Bitcoin: A peer-to-peer electron
Paper Reading
- Objective
Electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.
Solve the double-spend problem: We need a way for the payee to know that the previous owners did not sign any earlier transactions. The only way to confirm the absence of a transaction is to be aware of all transactions. The trusted party is aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced, and we need a system for participants to aggree on a single history of te order in which they were received.
目标:
建立一个基于密码学的证明进而取代之前的信任模型,允许进行交易的双方摆脱传统可信任第三方的依赖。
解决双重支付问题:我们需要让收款人知道之前的coin持有人是否签名过更早的交易。确认之前交易是否已经进行的唯一方法是获知所有交易信息。从前的可信第三方(银行)可以确认哪一笔交易率先处理。若要完成去中心化,交易需被完全公开,致使我们需要一个所有参与者都承认只有一条交易历史链条存在的系统。
- Transactions with trusted party
The electric coin is defined as a chain of digital signatures. Each owner ransfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin.A payee can verify the signatures to verify the chain of ownership. The problem of the course is the payee cannot verify that one of the owners did not double-spend the coin. The common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued direcly from the mint are trusted not to be double-spent.
交易:
电子货币可以使用数字签名链来定义。 每个coin拥有者可以对从前交易的哈希值+收款者的公钥进行数字签名,然后将其加入到签名链的最后。收款者可以验证这些签名来验证coin的归属。主要问题还是在于double-spend上面。常见的解决方法是利用可信第三方来检查double-spending。每个交易后,coin要被mint回收来生成一个新的coin,只有mint生成的coin是可信的而且不会被双重支付。
-
Timestamp Server
A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.
image.png
每个时间戳都包含其哈希值中的前一个时间戳,形成一个链,每个附加时间戳都会加强它之前的时间戳。
-
Proof-of-Work
Use proof-of-work system to implement a distributed timestamp server on a p2p basis. The PoW involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of 0 bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
select different a to solve the problem: H(a|x) -> Y. Y is a small set compared to the full hash value set.
PoW is implemented by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the PoW, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.
image.png
PoW is 1-CPU-1-vote. The majority decision is represented by the longest chain, which has the greatest PoW effort invested in it.To modify a past block, an attacker would have to redo the PoW of the block and all blocks after it and then catch up with and surpass the work of the honest nodes.
PoW 机制实际上是利用一个暴力搜索问题实现的。由于找到哈希值头部为部分0的问题只能用穷举法进行搜索,穷举的工作量就会被看作是一种证明, 而且需要很多计算能力才可以完成。找到了对应nonce后验证nonce的正确性只需要执行一次哈希。
- Network
Steps to run the network are as follows:
(1) New transactions are broadcast to all nodes.
(2) Each node collects new transactiosn into a block.
(3) Each node works on finding a difficult PoW for its block.
(4) When a node finds a PoW, it broadcasts the block to all nodes.
(5) Nodes accept the block only if all transactions in it are valid and not already spent.
(6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash
