Math behind blockchains. Part 2 - Proof of work and nonces

You've probably come across terms such as

  • Hash functions
  • Proof of work and nonce
  • Public/private keys, signatures, and cryptography

during your blockchain explorations. In this article, we will explain all of these terms. Here is all math you need to know to understand the inner workings of blockchains.

This is part 2 of 3. For other parts see below.

How proof of work is implemented using hash functions and a nonce

You've probably heard about proof of work. This mechanism requires us to exert work by our computers. And there is no way to cheat or avoid performing this work. It's the backbone of blockchains such as Bitcoin and it's what prevents the double-spend attack.

If miners want to add a block of transactions to the blockchain, they need to perform work on these blocks in order to add them. Under the hood, proof of work requires computers to solve a difficult math puzzle about the blocks. And this is what makes the work unavoidable. You can't guess the answer to the puzzle.

The only way to solve the puzzle is by calculating math operations on your computer. And only after your computer has solved this puzzle, the network allows you to add a block to the blockchain. The answer to the puzzle serves as the proof that you did the work.

What does the puzzle consist of?

The math puzzle

The puzzle consists of finding a number (called nonce) such that when you append this number to the block of transactions, the hash of the entire thing starts with a certain number of zeros.

We will explain a simplified version of this:

Imagine we have a block of transactions:

We can think of this block of transactions as a big piece of text:

We can now use the hash function from Part 1, to map this piece of text to a short hash (the summary). Thus, the hash function allows us to convert a block of transactions into a short hash. (Hash is just short text).

A requirement

Now, let's add a requirement. The hash needs to begin with 5 d's (ddddd).

Not all inputs will satisfy this requirement. Some will map to a hash leading with ddddd, others will not.

Remember the hash function acts like a random function. It's impossible to guess which inputs will map to a particular output. It's irreversible.

What if we want to make any block of transactions satisfy this requirement? It might seem impossible but what if we are allowed to add some text to the end of the block of transactions and take the hash of the combination?


This text that's added to the end is called nonce.

Can we pick the right nonce so that our requirement is satisfied? Yes, we can. If we keep trying different values of nonce, one of them will eventually satisfy this requirement.

Here is the nonce that satisfies the requirement for this particular block:

How did we find this nonce: 1152203? By trying out a lot of random nonces until we satisfy the requirement. Try out the search in real-time below by clicking the "Start nonce search" button.

Proof of work

The work that we did - picking a random nonce and taking the hash until the hash satisfies our requirement.

Nonce - serves as the proof that we did the work. It's the proof because there was no other way to find the nonce other than exert the work. You couldn't guess the nonce. If you found the nonce, that means you performed the necessary work to find it.


Since hash functions are quickly verifiable but impossible to reverse engineer, it's fast to verify whether a nonce satisfies our requirement (hash value starting with ddddd), but it's hard to find the nonce itself.

The only option is the random search. And thus, the time it takes to find the nonce is also random.

You can think of the nonce as a jigsaw puzzle. Hard to find (hard to solve), but once it’s found, very easy to verify. Jigsaw is much easier to verify (check that the solution is correct) than to solve.

Blockchain Course


When you want to add a block of transactions to the blockchain, you need to provide proof of work.

The work=find a nonce such that when the nonce is appended to the block, the hash value starts with a certain number of zeros.

Proof=the nonce is the proof because the only way to find it is by doing the necessary work.

Each block will require a different nonce, because the output of the hash function changes very unpredictably even if the input (the block of transactions + nonce) changes slightly.

Also, you can learn everything about blockchains in my course:

Blockchain Course