against your chance of getting a winning SHA hash. The nonce is the "scratch off" area.

Each hash consumes electricity, and emits heat, which requires additional cooling.

This is what is done with each hash:

Step 1

At a high level, the miner software takes a list of active transactions, and then groups them together in something called a "block".

Or more accurately stated: The miner software coverts all the transactions into a summary view called a "merkle root", and hashes it, which is representative of the transactions.

Step 2

Then mining software converts this to into a binary format called a Block Header, which also references the previous blocks (also called a chain).

Field           Purpose                          Updated when...               Size (Bytes)
Version         Block version number             You upgrade the software and   4
it specifies a new version

hashPrevBlock   256-bit hash of the previous     A new block comes in          32
hashMerkleRoot  256-bit hash based on all        A transaction is accepted     32
the transactions in the block

Time            Current timestamp as seconds     Every few seconds              4
since 1970-01-01T00:00 UTC

Bits            Current target in compact format   The difficulty is adjusted   4

Nonce           32-bit number (starts at 0)       A hash is tried (increments)  4


Step 3:

The miner hardware changes a small portion of this block called a "nonce".

Step 4:

The block header is hashed and compared to the Target as if it were simply a large number like 10,000,000 > 7,000,000 (the real numbers are much bigger, and in hex). The target is compressed and stored in each block in a field called bits.

An expanded target looks like this:

  Target   0000000000000083ef00000000000000000000000000000000000000000000000


And the goal is to make sure the SHA256 hash of the block is less than this value. In the example below "83ee" is smaller than "83ef"

To simplify this concept, you can ballpark the target by counting the leading zeros (as the other answer here explains). Here is an example:

Here is a sample block with transactions you can view on BlockChain.info. Look in the upper right hand corner of the webpage for this hash:

   Hash 0000000000000083ee9371ddff055eed7f02348e4eda36c741a2fc62c85bc5cf


That previous hash was from today and has 14 leading zeroes. Let's compare that to what was needed 3 years ago with block 100 which has 8 leading zeros.

   Hash 00000000a8ed5e960dccdf309f2ee2132badcc9247755c32a4b7081422d51899


Summary

So at the end of the day, all a miner does is:

1. Take a block header as input
2. Change the Nonce
3. Test if the Block Header hash is less than the Target. If it is, you win.
4. Go to step 2 (or go to step 1 if someone else won the block)

Want to see what Bitcoin-QT does when it finds a block?... I posted it here.. The information in this post will help you understand what happened.

Isn't the nonce (32 bits) far too small to be able to find a hash that must start with 14 leading zeroes (14x4 = 56 bits) ? Finding such a hash would require on average 2^56 / 2 attempts and with a 32 bit nonce only 2^32 attempts are possible before all possible nonce values are exhausted. Edit: with the time changing every second, I guess this only applies if hash rate exceeds 4 GH/sec (which I think it does...) – john16384 – 2017-09-06T21:09:14.910

Yup, you're right, ...from the URL on the Block header: Whenever Nonce overflows (which it does frequently), the extraNonce portion of the generation transaction is incremented, which changes the Merkle root. – halfbit – 2017-09-06T22:54:39.623

13

Mining provides a way to reach consensus on what the transaction ledger should look like and know that nobody is cheating.

That's the non-technical definition of mining.

The "authority" for double spending is the blockchain. The blockchain consists of the history of all blocks in the blockchain plus the next block of transactions. The reward subsidy currently is 25 BTC to the party that submits the next block. But hey ...you would like that 25 BTC (worth currently about \$825) as would I as would everyone else. So how do you make it so that I can't cheat and claim the block myself?

Well, you put in a system that you and I have to compete. That's what the proof of work does -- it makes it so that when I claim the reward it is easy to prove that I really did the work involved. So for me to have a 2% chance of solving a block I need to put in 2% of of the mining work. There's no way for me to put in less than 2% of all the work and still solve blocks at least 2% of the time (on average).

Thus as a result, when a transaction block is submitted, all the peers verify that there were no double spends, that the right amount of subsidy was claimed, and that the submitter truly expended the work necessary for that solution. With those three rules, then there doesn't not need to be a central authority managing the process or able to control the outcome.