Consensus Models of Blockchain:

A key aspect of blockchain technology is determining which user publishes the next block. This is solved through implementing one of many possible consensus models. For permissionless blockchain networks there are generally many publishing nodes competing at the same time to publish the next block. They usually do this to win cryptocurrency and/or transaction fees. They are generally mutually distrusting users that may only know each other by their public addresses. Each publishing node is likely motivated by a desire for financial gain, not the well-being of the other publishing nodes or even the network itself. In such a situation, why would a user propagate a block that another user is attempting to publish? Also, who resolves conflicts when multiple nodes publish a block at approximately the same time? To make this work, blockchain technologies use consensus models to enable a group of mutually distrusting users to work together. When a user joins a blockchain network, they agree to the initial state of the system.

This is recorded in the only pre-configured block, the genesis block. Every blockchain network has a published genesis block and every block must be added to the blockchain after it, based on the agreed-upon consensus model. Regardless of the model, however, each block must be valid and thus can be validated independently by each blockchain network user. By combining the initial state and the ability to verify every block since then, users can independently agree on the current state of the blockchain. Note that if there were ever two valid chains presented to a full node, the default mechanism in most blockchain networks is that the ‘longer’ chain is viewed as the correct one and will be adopted; this is because it has had the most amount of work put into it. This happens frequently with some consensus models and will be discussed in detail. The following properties are then in place: • The initial state of the system is agreed upon (e.g., the genesis block). •

Users agree to the consensus model by which blocks are added to the system. • Every block is linked to the previous block by including the previous block header’s hash digest (except for the first ‘genesis’ block, which has no previous block and for which the hash of the previous block header is usually set to all zeros). • Users can verify every block independently. In practice, software handles everything and the users do not need to be aware of these details. A key feature of blockchain technology is that there is no need to have a trusted third party provide the state of the system—every user within the system can verify the system’s integrity. To add a new block to the blockchain, all nodes must come to a common agreement over time; however, some temporary disagreement is permitted. For permissionless blockchain networks, the consensus model must work even in the presence of possibly malicious users since these users might attempt to disrupt or take over the blockchain. Note that for permissioned blockchain networks legal remedies may be used if a user acts maliciously.

NISTIR 8202 BLOCKCHAIN TECHNOLOGY OVERVIEW 19 This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 In some blockchain networks, such as permissioned, there may exist some level of trust between publishing nodes. In this case, there may not be the need for a resource intensive (computation time, investment, etc.) consensus model to determine which participant adds the next block to the chain. Generally, as the level of trust increases, the need for resource usage as a measure of generating trust decreases.

For some permissioned blockchain implementations, the view of consensus extends beyond ensuring the validity and authenticity of the blocks but encompasses the entire system of checks and validations from the proposal of a transaction to its final inclusion on a block. In the following sections, several consensus models as well as the most common conflict resolution approach are discussed

3.7 Proof of Work (PoW) Consensus Model

The Proof of Work (PoW) consensus model is a mechanism used in blockchain networks to determine which participant earns the right to publish the next block. In this model, a publishing node must solve a computationally intensive puzzle. The solution to this puzzle serves as proof that the node has performed the required computational work.

The puzzle is deliberately designed so that solving it is difficult and resource-intensive, while verifying a correct solution is computationally simple. This asymmetry allows other full nodes in the network to efficiently validate a proposed block. Any block that does not satisfy the puzzle requirements is rejected by the network.

3.7.1 Computational Puzzle Mechanism

A common method used in Proof of Work systems requires that the cryptographic hash digest of a block header be less than a specified target value. To achieve this, publishing nodes repeatedly modify a small field in the block header, typically called a nonce, and compute the hash of the entire block header for each attempt.

Because each attempt requires a full hash computation, and because the probability of success is very low for any individual attempt, the process becomes computationally intensive. Nodes may perform millions or even billions of hash calculations before finding a valid solution.

The target value determines the difficulty of the puzzle. If the target value is lowered, the puzzle becomes more difficult because fewer hash outputs will satisfy the requirement. Conversely, raising the target value reduces the difficulty. Many blockchain networks dynamically adjust the target value over time to control the rate at which new blocks are published.

3.7.2 Difficulty Adjustment in Bitcoin

Bitcoin uses the Proof of Work model and adjusts its puzzle difficulty every 2016 blocks. This adjustment aims to maintain an average block publication rate of approximately one block every ten minutes.

The adjustment modifies the difficulty level by increasing or decreasing the required number of leading zeros in the resulting hash value.

Increasing leading zeros makes the puzzle more difficult because valid solutions must produce smaller hash values, reducing the number of acceptable outputs.
Decreasing leading zeros makes the puzzle easier by expanding the range of acceptable solutions.

This dynamic adjustment ensures that the security mechanism remains effective despite increases in total network computing power or the number of publishing nodes. As computing power grows over time, the difficulty level generally increases to maintain the target block time.

3.7.3 Resource Consumption and Geographic Considerations

Because solving Proof of Work puzzles requires significant computational effort, these systems consume substantial energy and hardware resources. As a result, publishing nodes (often referred to as miners) frequently operate in regions where electricity costs are low or where surplus energy is available.

The difficulty adjustment mechanism also helps prevent any single entity from dominating block production. However, the associated resource consumption remains a key consideration in the design and deployment of PoW-based systems.

3.7.4 Independence of Puzzle Attempts

An important property of the Proof of Work model is that each puzzle attempt is independent of previous attempts. The work invested in solving one puzzle does not increase the probability of solving the next puzzle.

Consequently, when a publishing node receives a valid block from another node, it is incentivized to abandon its current work and begin building upon the newly received block. Since other nodes will extend the longest valid chain, continuing work on an outdated block would likely result in wasted computational effort.

3.7.5 Example Using SHA-256

Consider a simplified example using the cryptographic hash function SHA-256. Suppose the puzzle requires finding a nonce such that:

SHA256("blockchain" + Nonce) = Hash Digest starting with "000000"

In this example, the string “blockchain” is appended with a numeric nonce value, and the hash digest is calculated. The goal is to find a nonce that produces a hash beginning with six leading zeros.

For instance:

SHA256("blockchain0") → Not solved
SHA256("blockchain1") → Not solved
…
SHA256("blockchain10730895") → Solved

In this scenario, approximately 10,730,896 attempts were required to find a valid solution. Increasing the requirement to seven leading zeros significantly increases the difficulty. In a comparable example, over 934 million attempts were required to find a valid solution.

Each additional leading zero exponentially increases the difficulty because it further restricts the number of acceptable hash outputs.

Currently, there is no known shortcut to solving these puzzles. Publishing nodes must rely on repeated hashing attempts, expending time, computational effort, and energy to discover a valid nonce.

3.7.6 Incentive and Reward Mechanism

Publishing nodes are typically motivated by a reward system. In many blockchain networks, the node that successfully publishes a valid block receives a reward, often in the form of newly minted cryptocurrency and/or transaction fees.

This reward mechanism incentivizes participants to contribute computational resources to extend and secure the blockchain. The combination of computational difficulty and economic incentives forms the foundation of the Proof of Work security model.

Proof of Stake Consensus Mode:

The proof of stake (PoS) model is based on the idea that the more stake a user has invested into the system, the more likely they will want the system to succeed, and the less likely they will want to subvert it. Stake is often an amount of cryptocurrency that the blockchain network user has invested into the system (through various means, such as by locking it via a special transaction type, or by sending it to a specific address, or holding it within special wallet software). Once staked, the cryptocurrency is generally no longer able to be spent. Proof of stake blockchain networks use the amount of stake a user has as a determining factor for publishing new blocks.

Thus, the likelihood of a blockchain network user publishing a new block is tied to the ratio of their stake to the overall blockchain network amount of staked cryptocurrency. With this consensus model, there is no need to perform resource intensive computations (involving time, electricity, and processing power) as found in proof of work. Since this consensus model utilizes fewer resources, some blockchain networks have decided to forego a block creation reward; these systems are designed so that all the cryptocurrency is already distributed among users rather than new cryptocurrency being generated at a constant pace. In such systems, the reward for block publication is then usually the earning of user provided transaction fees. The methods for how the blockchain network uses the stake can vary.

Here we discuss four NISTIR 8202 BLOCKCHAIN TECHNOLOGY OVERVIEW 22 This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8202 approaches: random selection of staked users, multi-round voting, coin aging systems and delegate systems. Regardless of the exact approach, users with more stake are more likely to publish new blocks. When the choice of block publisher is a random choice (sometimes referred to as chain-based proof of stake), the blockchain network will look at all users with stake and choose amongst them based on their ratio of stake to the overall amount of cryptocurrency staked. So, if a user had 42 % of the entire blockchain network stake they would be chosen 42 % of the time; those with 1 % would be chosen 1 % of the time. When the choice of block publisher is a multi-round voting system (sometime referred to as Byzantine fault tolerance proof of stake [12]) there is added complexity. The blockchain network will select several staked users to create proposed blocks. Then all staked users will cast a vote for a proposed block. Several rounds of voting may occur before a new block is decided upon.

This method allows all staked users to have a voice in the block selection process for every new block. When the choice of block publisher is through a coin age system referred to as a coin age proof of stake, staked cryptocurrency has an age property. After a certain amount of time (such as 30 days) the staked cryptocurrency can count towards the owning user being selected to publish the next block. The staked cryptocurrency then has its age reset, and it cannot be used again until after the requisite time has passed. This method allows for users with more stake to publish more blocks, but to not dominate the system – since they have a cooldown timer attached to every cryptocurrency coin counted towards creating blocks. Older coins and larger groups of coins will increase the probability of being chosen to publish the next block. To prevent stakeholders from hoarding aged cryptocurrencies, there is generally a built-in maximum to the probability of winning.