In our last article on consensus mechanisms, we talked about Proof of Work (PoW) and introduced the general idea behind mining. In most articles mining is described as performing a computationally expensive task or solving a “puzzle”. In this article, we want to explain what this puzzle is. If you don’t know what hash functions are you might want to read our article about them first. It will certainly help to understand mining.

As you might have picked up in our article on Consensus Mechanisms, not every blockchain has miners. Only in Proof of Work, there is mining and therefore miners . They work to secure the blockchain against attacks and protect the history recorded against changes.

What Does the Miner Do?

The main job of a miner is to collect all transactions that are broadcast to the network. The miner verifies if the transactions are valid according to the protocol and then places them in a data container - the block. The first transaction in a block is special, the coinbase transaction. In the coinbase transaction, the miner rewards his own address with the block reward, 12.5 BTC or 12.5 ZEN at the moment (actually 7.5 ZEN, as 10% of block rewards go to Secure Node and Super Node operators respectively, 20% to the Horizen Treasury). These coins did not exist before.

Usually, one of the criteria that is used to check the validity of a transaction is if the sender has sufficient funds. The coinbase transaction rules are slightly different. The protocol allows this first transaction to have no input, which means having no sender in this context. This is how the miners get to reward themselves for their work and how new coins are created. Every ZEN or bitcoin in existence started out as a block reward.

After the miner includes the coinbase transaction he places all other transactions he received in the block he is working on. Usually, the miner adds the transactions in the order they arrived in. In times of high network activity and full blocks (a block has a maximum file size, the block limit) miners might choose to include only the transactions with the highest transaction fees attached because they get to keep those as well.

Many miners are working on a block simultaneously. Each miner has a slightly different block, either because he received the transactions in a different order than his competitors, or because he chose to include a different set of transactions based on the attached transaction fees. The miner that solves the puzzle first, gets to extend the blockchain with his block, including the coinbase transaction that rewards him the newly created coins.

Miner Miner

Finding a Nonce

So what is the puzzle that miners are trying to solve? This is where we need to talk about hash functions again.

One of the important properties of cryptographic hash functions is being pseudorandom. You must not be able to predict a change in the output that results from a change of the input. As an example: If you are hashing the input “1” and get the output “00002” and hash the input “2” afterward, the second output better not be “00004” but something like “73968”, a seemingly random (pseudorandom) number.

In order for a block to be valid, its hash needs to be below a certain target. This target is basically just a number and the block hash has to be smaller than or equal to that number. In this context, you will often hear the term difficulty. While the target is an actual value the block hash has to be below of, the difficulty is a relative measure of the current target compared to the highest possible target. When the target is lowered, the difficulty is increased and it is harder to find a valid block hash.

Most of the data in the block is fixed, but there is a special data field in each block header, the nonce, that doesn’t carry any important information. Its sole purpose is to be a variable (a number used once), that the miner can put different values in, to change the output of the hash function - the block hash.

What follows is a trial and error approach of getting the block hash below the target. The block hash can be interpreted as a regular number. The lowest number a 256-bit integer can represent is 0, the highest number is \(1.1579 \cdot 10^{77}\)


Imagine you were to calculate a hash for a random input that needs to start with one leading zero. If there were only digits in the output the chance of getting it right the first time would be 1 in 10. If the difficulty required the output to start with two leading zeros, your chance of getting it right the first time would be 1 in 100. And if the target was a difficulty of 6, chances would be 1 in 1,000,000. With increasing difficulty, solving this challenge evolves into real work, especially as there is no shortcut to trying out a bunch of different inputs. If you would like to play around with a hash function you can do so here.

When a miner first attempts to solve the block, they will put a random value in the nonce data field. For the sake of simplicity, let’s say the nonce value the miner starts with is “0”. The block hash will be a seemingly random value in the possible range of the hash function.

Mining nonce Mining nonce

So the process looks like this:

  • The miner uses the hash function to calculate the hash of the block - the candidate block hash as we named it in the graphic above. In the example, the block hash using 0 as a nonce doesn’t meet the target.
  • The miner now increments the nonce by one and hashes the block again. The resulting hash is still above the target, so the miner increments the nonce once more. This happens over and over again.
  • Finally, one of the miners will find a nonce n that produces the desired result: a block hash below the target.

The hash rate on the Horizen network is at 208.68 Mh/s at the time of writing. This means that all miners combined try 208,680,000 different values for the nonce every second. You can check the current value here.

Miners can’t cheat this process of trial and error because of the properties of cryptographic hash functions. Remember this graphic from our Hash Function article]?

Hash function Hash function

There is no way to calculate a valid nonce from the desired output because the hash function is a one-way function. It’s also infeasible to approximate a valid nonce from prior outputs because the hash function is pseudo-random and you can’t predict changes in the output from changes to the input. Every participant on the network can easily verify if the solution is valid because the hash function is deterministic and will produce the same result for every node that verifies the block. Performing a single hash operation is also very quick.

If you would like to play around with hash functions you can do it here. You can try to find the lowest number, that produces a hash with a leading zero. This is what miners do all day long, but they are looking for hashes starting with many more zeros.

Block Time

Every Proof-of-Work protocol defines a block time, an interval within which a new block should be created. With Horizen this is 2.5 minutes, with Bitcoin 10 minutes. When a miner solves a block he broadcasts it to the network immediately, because he wants to collect his block reward. This is why it doesn’t take exactly 10 minutes to create a new block. 2.5 minutes is the average time that it takes to find a valid nonce and in turn a valid block hash. Some blocks are solved quicker and some take a bit longer. If more miners join the network and the hash rate increases, they will find a valid nonce faster on average. The protocol evaluates the average block time and adjusts the difficulty accordingly every 8064 blocks. If it takes less time on average to solve a block the difficulty will increase, if it takes longer the difficulty will decrease.


When Bitcoin was released in 2009, people were using their PC’s CPU, the central processing unit, to mine bitcoin. It is the most versatile processing unit in a computer but not the most efficient. After a while, people switched to using GPUs (Graphical Processing Unit) for mining. GPUs are more specialized and efficient for certain tasks, at the cost of being less versatile. Nowadays, the mining industry is running on ASICs (Application Specific Integrated Circuits). It is the most efficient hardware to mine cryptocurrencies because it is designed with one goal in mind, calculating hash values with a specific hash function. For hardware versatility and efficiency have trade-offs. If you want something that can perform many tasks, it will not be very efficient. If you want something that is super efficient at one task, it will not be very versatile. You can find a great article on mining hardware here, written by David Vorick, lead developer of Sia.

How Does This Protect the Network?

By now you know that it requires a huge amount of work to solve a single block in a blockchain. You also know that each block references the preceding block by including its block hash, therefore chaining them together. You also know, that changing one little piece of information in a block, will alter its block hash completely.

If an attacker wanted to tamper with any record on the blockchain, they would have to find a valid nonce for the block they edited, as well as all the following blocks. The attacker would have to do all this by themselves, and at a faster rate than the network is performing the mining process. The longest chain rule that we talked about in our last article on consensus mechanisms determines which branch of the blockchain is the valid one in case a fork occurs. As long as the attacker does not control a majority of the hash rate, he won’t be able to change the blockchain.

A great tool to understand the tamper-proof character of the blockchain is this Blockchain Demo. We encourage you to play around with it!


The miners of a Proof-of-Work blockchain secure the network with their computational power. Adding a block to the blockchain requires a large number of random guesses to find a nonce that will produce a valid block hash. The block hash must satisfy the current difficulty requirement on the network. This makes it extremely difficult to tamper with data on the blockchain. An attacker has to redo the work of finding a nonce that results in a valid block hash all by themselves. Not only does the attacker have to do this for the block they wish to manipulate, but also to all the subsequent blocks until the malicious chain is the longest chain and will be recognized as valid by the entire network. Because this type of attack is so incredibly difficult, blockchains are considered to be the most secure data structure that we have at our disposal today.

This was the last article of our chapter on how a blockchain works. Next, we will talk about Wallets, a tool that helps you manage your keys and create transactions. We hope you learned something (or possibly even a lot) in this chapter and are looking forward to hearing some feedback. Did we miss an important concept or should we clarify a section? Let us now at [email protected]!