Bitcoin is a decentralized network. No single entity is trusted to update the blockchain.1 Instead, a subset of network participants, called miners, collectively take on this responsibility. This isn’t to say that miners run the network. Bitcoin’s history proves that they don’t.2 Instead, you can think of miners as security guards who are paid by the network for their labor.
Miners secure the network so that the same bitcoin can’t be spent multiple times by the same user. They do so by ordering the network’s transactions into blocks, or batches of transactions, which is akin to time-stamping them.
For providing this valuable service, miners are incentivized to bring computing power to the network with new bitcoins. Miners receive 6.25 new bitcoins3 — as of May 11, 2020 — for each block they add to the blockchain plus the associated fees from the transactions within that block.
Bitcoin’s pseudonymous creator Satoshi Nakamoto understood the temptation miners would have to break the rules to enrich themselves. So to discourage malicious behavior, he designed a system where miners have skin in the game.
Adding blocks comes at a cost. In what is known as “proof-of-work,” miners have to make an incredible number of simple computations to have a chance at winning a block (it is a competition, after all). Running so many calculations requires real-world energy consumption, and lots of it. In this way, mining connects the physical and digital worlds. A miner who would try to submit a block with invalid transactions does so at their peril. Other network participants would reject an invalid block, thereby wasting the miner’s own time and money in the process.
When a person sends bitcoin from one address to another, computers running the Bitcoin software (known as nodes) that maintain copies of the ledger (known as the blockchain) jump into action. The nodes check that the data is formatted correctly, is less than the block limit of 4 million weight units, and conforms to a host of other technical parameters.
If the transaction passes this initial test, it’s added to what is known as the mempool. The mempool is simply a repository of valid transactions not yet included on the Bitcoin ledger.
Here’s where miners come in. Nodes don’t add groups of transactions, known as blocks, to the blockchain. Miners do. When a miner discovers a new block, the competition for the next one immediately starts. Miners begin aggregating mempool transactions based on priority. Factors such as how long they’ve been in the mempool and the fees attached to them determine if they’ll get included in the next block.
While aggregating the transactions into a potential block is simple enough, mining is computationally cumbersome because of the proof-of-work required by the protocol. Consequently, for a valid block to get added to the chain, a miner has a task that, at first glance, might seem unnecessary.
At a high level, bitcoin mining is a lottery. Miners that do the most computations get the most tickets, which increases their odds of winning a block, but there's no guarantee. Like the lottery, finding a block is purely probabilistic.
This extra step serves an essential purpose. By imposing a cost for adding new blocks, proof-of-work discourages miners from including invalid entries like double-spends (using the same bitcoin in multiple transactions). If miners included double-spends, faith in the system would be lost.
However, it is possible, albeit unlikely, for a miner or group of miners to include invalid transactions in a block. In order to do this, miners would need to control more than half of the network computational power in what is known as a "51% attack." By controlling over half the network computational power, these malicious actors could insert transactions that would not be recognized by the rest of the network participants, potentially spending the same bitcoin multiple times. A 51% attack on the Bitcoin network is exceedingly improbable given the amount of processing power it would require. Still, it has happened on other blockchains4 that have far fewer miners. With these facts in mind, you can think of a blockchain’s security as a function of the amount and distribution of its processing power.
Contrary to popular belief, mining doesn't require solving a complicated mathematical problem. In reality, miners are just playing a guessing game with incredibly long odds. The first miner to generate a lower number than the current target set by the network wins. The catch is that, unlike a lottery, miners don't get to choose their numbers.
The numbers they play in the Bitcoin lottery come from what is known as a hash function. A hash function is an algorithm that takes a data input of any size and turns it into a numerical value. For example, Bitcoin uses the SHA-256 hash function, which the U.S. National Security Agency created in 2001. For data of any length, SHA-256 returns a value in hexadecimal format (a 64 character long string of numbers and letters that is just another way to write out what you'd think of as a typical number). It's worth noting that the hexadecimal number doesn't store the data used to create it. So knowing the number doesn't mean the SHA-256 algorithm knows what went into making it. You can quickly transform data with SHA-256, but the only way to discover the input is to guess.
The magic of SHA-256 is that the same input will always result in the same output, and each different input yields a unique output. So running "Satoshi" through SHA-256 will always produce the same result. But "Satoshi1" results in an entirely different value.
And how "Satoshi1" differs from "Satoshi" is unpredictable: the only way to determine how the two will vary is to run the SHA-256 computation.
Rules of the Game
The rules of the Bitcoin lottery are deceptively simple. Miners compete to be the first to find a hash that has a numeric value that is lower than the target number. The data they input to create the hash isn't arbitrary, however. If it was, miners could recycle prior hashes with known values. As such, hash inputs must obey a set of rules.
You can think of the inputs used to create a hash as falling into two buckets for simplicity. First, there are constant components. Each input for a hash must include the hash of the previous block and the current target value, among other requirements. The second component type is variable. This part of the entry is known as the nonce.5 The only limitation set upon what the miner uses for a nonce is that it must be a 32-bit positive number.
Essentially, miners keep entering combinations of these constant and variable components. They change the nonce value with each attempt until someone produces a hash with a value that is lower than the current target. Because there's no formula for the SHA-256 algorithm, miners don't know what nonce value will result in a winning ticket when added to the required components. Just like the lottery, the only way to see if you'll win is to play the game. In the case of bitcoin mining, that means creating as many hashes as you can, as quickly as you can.
Theoretically, a miner could hit on their first try. Still, on average, it takes quadrillions of hashes to find a sufficient one. These minuscule odds are intentional. The protocol's design tries to have blocks mined approximately every ten minutes. There are two reasons for this: to allow nodes enough time to acknowledge changes to the blockchain and to keep new bitcoin issuance on its predetermined supply schedule.
Since the discovery rate varies with the network's hashrate, the target value is modified every 2,016 blocks, or roughly every two weeks. This modification is what is known as the difficulty adjustment. For example, the protocol will lower the target value automatically if miners produce blocks quicker than the desired ten-minute pace. Conversely, if the average block creation time were above ten minutes, the target would increase, creating more winning hash values, and making it easier for a miner to “win” the game.
For a sense of how the difficulty adjustment works, consider the example of rolling a pair of dice. If the target is 12, any roll other than two sixes would be a winner. That works out to a probability of success of 97.2%. But if the target drops to 3, only one combination works, and the success rate plummets to less than 3%. The higher the target, the easier mining becomes.
In this way, the network constantly adapts to the number of miners on the system and advancements in processing power. No matter how fast the network grows, miners can't add blocks to the chain much quicker or slower than every ten minutes. And because of that fact, miners can't create all 21 million bitcoins until about 2140.
While it takes quadrillions of guesses to find a winning hash, once found, it only takes one computation to confirm it. The miner who first discovers a good hash sends out the inputs they used to the network. Other miners and nodes can then run a single computation to verify its validity.
After the rest of the network verifies the winning hash, the miner has the right to add the new block to the chain and receive the block reward and associated transaction fees via a coinbase6 transaction.
Because mining is quite literally a numbers game, it's become economically infeasible for individuals or even small companies to go at it independently. But that doesn't mean mining is only for industrial-sized operators. Smaller miners can join pools, essentially mining collectives, to increase their odds of success.
Pools distribute the mining rewards they earn to their members based on the proportion of hashrate each contributes. So, for example, a miner that makes up 10% of the pool's computing power would get a 10% share of the pool's bitcoin rewards whether their machine was the one to find the block or not.