This unit is Part 8 of the Annotated Princeton Bitcoin Video Course.

Introduction (3 minutes)

A mining puzzle in this context can be any system for selecting a node to create a block. Bitcoin uses SHA-256 proof-of-work, but many other systems have been proposed and tried.

Essential Puzzle Requirements (5 minutes)

To replace proof-of-work, any puzzle needs to maintain three useful properties found in Bitcoin:

• It’s easy to verify the result.
• Difficulty adjusts to changes in network resource commitment.
• The chance of winning is proportional to the value of the asset staked.

ASIC Resistant Puzzles (13 minutes)

The reasons for developing alternative puzzles fall into two related categories:

1. To allow individual users to join.
2. To discourage the formation of oligopolies.

The video notes the possibility of a mining optimization being kept a trade secret. This happened with covert asicboost.

Proof-of-useful-work (9 minutes)

Two examples are given:

• Primecoin, which links the discovery of prime numbers to proof-of-work. The idea has recently resurfaced with Bitcoin Prime, a proposed hard fork of Bitcoin;
• Permacoin, which requires nodes to supply evidence of data storage (see also “proof-of-space”).

Nonoutsourceable Puzzles (7 minutes)

The idea of enabling sabotage of mining pools through a vigilante attack hasn’t caught on in any meaningful way.

Proof-of-Stake “Virtual Mining” (8 minutes)

Proof-of-stake systems are prone to attacks that aren’t feasible with proof-of-work systems. One of the most studied is the “nothing-at-stake” attack. Most solutions focus on confiscating the staked money of renegade nodes.

For more discussion of proof-of-stake and how it relates to proof-of-work, see: Three Solutions to the Double Spending Problem

The Ethereum team plans to move to full proof-of-stake. Cardano plans a similar move in 2018.

Next Up: Bitcoin as a Platform