
Proof-Of-Work is a Decentralized Clock - gtrubetskoy
https://grisha.org/blog/2018/01/23/explaining-proof-of-work/
======
tromp
> When I see a hash that satisfies the difficulty, I know it must have taken
> time. The method by which the delay is accomplished is “work”, but the hash
> is a proof of time, not work.

I disagree with this characterization.

Mostly because there actually is a more proper concept of Proof-of-Time, that
doesn't depend on Bitcoin's dynamic difficulty adjustment to space puzzle
solutions a certain time apart on average.

It is what Bram Cohen is trying to use in conjunction with Proof-of-Space to
make [1] a greener alternative to Bitcoin.

One candidate problem for proving time is modular square roots. In a group of
order 2^k-1, we can square element x (k-1) times to obtain x^(2^(k-1)), which
is the square root of x^(2^k)=x. Since the k squarings cannot be
parallellized, this takes time proportional to k.

[1] [https://chia.net/](https://chia.net/)

------
RileyJames
>> If the stated problem is to find a conforming hash, all you have to do is
to try it once, and bingo, you’ve affected the global hash rate, and for that
one attempt you were a participant helping others solve the problem. You did
not need to tell others that you did it (unless you actually found a
solution), others didn’t need to know about it, but your attempt did affect
the outcome. For the whole universe, no less.

>> It is noteworthy that since SHA is progress-free, each attempt could be
thought of as a participant joining the effort and immediately leaving. Thus
miners join and leave, trillions of times per second.

Is the value of pooled mining that participants in the pool share the nounce
they’re calculating, to avoid duplicating work within the pool?

~~~
gtrubetskoy
>> Is the value of pooled mining that participants in the pool share the
nounce they’re calculating, to avoid duplicating work within the pool?

This is an excellent question. The pools do not need to divide the nonces
across participants as far as I can tell, it's not necessary.

The nonce isn't big enough (being only 32 bits) for today's difficulty, so
miners change other parts of the block (known as extranonce, which is part of
the coinbase transaction). The chance of two participants in the pool (or the
universe for that matter) selecting the same nonce/extranonce (of which there
are 2^256) is next to nil.

The pool does something different: it isolates a group of participants which
then divide the mining reward among themselves, proportional to the hashrate
they each have contributed. The "value" is that unlike with "solo mining"
everyone gets _something_ , as opposed to there being only one huge winner.

But I don't see how pools are in any way "bad" for the decentralized PoW
clock, how the reward is divided afterwards doesn't really matter to the
blockchain. If anything may be pools make mining more attractive/profitable
and because of them we have the insanely high hash rate?

Thanks for pointing this out.

