Proof of work is wasteful by design. We covered the design in an earlier entry. The Bitcoin network burns electricity on hash puzzles that produce nothing except the right to extend a ledger, and that waste is what secures the chain. The energy spend is the security model. Cheap puzzles would make cheap attacks. So the puzzles have to stay expensive, and the expense has to stay pure waste.
That is the original argument. It also turned out to be a constraint people did not want to accept.
A new academic field has been forming around a single question. What if the work secured the chain and also produced something a buyer would pay for. Not hashes that nothing depends on. Real work. Model training. Cryptographic proofs. Inference. Optimization. The field has a name. It is called proof of useful work, and after almost a decade of theoretical resistance to it, four networks are now testing the question in production.
A Field That Had To Be Named
The name comes from a 2017 paper. Marshall Ball, Alon Rosen, Manuel Sabin, and Prashant Nalini Vasudevan published "Proofs of Useful Work" on the IACR ePrint Archive in March of that year. The paper proposed proof-of-work mechanisms whose hardness came from real computational problems instead of arbitrary hash puzzles. Orthogonal Vectors. 3SUM. All-Pairs Shortest Paths. Graph properties statable in first-order logic. The miner did real algorithmic work to secure the chain, and the network got the output.
The framing did not begin with Ball et al. Dwork and Naor mentioned the possibility in their 1992 paper that introduced the broader concept of work-as-anti-abuse-mechanism. What Ball et al did was give the idea a formal name and a formal treatment. After 2017 the term proof of useful work, or PoUW, became standard in the academic literature.
The field's working assumption was that PoUW would be hard. In a 2019 blog post on open research problems in cryptoeconomics, Vitalik Buterin wrote that designing a true proof of useful work was "probably not feasible." His reasoning is part of why Ethereum moved to proof of stake instead. If the work being done has external value, then a sufficiently motivated attacker can subsidize the work from outside the chain and bypass the cost the network was supposed to impose. Honest miners pay the work cost. Attackers get paid back for it. The asymmetry that protected proof of work collapses.
Buterin's argument shaped the field for years. Most major chains went the other direction. Ethereum, Solana, Avalanche, Cardano, and almost every Layer 1 launched after 2018 picked some flavor of proof of stake. Proof of useful work stayed an academic field with no production deployments worth surveying. Felix Hoffmann's 2022 survey at the University of Frankfurt catalogued the attempts. Protein folding. Traveling salesman puzzles. DNA sequence alignment. Most of the projects either relied on trusted hardware, or generated synthetic problems that nobody outside the network actually needed solved. The work was technically real. The market for the work was not.
That was the problem. Not whether the cryptography could be designed. Whether anyone would buy the output.
The Market Showed Up
The AI training and inference boom changed the demand side. Suddenly there were buyers willing to pay billions of dollars per quarter for exactly the kind of compute proof-of-work networks already organize. Model training at scale. Inference serving. Zero-knowledge proof generation. The match between what proof-of-work mining hardware does well and what AI infrastructure spends money on stopped being an academic curiosity. It became a category bet.
A 2025 systematization paper at IACR reframed the entire question. The barrier to PoUW was never primarily technical. It was that the external market for the work had to exist at scale, and for most of the candidate problems, it did not. The market for protein folding compute is small. The market for AI compute is enormous. The paper's conclusion, that PoUW becomes viable when external market demand is large enough to absorb the work, dates exactly to the moment that condition started being met.
Four projects are now testing the question in production. They have picked different categories of useful work, different verification architectures, and different bets on which buyers will pay first.
Bittensor launched its mainnet in January 2021, making it the longest-running of the four. Its Yuma Consensus rewards miners based on the quality of their contributions to AI tasks across a marketplace of subnets. The Dynamic TAO upgrade on February 13, 2025 redistributed control away from a centralized root subnet to market-driven allocation across more than one hundred and thirteen active subnets. TAO has a Bitcoin-style fixed supply of twenty-one million, and the first halving on December 12, 2025 cut daily emissions from seven thousand two hundred to three thousand six hundred. The model is a marketplace of subnets where each subnet defines its own evaluation logic.
Nockchain launched its mainnet on May 21, 2025. Founded by Logan Allen at Zorp with a five-million-dollar seed from Delphi Ventures, Nockchain bets on zero-knowledge proofs as the useful output. Miners generate ZK proofs of a fixed computation, then hash the proofs, then compete to extend the chain. The proving capacity becomes a tradable resource. NOCK has a hard cap of two to the thirty-second power, about four point three billion units, and a fair launch with no pre-mine. The chain bridged to Coinbase's Base in December 2025, and repo ownership was transferred from Zorp to the Nockchain Foundation in late 2025 as a decentralization step.
Gensyn launched its mainnet on April 22, 2026, less than five weeks before this writing. Founded by Harry Grieve and Ben Fielding, Gensyn raised a forty-three-million-dollar Series A led by a16z and Protocol Labs in June 2023 and held a token sale in December 2025. The architecture is a custom Ethereum rollup dedicated to machine learning with a Reproducible Execution Environment for verifiable settlement. The first mainnet application is Delphi, a permissionless prediction market platform where outcomes are settled by AI rather than oracles.
Ambient is the only one of the four not yet in production. Founded by Travis Good and Max Lang with a seven-point-two-million-dollar seed from a16z CSX, Delphi Digital, and Amber Group in March 2025, Ambient bets specifically on inference. Its Proof of Logits consensus runs a single six-hundred-billion-parameter language model across all miners, and validates work by checking a random output token rather than recomputing entire responses. Testnet was originally targeted for the second or third quarter of 2025 and has not yet shipped.
The Inference Bet
The four projects are not direct competitors. They have picked different categories. Bittensor runs an open marketplace. Gensyn settles training and ML execution. Nockchain mines ZK proofs. Ambient mines inference. The category bets are mutually exclusive only in the sense that miner attention is finite and the markets for these outputs are not equally large.
Inference is the largest of the four markets. Training is enormous but lumpy. ZK proof generation is a growing market but still small. AI evaluation and prediction markets are speculative as a category. Inference is what runs every time a chatbot answers a question or an enterprise application makes an API call to a model. The spending is continuous, the buyers are global, and the demand curve has been rising since late 2022.
This is the part of the field that is still being tested. None of these four projects has demonstrated that decentralized PoUW networks can hit the price-and-latency targets that centralized cloud inference already meets. Bittensor has been hit by security incidents, including a malicious PyPI package attack in July 2024 that drained roughly eight million dollars and halted the chain for ten days, and a runaway batch call attack in May 2025. Nockchain is one year old and small. Gensyn is five weeks old. Ambient has not launched. The honest position is that the question is open. The era of PoUW being merely theoretical, though, is over.
Buterin's 2019 framing remains technically correct. If the external market value of the work exceeds the cost an attacker would need to absorb, attacks become subsidized. The four production projects each have a different answer to this. Bittensor relies on token-weighted validator consensus on top of subnet quality scoring. Nockchain inherits Bitcoin's thermodynamic argument by hashing the ZK proof, so the work is verifiable even when the proof itself has external value. Gensyn uses reproducible execution to make verification cheap relative to the work. Ambient depends on its single-model architecture and random-token verification. Whether any of these answers holds at scale against a sophisticated attacker is the next phase of the field's evolution.
What the field looked like in 2017 was a name with no production deployments. What it looks like today is three operating mainnets, a fourth project preparing to launch, and a market demand curve that finally justifies the work. Ball, Rosen, Sabin, and Vasudevan named the field. The buyers showed up nine years later.
%20rotate(-.12)'/%3e%3c/g%3e%3cg%3e%3cpolygon%20points='28.25%2019.12%2026.28%2019.12%2024.4%2017.96%2024.4%2010.62%2026.48%209.23%2028.03%209.23%2030.11%2010.62%2030.11%2017.96%2028.25%2019.12'/%3e%3crect%20class='cls-2'%20x='26.29'%20y='10.36'%20width='1.94'%20height='2.8'%20transform='translate(-.02%20.06)%20rotate(-.12)'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)