What math puzzle do miners actually solve?

---

In this post we will try to break down, in simpler terms, the mechanism of blockchain and bitcoin. Readers are assumed to be familiar with a few basic cryptography and blockchain related terms. Today, I'll specifically focus on transaction validation and mining rewards. Transactions are validated by miners by solving complicated math puzzle and the first miner to solve this puzzle is rewarded with brand new coins aka virgin coins. This creation of new coins is somewhat equivalent to printing paper money by a government, or as economists put it, quantitative easing. A government can print money at will resulting in inflation and currency's devaluation. But creation of money in bitcoin economy is pre-defined in such a way that the total supply approaches to 21 million (20.99999998 million to be exact) by 2140. After that no coins will be created. It's not possible to manipulate supply and hence price. In the below figure, the green line indicates BTC supply over time.

Figure: bitcoin supply

Image credit: https://bashco.github.io/

Divisibility, portability, fungibility, scarcity, resistance to manipulation of supply and distributed authority, among others, make bitcoin a superior form of currency to government issued paper (or digital) money.

Now, how is money created in bitcoin economy? The most common answer I get is that miners are rewarded with coins they add a new block to the bitcoin blockchain by solving a math puzzle. What do we exactly mean by that math puzzle? We'll see by the end of this post. To find the answer in less technical terms, I particularly consulted these resources:

• Mastering Bitcoin: Unlocking Digital Cryptocurrencies by bitcoin guru Andreas M. Antonopoulos
• bitcoin wiki
• StackExchange bitcoin site

I would recommend Antonopoulos' book to anyone aspiring to learn about technical nitty gritty of bitcoin. And the following is a great video lecture series taught by Princeton professor and PhDs. It consists of 12 sessions (combined duration: 15-16 hours).

An individual will ask these two basic questions to justify a currency' value:

1. Can I trust the money is authentic and not counterfeit?
2. Can I be sure that no one else can claim that this money belongs to them and not
   me? (Aka the “double-spend” problem.)

In order to maintain integrity and prevent double spending, bitcoin implements consisting of:

• A decentralized peer-to-peer network (the bitcoin protocol)
• A public transaction ledger (the blockchain)
• A decentralized mathematical and deterministic currency issuance (distributed
  mining)
• A decentralized transaction verification system (transaction script)

We'll briefly discuss point 2 (blockchain) and 3 (mining) to answer our question regarding bitcoin creation.

Bitcoin overview

The below image illustrates the bitcoin peer-to-peer network and connected participants, a transaction issued and relayed by a bitcoin user with his private key and validation of that transaction by miners.

Figure: bitcoin overview

Image credit: Mastering Bitcoin

Below is an extended illustration of connected participants in bitcoin network:

Figure: The extended bitcoin network showing various node types, gateways, and
protocols

Image credit: Mastering Bitcoin

Suppose that Alice transfers 1 BTC to Bob in exchange for a high-end gaming laptop, Pete transfers 0.001 BTC for a pizza and there are many more such transactions. Currently a block consists of around 1000-2500 transaction. Now let's see how miners validate the transactions. In other words, miners check if the issuer is the rightful owner (holder of private key) of coins to associated bitcoin address. A miner verifies all such transactions and includes in a block. If the miner can add this block to existing blocks, known as the blockchain, it is rewarded for the computation it did. Miners basically:

• collect all pending transactions
• verifies them
• bundles into a block
• guess a random number (aka nonce) such that sha256(sha256(data+nonce)) less than difficulty where
  • SHA256 is the cryptographic hash function. The SHA-256 algorithm is intended to take an arbitrary amount of input data and produce 256 bits of output, whilst also maintaining certain properties that make for an effective cryptographic hash.
  • nonce is a random integer. Miners try to "guess" the nonce; only way a miner can find the number is by brute-forcing, i.e. trying millions of random numbers.
  • data is a hash over the contents of the block (transactions) and the previous block's hash
  • difficulty is a measure of how difficult it is to find a hash below a given target

The transaction created by Alice’s (or anyone else's) wallet application is 258 bytes long and contains everything necessary to confirm ownership of the funds and assign new owners. Now, the transaction must be transmitted to the bitcoin network where it will become part of the distributed ledger (the blockchain).

We now elaborate hashing in sketchy terms. As of now, the hash of latest block in the blockchain, Block #472391 is:
0000000000000000014228823553852a90563fe84da5f0a5aa4832e85f68b1b5
Note the bunch of zero's at the beginning. Simply put, miners need to choose a random number (nonce) such that the hash generated by sha256(sha256(data+nonce)) begins with a number (thirteen) of 0's. This difficulty level changes based on how much time, on average, is required to find a block. As the network combined mining capacity increases, difficulty too increases and vice versa. The below figure illustrates block formation:

Image credit: Mastering Bitcoin

We now take a look at hashes of pending transactions:

2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824   -transaction 1
91e9240f415223982edc345532630710e94a7f52cd5f48f5ee1afc555078f0ab   -transaction 2
87298cc2f31fba73181ea2a9e6ef10dce21ed95e98bdac9c4e1504ea16f486e4   -transaction 3

... ...
... ...

Now miner creates a transaction root (aka Merkle root) which essentially is hash of all transaction combined. The process is illustrated below:

Image credit: Wikipedia

Block 472391's Merkle root is:

d29b40ec75fe295493398f4675b60633a9d5a6a20e2914df9a0b353e2a742a2a

Suppose that we'd like to find the next block (Block 472392). So we take hash of Block 472391, transaction root (of all the transactions waiting to be included in Block 472392, timestamp (we'll ignore in illustration). We have (scroll right to see entire line):

0000000000000000014228823553852a90563fe84da5f0a5aa4832e85f68b1b5--e361a57a7406adee653f1dcff660d84f0ca302907747af2a387f67821acfce33

Now concatenate 1 to the above string (shortened it for the sake of readability):

00000000000000000142288--e361a57a7406adee653f1-1

Run it through SA256, and see if it meets difficulty requirement, i.e., begin with a bunch of 0's. Try 2, 3, 4, and so on until you find a number that satisfies the difficulty condition. I'm not how computers (miners) approach this random number guessing. This random number in Block 472391 is 1900492548 and was found by F2Pool.

Guessing the number 1900492548 is solving the complicated math problem

This nonce is not unique,i.e, it is possible to find more than 1 number (nonce) that satisfies difficulty condition. The block is added to the blockchain and miner is awarded with 12.5 BTC.