# <span style="color:#3306B0">Modeling the Bitcoin mining process</span>
[This lab was designed with significant assistance from 
<A HREF="https://chat.openai.com" target="_blank">ChatGPT</A> 
on both technical content and pedagogical strategy.]

<P>&nbsp;</P>

<DIV ALIGN="CENTER">
    <A HREF="./bitcoin_graphic.jpg">
    <IMG SRC="./bitcoin_graphic.jpg" width="75%"></IMG></A><BR></BR>
Image courtesy of <A HREF="https://www.istockphoto.com/">Istockphoto.com</A>
</DIV>
<BR>

Many million crypto tokens and currencies are estimated to be 
in existence as of the year 2025. However, Bitcoin remains, by 
far, the most popular and dominant cryptocurrency in the market, 
with a valuation of about 100,000 US dollars per Bitcoin in 2025.  In 
the last two years alone, Bitcoin's market value has multiplied 
5-fold, from 20k to 100k US dollars.  

From an economics standpoint, the value of an asset increases 
in this dramatic way when the demand for it far exceeds its 
supply.  This leads to several interesting questions: 
- Why is the demand for Bitcoin increasing?
- Why is its supply low?
- How does one acquire Bitcoins?

In this lab we focus primarily on the last question, namely 
that of acquiring Bitcoins through *mining*. Of course, it is 
possible to acquire Bitcoins by buying it in the marketplace, 
but we are not interested in that strategy here.


### <span style="color:#336630">What is Bitcoin mining? (Proof of Work)</span> 
Bitcoin was founded based on a rigorous theoretical framework 
introduced to the public in 2008-2009 by an anonymous individual 
or group that has come to be known as Satoshi Nakamoto.  While 
the technical details of the Bitcoin protocol are a bit cumbersome 
to understand, we will summarize the highlights, especially those 
relevant to mining.

According to the protocol, Bitcoins are created through an 
algorithmic process known as "mining."  In Bitcoin terminology 
the formal name of the mining process is **Proof of Work**.  New 
Bitcoins come into existence when an individual or entity 
successfully solves a puzzle-like problem and verifies it 
through the Bitcoin network.  The winner gets the new Bitcoins 
as reward. Before we get into details, here are a couple of 
important items to keep in mind:

<span style="color:#530600">
    <ul>
        <li>The Bitcoin protocol mandates that the grand total, or maximum, number of Bitcoins that can be mined is 21 million. Once that cap is reached, no new Bitcoins can be created. This is in stark contrast to regular, old-fashioned currencies, which governments can print at will. </li>
        <li>As of mid-2025, about 19.8 million Bitcoins had already been mined, leaving only 1.2 million yet to be mined. However, the Bitcoin protocol/software automatically makes the mining process progressively harder, and it is estimated that the last Bitcoin will not be mined until around the year 2140.</li>
    </ul>
</span>

In order to understand the Bitcoin mining process, we will first 
introduce the notion of **blockchain**.  Bitcoin transactions are 
recorded in the form of small batches called **blocks**.  These 
blocks are linked to one another through a validation mechanism 
to form a blockchain.  Thus, a blockchain is just a long chain 
of blocks containing all previous Bitcoin transactions.  The 
goal of Bitcoin mining is to help link each new block to the 
blockchain.

### <span style="color:#336630">How the mining process works</span>

An example of a real-world Bitcoin block header is shown below. 
(See <A HREF="https://www.blockchain.com/explorer"  TARGET="_blank">https://www.blockchain.com/explorer</A> for more 
complete examples of real Bitcoin blocks.)

<DIV ALIGN="CENTER">
    <A HREF="./block_header.png">
    <IMG SRC="./block_header.png"></IMG></A>
</DIV>

Each block in the Bitcoin blockchain contains a unique 
identifier known as the **block hash**.  The hash looks like 
a long string of numbers and letters, and it is generated by 
running the block's data through a special cryptographic 
function.  When a new block is produced, it can be added to 
the blockchain only if its hash satisfies a target requirement 
set by the Bitcoin protocol.  The goal of mining is to make 
this happen.  But, how?

The value of a block's hash is uniquely determined by that 
block's data.  Each block contains an adjustable numerical 
parameter called the **nonce**, whose value miners can alter 
in an effort to produce a suitable hash.  The process of Bitcoin 
mining essentially boils down to finding the value of the 
nonce for each new block such that the block hash meets the 
target requirement.

<DIV ALIGN="CENTER">
    <A HREF="./mining_schematic1.png">
    <IMG SRC="./mining_schematic1.png"  width="75%"></IMG></A>
    <BR>
    <span style="color:#633630"><b>Schematic view of a blockchain with a new block in the process of being mined</b></span>
</DIV>

<BR></BR>
The mining process is a lot harder than it may sound, because there 
is no structured, algorithmic strategy for finding the right nonce, 
which is an integer whose value ranges between 0 and 
$2^{32}-1$.  Miners typically use a trial and error process, 
and just keep recomputing the block's hash with different 
nonce values, till they find one that works.  This is the key 
reason why Bitcoin mining is extremely expensive: the mining 
process requires vast amounts of energy and computational 
resources.  The flowchart below summarizes the key steps 
involved in the mining process.


<DIV ALIGN="CENTER">
    <A HREF="./mining_schematic2.png">
    <IMG SRC="./mining_schematic2.png"></IMG></A>
</DIV>

### <span style="color:#336630">Models to explore Bitcoin mining</span>

One of the most interesting math modeling questions here 
is: Can we develop a model that will provide shortcut strategies 
to significantly speed up the success rate of mining?  For example, 
instead of using trial and error, are there more analytical or 
logical ways to identify the right value of a block's 
nonce?

The answer, unfortunately, is no. Currently there is no known 
way of guessing the value of the nonce, or even narrowing down 
the possible values to a smaller subset.  This is because 
Bitcoin's hash function, which computes the hash from the 
block data, is designed to produce unpredictable and 
irreversible output.  Thus, knowing the value of the target hash 
offers no insights into the input data that will produce 
that hash value.

In this lab we will explore and learn more about the Bitcoin mining 
process by modeling some of its key components.  In particular, 
we will 
1. Model the behavior of the hash function.
2. Simulate a simplified form of the mining process.
3. Estimate the level of mining difficulty using probability.
4. Explore some interesting insights using a bit more math

### <span style="color:#3306B0">1. The behavior of the hash function</span>

A hash function is a special kind of mathematical function 
that takes an input of arbitrary size and type, and transforms 
it into 
a fixed-size output called a hash.  The input can consist of 
any type of data, such as numerical, text, files, and other 
data structures.  The output is a string of fixed length, 
usually in hexadecimal format, whose size is determined by 
the design goal of the particular hash function.  

A key feature 
of hash functions is their output, though deterministic, appears 
to be random -- even a small change in the input will produce 
a completely different output.  In addition, hash functions 
are designed to be a "one-way street," so that it is computationally 
impractical or impossible to work backwards and figure out 
the input from the output.  The Bitcoin protocol uses a hash 
function known as SHA-256, which produces a hash of length 
256 bits.  When a block of Bitcoin transactions is 
given as input to SHA-256, it outputs a 256-bit hash that acts 
as a unique fingerprint for that block.  This hash is usually 
represented in the form of a hexadecimal number of length 64 
(see example block-header shown earlier).

To help us get familiar with the SHA-256 function, let us give 
it some arbitrary sample strings as input and see what we 
get.  For example, let's try each of the following inputs

`Hello World` \
`HelloWorld` \
`Hello world` \
`helloworld` \
`Do you know whether 4+5=6?`

The following code snippet, which was written by ChatGPT, 
utilizes the SHA-256 function to take arbitrary text inputs and 
compute the corresponding 64-character hexadecimal hash.  Explore 
how the results vary when you change the text in the input 
line, even by the smallest tweaks.  What are your 
observations?  In particular:

<span style="color:#530600">
<ul>
    <li>What is similar about the hash for every input?</li>
    <li>How different does each hash look, even for minor changes 
        in input?</li>
    <li>What happens if you input the same text repeatedly?  
        Does the hash change?</li>
    <li>Can you find a text (or number) to input that would 
        produce a hash starting with 0? <br>
        (Hint: It is possible, but not easy, to produce a hash 
        starting with any particular hexadecimal character you 
        want. Thus, it is certainly possible to find inputs that 
        produce a leading 0.)
    </li>
</ul>
</span>

In [50]:
# ------------------------------------------------------
# Part 1: What is a Hash Function?
# ------------------------------------------------------

"""
Hash functions take an input of arbitrary length and produce a 
fixed-length output (digest).
A good hash function is:
- Deterministic: Same input always gives same output
- Quick to compute
- Unpredictable: Output appears random
- Irreversible: Cannot deduce input from output
- Collision-resistant: Hard to find two inputs that hash to same output

Bitcoin uses SHA-256, which outputs a 256-bit string (usually shown 
in hexadecimal).
"""

import hashlib

def sha256_hash(text):
    return hashlib.sha256(text.encode()).hexdigest()

# Try hashing some simple text inputs
print(sha256_hash("Hello world"))
print(sha256_hash("hello world"))

64ec88ca00b268e5ba1a35678a1b5316d212f4f366b2477232534a8aeca37f3c
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
961b6dd3ede3cb8ecbaacbd68de040cd78eb2ed5889130cceb4c49268ea4d506


### <span style="color:#3306B0">2. Simulate a simplified form of Bitcoin mining</span>

Recall, the goal of mining is to link a new block of 
Bitcoin transactions to the blockchain by producing a hash 
that satisfies the target requirement.  In order to do this, 
miners repeatedly vary the value of the nonce, contained in the 
block header, and recompute the hash until they find one that 
works.  

The level of mining difficulty can be adjusted by making the 
target hash requirement easier or harder to meet.  As more 
Bitcoins are mined, the protocol automatically increases 
the difficulty of finding the target hash.  How?

Our previous exploration of the SHA-256 function showed that 
it is difficult to produce a hash that starts with a leading 
0 (or with any other specified character).  Taking that 
understanding one step further, what happens if we insist 
the hash should start with 3 leading 0s?  Or with 12 leading 
0s?  Well, you get the idea!  Thus, it is quite straightforward 
to make the mining problem as difficult as we want, by requiring 
the target hash to start with $n$ number of 0s, where 
$n$ can be chosen as needed.

The code snippet below, written by ChatGPT, simulates a "toy 
version" of Bitcoin mining.  Instead of using a real block of 
Bitcoin transactions, we use a simple string of text as input 
to the SHA-256 function.  Like a real block, our input string 
includes a nonce parameter, whose value can be varied in order 
to satisfy any given target hash requirement.

The code below sets the range of possible values for the 
nonce to be from 0 to only 100,000-1, which is much smaller 
than $2^{32}-1$ possible values in real Bitcoin mining.  However, 
it is sufficient to illustrate the mining process, and how 
the difficulty levels relate to the target requirements.  As an 
exercise, use the code to find the nonce value that produces 
a hash for each of the following number of leading zeros:
`one`, `two`, `three`, `four`, `five`.  (You may need to change 
the maximum range of the nonce to get `five` zeros.)  Summarize 
your findings, 
and discuss how you would proceed if the target hash 
requirement is 19 leading zeros, as it is/was for Bitcoin mining 
in mid-2025.

In [77]:
# ------------------------------------------------------
# Part 2: Simulating Bitcoin Mining
# ------------------------------------------------------

"""
In mining, a valid hash must be below a certain target value 
(i.e., start with a specific number of zeros).
This is achieved by adding a changing number (called a nonce) to 
the block and hashing repeatedly until the hash meets the 
condition.

Let’s simulate this with a toy example: find a nonce that 
produces a hash starting with a (small) number of specified zeros.
"""

import random

# Define function with default 3 leading 0s, and nonce range 100000.
# Defaults apply only if function is invoked w/o user's own values.
def mine_block(prefix_zeros=3, max_attempts=100000):
    prefix = '0' * prefix_zeros
    for nonce in range(max_attempts):
        text = f"block-data|{nonce}"
        hash_result = sha256_hash(text)
        if hash_result.startswith(prefix):
            return nonce, hash_result
    return None, None

nzeros = 1              # user specifies how many leading 0s in hash
nonce_range = 100000    # user specifies maximum range for the nonce

nonce, hash_result = mine_block(nzeros, nonce_range)
print("nonce=",nonce,"hash=",hash_result)

nonce= 19 hash= 0d197f33e27dd85002c86d2d3a4c332d9911b93f015d93d7f4fa2c34d1835fc6


<br/>

### <span style="color:#3306B0">3. Estimate the level of mining difficulty using probability</span>

In the previous exploration we noticed that when miners are 
required to find a hash which starts with many leading zeros, 
it greatly increases the computational difficulty of the 
process.  In fact, it is also possible to see this, and to 
carry out a quantitative analysis, using basic probability 
concepts.

Consider, for example, the problem of finding a 64-character 
hexadecimal hash that starts with one leading zero. If we 
assume a uniformly random distribution, there are 16 equally 
probable choices for the leading character: 
0, 1, 2, $\ldots$, 9, a, $\ldots$, f.  Thus, the probability of 
the leading character being zero is $1/16$.  This means, on 
average, we expect to get a hash with a leading zero once in 
every 16 attempts.

Similarly, we can estimate the probability of finding a
hash starting with two leading zeros.  It is reasonable to assume 
each character in the hash is independent, which makes it 
possible to use the multiplication rule.  Thus, the probability 
of two leading zeros is $(1/16)^2 = 1/256$.  Continuing in 
this way, we see that a hash with $n$ leading zeros arises 
with a probability of $(1/16)^n$.  For $n=5$, this corresponds to 
1 in about 1.05 million.

The probability calculations involved here are easy enough to do 
by hand. But, to help us get a visual feel, ChatGPT wrote the code 
below that computes and plots the expected number of attempts vs 
the number of leading zeros required in a hash.

In [None]:
# ------------------------------------------------------
# Part 3: Estimating Probability
# ------------------------------------------------------

"""
SHA-256 outputs 256-bit numbers, usually represented in hexadecimal (64 hex digits).
Each hex digit corresponds to 4 binary bits.

The probability that a random hash begins with n leading hex zeros is:
    P = (1/16)^n = 16^{-n}

This is because each hex digit has 16 possible values (0 to F), and only one of them is '0'.

Let’s calculate the expected number of trials (on average) to find a hash with 1, 2, 3,... leading hex zeros.
"""

import matplotlib.pyplot as plt

hex_zeros = list(range(1, 11))
expected_attempts_hex = [16**n for n in hex_zeros]

plt.figure(figsize=(10,5))
plt.plot(hex_zeros, expected_attempts_hex, marker='o', color='green')
plt.yscale('log')
plt.title("Expected Attempts to Find Valid Hash vs. Number of Leading Zeros")
plt.xlabel("Leading Zeros (n)")
plt.ylabel("Expected Attempts (16^n)")
plt.grid(True)
plt.show()

<br/>

### <span style="color:#3306B0">4. Some interesting insights using a bit more math</span>

The real story behind Bitcoin mining is a bit more complicated 
than the simplified version we've seen so far.  Why?  Consider, 
for instance, the problem of finding a hash that starts with 10 
leading zeros.  According to our probability model in section 3 
above, this will require $(16)^{10} \approx 10^{12}$ attempts, on 
average.  But, the number of nonce values available for 
trial and error attempts 
is only $2^{32}-1 \approx 4.3\times 10^6$.  Thus, there is almost 
no chance of finding this hash by
varying the nonce value alone.  In practice, once the nonce range 
is exhausted, miners vary certain other details in the block 
header, and repeat the trial and error search process through the 
entire range of nonce values once again.

A natural (and important) question that arises here is: <br/>
> <span style="color:#430600"><b>How do we know there even exists a feasible solution to this problem? In other words, is there a guarantee that a hash with 10 leading zeros can be found via some combination of nonce value and block header data?</b></span>


To address this question, let us take a closer 
look at the hash function.  Let $f:A \rightarrow B$ denote 
the SHA-256 hash function, with 
$A$ and $B$ respectively representing its domain and range 
sets.  Here are some questions to carefully reflect on:

1. What elements do $A$ and $B$ contain?  In other words, what types of entities comprise the membership of these sets?
2. What is the size (or, cardinality) of sets $A$ and $B$? Are they finite?
3. Given those cardinalities, what can you tell about $f$: Can it be one-to-one?  Onto?

For simplicity, let us treat the outputs from $f$ to be 
64-digit hexadecimal numbers.  (This makes sense because the 
set of all 256-bit binary numbers is isomorphic to the set 
of all 64-digit hexadecimal numbers.)  With that in mind, 
it is easier to first look at set $B$:  "Who" are its 
members? Hint: All possible outputs of $f$. The answer can 
be expressed in various equivalent ways

$$
\begin{eqnarray*}
  B & = & \{X: X ~~\mbox{is a 64-digit hexadecimal number} \}  \\[6pt]
   & = & \{\mbox{0, 1, 2,} \ldots, \mbox{f}\}^{64} ~~~~~~~ 
     \mbox{(in Cartesian product form)}
\end{eqnarray*}
$$

Thus, $B$ is a **finite set**, even though its cardinality of 
$16^{64}$ is very large.

What about $A$?  In the case of Bitcoin mining, the inputs 
to $f$ consist of 
data in Bitcoin blocks, which include characters, numbers, 
the nonce, etc.  However, the SHA-256 function is capable of 
taking a much broader set of inputs than just Bitcoin 
blocks.  Mathematically, any finite-length binary string would 
be a valid input to SHA-256.  Thus, the elements of $A$ can be 
represented in the from $\{0, 1\}^n$ where $n$ is a natural 
number.  Set $A$ is a collection of all such elements, namely 

$$
  A = \bigcup_{n=0}^{\infty} \{0, 1\}^n
$$

This implies $A$ is **not** a finite set.  It is countably 
infinite.

To summarize, the hash function $f$ has a countably infinite domain, 
and a finite range.  Therefore, it cannot possibly be 
one-to-one.  What are the implications of this for Bitcoin 
mining:

<span style="color:#030640">
<ul>
    <li>Clearly, set $B$ (the range) contains many, many hexadecimal numbers that start with 10 leading zeros -- or, for that matter, even with 50 leading zeros.  Can you see why?</li>
    <li>We assume every 64-digit hexadecimal number is in the range of $f$, which means $f$ is onto $B$.
    <li>Since $f$ is <b>not</b> one-to-one, it is possible (and likely) that each element of $B$, even if it starts with 10 or more leading zeros, is the image of many elements of $A$.</li>
    <li>Suppose $S\subset B$ is a subset containing all the elements of $B$ that start with 10 or more leading zeros.  Then the inverse image $f^{-1}(S)$ is a non-empty subset of $A$, and it contains all the inputs that will produce a hash with 10 leading zeros.</li>
</ul>
</span>

Thus, our original question can be restated as:<br/>
> <span style="color:#430600"><b>Can we configure any given Bitcoin block (by manipulating its header and nonce value) such that the block is an element of the required $f^{-1}(S)$?</b></span>

If the answer is "yes," then a feasible solution exists, which means 
it is always possible to make the block meet the specified 
hash requirement, regardless of how many leading zeros it contains.