Block Chain - Security Solutions synthesizer
A brief history, the block chain
Block chain is a digital currency for billing system (Bitcoins) design of cryptographic solutions
Nakamoto said: decentralization is inevitable!
Bitcoin is designed to create P2P digital currency accounting system (decentralized everyone can journal)
The two main technical support Bitcoin: block chain - cryptographic technology solutions P2P network - decentralized accounting of network technology facilities
Decentralized to accounting
· Disclosure mechanism books - each hand may have a books, is true.
No longer recorded on the balance of household participants · books, but only records each transaction. That record payer, payee and payment amount for each transaction. As long as the initial state of the books is determined, each transaction record and have reliable timing, how much money is currently holding everyone can figure out. (Everyone it would be billing for your wallet for quick check balances)
· Books by the public instead of private, as long as any participant need, you can get the current complete books, recorded books on books from the beginning to create all of the current transaction.
· The basic assumption: we must be honest and trustworthy, or that more than half of them need to be honest and trustworthy, acknowledge that the books really determined to be true, even if a small number of people (less than half) collective counterfeit books, in line with the principle of majority, really books still make will not be replaced.
Block = books
Essence of block chain: account book is bit block currency system, the plurality of blocks is a block chains linked together
A block recorded multiple transactions
Block is in order, there will be only a block parent block
Block and block chain needs are the most important safety integrity
Second, the two aspects of integrity
Transaction history of integrity: the integrity of the whole chain of books (block chain)
• After the transaction irreversible, complete transaction history can be traced back
The integrity of the transaction itself
All transactions on the books (block) complete
• Do not tamper with
Solution: hash function Digital Signatures and Cryptographic Hash digital signatures and encryption scheme
Block consists of two parts:
Area header (head):
• Record the current meta-information block
· Integrity before a header area Hash-> Transaction history
· Merkle roots Hash-> transaction integrity itself
Header area of 80 bytes is fixed Nonce (Number once) Hash Usually 256bit hash value is generated by SHA-256 algorithm is 32 bytes
Block body (body):
· Record the actual transaction data, etc.
Just as the chain connected to each other between the block and the block
All of the blocks on a chain of a Hash current record is changed before all / delete / replace Hash changed verifies not on
The integrity of the transaction itself
HASH Merkle tree is a binary tree, which is a rapid induction and used as a large-scale data integrity check of the data structure
Build the entire collection of digital transactions kiss, provides an efficient a way to check whether there is a trade block
* Calculated at most log 2 2 (N) can check out whether any of the data elements in the tree, the data structure is very efficient (Because this is a binary tree)
Merkle tree in the bit currency, the transaction SHA256 algorithm is used twice, so the HASH algorithm is also referred to as double-SHA256
Merkle tree
H A = the SHA256 (the SHA256 (transaction A)) H AB = the SHA256 (the SHA256 (H A + H B )) so that the entire Hash Merkle root is actually a set of transactions
How to verify whether the transaction K exists in the block?
First calculate H K , ······ blue HASH is check out the green HASH is calculated; the calculated final root, Merkle with roots in the header area comparison, if the same, then the description of the transaction the present block.
Blue - check out Green - calculated
Participants block chain There are two types: FULL PEER & SPV CLIENT
Full Peer store a complete Block, including Block Size + Block Header + Transsaction Counter + Transactions
SPV (Simplified Payment Verification) Client, only stores streamlined Block: Block Size + Block Header
to sum up
The integrity of transaction history, from the previous zone header header area of HASH integrity assurance, the transaction itself, the header area of Merkle roots HASH guarantee (not all blocks have Merkle data structure, only in Full Peer block only)
Third, the workload proved
Who generating block (accounting) - Miner
Bitcoin participants can have two identities: traders, miners
· Participants can both these two identities simultaneously
Bitcoin miners engaged in "mining" activity: trading record about the recent events in the books (block generated and added to the chain)
Miners have a possibility to get paid
Miners can leave at any time, you can also add to the mix of new miners (characteristics of P2P systems) at any time
Mining is a certain difficulty (there is a certain amount of calculation), there is competition between miners
Miners mining motives: bitcoin reward
Who should create a new block, who will be able to get bitcoins
As the miners and trading activities, increasing the number of Bitcoin.
Miners work:
Collect a single transaction
Payer for each transaction, we want not only to a single transaction to the payee, the transaction would also have to be delivered to a single inbox for each group of miners
Miners themselves regularly to trade a single inbox to collect and remove
Fill in the books:
Press point pen transaction records
Fill area header, before a header area HASH value, Nonce value, etc.
Nonce value can be filled a number
Confirm new block / books:
A miner generated a block, in order to be rewarded, other miners must please immediately confirm their work, so the miners must be valid block at full speed into the hands of other miners ask for confirmation
System requirements when a miner to a new block other miners sent, must immediately stop mining work of the hands of confirmation
Information needed to confirm there are three:
HASH meet the requirements of the block difficulty value
Block before a valid block: a block former is indeed his last block, correct and HASH
Effective eleven list of transactions as payer have balance
Workload proof (Proof-of-work)
New block must satisfy two conditions: 1, the new transaction is to be recorded block system (other miners) confirmation 2, HASH New header value must meet the requirements of calculation
When the miners to add their own chain of blocks, and has been mining the miners continue along this block, he said this block has been recognized by the other miners
New block header HASH calculation requirements must be met, namely:
· Selecting the proper miners a Nonce random number, so that: H (prev_hash, Nonce, Merkle_root ,: other header field) <E (note Prev_hash, Merkle_root, ..... many are not changed, the change can be a Nonce, so keep the value of modifying Nonce, it's difficult to comply with the provisions of E)
E is the difficulty of a predetermined value system, such as:
0X00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Verification is easy. But proof-of-work is hard
Consider the bit sequence of length 256
For N zeros , because the SHA-256 output is effectively random , gettingzero bits = same as flipping a coin and getting N heads in a row
For N zeros , have to try 2 N/ 2 Nonces。。。
·N = 1 . . Try 1 nonce
·N = 16 . Try 32768 nonces
·N = 32... Try 2 billion nonces
Winning a block proves the miner did work
for example:
Design such a complex algorithm, it is to maintain the tile generation speed is not too fast.
Difficulty value principles: average block chain is designed to generate a new block every 10 minutes
Need to regularly update the difficulty value of E (every 2016 blocks): difficulty value is updated regularly principle
The whole network will be automatically generated statistics over the past 2016 block time-consuming re-calculate the next 2016 block difficulty value of the target value
A block generation rate by 10 minutes, 2016 * 2016 blocks the generation time of 10 minutes = 14 days
= Current target new target * actual block time out block 2016/2016 theoretical time blocks in which blocks (14 days).
4, the consensus mechanism
Integrity: Do not tamper with
Based on the assumption: more than 51% of the participants are honest.
Because the miners are working in parallel, it is possible to simultaneously receive two blocks legitimate
These blocks are: they are based on the current block chain miners of the last block
And block content is perfectly legal (ie, the recorded transaction valid)
HASH header area to meet the requirements of the difficulty value
So we should not be organized in a linear fashion books, and the books should be organized in a tree, any time, all the current longest branch as the main books, but retain other branches
To see who becomes longer, who will become longer recognized who
In order to prevent the block chain becomes a tree, we require:
The recipient can not be confirmed at the time of completion of the transaction announcement hang out immediately, but should look for some time, and other mining group again confirmed hang out six blocks, and the previous block has not been canceled, the money has to be confirmed accounts
Hanging six blocks to confirm the purpose is to prevent attacks on the block chain
double-spending
After the payee to confirm payment, establish additional single transaction from another branch, before payment of the cancellation, and will pay the same amount of money again to another person
Against the principle:
We know from the front: generate valid block is not so simple, it takes a lot of computation.
If a block contains an acknowledgment that you received the money, and later they lasted six blocks, the attacker wanted in the case behind six of the current main branch is very difficult to catch up from another branch, unless the attacker has a lot of force count, count more than the force of all the other miners and honest
So the more you block his safety chain when participants
That mining activity leads to increase in the number of Bitcoin has been down, it would not be serious inflation?
Beginning protocol miners 50 bits per generating a credits books (one block), reward
Later, whenever the books increase 21,000 pages, reward halved, for example, when 210,000 pages, books each generate a 25 bit bonus credits, after 420,000 pages, each generating a bonus 12.5, and so on
Once the books reach 6,930,000 pages, generate new accounts on this page is not rewarded. At this point Bitcoin is about 21,00000 a whole, which is the total amount of Bitcoin, so it will not increase indefinitely go on
After no reward, no one miner, would not be no one to help confirm the deal?
When that happens, the miners will benefit from the income generated block becomes a handling fee.
For example, you can specify the miners paid to the account page generated 1% of the fee at the time of transfer, each miner will select high priority single transaction fee confirmation (by that time, Bitcoin large scale, there is a lot of trading)
How to prevent tampered with?
Due to: block the HASH = the SHA256 (the SHA256 (Version + prev_hash + Merkle_root + + current timestamp difficulty + a Nonce ),
Attack 1: Change transaction records within a block, then Merkle roots do not correspond
Attack 2: attacker to change transactions and Merkle root , then the blocks do not correspond HASH
Attack 3: A bad miners did not reach the degree of difficulty required to submit a block, then anyone will be verified according to the formula errors are found difficult requirements, or as long as 51 percent of people admit mistakes That attack failed
Attack 4: The attacker changes the contents of the block and the block HASH , it will lead to saving in the nextーdistricts header of this block prev_hash do not correspond, 51% of people admit mistakes so the attack fails
Attack 5: Suppose the attacker control 51% or even higher operator force, then become good citizens ー legitimate earnings will be larger and more secure
Dian five public key cryptography to achieve identity, the transaction signature
Public key, mainly for transactions inside
Transaction records and process
For each transaction (a unique number), payer signature, signature block on the transaction record SIGNED private payer (currently trading + payee Public key)
Anyone can verify
Anyone can track transaction history
No change for the transaction credits bit output equal to the input
Trading books
Public-Key Cryptography: Transaction complete / available certification / non-repudiation
Such as validation of transaction 3:
Trading 3 includes: input and output, signature 2.Bob of the transaction, 3.Bob public
Input Output 0 of the transaction from the transaction 3 2
Then Bob's public key to verify who converted to purse address (see next page), and output wallet address 0 (2 traded payer signed name) transaction 2 do comparison,
If not equal, the transaction was invalid
If equal, then Bob's public key to verify the signature, verified,
1) confirmed that Bob does have an output of 2 0 of transaction money
2) The transaction was initiated by Bob
3) ensure the integrity of the transaction
Finally, check whether the money input is greater than equal to the output of money
SECP256K1 cryptographic algorithm is based on elliptic curve
RIPEMD160 is a hash algorithm
Public key algorithm is SECP256K1 (based ECC), taking into account the relatively high intensity the algorithm and the public key of relatively short
Anonymity
Although each person's public key is anonymous, but the books are open, we can see the public Bitcoin owner, would not all of his accounts are checked out
1. Each of the real identity of the person behind the public is confidential and 2. he can have an unlimited number of public
If every transaction with a different public key, so we can not track down all the accounts of the same person
to sum up
完整性 Integrity→Digital Signatures and Cryptographic Hash Is the coin double-spent? Can an attacker reverse or change transactions?
身份标识 Authentication→Public Key Crypto: Digital Signature Am I paying the right person? Not some other impersonator?
Privacy Privacy → Pseudonymity (participants can have multiple public) Are my transactions private? Anonymous?
可用性 Availability→Broadcast messages to the P.2 P networkDistributed storage Can I make a transaction anytime I want?