区块链特征
不同观点:
下一代货币,
最慢数据库,
panzi骗局,
…
Different perspectives xff1a;
next generation currency xff0c;
slowest database xff0c;
panzi scam xff0c;
...
基础铺垫知识
数组,链表,二叉树,哈希函数;
参考资料:
BitCoin and Cryptocurrency Technologies
以太坊白皮书,黄皮书,源代码;
Solidity文档;
Group xff0c; Chain table xff0c; Second fork tree xff0c; Hashi function xff1b;
reference xff1a;
BitCoin and CrystalCurrent Technologies
to the Tails White Paper xff0c; Yellow Book xff0c; Source xff1b;
Solidity file xff1b;
有关hash与加密的介绍《哈希(Hash)与加密(Encrypt)的基本原理、区别及工程应用》:
https://www.exyb.cn/news/show-3847402.html?action=onClick
Introduction to Hash and Encryption: The Rationale, Differences and Engineering Applications of Hash and Encryption (Encrypt) xff1a;
https://www.exyb.cn/news/show-3847402.html?action=onClick
加密货币crypto-currency
BTC主要应用密码学中的hash运算与数字签名;
Encrypted currency crypto-currence
shash operations and digital signatures in the main applied cryptography of BTC xff1b;
Hash
cryptographic hash function
两个性质:
cryptopographic hash operation
xff1a;
- 性质一:collision resistance:防止hash碰撞,两个不同值的hash值相同;输出空间大小2^256,输入空间无限制;碰撞理论上存在,但是没有高效方法人为制造碰撞;
可以利用collision resistance性质做数据校验;
collision resistance性质无法证明,只能用实践检验;MD5已经被找出了可以人为制造hash碰撞; - hiding:hash值没有泄露有关输入的任何信息;利用hash无法推算出输入;
hiding性质成立的条件是输入空间很大,且取值均匀,则无法用蛮力破解。
hash校验可以用来:
digital commitment;
digital equivalent of a sealed envelope;
如果输入空间不是非常大,或者分布不是足够均匀的情况下,通常在输入数字后面拼接随机数作为整体的输入:H(x+nonce);
3. puzzle friendly:hash输出不可预测;若希望将hash值落在指定的区间,没有很好的方法找到输入,只能不停尝试;
difficult to solve, but easy to verify;
比特币的hash函数为SHA256(Secure Hash Algorithm);
xff0c if the input space is not very large xff0c; xff0c if the distribution is not even enough; xff1a xff1a; xff1a; Hxff08; x#43; nencexff09; xff1b;
3. puzzle freely: āff1b if the ash output is unpredictable xff1b; xff0c if you wish to leave the ash value between the specified areas xff0c; xff0c if there is no good way to find the input; xff0c; only attempts ff1b;
diffult to solve, but easey to verify;
bit currency's hash function is SHA256& #xff08; xff09; xfffb;
Sig
开户:创立公钥私钥对。
非对称加密体系(asymmetric encryption algorithm)
签名用私钥,验证签名用公钥;
加密用公钥,解密用私钥;
Opening account & #xff1a; creating a public key private pair.
asymmetric encryption system ( asymmetric encryption agorithm)
signing with private key & #xff0c; authentication with public key xff1b;
encryption with public key xff0c; decrypting private key #xff1b;
攻击方法:不断产生公私钥对,直到产生与别人相同的公私钥对。
这种攻击不可行,产生相同公私钥对的概率非常小。
Attack method & #xff1a; continuous generation of public and private key pairs & #xff0c; until the same public and private key pairs are created.
The attack is not feasible & #xff0c; the probability of producing the same public and private key pairs is very low.
生成公私钥对需要很好的随机源;
签名也需要有很好的随机源;如果签名随机源不好,可能泄露私钥;
Generating a public-private key pair requires a good random source xff1b;
signature also requires a good random source xff1b; if the signature is not a good random source xff0c; may reveal a private key xff1b;
BTC中先对信息取hash,然后对hash签名。
The BTC first takes ash& #xff0c from the information; then signs ash from the information.
哈希指针
存放数据地址+hash值;
可寻找到数据,并且校验数据是否被篡改;
Hashi Pointers
store data address 43; hash value xff1b;
can find data xff0c; and verify whether the data has been tampered with;
- 用hash指针代替普通指针;
区块链例子:
创始区块(genesis block) <- (hash指针) 中间区块 <- …<-最新区块(most recent block)
tamper-evident-log:哈希指针存放了前面所有链表信息,只要链表被篡改,后级的hash校验就对应不上。
Tamper-evident-log: Hashi's pointers store all the chain tables before xff0c; as long as the chain table is tampered with xff0c; the post-hash check does not match.
实际系统中,每个区块会包含很多交易,每个区块分一颗Merkle,为块头和块身两部分.
xff0c in the actual system; each block will contain a lot of transactions xff0c; each block will have a Merkle and two parts of a block and body.
一种数据结构
Merkle tree与binary tree的区别:
The difference between a data structure of
Merkle Tree and binary Tree xff1a;
- 用hash指针代替了普通指针;
(1)data block;
(2)树状的hash指针;
(3)根部root hash可以校验全部树结构中的数据;
每个区块分两部分:
Each block is divided into two parts xff1a;
-
- block header:根hash值;
宏观信息:版本(Version),
前模块的hash(hash of previous block header)
整Merkle tree的根hash(Merkle root hash)
挖矿难度目标阈值target;
随机数nonce;
要求:H(block header)<=target
寻找随机数nonce使得block header满足以上关系,这个过程需要一定的算力;
Q:target取值怎么取得?
根据计算难度(平均出块时间),大约两周(2016个出块数量)调整一次。
- block header:根hash值;
-
- block body:有交易具体内容;
保存了大约10分钟间隔内新产生的交易列表;
作用:可提供Merkle proof;
- block body:有交易具体内容;
全节点(fully validating node):包含block header与block body;
轻节点(light validating node):仅包含block header;
思考:轻节点怎么证明交易过程?
向全节点申请获取树结构数据中的部分关键数据(缺失的有效数据),轻节点利用这些数据计算拼接得到root hash;
Full Node (fully validating node) & #xff1a; including Block Header and Block Body & #xff1b;
Light Node (light valid node) & #xff1a; only Block Header & #xff1b;
reflect on xff1a; light node how to prove the course of the transaction xff1f;
apply to the whole node for some of the key data in tree structure data (missing valid data) ~ #xff0c; light node uses these data to calculate to get root hash #xff1b;
基于此问题的继续思考:
如果验证结果正确,可证明某次交易是正确的;如果验证结果错误,就一定是交易记录错误吗,会不会是从全节点那里获取到的数据错误?
分布式系统可靠的前提是“大多数节点都是诚实的”,轻节点完全信任全节点提供的信息。
If the test results are correct xff0c; if the transaction is correct xff1b; if the test results are wrong xff0c; if the transaction records are wrong xff0c; if the data errors xff1f are obtained from the full node; if the distribution system
is reliable only if “most of the nodes are honest” xff0c; and if the light nodes have full confidence in the information provided by the whole node.
思考:
轻节点为什么需要验证某次交易?
轻节点怎样查询某次交易?是先找到区块,再找里面的交易?还是直接找交易?
Why a light node needs to verify how a transaction xff1f;
light node can query a transaction xff1f; first find a block xff0c; then find a transaction inside xff1f; or directly find a transaction xff1f;
collision resistance性质:人为制造hash碰撞不可行;
xff1a; not feasible for man-made ash collisions xff1b;
proof of membership/proof of inclusion:验证交易;计算复杂度,对数级;
Proof of membersship/proof of inclusion: authentication transactionxff1b; calculation complexityxff0c; logarithmxff1b;
proof of non-membership:按照交易叶节点的hash进行排序,在有序的叶节点中查询某个交易是否存在;
Proof of non-membership: sorting xff0c according to the shash of the transaction leaf node; searching for the existence of xff1b of a transaction in an orderly leaf node;
Sorted Merkle tree:叶节点有序排列,可以快速执行不存在证明;
Sorted Merkle Tree: strategized leaves & #xff0c; fast-tracked non-existent certificate & #xff1b;
无环数据结构可以使用hash执行代替普通指针;
环状数据结构使用hash指针会有问题:计算hash值的循环依赖;
The non-circle data structure can be implemented using the ash instead of the general pointer xff1b;
the ring data structure using the hash pointer has problems xff1a; circulatory reliance on the calculation of the hash value xff1b;
如何设计出加密货币?
例如,央行发布数字货币:
货币信息:明码数字+加数字签名;
用户:用央行公钥验证加密数字是否为明码数字;
How to design encrypted currency xff1f;
e.g. xff0c; central bank to publish digital currency xff1a;
currency information xff1a; code number 43; digital signature xff1b;
user xff1a; central bank keys to verify whether encryption numbers are code xff1b;
如何防止“花两次攻击”(double spending attack)?
这是数字货币面临的主要挑战。
尝试方案一:央行维护大数据库,记录数字货币在谁手中;
此方案缺点:这是中心化方案,每次交易都需要央行数据库的参与;
Pilot Scheme Ixff1a; central bank maintenance of large database xff0c; record of who has the digital currency xff1b; br/> programme's shortcomings xff1a; this is a centralization programme xff0c; each transaction requires the participation of a central bank database xff1b;
如何去中心化?
这是比特币系统要解决的问题。
区块链数据结构,维护货币的交易信息。
How to decentralize xff1f;
is a problem for the Bitcoin system.
Block chain data structure xff0c; maintenance of currency transaction information.
铸币交易(凭空产生的货币):没有输入,只有输出;
BTC交易包含输入和输出两部分:
(1)输入:说明货币来源;
(2)输出:给出收款人公钥hash;
交易消息中包含花费者的签名;
Founding currency transaction & #xff08; empty-generated currency & xff09; xff1a; no input xff0c; only output xff1b;
BTC transaction contains two parts of input and output xff1a;
& #xff08; 1xff09; input xff1a; description of currency source xff1b;
& #xff08; 2xff09; output xff1a; giving the payee's public key shashxff1b;
transaction message contains the user's signature xff1b;
A spent to B:
A needs B’s public key’s hash;
B needs A’s what? needs A’s public key, all nodes need A’s public key, to verify A’s signed.
Question: how to know A’s public key?
If someone say A’s public key, check it use A’s money context, the hash in it.
花钱者A需要收钱者B的公钥,这公钥的来源是B告诉A的;
收钱者B以及所有节点都需要知道A的公钥,用A货币交易信息中的签名,校验A的公钥合法性;
A target to B:
A need to know how to know A's public key?
If someone says A's public key, check it because A's money context, the hash in it.
spenders need A's public key, to payee B #xff0c.
Question: how to know A's public key?
交易记录是如何被用户记录的?
去中心化的账本,如何做到一致性?
账本的内容,要取得分布式的共识(distributed consensus)。
分布式的哈希表(distributed hash table)
FLP不可能结论(FLP impossibility result):在一个异步系统(网络延迟没有上限)中,即使只有一个成员是有问题(faulty)的,也无法达成共识。
The transaction record is xff1f;
a centralized account book xff0c; xff1f; br/> the contents of the account book xff0c; a distributed consensus xff08; distributed consensus #xff09;
distributed hash table
;
the FLP cannot reach a conclusion (FLP interpretation) xff1a; xff0c in an off-the-road system (net delay with no ceiling); xff0c; even if only one member has a problem xff0c; no consensus can be reached.
CAP Theorem(Consistency, Availability, Partition tolerance):三个性质最多只能满足两个;
CAP Theorem (Consistency, Availability, Protection tolerance) & #xff1a; three properties can only satisfy a maximum of two xff1b;
分布式系统的三个性质:
Consistency:一致性;
Availability:有效性;
Partition tolerance:误差容忍;
The three characteristics of distributed systems xff1a;
Consistency: Consistency xff1b;
Availability: Validity xff1b;
Partility tolerance: Error Tolerance xff1b;
分布式共识(distributed consensus)的一个著名协议Paxos:
如果可以达成共识,那么共识结果一定是一致的;
但是,某些情况下,可能永远无法达成共识;
Distributed Consensus & #xff08; Distributed Consensus) a famous agreement Paxos:
if consensus can be reached xff0c; the consensus result must be consistent xff1b;
but xff0c; in some cases xff0c; possibly never reaching consensus xff1b;
比特币中的共识
大多数节点无恶意,少数节点有恶意,怎样设计共识协议?
尝试方案一:投票方法
存在问题:membership,首先要确定谁有投票权;
hyper ledger联盟链协议,如fabric;
在比特币系统中,产生公私钥对就是一个账户,别人无法衡量账户合法性;
女巫攻击(Sybil attack):一台机器产生很多账户,多于系统半数用户,就拥有了系统控制权;
Consensus in Bitcoin
xff0c; malicious xff0c; how to design consensus agreement xff1f;
trial scheme Ixff1a; voting method
problematic xff1a; membership xff0c; first to determine who has the right to vote xff1b; br/> hyperledger union chain agreement xff0c; e.g., fabricxff1b;
in the Bitcoin system xff0c; producing public and private keys to an account xff0c; other people cannot measure account legitimacy xff1b;
witch attack #xff1a; one machine produces many accounts xff0c; more than half of system users ff0c; #fffx1b
比特币系统采用计算力投票;
hash rate:每秒尝试计算hash找出nonce的次数;
一台服务器的账户增多,并不会增加其hash rate能力;
在计算区块,求解nonce的过程,被称为挖矿mining;
The Bitcoin system uses calculus voting xff1b;
hash rate: tries to calculate the number of times that hash has found nence xff1b;
an increase in the account of a server xff0c; does not increase its hash ratte xff1b;
in the calculation block xff0c; the process of trying to solve nonce xff0c; known as mine mining #xff1b;
验证double spending(两次花费)的方法:一个分支上是否被花费两次;
Validate Double spending( cost & #xff09; method & #xff1a; cost & #xff1b twice for one branch;
分岔攻击(forking attack):
非法操作:创建分支,花费两次;
不在最长合法链的交易,不合法;
Interrupted attacks xff08;forkingatack) xff1a;
illegal operations xff1a; creating branch xff0c; cost xff1b;
transactions not in the longest legal chain xff0c; xff1b; unlawful; xff1b;
如果两个节点同时获得了记帐权,同时产生了分支,产生了等长的分支,如何处理?
每个节点仅接收最早接收到的区块;等长的临时性的分岔会存在一段时间,直到某一分岔找到下游区块被延长,另外一分支成为orphan block被丢弃,同时由该节点获得的出块奖励也将作废;
If at the same time two nodes are given rights to account xff0c; at the same time, branches xff0c; at the same time, branches xff0c have been created; at the same time xff1f; at the same time, how to deal with xff1f;
each node receiving only the first received block xff1b; at the same time, the long temporary split will remain for a certain period of time xff0c; at the same time xff0c has been extended until a given point has been located xff0c; at the same time an orphanan block has been discarded xff0c; at the same time, the resulting incentive from the node xff1b will be lost xff1b;
凡是合法的交易,都应该被写入区块链中,如何做到?
Any legal transaction xff0c; should be written into the block chain xff0c; how xff1f;
block reward,出块奖励;
谁有权利造币?
coin-base transaction 造币来源;
记帐节点,被奖励一定数量的比特币;
首期,50BTC,21W次交易区块后,奖励减半,变为25BTC;再21W,再减半成为12.5BTC;
Block reward & #xff1b;
who has the right to make currency & #xff1f;
coin-base translation & #xff1b;
account point & #xff0c; awarded a certain amount of bitcoin #xff1b;
first phase xff0c; 50 BTC #xff0c; after 21 W trading blocks xff0c; incentives by half xff0c; converted to 25 BTC #xff1b; again 21W #xff0c; further halved to 12.5 BTC #ff1b;
平均每10分钟记帐一次,奖励递减一次的时间:
21W10分钟/(6024*365) = 3.99年;
An average of 10 minutes to account for xff0c; incentives to reduce one time:
21W 10 minutes / (60 24*365) & #61; 3.99 xff1b;
总货币数量:
呈现几何序列(geometric series)
21W50(1+0.5+0.25+…) =21W502 = 210W;
Total currency quantities xff1a;
show geometric sequences xff08; geomediaries)
21W50 (1+ 0.5+ 0.25+...) & #61; 21W502 & #61; 210W;
每个块最多1M字节大小。
问题:每年区块链增加的数据大小为3652460/10*1M=51.3G。逐年累积,这个链条数据是否太大?
Up to 1 M bytes per block.
problem xff1a; data added to the block chain each year is 3652460/10*1M= 51.3G. Cumulative xff0c per year; whether this chain data is too large xff1f;
transaction-based ledger
比特币采用的是基于交易的账本模式(transaction-based ledger)
还没有被花掉的货币UTXO: Unspent Transaction Output;
UTXO数据结构的作用?为了检测double spending;
自己正在花销的货币,必须在UTXO中;
Bitcoin uses transaction-based account book mode (transaction-based ledger)
currencies that have not yet been spent UTXO: Unspent Transport Output;
the role of UTXO data structures xff1f; to detect Double spending #xff1b;
the currency that is being spent xff0c; must be in UTXO;
每个交易可以有多个输入多个输出,所有输入金额相加等于所有输出。
total input = total outputs
有些交易,输入略大于输出,多出的那一部分,由记帐者获取。
如果只有出块奖励,那么自私节点仅打包自己的交易,不记帐其它交易。
“交易费”用来奖励记帐打包者。
在很多年后,出块奖励减少,记帐奖励变为主要收入来源。
Each transaction can have more than one output xff0c; all input amounts add up to all exports.
total input & #61; total outputs
some transactions xff0c; input slightly greater than output xff0c; excess xff0c; taken by the bookkeeper.
If there is only a single incentive xff0c; selfish nodes only wrap up their own transactions xff0c; no other transactions.
“transaction fees” are used to reward book-tackers.
After many years xff0c; an incentive reduction xff0c; an incentive to account becomes a major source of income.
accout-based ledger
基于账户的模式;
Account-based model xff1b;
Bernoulli trial : a random experiment with binary outcome;
Bernoulli process: a sequence of independent Bernoulli trials;
progress free:过去的尝试对后续的发生概率没有影响;
progress free是挖矿公平性的保证,否则高算力挖矿者会有不成比例的优势;
Bernoulli trial: a benefit with binary equity;
Bernoulli process: a balance of index Bernoulli trials;
progress free: past attempts have had no effect on the likelihood of subsequent occurrence xff1b;
progress free is a guarantee of equity in mine mining xff0c; otherwise there would be a disproportionate advantage for highly arithmetic diggers xff1b;
BitCoin is secured by mining.
挖矿(产生交易记帐区块)的过程,对于维护比特币系统的安全至关重要;
系统的维护掌握在大部分诚实节点手中;
BitCoin is secured by Mining.
mining & #xff08; generating transaction log blocks & #xff09; process #xff0c; essential for maintaining the security of the Bitcoin system xff1b;
maintenance is in most honest nodes #xff1b;
不诚实节点的欺骗:
Deception of dishonest nodes #xff1a;
- 伪造别人转账给自己:由于没有别人的签名,交易不被认可;
- 花两次,同时给别人转账,又给自己转账,在等长的分岔链条上,继续延长传给自己的那个分支。怎么防范?先转账,后发货,如果发现转给别人的交易不被认可,则不发货。那么如何处理“实时”交易?BTC不适合处理像信用卡这样的实时交易,交易确认至少要等待10分钟(一次出块时间)。
- Selfish mining:挖掘后不及时发布,等待别人发布后再发布,在自己发布之前,沿着自己的分支继续挖掘下一块。
The Bit Network.
比特币工作在应用层。
application layer: BitCoin Block chain;
network layer: P2P Overlay Network;
The Bit Network.
Bitcoin works on the application level.
application player: BitCoin Blockrain;
network player: P2P Overlay Network;
特征:simple, robust, but not efficient;
消息传播在网络中,采取flooding的方式;
节点传播是随机的,不考虑网络拓扑结构。
Characteristics & #xff1a; simple, robust, but not efficient;
message dissemination in the network & #xff0c; br/> node dissemination is random & #xff0c; no account is taken of network growth structures.
如果两个冲突节点,差不多的时间广播到网络中,有些节点收到A->B,有些收到A->C。
新发布的交易传播方式,与新发布的区块的发布方式是类似的。
If two conflict nodes & #xff0c; broadcast to the web at approximately time & #xff0c; some nodes receive A-> B& #xff0c; some receive A-> C.
Newly released transactions communicate & #xff0c; similar to newly released blocks.
比特币去中心化网络遇到的问题:
不同节点收到的节点顺序是不同的;
有些恶意节点不按照比特币协议转发,有些转发不合法的交易;
xff1a;
The order of nodes received at different nodes is different xff1b;
Some malicious nodes do not transmit xff0c according to the Bitcoin agreement; Some transmit illegal transactions xff1b;
在header中不断调整nonce值,使得整合header的hash值,小于target阈值。
SHA-256有256位,2^256种取值。
挖矿难度最小为1,表示为 difficulty_1_target;
挖矿难度计算:difficulty = difficulty_1_target / target;
注意:挖矿难度与目标阈值成反比;
Continuous adjustment of nonce & #xff0c in header; integration of header's hash & #xff0c; less than the Target threshold.
SHA-256 & #xff0c; 2,256 take-off values.
mining difficulty of 1xff0c; expressed as difficulty_1_target;
mine difficulty calculation xff1a; difficulty & #61; difficulty_1_target / target;
note & #xff1a; recalibration of mine difficulty to target threshold xff1b;
随着参与者的增加,总算力的增强,不调整难度,出块时间会变短。
As the number of participants increases xff0c; the total strength increases xff0c; the difficulty of not adjusting xff0c; and the timing of the formation becomes shorter.
出块时间变短,会带来什么问题?
两个节点同时挖矿,同时出块。如果出块时间变短,产生分岔的概率会增加,并且不止有二分岔,而且会存在多分岔。分岔数量越多,对系统达成共识是不利的。
如果只有二分岔,恶意节点的数量达到51%才能破坏系统。但是10分岔后,11%就可以攻击系统,因为善意节点的算力被分摊了。
xff0c; what would be the problem xff1f;
two nodes digging at the same time xff0c; xff0c. If the ejecting time becomes shorter xff0c; the probability of creating a split increases xff0c; and there are more than two parts xff0c; and there will be more problems. The number of splits xff0c; consensus on the system would be disadvantageous.
The number of malicious nodes would destroy the system if only a split xff0c; the number of malicious nodes would reach 51%. But after 10 nodes xff0c; 11% could attack the system xff0c; due to the weight of the goodwill node was divided.
对于一个支付时间,一次交易要等待10分钟才能确认,有些太长。
以太坊对此进行了改进,出块时间是比特币的40倍。
For a payment time xff0c; for a transaction to wait 10 minutes to confirm xff0c; some too long.
The Ethio has improved xff0c; it is 40 times as long as Bitcoin.
大约每2周调整一次难度。每2016个区块,调整一次难度。
201610分钟/(6024)=14天;
具体调整方法,按照公式:
target = target * actual_time/expected_time;
actual_time:最近2016节点的实际花费时间;
expected_time:201610分钟;
实际代码中,防止意外发生,actual_time有上下限制的限制[0.25expected_time, 4*expected_time];
About two weeks to adjust the difficulty. Each block xff0c; adjustment difficulty.
2016 10 minutes/( 60 24/#xff09; 61; 14 days xff1b;
Specific adjustment method xff0c; xff1a; formula xff1a;
Target & #61; target*actual_time/expected_time #xff1b;
actual cost of xff1a; recent issue of 2016 xff1b;
expecated_time #xff1a; 2016 10 minutes xff1b;
actual code xff0c; prevent accidental occurrence of xffd; xfft; xt/xt/xfffffffft[e_m ext
如果有恶意节点,到期后,不调整难度。会怎样?
如果不调整难度,恶意节点发布的区块,诚实节点不会承认。
If there is a malignant node & #xff0c; xff0c after maturity; without adjusting the difficulty. How xff1f;
If the difficulty is not adjusted xff0c; blocks xff0c; honest node is not recognized.
思考:比特币的挖矿难度,比特币的计算能力(hash rate),比特币的市值的关系。
Think about the relationship between xff1a; the difficulty of mining by Bitcoin xff0c; the ability of bitcoin to calculate xff08; hash rate) xff0c; and the market value of bitcoin.
全节点:
一直在线;
在本地硬盘上维护完整的区块链信息;
在内存里尾部UTXO集合,以便快速检验交易的正确性;
监听比特币网络上的交易信息,验证每个交易的合法性;
决定哪些交易会被打包到区块里;
监听别的矿工挖出来的区块,验证其合法性;
挖矿:(1)决定沿着哪条链挖下去;(2)当出现等长的分支,选择哪一个分支;
Has been maintaining complete block chain information xff1b; br/> on local hard disks xff1b;
tail UTXO collection xff0c; to fast-track the correctness of the transaction xff1b;
to listen to transactions on the Bitcoin network xff0c; to verify the legality of each transaction xff1b; br/> to determine which transactions are to be packed into the block xff1b;
to listen to blocks excavated by other miners xff0c; br/> to verify their legitimacy xff1b; to dig for mine xff1a; xff08; 1ff09; to decide which chain to dig down xff1b; xff08; xff09; xff09; to select the branch of the head x0c;
轻节点:
不是一直在线;
不用保存整个区块链,只需要保存每个区块的header;大小差别100倍;
不用保存全部交易,只保存与自己相关的交易;
无法检测大部分交易,只能检测与自己相关的交易的合法性;
无法检测网上发布的区块的正确性;
可以验证挖矿的难度;
只能检测哪个链最长,不知道哪个是最长的最长合法链;
注意:轻节点假设全节点是诚实的。
It is not always xff1b;
it is not necessary to preserve the entire block chain xff0c; it is only necessary to preserve the header; of each block; it is 100 times the size difference xff1b;
it is not necessary to save all transactions xff0c; it is only possible to preserve the transactions associated with it xff1b;
it is impossible to detect most transactions xff0c; xff1b; br/> it is impossible to detect the legitimacy of transactions related to itself; br/> it is impossible to detect the correctness of published blocks on the Internet xff1b;
it is possible to verify the difficulty of mining xff1b; br/> it is possible to detect only the longest chain xff0c; xff1b; br/> it is not known which is the longest legitimate chain r/> note xff1a; and the entire section is honest.
比特币系统中,大多数节点属于轻节点,并不参与挖矿。
xff0c in the Bitcoin system; most nodes are light xff0c; are not involved in mining.
如果在出块过程中,新产生了交易,之前的挖掘计算对象需要改变,重新计算,这是否可惜?不可惜,因为progress free的特性,挖掘成功的分布为概率事件,不具备记忆性。
If & #xff0c; a new transaction & #xff0c; the previously excavated objects need to change & #xff0c; recalculation & #xff0c; whether this is too bad xff1f; xff0c; because of the properties of progress free & #xff0c; distribution of successful excavations as probabilities & #xff0c; lack of memory.
随着挖矿的激烈竞争,挖矿工具由CPU转为GPU,实现大量的并行计算。
GPU中浮点运行对于深度学习有用,但与对于BTC挖矿计算无用。
现在采用ASIC(Application Specific Integrated Circuit)挖矿;
With the intense competition for mining xff0c; the conversion of mining tools from CPU to GPU, and the realization of a large number of parallel calculations.
The floating point running in GPU is useful for depth learning xff0c; but not for BTC mining calculations.
now uses ASIC( Application Specialized Circuit) Mining #xff1b;
新矿机的50%利润在其生命的前2周创造的。
Fifty per cent of the profits of new miners were created in the first two weeks of their lives.
有些新的加密货币,采用Alternative mining puzzle,设计出点是ASIC resistance,使得通用的计算机也可以参与挖矿过程。
Some of the new encrypted currency xff0c; the use of Alternative Mining Puzzle, the design point is ASIC response, and the possibility of a generic computer being involved in the mining process.
矿池 pool
pool manager下面有很多矿工miner;
miner仅仅负责计算hash值,全节点的其它职责由pool manager实现;
pool manager的出现解决了收入不稳定的情况。
Under the pool manager are many miners;
miner is responsible only for the calculation of the hash & #xff0c; other functions at the full node are addressed by the emergence of the xff1b;
poor manager.
收益如何分配?
按照每个矿工的工作量分配。
每个矿工如何证明自己的工作量?
How the proceeds are distributed xff1f;
is allocated according to the workload of each miner.
How each miner is able to prove its workload xff1f;
share:almost valid block;(比如target比要求的大一些)
每个矿工输出几乎符合难度要求的块(share),将其提供给矿主。
矿主拿到这个块后,将其作为矿工的工作量证明。
Share: al Most Valid block; & #xff08; e.g. Target is bigger than required & #xff09;
each miner exports pieces (share) & #xff0c that almost meet the challenge requirements; provides them to the miner.
miner gets this block xff0c; uses it as proof of workload for the miner.
有没有可能一个矿工挖到合法块后,不提交给矿主,自己偷偷的发布?
这是不可能实现的,矿主给矿工分配工作。因为CoinBase中提供的出块收获人地址为矿主的地址,这个内容会参与root hash的计算,作为工作量证明。
xff0c after a miner digs up a legal block xff0c; does not submit it to the miner xff0c; his own secret release xff1f;
is an impossible xff0c; the miner assigns work to the miner. Because CoinBase provides the address of the miner xff0c; this will be involved in the root hash calculation xff0c; as proof of workload.
分叉的原因:
1.state fork: 由于对当前状态有歧义而产生的分叉;两个节点同时挖到矿;forking attack/deliberate fork;
2.protocol fork 比特币协议发生改变,分布式系统无法按时升级软件,由于协议内容不同,又分为hard fork, soft fork;
xff1a;
1.state fork: Fork & #xff1b due to disagreement over the current state; two nodes digging into the mine at the same time xff1b; working attack/deliberate fork;
2. protocol fork fork xff0c; distribution system not able to upgrade software xff0c on time; xff0c due to differences in the content of the agreement; and hard fork, soft fork;
hard fork
如果对比特币协议增加的新特性,没有升级软件的旧节点,不认可这个块;
例子:比特币区块大小限制(block size limit);
一个交易250字节,1M包含4000交易,用时10分钟,平均每秒7比交易。这个交易数量太小。
很多人认为区块太小,限制交易的频率,需要增加block size limit,提升每个区块的记帐数量。
如果有人发布软件更新,将block size limit从1M增加到4M。大多数节点已经更新,少数节点没有更新。现在新节点产生新区块A,新节点认可,会沿着A继续挖,旧节点不认可,继续挖出B。因为新节点数量多,会使得A分支继续加长,就节点永远不承认A分支,这种分叉永远存在,所以称为Hard fork。
xff0c; 1M contains an old node xff0c without upgraded software; this block is not accepted xff1b;
example xff1a; Bitcoin block size limits xff08; block size limit)
a transaction 250 bit xff0c; 1M contains 4,000 transactions xff0c; if software is released for 10 minutes xff0c; 7 times per second. The number of transactions is too small.
Many consider the blocks to be too small xff0c; the frequency of the transaction xff0c; the need to increase block size limitxfff0#ff0; the number of new sections is still not available; if the software is updated xff0; the number of blocks sizes is increased to 4 mxxm; ffffffffffffffs continue; the number of new sections is not available; r.ffffffffffffffffffffffts.s.;ffffffffts.s.s.fffffffffffffffffffffts.ffffts.
在真实案例:两条分支永远分家。在这中案例中,B转账给C,在两个链条上发生了两次(各一次),这样C收到两次。为避免转账在两条链条同时发生,各条链都带chain ID,独立记帐。
In the real case xff1a; two branches are divided forever. In this case, xff0c; B transfers to C, two xff08; xff09; xff0c; then C receives twice. To avoid transfers occurring simultaneously in both chains xff0c; each chain carries a chain ID, independent bookkeeping.
Soft fork
例子:比特币区块大小限制(block size limit);大多数新节点size改小。
新协议块小,算力多,所以生长的最快。
旧协议产生的分叉总是临时的,不被大多数新协议节点认可,这样对旧协议节点不利,会促进旧协议节点升级软件协议。
Example: xff1a; Bitcoin block size limitation xff08; block size limit) most new node size is smaller.
The new node is small xff0c; the new node is more powerful xff0c; so the fastest growing.
The old node produces the split is always temporary xff0c; is not endorsed by most of the new node xff0c; is thus detrimental to the old node xff0c; promotes the old node upgrade software protocol.
Coin-Base域:
可以作为extra nonce(前8字节),调整后增加解的搜索空间。
后面的字节,有人建议,可以将其作为UTXO的root-hash;
怎么计算A账户上有多少钱币?全节点才可以计算,轻节点无法知道。有人提议,将UTXO组织一棵Merkle-tree,将其hash写入coin-base;
Coin-Base & #xff1a;
can be used as extra nonce( first eight bytes & #xff09; & #xff0c; adjusted additional search space.
followed by by bytes , suggested by xff0c; could be used as UTXO root-ash;
how to calculate the amount of currency xff1f in account A; full node to calculate xff0c; light node not known. xff0c; proposed xff0c; placing UTXO in a Merkle-tree, hash in coin-base& ff1b;
1. 转账时候是否需要接收者在线?
不需要,转账只是转出者将交易信息发布到比特币网络中,不需要接收者在线。
There is no need for xff0c; the transfer is merely the transferer's posting of the transaction information to the Bitcoin network xff0c; there is no need for the recipient to be online.
2. 加入某个全节点收到某个转账交易,有没有可能转账收款地址是从来没出现过的?
可能。比特币账户的创建,无需对外广播。
Possible. Bitcoin accounts are created xff0c; no external broadcast is required.
3. 如果比特币账户的私钥丢失(自己找不到),该怎么办?
没有办法处理账户的钱,这个钱变成了死钱。
在去中心化的系统中,没有重置密码的办法。
思考:银行系统中,用户的登陆是账户名称,密码,动态口令等。银行系统中有私钥吗?
There is no way to handle account money xff0c; this money becomes dead money.
in a decentralised system xff0c; no way to reset passwords.
Think xff1a; xff0c in the banking system; user login is account name xff0c; password xff0c; dynamic passwords xff0c; etc.
4. 如果比特币账户的私钥泄露(别人和自己同时知道),自己账户出现可疑交易,该怎么办?
账户泄漏是别人和自己同时知道自己的私钥,应该尽快将钱转移到安全账户上。
可以新建一个账户,抢在别人之钱,将旧账户转移。
The account leak is someone who knows their own private key at the same time as they do; money should be transferred to a secure account as soon as possible.
New account can be created xff0c; steal money from someone else xff0c; transfer old accounts.
5. 如果转账写错地址,怎么办?
没有办法取消已经发布的交易。
比特币系统可以转账到不存在的账户。
地址是公钥的hash。
有些地址不是公钥的hash得到的,如digital commitment;
在验证当前交易合法性时候,不会执行(验证)本交易的输出脚本;只有在下次交易,花费这笔钱的时候,这个脚本作为上次交易的输出,才会被执行。
There is no way to cancel a transaction that has already been issued.
The bitcoin system can transfer to an account that does not exist.
Address is the public key 'hash.
Some addresses are not the public key 'hash'#xff0c; e.g., digital communication;
when verifying the legitimacy of the current transaction xff0c; will not execute xff08; xff09; the output script of this transaction xff1b; xff0c; xff0c; xff0c; this script will only be executed when the next transaction is spent; xff0c; this script will be executed as an output of the last transaction xff0c;
6. 挖矿场景,会不会存在矿工偷取别的矿工的答案,怎么确认哪个矿工先发现的nonce?
不可能出现这种情况。因为每个矿工产生的区块,nonce与块中自己的收款地址绑定在一起,别人无法冒名顶替。
This cannot happen. Because each miner produces a block xff0c; nence is tied to its own collection address xff0c; no one else can pretend to be a replacement.
7. 交易费是矿工的消费,事先不知道哪个矿工可以出块,怎么输出交易费?
交易费的多少是由谁来指定?是系统吗?
交易费的收款人地址不需要指定。
The name of the recipient of the transaction fee xff1f; is it the system xff1f;
need not be specified.
Bitcoin and anonymity.
privalty.
pseudonymity.
比特性系统的账户信息,所有人都可以查询,只是无法知道账户的主人信息。
银行系统,账户信息只有银行可以查询。
Bitcoin and anonymity.
banking.
pseudonymity.
account information xff0c; everyone can access xff0c; only information about the owner of the account is not available.
banking system xff0c; account information is only available to banks.
比特性匿名性可倍泄露的场景:
(1)比特币账户之间通过交易关联起来,推测出是一人多账户;
(2)比特币与现实发生交易,推测出账户与实体人的关联;
比特币从事违法活动,被抓捕的案例:Silk Road/2 从事非法交易;
区块链的不可篡改性,对于隐私性的保护是灾难性的。
xff1a;
& xff08; 1xff09; xff0c; presumably multi-account xff1b;
xff08; 2ff09; Bitcoin dealing with reality xff0c; presumably account-to-entity connections xff1b;
bitcoin engaging in unlawful activities xff0c; caught cases xff1a; Silk Road/2 engaging in illegal transactions xff1b;
block chain unalterable xff0c; protection of privacy is disastrous.
Hide your identity from whom?不想向谁泄露自己的身份?
向朋友隐蔽容易,向国家隐蔽难。
Hide your identity from whom? #xff1f;
Hide your friends easy #xff0c; Hide your country.
如果没有网络层的匿名性,那么根据网络地址可以推算出账户信息。
If there is no anonymity of the network layer xff0c; then account information can be extrapolated from the web address.
TOR(洋葱路由)
application经过多次转发,发送给接收者。
如何通过application layer实现匿名性?
(1)coin mixing:把不同人的币混在一起;缺点,容易卷币跑路;
(2)在线钱包,把币混合,取币时候,可能不是自己的币;
(3)交易所,天然coin mixing性质;
Application has been forwarded several times xff0c; sent to recipients.
How anonymous xff1f;
& #xff08; 1xff09; coin mixed mixed different people's currencies xff1b; shortcomings xff0c; easy to roll xff1b;
( 2ff09; online wallet xff0c; xff0c; when taking currency xff0c; probably not its own currency xff1b;
& xff08; 3ff09; exchange xff0c; nature of natural coin xixing xff1b;
Zero-knowlege proof(零知识证明):
一方(证明者)向另一方(验证者)证明一个陈述是正确的,而无需透露该陈述是正确的之外的任何信息。
有争议的例子:签名,用私钥签名,证明公钥是自己的。泄露了私钥的签名。
xff08 on one side; xff09 on the other side; xff09 on the other; xff09 on the other; xff09 on the other side; xff0c on the other side; br/> the disputed examplexff1a; xff0c on the signature; fff0c on the private key; xff0c on the proof that the public key is his. The signature on the private key was leaked.
同态隐藏,性质:
(1)如果x,y不同,那么它们的加密函数值E(x)和E(y)也不相同;
(2)hiding property:给定E(x)的值,很难反推出x的值;
(3)同态运算:给定E(x)和E(y)的值,我们可以很容易计算出某些关于x.y的加密函数值。
同态加法:通过E(x)和E(y)的值,计算出E(x+y)的值;
同态乘法:通过E(x)和E(y)的值,计算出E(xy)的值;
可以扩展到多项式;
& xff08; 1xff09; if x, y is different xff0c; then their encryption function values E(x) and E(y) are also different xff1b;
& #xff08; 2xff09; running value: given E(x) xff0c; hard to reverse x value xff1b;
xff08; 3xff09; same-state operation xff1a; given E(x) and E(y) value xff0c; we can easily calculate some encryption function values on x.y.
same-state additions xff1a; via E(x) and E(y) values x ff (xx x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x
案例:盲签方法
有没有什么方法是实现央行记账,同时不泄露信息?
应对方法:虚拟货币的编号不是由央行产生,而是由用户自己产生。采用盲签方法。
(1)用户A提供SerialNum(货币的序列码),银行在不知道SerialNum的情况下返回签名Token,减少A的存款;
问题:Token与SerialNum有什么关系?怎样实现盲签?
猜测:用E(SerialNum)签名,得出Token;
(2)用户A把SerialNum和Token给B完成交易;
(3)用户B拿着SerialNum和Token给银行验证,银行验证通过,增加B的存款;
银行在此验证的目的,是为了防止这个序号的货币被Double Spending;
(4)银行无法把A和B联系起来;
问题:银行真的无法关联A和B的交易吗?银行记录发给A的Token,当B来存钱核对一下B给的Token,不就可以关联A和B了吗?
(5)中心化;
xff08; 1ff09; user A provides SerialNum (single code for currency) xff0c; bank returns signature Token xff0c without knowledge of SerialNum; xff1a; bank deposits xff1b; bank accounts
xff0c; user blind marks
案例:零币和零钞
专门为了匿名性产生的货币。背后的数学原理复杂,涉及密码学。
(1)零币和零钞在协议层就融合了匿名化处理,其匿名性来自密码学保证;
(2)零币系统中存在基础币和零币,通过基础币和零币的来回转换,消除就地址和新地址的关联性,其原理类似于混币服务;
(3)零钞系统使用zk-SNARKs协议,不依赖一种基础币,区块链只记录交易的存在性和矿工用来验证系统正常运行所需要关键属性的证明。区块链上既不显示交易金额,也不显示交易地址,所有交易通过零知识验证的方式进行。
The underlying mathematical principles are complex xff0c; they involve cryptography.
& xff08; 1xff09; zero currency and zero currency combines anonymous processing xff0c at the protocol level; anonymousness comes from cryptographic guarantees xff1b;
& #xff08; 2ff09; zero currency systems use xff0c; conversion xff0c through base currency and zero currency xff0c; elimination of linkages between addresses and new addresses xff0c; its rationale is similar to that of currency services xff1b;
& #xff08; 3ff09; zero currency systems use zk-NARKs xff0c; not relying on a base currency xff0c; sector chains record only the presence and mineral industry to verify the properties of the system #0x0x value of the transaction; and non-transaction of zero xxff addresses;
1. 区块链的hash指针
指向本地的区块链数据地址,网络中,hash指针怎么存放?
实际的hash指针,只有hash,没有指针。那么,怎么找到前节点?
全节点将所有区块存在<key, value>的数据结构中,通过levelDB根据hash获取value;
由于hash是key值,所以hash自身就是指针。
Point to local block chain data address xff0c; xff0c in the network; xff0c; how to store xff1f;
actual hash pointers xff0c; only hashxff0c; there are no fingers. xff0c; how to find the previous node xff1f;
full node to have all blocks lt; Key, value> xff0c in the data structure; xff0c; vDB to obtain valuexff1b;
to the extent that heh is key xff0c; thus heash itself means needles.
2. 区块恋
两人各自保存私钥的半段,合起来才可以取钱。这样存在什么问题?
任何一方丢私钥,都会丢失私钥。
把256位截断,128位私钥的安全性破解难度降低了很多:。
The two individuals each save a half of the private key & #xff0c; they combine to collect the money. There are problems & #xff1f;
any party loses the private key & #xff0c.
cuts 256 bits & #xff0c; 128 private keys have much less security difficulty xff1a;
正确做法:对于多人账户,采用MultiSig多重签名的机制。
Correct approach xff1a; for multi-person accounts xff0c; use of MultiSig multiple signature mechanism.
3. 分布式共识
为什么比特币系统能够绕过分布式共识中的那些不可能结论?
严格的说,比特币系统并没有取得真正意义上的共识,取得的共识随时可能被推翻,例如分叉可能被回滚。
按照分布式理论,共识一旦确定,是不可能推翻的。
理论和实际系统是有差距的。
Why is the Bitcoin system able to bypass those of the distributed consensus that are impossible to conclude xff1f;
strict xff0c; xff0c without real consensus in the sense of the bitcoin system; xff0c at any time; e.g. for forks may roll back.
According to the distributed theory xff0c; consensus once it is determined xff0c; cannot be reversed.
There is a gap between the theory and the actual system.
4. 比特币的稀缺性
挖矿的收益大于挖矿的开销才是有意义的。
任何加密货币都有冷启动的问题,早期的货币价值低,参与者人少。
比特币如何应对冷启动:早期挖矿难度低,出块奖励高。
Any encrypted currency has cold start problems xff0c; early monetary values are low xff0c; participants are low.
bitcoin responds to cold startup xff1a; early mining is less difficult xff0c; high incentive is given.
好的货币应该具备通货膨胀功能,稀缺的东西不适合做货币。早期货币积累的人,显得越来越富有,后期的人永远追不上,不是一个健康的社会。
A good currency should have an inflation function xff0c; something scarce is not suitable for money. An early accumulation of money xff0c; a growing wealth xff0c; a later stage where people never catch up with xff0c; and not a healthy society.
5. 量子计算
传说中的量子计算机计算力很强大,可以破解加密算法,是否对加密算法产生威胁。
量子计算距离实用性,还有很长的时间,比特币系统有生之年可能不会遇到量子计算的攻击。
如果有风险,量子攻击首先是传统的金融业。将来会出现量子加密。
私钥可以推导出公钥,无法从公钥推导出私钥。比特币没有直接实用公钥,而是公钥的hash,具有两重的保护。
加密与取hash是不同的操作,加密的目的是为了解密,加密过程不丢失信息,可以还原原来的信息。取hash的过程是不可逆的,根据hash不能获取原来的数据。
从安全性的角度考虑,某个地址只使用一次,一旦从账户中转账,就把余额转入新的账户。
The legendary quantum computer calculator is powerful xff0c; it can decipher encryption algorithms xff0c; it poses a threat to encryption algorithms.
quantum computing distance xff0c; there is still a long time xff0c;
if there is a risk xff0c; quantum attack is, first and foremost, a traditional financial industry.
private key can deduce public key xff0c; cannot deduce private key from public key. Bitcoin has no direct practical public key xff0c; it is hashxff0c of public key; it has two weights of protection.
encryption and taking hashash is a different operation xff0; encryption is intended to be a point of view for understanding the secret xff0c; encryption process does not lose only information xff0c; & original process #fffx0x0x unreversible; #0hxfffffn.
- 如何迅速查找交易?
- 如何验证交易?
被称为区块链2.0,针对比特性系统的问题进行了改进。
比如说,(1)出块时间从10分钟,降低到10几秒。
(2)挖矿使用的mining puzzle;比特币系统采用算力竞争,造成了矿机的专业化。以太坊涉及的mining puzzle对内存的要求很高,目的是在一定程度上限制了ASIC芯片的使用(ASIC resistance)。
(3)“将来”会把工作量证明(proof of work)变为权益证明(proof of stake);
(4)引入了智能合约(smart contract);
, for example, xff0c; xff08; xff09; xff09;
& xff0c; reduced to 10 seconds.
& xff08; 2xff09; mine mining use
BitCoin:decntrailized currency 去中心化货币;
Ethereum: decntrailized contract 去中心化合约;
BitCoin: decntrailized currency & #xff1b;
Etherum: dectrailized contract & #xff1b;
以太坊智能合约设计目的:通过科技取代司法公正。
逻辑简单清晰的合约,可以写成智能合约。
#xff1a; replaces justice with justice through technology.
Logically Clear Contracts #xff0c; can be written into smart contracts.
去中心化的合约,有什么好处?
违约后,通过 司法手段维权需要一定的成本。
通过技术手段,是的参与者在指定合约后,就不可能违约。
Decentralized contracts xff0c; what benefits xff1f;
post-default xff0c; legal recourse requires a certain cost.
By technical means xff0c; yes participants xff0c; no default.
采用基于账户的模型(account-based ledger)
例如:检测A->B (10 ETH)是否合法,只需要检测A账户是否有足够的货币,不用说明货币的来源。
这种基于账户的模式,对于double spending attack有天然防御作用。
Using account-based models & #xff08; account-based ledger)
e.g. & #xff1a; testing A-> B (10 ETH) & #xff0c; only checking A accounts for sufficient currency & #xff0c; without specifying the origin of the currency.
, this account-based model xff0c; natural defense for Double spendingatack.
对于replay attack(重放攻击)的防范:增加交易技术器nonce,记录账户有史以来的交易次数,作为交易信息的一部分,有签名保护;
For replayatack( replay attack xff09; xff1a; increase transaction technology nnce, record the number of transactions in the history of accounts xff0c; xff0c as part of transaction information; have signature protection xff1b;
ETH中的两类账户:
Two types of accounts in ETH xff1a;
外部账户(externally owned account)
普通账户,由公钥、私钥控制;
具有:账户余额balance,
交易计数器nonce;
General account & #xff0c; public key, private key control xff1b;
with xff1a; account balance balance,
transaction counter nencexff1b;
合约账户(smart contract account)
合约账户不可以主动发起交易,可以在被调用的时候调用别的合约。
具有:代码code(不变), 存储storage(被调用后会发生改变);
Contract accounts may not initiate transactions on their own initiative xff0c; other contracts may be called when called.
has xff1a; code code code code code xff08; constant xff09; xff0c; storepage( changes after call xff09; xff1b;
以太坊ETH的创始人Vitalik(19岁);
Vitalik( 19-year-old xff09; xff1b;
基于账户的模式,怎样证明账户余额?
Account-based model xff0c; how account balances xff1f can be demonstrated;
设计问题:怎样描述账户状态?
Design problem & #xff1a; how to describe account status & #xff1f;
- 能否用一个大的hash表,表示账户余额状态?
大多数账户状态是不变的。账户数量远大约交易数量。
如果用Merkle Tree表示所有账户的最新状态,则数据量很大。每次交易都会改变某些账户的状态,若更新生成整个所有账户的Merkle Tree,计算代价很大。这与比特币系统仅仅存储交易的Merkle Tree是不同的。
如果采用hash表描述账户状态,为了防止篡改需要构建Merkle Tree,当由账户更新后,这个重新构建的过程是非常耗费算力的。
采用常规的 Merkle Tree表描述所有账户,不利于快速搜索;不排序的叶节点,构成的Merkle Tree是不唯一的,算出的root hash也是不唯一的。比特币系统中,也是不排序的,但是不存在问题,因为获得记账权的节点决定了区块的最终状态。
采用Sorted Merkle Tree表示所有账户,那么新增加账户的地址随机,会影响已有Tree的形状,需要重新计算Merkle Tree,会带来计算量很大;
总论:采用简单的数据结构无法合理表示ETH系统账户状态。
概念:trie,retrieval(信息检索),通常是由字符串key构成的<key, value>存储方式;
分叉数目:branching factor; 0~f + “
” = 17;
key值长度等于查找次数;
ETH的地址也是公钥hash的后160Bit地址(40*4bit[0~f]),ETH的key固定长度为40;
如果用hash表存储,理论上可能会出现地址碰撞(因为截取了后半部分);
trie不会出现碰撞,只要地址不同,最后在树的分支映射不同;(??为什么??)
节点插入顺序不同,不影响最终构造出来的树的形状;
缺点:很多单子节点的节点效率很低。
Concepts xff1a; xff0c; txff08; information retrieval xff09; xff0c; b ; storage
Patricia tree:路径压缩后的trie;
key值分布稀疏的情况下,压缩后效率提升明显。
去中心化系统,防止账户冲突,就必须产生稀疏化的地址;
Patricia Tree: trie;
with a thin distribution of key values xff0c; significant efficiency gains after compression.
Decentralised system xff0c; preventing account conflict xff0c; having to produce a diluted address xff1b;
MPT: Merkle Patricia tree;
把普通指针换成hash指针;
MPT: Merkle Patricia Tree;
replace the general pointer with the hash pointer & #xff1b;
ETH系统中采用Modified MPT
节点类型:
Extension Node:路径压缩的节点;
Branch Node:分叉节点;
Leaf Node:叶节点;
上级节点指向下级节点,不是普通指针,而是存储的hash值;
ETH uses Modified MPT
node type xff1a;
Extension Node: path compressed node xff1b;
Branch Node #xff1a; split node xff1b;
Leaf Node#xff1a; leaf node xff1b;
superior node pointing to lower node xff0c; not common pointer #xff0c; but stored hash value xff1b;
ETH系统中,账户状态发生改变后,每个全节点会新建一棵树,在新树中大部分节点与旧的节点是共享的,只有少数的节点需要新建分支。
为什么要保留历史状态?为了实现回滚roll back。
In the ETH system xff0c; xff0c after account status changes; a tree xff0c is added to each full node; most nodes in the new tree are shared with the old node xff0c; only a few dots require new branches.
Why keep the historical status xff1f; and to achieve rollback back.
<key, value>存储是经过序列化操作的;
RLP: Recursive Length Prefix,一种序列化方法;及极简主义;只支持一种类型nested array of bytes;
实现RLP比实现protal buff容易;
& lt;key, value> storage is & #xff1b;
RLP: Recursive Length Prefix, a sequential method & #xff1b; and ultra-simplistic & #xff1b; supporting only one type of array of bytes;
achieving RLP is easier than achieving protal buff #xff1b;
交易树和收据树可以提供Merkle Proof;
可以找到与某智能合约相关的交易;
A trading tree and a receipt tree can provide Merkle Proof;
can find transactions related to a smart contract xff1b;
bloom filer数据结构:
支持高效的查找某元素是否在指定集合里;
bloom filer对大集合digest计算出紧凑的向量,形成一个摘要;
方法,对集合中的元素计算hash,在向量中对应的hash位置,填1。
结论:元素在结合中,一定可以报出1,但是元素不在集合中,由可能报出1(出现hash碰撞)。
如果将集合中某元素删除,bloom filer不支持删除操作,因为可能有多个元素映射同一地址,强制设0,会误删。
bloom filer data structure & #xff1a;
supports an efficient search for whether an element has been calculated as a compact vector by xff1b;
bloom filer in a specified collection; xff0c; forms a summary xff1b;
method xff0c; computes the elements in a pool haz#xff0c; computes the hash#xff0c; hash position xff0c; fills 1.
conclusions #xff1a; elements in a combination xff0c; must report 1xff0c; elements are not in a pool xff0c; may report 1xff08; there is a hash impact xff09; if an element in a pool is deleted
; xfffffffffffffffffffffffffffffffffffffffff;fffffffffffffffffffffffffffffffffffffffffffff.;x.x.x.x.x.x.x.x.x.x.x.x.x.ffffffffffffff.x.x.;.x.x.x.x.x.
在查找区块时,可以通过bloom filer过滤掉大部分不符合要求的区块,只留下少数候选区块进行进一步筛选。
When searching for blocks & #xff0c; most non-compliant blocks & #xff0c can be filtered through Bloomfiler; only a few candidate blocks are left for further screening.
ETH:transaction-driven state machine,交易驱动的状态机;
BTC的状态机是UTXO;
状态转移都是确定性的;
ETH: trading-driven state machine & #xff1b;
BTC state machine is UTXO& #xff1b;
state transfer is determinative xff1b;
【代码讲解】
交易树和收据树的创建过程;
transaction tree and receipt tree creation xff1b;
ETH提升出块速度40倍后,带来新的问题:发布区块后,区块传递到网络其它节点的耗时较大,发布越频繁,表示挖矿难度越低,在网络延时下,越难以产生共识;
ETH raises block speed 40 times xff0c; creates new problems xff1a; post-distribution blocks xff0c; blocks pass to other nodes of the network with more time xff0c; releases more frequently xff0c; indicates that mining is less difficult xff0c; xff0c delay of the network; and the more difficult it is to generate consensus xff1b;
对状态临时性分叉的合并处理。
Merger treatment of temporary fork in a state.
ETH将ophan block表示为uncle block;
最初版本的设计:
uncle block的挖掘者,获取7/83个货币;
一个合法块合理包含两个uncle block;
合法块的挖掘者获得:uncle block数/323 + 3个货币;
uncle block数最大为2;
这样设计有利于分叉链的及时合并;
The original version of the design xff1a;
uncle block diggers xff0c; obtains 7/8 3 currencies xff1b;
a legitimate block reasonably contains two uncle block;
excavators obtain xff1a; uncle block/32m>3 & #43; 3 currencies xff1b;
uncle block up to a maximum of 2xff1b;
designed to facilitate the timely consolidation of the split chain xff1b;
最初版本的缺陷:
如果uncle block的数量大于3,只能被无收益的放弃;
有些矿池为了恶意竞争,故意不添加uncle block,给别人造成比自己更大的损失;
The deficiencies of the original version xff1a;
if the number of uncle blocks is greater than 3xff0c; can only be relinquished without profit xff1b;
some of the ponds competed for malicious purposes xff0c; intentionally not adding uncle block, causing greater losses to others than themselves xff1b;
ETH的改进版本:
合法分支上的新板块,可以认定上很多级的临时分叉为uncle block;总有新出块的矿工愿意包含上游uncle block;
如果在上游不断挖出uncle block,期待被包含,怎么办?
ETH规定了uncle block获得奖励递减的机制,当代uncle block获取7/83,上一代uncle block获得6/83,依次递减5/83,…,2/83;在向前就没有奖励了。必须和当前合法出块有共同的7代祖先才行(at most seven generation);
这样鼓励出现分叉及早进行合并。
ETH's improved version xff1a; xff0c on the legitimate branch
is expected to include xff1f; ;
在BTC的脚本中有CHECKMULTISIG检测多重签名,有个bug,修复bug会对协议改变,如果有群体不接收改变,就会出现硬分叉Hard fork,会永久存在;
In BTC scripts, CHECKMULTISIG detects multiple signatures & #xff0c; there is a bug, fixes bugs change protocols & #xff0c; if a group does not accept changes & #xff0c; there is a hard split Hard fork, there is a permanent existence xff1b;
在ETH中block reward比例高于gas fee;
ETH中没有规定定期减少block reward;ETH没有人为制造稀缺性;
(b)
ETH does not provide for a periodic reduction of block reward #xff1b; ETH does not create scarcity & #xff1b;
问题:
Question #xff1a;
-
uncle block上的交易是否需要被执行?
不可以被执行。因为uncle block可能包含冲突的交易,本身uncle block交易信息合法,但是执行完毕parent block后,uncle block中的交易就非法了。
合并uncle block仅检查该模块是否符合挖矿难度要求。Whether transactions on uncle Block need to be executed & #xff1f;
cannot be executed. Because unclock may contain conflicting transactions & #xff0c; its own uncle Block transaction information is legal & #xff0c; but when executed, transactions in parent block & #xff0c; unclique block are illegal.
Merge uncle block only checks that the module meets the mining difficulty requirements. -
分叉链条上的下游分块,可不可以算是uncle block?
这样会引来分叉攻击,使得分叉攻击的成本降低,因为分叉攻击不成功,那么也能挽回一些损失。xff0c on the fork chain; can it count as uncle block?
, which leads to a fork attack xff0c; lower cost of a fork attack xff0c; because a fork attack is unsuccessful xff0c; then some losses can also be recovered.
Etherscan.io
Block Chain is secured by mining.挖矿保证了区块链的安全。
bug bounty:悬赏寻找漏洞;
比特币属于天然的bug bounty,寻找bug就能获得利益,比特币系统获得了时间的检验。
比特币系统饱受争议的事实是,挖矿设备的专业化,违背了当初的设计理念。
中本聪的设计本意,“one cpu, once vote”;
Block Chain is secured by mining. The mining secures the block chain.
bug bounty: reward for finding loopholes & #xff1b;
bitcoin is natural bog bounty, search for bug for benefits & #xff0c; bitco system is time tested.
the controversial fact that the bitcoin system is xff0c; specialization in mining equipment xff0c; contrary to the original design concept.
the design of the brain xff0c; "one cpu#xff0c; oncevote"#xff1b;
比特性系统之后的加密货币,设计目标包含:ASIC resistance.
一种设计方法是增加对内存的需求,memory hard mining puzzle;
xff0c; design objectives include xff1a; ASIC response.
a design method to increase demand for RAM
LiteCoin采用的puzzle是基于scrypt算法,对内存需求很高。
array:seed -> hash(0) -> hash(1) -> …产生伪随机数;在整个求解过程中,需要保存很大的数组,需要内存空间。有些方法仅保存奇数内存,偶数计算出来(time memory trade off)。
理想puzzle的算法要求:difficult to solve, but easy to verify。
LiteCoin的验证过程和求解过程同样耗费内存。为了照顾轻节点,LiteCoin的数组设置为128k。
The Puzzle used by LiteCoin is based on the Scrypt algorithm & #xff0c; high demand for memory.
array: secure -> hash(0) -> hash(1) -> xff1b; xff0c throughout the solvency process; large arrays xff0c; need to be saved; memory space is needed. Some methods only save odd memory xff0c; even numbers are calculated xff08;time memory trade off #xff09;
the ideal pizzle calculation requires xff1a; diffult to Solve, but easy to vefy.
ETH采用两个数据集:16M cache, 1G dataset DGA;轻节点仅保留16M cache, 矿工需要1G DAG;
16M cache array:seed -> hash(0) -> hash(1) -> …产生伪随机数;
1G DAG:从cache中按照伪随机顺序读取元素,一共读取256次后,存储大数据集合中,按照这种方式不停的读取数据放入大数据集合中;大数据集存放满了后,从发数据中按照伪随机的顺序,选择一些元素及相邻数据,64次选择128个数据,获得最终的结果;
ETH uses two data sets & #xff1a; 16M cache, 1G dataset DGA; light nodes only retain only 16M cache, 1G DAG;
16M cache araray: Seed -> hash(0) -> hash(1) ->... producing false random numbers xff1b;
1G DAGff1a; reading elements from cache in a false random order xff0c; reading a total of 256 times xff0c; storing large data pools #xff0x6; #x0x0xx0xxxx6xxxxx6xxxxxxxx6xx6xxxxxxxxx6xxx6xxxx6XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXX.X.X
有些观点人为:大量通用计算机参与挖矿,危险更大,因为用来大量通用服务器的集团可能产生危险的攻击。
Some viewers are xff1a; a large number of general-purpose computers are involved in mining xff0c; there is a greater risk xff0c; and groups used for a large number of common-purpose servers may be exposed to dangerous attacks.
生成16M的cache
Generate 16M cache
生成1G DAG中的第i元素:
Generates an i element of 1G DAG & #xff1a;
生成大数据集:
Generate large data setsxff1a;
全节点挖矿函数:
(a) The full node mining function xff1a;
轻节点验证函数:
A light node validation function & #xff1a;
挖矿过程函数:
(a) The mining process function xff1a;
区块难度调整公式
D(H) = D0, if Hi = 0
max(D0, P(H)Hd +x*kesai2) + epsulo; otherwise;
where, D0=131072;
难度炸弹
设计初衷,当挖矿数量达到一定的程度后,采用权益证明代替劳动证明。
但是,权益证明遇到问题,目前没有很好的解决方案。
强制调整难度,推迟了权益证明的来临日期。
Designed for xff0c; xff0c when the number of digs has reached a certain level; using certificate of entitlement instead of proof of labour.
but xff0c; proof of interest xff0c; currently there are no good solutions.
forced adjustment difficulties xff0c; delayed arrival date of certificate of entitlement.
ETH发展的4个阶段
- Frontier;
- Homestead;
- Metropolis,又分为Byzantium, Constantinople;
- Serenity;
基于劳动量证明的共识机制,普遍的批评时浪费资源,能耗大(费电)。
Consensus-based mechanisms based on proof of labour & #xff0c; waste of resources during widespread criticism & #xff0c; energy consumption & #xff08; electricity & #xff09;
比特币每年总能耗 69.95TWh,相当于647W多美国家庭能耗,全世界能耗0.31%;平均每个交易1014度电,相当于34.26个美国家庭一天能耗。
The total annual energy consumption of Bitcoins is 69.95 TWh, equivalent to more than 647W of household energy consumption in the United States & #xff0c; 0.31 per cent of world energy consumption & #xff1b; an average of 1014 degrees of electricity per transaction & #xff0c; equivalent to 34.26 United States households per day.
ETH能耗随时间增长,每年19.78TWh;平均每个交易67Wh;
ETH energy consumption over time xff0c; 19.78TWh; per year; average 67Wh; per transaction;
权益证明的基本思想:挖矿拼算力,本质是拼装备,不如直接拼钱。virtual mining,不直接挖矿,直接用所持有的货币数量多少进行投票。
The basic idea behind the certificate of entitlement is xff1a; the power of mining xff0c; the essence of the device xff0c; rather, it is a direct effort. virtual mining xff0c; non-direct mining xff0c; and direct voting on the amount of money held.
AltCoin Infanticide:外部攻击将加密货币扼杀在摇篮中;
AltCoin Infanticide: external attack strangling encrypted currency in cradle #xff1b;
按照货币数量进行投票,如果想要攻击,就必须获得这个币种的51%。无法直接从外部攻击,比如装备竞赛。如果有人攻击,大量买入这个币,那么这个货币的价格就会快速上涨。
Votes xff0c according to the amount of money; 51% of this currency must be obtained if you want to attack xff0c; it cannot be attacked directly from outside xff0c; e.g. equipment competition. If someone attacks xff0c; buys the currency in bulk xff0c; then the price of this currency rises rapidly.
Proof of Deposit
权益证明与工作量证明不是互斥的。挖矿难度与持币数量是相关的,持币越多,挖矿难度越小,被用来降低挖矿难度的币,会锁定一段时间。
基于权益证明该怎么设计,面临很多挑战。
权益证明,投币降低难度,在没有成功出块的情况下,所投币并不会被锁定,遇到nothing at stake现象,会降低分叉攻击的投入成本。
Proof of Deposit
benefits prove that they are not mutually exclusive. The difficulty of mining is related to the amount of currency held xff0c; the more currency xff0c; the less difficult xff0c; the harder to dig xff0c; the currency used to reduce the difficulty of mining xff0c; is locked for some time.
rights-based proof of how to design xff0c; faces many challenges.
equity proofs xff0c; currency drop xff0c; xff0c in the absence of a successful block; the deposit is not locked xff0c; encounters nothing at stake xff0c; reduces input costs for a split attack.
ETH采用Casper the Friendly Finality Gadget(FFG)
每个epoch结束后,由两轮投票Prepare,Commit,每轮有2/3验证者,才算通过;
优化后将100轮的epoch变为两个50轮的epoch,没轮依次投票,分别为Prepare,Commit,连续两个epoch投票2/3才算通过。
验证者可以得到参与奖励,如果验证者有不良行为有惩罚。
如果有人攻击,一定是有一部分人两分支投票,这部分人至少1/3,一旦被发现,保证金全部销毁。
ETH uses Casper the Federal Financiality Gadget( FFG)
after the end of each epoch & #xff0c; Prepare, Commit, 2/3 Certator & #xff0c; 2/3 Certator per round & #xff1b;
Certorator can get the participation reward #xff0c; if the certifier is punished for bad behaviour
#xff0c; if there is an attack #xff0c; if there must be two sections of #xff0c; #xff0c & destruction;
Verifyer can get the participation incentive #xff0c; if there is a penalty.
目前主流加密货币还采用工作量证明,权益证明还不成熟,没有经历过检验。
Currently, mainstream encryption currencies also use workload certifications & #xff0c; certificates of entitlement are premature & #xff0c; no tests have been carried out.
智能合约是运行在区块链上的一段代码,代码的逻辑定义了合约的内容。
智能合约的账户保存了合约当前的运行状态:
A smart contract is a code that runs on the block chain xff0c; the code logic defines the content of the contract.
the smart contract account retains the current active status of the contract xff1a;
- balance:当前余额;
- nonce:交易次数;
- code:合约代码;
- stage:储存,数据结构是一棵MPT;
Solidity是智能合约的常用语言;
发起合约,就像是发起了交易。这个合约会被打包在区块中(合约状态)。合约代码不能被合约账户调用,只能被外部账户调用。
Launching the contract xff0c; it's like initiating a transaction. This contract is packaged in blocks xff08; contract status xff09;. The contract code cannot be called by the contract account xff0c; it can only be called by an external account.
gas fee
智能合约是一个图灵完备的编程模型。
智能合约的调用出现死循环怎么办?出现Halting problem,不可解。
Smart contracts are a complete programming model for Turing.
Smart contracts call death loops. #xff1f; Halting problem, insoluble.
将问题推给发起交易的人:
智能合约中的指令要收取汽油费,由发起交易的人来支付。
EVM中不同指令消耗的汽油费时不同的。
xff1a;
instructions in an intelligent contract are charged for gasoline xff0c; they are paid for by the person initiating the transaction.
gasoline consumed by different commands in EVM varies in time.
错误处理
一次交易要么完全执行,要么完全不执行,不会执行一半。
如果在执行交易过程中出现出错,会出现全部回滚,状态就像交易没有被执行过。
A transaction is either fully executed xff0c; or not executed at all xff0c; not executed at half.
If there is an error in the execution of the transaction xff0c; if there is a rollback xff0c; state is like the transaction has not been executed.
如果执行到一半,gas limit被耗尽,合约回滚,已经消耗的gas fee不退费。
如果退费,则恶意节点会发动浪费资源的攻击。
If half of xff0c is executed; gas limit is depleted xff0c; contract rollback xff0c; already consumed gas feed is not refunded.
If refund xff0c; if malignant nodes launch a wasteful resource attack.
嵌套调用
如果智能合约A调用智能合约B,如果B执行异常,会发生连锁回滚吗?
这取决于A调用B的方式。
If smart contract A calls smart contract B, if B executes an anomaly & #xff0c; does a chain rollback occur xff1f;
depends on how A calls B.
智能合约在本地执行过程中,修改的都是本地的状态,只有才合约执行完毕后,发布到区块链上,本地的修改才会变为共识。
Smart contracts are implemented locally & #xff0c; all modifications are local & #xff0c; only after the contract is executed & #xff0c; published on block chains & #xff0c; local changes become consensus.
先挖矿,还是先执行合约?
先执行智能合约,产生交易,才能产生block header的内容,才能挖矿找nonce。
Smart contracts & #xff0c; generating transactions & #xff0c; generating black header content & #xff0c; mining nonce.
执行合约后,没有挖到矿,白执行合约,能得到什么补偿?
在ETH中,得不到任何补偿。
不仅如此,别人挖矿成功后,每个全节点需要在本地运行验证别人发布的区块。
只有挖到矿的矿工才有补偿,其它矿工都是“陪太子读书”。
xff0c in ETH; receive no compensation.
not only xff0c; xff0c after someone's success in digging, xff0c; each full node needs to run locally to verify a block released by someone else.
Compensation is only available to miners who dig up a mine xff0c; all the other miners are "accompanies the prince".
如果不执行验证,那么本地的状态就不对了(没有同步正确状态),就无法继续参与挖矿。
If the validation is not performed xff0c; then the local state is wrong xff08; there is no synchronous correct state xff09; xff0c; and no further involvement in mining is possible.
如果合约执行错误,是否要发布的区块链上?
执行发布链上的交易,也要发布到区块链上,需要发布后才能扣去汽油费。
The transaction on the release chain xff0c; it is also published on the block chain xff0c; it needs to be published before the petrol price can be deducted.
智能合约是否支持多线程?
合约代码的编程语言Solidity不支持多线程。
多线程会引起执行结果的不确定。
ETH的智能合约不能产生真正意义的随机数,只能是伪随机数。目的是执行结果必须是确定性的。
智能合约code不能通过像普通计算机语言,执行系统环境语言。智能获取区块链的信息。
The programming language of the contract code Solidity does not support multiple threads.
multiple threads can cause uncertainty about the results of implementation.
ETH's smart contract cannot produce a genuine random number xff0c; it can only be a false random number. The purpose of the execution must be certain.
The smart contract code cannot be used as a normal computer language xff0c; executing system environment language.
2016年的ETH案例,造成了ETH分裂,改写了历史。
DAO:Decentralized Autonomous Organization.去中心化的组织。
2016年5月,出现了致力于众筹投资的组织,the DAO;
1个月筹集了一个亿的以太币,众筹速度历史罕见;有人预测,3~5年后theDAO的影响力将超越以太坊本身;
如何换回投资报酬:通过拆分的方式,split DAO,建立子基金childDAO的方式;
如果一小部分人,要投资小众项目,可以拆分子基金,换算成以太币,然后重新投资;
这也是投资者取钱的唯一途径;
ETH case xff0c in 2016; resulting in ETH split xff0c; recasting history.
DAO: decentralised organization.
May 2016 xff0c; emerging organization committed to public investment xff0c; the DAO xff1b;
1 month to raise a billion in taco xff0c; popularly collected xff1b; forecasted xff0c; 3~5 years later the influence of the DAO will be greater than xff1b; b/> how the investment will be restored xff1a; xxfxxxxxxxxxxxxxxxxxxxxxxxxfxxxxxxxxxxfxxxxxxxfxxxfxxxxxfxxxxfxxxxxxfxxxxxxxxxXxxxxxxxxxxxXxxxxxxxxxxxxxx ffffff ffffffffffffff ffffffffffffffffffffff
split DAO思想没错,但是代码实现由漏洞,被黑客攻击获取了1/3的以太币;
theDAO只是ETH上的智能合约;ETH的开发团队支持补救措施,实施回滚,但其它人不赞同;
补救措施原则,需要精确定位,只是回滚黑客盗取的那次交易;
ETH团队升级软件,加入新规则,与theDAO相关的账户交易不被认可,大多数用户升级了软件,产生了软分叉;
遗憾的是,补救软件引入了bug,有关汽油费的问题,与theDAO相关的交易不被认可,那么汽油费是否还有收取?按照之前的软件,不合法的合约是要收取gas fee的,为了防止合约发布者的恶意发布。ETH因为判断为theDAO账户交易就不收gas fee,结果导致大量的这种攻击,大量客户回滚了软件版本,软分叉版本失败。
ETH开发者使用了硬分叉,将theDAO账户钱转到新合约,新合约只有退钱功能;因为硬分叉的分钱交易没有签名,不会被旧矿工认可,所以就产生了硬分叉;
最后ETH投票,绝大多数人支持硬分叉,最终黑客没有获利。
硬分叉后,新链货币为ETH,旧链货币为ETC;有人在旧链是出于信仰,有人在旧链是出于投机;
刚分叉初期,不同链上会有重放攻击,增加chainID来防止;
xff0c;
关于智能合约的反思
Is smart contract really smart?
智能合约并没有用到AI技术,有人认为称作“自动合约”更加恰当。
Smart contract is anything but smart.智能合约并不智能。
Is smart contract really smart?
smart contracts do not use AI technology & #xff0c; it is suggested that the term “automatic contracts” is more appropriate.
Smart contract is anything but smart.
不可踹改性是一把双刃剑。
Irrevocability is a double edged sword.
Irrevocability is a double edged sword.
思考:智能合约已经发现漏洞,但是已经发布了,该怎么办?
用黑客相同的手段,将旧合约的钱转入新的无漏洞合约。
Thinking about #xff1a; Smart contracts have found loopholes xff0c; but xff0c has been released; what to do xff1f;
hacking the same xff0c; and transferring old contracts' money to new no-fault contracts.
没有什么是不可被篡改的。
Nothing is irrevocable.
一般情况下,区块链上的内容难以篡改,但是遇到重要情况,还是可以被修改的。
Nothing is unalterable.
Nothing is irrevocable.
in general xff0c; content on block chains is difficult to tamper with xff0c; but important circumstances xff0c; it can still be modified.
从语言设计上的反思。
Solidity是反自然的。fallback函数在转账时会被调用。
Is solidity the right progamming language?
Rethinking from language design.
Solidity is anti-natural. Fallback functions are called when transferring.
Is solity the right transferring language?
编写智能合约的语言,应该具备怎样的表达特性。
现在合同对语言的约束,是在标准的模板上进行编写合同。
后面可能会有智能合约的标准模板,或者专门公司编写智能合约。
The language in which a smart contract is written xff0c; what expression should be.
The language of the contract is now bound xff0c; the contract is written on a standard template.
may be followed by a standard template for a smart contract xff0c; or a specialized firm may write a smart contract.
Many eyeball fallacy(错误认知,misbelief)
开源代码,可以被公众检测。
实际由精力和能力检验智能合约的人,可能很少。
Many eyeball fallacy( misperceptionsxff0c; misbelief)
open source xff0c; can be tested by the public.
People who actually test intelligence contracts by energy and ability xff0c; may be very few.
去中心化与分布式不等价。
去中心化系统,一定是分布式系统。
但是分布式系统,可能是属于某个中心节点管辖。
Decentralized versus distributed prices vary.
Decentralized systems & #xff0c; must be distributed systems.
But distributed systems & #xff0c; may belong to a central node.
状态机常见的应用场景:不间断的对外提供服务。
mission critical applications;
airtraffic control;
stock exchange;
space shutlle;
传统状态机系统,计算机的数量较少,运行效率低,通常比一台要慢,因为要同步数据。
Common applications for state machines & #xff1a; uninterrupted external service.
mission civil applications & #xff1b;
international control & #xff1b;
stock exchange & #xff1b;
space shuffle;
traditional state machine systems xff0c; fewer computers xff0c; low operating efficiency xff0c; usually slower than one xff0c; for synchronizing data.
2018年4月。
美链是一个部署在以太坊上的智能合约,有自己的代币BEC。
没有自己的区块链,代币的发行、转账都是通过调用智能合约中的函数来完成的。
可以自己定义发行规则,每个账户有多少代币也是保存在智能合约的状态变量里。
ERC20是以太坊上发行代币的一个标准,规范了所有代币的合约实现的功能和遵循的接口。
美链中有一个叫batch Tansfer的函数,它的功能是向多个接收者发送代币,然后把这些代币从调用者的账户上扣除。
利用程序漏洞,计算溢出的漏洞,使得不扣钱情况下,获取钱。
April 2018.
The US chain is a smart contract deployed in the Taiwan xff0c; it has its own token BEC.
does not have its own block chain xff0c; it is issued and transferred by calling the functions in the smart contract.
can define its own rules of issuance xff0c; its function is to send coins to multiple recipients xff0c; it then deducts those coins from the account of the switcher.
ERC20 uses a procedural gap xff0c; calculates an overflow gap x0c; makes no deduction #x0c; .
有人认为:保险系统采用区块链,可以加快理赔速度。
观点不正确,因为理赔环节长主要是由于人为鉴定环节的时间长,而不是支付环节长。使用区块链同样绕不开人为的鉴定环节。
xff1a; the insurance system uses block chains xff0c; it can speed up the processing of claims.
the view is incorrect xff0c; because the length of the claims process is mainly due to the length of the artificial identification chain xff0c; not the length of the payment chain.
有人认为:区块链可以追溯食品链路,从而保证食品安全。
观点不正确,因为区块链只能防止不被篡改,但是食品链条上的输入数据是否正确,食品是否被掉包,区块链自身无法保证这些。
主要公正的三方机构,检验与签名得到保证。
The view was expressed that xff1a; block chains can trace the food chain xff0c; thus ensuring food safety.
view is incorrect xff0c; since block chains can only prevent manipulation xff0c; however, the input data on the food chain are correct xff0c; whether the food has been switched xff0c; the block chain cannot guarantee this by itself.
the main impartial tripartite body xff0c; testing and signature is guaranteed.
有人认为:刷信用卡被骗,可以退款,区块链支付无法退款。
观点不正确。信用卡退款,是由社会制度保障的。信用卡退款其实是一笔支付。
Some argue that xff1a; credit card fraud xff0c; refundable xff0c; block chain payments cannot be refunded.
is incorrect. Credit card refunds xff0c; are guaranteed by the social system. Credit card refunds are actually a payment.
区块链的支付速度是相比较而言的,和刷信用卡比较显得慢,和跨国转账比较,显得快。
The payment speed of the block chain is xff0c for comparison purposes; xff0c for credit card use is slower; xff0c for cross-border transfers is faster. xff0c for cross-border transfers.
中心化的管理方式与去中心化的管理方式各有利弊。
去中心化不是万能的。
There are advantages and disadvantages to centralization and decentralization.
Centralization is not everything.
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论