17

A virtual currency called bitcoins has been in the news recently. It is said that in order to "mine" bitcoins, you have to solve hard mathematical problems.

Now, there are two kinds of mathematical problems. The difference is best explained by the following beautiful quotation from Langlands :

[T]here is an appealing fable that I learned from the mathematician Harish-Chandra, and that he claimed to have heard from the French mathematician Claude Chevalley. When God created the world, and therefore mathematics, he called upon the Devil for help. He instructed the Devil that there were certain principles, presumably simple, by which the Devil must abide in carrying out his task but that apart from them, he had free rein. Both Chevalley and Harish-Chandra were, I believe, persuaded that their vocation as mathematicians was to reveal those principles that God had declared inviolable, at least those of mathematics for they were the source of its beauty and its truths. They certainly strived to achieve this. If I had the courage to broach in this paper genuine aesthetic questions, I would try to address the implications of their standpoint. It is implicit in their conviction that the Devil, being both mischievous and extremely clever, was able, in spite of the constraining principles, to create a very great deal that was meant only to obscure God’s truths, but that was frequently taken for the truths themselves. Certainly the work of Harish-Chandra, whom I knew well, was informed almost to the end by the effort to seize divine truths.

Question Which kind of mathematical problems do you have to solve in order to mine bitcoins ?

Let me clarify that I'm not interested in mining, only in knowing whether the problems are divine or devilish.

Chandan Singh Dalawat
  • 18,449
  • The problems involved are purely computational. – David Cohen Apr 20 '13 at 03:50
  • 1
    @Chandan, could you give a specific example of a mathematical problem that is divine and one that is devilish? – JRN Apr 20 '13 at 03:55
  • Divine: the Riemann Hypothesis, the Birch and Swinnerton-Dyer Conjecture, the Stark Conjectures, the Fontaine-Mazur conjecture... I'll keep quiet about the devilish ones. – Chandan Singh Dalawat Apr 20 '13 at 04:27
  • 7
    Why isn't your question answered by the Wikipedia page? http://en.wikipedia.org/wiki/Bitcoin#Bitcoin_mining – Ryan Budney Apr 20 '13 at 06:22
  • Mea culpa. It didn't occur to me to look it up there. – Chandan Singh Dalawat Apr 20 '13 at 06:51
  • 7
    In case you are interested in more detail in the subject in general, there is an entire SE site (in beta) on it http://bitcoin.stackexchange.com/ –  Apr 20 '13 at 10:16
  • 1
    Isn't that truly amazing ! – Chandan Singh Dalawat Apr 20 '13 at 10:41
  • 2
    Solving nonlinear systems over F_2 certainly will earn you bitcoins. Probably cryptographers know better tricks. – joro Apr 20 '13 at 14:40
  • 11
    Solving the Riemann Hypothesis will give you 1 million dollars, which you can change immediately for 8496 bitcoins and change, at the current rate :-) – Joël Apr 20 '13 at 15:19
  • The same goes for BSD, Joël, in spite of people having proved it for some 10% of the cases. – Chandan Singh Dalawat Apr 20 '13 at 16:08
  • 4
    All this computer power going to waste, why couldnt they atleast encode it into solving some useful problem at the same time. – TROLLHUNTER Oct 17 '13 at 11:20
  • Perhaps the misunderstanding here is one of depth. People becoming acquainted with the Bitcoin paradigm, and asking 'what mathematical problems are being solved by my computer when I lend it for mining' do not expect a mathematical answer. They simply want to understand who is setting up these 'problems' and for what purpose. As I understand it, please somebody correct me if I'm mistaken, it works like this: whereas real-world banks have physical resources at their disposal (buildings, offices, personnel, etc) to carry out their activities, Bitcoin has none, as it is (cont.) –  Oct 17 '13 at 08:00
  • an open, distributed system. And as its nature is to be purely digital, it must feature a strong cryptographic algorithm for its transactions, otherwise it would be vulnerable to hacking, and defeated. Lending a computer for 'mining' makes it an active part of the Bitcoin infrastructure; it is now processing chunks of the very complex cryptographic functions at the core of the paradigm. The lending of the resources is then rewarded by the network with Bitcoin credit. –  Oct 17 '13 at 08:00
  • 3
    TROLLHUNTER. There are now at least two cryptocurrencies (Primecoin and CureCoin) which do solve somewhat useful problems, and I just asked this question calling for new proof-of-work problems that solve useful mathematics problems. https://mathoverflow.net/questions/269786/what-computational-problems-would-be-good-proof-of-work-problems-for-cryptocurre – Joseph Van Name May 15 '17 at 00:45

3 Answers3

30

Bitcoin mining is based on hash functions. Specifically the SHA-256 hash function, which maps arbitrary bit strings to 256-bit outputs in such a way that nobody knows how to find a collision (two inputs with the same output), although the pigeonhole principle implies collisions exist. Bitcoin mining doesn't involve finding collisions, which would be way too hard. Instead, one has to find inputs that lead to outputs with special properties, namely a lot of consecutive zeros. This is a scaled-down version of inverting the hash function. Of course there's no proof that any of this is actually computationally difficult, and some earlier hash functions have turned out to be weaker than expected (for example, MD5 and SHA-1), but it certainly seems to be.

SHA-256 is not a nice or simple function - it was designed to be hard to analyze - so I'd say this is a devilish problem.

Henry Cohn
  • 16,553
  • 7
    Is it known whether there is an algorithm using a quantum computer (i.e., qubits instead of bits) for simplifying the Bitcoin mining? – Dick Palais Apr 20 '13 at 05:19
  • 3
    @Dick: I am absolutely not and expert in bitcoins or computing, but I recently asked myself this very question. According to what I have read on various forums devoted to bitcoins, it seems that
    bitcoin mining with the SHA-256 hash function is expected to be safe against quantum computer (that is, not to be simpler than with just a normal computer). Of course, proving this is out-of-reach. And moreover, the cryptographic methods used in bitcoins transaction (as well as in many other transactions, admittedly) is provably not safe against quantum-computing.     – Joël Apr 20 '13 at 15:26
  • 2
    Quantum computers are not supposed to completely break hash functions, but Grover's algorithm doubles the number of bits that you can exhaustively search through. So you could still hold a hashing competition with quantum computers, even though classical computers would no longer be viable. But, as Joël says, there is more to bitcoin than hashing and quantum computers break the rest. en.wikipedia.org/wiki/Grover%27s_algorithm – Ben Wieland May 13 '13 at 17:15
5

Another way to earn bitcoin is not to mine them, but to have them wired to you from other bitcoin accounts. The transactions are signed using ECDSA. So if you solve the discrete logarithm problem in an elliptic curve (for bitcoin this is the curve Secp256k1), then you potentially can earn many bitcoins (illegally of course...)

Personally I find this problem much more beautiful than finding lot of zeroes in the SHA-256 hash function.

Damien Robert
  • 1,186
-2

The problem that have to be solved is called Proof of work which is basically a brute force.

So you need to know what hash functions are to understand the problem, don't worry its easy and anyone can understand it because solving this puzzle doesn't require intelligence but patience.

A hash function is just a function that when you give it an input of X byte size (data, image, text, anything ...) it produces a fixed length of bytes, for example you give it 5gb video it will produce a string that is 256 byte long(the output size can change from function to function).

Hash functions have some properties and one of them is when you give it different input it always produces a completely different output, so if change only one bit in that 5gb video the output of the hash function is going to change radically. same rule applies when concatenating the video with some random bits.

So in bitcoin, miners keeps listening for transactions and from these transaction they create a block but in order for all participating nodes to accept this block they have to change a specified region in the block and see if the resulting output starts with x number of zero's (because in computers everything is ones and zeroes).

If the result is not correct(output string does not start with 30 zeroes) they change that region again and check the output, until they finally find the right combination of bits in that region that when you pass that block to the hash function it will produce a string that starts with 30 zeroes.

To explain more i will give you a real example:

  1. miner listens for incoming transaction

  2. I create a block that contains all these transaction

  3. inside the block there is specified region that is 32 bit long that is independent from the transaction (for the sake of simplicity lets say all bits in this region is set to 0)

  4. miner hash that block and check the output, if it is a string that starts with 30 zeroes it quickly broadcast it to the network and say i win I found the solution to the puzzle it is a block with these transaction that i selected and that contains this region, you can check it yourself

  5. if the result is not a string that starts with 30 zeroes, the miner changes that region increments it for example (00000.....001) and hashes the block one more time and check if the output starts with 30 zeroes , this step is repeated until the miner can finally find a correct combination of ones and zeroes in that block region so that when he hashes that block with the hash function it will produce a string that starts with 30 zeroes (notice this number changes).

and he has to do this fast because there are lots of miners and the first one to find the block is gonna win. so you can see that the term puzzle is quite (juuust a little bit) misleading. if you have any question i'm at your service.

Rodrigo de Azevedo
  • 1
ezio
  • 101