Onpode
Cover art for The thermodynamic reason consensus requires computational work — and why shortcuts break security

The thermodynamic reason consensus requires computational work — and why shortcuts break security

June 24, 2026 · 5 min

Eleanor Crane & Ben Okonkwo

Bitcoin consumes roughly as much electricity as Argentina annually — and that energy expenditure is the security mechanism, not a side effect. Producing a valid block is computationally expensive; verifying it takes seconds. The thermodynamic irreversibility of burned energy is what makes rewriting Bitcoin's history prohibitively costly.

Proof-of-work (PoW) is a consensus mechanism that secures blockchain networks by requiring participants (miners) to expend measurable computational effort to add new blocks.

0:004:44
Make your own on Onpode

Describe any topic. Hear it in minutes.

More Onpode episodes on Crypto

About this episode

There's a version of the Bitcoin energy debate that stays on the surface — lots of electricity, bad for the environment, end of story. This episode goes somewhere more interesting: the thermodynamic reason that energy expenditure isn't incidental to blockchain security, it's constitutive of it. The electricity is the lock. The episode traces proof-of-work back further than most people realize — through Adam Back's Hashcash in 1997, through Markus Jakobsson and Ari Juels coining the term in 1999, all the way to Dwork and Naor in 1993, who were trying to stop inbox flooding, not build a global ledger. The mechanism Satoshi Nakamoto imported into Bitcoin was already decades old. What changed was the problem it was solving. From there, the episode moves into genuinely unsettled territory: what Ethereum's 2022 shift to proof-of-stake actually proves, and what it doesn't. Slashed capital as a substitute for burned energy is a coherent idea — but the threat models that would stress-test it haven't fully arrived. Long-range attacks, where an adversary rewrites history using old private keys, are a structural vulnerability PoW simply doesn't share. The Babylon protocol's decision to checkpoint PoS chains onto Bitcoin is treated here as an implicit acknowledgment of that gap. No strong verdict is handed down. The empirical record is the only thing that will answer the question, and the record is still being written.

Frequently asked

Why does Bitcoin use so much electricity?

Bitcoin's electricity consumption — comparable to Argentina's annual usage — is the security mechanism itself. Miners hash billions of nonces per second until an output meets a difficulty target, producing real heat that is thermodynamically irreversible. That physical cost is what makes rewriting Bitcoin's transaction history prohibitively expensive for any attacker.

Did Satoshi Nakamoto invent proof of work?

Satoshi Nakamoto did not invent proof of work and never used the phrase in the 2008 Bitcoin white paper. The concept traces to Cynthia Dwork and Moni Naor in 1993 for spam prevention, formalized by Adam Back as Hashcash in 1997. Nakamoto adapted the mechanism from email security into a global consensus system.

What is a long-range attack on proof-of-stake blockchains?

A long-range attack lets an adversary who held large stake at a past point rewrite blockchain history from that moment using old private keys — because re-signing old blocks costs nothing in a proof-of-stake system. Proof-of-work is structurally immune: rewriting history requires re-burning the original energy, making retroactive rewriting physically prohibitive.

How does Ethereum proof-of-stake security compare to Bitcoin proof-of-work?

Ethereum's 2022 Merge replaced burned energy with capital-at-risk: validators lock stake that is destroyed ('slashed') for dishonest behavior. Bitcoin's proof-of-work has a fifteen-year unbroken security record; Ethereum proof-of-stake has two years without a major attack. Whether slashing deters a determined adversary under real stress remains empirically untested.

What is the cost of a 51% attack on Bitcoin?

Executing a 51% attack on Bitcoin requires controlling a majority of its hash rate, which demands energy expenditure at a scale that makes the attack economically irrational under normal conditions. The MIT Digital Currency Initiative documents this: the physical energy cost alone — not just hardware — is the primary deterrent, and Bitcoin has never been successfully attacked.

Grounded in 12 sources
[1809.06528] Formal Barriers to Longest-Chain Proof-of-Stake Protocols · ar5iv.labs.arxiv.org
Bitcoin-Enhanced Proof-of-Stake Security: Possibilities and Impossibilities · arxiv.org
STAKESURE: Proof of Stake Mechanisms with Strong Cryptoeconomic Safety. · browse.arxiv.org
Unsealing the secrets of blockchain consensus: A systematic comparison of the formal security of proof-of-work and proof-of-stake | Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing · dl.acm.org
Cryptocurrency goes green: Could 'proof of stake' offer a solution to energy concerns? · nbcnews.com
What Is Proof-of-Work (PoW) in Blockchain? A Beginner-Friendly Guide · changelly.com
Proof of work - Wikipedia · en.wikipedia.org
Frequently Asked Questions | ethereum.org · ethereum.org
Proof-of-stake vs proof-of-work | ethereum.org · ethereum.org
Proof-of-stake (PoS) · ethereum.org
Understanding Proof-of-Work · fidelitydigitalassets.com
Proof-of-Stake Explained: Validators, Slashing & The Ethereum Merge | Ryan OConnell, CFA · ryanoconnellfinance.com
Read transcript

Eleanor Crane: Argentina. The entire country of Argentina. That's how much electricity Bitcoin burns in a year.

Ben Okonkwo: And the network has never been successfully attacked.

Eleanor Crane: That's the thing that stops me. Those two facts sitting next to each other. The electricity isn't a side effect of how Bitcoin works — it is how Bitcoin works. Think of a lock that gets harder to pick the more people have already tried, and every failed attempt costs real power that's just... gone. Permanently. That's what Satoshi Nakamoto built into the system in 2008.

Ben Okonkwo: So the waste is the lock.

Eleanor Crane: The waste is the lock. And the question we're here to sit with — well, is that a principled security cost, or is it just an accident of history that nobody's found a way out of yet?

Ben Okonkwo: And here's what trips most people up — Nakamoto never actually wrote the phrase 'proof of work' anywhere in the 2008 white paper. The term came from a spam-prevention paper. 1999. Markus Jakobsson and Ari Juels. They were solving email, not money.

Eleanor Crane: Wait — Nakamoto never used the term?

Ben Okonkwo: Never. And it goes back further than even that — Moni Naor and Cynthia Dwork, 1993, they're trying to stop inbox flooding. You make it computationally expensive to send junk. Same principle. Just... nobody was thinking about a global ledger.

Eleanor Crane: So Adam Back formalizes Hashcash in 1997 — email senders compute a partial hash collision just to send a message — and Nakamoto basically lifts that mechanism whole and drops it into a completely different problem.

Ben Okonkwo: Right. And the reason it works in both contexts is that one asymmetry — producing a valid block is expensive, verifying it is almost free. Seconds, not months. That's actually the load-bearing piece, not the energy itself.

Eleanor Crane: But that's where most people stop, isn't it. 'It's expensive.' And — well, what does expensive actually mean? Physically. In the world.

Ben Okonkwo: Miners are varying a nonce — one number, billions of times per second — rehashing until the output falls below a network-set difficulty target. The difficulty adjusts automatically. And the cost of finding that number is real molecular dissipation. Heat. Gone. That's not — okay, that's not a metaphor. That's thermodynamics.

Eleanor Crane: Eleanor Crane: And that physical irreversibility — the scenario in Iceland. Tuesday morning. Twenty-four containerized GPU rigs. Enough draw to power a small town. That heat is the security deposit.

Ben Okonkwo: Which is exactly what Ethereum said in 2022 — we can replace that deposit with capital-at-risk instead. Validators lock up stake, act dishonestly, the stake gets slashed. Destroyed. That's the Merge.

Eleanor Crane: Two years and no catastrophe.

Ben Okonkwo: Two years. Right. And I want to be careful here because — okay, no catastrophe is data, but it's not the same data. Bitcoin has a fifteen-year combat record. Ethereum PoS has two. The threat models that would actually stress-test slashing as a deterrent, they haven't fully arrived yet.

Eleanor Crane: But there's a whole class of attacks PoW is immune to just — by physics. Right? You can't rewrite history without re-burning the energy.

Ben Okonkwo: Long-range attacks. This is the one I think gets undersold. In a PoS system, an adversary who held large stake at some point in the past still has those old private keys. They could, in principle, rewrite history from that distant point — because there's no physical cost to re-signing old blocks. The Babylon protocol is actually a direct acknowledgment of this gap. It checkpoints PoS chains onto Bitcoin's PoW chain specifically because — I mean, that's an admission. PoS inherits a structural problem PoW simply doesn't have.

Eleanor Crane: So the cryptoeconomic principle — honest participation costs less than dishonest participation — both systems share that. The mechanisms are genuinely different in ways that matter.

Eleanor Crane: And that's — I mean, that's actually the whole environmental argument in one place, isn't it. The case for PoS is that slashed capital is a real substitute for burned energy. That the economic pressure is equivalent. But that claim has never been tested by someone who actually wants to break it. Not seriously. A 51% attack on Bitcoin would cost — well, the energy expenditure alone makes it almost unthinkable. Slashing on Ethereum PoS? We don't know what a determined adversary looks like against that yet. We genuinely don't.

Ben Okonkwo: The empirical record is the only thing that will answer it. That's the uncomfortable part.

Eleanor Crane: And we won't know until the attack comes.