distributed systems // cryptography

Blockchain, Mining & Crypto
for the working developer

No hype, no price talk. A blockchain is a data structure plus a consensus protocol — you already know most of the pieces. This walks the stack from hash functions up to why mining exists at all.

01 / the data structure

A linked list where the pointers are hashes

Strip away everything else and a blockchain is an append-only singly linked list. The twist: instead of pointing to the previous node by memory address or ID, each block stores the cryptographic hash of the previous block's entire contents.

// A blockchain node, conceptually
interface Block {
  index: number;
  timestamp: number;
  data: Transaction[];   // the payload
  prevHash: string;      // the "pointer" — SHA-256 of previous block
  nonce: number;         // matters for mining (section 03)
  hash: string;          // SHA-256 of everything above
}

This one design choice gives you tamper evidence. Change one byte in block N and its hash changes — which breaks the prevHash stored in block N+1, which changes its hash, and so on. Corruption cascades forward and is trivially detectable.

First, the primitive: SHA-256

Everything rests on the hash function being deterministic, fast, one-way, and avalanche-sensitive — a one-bit input change scrambles the whole output. Try it (this runs real SHA-256 via crypto.subtle):

live sha-256 — change one character

Now chain it — and try to tamper with it

Below is a 4-block chain. Edit the data in Block 1 and watch every downstream block invalidate, because each block's stored prevHash no longer matches its predecessor's recomputed hash.

interactive chain — edit any block's data

dev intuition If you've used Git, you already understand this. Every commit hashes its content plus its parent's hash — Git is a content-addressed DAG, a blockchain is a content-addressed linked list with consensus rules bolted on. Rewriting history in either requires recomputing everything downstream.

02 / the distributed problem

Tamper-evident isn't tamper-proof

The chain above detects tampering, but nothing stops an attacker from just recomputing all the downstream hashes after editing a block. On a single machine, that takes microseconds. A hash-linked list alone is integrity-checking, not security.

The real problem blockchains solve is harder: thousands of mutually distrusting nodes, no central authority, all needing to agree on one canonical history — while some participants actively lie. This is Byzantine fault tolerance. Classic consensus algorithms (Paxos, Raft) assume you know who the participants are. A public blockchain can't: anyone can join, and one attacker can spin up a million fake nodes (a Sybil attack), so "majority vote by node count" is meaningless.

Bitcoin's 2008 insight: make votes cost something outside the system. Instead of one-node-one-vote, it's one-CPU-cycle-one-vote. That's mining.

03 / mining = proof of work

A brute-force lottery that makes history expensive

terminology check Crypto "mining" has nothing to do with data mining (extracting patterns from datasets — ML/analytics territory). The shared word is coincidence. Crypto mining is brute-force hash search; the "mining" metaphor refers to expending work to extract newly issued coins.

To append a block, a miner must find a nonce — a throwaway number included in the block — such that the block's hash falls below a target value (in practice: starts with N zeros). Hash output is effectively random, so the only strategy is brute force:

while (true) {
  block.nonce++;
  if (sha256(block).startsWith("0".repeat(difficulty))) break;
}

Key asymmetry: finding the nonce takes billions of attempts; verifying it takes one hash. Run it yourself — each extra zero of difficulty multiplies expected work by 16 (one hex digit):

live miner — find a valid nonce

BLOCK DATA

difficulty (leading zeros): 4

nonce0

hashes/sec—

elapsed—

press mine to start the search…

Notice that bumping difficulty from 4 to 5 makes it take ~16× longer. Bitcoin auto-tunes difficulty every 2016 blocks so one block lands roughly every 10 minutes regardless of how much hardware joins the network. Current Bitcoin difficulty requires ~19+ leading hex zeros — hence warehouse-scale ASIC farms.

Why this secures the chain

Appending costs real energy. Each block embeds proof that someone burned compute to create it.
Rewriting costs even more. Editing an old block means re-mining it and every block after it, faster than the honest network extends the real chain. Nodes follow the chain with the most cumulative work, so you'd need >50% of global hash power — the 51% attack.
Sybil-proof. A million fake nodes contribute zero hash power. Influence is bounded by physics (electricity + silicon), not identities.
Incentive-aligned. The winning miner earns newly issued coins (the block reward) + transaction fees. It's usually more profitable to extend the chain honestly than attack it.

proof of stake, briefly Ethereum dropped mining in 2022. In proof of stake, validators lock up (stake) coins instead of burning electricity; validators are pseudo-randomly chosen to propose blocks, and provable misbehavior gets their stake destroyed ("slashed"). Same goal — make attacking economically irrational — with ~99.9% less energy, traded against different attack surfaces and more protocol complexity.

04 / where crypto fits

The coin is just rows in the ledger

A cryptocurrency isn't a file or token object anywhere. "Owning 5 BTC" means the shared ledger's transaction history nets out to 5 BTC spendable by your key. Three pieces make that work:

1 — Keys are identity

An "account" is an asymmetric keypair. Your address is derived from the public key; spending means signing a transaction with the private key. There's no password reset because there's no server — the private key is the account. A wallet is just key management software; coins never leave the chain.

2 — Transactions are signed state changes

Two dominant models, worth knowing as a developer:

model	used by	mental model
UTXO	Bitcoin	Like cash. Each transaction consumes unspent outputs and creates new ones. Your balance is a derived value — the sum of UTXOs your key can unlock. Highly parallelizable validation.
Account	Ethereum	Like a database of balances. Transactions mutate account state directly. Simpler to reason about; enables smart contracts (code + state living at an address, executed deterministically by every node).

3 — Mining issues the currency

This closes the loop elegantly: the block reward is how new coins enter circulation and how miners get paid for securing the network. Monetary policy is code — Bitcoin's reward halves every 210,000 blocks, capping supply at 21M. Security budget and money supply are the same mechanism.

05 / engineering judgment

When is this the right tool?

As an architecture, a public blockchain is a spectacularly expensive database: every node stores everything, every node executes everything, and consensus throughput is tiny (Bitcoin ~7 TPS, Ethereum L1 ~15–30 TPS vs. Postgres at tens of thousands). You pay that cost for exactly one property: no trusted operator.

requirement	reach for
One org controls writes	Postgres. Done.
Need audit trail / tamper evidence	Append-only log + signed hash chain (or Git). No consensus needed.
Multiple known orgs, low mutual trust	Maybe a permissioned ledger — though a shared DB + legal contracts usually wins.
Open participation, adversarial, no authority possible	This is the actual blockchain use case: public money, censorship-resistant settlement.

The litmus test: if you can name who should administer the database, you don't need a blockchain. The technology only earns its overhead when "who do we trust to run it?" has no acceptable answer.

tl;dr stack SHA-256 gives tamper evidence → hash-linking makes corruption cascade → proof-of-work makes rewriting economically infeasible → longest-valid-chain rule gives decentralized consensus → the block reward bootstraps a currency that pays for its own security.