关灯
请选择 进入手机版 | 继续访问电脑版
0

区块链-入门到崩溃

摘要: 前言大致整理汇总区块链入门学习相关资料,虽然题目是“入门到崩溃”,希望还是能学到想要学的内容。入门区块链创世论文,区块链起源于比特币,区块链并不是新技术,而是之前一些成熟技术的巧妙结合实现了区块链的特 ...

前言

大致整理汇总区块链入门学习相关资料,虽然题目是“入门到崩溃”,希望还是能学到想要学的内容。


入门区块链

创世论文,区块链起源于比特币,区块链并不是新技术,而是之前一些成熟技术的巧妙结合实现了区块链的特性。 
在入门区块链的时候,创世论文必须要去通读一遍,大致了解比特币的一个概念,后续再去看一些其他资料会有一个大致的基础。

创世论文

《Bitcoin: A Peer-to-Peer Electronic Cash System》:https://bitcoin.org/bitcoin.pdf

《一种点对点的电子现金系统 》

配合中英文翻译整理

《Bitcoin: A Peer-to-Peer Electronic Cash System》

Satoshi Nakamoto 
satoshin@gmx.com 
www.bitcoin.org


Abstract. A purely peer-to-peer version of electronic cash would allow online 
payments to be sent directly from one party to another without going through a 
financial institution. Digital signatures provide part of the solution, but the main 
benefits are lost if a trusted third party is still required to prevent double-spending. 
We propose a solution to the double-spending problem using a peer-to-peer network. 
The network timestamps transactions by hashing them into an ongoing chain of 
hash-based proof-of-work, forming a record that cannot be changed without redoing 
the proof-of-work. The longest chain not only serves as proof of the sequence of 
events witnessed, but proof that it came from the largest pool of CPU power. As 
long as a majority of CPU power is controlled by nodes that are not cooperating to 
attack the network, they'll generate the longest chain and outpace attackers. The 
network itself requires minimal structure. Messages are broadcast on a best effort 
basis, and nodes can leave and rejoin the network at will, accepting the longest 
proof-of-work chain as proof of what happened while they were gone.


[摘要]:本文提出了一种完全通过点对点技术实现的电子现金系统,它使得在线支付能够直接由一方发起并支付给另外一方,中间不需要通过任何的金融机构。虽然数字签名(Digital signatures)部分解决了这个问题,但是如果仍然需要第三方的支持才能防止双重支付(double-spending)的话,那么这种系统也就失去了存在的价值。我们(we)在此提出一种解决方案,使现金系统在点对点的环境下运行,并防止双重支付问题。该网络通过随机散列(hashing)对全部交易加上时间戳(timestamps),将它们合并入一个不断延伸的基于随机散列的工作量证明(proof-of-work)的链条作为交易记录,除非重新完成全部的工作量证明,形成的交易记录将不可更改。最长的链条不仅将作为被观察到的事件序列(sequence)的证明,而且被看做是来自CPU计算能力最大的池(pool)。只要大多数的CPU计算能力都没有打算合作起来对全网进行攻击,那么诚实的节点将会生成最长的、超过攻击者的链条。这个系统本身需要的基础设施非常少。信息尽最大努力在全网传播即可,节点(nodes)可以随时离开和重新加入网络,并将最长的工作量证明链条作为在该节点离线期间发生的交易的证明。


1.Introduction 
Commerce on the Internet has come to rely almost exclusively on financial institutions serving as 
trusted third parties to process electronic payments. While the system works well enough for 
most transactions, it still suffers from the inherent weaknesses of the trust based model. 
Completely non-reversible transactions are not really possible, since financial institutions cannot 
avoid mediating disputes. The cost of mediation increases transaction costs, limiting the 
minimum practical transaction size and cutting off the possibility for small casual transactions, 
and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible 
services. With the possibility of reversal, the need for trust spreads. Merchants must 
be wary of their customers, hassling them for more information than they would otherwise need. 
A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties 
can be avoided in person by using physical currency, but no mechanism exists to make payments 
over a communications channel without a trusted party. 
What is needed is an electronic payment system based on cryptographic proof instead of trust, 
allowing any two willing parties to transact directly with each other without the need for a trusted 
third party. Transactions that are computationally impractical to reverse would protect sellers 
from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In 
this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed 
timestamp server to generate computational proof of the chronological order of transactions. The 
system is secure as long as honest nodes collectively control more CPU power than any 
cooperating group of attacker nodes.


1.简介

互联网上的贸易,几乎都需要借助金融机构作为可资信赖的第三方来处理电子支付信息。虽然这类系统在绝大多数情况下都运作良好,但是这类系统仍然内生性地受制于“基于信用的模式”(trust based model)的弱点。我们无法实现完全不可逆的交易,因为金融机构总是不可避免地会出面协调争端。而金融中介的存在,也会增加交易的成本,并且限制了实际可行的最小交易规模,也限制了日常的小额支付交易。并且潜在的损失还在于,很多商品和服务本身是无法退货的,如果缺乏不可逆的支付手段,互联网的贸易就大大受限。因为有潜在的退款的可能,就需要交易双方拥有信任。而商家也必须提防自己的客户,因此会向客户索取完全不必要的个人信息。而实际的商业行为中,一定比例的欺诈性客户也被认为是不可避免的,相关损失视作销售费用处理。而在使用物理现金的情况下,这些销售费用和支付问题上的不确定性却是可以避免的,因为此时没有第三方信用中介的存在。 
所以,我们非常需要这样一种电子支付系统,它基于密码学原理而不基于信用,使得任何达成一致的双方,能够直接进行支付,从而不需要第三方中介的参与。杜绝回滚(reverse)支付交易的可能,这就可以保护特定的卖家免于欺诈;而对于想要保护买家的人来说,在此环境下设立通常的第三方担保机制也可谓轻松加愉快。在这篇论文中,我们(we)将提出一种通过点对点分布式的时间戳服务器来生成依照时间前后排列并加以记录的电子交易证明,从而解决双重支付问题。只要诚实的节点所控制的计算能力的总和,大于有合作关系的(cooperating)攻击者的计算能力的总和,该系统就是安全的。


2.Transactions 
We define an electronic coin as a chain of digital signatures. Each owner transfers the coin to the 
next by digitally signing a hash of the previous transaction and the public key of the next owner 
and adding these to the end of the coin. A payee can verify the signatures to verify the chain of 
ownership. 
屏幕快照 2018-07-04 上午9.03.06.png-62.6kB
The problem of course is the payee can't verify that one of the owners did not double-spend 
the coin. A common solution is to introduce a trusted central authority, or mint, that checks every 
transaction for double spending. After each transaction, the coin must be returned to the mint to 
issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent. 
The problem with this solution is that the fate of the entire money system depends on the 
company running the mint, with every transaction having to go through them, just like a bank. 
We need a way for the payee to know that the previous owners did not sign any earlier 
transactions. For our purposes, the earliest transaction is the one that counts, so we don't care 
about later attempts to double-spend. The only way to confirm the absence of a transaction is to 
be aware of all transactions. In the mint based model, the mint was aware of all transactions and 
decided which arrived first. To accomplish this without a trusted party, transactions must be 
publicly announced 1, and we need a system for participants to agree on a single history of the 
order in which they were received. The payee needs proof that at the time of each transaction, the 
majority of nodes agreed it was the first received.


2.交易(Transactions)

我们定义,一枚电子货币(an electronic coin)是这样的一串数字签名:每一位所有者通过对前一次交易和下一位拥有者的公钥(Public key) 签署一个随机散列的数字签名,并将这个签名附加在这枚电子货币的末尾,电子货币就发送给了下一位所有者。而收款人通过对签名进行检验,就能够验证该链条的所有者。 
屏幕快照 2018-07-04 上午9.03.30.png-126.8kB
该过程的问题在于,收款人将难以检验,之前的某位所有者,是否对这枚电子货币进行了双重支付。通常的解决方案,就是引入信得过的第三方权威,或者类似于造币厂(mint)的机构,来对每一笔交易进行检验,以防止双重支付。在每一笔交易结束后,这枚电子货币就要被造币厂回收,而造币厂将发行一枚新的电子货币;而只有造币厂直接发行的电子货币,才算作有效,这样就能够防止双重支付。可是该解决方案的问题在于,整个货币系统的命运完全依赖于运作造币厂的公司,因为每一笔交易都要经过该造币厂的确认,而该造币厂就好比是一家银行。 
我们需要收款人有某种方法,能够确保之前的所有者没有对更早发生的交易实施签名。从逻辑上看,为了达到目的,实际上我们需要关注的只是于本交易之前发生的交易,而不需要关注这笔交易发生之后是否会有双重支付的尝试。为了确保某一次交易是不存在的,那么唯一的方法就是获悉之前发生过的所有交易。在造币厂模型里面,造币厂获悉所有的交易,并且决定了交易完成的先后顺序。如果想要在电子系统中排除第三方中介机构,那么交易信息就应当被公开宣布(publicly announced)1 ,我们需要整个系统内的所有参与者,都有唯一公认的历史交易序列。收款人需要确保在交易期间绝大多数的节点都认同该交易是首次出现。


3.Timestamp Server 
The solution we propose begins with a timestamp server. A timestamp server works by taking a 
hash of a block of items to be timestamped and widely publishing the hash, such as in a 
newspaper or Usenet post [2-5]. The timestamp proves that the data must have existed at the 
time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in 
its hash, forming a chain, with each additional timestamp reinforcing the ones before it. 
屏幕快照 2018-07-04 上午9.04.46.png-24kB


时间戳服务器(Timestamp server)

本解决方案首先提出一个“时间戳服务器”。时间戳服务器通过对以区块(block)形式存在的一组数据实施随机散列而加上时间戳,并将该随机散列进行广播,就像在新闻或世界性新闻组网络(Usenet)的发帖一样24 。显然,该时间戳能够证实特定数据必然于某特定时间是的确存在的,因为只有在该时刻存在了才能获取相应的随机散列值。每个时间戳应当将前一个时间戳纳入其随机散列值中,每一个随后的时间戳都对之前的一个时间戳进行增强(reinforcing),这样就形成了一个链条(Chain)。 
屏幕快照 2018-07-04 上午9.14.08.png-46.6kB


4.Proof-of-Work 
To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proofof- 
work system similar to Adam Back's Hashcash 6, rather than newspaper or Usenet posts. 
The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the 
hash begins with a number of zero bits. The average work required is exponential in the number 
of zero bits required and can be verified by executing a single hash. 
For our timestamp network, we implement the proof-of-work by incrementing a nonce in the 
block until a value is found that gives the block's hash the required zero bits. Once the CPU 
effort has been expended to make it satisfy the proof-of-work, the block cannot be changed 
without redoing the work. As later blocks are chained after it, the work to change the block 
would include redoing all the blocks after it. 
屏幕快照 2018-07-04 上午9.15.15.png-25.4kB
The proof-of-work also solves the problem of determining representation in majority decision 
making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone 
able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority 
decision is represented by the longest chain, which has the greatest proof-of-work effort invested 
in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the 
fastest and outpace any competing chains. To modify a past block, an attacker would have to 
redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the 
work of the honest nodes. We will show later that the probability of a slower attacker catching up 
diminishes exponentially as subsequent blocks are added. 
To compensate for increasing hardware speed and varying interest in running nodes over time, 
the proof-of-work difficulty is determined by a moving average targeting an average number of 
blocks per hour. If they're generated too fast, the difficulty increases.


4.工作量证明(Proof-of-Work)

为了在点对点的基础上构建一组分散化的时间戳服务器,仅仅像报纸或世界性新闻网络组一样工作是不够的,我们还需要一个类似于亚当•柏克(Adam Back)提出的哈希现金(Hashcash)6 。在进行随机散列运算时,工作量证明机制引入了对某一个特定值的扫描工作,比方说SHA-256下,随机散列值以一个或多个0开始。那么随着0的数目的上升, 找到这个解所需要的工作量将呈指数增长,而对结果进行检验则仅需要一次随机散列运算。

我们在区块中补增一个随机数(Nonce),这个随机数要使得该给定区块的随机散列值出现了所需的那么多个0。我们通过反复尝试来找到这个随机数,直到找到为止,这样我们就构建了一个工作量证明机制。只要该CPU耗费的工作量能够满足该工作量证明机制,那么除非重新完成相当的工作量,该区块的信息就不可更改。由于之后的区块是链接在该区块之后的,所以想要更改该区块中的信息,就还需要重新完成之后所有区块的全部工作量。 
屏幕快照 2018-07-04 上午9.16.13.png-50.4kB
同时,该工作量证明机制还解决了在集体投票表决时,谁是大多数的问题。如果决定大多数的方式是基于IP地址的,一IP地址一票,那么如果有人拥有分配大量IP地址的权力,则该机制就被破坏了。而工作量证明机制的本质则是一CPU一票。“大多数”的决定表达为最长的链,因为最长的链包含了最大的工作量。如果大多数的CPU为诚实的节点控制,那么诚实的链条将以最快的速度延长,并超越其他的竞争链条。如果想要对业已出现的区块进行修改,攻击者必须重新完成该区块的工作量外加该区块之后所有区块的工作量,并最终赶上和超越诚实节点的工作量。我们将在后文证明,设想一个较慢的攻击者试图赶上随后的区块,那么其成功概率将呈指数化递减。 
另一个问题是,硬件的运算速度在高速增长,而节点参与网络的程度则会有所起伏。为了解决这个问题,工作量证明的难度(the proof-of-work difficulty)将采用移动平均目标的方法来确定,即令难度指向令每小时生成区块的速度为某一个预定的平均数。如果区块生成的速度过快,那么难度就会提高。


5.Network 
The steps to run the network are as follows: 
1) New transactions are broadcast to all nodes. 
2) Each node collects new transactions into a block. 
3) Each node works on finding a difficult proof-of-work for its block. 
4) When a node finds a proof-of-work, it broadcasts the block to all nodes. 
5) Nodes accept the block only if all transactions in it are valid and not already spent. 
6) Nodes express their acceptance of the block by working on creating the next block in the 
chain, using the hash of the accepted block as the previous hash. 
Nodes always consider the longest chain to be the correct one and will keep working on 
extending it. If two nodes broadcast different versions of the next block simultaneously, some 
nodes may receive one or the other first. In that case, they work on the first one they received, 
but save the other branch in case it becomes longer. The tie will be broken when the next proofof- 
work is found and one branch becomes longer; the nodes that were working on the other 
branch will then switch to the longer one. 
New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach 
many nodes, they will get into a block before long. Block broadcasts are also tolerant of dropped 
messages. If a node does not receive a block, it will request it when it receives the next block and 
realizes it missed one.


5.网络

运行该网络的步骤如下: 
1) 新的交易向全网进行广播; 
2) 每一个节点都将收到的交易信息纳入一个区块中; 
3) 每个节点都尝试在自己的区块中找到一个具有足够难度的工作量证明; 
4) 当一个节点找到了一个工作量证明,它就向全网进行广播; 
5) 当且仅当包含在该区块中的所有交易都是有效的且之前未存在过的,其他节点才认同该区块的有效性; 
6) 其他节点表示他们接受该区块,而表示接受的方法,则是在跟随该区块的末尾,制造新的区块以延长该链条,而将被接受区块的随机散列值视为先于新区快的随机散列值。 
节点始终都将最长的链条视为正确的链条,并持续工作和延长它。如果有两个节点同时广播不同版本的新区块,那么其他节点在接收到该区块的时间上将存在先后差别。当此情形,他们将在率先收到的区块基础上进行工作,但也会保留另外一个链条,以防后者变成最长的链条。该僵局(tie)的打破要等到下一个工作量证明被发现,而其中的一条链条被证实为是较长的一条,那么在另一条分支链条上工作的节点将转换阵营,开始在较长的链条上工作。 
所谓“新的交易要广播”,实际上不需要抵达全部的节点。只要交易信息能够抵达足够多的节点,那么他们将很快被整合进一个区块中。而区块的广播对被丢弃的信息是具有容错能力的。如果一个节点没有收到某特定区块,那么该节点将会发现自己缺失了某个区块,也就可以提出自己下载该区块的请求。


6.Incentive 
By convention, the first transaction in a block is a special transaction that starts a new coin owned 
by the creator of the block. This adds an incentive for nodes to support the network, and provides 
a way to initially distribute coins into circulation, since there is no central authority to issue them. 
The steady addition of a constant of amount of new coins is analogous to gold miners expending 
resources to add gold to circulation. In our case, it is CPU time and electricity that is expended. 
The incentive can also be funded with transaction fees. If the output value of a transaction is 
less than its input value, the difference is a transaction fee that is added to the incentive value of 
the block containing the transaction. Once a predetermined number of coins have entered 
circulation, the incentive can transition entirely to transaction fees and be completely inflation 
free.The incentive may help encourage nodes to stay honest. If a greedy attacker is able to 
assemble more CPU power than all the honest nodes, he would have to choose between using it 
to defraud people by stealing back his payments, or using it to generate new coins. He ought to 
find it more profitable to play by the rules, such rules that favour him with more new coins than 
everyone else combined, than to undermine the system and the validity of his own wealth.


6.激励

我们约定如此:每个区块的第一笔交易进行特殊化处理,该交易产生一枚由该区块创造者拥有的新的电子货币。这样就增加了节点支持该网络的激励,并在没有中央集权机构发行货币的情况下,提供了一种将电子货币分配到流通领域的一种方法。这种将一定数量新货币持续增添到货币系统中的方法,非常类似于耗费资源去挖掘金矿并将黄金注入到流通领域。此时,CPU的时间和电力消耗就是消耗的资源。 
另外一个激励的来源则是交易费(transaction fees)。如果某笔交易的输出值小于输入值,那么差额就是交易费,该交易费将被增加到该区块的激励中。只要既定数量的电子货币已经进入流通,那么激励机制就可以逐渐转换为完全依靠交易费,那么本货币系统就能够免于通货膨胀。 
激励系统也有助于鼓励节点保持诚实。如果有一个贪婪的攻击者能够调集比所有诚实节点加起来还要多的CPU计算力,那么他就面临一个选择:要么将其用于诚实工作产生新的电子货币,或者将其用于进行二次支付攻击。那么他就会发现,按照规则行事、诚实工作是更有利可图的。因为该等规则使得他能够拥有更多的电子货币,而不是破坏这个系统使得其自身财富的有效性受损。


7.Reclaiming Disk Space 
Once the latest transaction in a coin is buried under enough blocks, the spent transactions before 
it can be discarded to save disk space. To facilitate this without breaking the block's hash, 
transactions are hashed in a Merkle Tree 75, with only the root included in the block's hash. 
Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do 
not need to be stored. 
屏幕快照 2018-07-04 上午9.21.43.png-90.8kB
A block header with no transactions would be about 80 bytes. If we suppose blocks are 
generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems 
typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 
1.2GB per year, storage should not be a problem even if the block headers must be kept in 
memory.


7.回收硬盘空间

如果最近的交易已经被纳入了足够多的区块之中,那么就可以丢弃该交易之前的数据,以回收硬盘空间。为了同时确保不损害区块的随机散列值,交易信息被随机散列时,被构建成一种Merkle树(Merkle tree)7 的形态,使得只有根(root)被纳入了区块的随机散列值。通过将该树(tree)的分支拔除(stubbing)的方法,老区块就能被压缩。而内部的随机散列值是不必保存的。 
屏幕快照 2018-07-04 上午9.22.23.png-200.6kB
不含交易信息的区块头(Block header)大小仅有80字节。如果我们设定区块生成的速率为每10分钟一个,那么每一年产生的数据位4.2MB。(80 bytes * 6 * 24 * 365 = 4.2MB)。2008年,PC系统通常的内存容量为2GB,按照摩尔定律的预言,即使将全部的区块头存储于内存之中都不是问题。



鲜花

握手

雷人

路过

鸡蛋

说点什么...

已有0条评论

最新评论...

本文作者
2018-7-4 12:15
  • 0
    粉丝
  • 173
    阅读
  • 0
    回复
作者其他文章

关注迪恩网络

扫描关注,了解最新资讯

联系人:高经理
电话:15562103797
EMAIL:125422921@qq.com
地址:威海市创新创业大厦2702
相关分类
热门评论
排行榜
  • 大致在网络上整理了区块链常见问答题,有需要可以参考学习下。
    1900
  • 作者:托斯卡纳的蓝 原文简书链接:https://www.jianshu.com/p/86be19b083e3首先说结论:信任是人类面对无
    1650
  • 区块链入门到崩溃把区块链学习入门做一个整理,逐步添加完善,有原创内容,也有网络转载整理分享。暂时取名
    2660
  • 版本:v-1.0日期:2018-07-04整理:金明杰把区块链学习入门做一个整理,逐步添加完善,有原创内容,也有网
    1810
  • 前言大致整理汇总区块链入门学习相关资料,虽然题目是“入门到崩溃”,希望还是能学到想要学的内容。入门区
    1730
  • ◆行业应用 1、上海银行开立区块链信用证。上海银行与建设银行签署区块链合作协议,并开立基于区块链的国内
    1660
  • 近三年各地区块链政策汇编 据不完全统计,当前全国已有十八个省(市/自治区)出台了鼓励区块链发展的政策。
    1880
  • 1、三菱日联金融集团计划于本月中旬进行Ripple跨境汇款试验。三菱日联金融集团宣布将联合三菱商事及英、泰
    1780
  • 1.百度原创图片服务平台“图腾”上线。平台推出全流程版权保护、多渠道内容分发、技术赋能生态等功能。试图
    2880
  • 最新资讯 1.联想发布首款区块链手机S5。20日下午,联想在京召开发布会,推出三款新机S5、K5及K5青春版。其
    1390
  • 版本:v-1.0日期:2018-07-04整理:金明杰把区块链学习入门做一个整理,逐步添加完善
    1810
  • 1.百度原创图片服务平台“图腾”上线。平台推出全流程版权保护、多渠道内容分发、技术
    2880
  • PBFT算法算法概要拜占庭问题衍生而来的PBFT算法,算法提出一个主要解决拜占庭容错的状
    2230
  • 区块链入门到崩溃把区块链学习入门做一个整理,逐步添加完善,有原创内容,也有网络转
    2660
  • 1、三菱日联金融集团计划于本月中旬进行Ripple跨境汇款试验。三菱日联金融集团宣布将
    1780
  • 磨链 (mochain): 区块链技术非盈利组织“磨链”---取磨炼之意,旨在普及区块链技术
    2680
  • 作者:托斯卡纳的蓝 原文简书链接:https://www.jianshu.com/p/86be19b083e3首先说结
    1650
  • 近三年各地区块链政策汇编 据不完全统计,当前全国已有十八个省(市/自治区)出台了鼓
    1890
  • bitcoin交易简介bitcoin交易是bitcoin系统中最重要的部分,中本聪巧妙的设计了UTXO这
    1900
  • 大致在网络上整理了区块链常见问答题,有需要可以参考学习下。
    1900
Copyright   ©2017-2018   磨链技术社区 - 专注区块链技术交流