目录
1、最简单的一种:P2PK(Pay to Public Key)
2、P2PKH (Pay to Public Key Hash)
?3、最复杂的形式:P2SH(?Pay to Script Hash)
UTXO:Unspent Transcation Output
工作原理:比特币工作在应用层;比特币的P2P网络是非常简单的,所有节点都是对等的。不像其他网络存在超级节点;要加入P2P网络,至少需要知道一个种子节点,然后你和种子节点联系,它会告诉你它所知道的网络中的其他节点,节点之间的通信采用TCP协议,便于穿透防火墙。当节点要离开时不用做任何操作,不用通知其他节点,只需自行退出即可,其他节点在一定时间后没有收到该节点的消息,便会将其删掉。
比特币网络设计原则:simple,robust,but not efficient
Bitcoin network design principlesxff1a;simple, robust,but not efficency
每个节点维护一个邻居节点的集合,消息传播在网络中采取flooding的方式。节点第一次收到某个消息时,它会把此消息传播给所有邻居节点并标记已经收到过此消息,下次再收到此消息便不会发送出去。
邻居节点的选取随机,未考虑网络底层的的拓扑结构。一个在加州的节点,它选取的邻居节点可能是在阿根廷的,这样的设计的好处是增强鲁棒性,但牺牲了网络效率。
Each node maintains a neighborhood node & #xff0c; the message spreads in the network in the form of funding. The node first receives a message & #xff0c; it disseminates the message to all neighbors and signs that it has already been received & #xff0c; the next time it receives this message will not be sent out.
The neighbor node picks random xff0c; does not consider the bottom of the network topping structure. A node in California xff0c; the neighbor node it selects may be xff0c in Argentina; the benefit of such a design is to enhance proficient #xff0c; but it sacrifices the network efficiency.
区块越大,网络上传播时延越长;区块越小,可包含的交易数目越少;比特币网络传播属于 尽力而为(),一个交易发布到比特币网络,不一定所有节点都能收到,也未必收到交易的顺序都一致。有的节点也不一定按比特币协议的要求进行转发(比如不合法交易)
The larger the blocks xff0c; the longer the distribution time on the network xff1b; the smaller the blocks xff0c; the smaller the number of transactions to include xff1b; the smaller the Bitcoin network disseminates as much as ()xff0c; a transaction is published on the Bitcoin network xff0c; not necessarily all nodes receive xff0c; or the order of the transactions is not consistent. Some nodes are not necessarily forwarded as required by the Bitcoin agreement (e.g. illegal transactions).
H(block header)<=target
所以挖矿就是不断调整,使的哈希值小于等于目标阈值。
So mining is a constant adjustment of xff0c; the Hashi value is smaller than the target threshold.
目标阈值越小,挖矿难度越大。调整挖矿的难度就是调整目标空间在整个输出空间中所占的比例。
The smaller the target threshold xff0c; the harder it is to dig. The harder it is to adjust the target space as a proportion of the total output space.
比特币用的哈希算法是SHA-256,产生的哈希值是256位的,所以整个输出空间为2^256,调整目标空间所占比例,通俗的说,就是要求哈希值前面要有多少个0.
The Hashi algorithm used in Bitcoin is SHA-256, the resulting Hashi value is 256 xff0c; so the total output space is 2⁄256 #xff0c; the proportion of the target space adjusted is xff0c; the popular term xff0c; that is, how many are required in front of the Hashi value.
挖矿难度和目标阈值成反比
Inverse ratio of mining difficulty and target threshold
挖矿难度等于1的时候的目标阈值,就是最小挖矿难度,是个很大的值
The difficulty of mining equals the target threshold of 1 & #xff0c; the minimum difficulty of mining & #xff0c; is a very high value
如果不调整挖矿难度会有什么问题:系统总算力越来越强,挖矿难度不变的话,出块时间会越来越短。(一个别的博客上对老师的话的总结)
What's the problem if you don't adjust to the difficulty of mining xff1a; the system is getting stronger xff0c; the difficulty of mining xff0c; the time is getting shorter and shorter. xff08; the summary of the teacher's words on a different blog xff09;
出块时间越来越短会有什么问题:?出块时间变短,交易可以更快被写入区块链,提高了系统效率;会使出现分叉会成为常态,不仅会出现二分叉,可能会出现很多的分叉。分叉过多对系统达成共识是没有好处的,而且造成算力分散,使攻击者发动分叉攻击的成本大大降低。
xff1a;? xff0c; transactions can be written into block chains xff0c more quickly; systems efficiency xff1b is improved; splits xff0c become normal xff0c; not only two fork xff0c; there may be many forks. Too many forks to reach consensus on the system are unhelpful xff0c; there is also a loss of arithmetic xff0c; and the cost of a split attack by the attacker is significantly reduced.
10分钟的出块时间是最优的吗:不一定,出块时间需要维持在一个常数范围内。
A 10-minute exit time is the best xff1a; not necessarily xff0c; and the release time needs to be maintained within a constant range.
比特币规定每隔2016个区块需要重新调整目标阈值(大概每两个星期2016*10/60*24=14天)
Bitcoin requires readjustment of target thresholds xff08 every 2016 block; approximately every two weeks *10/60*24#61; 14 days xff09;
actual time:产生2016个区块实际花费的时间
expected time:产生2016个区块理想花费的时间:2016*10分钟(理想状况下每十分钟产生一个区块)
Expected time & #xff1a; time taken to produce the ideal 2016 blocks xff1a; 2016*10 minutes xff08; ideal situation results in a block xff09;
实际中,上调和下调都有四倍的限制,假如实际时间超过了8个星期,计算公式也只能按8个星期算,少于0.5个星期也一样。
In practice xff0c; four times the limit for both up and down; if the actual time exceeds eight weeks xff0c; the formula can only be calculated for eight weeks xff0c; the same is true for less than 0.5 weeks.
如何让所有的矿工同时调整目标阈值呢:计算target的算法是写在比特币系统的代码里,每挖到2016个区块会自动进行调整。
How to get all miners to adjust the target threshold at the same time xff1a; the calculation of target is written in the code in the bitcoin system xff0c; automatic adjustments are made for every block that digs into 2016 blocks.
全节点 | 轻节点 |
---|---|
一直在线 | 不是一直在线 |
在本地硬盘上维护完整区块链信息 | 不保存整个区块链,只需要保存每隔区块块头 |
在内存中维护UTXO集合,以便于快速检验交易合法性 | 不保存全部交易,只保存和自己有关的交易 |
监听比特币网络中交易内容,验证每个交易合法性 | 无法验证大多数交易合法性,只能检验和自己相关的交易合法性 |
决定哪些交易会打包到区块中 | 无法检测网上发布的区块正确性 |
监听其他矿工挖出的区块,验证其合法性 | 可以验证挖矿难度 |
挖矿: 1. 决定沿着哪条链挖下去。 2. 当出现等长分叉,选择哪一个分叉 | 只能检测哪个是最长链,不知道哪个是最长合法链 |
在比特币网络中,大多数节点都是轻节点。如果只是想进行转账操作,不需要挖矿,就无需运行一个全节点。在挖矿过程中,如果监听到别人已经挖出区块延申了最长合法链,此时应该立刻放弃当前区块,在本地重新组装一个指向最后这个新合法区块的候选区块,重新开始挖矿。
In the Bitcoin network xff0c; most nodes are light nodes. If you simply want to transfer xff0c; do not need to dig xff0c; do not need to run a full node. During mining xff0c; if you hear that someone has dug out the blocks to extend the longest legal chain xff0c; then the current block xff0c should be abandoned immediately; reassemble locally a candidate block pointing to the last of the new legal block xff0c; restart mining.
memory less无记忆性,progress free挖矿本身具有无记忆性,前面无论挖多久,对后续继续挖矿没有影响
Memory less memory xff0c; progress free mine itself memoryless xff0c; no matter how long it takes to dig ahead xff0c; no effect on the continuation of subsequent mining
比特币系统如何安全性:一是密码学的保证:别人没有自己的私钥,就无法伪造其合法签名,从而无法将其账户上BTC转走。(前提:系统中大多数算力掌握在好人手中)
二是共识机制:保证了恶意交易不被系统承认。How the bitcoin system is secure xff1a; a warranty for cryptography xff1a; someone else's own private key xff0c; unable to falsify its legitimate signature xff0c; thus unable to transfer its account to BTC. xff08; premise xff1a; most computing power in the system is in the hands of good people xff09; br/>consensus mechanism xff1a; guarantees that malicious transactions are not systematically recognized.
普通CPU -> GPU ->ASIC芯片(挖矿专用矿机)
General CPU - & gt; GPU - & gt; ASIC chip & #xff08; special mine excavator & #xff09;
对于单个矿工来说,即使使用了ASIC矿机,其算力在整个系统中仍然只占据很少一部分,即使从平均收益看有利可图,但收入很不稳定。
此外,单个矿工除挖矿还要承担全节点其他责任,造成了算力的消耗。
xff0c for a single miner; even if an ASIC mine machine is used xff0c; its arithmetic still accounts for only a small part of the system xff0c; even if it is profitable in terms of average earnings xff0c; but income is very volatile.
and xff0c; individual miners have other responsibilities for the full node xff0c; it results in the depletion of the arithmetic power.
是一个全节点驱动多台矿机。矿工只需要不停计算哈希值,而全节点其他职责由矿主来承担。ASIC芯片只能计算哈希值,不能实现全节点其他功能。此外,矿池出现解决了单个矿工收益不稳定的问题。当获得收益后,所有矿工对收益进行分配,从而保证了收益的稳定性。
It's a full node that drives multiple mine machines. Miners just have to count Hashi & #xff0c; the whole node has other responsibilities to take on by the mine owner. ASIC chips can only calculate Hashi & #xff0c; they cannot perform the full node functions. xff0c; there are ponds that solve the problem of unstable returns for individual miners. xff0c when the returns are obtained; all miners distribute the proceeds xff0c; thus ensuring the stability of the returns.
矿池一般具有两种组织形式。1.类似大型数据中心(同一机构),集中成千上万矿机进行哈希计算。2.分布式。矿工与矿主不认识(不同机构),矿工与矿主联系,自愿加入其矿池,矿主分配任务,矿工进行计算,获得收益后整个矿池中所有矿工进行利益分配。
The ponds are generally organized in two forms. 1. Similar to the large data centre xff08; the same institution xff09; xff0c; and the concentration of thousands of mining machines for Hashi calculations. 2. Distribution. Miners do not know the miners (different institutions) xff0c; miners communicate with the miners xff0c; voluntary participants in their ponds xff0c; miners assign tasks xff0c; miners compute xff0c; and all miners in the whole pond after receiving benefits are distributed benefits.
平均分配,所有人平分出块奖励。这一点有些类似我国某段历史时期,大家一起"吃大锅饭",会导致某些矿工懈怠,不干活(挖矿要费电,需要成本)。
所以,这里也需要进行按劳分配,需要一个工作量证明的方案。如何证明每个矿工所作的工作量呢?xff0c; equal share of incentives for all. This is something like xff0c; 34; 34; xff0c; xff0c; xff0c; xff08; not working ff0c; xff0c; b/> cost xff09; xff0c; there is also a need to distribute xff0c; there is a need for a programme of proof of workload. xff1f how to prove the workload per miner.
降低挖矿难度(可行方案)。假设原本挖矿难度要求,计算所得126位的哈希值前70位都必须为0,现在降低要求,只需要前60位为0,这样挖矿会更容易挖到。当然,这个哈希是不会被区块链所承认的,我们将其称为一个share,或almost valid share。矿工每挖到一个share,将其提交给矿主,矿主对其进行记录,作为矿工工作量的证明。等到某个矿工真正挖到符合要求的的区块后,根据所有矿工提交的share数量进行分配。
xff08; A workable option xff09; Assuming that the original mining difficulty requirement xff0c; or that the first 70 places for the calculation of 126 places must be 0xff0c; now the lower requirement xff0c; that only the first 60 places are 0xff0c; this would be easier to dig. Of course xff0c; this Hash will not be recognized by the chain of blocks xff0c; we will call it a sharexff0c; or almost valid share. Each miner digs to a share of #xff0c; submit it to the miner xff0c; record the miner xff0c; as proof of the workload of the miner.
- 问:有没有可能,某个矿工平时正常提交share,但真正挖到区块后不提交给矿主而是自己偷偷发布出去,从而避免他人分走挖矿所得到的出块奖励?
- 答:事实上,这种情况是不可能的。因为每个矿工挖矿任务是矿主分配的。矿主组装区块,交给矿工计算,而区块中铸币交易的收款人地址是矿主,如果矿工修改该地址,计算的nonce值也会作废。
- 问:如果矿工自己刚开始就自己偷偷组装一个区块,
- 答:自己挖矿,这样就类似于其脱离了该矿池。因为其自己所组织的区块不会被矿主所认可,其提交的share也不会被认可,也就得不到分配的收益。
- 问:有没有可能矿工捣乱?平时提交share,等挖到后扔掉区块,不提交?
- 答:这种可能是有的,如果矿工本身仅仅想捣乱,是可以这么做的。但扔掉区块后,对其本身来说,也没有相应的奖励获得,看似是损人不利己的情况。
- 但是,矿池之间存在竞争关系。有可能为了打击竞争对手,会派出矿机加入竞争对手矿池挖矿,从而起到搞破坏的作用。即只参与其他矿工挖矿分红,自己挖到的区块却丢掉不给他人分。
1、分叉攻击
对已经经过6次确认的交易分叉,利用51%算力将交易记录回滚。
xff0c for transactions that have been confirmed six times; 51 per cent arithmetic is used to roll the transaction log back.
矿工只能计算哈希值,并不知道区块包含哪些交易,区块链状况是什么。所以,这些“群众”是无知的,容易被利用;此外,51%攻击只是一个概率问题,并非达到51%算力就能发动攻击,不能达到就无法发动攻击。此外,矿池本身算力也是在不断变化的。
Miners can only calculate Hashi & #xff0c; do not know which transactions & #xff0c are included in the blocks; what is the condition of the block chain. So & #xff0c; these “peoples” are ignorant & #xff0c; easy to use xff1b; and xff0c; 51% of attacks are just a question of probability xff0c; xff0c is not able to strike xff0c; cannot reach ff0c; and xff0c; the pond itself is also changing.
2、封锁交易
假如攻击者不喜欢某个账户A,不想让A的交易上区块链,在监听到有其他人将A的交易发布到区块链上时,立刻发动分叉攻击,使A所在链无法成为”最长合法链“。这样,便实现了对A账户的封锁。
If the attackers don't like an account A, do not want A's transaction to go up the block chain & #xff0c; xff0c when someone else reports A's transaction to the block chain; immediately launch a fork attack xff0c; and prevent A's chain from becoming the longest legal chain. xff0c; this allows the closure of A's account.
3、盗币
这个是不可能的,因为其并没有他人账户私钥。如果依仗算力强,强行将没有签名的转账发布到区块链,正常节点不会认为其合法,这样,即使这条链再长,其他人也不会认为其是最长合法链。
This is xff0c of
BTC使用的脚本语言是非常简单的,唯一能访问的内存空间就是一个堆栈?,不像C,C++那样有全局变量和局部变量还有动态分配的内存空间;所以叫基于栈的语言:stack base language
The script language used by BTC is very simple xff0c; the only memory that can be accessed is ?, unlike Cxff0c; C43; 43; that there are global and local variables and dynamic memory space xff1b; so it's called language xff1a; stack base
是个数组一个交易可以有多个输入,每个输入都要说明这个输入花的币来自之前哪个交易的输出
It's a array of transactions with multiple input xff0c; each input indicates the value of the input flower from the output of the previous transaction.
也是一个数组结构
It's also a cluster structure.
?
有一个交叉,后面的交易的输入要放在前面,前面的交易的输出要放在后面
There's a cross xff0c; the input of the transaction in the back is in the front xff0c; the output of the transaction in the front is in the back
早期的BTC脚本中这两个脚本是拼接在一起的,从头到尾执行一遍
The two scripts in the early BTC scripts are collated xff0c; perform from the beginning to the end
出于安全因素的考虑,现在这两个脚本分开执行,首先执行输入脚本,如果没有出错,再执行输出脚本,
For security reasons xff0c; the two scripts are now executed separately xff0c; input script xff0c is executed first; no error xff0c is performed; output script xff0c is executed again;
最后栈顶的结果为非0值,也就是true,那么验证通过 ,这个交易就是合法的,如果执行过程中出现任何错误,这个交易就是非法的
The final top results are non-0 & #xff0c; that is, true & #xff0c; then authentication through & #xff0c; the transaction is legal & #xff0c; if any error occurred during the execution & #xff0c; the transaction is illegal
如果一个交易有多个输入脚本,那么所有的输入脚本都要与对应的输出脚本匹配之后来进行验证,全都验证通过这个交易才是合法的
If a transaction has multiple input scripts & #xff0c; then all input scripts are verified after matching the corresponding output script & #xff0c; all authenticated with this transaction to be legal
1、最简单的一种:P2PK(Pay to Public Key)
- 把输入脚本提供的签名压入栈中,
- 把输出的公钥压入栈,
- 把栈顶的两个元素弹出来,用公钥检查一下签名是否正确,如果正确返回TRUE,说明验证通过,否则出错
2、P2PKH (Pay to Public Key Hash)
与第一种的区别是输出脚本里没有直接给出收款人的公钥
The difference from the first is that there is no public key in the output script that gives the payee directly.
给出的是公钥的哈希
It's Hashi with the public key.
公钥是在输入脚本里给出的
The public key was given in the script.
输入脚本既要给出签名也要给出公钥
Enter the script to give both a signature and a public key
输出脚本里的DUP,HASH160都是为了验证签名的正确性
Output of the DUP, HASH160 in the script is to verify the validity of the signature.
1、把签名压入栈中
2、把公钥压入栈中
3、DUP:含义是把栈顶的元素复制一遍,所以栈顶又多了一个公钥
4、HASH160是把栈顶元素弹出来取哈希,然后把得到的哈希值再压入栈中,所以栈顶变成了公钥的哈希值
5、把输出脚本中提供的哈希值压入栈,这时栈顶有两个哈希值
6、EQUALVERIFY是弹出栈顶的两个元素,即刚刚的两个哈希值,比较它们是否相等,防止有人冒名顶替(用自己公钥冒充接受者的公钥)
7、弹出栈顶的两个元素,用公钥检查签名是否正确1
,
,
>, 3, DUP xff1a ; meaning copying xff0c > 4 > 4 >, HASH160 ; ; ;
?3、最复杂的形式:P2SH(?Pay to Script Hash)
?
?
?第一阶段验证
还是将输入脚本和输出脚本拼接在一起
Or put the input script together with the output script.
第一阶段步骤:
First stage and #xff1a;
把输入脚本的签名压入栈
Put the signature entered into the script into the shed.
把赎回脚本压入栈
Put the redeemed script into the shed.
得到赎回脚本的哈希
Hashi, who was redeemed from the script.
将输出脚本的哈希值压入栈,RSH是指redeemsrcipt hash
Press the Hashi value of the output script into the pad & #xff0c; RSH refers to redeemsrcipt hash
判断两个赎回脚本的哈希值是否相等
Find out if the Hashis are equal to the two redeemed scripts.
?第二阶段的验证
? Second stage verification
第二阶段步骤:
Second stage <#xff1a;
- 将输入脚本里提供的序列化的赎回脚本进行反序列化,反序列化的操作由每个节点自己完成,并不在PPT中展示,之后执行赎回脚本,将Public Key压入栈
- 然后验证输入脚本里给出的签名的正确性
多重签名?
输出脚本中需要N个,输入脚本只需要提供M个合法签名就可以验证通过,N>=M,N>1/2M
Nxff0c is required for output scripts; input scripts only need to provide M legal signatures to verify pass through xff0c; N> 61; Mxff0c; N> 1/2M
输入脚本有一个BUG,执行的时候会从堆栈中多弹出一个元素,所以第一个为多余的元素
Enter a script with a BUG that will eject an extra element from the stack & #xff0c; so the first element is redundant
M个签名的顺序要在N个公钥中签名的顺序一致才可以
Only if the order of M signatures is consistent with the order of the N-keys.
?
FALSE就是多余的元素
FALSE is an extra element.
将输入脚本的两个签名压入栈中
Press two signatures into the script
将阈值M=2压入栈
Put the threshold M61;2 into the pad.
将三个公钥压入栈
Put three public keys into the shed.
将N=3压入栈
Press N#61;3 into the pad.
执行CHECKMULTISIG,看看是不是符合多重签名
Execute CHECKMULTISIG, see if multiple signatures are matched
?
本质是将复杂度从输出脚本转移到输入脚本?
The essence is to move complexity from an output script to an input script?
脚本执行过程
Script execution process
第一阶段
Phase I
步骤:
step #xff1a;
- FALSE还是应对那个BUG
- 两个签名压入栈
- 序列化的数据压入栈
- 取Hash
- 将输出脚本里面的RSH压入栈中
- 最后判断这两个赎回脚本的hash值是否相同
?
- 把M压入栈
- 将三个公钥压入栈
- 将N压入栈
- 检查多重签名的正确性
原来是一条链,现在是两条链就叫分叉
It turned out to be a chain #xff0c; now it's two chains called a fork.
state fork:如果两个节点差不多同时挖到一个区块,这两个区块都是挂在当前的区块上的,不同节点先收到的区块不同,就会各自沿着先收到的区块往下扩展,这种时候就会出现临时性的分叉,称为,即由于对区块链当前的状态有意见分歧而产生的分叉。
state fork: if two nodes are almost simultaneously dug up to a block & #xff0c; both blocks are hung on the current block xff0c; different nodes are received first xff0c; each extends xff0c down the first received block xff0c; there is a temporary split xff0c; xff0c; i.e., a split due to disagreement over the current status of the block chain.
分叉攻击(forking attack)也属于state fork,只不过这种意见分歧是人为造成的,这种情况也称为。?
split attack xff08; forking attack) also state fork, except that this disagreement is artificially caused by
protocol fork:要修改比特币协议需要软件升级,在去中心化的系统中,没办法要求所有的结点都升级软件;假设大部分节点升级了软件,少部分节点没有升级(可能是没来得及升级,也可能是不同意协议的修改),这种分叉称为protocol fork,即对比特币协议产生了分歧,使用不同版本的协议而产生的分叉。
protocol fork: to modify the Bitcoin protocol requires software upgrades xff0c; in a decentralised system xff0c; cannot require all nodes to upgrade the software xff1b; assume that most nodes have upgraded the software xff0c; fewer nodes have not been upgraded xff08; may not have come and been upgraded xff0c; may also be non-consensual changes to the agreement xff09; xff0c; this split is called protocol forkxff0c; i.e., differences arising from the contrast currency agreement xff0c; splits arising from different versions of the agreement.
在protocol fork中,根据对协议修改的内容的不同,又可以分为硬分叉和软分叉。?
In protocol fork & #xff0c; depending on the content of the modification of the agreement & #xff0c; again, can it be divided into hard and soft fork?
如果对比特币协议增加一些新的特性,扩展一些新的功能,这时候没有升级协议的那些结点是不认可这些新特性的,认为它们是非法的。
If the Bitcoin agreement adds some new characteristics xff0c; expands some new functions xff0c; at that time those nodes of the non-upgrading agreement do not recognize these new characteristics xff0c; they are considered illegal.
硬分叉的一个例子就是比特币中的区块大小限制。(block size limit)
An example of a hard fork is the block size limit in Bitcoin.
比特币限制每个区块不超过1M,这样算下来大约最多能容纳4000个交易。而平均10分钟产生一个区块,算下来大约平均每秒只能写入7个交易。
Bitcoin limits each block to no more than 1 M, this calculates a maximum of 4,000 transactions. On average, a block xff0c is generated in 10 minutes; it calculates that only seven transactions per second can be written on average.
假设软件更新了,将区块大小的限制从1M提高到4M,假设大多节点更新了软件以支持这个协议。节点的“多数”和“少数”不是按照账户数目来算的,而是根据算力来算的,上面那句话是假设系统中拥有大多哈希算力的节点都更新了软件。
Assuming that the software has been updated xff0c; increasing the block size limit from 1M to 4M, assuming that most nodes have updated the software to support the protocol. The " majority " and " minority " of nodes are not xff0c based on the number of accounts; but xff0c based on computing; and that the above is assuming that the nodes in the system with the power of the big Doha algorithm have updated the software.
?当系统运行起来。假设新节点挖出一个区块,这个区块是比较大的,但旧节点是不认可这个区块的,不会沿着这个区块继续往下挖,而是继续沿着之前的区块往下挖下一个区块。
When the system is running. Assuming that the new node digs up a block xff0c; that the block is larger xff0c; that the old node does not approve the block xff0c; that it does not continue to dig xff0c down along the block; and that it continues to dig down the previous block.
旧的节点不认可大的区块,小的区块新旧节点都认可。
Old nodes do not recognize large blocks & #xff0c; smaller blocks are accepted both new and old nodes.
假定大多节点都是新节点,即更新了软件支持新的协议,因为“大多数”即是其算力更强,新节点的新区块的分叉很快就比旧节点的分叉长了
Assuming that most of the nodes are new & #xff0c; i.e., the software has been updated to support the new protocol & #xff0c; because "most" is its more arithmetic & #xff0c; the new block fork of the new node will soon be longer than the fork of the old node
对新节点而言,上下两条链都是合法链,但因为只会去扩展最长合法链,所以还是会沿着上面的链往下挖。因为只是约束了大小不到4M就可以,新节点也可能挖出一些大小不到1M的区块
xff0c for the new node; the upper and lower chains are legal xff0c; but only to extend the longest legal chain xff0c; so dig down along the upper chain.
这样的区块是新旧节点都承认的,但上面这条链上有旧节点认为不合法的区块,所以旧节点始终不会去扩展这条链,还是继续沿着下面这条链往下挖
Such blocks are recognized as new and old nodes xff0c; however, there is an old node on the chain that is considered illegal xff0c; so the old node will never expand the chain xff0c; or continue digging down the chain below.
这样的分叉是永久性的,只要这些旧节点不更新软件,这样的分叉就不会消失。比特币网络中,会有部分很保守的人,像这样的协议更新势必会有一些节点不同意,产生硬分叉。?
This is a permanent xff0c; these old nodes will not disappear as long as they do not update the software xff0c. In the Bitcoin network xff0c; there will be some very conservative xff0c; there will be nodes to disagree with xff0c; there will be hard fork to create?
出现硬分叉之后,出现了两条平行运行的链,两条链上的BTC也是不相干的,各挖各的矿。在某条链上的出块奖励,对于认可这条链为最长合法链的节点而言是有效的,对认可另一条链的则是无效的,而分裂之前产生的BTC则是在两条链上都认可的。从这个意义上来看,硬分叉可以认为是产生了新的一种加密货币。
xff0c after the hard fork appears; two parallelly running chains appear xff0c; BTC on the two chains is also irrelevant xff0c; each digs its own mines. An exit incentive xff0c on a particular chain is valid for the nodes of the longest legal chain xff0c; xff0c on the other chain is invalid xff0c; BTC that arose before the split is acceptable on both chains. xff0c in this sense; hard fork can be considered to be the creation of a new encrypted currency.
如果对比特币协议加了一些限制,使得原本某些合法的交易或区块,在限制后的新协议中变得不合法,那么形成的分叉是软分叉。
If the Bitcoin agreement adds some restrictions xff0c; makes certain previously legal transactions or blocks xff0c; becomes unlawful in the new post-limitation agreement xff0c; the resulting fork is soft fork.
假设对软件进行更新:使区块大小变小,从1M变为0.5M。假设大多节点是新节点,即已经更新了协议,区块限制为0.5M;少部分节点是旧节点,仍然认定区块限制为1M。
Assuming that the software is updated xff1a; making blocks smaller xff0c; moving from 1M to 0.5M. Assuming that most nodes are new nodes xff0c; i.e., the protocol has been updated xff0c; block limits are 0.5 Mxff1b; minor nodes are old nodes xff0c; block limits are still determined to be 1M.
这时,新节点挖出的区块,旧节点会认为是合法的(因为在1M以内);但是旧节点挖出的区块,新节点很可能不认为是合法的(因为很可能不在0.5M内):
At this point xff0c; xff0c; xff08; xff08; xff09; xff1b; xff0c; ff08; xff08; xff09; xff1a) within 1M; xff1a; xff0c; xff08; xff1a) may not be considered lawful; xff09; xff1a;
?因为新节点占了大部分算力,所以很可能先挖到某个区块,出现上图的情况。这时旧节点观察到上面那条是最长合法链,就会放弃自己的分叉,接着上面的链继续挖。
xff0c; so it is possible to dig up a block xff0c; there is a situation. The old node observed the longest legal chain xff0c; it gives up its fork xff0c; and then the chain above continues digging.
某个时刻,旧节点先于新节点挖出一个区块,将其上链:
xff0c at a certain point; old node excavated a block xff0c before the new node; chained it up xff1a;
这个区块大于0.5M,新节点不认,会继续扩展上一个合法的区块
This block is greater than 0.5 M, the new node does not recognize xff0c; it will continue to expand the previous legal block
所以在这种情况下,会持续出现软分叉,只要旧节点不更新协议,挖出的区块就一直无法上链。相比硬分叉,软分叉即是非永久存在的分叉,只会临时存在一段时间。
So in this case xff0c; soft fork xff0c will continue to appear; as long as the old node does not update the protocol xff0c; the excavated block will never be able to be chained. Compared to hard fork xff0c; soft fork is a non-permanent fork xff0c; it will only remain for a temporary period of time.
实际中,给某些目前协议中没有规定的域增加新的含义
这种情况下即是当前协议中未限制的一些域,被赋予了新的规则。一个例子就是铸币交易的CoinBase域,没人规定也没人检查。前面学习挖矿难度时,提到这个域可以作为extra nonce来使用,比如拿出前8个字节来和nonce一起调整,以增大挖矿的搜索空间。
In practice, xff0c; adding a new meaning to certain areas that are not provided for in the current agreement
, i.e. some areas that are not limited in the current agreement xff0c; given new rules. One example is the CoinBase field xff0c where the coins are traded; no one has specified and no one has checked it. xff0c when learning about the difficulty of digging before; mention that this area can be used as an extranoncet xff0c; e.g., bring out the first eight bytes to adjust xff0c together with nonne; to increase search space for digs.
CoinBase即便拿出了前8个字节,后面还是有很长的可调整空间。有人就提出将其作为UTXO(未花费的交易输出)的根哈希值,因为目前这个UTXO集合只是每个全节点自己在维护,目的就是快速查找,判断交易合法性,这个集合的内容没有写到区块链里。
CoinBase takes out the first eight bytes & #xff0c; there is a lot of adjustable space behind it. It is proposed that it be used as UTXO& #xff08; unspent transaction output & #xff09; xff0c; because this UTXO collection is currently only maintaining xff0c for each full node; the aim is to quickly find xff0c; to determine the legitimacy of the transaction xff0c; the content of this collection is not written in the block chain.
Merkle proof可以证明某个交易存在于某个区块中,那么如何证明某个账户A中有多少钱?全节点可以在本地的UTXO集合里算一下,即找到UTXO中所有转账给A的交易的输出,加在一起。
Merkle proof can prove that a transaction exists in a block xff0c; then how to prove how much xff1f is in an account A; the full node can count xff0c in a local UTXO collection; i.e. find the output of all transactions transferred to A in UTXO xff0c; add together.
有人提出将UTXO中的交易也组织成一个Merkle Tree,将其根哈希值写在铸币交易的CoinBase域里面,而铸币交易中的此内容也会随着影响交易的Merkle Tree的根哈希值,这在轻节点里是保存了的。所以在这种方式下就可以像Merkle proof的方式一样证明账户里有多少钱,需要提供UTXO的Merkle Tree对应位置的哈希。
It was suggested that the transaction in UTXO should also be organized into a Merkle Tree, that its root-hash value should be written in the CoinBase field where the coins were traded & #xff0c; and that it would also follow the root-hash & #xff0c of Merkle Tree, where the transactions were affected; and that it would be preserved in light nodes. So in this way, it would be possible to prove how much money there was in the account xff0c, as Merkle Proof would have done in the way of Merkle Proof; and that he would need to provide the Merkle Tre counterpart of UTXO.
比特币历史上著名的软分叉例子:P2SH(Pay to Script Hash)
#xff1a; P2SH( Pay to Script Hash)
硬分叉特点:只要系统中半数以上(算力)的节点更新了软件,就不会出现永久性的分叉。这类分叉为软分叉
软分叉特点:必须系统中所有(算力)的节点都更新了软件,才不会出现永久性的分叉。
soft fork characteristicsxff1a; must update all xff08; arithmetical xff09; nodes xff0c; no permanent fork does not occur.
转账交易时候,如果接收者不在线(没有连在比特币网络上)怎么办?
转账交易只需要在区块链上记录,将某账户比特币转到另一账户,而接收方是否在线并无影响。xff0c at the time of the transfer transaction; xff1f if the recipient is not online (not connected to the Bitcoin network);
transfer transactions only need to record xff0c on the block chain; transfer bitcoin to another account xff0c; and whether the recipient is online has no effect.
假设某全节点收到某个转账交易,会不会有可能转账交易中收款人地址该全节点从未听过。
可能,因为比特币账户只需要本地产生即可。只有该账户第一次收到钱时,其他节点才能知道该节点的存在。Assuming that an entire node receives a transfer transaction xff0c; it is possible that the payee's address in the transfer transaction has never been heard of.
may xff0c; because the Bitcoin account only needs to be generated locally. Only when the account first receives the money xff0c; other nodes will know the existence of the node.
如果账户私钥丢失怎么办?
没有办法。因为比特币是去中心化货币,没有第三方中心机构可以重置密码,所以账户上的钱也就变成了死钱。
通过加密货币交易所(中心化机构),一般需要提供身份证明,如果忘记私钥可以找交易所申请追回私钥。但目前这类货币的交易所,尚且处于缺少监管的状态,并不一定具有可信力。而且,其本身仅起到“中介”作用,与该提问的回答“私钥丢失无法追回里面的比特币”并不冲突。
在历史上,有很多次交易所被黑客攻击偷走大量加密货币的事情,其中最著名的为Mt. GOX(中文译为:门头沟)事件。该交易所曾经为全球最大比特币交易所,交易量占到全球比特币交易量的70%左右,设于日本。后来由于被攻击丢失大量比特币,导致交易所破产,其CEO被判刑入狱。
此外,也有交易所监守自盗,工作人员卷款跑路(有点类似 rm -rf */ 删库跑路系列)。xff1f;
There is no way to find a private key if the account is lost. Because bitcoin is decentralised currency xff0c; no third-party central institution can reset the password xff0c; so money on the account becomes dead money.
Through an encrypted currency exchange (centralized agency) xff0c; generally there is a need to provide identification xff0c; xff0c; xxxxxxxxxxxxxxxxxxxxxxy; xxxxxxxxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxxyxyxyxyxvxyxyxyxvxyxyxyxvvx.xyx.x.x.x.x.x.x.x.x.xt.xt.fft.fft.fft.fft.x.x.x.x.x.x.x.x.x.x.x.x.t......................................................................................................................................................................
私钥泄露怎么办?
尽快将剩余BTC转到其他安全账户上,没有第三方中心机构重置密码或冻结账户,只能自己对自己负责。
BTC系统中账户便是公私钥对,密码就是私钥,无法更改。What if the private key leaks xff1f;
transfer the remaining BTC to another security account xff0c as soon as possible; no third-party central agency resets the password or freezes the account xff0c; only itself is responsible.
BTC accounts are public-private key pairs xff0c; passwords xff0c; cannot be changed.
转账写错地址怎么办?
没有办法,只能自认倒霉,无法取消已经发布的交易。如果转入不存在地址,则该部分比特币便成为了死钱。当然,比特币系统中UTXO会永久保存该交易,记录该并不存在的地址。因此,对全节点来说,这是不友好的。What about the miswritten address of the transfer? xff1f;
there is no way xff0c; only self-confessed xff0c; cannot cancel a transaction that has already been issued. If it is transferred to an address xff0c; that part of the bitcoin becomes dead money. Of course xff0c; UTXO in the bitcoin system will permanently keep the transaction xff0c; record the address that does not exist. xff0c; xff0c for the whole node; this is unfriendly.
之前在BTC脚本中介绍了OP_RETURN指令,我们提到,这种方法为普通用户提供了一个向比特币网络中写入想要一直保存的内容。但OP_RETURN执行结果是无条件返回错误,而交易返回错误,区块又怎么会包含它?区块链又如何会接收这个区块?
Earlier, OP_RETURN Directive & #xff0c was introduced in the BTC script; we mentioned & #xff0c; this method provided ordinary users with a copy of what they wanted to keep in the Bitcoin network. However, OP_RETURN executed an unconditional return error xff0c; the transaction returned error xff0c; how the block would contain xff1f; how the block chain would receive the block xff1f;
一般来说,匿名性多与隐私保护相关。但实际上,比特币中的匿名并非真正的匿名,而是假的匿名。
In general, anonymity is often associated with privacy protection. But in practice xff0c; anonymity in bitcoin is not really anonymous xff0c; it is falsely anonymous.
实际上,比特币中的数据是完全公开的,而网上的交易是要与实体世界进行交易的,所以大大破坏了其匿名性。
In fact, xff0c; the data in Bitcoin are completely public xff0c; the online transaction is xff0c, which deals with the real world; therefore, its anonymity is greatly undermined.
BTC系统中什么情况会破坏其匿名性?
(这一部分参考他人博客进行的笔记北京大学肖臻老师《区块链技术与应用》公开课笔记12——BTC匿名性篇1(匿名性分析)_区块链技术与应用-btc匿名性-CSDN博客https://blog.csdn.net/Mu_Xiaoye/article/details/104439918)
1、用户可以生成多个地址账户,但这些地址账户可以被关联起来
表面上看,每次交易可以更换公私钥对,从而每次都是新的账户,具有很强的匿名性。但实际上,这些账户在一定情况下,是可以被关联起来的。
1. Users can generate multiple address accounts & #xff0c; these address accounts can be associated
on the face of xff0c; each transaction can replace a public-private key pair & #xff0c; each time it is a new account xff0c; is highly anonymous. But in practice xff0c; these accounts under certain circumstances xff0c; they can be linked.
2、地址账户与个人在真实社会中的身份也可能会产生关联。
任何使得BTC和实体世界中关联的操作都有可能泄露用户真实身份,其中最明显的就是资金的转入转出。要得到BTC,如果用钱买,就会与实体世界进行交互。想要将BTC转为现实中的货币,也同样需要与实体世界交互。
An address account may also be linked to an individual's identity in a real society.
Any operation that links BTC to the physical world has the potential to reveal the user's true identity xff0c; the most obvious of this is the transfer of funds. For BTC, for money to buy xff0c; it interacts with the physical world. For BTC to become a real currency xff0c; it also needs to interact with the physical world.
3、BTC支付时候
例如某些商家接受用BTC进行支付,例如可以用BTC购买咖啡、蛋糕等。(这种场景信用卡已经解决的很好了,用BTC交易延迟高,交易费贵,并非一个好的idea)
在进行支付时候,便和个人账户建立了联系,从而会泄露掉个人信息。
When BTC pays
, for example, some businesses accept BTC for payment xff0c; for example, coffee, cake, etc. (this scene credit card has been resolved well xff0c; BTC transactions delayed high xff0c; transaction fee xff0c; not a good idea br/> br
实际上,暴露用户隐私正是由于区块链的公开性和不可篡改性。不可篡改性对于隐私保护,实际上是灾难性的。
In fact & #xff0c; exposure to user privacy is precisely due to the openness and non-frozenness of the block chain. Irreversible protection of privacy & #xff0c; it is disastrous.
零知识证明:一方(证明者)向另一方(验证者)证明某一个陈述是正确的,但不需要透露除该陈述是正确的之外的任何信息。
Zero Knowledge Certificate xff1a; xff08 on one side; xff09 on the other side; xff08 on the other side; xff09 on the other side; xff09 on the other side; xff0c on the other side to prove that a statement is correct; but no information other than the statement is required to be disclosed.
同态隐藏
零知识证明的数学基础便是同态隐藏。上图为同态隐藏的三个性质。
第一个性质,说明如果有E(X)=E(y),则必然有x=y。(无碰撞)
第二个性质,说明加密函数不可逆。知道加密值,无法反推出密码值。
第三个性质,最为重要,称为同态运算。说明对加密后的函数值进行某些代数运算,等价于对输入直接进行代数运算再加密。
The mathematical basis for proof of zero knowledge is homogeneity. The above figure is the three properties of the same state.
the first & #xff0c;
the first & 61; E(y)& #xff0c; 61; y. (no collision) the second br/> ff0c; the encryption function is indeterminate. Knows the encryption value xff0c; cannot reverse the password value.
the third xff0c; most important xff0c; known as the same-state calculation.
盲签
?零币和零钞
从数学上看,零币和零钞是安全的。但其并不是百分之百的匿名,其并未解决与系统外部实体发生交互时对匿名性的破坏。?
Mathematically xff0c; zero currency and zero currency are safe. But it is not 100% anonymous xff0c; it does not address the damage to anonymity when interacting with an external entity of the system?
零币在花费的时候,只需要用零知识证明来证明所花掉的币是系统中存在的某一个合法的币,但不用透露具体花掉的是系统中哪一个币。这样就破坏了关联性。
当然,这类货币并非主流加密货币,因为其为了设计匿名性,付出了一定代价,而且,需要强匿名性的用户并不多。
The zero is spent xff0c; only a zero knowledge certificate is needed to prove that the money spent is a legal currency in the system xff0c; but it is not necessary to disclose which currency is actually spent in the system. This undermines relevance.
Of course xff0c; such currencies are not mainstream encrypted currency xff0c; because they are designed to be anonymous xff0c; they pay a certain price xff0c; xff0c; and there are not many users who require strong anonymity.
指针保存的本地内存地址,只有在本地计算机上才具有意义,如果发送给其他计算机就没有意义了。那么在区块发布时候,哈希指针如何通过网络进行传播?
所谓哈希指针,只是系统中一种形象化的方法。实际应用时候,只有哈希而没有指针。
So-called Hashi pointers & #xff0c; just a visual approach in the system. When applied in practice & #xff0c; only Hashi without a pointer.
回顾之前提过的Block header数据结构:
Recalling the Block Header data structure xff1a mentioned earlier;
全节点一般将区块存储于一个key-value数据库中,key为哈希,value为区块内容。常用的key-value数据库为levelDB,只要掌握到最后一个区块的哈希值即可依据哈希值一直往前找到区块链所有内容。
有些节点只保存区块链部分信息,如果需要用到前面的区块,可以问其他节点要。哈希指针性质保证了整个区块链内容是不可篡改的。The entire node is normally stored in a key-value database xff0c; key is Hashi xff0c; value is block content. The common key-value database is levelDB, the Hashi value of the last block can be found on the basis of the Hashi value.
Some nodes only save information about the block chain parts xff0c; if it needs to be used in the preceding block xff0c; other node points can be asked. The Hashi pointer properties ensure that the whole block chain contents are not altered.
有情侣一起买BTC,将私钥从中截断,每人保留其中一部分。如果未来两人依旧感情很好,就可以将钱取出;如果分手,这部分钱就会永久锁死,谁也无法取出,通过区块链的不可篡改性作为两人的爱情见证。如此下来,N个人怎么办?
如果按照这种方法,将私钥分为N份。但这样会有一系列问题。一. 如果N个人中任意一个人忘记私钥,则无法将钱取出。二.截断私钥长度,会降低安全性,因为私钥长度会直接影响破解难度(2^256 远远大于 2^128),之间难度差距远远不止一倍。【可见,对于多个人账户,应该使用多重签名,而非截断私钥的方法。】三.如果分手,该钱变成死钱,一直保存在UTXO集合中,对矿工不友好。
A couple buys BTC & #xff0c together; cuts private keys from the middle & xff0c; keeps a portion of them for each person. If two people are still in a good relationship xff0c; if xff0c breaks up, xff0c; xff0c; xff0c is permanently locked; xff0c cannot be removed; xff0xxx0xxxxxxxxxxxxx0xxxxxx0xxxxxqxxxxxxxxxxxxxxxxxxxxxxxxxxxffffxxxxxxffxyxyxxxyffxxxyxxyxxxyxyxxxyxxxxxxyxxxxyxxxxxxxxxxyxxxxxxxxffxxxxxyxxxxxxxxxxyxxxxxxxxxxxxyxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxxxxxx.xx.xxxxxxxxx.x.xxxx.x.xxx.x.x.x.x.x.x.x.x.x.x.x..x.x.x.x.x.x.x..x..x.x.x.x.x.x.x.x.x......
理论上来说,分布式系统不可能达成共识。严格来说,比特币并没有取得真正意义上的共识,随时可能被推翻,例如分叉攻击导致系统回滚。
此外,理论和实际存在差异。不可能结论针对特定模型,实际中对模型稍微修改或添加线下方法即可将不可能变为可能。
Theoretically xff0c; distributed systems cannot achieve consensus. Strictly xff0c; Bitcoin does not have a real consensus xff0c; there is a possibility that xff0c may be overturned at any time; for example, a fork attack leads to a system rolling back.
and ff0c; theoretical and practical differences. It is not possible to draw conclusions for a particular model xff0c; a slight modification or addition of a sub-line approach to the model in practice would make it impossible to make it possible.
早期BTC难度低且出块奖励高,从而吸引矿工。
Early BTC is less difficult and offers high incentives xff0c; this attracts miners.
BTC总量固定,有人认为其是一个精妙的设计。但实际上,总量固定的东西并不适合作为货币,这也就决定了BTC并不能在未来完全颠覆现有货币体系。以太坊中便没有BTC中出块奖励定期减半的做法,此外,某些新型货币会自带通货膨胀的功能。
The BTC total is fixed xff0c; it is thought to be a fine design. But in practice xff0c; it is not suitable as a currency xff0c; this also determines that BTC will not completely destabilize the existing monetary system in the future.
会不会BTC这种建立在密码学上的加密货币,在量子计算出来后会不会变得不安全。
一. 量子计算距离使用仍然有很长距离(人工智能也是,目前仍然处于弱人工智能阶段。其实很多技术都是如此,炒的情况很严重,但距离实用很远。但是不炒便不会有资本流入进行研究,这也是一个非常相悖的地方)。
二. 量子计算若真正使用到破坏现有加密算法,对传统金融业的破坏仍然是最大的。
三. 实际中使用的并非公钥,而是采用公钥哈希。而哈希函数一般都是不可逆的,所以即使量子计算也无法反推私钥。
BTC's cryptographic encryption currency xff0c; whether it becomes unsafe after quantum calculations.
I. The quantum calculation distance still has a long distance xff08; artificial intelligence is also xff0c; and is still in a weak stage of artificial intelligence. Indeed, many technologies are so xff0c; the fumigation is serious xff0c; but the distance is so far away. But there will be no capital inflows to study xff0c; this is also a very indisputable place xff09;
II. The quantum calculation, if actually used to destroy existing encryption algorithms xff0c; the damage to the traditional financial industry is still the greatest.
III. The actual use is not a public key xff0c; the Hashi function is generally an unreversible xff0c; so even the quantum calculation cannot be counter-inverted.
BTC中用的SHA-256,无论输入多大,最终结果都为256位
SHA-256, in BTC; regardless of how much #xff0c is entered; end result is 256
所以加密可逆、哈希不可逆;加密不损失信息、哈希破坏信息
so encryption is reversible, #xff1b; encryption does not lose information,
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论