The Bitcoin system is an internet-based decentralized ledger.
From the perspective of a decentralized ledger system, each node that joins the system must keep a complete ledger , but each node cannot keep accounts at the same time, because the nodes are in different environments and receive different information. If If the accounts are kept at the same time, it will inevitably lead to inconsistencies in the accounts.
Therefore, a consensus mechanism is needed to determine which node has the right to keep accounts.
The Bitcoin system has designed a mechanism to compete for bookkeeping rights based on the computing power (ie "computing power" ) of each node .
However, in a decentralized system, who has the power to decide the outcome of the competition?The Bitcoin system is accomplished through the Proof of Work (POW) mechanism. POW is a proof that a certain amount of work has been done on the work side.
The main feature of POW is the unidirectionality of computation:
The work side needs to do some difficult work to get a result;
The verifier can easily check whether the worker has done the corresponding work through the result.
If any node in the Bitcoin system wants to generate a new block and write it into the blockchain, it must solve the problem of the Bitcoin system (that is, to complete a certain amount of work). The three key elements of the problem are : Proof of Work function, block and difficulty value.
The proof-of-work function used in the Bitcoin system is SHA-256 . A block in the Bitcoin system consists of a block header and a list of transactions contained in the block. The difficulty value of the Bitcoin system is determined by the number of leading zeros in the block hash value. The more leading zeros are required, the greater the difficulty value is.
The process of Bitcoin POW can be simply understood as the process of taking different nonce values as input, trying to perform SHA-256 hash operation, and finding a hash value that satisfies a given number of leading 0s.
The difficulty value of the Bitcoin system is set at a rate of one new block every 10 minutes , regardless of node computing power .
Bitcoin’s proof-of-work is the main work commonly known as “mining”.
Because the hash function is a one-way function, it is easy to calculate the hash value based on the random number, but it is computationally impossible to reverse the random number from the hash value. Therefore, it can be considered that the hash result less than or equal to the target difficulty value is obtained. , with a high probability of being obtained by computation (i.e. doing the work).
Why the leading 0 number can be used as the difficulty value?For example, repeating N times (N approaching infinity) throws a six-sided dice, each throw can throw a number below 6 (including 6), but if you want to roll a number below 3, get For each result, the average snow needs to be tossed twice;
That is to say, it is twice as difficult to roll "under 3 (including 3)" than throwing "under 6 (including 6)", and requires double the "workload".
If the difficulty coefficient (difficulty degree) of the rule "below 6" is defined as "1", then the difficulty coefficient of the rule "below 3" is "2", which means that in order to meet the requirements of the rule, twice the workload is required ; The difficulty factor of "below 1" is 6, which means that the rule requires 6 times the amount of work.
How is the Bitcoin difficulty value updated?In the Bitcoin protocol, a 256-bit integer is specified as the difficulty "1", as follows:
0x00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Under the computing power of the entire network at that time, it took about 10 minutes of hash calculation workload to meet this rule (the hash value of mining is less than or equal to this number).
If you want to ensure that the working time of 10 minutes is constant, then when the computing power is increased by n times, the difficulty value needs to be increased by n times.
The Bitcoin system updates the difficulty value every 2016 blocks, and the algorithm for updating the difficulty value is as follows:
[new_target]=[prev_target]*[The time it took to generate the first 2015 blocks]/1209600
Among them, 1209600 is the number of seconds required to produce a block and 2016 blocks every 10 minutes according to the standard.
The basic process of POWThe steps for a Bitcoin node to solve the proof-of-work problem can be roughly summarized as follows:
1. Generate a minting transaction, and form a transaction list with all other transactions to be packaged into the block, and generate the Merkle root hash through the Merkle tree algorithm;
2. Assemble the Merkle root hash and other related fields into a block header, and use the 80-byte data of the block header as the input of the proof of work;
3. Constantly change the random number in the block header, that is, the value of the nonce, and perform double SHA-256 operation on the block header after each change, and compare the result value with the target difficulty value of the current network. If it is less than the target value, the problem is solved successfully and the proof of work is completed.
It is worth mentioning that: the Merkle tree of the Bitcoin system records the transactions of the current block; the Merkle tree of Ethereum records the full amount of transactions, and the ledger only records the value of the changed blockchain each time, which requires the entire network to backtrack. Get the currency value in an account.
POW-based consensus bookkeepingNext, take the accounting process of the Bitcoin system as an example to illustrate the POW-based consensus accounting steps :
1. The client generates a new transaction and broadcasts it to the whole network to request the accounting of the transaction;
2. Once each accounting node receives this request, it will incorporate the received transaction information into a block;
3. Each accounting node goes through the POW process and tries to find a proof of work with sufficient difficulty in its own block;
4. When a node finds a proof of work, it broadcasts it to the entire network;
5. Other nodes will recognize the validity of the block if and only if all transactions contained in the block are valid and have not existed before;
6. Other nodes identify that they accept the block, and the way to express acceptance is to follow the end of the block, making a new block to extend the chain, and treat the random hash of the accepted block as the first block. The random hash of the new block.
比特币系统中限定区块大小为1MB,每一区块需要6次确认后,区块包含的交易才被确认。
通过上述的记账过程,客户端所要求记录的交易信息被写入了各个记账节点的区块链中,形成了一个分布式的高概率的一致账本。
关于分叉比特币系统采用的基于POW共识机制,就是让矿工互相竞争求解一个数学题,谁先解出来了,他就把自己成功的消息广播出去,全体矿工就都过来把那一页目抄写一份,贴在自己账本的最后面,然后又开始新的记账过程。
在这个过程中,经常会出现这样一种情况:两个矿工同时解出了题目。
由于每个矿工的区块数据都不一样,所以他们解题得出的结果也是不一样的,都是正确答案,只是区块不同。
于是,区块链在这个时刻,出现了两个都满足要求的不同区块。由于距离远近,不同的矿工看到这两个区块是有先后顺序的。
通常情况下,矿工们会把自己先看到的区块复制过来,然后接着在这个区块开始新的挖矿工作。
于是,出现了这样的情景,我们把这种现象叫做分叉。
这时要怎么办呢?
在以POW为共识算法的区块链系统中,这个问题是这样被解决的:
从分叉的区块起,由于不同的矿工跟从了不同的区块,在分叉出来的两条不同链上,算力是有差别的,因此两条链的增长速度也是不一样的,在一段时间之后,总有一条链的长度要超过另一条。
当矿工发现全网有一条更长的链时,他就会抛弃他当前的链,把新的更长的链全部复制回来,在这条长链的基础上继续挖矿。
所有矿工都这样操作,这条链就成为了主链,分叉出来被抛弃掉的链就消失了。
注意,能够让区块链保证数据唯一性的前提是:所有矿工都遵从同样的机制。
还有一种情况,就是矿工不遵从同样的机制,那么也会出现分叉。这种分叉又有两种情况:
一是由于整个区块链系统软件的升级,一部分矿工没有来得及升级,出现了遵从不同机制产生的分叉。当这部分矿工升级系统后,这个分叉就会消失,我们称这种分叉为软分叉。
二是由于矿工之间出现分歧,一部分矿工决定采用不同的机制,产生出来的分叉是不会消失的。我们一般把这种分叉称为硬分叉。
比特币系统中,一个交易不能算作确认直到:
1. 它存在于最长的分支中的区块链里;
2. 至少有5个验证过的区块在其后面得到验证。这种情况,我们说这个交易有了“6个确认”。
基于POW的共识机制算法分析
优点
1. 算法简单,容易实现;
2. 节点间无需交换额外的信息即可达成共识;
3. 破坏系统需要投入极大的成本,允许全网50%节点出错。
缺点
1. 浪费能源,依赖机器进行数学运算来获取记账权,资源消耗相比其他共识机制高、可监管性弱,同时每次达成共识需要全网共同参与运算,性能效率比较低;
2. 区块的确认时间难以缩短;
3. 新的区块链必须找到一种不同的散列算法,否则就会面临比特币网络的算力攻击;
4. 容易产生分叉,需要等待多个确认;
5. 永远没有最终性,需要检查点机制来弥补最终性。
2015年,JuanGaray对比特币的POW共识算法进行了正式的分析,得出的结论是:
比特币的POW共识算法是一种概率性的拜占庭协议。
1. 一致性
在不诚实节点总算力小于50%、同时挖矿难度较高(大约10分钟出一个区块)的情况下,诚实的节点具有相同的区块的概率很高。
2. 正确性
大多数的区块必须由诚实节点提供。严格来说,当不诚实算力非常小的时候,才能使大多数区块由诚实节点提供。
3. 安全性
恶意节点需要获得全网50%以上的算力,高昂代价保证节点无作恶动机。另外,比特币通过巧妙的矿工奖励机制来提升网络的安全性。
矿工挖矿获得比特币奖励以及记账所得的交易费用使得矿工更希望维护网络的正常运行,而任何破坏网络的非诚信行为都会损害矿工自身的利益。
因此,即使有些比特币矿池具备强大的算力,它们没有作恶的动机,反而有动力维护比特币的正常运行,因为这和它们的切实利益相关。
基于POW的共识算法应用比特币系统基于POW的共识算法,不适合于私有链和联盟链。
其原因首先是它是一个最终一致性共识算法,不是一个强一致性共识算法;其次,它的共识效率低,提供共识效率又会牺牲共识协议的安全性。
目前,基于POW的共识机制主要被比特币、瑞泰币、莱特币等公有链采用。
参考文献:
[1]邹均,张海宁等.区块链技术指南[M].北京:机械工业出版社,2017
本文作者:魏红心,链块学院执行院长,清华大学电子系博士
--------------END--------------
