There are functions (called *cryptographic hash functions*) that looks as though for each input, you just randomly chose an output. Of course you can’t *actually* do this for an infinite number of possible inputs, but there are functions that look as though they were constructed this way (yet under the hood come from a computation).

The useful comes from the fact that given an output, you can’t reverse engineer the input without just guessing inputs until something works (which is **very** slow – for large inputs, too slow to do on a supercomputer!). In particular, if you change an input ever so slightly, you expect the output to look totally different. If this wasn’t the case, you could find incremental changes to the input to make the output closer and closer to what you want until you get there, and that would defeat the point.

With blockchain, you aim for something easier than reverse engineering the input for a given output (but still using the same function). This time you have a given input (encoding the contents of the blockchain), and you want to add stuff to the end so when you feed it into the function, you get output with some number of zeros at the beginning. It still requires guess and check, but it’s much easier. Also the more zeros required, the “harder” the problem because on average you have to guess a lot more things before something works.