原文作者:中本聪(Satoshi Nakamoto)

资讯 2024-07-12 阅读:41 评论:0
1.      每个节点天生就是平等的,they are born equal.2.      比特币的设计初衷是去中心的,或者说每个节点都是中心。     &...
美化布局示例

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   全球官网 大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址

1.      每个节点天生就是平等的,they are born equal.

2.      比特币的设计初衷是去中心的,或者说每个节点都是中心。      

     但是比特币已呈现一些中心化形式,即拥有超大计算能力的用户

    才能挖到矿。


3.      没有中心,谁愿意来传播和验证比特币数据?

    做这些工作的节点,可得到比特币作为报酬

 至于比特币挖完以后的维护报酬,也许可以靠交易手续费解决。

4.      比特币的交易记录很难篡改,因为比特币中心分布在世界各地,

 改动交易记录需要得到多数比特币节点的认可,

  目前没有人或者机构有这种能力。  

     不能篡改,就意味着在比特币社区的信用是可靠的。


5.      比特币不能象各国货币一样滥发,只有2100万枚。  

6.      比特币的创始人不能给自己造比特币。产生比特币的算法是开源的,

    创始人目前已经无力单独控制这个算法和比特币的产生。

7.      Code is law(代码即比特币社区的法律),世俗的法律无法定义

    比特合法或者非法。

8.      比特币是无形的数字资产,隐藏后没有办法拆除或者没收。

9.      比特币没有固定的价格。

10.    比特币的维护成本不一定比有中心的货币的维护成本低,

    因为需要全球大量的计算节点和存储节点来维护。

11.    比特币对任何货币可以自由兑换,所以天然是国际汇款和洗钱的工具。

12. 比特币作为去中心数字化货币的先行者,有不完善的的地方,

    比如找到新的比特币要浪费大量机器的计算能力。

13.   和黄金一样,比特币无法滥印,可以自由兑换成任何货币。

   自由发掘,自由保存,不记名。诞生以来呈震荡升值趋势。

14. 和黄金具有显著的独特性不同,比特币有莱特币等上千种数字化货币

        作为替代物,所以比特币的价值不如黄金稳定。

15.   黄金很难流通,比特币不同,鼠标一点,就可以流通。

16   各国银行和政府对比特币有不同形式的管理,但最只能在本国领土限制

   币交易。

17.  比特币不大可能进入流通领域.如果它看涨,人们会藏在手里.如果它看跌,

        人们会放弃它.无论哪种情况,都导致它不能广泛流通.


18. 比特币交易只需要密钥,交易者可以匿名,但是交易记录全公开可追溯的,

         而传统银行里交易记录是秘密的。


19.   比特币区块链并非绝对无人管控。

   如果某个组织以巨大的算力篡改了比特币账本,

  比特币的管理团队,其实就是几个程序员,有技术能力把区块链回滚

  到篡改前的正确状态。

这个管理团队成员,既然身处美国,就受美国法律管辖。



20.  比特币在人文思想上的意义,大于其在金融和技术上的意义,

     实用中无普及的价值。








【1】    中本聪(英语:Satoshi Nakamoto)是比特币协议及其相关软件

Bitcoin-Qt的创造者。

他于2008年发表了一篇名为Bitcoin: A Peer-to-Peer Electronic Cash System)

的论文,描述了一种称为“比特币”的电子货币及其算法。

2009年,他发布了首个比特币软件,并启动了比特币金融系统。

2010年,他逐渐淡出并将项目移交给比特币社区的其他成员。


http://www.8btc.com/wiki/bitcoin-a-peer-to-peer-electronic-cash-system  

一种点对点的电子现金系统                        


[摘要]:本文提出了一种完全通过点对点技术实现的电子现金系统,它使得在线支付能够直接由一方发起并支付给另外一方,中间不需要通过任何的金融机构。虽然数字签名(Digital signatures)部分解决了这个问题,但是如果仍然需要第三方的支持才能防止双重支付(double-spending)的话,那么这种系统也就失去了存在的价值。我们(we)在此提出一种解决方案,使现金系统在点对点的环境下运行,并防止双重支付问题。该网络通过随机散列(hashing)对全部交易加上时间戳(timestamps),将它们合并入一个不断延伸的基于随机散列的工作量证明(proof-of-work)的链条作为交易记录,除非重新完成全部的工作量证明,形成的交易记录将不可更改。最长的链条不仅将作为被观察到的事件序列(sequence)的证明,而且被看做是来自CPU计算能力最大的池(pool)。只要大多数的CPU计算能力都没有打算合作起来对全网进行攻击,那么诚实的节点将会生成最长的、超过攻击者的链条。这个系统本身需要的基础设施非常少。信息尽最大努力在全网传播即可,节点(nodes)可以随时离开和重新加入网络,并将最长的工作量证明链条作为在该节点离线期间发生的交易的证明。

[Summary]: We present here an electronic cash system that is fully implemented through point-to-point technology, which enables online payments to be initiated and paid directly by one side without the need for any financial institution. While digital signatures (Digital signatures) partially address this problem, if third-party support is still needed to prevent double-payment, the system loses its value. We propose a solution here that allows cash systems to operate in a point-to-point environment and to prevent double-payment problems. The network combines all transactions with time stamping (timestamps) through random hashing, and combines them into an extended, randomly dispersed workload certificate (proof-of-work) chain as a record of transactions, unless the full workload is completed, the transaction record will not be altered. The longest chain will not only serve as evidence of an observed sequence of events (segence), but will also be seen as proof of the greatest computing capacity from the CPU.

互联网上的贸易,几乎都需要借助金融机构作为可资信赖的第三方来处理电子支付信息。虽然这类系统在绝大多数情况下都运作良好,但是这类系统仍然内生性地受制于“基于信用的模式”(trust based model)的弱点。我们无法实现完全不可逆的交易,因为金融机构总是不可避免地会出面协调争端。而金融中介的存在,也会增加交易的成本,并且限制了实际可行的最小交易规模,也限制了日常的小额支付交易。并且潜在的损失还在于,很多商品和服务本身是无法退货的,如果缺乏不可逆的支付手段,互联网的贸易就大大受限。因为有潜在的退款的可能,就需要交易双方拥有信任。而商家也必须提防自己的客户,因此会向客户索取完全不必要的个人信息。而实际的商业行为中,一定比例的欺诈性客户也被认为是不可避免的,相关损失视作销售费用处理。而在使用物理现金的情况下,这些销售费用和支付问题上的不确定性却是可以避免的,因为此时没有第三方信用中介的存在。
所以,我们非常需要这样一种电子支付系统,它基于密码学原理而不基于信用,使得任何达成一致的双方,能够直接进行支付,从而不需要第三方中介的参与。杜绝回滚(reverse)支付交易的可能,这就可以保护特定的卖家免于欺诈;而对于想要保护买家的人来说,在此环境下设立通常的第三方担保机制也可谓轻松加愉快。在这篇论文中,我们(we)将提出一种通过点对点分布式的时间戳服务器来生成依照时间前后排列并加以记录的电子交易证明,从而解决双重支付问题。只要诚实的节点所控制的计算能力的总和,大于有合作关系的(cooperating)攻击者的计算能力的总和,该系统就是安全的。

Trade on the Internet will almost always require financial institutions to handle electronic payment information as trusted third parties. And the potential loss is that many goods and services are inherently unrecoverable, and trade in the Internet will be severely constrained if there is no irreversible means of payment. Because potential refunds are likely to require trust on both sides of the transaction, merchants will have to protect their customers from unnecessary personal information, as financial institutions will inevitably coordinate disputes.

我们定义,一枚电子货币(an electronic coin)是这样的一串数字签名:每一位所有者通过对前一次交易和下一位拥有者的公钥(Public key) 签署一个随机散列的数字签名,并将这个签名附加在这枚电子货币的末尾,电子货币就发送给了下一位所有者。而收款人通过对签名进行检验,就能够验证该链条的所有者。

We define an electronic coin as a series of digital signatures: each owner can verify the owner of the chain by signing a random hash signature against the previous transaction and the next owner’s public key (Public key) and attaching the signature to the end of the electronic currency.

该过程的问题在于,收款人将难以检验,之前的某位所有者,是否对这枚电子货币进行了双重支付。通常的解决方案,就是引入信得过的第三方权威,或者类似于造币厂(mint)的机构,来对每一笔交易进行检验,以防止双重支付。在每一笔交易结束后,这枚电子货币就要被造币厂回收,而造币厂将发行一枚新的电子货币;而只有造币厂直接发行的电子货币,才算作有效,这样就能够防止双重支付。可是该解决方案的问题在于,整个货币系统的命运完全依赖于运作造币厂的公司,因为每一笔交易都要经过该造币厂的确认,而该造币厂就好比是一家银行。
我们需要收款人有某种方法,能够确保之前的所有者没有对更早发生的交易实施签名。从逻辑上看,为了达到目的,实际上我们需要关注的只是于本交易之前发生的交易,而不需要关注这笔交易发生之后是否会有双重支付的尝试。为了确保某一次交易是不存在的,那么唯一的方法就是获悉之前发生过的所有交易。在造币厂模型里面,造币厂获悉所有的交易,并且决定了交易完成的先后顺序。如果想要在电子系统中排除第三方中介机构,那么交易信息就应当被公开宣布(publicly announced)[1] ,我们需要整个系统内的所有参与者,都有唯一公认的历史交易序列。收款人需要确保在交易期间绝大多数的节点都认同该交易是首次出现。

The problem with the process is that it will be difficult for the payee to check whether or not the electronic currency was paid twice by a previous owner. But the solution is to introduce a trusted third-party authority, or an institution similar to a money-making plant, to check every transaction to prevent double payment. At the end of each transaction, the electronic currency will be recovered by the money-making plant, and the money-making plant will issue a new electronic currency; in order to do so, it will be possible to prevent double payment. But the problem is that the entire money-making system will depend entirely on the company that operates the money-making plant, since each transaction will be confirmed by the money-making plant, and the only way to ensure that the transaction is not
= all of the pre-existing transactions = all of the tweaks – > /twets > < > /twet > /t > /t /twet /t /t /t /t /t / /t /t /t /t /t /t /t / / /t /t /t /t /t /t / / / / / /t /t / /t /t /t /t /t / /t /t /t /t /t /t /t /t /t /t / / /t /t /t /t / / /t / / /t / / / /t / / / / / / /t / / / / / / / / / / / / / / / / / / / / / /t / / / / / /t / / / / / /

本解决方案首先提出一个“时间戳服务器”。时间戳服务器通过对以区块(block)形式存在的一组数据实施随机散列而加上时间戳,并将该随机散列进行广播,就像在新闻或世界性新闻组网络(Usenet)的发帖一样[2][3][4][5] 。显然,该时间戳能够证实特定数据必然于某特定时间是的确存在的,因为只有在该时刻存在了才能获取相应的随机散列值。每个时间戳应当将前一个时间戳纳入其随机散列值中,每一个随后的时间戳都对之前的一个时间戳进行增强(reinforcing),这样就形成了一个链条(Chain)。

This solution begins with a "time stamp server". The time stamp server carries a time stamp through a random hash on a set of data that exists in block (block) form, and broadcasts the random hash as it was posted in news or worldwide newsgroup (Usenet)

2

为了在点对点的基础上构建一组分散化的时间戳服务器,仅仅像报纸或世界性新闻网络组一样工作是不够的,我们还需要一个类似于亚当•柏克(Adam Back)提出的哈希现金(Hashcash)[6] 。在进行随机散列运算时,工作量证明机制引入了对某一个特定值的扫描工作,比方说SHA-256下,随机散列值以一个或多个0开始。那么随着0的数目的上升, 找到这个解所需要的工作量将呈指数增长,而对结果进行检验则仅需要一次随机散列运算。

In order to construct a decentralized time stamp server on a point-to-point basis, it is not enough to work just like a newspaper or a worldwide news network, and we need one similar to Adam & #8226; the Hashcash [6] /sup> proposed by Burke. The workload proves that the mechanism has been introduced to scan a given value, for example, at SHA-256, to start with one or more zeros. Then, as the number of zeros rises, the amount of work required to find the solution will increase exponentially, and the results will need only one random spread calculation.

我们在区块中补增一个随机数(Nonce),这个随机数要使得该给定区块的随机散列值出现了所需的那么多个0。我们通过反复尝试来找到这个随机数,直到找到为止,这样我们就构建了一个工作量证明机制。只要该CPU耗费的工作量能够满足该工作量证明机制,那么除非重新完成相当的工作量,该区块的信息就不可更改。由于之后的区块是链接在该区块之后的,所以想要更改该区块中的信息,就还需要重新完成之后所有区块的全部工作量。

We add a random number (Nonce) to the block, which makes the random hash value of the given block so many zeros are needed. We try to find this random number repeatedly, until we find it, so that we build a workload proof mechanism. As long as the CPU is able to meet the workload certification mechanism, the information on the block cannot be changed unless it is recommenced. Since the following block is linked to the block, the entire workload of all blocks will need to be re-completed.

3

同时,该工作量证明机制还解决了在集体投票表决时,谁是大多数的问题。如果决定大多数的方式是基于IP地址的,一IP地址一票,那么如果有人拥有分配大量IP地址的权力,则该机制就被破坏了。而工作量证明机制的本质则是一CPU一票。“大多数”的决定表达为最长的链,因为最长的链包含了最大的工作量。如果大多数的CPU为诚实的节点控制,那么诚实的链条将以最快的速度延长,并超越其他的竞争链条。如果想要对业已出现的区块进行修改,攻击者必须重新完成该区块的工作量外加该区块之后所有区块的工作量,并最终赶上和超越诚实节点的工作量。我们将在后文证明,设想一个较慢的攻击者试图赶上随后的区块,那么其成功概率将呈指数化递减。
另一个问题是,硬件的运算速度在高速增长,而节点参与网络的程度则会有所起伏。为了解决这个问题,工作量证明的难度(the proof-of-work difficulty)将采用移动平均目标的方法来确定,即令难度指向令每小时生成区块的速度为某一个预定的平均数。如果区块生成的速度过快,那么难度就会提高。

At the same time, the workload confirms that the mechanism solves most of the problems in collective voting. If most of the decisions are based on IP addresses, one IP addresses, one vote, the mechanism is destroyed if one has the power to allocate a large number of IP addresses. The workload proves that the mechanism is by its very nature a CPU. The “most” decision is expressed as the longest chain, because the longest chain contains the largest amount of work. If most CPUs are controlled by honest nodes, the honest chain will be extended as quickly as possible, beyond the other competitive lines. If there is a change in the already existing block, the aggressor will have to re-work the block and add to it a large number of IP addresses.

运行该网络的步骤如下:

The following steps have been taken to run the network:

节点始终都将最长的链条视为正确的链条,并持续工作和延长它。如果有两个节点同时广播不同版本的新区块,那么其他节点在接收到该区块的时间上将存在先后差别。当此情形,他们将在率先收到的区块基础上进行工作,但也会保留另外一个链条,以防后者变成最长的链条。该僵局(tie)的打破要等到下一个工作量证明被发现,而其中的一条链条被证实为是较长的一条,那么在另一条分支链条上工作的节点将转换阵营,开始在较长的链条上工作。
所谓“新的交易要广播”,实际上不需要抵达全部的节点。只要交易信息能够抵达足够多的节点,那么他们将很快被整合进一个区块中。而区块的广播对被丢弃的信息是具有容错能力的。如果一个节点没有收到某特定区块,那么该节点将会发现自己缺失了某个区块,也就可以提出自己下载该区块的请求。

If two nodes broadcast different versions of the new block simultaneously, the other nodes will differ in the time they receive the block. When this happens, they will work on the basis of the first blocks they receive, but they will also retain another chain in case the latter becomes the longest chain. The break of the impasse (tie) will wait until the next workload proves to be detected, and one of the chains is proved to be a longer one. If one node is not received, the node will change the camp and start working on the long chain.
The so-called “new deal is to be broadcast” does not actually need to reach the full node. As long as the transaction information reaches a sufficient number of nodes, they will soon be integrated into one block. The broadcasting of the node will be faulty for the information that has been discarded. If a no particular section of the node is available, the node will find itself missing a particular section, it may also request to download it.

我们约定如此:每个区块的第一笔交易进行特殊化处理,该交易产生一枚由该区块创造者拥有的新的电子货币。这样就增加了节点支持该网络的激励,并在没有中央集权机构发行货币的情况下,提供了一种将电子货币分配到流通领域的一种方法。这种将一定数量新货币持续增添到货币系统中的方法,非常类似于耗费资源去挖掘金矿并将黄金注入到流通领域。此时,CPU的时间和电力消耗就是消耗的资源。
另外一个激励的来源则是交易费(transaction fees)。如果某笔交易的输出值小于输入值,那么差额就是交易费,该交易费将被增加到该区块的激励中。只要既定数量的电子货币已经进入流通,那么激励机制就可以逐渐转换为完全依靠交易费,那么本货币系统就能够免于通货膨胀。
激励系统也有助于鼓励节点保持诚实。如果有一个贪婪的攻击者能够调集比所有诚实节点加起来还要多的CPU计算力,那么他就面临一个选择:要么将其用于诚实工作产生新的电子货币,或者将其用于进行二次支付攻击。那么他就会发现,按照规则行事、诚实工作是更有利可图的。因为该等规则使得他能够拥有更多的电子货币,而不是破坏这个系统使得其自身财富的有效性受损。

We agree that this is the case: the first transaction of each block is specialized and generates a new electronic currency owned by the creator of the block. This increases the incentive for node to support the network and, in the absence of a centralized institution issuing a currency, provides a way of allocating electronic money to the area of circulation. This way of continually adding a certain amount of new currency to the monetary system is much like spending resources to dig for gold ore and injecting gold into the area of circulation.
’s time and power consumption are the resources consumed.
’s incentive system also helps to encourage the node to remain honest. If a greedy attacker is able to mobilize more of the CPU’s than all honest points add up, the difference will be the trade fee, which will increase to the area’s incentive. As long as an established amount of e-money is in circulation, the incentive mechanism can gradually be converted to entirely dependent on the transaction fee, the monetary system will be immune from inflation.
The incentive system will also serve to encourage the node.

如果最近的交易已经被纳入了足够多的区块之中,那么就可以丢弃该交易之前的数据,以回收硬盘空间。为了同时确保不损害区块的随机散列值,交易信息被随机散列时,被构建成一种Merkle树(Merkle tree)[7] 的形态,使得只有根(root)被纳入了区块的随机散列值。通过将该树(tree)的分支拔除(stubbing)的方法,老区块就能被压缩。而内部的随机散列值是不必保存的。

If the most recent transactions have been incorporated into a sufficient number of blocks, then the pre-transaction data can be discarded in order to recover the hard disk space. To ensure that the random hash value of the blocks is not compromised, the transaction information is constructed into a random hash form of Merkle tree [7], so that only root is included in the random hash value of the block.

4

不含交易信息的区块头(Block header)大小仅有80字节。如果我们设定区块生成的速率为每10分钟一个,那么每一年产生的数据位4.2MB。(80 bytes * 6 * 24 * 365=4.2MB)。2008年,PC系统通常的内存容量为2GB,按照摩尔定律的预言,即使将全部的区块头存储于内存之中都不是问题。

Block header, which does not contain transactional information, is only 80 bytes. If we set the rate at which blocks are generated at one rate every 10 minutes, then the data generated in each year is 4.2MB. (80 bytes * 6 * 24 * 365 = 4.2MB.) In 2008, the usual memory capacity of the PC system was 2GB, and according to Moore's laws, it was not a problem even to store all blocks in memory.

在不运行完整网络节点的情况下,也能够对支付进行检验。一个用户需要保留最长的工作量证明链条的区块头的拷贝,它可以不断向网络发起询问,直到它确信自己拥有最长的链条,并能够通过merkle的分支通向它被加上时间戳并纳入区块的那次交易。节点想要自行检验该交易的有效性原本是不可能的,但通过追溯到链条的某个位置,它就能看到某个节点曾经接受过它,并且于其后追加的区块也进一步证明全网曾经接受了它。

Payment can also be tested in the absence of a complete network node. A user needs to keep a copy of the longest chain of workload proof, which can be asked continuously to the network until it is convinced that it has the longest chain and is able to move through the Merkele branch to the transaction where it was time-stamped and incorporated into the block. Node wants to check the validity of the transaction itself, but by going back to a point in the chain, it can see that a node has accepted it, and the additional blocks that have since proved that the whole network has accepted it.

5

当此情形,只要诚实的节点控制了网络,检验机制就是可靠的。但是,当全网被一个计算力占优的攻击者攻击时,将变得较为脆弱。因为网络节点能够自行确认交易的有效性,只要攻击者能够持续地保持计算力优势,简化的机制会被攻击者焊接的(fabricated)交易欺骗。那么一个可行的策略就是,只要他们发现了一个无效的区块,就立刻发出警报,收到警报的用户将立刻开始下载被警告有问题的区块或交易的完整信息,以便对信息的不一致进行判定。对于日常会发生大量收付的商业机构,可能仍会希望运行他们自己的完整节点,以保持较大的独立完全性和检验的快速性。

When an honest node controls the network, the test mechanism is reliable. But when the whole network is attacked by an attacker with a superior computing power, it becomes vulnerable. Because the network node is able to confirm the validity of the transaction itself, as long as the attackers maintain a continuing calculus advantage, the simplified mechanism will be deceived by the attacker’s welded transaction.

7

虽然可以单个单个地对电子货币进行处理,但是对于每一枚电子货币单独发起一次交易将是一种笨拙的办法。为了使得价值易于组合与分割,交易被设计为可以纳入多个输入和输出。一般而言是某次价值较大的前次交易构成的单一输入,或者由某几个价值较小的前次交易共同构成的并行输入,但是输出最多只有两个:一个用于支付,另一个用于找零(如有)。
需要指出的是,当一笔交易依赖于之前的多笔交易时,这些交易又各自依赖于多笔交易,但这并不存在任何问题。因为这个工作机制并不需要展开检验之前发生的所有交易历史。

While it is possible to deal with electronic currencies individually, it would be a clumsy way to initiate a single transaction for each electronic currency. In order to make the value easily combined and divided, the transaction is designed to incorporate multiple inputs and exports. Generally speaking, it is a single input consisting of a single transaction with a higher value, or a parallel input consisting of several previous transactions with a smaller value, but the output is at most two: one for payment and the other for zeroing (if any).
It should be noted that when a transaction is dependent on previous transactions, the transaction is dependent on multiple transactions, but there is no problem because the working mechanism does not need to test the history of all transactions that have occurred before.

6

传统的造币厂模型为交易的参与者提供了一定程度的隐私保护,因为试图向可信任的第三方索取交易信息是严格受限的。但是如果将交易信息向全网进行广播,就意味着这样的方法失效了。但是隐私依然可以得到保护:将公钥保持为匿名。公众得知的信息仅仅是有某个人将一定数量的货币发所给了另外一个人,但是难以将该交易同特定的人联系在一起,也就是说,公众难以确信,这些人究竟是谁。这同股票交易所发布的信息是类似的,股票交易发生的时间、交易量是记录在案且可供查询的,但是交易双方的身份信息却不予透露。
作为额外的预防措施,使用者可以让每次交易都生成一个新的地址,以确保这些交易不被追溯到一个共同的所有者。但是由于并行输入的存在,一定程度上的追溯还是不可避免的,因为并行输入表明这些货币都属于同一个所有者。此时的风险在于,如果某个人的某一个公钥被确认属于他,那么就可以追溯出此人的其它很多交易。

Traditional currency-making models provide a degree of privacy protection for participants in transactions, because attempts to obtain transactional information from trusted third parties are strictly limited. But if the transaction information is broadcast to the Internet, this means that it is ineffective. Privacy can still be protected: the public key is kept anonymous. Information that comes to the public is only someone who sends a certain amount of money to another person, but it is difficult to link the transaction to a particular person, that is to say, it is difficult for the public to be sure who they are. This is similar to the information published by the stock exchange, the time when the stock transaction takes place, the volume of the transaction is recorded and accessible, but the identity of the parties to the transaction is not disclosed.
As an additional preventive measure, users can allow each transaction to create a new address to ensure that the transaction is not traced to a common owner. But, because of the existence of parallel entry, it is somewhat unavoidable, since parallel entry indicates that the money belongs to the same owner.

设想如下场景:一个攻击者试图比诚实节点产生链条更快地制造替代性区块链。即便它达到了这一目的,但是整个系统也并非就此完全受制于攻击者的独断意志了,比方说凭空创造价值,或者掠夺本不属于攻击者的货币。这是因为节点将不会接受无效的交易,而诚实的节点永远不会接受一个包含了无效信息的区块。一个攻击者能做的,最多是更改他自己的交易信息,并试图拿回他刚刚付给别人的钱。
诚实链条和攻击者链条之间的竞赛,可以用二叉树随机漫步(Binomial Random Walk)来描述。成功事件定义为诚实链条延长了一个区块,使其领先性+1,而失败事件则是攻击者的链条被延长了一个区块,使得差距-1。
攻击者成功填补某一既定差距的可能性,可以近似地看做赌徒破产问题(Gambler’s Ruin problem)。假定一个赌徒拥有无限的透支信用,然后开始进行潜在次数为无穷的赌博,试图填补上自己的亏空。那么我们可以计算他填补上亏空的概率,也就是该攻击者赶上诚实链条,如下所示
[8]

Imagine the following scenario: an attacker tries to create an alternative block chain faster than an honest node, even if it does.
The contest between an honest chain and an attacker's chain can be described as a random walk of the two fork (Binomial Random Walk). Success is defined as an extension of an honest chain to a section with a leading character +1, while failure is the extension of an attacker's chain with an invalid message.
The attacker can at most change his own trading information and try to recover the money he has just paid others.
The contest between an honest chain and an attacker's chain can be described as a two-fork tree random walk (Binomial Random Walk).

pq

假定p>q,那么攻击成功的概率就因为区块数的增长而呈现指数化下降。由于概率是攻击者的敌人,如果他不能幸运且快速地获得成功,那么他获得成功的机会随着时间的流逝就变得愈发渺茫。那么我们考虑一个收款人需要等待多长时间,才能足够确信付款人已经难以更改交易了。我们假设付款人是一个支付攻击者,希望让收款人在一段时间内相信他已经付过款了,然后立即将支付的款项重新支付给自己。虽然收款人届时会发现这一点,但为时已晚。
收款人生成了新的一对密钥组合,然后只预留一个较短的时间将公钥发送给付款人。这将可以防止以下情况:付款人预先准备好一个区块链然后持续地对此区块进行运算,直到运气让他的区块链超越了诚实链条,方才立即执行支付。当此情形,只要交易一旦发出,攻击者就开始秘密地准备一条包含了该交易替代版本的平行链条。
然后收款人将等待交易出现在首个区块中,然后在等到z个区块链接其后。此时,他仍然不能确切知道攻击者已经进展了多少个区块,但是假设诚实区块将耗费平均预期时间以产生一个区块,那么攻击者的潜在进展就是一个泊松分布,分布的期望值为:

Assuming p>q, the probability of a successful attack falls exponentially because the number of blocks increases. Because the probability is the enemy of the attacker, if he is not lucky and quick to succeed, the chances of his success become slimier with the passage of time. Then we consider how long it takes a payee to wait long enough to be confident that the payee will be able to change the transaction. We assume that the payee is a payer who wants to make sure that he has paid over a period of time, and then immediately repays himself. When the payee finds this, it is too late.

image022

当此情形,为了计算攻击者追赶上的概率,我们将攻击者取得进展区块数量的泊松分布的概率密度,乘以在该数量下攻击者依然能够追赶上的概率。

When this is the case, in order to calculate the probability that the attacker will catch up, we multiply the probability of the number of blocks in which the attacker will make progress by the probability that the attacker will still be able to catch up with that number.

pq2

化为如下形式,避免对无限数列求和:

is converted into the following form, avoiding the summation of an unlimited number of rows:

pq3

写为如下C语言代码:

Written as the following C-language code:


对其进行运算,我们可以得到如下的概率结果,发现概率对z值呈指数下降。


calculates the following probabilistic results, which show an exponential decline in the probabilities for z values.

当q=0.1时
z=0 P=1.0000000
z=1 P=0.2045873
z=2 P=0.0509779
z=3 P=0.0131722
z=4 P=0.0034552
z=5 P=0.0009137
z=6 P=0.0002428
z=7 P=0.0000647
z=8 P=0.0000173
z=9 P=0.0000046
z=10 P=0.0000012


z=0 P=1.00000
z=1 P=0/2045873
z=2 P=0.0509779
z=3 P=0.0131722
z=4 P=0034552
z=5 P=0009137
z=6 P=00.0002428
z=7 P=00.000647
z=8 P=0.0000173
z=9 P=00000046
z=10P=00000112

当q=0.3时
z=0 P=1.0000000
z=5 P=0.1773523
z=10 P=0.0416605
z=15 P=0.0101008
z=20 P=0.0024804
z=25 P=0.0006132
z=30 P=0.0001522
z=35 P=0.0000379
z=40 P=0.0000095
z=45 P=0.0000024
z=50 P=0.0000006


z=0 P=1.000000
z=5 P=0.177352
z=10 P=0.0416605
z=15 P=0.0101008
z=20 P=00248004
z=25 P=0006132
z=30 P=0.000152
z=35 P=00.000379
z=40 P=0000095
z=45 P=0000024
z=50P=00000000606

求解令P<0.1%的z值:

P< 0.1% z:

为使P<0.001,则
q=0.10 z=5
q=0.15 z=8
q=0.20 z=11
q=0.25 z=15
q=0.30 z=24
q=0.35 z=41
q=0.40 z=89
q=0.45 z=340

For P< 0.001, then
q=0.10 z=5
q=0.15 z=8
q=0.20 z=11
q=0.25 z=15
q=0.30 z=24
q=0.35 z=41
q=0.40 z=89
q=0.45 z=340

我们在此提出了一种不需要信用中介的电子支付系统。我们首先讨论了通常的电子货币的电子签名原理,虽然这种系统为所有权提供了强有力的控制,但是不足以防止双重支付。为了解决这个问题,我们提出了一种采用工作量证明机制的点对点网络来记录交易的公开信息,只要诚实的节点能够控制绝大多数的CPU计算能力,就能使得攻击者事实上难以改变交易记录。该网络的强健之处在于它结构上的简洁性。节点之间的工作大部分是彼此独立的,只需要很少的协同。每个节点都不需要明确自己的身份,由于交易信息的流动路径并无任何要求,所以只需要尽其最大努力传播即可。节点可以随时离开网络,而想重新加入网络也非常容易,因为只需要补充接收离开期间的工作量证明链条即可。节点通过自己的CPU计算力进行投票,表决他们对有效区块的确认,他们不断延长有效的区块链来表达自己的确认,并拒绝在无效的区块之后延长区块以表示拒绝。本框架包含了一个P2P电子货币系统所需要的全部规则和激励措施。

Here we propose an electronic payment system that does not require credit intermediaries. We first discuss the principle of electronic signature of the usual electronic currency, which, while providing strong control over ownership, is not sufficient to prevent double payment. To solve this problem, we propose a point-to-point network that uses workload certification mechanisms to record public information about transactions, so that honest nodes can control the vast majority of CPU computing capacity, making it difficult for the attackers to actually change the transaction record. The strength of the network is that it is structurally simple.

注释    (↵ returns to text)

Comment & nbsp; & nbsp; & #8629; returns to text)

  1. W Dai(戴伟),a scheme for a group of untraceable digital pseudonyms to pay each other with money and to enforce contracts amongst themselves without outside help(一种能够借助电子假名在群体内部相互支付并迫使个体遵守规则且不需要外界协助的电子现金机制), “B-money”, http://www.weidai.com/bmoney.txt, 1998

    W Dai (Davi), a scheme for a group of untraceabledidictoms to pay each other with money and to enforcably consults amongst themselves without outside help (an electronic cash mechanism capable of paying each other within a group by means of an electronic pseudonym and forcing individuals to comply with the rules without outside assistance), “B-money”, http://www.weidai.com/bmoney.txt, 1998

    H. Massias, X.S. Avila, and J.-J. Quisquater, “Design of a secure timestamping service with minimal trust servers,” in 20th Symposium on Investment in the Benelux, May 1999.

  2. S. Haber, W.S. Stornetta, “How to time-stamp a digital document,” (怎样为电子文件添加时间戳)In Journal of Cryptology, vol 3, No.2, pages 99-111, 1991.

    S. Haber, W. S. Stonetta, “How to time-stamp a digital document,” In Journal of Crystal, vol 3, No. 2, pages 99-111, 1991.

  3. D. Bayer, S. Haber, W.S. Stornetta, “Improving the efficiency and reliability of digital time-stamping,”(提升电子时间戳的效率和可靠性) In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993.

    D. Bayer, S. Haber, W. Stonetta, “Improving the effectiveness and reliability of electronic time-stamping,” in Security II: Methods in Communication, Security and Community, Pages 329-334, 1993. #8629;

  4. S. Haber, W.S. Stornetta, “Secure names for bit-strings,”(比特字串的安全命名) In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997. on Computer and Communications Security, pages 28-35, April 1997.

    S. Haber, W. S. Stonetta, “Secure names for bit-strings,” in Process of the 4th AMC Conference on Computer and Communications Security, Page 28-35, April 1997. on Computer and Communications Security, Pages 28-35, Pages 28-35, April 1997.

  5. A. Back, “Hashcash – a denial of service counter-measure,”(哈希现金——拒绝服务式攻击的克制方法)http://www.hashcash.org/papers/hashcash.pdf, 2002.

    A. Back, “Hashcash — a cash of servicecouter-measure,” (Hashcash cash — a method of restraint to refuse service attacks) http://www.hashcash.org/papers/hashcash.pdf, 2002.

  6. R.C. Merkle, “Protocols for public key cryptosystems,” (公钥密码系统的协议)In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980.
    S. Haber, W.S. Stornetta, “Secure names for bit-strings,”(比特字串安全命名) In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997. on Computer and Communications Security, pages 28-35, April 1997.
    H. Massias, X.S. Avila, and J.-J. Quisquater, “Design of a secure timestamping service with minimal trust requirements,”(在最小化信任的条件下设计一种时间戳服务器) In 20th Symposium on Information Theory in the Benelux, May 1999.

    R.C. Merkle, “Protocols for public key cryptosystems,” In Proc. 1980 Symposium on Security and Private, IEE Computer Society, Pages 122-133, April 1980
    S. Haber, W.S. Stornetta, “Secure names for bit-strings,” In Products of the 4th ACM Network on Security, and “Computer and Company,” Porta & 7.

  7. W. Feller, “An introduction to probability theory and its applications,” (概率学理论与应用导论)1957

    W. Feller, “An introduction to probability theory and its applications”, (




   





https://wap.sciencenet.cn/blog-537101-1096380.html

上一篇:问题的创新与方法的创新
下一篇:中国高等教育的学历和能力倒挂现象
美化布局示例

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   全球官网 大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费!

APP下载   官网地址
文字格式和图片示例

注册有任何问题请添加 微信:MVIP619 拉你进入群

弹窗与图片大小一致 文章转载注明

分享:

扫一扫在手机阅读、分享本文

发表评论
平台列表
美化布局示例

欧易(OKX)

  全球官网 大陆官网

币安(Binance)

  官网

火币(HTX)

  官网

Gate.io

  官网

Bitget

  官网

deepcoin

  官网
热门文章
  • 区块链社区有哪些?区块链社区是什么?

    区块链社区有哪些?区块链社区是什么?
    展开全文...
  • 0.00006694个比特币等于多少人民币/美金

    0.00006694个比特币等于多少人民币/美金
    0.00006694比特币等于多少人民币?根据比特币对人民币的最新汇率,0.00006694比特币等于4.53424784美元/32.5436 16人民币。比特币(BTC)美元(USDT)人民币(CNY)0.000066944.53424784【比特币密码】32.82795436 16比特币对人民币的最新汇率为:490408.64 CNY(1比特币=490408.64人民币)(1美元=7.24人民币)(0.00006694USDT=0.0004846456 CNY)汇率更新时...
  • 0.00015693个比特币等于多少人民币/美金

    0.00015693个比特币等于多少人民币/美金
    0.000 15693比特币等于多少人民币?根据比特币对人民币的最新汇率,0.000 15693比特币等于10.6 1678529美元/76.86554996人民币。比特币(BTC)【比特币价格翻倍】美元(USDT)人民币(CNY)0.000/克洛克-0/5693【数字货币矿机】10.6 167852976.8655254996比特币对人民币的最新汇率为:489,807.72 CNY(1比特币= 489,807.72人民币)(1美元=7.24人民币)(0.00015693 U...
  • 0.00003374个比特币等于多少人民币/美金

    0.00003374个比特币等于多少人民币/美金
    0.00003374比特币等于多少人民币?根据比特币对人民币的最新汇率,0.00003374比特币等于2.2826 1222美元/16.5261124728人民币。比特币(BTC)美元(USDT)人民币(CNY)0.00003374克洛克-0/22216.5261124728比特币对人民币的最新汇率为:489807.72 CNY(1比特币=489807.72人民币)(1美元=7.24人民币)(0.00003374USDT=0.0002442776 CNY)。汇率更新于2024...
  • 2018-5-31币圈简报

    2018-5-31币圈简报
    一、要闻资讯类I. KEY INFORMATION CATEGORY1、央视:数字货币在京揭牌成立!中国或为此突变!1. View: Digital currency is established in Kyoto! China or mutated for it!中国数字货币来了˂a href="https://mp.weixin.qq.com/s/69fxKCf8GKSCscS4lT8WCA" Target="_blank"rel="noformlow"" Chinese...
标签列表