Proof-of-work has a reputation: it burns electricity to prove electricity was burned. The hashing that secures a classic chain produces a number nobody wanted; its only purpose is to have been expensive. That’s the caricature, and for hash-based mining it’s basically fair.
It leads people to assume the waste is load-bearing: that a chain is only secure because the work is useless. It isn’t. Once you see what a proof-of-work actually has to do, “useless” turns out to be a property of one implementation, not a requirement of the security argument.
What every proof-of-work is actually for
Strip a PoW chain to its mechanism and there’s one job: make a block expensive to produce, and make that expense cheap for everyone else to check. Those two together are what stop history from being rewritten: rewriting the chain means redoing all the expense, and anyone can verify it wasn’t. That’s the whole security argument, and it doesn’t say a word about what the expensive thing has to be.
Classic PoW satisfies it one way:
- Work: hash nonces against a target until one clears it.
- Output: a number no one needed.
- Proves: energy was spent.
The output being useless isn’t the source of the security. It’s a side effect of having picked hashing as the expensive thing.
Useful PoW: point the expense at something real
TensorCash keeps the exact same security shape and swaps what the expense is spent on. The miner runs a real forward pass (the same model inference that answers a prompt), and the proof that the pass actually happened is what extends the chain.
- Work: a real forward pass, on a real prompt.
- Output: an answer someone asked for.
- Proves: the model actually ran.
| Classic PoW | Useful PoW | |
|---|---|---|
| Work | Hash nonces vs a target | A real forward pass, real prompt |
| Output | A number no one needs | An answer someone asked for |
| Proves | Energy was spent | The model actually ran |
Same joules, pointed at something real. The work is useful before it is ever a block: it served a request. Being consensus-worthy is the by-product.
”But doesn’t useful work weaken the security?”
This is the sharp version of the purist objection, and it deserves a straight answer rather than a dodge. The worry is that if the work does something valuable, the incentives get muddied and the chain leans on an outside subsidy instead of on the work itself.
But look at where the security actually comes from. A block is secure because it was costly to produce and is cheap to verify, and because producing a fake that survives verification costs even more than doing the work honestly. None of those three depend on the output being worthless. A forward pass is expensive to compute; a valid proof is cheap to check; and, crucially, you can’t shortcut it.
Costly to fake, cheap to verify
The reason usefulness doesn’t open a cheat path is an asymmetry that a companion piece treats in full, but the shape is simple:
Verifying a proof is cheap. Producing a fake one that passes the check is expensive, more expensive than just doing the work honestly.
Verification here is statistical by design: the verifier takes the recorded transcript, checks it against the model that was claimed to have run, and asks whether the numbers agree the way honest inference agrees — tolerating the ordinary variation in honest output, and nothing more. Checking a finished transcript costs a fraction of generating it in the first place, which is where the asymmetry comes from. The gate is built to reject grinding (trying to manufacture a passing proof without doing the inference): to beat it you’d have to spend more compute searching for a proof that fools the check than you’d have spent running the model for real. So the rational move is to just run the model. The usefulness rides along for free; it never buys you a discount on the security.
Money can’t buy back time: proof of time
There’s one property of the expense worth pinning down. Compute parallelizes: whoever is willing to fill a warehouse with GPUs can redo the forward passes for a week of history in an afternoon. If joules were the only cost, enough hardware could compress the time a rewrite takes.
So the chain also keeps a clock. Every block advances a verifiable delay function (VDF) — a computation that is sequential by construction: each step needs the one before it, so more hardware buys almost no speedup. The chain accumulates these VDF ticks block after block, and a competing history has to show the elapsed ticks too, not just the redone work. That’s a proof of time riding alongside the proof of work: unusually large resources can re-spend the energy, but they can’t re-live the time.
A live network notices deep rewrites
The pure longest-chain rule asks a node to adopt any heavier history, however deep it rewrites the past — which is exactly the door a privately-mined fork walks through. TensorCash uses the network’s own liveness as a second signal: a node that has been watching the chain extend block by block knows a deep rewrite didn’t happen in public. Shallow reorgs — the everyday kind, two miners finding a block at once — pass as normal. A branch that suddenly appears and tries to rewrite deep history is treated as the anomaly it is: surfaced and scrutinized rather than silently followed.
Combined with the VDF clock, that makes deep reorganisations doubly unattractive: a secretly-built fork lags the public chain’s elapsed ticks, and the network it’s sprung on was awake the whole time.
What changes, and what doesn’t
- Doesn’t change: the security argument. Costly to produce, cheap to verify, expensive to forge. Identical to any proof-of-work.
- Does change: what the expense produces. Instead of a discarded hash, the same joules answer a real prompt, and the proof that the right model ran is what the chain records.
That’s the entire idea. The same security argument, with the work aimed at something a person actually asked for — plus a clock the money can’t wind back, and a network that notices when someone tries.
Don’t take it on faith: the verifier is open source, and any proof is replayable. Run your own verifier against a proof and confirm which model did the work, or start mining and produce one yourself. The security was never in the waste. It was in the check.
Authored pseudonymously by Imosuke Takakuni.