0

In Bitcoin Mining, there is a limit on the size of any block added to the chain. What happens if, for instance, a block's nonce is so large that the block's size exceeds the limit?

Secondary questions:

  • How was this block size limit set?
  • Is there any systematic way of setting this limit without knowing how to break SHA256?
kendfss
  • 103
  • 2

1 Answers1

4

What happens if, for instance, a block's nonce is so large that the block's size exceeds the limit?

This post addresses the main question.
Don't think it is complete so I will append the following and let someone wiser mark it all.

  1. A solo miner increments Nonce until it overflows.
  2. Then it increments extraNonce, which is an integer of arbitrary precision, and resets Nonce.
  3. extraNonce is located in the coinbase transaction, so changing it alters the Merkle tree.
  4. extraNonce is reset based on the time.

As @Claris commented, and this post elaborates:

There are many blocks that could be the next one.
For many potential blocks, there is no value of the nonce that will give a hash less than the target.
When that happens, the node must alter something in the block header and try again...

Is there any systematic way of setting this limit without knowing how to break SHA256?

SHA256 has little to do with the validity of a block, having broken SHA256 in any way would not change the consensus rule of the block size. An invalid block with valid proof of work is still invalid, for example if it was larger than the rule specifying limits.

As an aside, no hash function has ever been broken in a way that would impact Bitcoins proof of work. Other than being too small, MD5 is completely suitable for POW despite being embarrassingly broken for any other task.

kendfss
  • 103
  • 2
Claris
  • 15,408
  • 2
  • 26
  • 43
  • How can we know that there is definitely a 64bit int that satisfies the leading zeros constraint for any given block? Do nonces have to be given in a particular base?
  • Why can't we assume that the block is otherwise valid? If you could just calculate the nonce for a POW, wouldn't it undermine the notion of work? What qualities of MD5 make it suitable in spite of the potential for "workless" proofs?

    • For either part, further reading material is very welcome! Cheers, Claris!

    – kendfss Aug 19 '21 at 23:17
  • 1
    4 bytes is 32 bits, it doesn’t really have a representation as a number necessarily, just a choice of some software. There’s absolutely no guarantee that any particular nonce field will satisfy the proof of work, miners may process billions of potential blocks before finding a single valid block. There’s another nonce elsewhere in the block which can be iterated on. – Claris Aug 19 '21 at 23:21
  • 1
    “Too large” is a consensus rule, same as proof of work. A block can not be accepted unless it satisfies all the rules, for side, format, transaction content, signatures, time stamp, and proof of work. MD5 just isn’t broken in a way which would allow for easier calculation of proof of work, to my knowledge no cryptographic hash function has ever been broken to that extent. – Claris Aug 19 '21 at 23:23
  • 1
    Hey @kendfss, I think you'll find these questions and answer interesting regarding your questions: 1) https://bitcoin.stackexchange.com/q/22978/5406, 2) https://bitcoin.stackexchange.com/q/80487/5406, https://bitcoin.stackexchange.com/q/148/5406, https://bitcoin.stackexchange.com/q/61759/5406 – Murch Aug 20 '21 at 00:17
  • Hey Claris and @Murch thanks for the input! And sorry for the ignorant miscalculation. I've updated Claris' post with an elaboration, could you guys check if that's about right? – kendfss Aug 21 '21 at 00:38
  • The (header) nonce is 4 bytes, and the (coinbase) extranonce is variable but cannot exceed 96 bytes; in practice much less is sufficient to find a viable block. – dave_thompson_085 Aug 22 '21 at 03:30
  • Thanks, @dave_thompson_085, do you know how it's reset with respect to time? – kendfss Aug 22 '21 at 07:46