Understanding Wattcoin's multi-layered computational attestation — from proof hashes and timing ratios to hardware identity verification and trust penalties.
Proof-of-Energy mining requires an honest answer to a hard question: is this miner actually burning the energy they claim? Traditional Proof-of-Work avoids the question entirely — energy expenditure is implicit in the hash rate, and the protocol never asks how the work was done. Wattcoin faces a different problem: contributions are proportional to declared hardware TDP, so the network must independently verify that each miner is running the hardware they say they are, that it is actually computing, and that it is computing at the expected speed.
The peer probe system is the mechanism that answers these questions. Every miner on the network periodically receives a computational challenge — a probe — from multiple peer coordinators. The probe must be solved locally and the result submitted within a strict time window. The outcome determines the miner's trust score, which scales their mining contribution from 20 % to 100 % of their hardware's rated power.
This post is a technical walkthrough of how the probe system works, what attacks it prevents, and where its limits are.
A probe is a deterministic computational workload matched to the miner's declared hardware capability. There are currently four types:
Before any probe is issued, every miner must pass a hardware verification step during benchmark. The renderer sends its hardware strings (CPU model, GPU model, device type, declared TDP) to the main process, which independently verifies them:
os.cpus()[0].model — the operating system kernel,
not the renderer, decides what CPU is installed. Any mismatch triggers a −20 trust penalty and caps declared
power to the real CPU's TDP via Brave lookup.
resolveOsHardwareIdentity() function and, on Windows, the native
gpu-miner.exe binary that reports the DXGI adapter name. TDP is looked up from a local hardware
table.
After identity verification, a calibration factor (range 0.2× to 1.2×) is computed by
comparing the miner's actual benchmark speed against a reference table for the declared hardware. The final
contribution ceiling is declaredUnitPowerW × calibrationFactor, and the trust factor (0.2 to 1.0)
is applied at contribution time.
Probes are chained together cryptographically. Each probe's seed is derived from the proof hash of the
previous probe in the chain. This means a miner cannot pre-compute probes or skip ahead — the seed for the
next probe is unknown until the current probe's result is produced. If the chain is broken (e.g., the probe
times out and the worker resets to null), the next seed is a fresh random value with no link to
prior work.
For CPU and memory probes, the coordinator computes an expected wall-clock time based on the worker's declared hardware spec and its own benchmark history:
expectedMs = iterations / effectiveCpuOpsPerSec × 1000
ratio = probeWallClockMs / expectedMs
The probe is flagged if the ratio is below 1/3.0 (suspiciously fast — likely outsourcing to
stronger hardware) or above 3.0 (suspiciously slow — likely throttled or different hardware
than declared). The effectiveCpuOpsPerSec uses the maximum of the declared ops/sec and
the worker's own historical mean, preventing a miner from claiming artificially low speed to hide outsourcing.
Every probe result updates the miner's trust score, which scales their contribution linearly:
trustFactor = 0.2 + (trustScore / 100) × 0.8
maxDeltaWh = (calibratedUnitPowerW × trustFactor × 0.5) / 3600
At trust score 0, the miner contributes at only 20 % of their calibrated power. At trust score 100, they contribute at 100 %. The score moves as follows:
A single malicious coordinator could issue easy probes or accept fake results. To prevent this, every miner connects to multiple coordinators simultaneously, and each independently issues probes. At settlement time, the protocol checks that at least 3 verifier attestations exist for the claimed chain index — requiring a majority of coordinators to collude before the protection is bypassed.
Connections are maintained via persistent WebSocket channels. If a coordinator goes offline, only that slot is replaced leaves the other two connections intact. This design makes the probe stream resilient — a miner receives probes from multiple coordinators at random intervals averaging one every ~10 seconds.
Even if a miner passes individual probes, an anomalously high power-to-CPU ratio compared to the rest of the network is flagged. Each miner's stats are recorded in a network-wide histogram. If a miner's ratio deviates more than 3 standard deviations from the mean of all other miners, a flag is raised at benchmark time. This catches cases where a miner declares a reasonable CPU model but inflates the TDP beyond what the benchmark-implied power would suggest.
The coordinator independently re-computes CPU and memory proofs and pre-computes GPU pixel hashes. A faked result is detected immediately.
OS-level CPU model (kernel), DXGI GPU model (native binary), device type cross-check, and Brave TDP lookup together make it infeasible to claim a different chip than what is physically installed. A VM cannot mine at all.
The chained seed derivation means the next probe's challenge is not known until the current probe is solved. No probe can be computed ahead of time.
With 3 independent coordinators probing each miner and a minimum of 3 verifier attestations required at settlement, a single malicious coordinator cannot inflate a miner's attestation count.
Multiple worker identities on the same hardware do not increase total mining power — contribution is bound to the physical machine's verified TDP, not the number of identities.
The peer probe system is a multi-layered attestation framework that makes it prohibitively expensive to cheat at Proof-of-Energy mining. Computational proof verification, OS-level hardware identity checks, timing ratio analysis, multi-coordinator cross-attestation, network outlier detection, and sliding-window trust scoring each address a different attack vector. No single layer is perfect, but together they raise the cost of cheating well beyond any possible reward.