Cryptocurrency
Paul Krzyzanowski
November 6, 2020
A cryptographic hash serves as a checksum for a message. If a message has been modified, it will yield a different hash. By associating a hash with a message, we have a basis for managing the integrity of that message: being able to detect if the message gets changed.
(加密哈希用作消息的校验和。 如果消息已被修改,它将产生不同的哈希。 通过将哈希与消息相关联,我们就有了管理该消息完整性的基础:能够检测消息是否被更改)
One way of associating a hash with a message is via the use of hash pointers. Pointers are used in data structures to allow one data element to refer to another. In processes, a pointer is a memory location. In distributed systems, a pointer may be an IP address and object identifier. A hash pointer is a tuple that contains a traditional pointer along with the hash of the data element that is being pointed to. It allows us to validate that the information being pointed to has not been modified.
(将哈希与消息关联的一种方法是通过使用哈希指针。 指针用于数据结构中以允许一个数据元素引用另一个数据元素。 在进程中,指针是一个内存位置。 在分布式系统中,指针可以是 IP 地址和对象标识符。 哈希指针是一个元组,它包含一个传统指针以及指向的数据元素的哈希。 它允许我们验证所指向的信息没有被修改)
The same structures that use pointers can be modified to use hash pointers and create tamper-evident structures. For example, a linked list can be constructed with each element containing a hash pointer to the next element instead of a pointer.
(可以修改使用指针的相同结构以使用哈希指针并创建防篡改结构。 例如,可以构造一个链表,其中每个元素都包含指向下一个元素的哈希指针,而不是指针)
Adding a new block is easy. You allocate the block, copy the head hash pointer into it (the next pointer), and update the head hash pointer to point to the new block and contain a hash of that block.
(添加新块很容易。 您分配块,将头哈希指针复制到其中(下一个指针),并更新头哈希)
If an adversary modifies, say, data block 1, we can detect that. The hash pointer in Data-2 will point to Data-1 but the hash of Data-1 will no longer match the hash in the pointer. For a successful attack, the adversary will also need to modify the hash value in the hash pointer in block 2. That will make the hash pointer in block 3 invalid, so that will need to be changed. The adversary will need to change all the hash pointers leading up to the head of the list. If we’re holding on to the head of the list (e.g., in a variable) so that the adversary cannot modify it, then we will always be able to detect tampering. A linked list using hash pointers is called a blockchain.
(如果对手修改了数据块 1,我们可以检测到。 Data-2 中的哈希指针将指向 Data-1,但 Data-1 的哈希将不再匹配指针中的哈希。 对于成功的攻击,攻击者还需要修改块 2 中哈希指针中的哈希值。这将使块 3 中的哈希指针无效,因此需要更改。 攻击者将需要更改指向列表头部的所有哈希指针。 如果我们抓住列表的头部(例如,在变量中)以使对手无法修改它,那么我们将始终能够检测到篡改。 使用哈希指针的链表称为区块链。)
Another useful structure using hash pointers in place of conventional pointers is a binary tree, called a Merkle tree when implemented with hash pointers.
(另一个使用哈希指针代替传统指针的有用结构是二叉树,当使用哈希指针实现时称为默克尔树)
Leaf nodes of a Merkle tree contain conventional hash pointers: pointers to the data blocks and the hashes of those data blocks. Non-leaf child nodes contain left and right pointers along with the hash of the two hashes they point to. As with binary trees, Merkle trees give us the advantage of being able to locate data in O(log n) time instead of linear time. More importanlty, we can validate any data in O(log n) time by traversing from the root down to the last hash pointer at the leaf.
(Merkle 树的叶节点包含传统的哈希指针:指向数据块的指针和这些数据块的哈希值。 非叶子节点包含左右指针以及它们指向的两个哈希指针的哈希值。 与二叉树一样,Merkle 树为我们提供了能够在 O(log n) 时间内而不是线性时间定位数据的优势。 更重要的是,我们可以在 O(log n) 时间内验证任何数据,方法是从根向下遍历到叶处的最后一个哈希指针。)
With Merkle trees, the information in a leaf does not generally contain information to help you traverse the tree to search for data; we are not necessarily building a search tree. The purpose of the tree is to make it efficient to manage and validate the integrity of the underlying data. That is, the hash pointer structure is there just to allow you to validate the underlying data rather than search for stuff. If you want to search, you can add extra information to each node – in general, we are not concerned with secrecy and you can build whatever search structures an application needs. Hash pointers are all about helping assess the integrity of data. Structures such as hash-pointer-based linked lists and Merkle trees were designed with peer-to-peer systems in mind where data can come from various untrusted peers. You just need to get the root hash from a trusted place.
(使用 Merkle 树,叶子中的信息通常不包含帮助您遍历树以搜索数据的信息; 我们不一定要构建搜索树。 树的目的是提高管理和验证底层数据完整性的效率。 也就是说,哈希指针结构只是为了让您验证基础数据而不是搜索内容。 如果你想搜索,你可以为每个节点添加额外的信息——一般来说,我们不关心保密性,你可以构建应用程序需要的任何搜索结构。 哈希指针都是关于帮助评估数据的完整性。 基于哈希指针的链表和 Merkle 树等结构在设计时考虑到了点对点系统,其中数据可能来自各种不受信任的对等点。 您只需要从受信任的地方获取根哈希。)
The top-level pointer (the root in the case of a tree; the head in the case of linked lists) represents the integrity of the entire set of data. If any data block changes, that top level pointer will allow the user to detect that there has been a change. Therefore, it is important that this value be stored securely and obtained via a trustworthy mechanism.
(顶级指针(树的根;链表的头)表示整个数据集的完整性。 如果任何数据块发生变化,该顶级指针将允许用户检测到发生了变化。 因此,重要的是要安全地存储该值并通过可信赖的机制获得该值。)
A Merkle tree allows you to check the integrity of replicated data on a branch-by-branch basis in an efficient manner. Merkle trees are designed for environments where data is replicated among multiple systems and you want each system to be able to validate the integrity of the entire file. This helps in two cases:
1.You can validate downloaded data without having to wait for the entire set of data to be downloaded.
2.You can efficiently compare your data with that on another system.
(Merkle 树允许您以有效的方式逐个分支地检查复制数据的完整性。 Merkle 树专为在多个系统之间复制数据的环境而设计,您希望每个系统都能够验证整个文件的完整性。 这在两种情况下有帮助:
1.您可以验证下载的数据,而无需等待整个数据集被下载。
2.您可以有效地将您的数据与另一个系统上的数据进行比较。)
Suppose you have a file and want to check whether any blocks in your version are corrupted with respect to a version on another server. Both you and another system assembled your own structure of hash pointers.
(假设您有一个文件,并且想要检查您的版本中的任何块是否相对于另一台服务器上的版本已损坏。 你和另一个系统都组装了你自己的哈希指针结构。)
With a linked list of hash pointers, you’d start at the head of the list and compare hashes. If the hashes match, you are confident that your files match. If you have a mismatch, you need to compare the next hash. If it matches what you have then you know that first block has been modified. If it doesn’t then you need to get the hash after that. Ultimately, you may need to traverse the entire list linearly.
(使用哈希指针的链接列表,您将从列表的头部开始并比较哈希。 如果哈希匹配,您确信您的文件匹配。 如果出现不匹配,则需要比较下一个哈希。 如果它与您所拥有的匹配,那么您就知道第一个块已被修改。 如果没有,那么您需要在此之后获取哈希。 最终,您可能需要线性遍历整个列表)
With Merkle trees, it becomes easier to find the block (or blocks) that have changed. If the root hash matches, you know that your entire data set matches. If not, you request the left & right hashes and compare those with your tree. If one doesn’t match then you can compare the hashes under that subtree, iterating down the tree until you find the mismatched data block. You do not need to iterate through the entire list of blocks. This is attractive for replicated data sets where we have tens of millions of data blocks, for example, and sending a hash list is not efficient. It is essentially a tree search to find the block that is inconsistent.
(使用 Merkle 树,更容易找到已更改的块(或块)。 如果根哈希匹配,您就知道您的整个数据集都匹配。 如果没有,您请求左右散列并将它们与您的树进行比较。 如果一个不匹配,那么您可以比较该子树下的哈希值,向下迭代树,直到找到不匹配的数据块。 您不需要遍历整个块列表。 这对于我们拥有数千万数据块的复制数据集很有吸引力,例如,发送哈希列表效率不高。 它本质上是一个树搜索来找到不一致的块。)
Merkle trees are particularly useful for obtaining data from multiple untrusted sources. For example, they are used by Bitcoin and Ethereum servers to migrate copies of the transaction log (the blockchain). They are also used for data replication by a variety of NoSQL databases and by the Git version control system. Given a valid root (top-most) hash pointer, the remaining hash tree can be received from any untrusted source. The receiver can simply validate by checking hashes up to the root. Now that the receiver has the entire tree, any data blocks can be received from untrusted sources as well. Each block can be validated by comparing its hash with the hash at the leaf node of the Merkle tree.
(Merkle 树对于从多个不受信任的来源获取数据特别有用。 例如,比特币和以太坊服务器使用它们来迁移交易日志(区块链)的副本。 它们还被各种 NoSQL 数据库和 Git 版本控制系统用于数据复制。 给定一个有效的根(最顶层)哈希指针,剩余的哈希树可以从任何不受信任的源接收。 接收者可以简单地通过检查直到根的哈希来验证。 现在接收者拥有整个树,任何数据块也可以从不受信任的来源接收。 每个块都可以通过将其哈希与 Merkle 树的叶节点处的哈希进行比较来验证。)
Bitcoin was introduced anonymously in 2009 by a person or group named Satoshi Nakamoto and is considered to be the first blockchain-based cryptocurrency. Bitcoin was designed as an open, distributed, public system: there is no authoritative entity and anyone can participate in operating the servers.
Traditional payment systems rely on banks to serve as a trusted third party. If Alice pays $500 to Charles, the bank, acting as a trusted third party, deducts $500 from Alice’s account and adds $500 to Charles’ account. Beyond auditing, there is no need to maintain a log of all transactions; we simply care about account sums. With a centralized system, all trust resides in this trusted third party. The system fails if the bank disappears, the banker makes a mistake, or if the banker is corrupt.
With Bitcoin, the goal was to create a completely decentralized, distributed system that allows people to manage transactions while preventing opportunities for fraud. People have attempted this previously, using private keys to create digitally signed “coins” but the problem has been to figure out how to use them in a way that doesn’t allow double spending: to keep someone from spending the same coins for two different places. Solutions to this required a third party. Bitcoin solved the problem without the need for a trusted party.
比特币于 2009 年由一个名为 Satoshi Nakamoto 的个人或团体匿名推出,被认为是第一个基于区块链的加密货币。比特币被设计为一个开放的、分布式的、公共的系统:没有权威实体,任何人都可以参与 *** 作服务器。
传统支付系统依赖银行作为受信任的第三方。如果 Alice 向 Charles 支付了 500 美元,该银行作为受信任的第三方从 Alice 的账户中扣除 500 美元,并在 Charles 的账户中增加 500 美元。除了审计之外,不需要维护所有交易的日志;我们只关心账户金额。使用集中式系统,所有信任都存在于这个受信任的第三方中。如果银行消失、银行家犯错或银行家腐败,系统就会失败。
比特币的目标是创建一个完全去中心化的分布式系统,允许人们管理交易,同时防止欺诈机会。人们以前曾尝试过,使用私钥创建数字签名的“硬币”,但问题是要弄清楚如何以不允许双重支出的方式使用它们:防止某人将相同的硬币用于两个不同的地方。对此的解决方案需要第三方。比特币在不需要受信任方的情况下解决了这个问题)
The ledger and the Bitcoin networkBitcoin maintains a complete list of every single transaction since its creation in January 2009. This list of transactions is called the ledger and is stored in a structure called a blockchain. Complete copies of the ledger are replicated at Bitcoin nodes around the world. There is no concept of a master node or master copies of the ledger. All of these systems run the same software. New systems get the names of some well-known nodes when they download the software and DNS query on these nodes returns their IP addresses. After connecting to one or more nodes, a Bitcoin node will ask each for a list of known Bitcoin nodes. This creates a peer discovery process that allows a node to get a complete list of other nodes in the network.
(自 2009 年 1 月创建以来,比特币维护着每笔交易的完整列表。该交易列表称为分类帐,并存储在称为区块链的结构中。 账本的完整副本在世界各地的比特币节点上复制。 没有主节点或账本的主副本的概念。 所有这些系统都运行相同的软件。 新系统在下载软件时会获取一些知名节点的名称,并且这些节点上的 DNS 查询会返回它们的 IP 地址。 连接到一个或多个节点后,比特币节点将向每个节点询问已知比特币节点的列表。 这将创建一个对等点发现过程,该过程允许节点获取网络中其他节点的完整列表。)
We know how to create unforgeable messages: just sign them. If Alice wants to transfer $500 to Charles, she can create a transaction record that describes this transfer and sign it with her private key (e.g., use a digital signature algorithm or create a hash of the transaction and encrypt it with her private key). Bitcoin uses public-private key pairs and digital signatures to sign transactions.
(我们知道如何创建不可伪造的消息:只需签名即可。 如果 Alice 想向 Charles 转账 500 美元,她可以创建一个描述该转账的交易记录,并用她的私钥对其进行签名(例如,使用数字签名算法或创建交易的哈希并用她的私钥对其进行加密)。 比特币使用公私密钥对和数字签名来签署交易。)
Bitcoin transactions — the movement of bitcoins from one account to another — are associated with public keys and not users. Users are anonymous. Your identity is your public key and you can use this identity by proving they have the corresponding private key.
(比特币交易——比特币从一个账户转移到另一个账户——与公钥相关联,而不是用户。 用户是匿名的。 您的身份就是您的公钥,您可以通过证明他们拥有相应的私钥来使用此身份)
There is never any association of your public key with your name or anything else that identifies you. In fact, nothing stops you from creating multiple key pairs and having many identities. The system does not care, or know, what your physical identity is or how many addresses you assigned to yourself. All that matters is that only you have the corresponding private keys to the public keys identified in your transactions so you are the only one who could have created valid signatures for your transactions.
(您的公钥永远不会与您的姓名或其他任何可以识别您的身份相关联。 事实上,没有什么能阻止您创建多个密钥对并拥有多个身份。 系统不关心也不知道你的物理身份是什么,或者你为自己分配了多少地址。 重要的是,只有您拥有与交易中标识的公钥对应的私钥,因此您是唯一可以为您的交易创建有效签名的人。)
If you can create transactions on behalf of a specific public key, it means that you own the corresponding private key. If you lose that private key, then you can no longer create transactions and hence cannot access your Bitcoin funds. There is nobody to call to recover a lost key since you are solely responsible for storing it!
(如果您可以代表特定公钥创建交易,则意味着您拥有相应的私钥。 如果您丢失了该私钥,那么您将无法再创建交易,因此无法访问您的比特币资金。 没有人可以打电话来找回丢失的密钥,因为您全权负责存储它!)
In its initial deployment, your public key was your Bitcoin identity. If someone wanted to transfer money to you, they would create a transaction where your public key is identified as the recipient of the bitcoin. Bitcoin now identifies recipients by their Bitcoin address. Your Bitcoin address is essentially a hash of your public key (and you will have several addresses if you have several keys). The details of creating an address are a bit cumbersome:
(在最初的部署中,你的公钥就是你的比特币身份。 如果有人想向您转账,他们会创建一个交易,其中您的公钥被识别为比特币的接收者。 比特币现在通过他们的比特币地址来识别接收者。 您的比特币地址本质上是您的公钥的哈希值(如果您有多个密钥,您将拥有多个地址)。 创建地址的细节有点繁琐:)
1.Generate an ECDSA (Elliptic Curve Digital Signature Algorithm) public, private key pair. This serves as your identity and signing key.
2.Create a SHA-256 hash of the public key
3.Perform a RIPEMD-160 hash on that
4.Add a version byte in front of the result
5.Perform a SHA-256 hash on the result … and another SHA-256 hash on that result
6.The four bytes of the result are treated as the address checksum. Add these four bytes to the end of the RIPEMD-160 hash from [4]
7.Convert the bytes to a base-58 string using Base58Check encoding to create a 20-byte printable string. Base58Check encoding adds a checksum to be able to validate that the value is not mistyped. This string is your bitcoin address.
(1.生成 ECDSA(椭圆曲线数字签名算法)公钥、私钥对。 这用作您的身份和签名密钥。
2.创建公钥的 SHA-256 哈希
3.对其执行 RIPEMD-160 哈希
4.在结果前添加一个版本字节
5.对结果执行 SHA-256 哈希……然后对结果执行另一个 SHA-256 哈希
6.结果的四个字节被视为地址校验和。 将这四个字节添加到来自 [4] 的 RIPEMD-160 哈希的末尾
7.使用 Base58Check 编码将字节转换为 base-58 字符串以创建 20 字节的可打印字符串。 Base58Check 编码添加了一个校验和,以便能够验证该值没有输入错误。 这个字符串是你的比特币地址。)
When all is said and done, the address is essentially just a hash of your public key. Since a hash is a one-way function, someone can create (or verify) your address if they are presented with your public key. However, they cannot derive your public key if they have your address.
(总而言之,地址本质上只是您的公钥的哈希值。 由于散列是一种单向函数,因此如果有人向他们提供您的公钥,他们就可以创建(或验证)您的地址。 但是,如果他们有您的地址,他们就无法派生您的公钥。)
Bitcoin uses addresses only as destinations; an address can only receive funds. If Bob wants to send bitcoin to Alice, he will identify Alice as the output – the target of the money – by using her address. At some point in the future, Alice can use that money by creating a transaction whose source (input) refers to the transaction where she received the bitcoin. Any bitcoin node can validate this transaction:
(比特币仅将地址用作目的地; 一个地址只能接收资金。 如果 Bob 想向 Alice 发送比特币,他将通过使用 Alice 的地址将 Alice 识别为输出——钱的目标。 在未来的某个时候,Alice 可以通过创建一个交易来使用这笔钱,该交易的来源(输入)是指她收到比特币的交易。 任何比特币节点都可以验证此交易:)
----Alice’s transaction will identify where the money comes from (inputs). Each input contains a reference to a past transaction. The transaction contains Alice’s public key, and her signature.
(Alice 的交易将识别钱的来源(输入)。 每个输入都包含对过去交易的引用。 该交易包含 Alice 的公钥和她的签名。)
----A node can validate the signature by using Alice’s public key, which is in the transaction. This proves that someone who owns the private key (Alice) that corresponds to that public key created the transaction.
(节点可以使用交易中的 Alice 的公钥来验证签名。 这证明拥有与该公钥对应的私钥(Alice)的人创建了交易。)
----That transaction input references an older transaction where Alice’s address is identified as the output of the bitcoin. Given the address, we cannot derive the public key.
(该交易输入引用了一个较旧的交易,其中 Alice 的地址被标识为比特币的输出。 给定地址,我们无法推导出公钥。)
----A bitcoin node can hash Alice’s public key (from the input) to create the address and check that it is the same as in the output of the referenced old transaction. That way, it validates that the older transaction indeed gave money to Alice.
(比特币节点可以散列 Alice 的公钥(来自输入)以创建地址并检查它是否与引用的旧交易的输出相同。 这样,它就验证了旧交易确实给了 Alice 钱。)
A transaction contains inputs and outputs. Inputs identify where the bitcoin comes from and outputs identify where to whom it is being transferred. If Alice wants to send bitcoin to Bob, she creates a message that is a bitcoin transaction and sends it to one or more bitcoin nodes. When a node receives a message, it will forward the transaction to its peers (other nodes it knows about). Typically, within approximately five seconds, every bitcoin node on the network will have a copy of the transaction and can process it.
(交易包含输入和输出。 输入识别比特币来自哪里,输出识别它被转移到哪里。 如果 Alice 想向 Bob 发送比特币,她会创建一条作为比特币交易的消息并将其发送到一个或多个比特币节点。 当一个节点收到一条消息时,它会将事务转发给它的对等节点(它知道的其他节点)。 通常,在大约五秒钟内,网络上的每个比特币节点都会拥有交易的副本并可以处理它。)
The bitcoin network is not a database. It is build around a ledger, the list of all transactions. There are no user accounts that can be queried. In her transaction, Alice needs to provide one or more links to previous transactions that will add up to at least the required amount of bitcoin that she’s sending. These links to earlier transactions are called inputs. Each input is an ID of an earlier transaction. Inputs are outputs of previous transactions.
(比特币网络不是数据库。 它是围绕分类帐构建的,即所有交易的列表。 没有可以查询的用户帐户。 在她的交易中,Alice 需要提供一个或多个指向先前交易的链接,这些链接将至少达到她发送的所需比特币数量。 这些与早期交易的链接称为输入。 每个输入都是较早交易的 ID。 输入是先前交易的输出)
Alice’s account balance is the sum of all transactions that sent her money (she is an output) minus the all the money she spent (the money she used as inputs). It’s the sum of unspent transaction outputs (UTXO).
When a bitcoin node receives a transaction, it performs several checks:
(当一个比特币节点收到一笔交易时,它会执行几项检查:)
1.The signature of each input is validated by checking it against the public key in the transaction. This ensures that it was created by someone who has the private key that corresponds to the public key.
(每个输入的签名通过与交易中的公钥核对来验证。 这确保它是由拥有与公钥对应的私钥的人创建的)
2.It hashes the public key in the transaction to create the address, which will be matched against the output addresses in the inputs.
(它对交易中的公钥进行哈希处理以创建地址,该地址将与输入中的输出地址匹配。)
3.The transactions listed in the inputs are validated to make sure that those transactions have not been used by any other transaction. This ensures there will be no double spending.
(输入中列出的交易经过验证,以确保这些交易未被任何其他交易使用。 这确保不会出现双重支出。)
4.Finally, it makes sure that there is a sufficient quantity of bitcoin output by those input transactions.
(最后,它确保这些输入交易有足够数量的比特币输出。)
Each input identifies transactions where coins come from. These are references to past transactions. Bitcoin allows each input to contain a signature and a public key that corresponds to the private key that was used to create that signature. This is because a user may have multiple identities (keys) and may reference past transactions that were directed to different addresses that belong to the user.
(每个输入标识硬币来自的交易。 这些是对过去交易的引用。 比特币允许每个输入包含一个签名和一个公钥,该公钥对应于用于创建该签名的私钥。 这是因为用户可能有多个身份(密钥),并且可能会引用过去的交易,这些交易被定向到属于该用户的不同地址。)
Destination address & amount – who the money goes to. This is simply the recipient’s bitcoin address.
(目的地地址和金额——钱的去向。 这只是收件人的比特币地址。)
The transaction owner’s address & bitcoin amount. Every input must be completely spent. Any excess is generated as another output to the owner of the transaction.
(交易所有者的地址和比特币金额。 每个输入都必须完全用完。 任何多余的部分都会作为交易所有者的另一个输出而产生)
Transaction fee (anywhere from 10¢ to a $10+ per transaction). There is a limited amount of space (about 1 MB) in a block. A transaction is about 250 bytes. To get your transaction processed quickly, you need to outbid others.
(交易费(每笔交易从 10 美分到 10 美元以上不等)。 一个块中的空间有限(大约 1 MB)。 一个事务大约是 250 字节。 为了快速处理您的交易,您需要出价高于其他人。 )
Transactions are sent to all the participating servers. Each system keeps a complete copy of the entire ledger, which records all transactions from the very first one. Currently the bitcoin ledger is about 250 GB.
Transactions are grouped into a block. A block is just a partial list of transactions. When a server is ready to do so, it can add the block to the ledger, forming a linked list of blocks that comprise the blockchain. In Bitcoin, a block contains ten minutes worth of transactions, all of which are considered to be concurrent.
Every ten minutes, a new block of transactions is added to the blockchain. A block is approximately a megabyte in size and holds, on average, a bit over 2,000 transactions. To make it easy to locate a specific transaction within a block, the blocks are stored in a Merkle tree. This is a binary tree of hash pointers and makes it easy not just to locate a desired transaction but to validate that it has not been tampered by validating the chain of hashes along the path.
(交易被发送到所有参与的服务器。每个系统都保留了整个账本的完整副本,其中记录了从第一个交易开始的所有交易。目前比特币账本约为 250 GB。
事务被分组到一个块中。块只是交易的部分列表。当服务器准备好这样做时,它可以将块添加到分类帐中,形成组成区块链的块的链表。在比特币中,一个区块包含十分钟的交易,所有这些都被认为是并发的。
每十分钟,一个新的交易区块就会添加到区块链中。一个块的大小约为 1 MB,平均可容纳 2,000 多笔交易。为了便于在区块中定位特定交易,区块存储在 Merkle 树中。这是散列指针的二叉树,不仅可以轻松定位所需的交易,还可以通过验证路径上的散列链来验证它没有被篡改。)
Securing the BlockA critically important part of the Bitcoin blockchain is to ensure that blocks in the blockchain have not been modified. We explored the basic concept of a blockchain earlier. Each block contains a hash pointer to the previous block in the chain. A hash pointer not only points to the previous block but also contains a SHA-2561 hash of that block. This creates a tamper-proof structure. If the contents of any block are modified (accidentally or maliciously), the hash pointer that points to that block will no longer be valid (the hashes won’t match).
(比特币区块链的一个至关重要的部分是确保区块链中的区块没有被修改。 我们之前探讨了区块链的基本概念。 每个块都包含一个指向链中前一个块的哈希指针。 散列指针不仅指向前一个块,还包含该块的 SHA-2561 散列。 这创建了一个防篡改结构。 如果任何块的内容被修改(意外或恶意),指向该块的哈希指针将不再有效(哈希将不匹配)。)
To make a change to a block, an attacker will need to modify all the hash pointers from the most recent block back to the block that was changed. One way to prevent such a modification could have been to use signed hash pointers to ensure an attacker cannot change their values. However, that would require someone to be in charge of signing these pointers and there is no central authority in Bitcoin; anyone can participate in building the blockchain. We need a different way to protect blocks from modification.
(要对块进行更改,攻击者需要将所有哈希指针从最近的块修改回被更改的块。 防止此类修改的一种方法可能是使用签名哈希指针来确保攻击者无法更改其值。 但是,这需要有人负责签署这些指针,并且比特币没有中央权威; 任何人都可以参与构建区块链。 我们需要一种不同的方法来保护块不被修改。)
Bitcoin makes the addition of a new block – or modification of a block in a blockchain – extremely difficult by creating a puzzle that needs to be solved before the block can be added to the blockchain. By requiring a node solve a sufficiently difficult puzzle, there will be only a tiny chance that two or more nodes will propose adding a block to the chain at the same time. It will also make it computationally prohibitive to modify old hash pointers.
(比特币通过创建一个需要在将块添加到区块链之前解决的难题,使得添加新块或修改区块链中的块变得非常困难。 通过要求一个节点解决一个足够困难的难题,两个或多个节点同时提议向链中添加一个块的可能性很小。 它还将使修改旧的哈希指针在计算上变得难以接受。)
This puzzle is called the Proof of Work and is an idea that has been adapted from an earlier system called hashcash. Proof of Work requires computing a hash of three components, hash(B, A, W) where:
B = block of transactions (which includes the hash pointer to the previous block)
A = address (i.e., hash of the public key) of the owner of the server doing the computation
W = the Proof of Work number
(这个谜题被称为工作z明,是一个从早期的哈希现金系统改编而来的想法。 工作量证明需要计算三个分量的哈希值 hash(B, A, W) 其中:
B = 交易块(包括指向前一个块的哈希指针)
A = 进行计算的服务器所有者的地址(即公钥的散列)
W = 工作z明编号
)
When servers are ready to commit a block of transactions onto the chain, they each compute this hash, trying various values of W until the hash result has a specific pre-defined property. The property they are searching for is a hash value that is less than some given number. Currently, it’s a value that requires the leading 74 bits of the 256-bit hash to all be 0s). The property changes over time to ensure that the puzzle never gets too easy or too difficult regardless of how many nodes are in the network or how fast processors get.
(当服务器准备好将一个事务块提交到链上时,它们各自计算这个哈希值,尝试不同的 W 值,直到哈希结果具有特定的预定义属性。 他们正在搜索的属性是一个小于某个给定数字的哈希值。 目前,它是一个要求 256 位哈希的前 74 位全为 0 的值)。 该属性随时间而变化,以确保无论网络中有多少节点或处理器的速度有多快,谜题都不会变得太容易或太难。)
Recall that one property of a cryptographic hash function is the inability to deduce any of the input by looking at the output. Hence, we have no idea what values of W will yield a hash with the desired properties. Servers have to try trillions of values with the hope that they will get lucky and find a value that yields the desired hash. This process of searching for W is called mining.
(回想一下,密码散列函数的一个属性是无法通过查看输出来推断任何输入。 因此,我们不知道 W 的哪些值会产生具有所需属性的散列。 服务器必须尝试数万亿个值,希望他们能幸运地找到产生所需哈希值的值。 这个寻找 W 的过程称为挖掘。)
When a server finds a value of W that yields the desired hash, it advertises that value to the entire set of bitcoin servers. Upon receiving this message, it is trivial for a server to validate the proof of work by simply computing hash(B, A, W) with the W sent in the message and checking the resultant value. The servers then add the block, which contains the Proof of Work number and the winner’s address, onto the blockchain.
Bitcoin’s mining difficulty is adjusted every 2,016 blocks, which corresponds to approximately 14 days, to keep the average rate at which blocks are added to the blockchain at 10 minutes. This allows the network to handle changes in the number of miners participating in computing the proof work.
(当服务器发现 W 的值产生所需的哈希值时,它会将这个值通告给整个比特币服务器集。 收到此消息后,服务器通过简单地使用消息中发送的 W 计算 hash(B, A, W) 并检查结果值来验证工作z明是微不足道的。 然后,服务器将包含工作z明编号和获胜者地址的区块添加到区块链上。
比特币的挖矿难度每 2,016 个区块调整一次,相当于大约 14 天,以将区块添加到区块链的平均速率保持在 10 分钟。 这允许网络处理参与计算证明工作的矿工数量的变化。)
Double Spending and modifying past transactionsA major concern with decentralized cryptocurrency systems is double spending. Double spending refers to sending the same funds (or tokens) to multiple parties: Alice sends $500 to Charles and $500 to David but only has $500 in her account. Bitcoin deals with this by having every server maintain the complete ledger, so Alice’s entire list of transactions can be validated before a new one is accepted.
Alice may decide to go back to an older transaction and modify it. For example, she might change change the transaction that sent bitcoin to Charles into one that sends money to David – or simply delete the fact that she paid Charles the full amount.
To do this, she would need to compute a new proof of work value for that block so the block hash will be valid. Since Bitcoin uses hash pointers, each block contains a hash pointer to the previous (earlier) block. Alice would thus need to compute new proof of work values for all newer blocks in the chain so that her modified version of the entire blockchain is valid. She ends up making a competing blockchain.
Recomputing the proof of work numbers is a computationally intensive process. Because of the requirement to generate the Proof of Work for each block, a malicious participant will not be able to catch up with the cumulative work of all the other participants. Because of errors or the rare instances where multiple nodes compute the proof of work concurrently, even honest participants may, on occasion, end up building a competing blockchain. Bitcoin’s policy is that the longest chain in the network is the correct one. The length of the chain is the chain’s score and the highest-scoring chain will be considered the correct one by the servers. A participant is obligated to update its chain with a higher-scoring one if it gets notice of a higher-scoring chain from another system. If it doesn’t update and insists on propagating its chain as the official one, its chain will simply be ignored by others.
(去中心化加密货币系统的一个主要问题是双重支出。双花是指向多方发送相同的资金(或代币):Alice 向 Charles 发送 500 美元,向 David 发送 500 美元,但她的账户中只有 500 美元。比特币通过让每台服务器维护完整的分类帐来解决这个问题,因此可以在接受新的交易之前验证 Alice 的整个交易列表。
Alice 可能决定回到旧交易并对其进行修改。例如,她可能会将向查尔斯发送比特币的交易更改为向大卫发送钱的交易——或者干脆删除她向查尔斯支付了全部金额的事实。
为此,她需要为该区块计算一个新的工作量证明值,以便区块哈希有效。由于比特币使用哈希指针,每个块都包含一个指向前一个(较早)块的哈希指针。因此,Alice 需要为链中所有较新的区块计算新的工作量证明值,以便她修改后的整个区块链版本有效。她最终制作了一个竞争性区块链。
重新计算工作量证明是一个计算密集型过程。由于需要为每个区块生成工作量证明,恶意参与者将无法赶上所有其他参与者的累积工作量。由于错误或多个节点同时计算工作z明的罕见情况,即使是诚实的参与者有时也可能最终构建一个竞争区块链。比特币的政策是网络中最长的链是正确的。链的长度是链的分数,得分最高的链将被服务器认为是正确的。如果参与者从另一个系统收到更高得分的链的通知,则有义务用更高得分的链更新其链。如果它不更新并坚持将其链作为官方传播,它的链将被其他人忽略。)
51% AttackLet us go back to the example of Alice maliciously modifying a past transaction. In addition to the work of modifying the existing blockchain, Alice will also need to process new transactions that are steadily arriving, and making the blockchain get longer as new blocks get added to it. She needs to change the existing blockchain and also compute proof of work values for new blocks faster than everyone else in the network so that she would have the longest valid chain and hence a high score.
If she can do this then her chain becomes the official version of the blockchain and everyone updates their copy. This is called a 51% attack. To even have a chance of succeeding, Alice would need more computing power than the reset of the systems in the Bitcoin network combined. Back in 2017, The Economist estimated that “bitcoin miners now have 13,000 times more combined number-crunching power than the world’s 500 biggest supercomputers,” so it is not feasible for even a nation-state attacker to harness sufficient power to carry out this attack on a popular cryptocurrency network such as Bitcoin. Blockchain works only because of the assumption that the majority of participants are honest … or at least not conspiring together to modify the same transactions.
Even if someone tried to do this attack, they’d likely only be able to modify transactions in very recent history – in the past few blocks of the blockchain. This is why For this reason, transactions further back in the blockchain are considered to be more secure.
(让我们回到 Alice 恶意修改过去交易的例子。除了修改现有区块链的工作外,Alice 还需要处理稳定到达的新交易,并随着新区块的添加使区块链变得更长。她需要更改现有的区块链,并比网络中的其他人更快地计算新区块的工作量证明值,以便她拥有最长的有效链并因此获得高分。
如果她能做到这一点,那么她的链就会成为区块链的正式版本,每个人都会更新他们的副本。这称为 51% 攻击。为了有机会成功,Alice 需要的计算能力比比特币网络中系统重置的总和还要多。早在 2017 年,《经济学人》就估计“比特币矿工的综合数字运算能力是世界上最大的 500 台超级计算机的 13,000 倍”,因此即使是民族国家的攻击者也无法利用足够的能力来进行这种攻击在流行的加密货币网络上,例如比特币。区块链之所以起作用,只是因为假设大多数参与者都是诚实的……或者至少没有合谋修改相同的交易。
即使有人试图进行这种攻击,他们也可能只能修改最近历史中的交易——在区块链的过去几个区块中。这就是为什么由于这个原因,区块链中更远的交易被认为更安全。)
Committing TransactionsBecause of the chain structure, it requires more work to modify older transactions (more blocks = more proof of work computations). Modifying only the most recent block is not hugely challenging. Hence, the further back a transaction is in the blockchain, the less likely it is that anyone can amass the computing power to change it and create a competing blockchain.
A transaction is considered confirmed after some number, N, additional blocks are added to the chain. The value of N is up to the party receiving the transaction - a level of comfort. The higher the number, the deeper the transaction is in the blockchain and the harder it is to alter. Bitcoin recommends N=1 for low-value transactions (payments under $1,000; this enables them to be confirmed quickly), N=3 for deposits and mid-value transactions, and N=6 for large payments (e.g., $10k…$1M). Even larger values of N could be used for extremely large payments.
(由于链结构,修改旧交易需要更多的工作(更多的块 = 更多的工作z明计算)。 只修改最近的区块并没有太大的挑战。 因此,交易在区块链中越靠后,任何人就越不可能积累计算能力来改变它并创建一个竞争区块链。
在将某个数量 N 个附加块添加到链中后,交易被视为已确认。 N 的值取决于接收交易的一方 - 一种舒适度。 数字越高,交易在区块链中的深度越深,就越难改变。 比特币建议 N=1 用于小额交易(支付低于 1,000 美元;这使它们能够快速确认),N=3 用于存款和中等价值交易,N=6 用于大额支付(例如,1 万美元……100 万美元) )。 更大的 N 值可用于非常大的付款。)
RewardsWhy would servers spend a huge amount of computation, which translates to huge investments in computing power and electricity, just to find a value that produces a hash with a certain property? To provide an incentive, the system rewards the first server (the miner) that advertises a successful Proof of Work number by depositing a certain number of Bitcoins into their account. To avoid rewarding false blockchains as well as to encourage continued mining efforts, the miner is rewarded only after 99 additional blocks have been added to the ledger.
The reward for computing a proof of work has been designed to decrease over time. The reward is halved every 210,000 blocks mined, which is approximately every four years:
50 bitcoins for the first 4 years since 2008
25 bitcoins from 2012–2015
12.5 bitcoins from block #420,000 July 9, 2016 – 2019
6.25 bitcoins at block #630,000 – May 11, 2020
Eventually, the reward will reach zero and there will be a maximum of around 21 million bitcoins in circulation. However, recall that each transaction has a fee associated with it. Whoever solves the puzzle first and gets a confirmed block into the blockchain will also reap the sum of all the transaction fees in that block.
(为什么服务器会花费大量的计算,这意味着对计算能力和电力的巨额投资,只是为了找到一个产生具有特定属性的哈希的值?为了提供激励,系统通过将一定数量的比特币存入他们的帐户来奖励第一个宣传成功的工作z明号码的服务器(矿工)。为了避免奖励虚假区块链并鼓励继续挖掘工作,矿工只有在向分类账添加 99 个额外块后才会获得奖励。
计算工作量证明的奖励被设计为随着时间的推移而减少。每挖出 210,000 个区块,奖励就会减半,大约每四年一次:
自 2008 年以来的前 4 年 50 个比特币
2012-2015 年的 25 个比特币
2016 年 7 月 9 日至 2019 年区块 #420,000 的 12.5 个比特币
第 630,000 块 6.25 个比特币 – 2020 年 5 月 11 日
最终,奖励将达到零,最多将有大约 2100 万比特币在流通。但是,请记住,每笔交易都有与之相关的费用。谁先解决了这个难题,并获得了一个确认的区块进入区块链,谁也将获得该区块中所有交易费用的总和。)
Bitcoin has been designed to operate as a large-scale, global, fully decentralized network. Anybody can download the software and operate a bitcoin node. All you need is sufficient storage to store the blockchain. There are currently over 9,000 reachable full nodes spread across 99 countries. It is estimated that there are over 100,000 total nodes, including those that are be running old versions of software or are not always reachable. In this sense, Bitcoin is truly decentralized. Note that there are different types of nodes. The nodes we discussed serve as full nodes. They maintain an entire copy of the blockchain and accept transactions. Light nodes are similar but store only a part of the blockchain, talking to a full node parent if they need to access other blocks.
Not everyone who operates a bitcoin node does mining (proof of work computation). Mining is incredibly time energy intensive. To make money on mining, one needs to buy dedicated ASIC mining hardware that is highly optimized to compute SHA-256 hashes. Conventional computers will cost more in energy than they will earn in bitcoin rewards. Because of this, mining tends to be concentrated among a far smaller number of players. It is not as decentralized as much as one would like.
Bitcoin software is open source but there is only a small set of trusted developers. The software effort is inspectable but not really decentralized. Bugs have been fixed but many nodes still run old and buggy versions. Bitcoin transactions cannot be undone even if they were created by buggy nodes or via compromised keys.
(比特币被设计成一个大规模的、全球性的、完全去中心化的网络。任何人都可以下载软件并 *** 作比特币节点。您只需要足够的存储空间来存储区块链。目前有超过 9,000 个可访问的完整节点分布在 99 个国家/地区。据估计,总共有超过 100,000 个节点,包括那些正在运行旧版本软件或无法始终访问的节点。从这个意义上说,比特币是真正去中心化的。请注意,有不同类型的节点。我们讨论的节点用作完整节点。他们维护区块链的完整副本并接受交易。轻节点类似,但仅存储区块链的一部分,如果需要访问其他块,则与完整节点父节点进行通信。
不是每个 *** 作比特币节点的人都会进行挖矿(工作量证明计算)。采矿是令人难以置信的时间能源密集型。为了在挖矿中赚钱,需要购买经过高度优化以计算 SHA-256 哈希的专用 ASIC 挖矿硬件。传统计算机的能源成本将高于其获得的比特币奖励。正因为如此,挖矿往往集中在少数玩家身上。它不像人们想要的那样去中心化。
比特币软件是开源的,但只有一小部分值得信赖的开发人员。软件工作是可检查的,但并不是真正去中心化的。错误已得到修复,但许多节点仍运行旧版本和有错误的版本。即使比特币交易是由有缺陷的节点或通过泄露的密钥创建的,也无法撤消。)
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)