The first version of the SPoRA algorithm ensures that each guess of a nonce in the Arweave network requires one read of a chunk of data and its proof from disk. In this document, we describe an enhancement to this system that further re-allocates block production work from energy-intensive CPUs, to data reads.
This enhancement is achieved by exchanging the use of traditional nonces with SPoAs – forcing miners to choose data from the network to use during challenge byte selection, rather than pseudo-randomly generated numbers. The hash used to generate the challenge byte (H0) is then also replaced with SHA-256. Finally, the second hash (H1) is replaced with a Verifiable Delay Function.
1. SPoA0 := Pick and read any chunk+proof.
2. H0 := sha256(SPoA0, option, LastBlockHash).
3. ChallengeByte := H0 mod weave_sz.
4. try SPoA1 := read ChallengeByte + proof catch -> Go to 1, increasing option number if you are out of options.
5. H1 := sha256(SPoA0, SPoA1, option).
6. If diff(BlockDiff, Option) > H1 -> Continue. Else -> Return to 1, increasing option number if you are out of options.
7. H2 := sha256(RewardAddr, BlockData, H1).
8. Calculate VDF(H2) for approximate runtime of BlockDistributionTime.
diff(BlockDiff, Option) must calculate a modified difficulty, increasing for each additional value of Option.
In order to avoid miners having any avenue through which to ‘grind’ through CPU work, no miner alterable data (for example, block data segments, reward addresses, etc) is added to the work until the final section (steps 7-8). Without protection, this introduces a concern that miners may be able to ‘steal’ work proofs from one another during distribution. In order to combat this, a long VDF is added as the final stage of mining, dependent upon the miner’s RewardAddress and candidate block data. After the conclusion of this step, a receiver of the v1.1 SPoRA can have confidence that the stated creator of the block should be credited with the reward, as it is clear that they have had access to the proof for longer than the period of block distribution – a property any ‘work theif’ could not prove.