Original link: click to open the link
Abstract: Blockchain storage structure is a common structure in cryptography
AI Financial Review Press: This article is reproduced from the public account @carbon chain value, edited by Qin Jin. The article is based on the content of the speech delivered by Xu Qiuliang, a professor and cryptography expert from Shandong University, at the "Founding Conference of the Blockchain Special Committee of the Chinese Institute of Electronics". For everyone to read. Professor Xu Qiuliang explained how the cryptography-based blockchain is constructed with rigorous logic and clear thinking.
Some of the highlights are excerpts:
"From the perspective of blockchain cryptography, the chain storage structure is a common structure in cryptography. We use the most commonly used encryption standard AES to encrypt a message. AES only encrypts 128 bits at a time, divided into three blocks. .But this kind of encryption has many shortcomings, it is not secure enough in terms of cryptography.
To make it more secure, to improve security, what to do? There are many ways. For example, there is a mode called CBC. In this method, an initial value must be provided first, and different initial values are taken each time to obtain different encryption results. "
"From the perspective of cryptography, no matter whether Bitcoin is rising or falling, it is technically perfect and innovative in thinking. Bitcoin has created a stable system without a center, which is very remarkable. The system has no center, and no one can play a role in it. Moreover, the operation is stable, and the data organization and consensus mechanism are exquisite.
Bitcoin has no currency, but only a ledger, which is now called the blockchain. But the blockchain is not an ordinary ledger, it is a mechanism, and the blockchain expresses a mechanism. This mechanism integrates minting, issuance and trading. "
The following is the content of Professor Xu Qiuliang's speech (slightly abridged):
I do a little bit of low-level popularization of blockchain from the perspective of cryptographic structure.
Now, after one or two years of development, blockchain technology is completely different from the blockchain technology in the original Bitcoin. Blockchain has entered the field of philosophy, sociology, and law.
It is said to embody a new idea, a new pursuit. I'm confused about this. The blockchain originates from the underlying technology of Bitcoin and has financial ancestry, so what is the significance of it in finance? I am also confused.
From the perspective of cryptography, the blockchain is based on a simple cryptographic structure, forming a data storage structure, data processing system, and data publishing platform. So how is the bottom-level blockchain constructed?
Through the most basic structure, you can imagine what such a structure can do. There are three aspects involved here, one is the underlying technology of the blockchain; the other is the cryptographic elements of Bitcoin; and the third is the technology related to blockchain privacy protection.
Cryptography Explained: What is Blockchain?
Blockchain has been described as omnipotent in the media, and it wants to subvert the world and the Internet. So what exactly is it? Why so magical?
Who is the blockchain? The blockchain is a product of cryptography, and it is derived from Bitcoin. Let's take a look at Bitcoin and electronic cash.
The concept of electronic cash was proposed by D.Chaum in 1988, and cash cannot be traced. But the biggest difficulty its theory faces is electronic cash. Repeated consumption and double spending are difficult to solve, and at the same time, inseparability also brings great trouble to consumption.
Based on this idea, Chaum developed an electronic cash system. But without success. After years of accumulation, Bitcoin miraculously appeared. The magic weapon for him to solve the problem is the blockchain.
Chaum electronic cash belongs to legal currency, and the payment is also legal currency. Different from Bitcoin, it is completely grassroots, a currency out of nothing.
From a cryptographic perspective. Regardless of whether Bitcoin is up or down, there is no doubt that it is technically perfect and ideologically innovative. Bitcoin has created a centerless and stable system, which is very remarkable. The system has no center, and no one can play a role in it, and it operates stably, and the data organization and consensus mechanism are exquisite.
Bitcoin uses blockchain to break the predicament faced by electronic cash before, making cash anonymity and untraceability possible. And solve the problem of electronic cash can be divided and double spent.
Bitcoin has no currency, but only a ledger, which is now called the blockchain. But the blockchain is not an ordinary ledger, it is a mechanism, and the blockchain expresses a mechanism. This mechanism integrates minting, issuance and trading.
It can be said to be a breakthrough in the creation of fixed thinking. The block-plus-chain form we see is its body. The consensus mechanism is that mining is its soul.
Blockchain began to appear in 2014-2015, and broke out in 2016. At this time all kinds of compliments began to appear, so is it true? I have no idea.
From the perspective of blockchain cryptography, the chain storage structure, the structure of block plus chain, is not unusual, and it is a common structure in cryptography. We want to encrypt a message with the most commonly used encryption standard AES. AES encrypts only 128 bits at a time, divided into three blocks. But this kind of encryption has many shortcomings, and it is not secure enough in terms of cryptography.
CBC mode improves blockchain security
要让它更加安全,提高安全性,怎么办?有很多办法。比如一种叫CBC模式,这种方式首先要提一个初值,每次取不同初值,得到不同加密结果。
第一块加密结果加到第二块上进行加密,再把这块加到第三块,最后整个变成了这样一个块。它已经链接起来了,加密秘文相互链接。比如你改变了C2和C3就不一样。
在构造这种散列函数,有一种Kerkle-Damgard,把定长函数改为接受任意长度的函数。我们有四个128比特,怎么哈希?取一个初值,随机化,将第一块放进来,256比特,压成128比特,然后再把第二个128比特放进来,又是256比特,最后得到的是我要的哈希值。这种是密码学当中常用结构。
比特币中,这是它构成区块链的方式。我们把区块链放大一点,怎么构成的?用哈希值连接,下一块记录了上一块哈希值,这样不可改变,这种方式链接起来。
这个链如何形成?原始区块链是最纯洁的,比特币中区块链怎么形成的?介绍两个密码原理。
第一个密码原理叫做数字签名。数字签名有两个密钥,形成密钥对。其中一个叫秘钥,用来签名,自己掌握;另外一个密钥叫公钥,用来验证,它是公开的。
对应这两个密钥,一个密钥对应一个签名算法。这个签名算法,要代入到,把参数秘密参数、再加一个消息可形成一个签名。验证算法要把公钥带进去。把签名带进去进行验证。
强调一点,用pk公钥签名一定用相对应的sk签署。只要pk定了,验证通过相应的一定是用对应的sk签署。
第二个密码原理抗碰撞单向哈希函数。单向就是给X计算y,这个速度非常快,X计算y非常容易。如果给一个y计算X,是非常困难的。所谓非常困难实就是不可行,算不出来。
这样只能往一个方向钻,X算Y,Y算X不可能。我们解H(x)等于0是困难的。如果我们现在把这个要求降低,取一个数字,比方说取T,我不要求X要等于0,哈希X等于0,要求X哈希以后小于t,这样相对来说要简单,当然本质性简单,这个是可以做到的。一般概率来算大约2的32次方可以做到。这是单向用途。
第二是抗碰撞,我找不同的X1、X2,哈希完以后是不可能的。可以看到,如果给定一个H(X)等于Y是不可行的。Y定了篡改X是不可能的。这个性质在比特币中保证了不可篡改性。这是比特币中的标准哈希函数,比特币使用了SHA256等两个来定了它的防篡改性。
如何产生比特币,先设一个哈希函数,两个256比特连起来,选取一个阈值,16进制8个0,256个比特,是2的224次方。
再选取一个签名体制,系统设立块,现在要为创世块做准备,先需要这样一个签名算法,算法已经选好,也就是要选一个秘钥,一个是sk、一个pk,把公钥经过两个函数变化一个杂乱字符串,这个字符串作为帐户,比特币帐户是公钥经过两次哈希后得到的乱码。
由于这个帐户由pk按照固定方法来生成,因此可把它看成和pk是等价的。可以把pk说成帐户。
这是关于公钥生成帐户过程。现在创建比特币。现在没有比特币,既然没有就没有任何交易。怎么办?
这里只有一笔交易,挖这一块奖金,叫coinbase,把50比特转到刚才形成的帐户。这个交易写成一个压缩固定长度。开始计算,选取一个随机数,叫做nonce。把选择的随机数和刚才那笔交易,经过处理压缩的标准格式。
把它放到哈希函数计算,计算完得到一个值,这个值是否小于刚才设定的T?一直算到哈希值小于t,就成功了。这个时候产生了比特币创世块。
后面如何来产生其他块?
选取nonce,到得到h小于t的nonce。这个过程叫挖矿。挖矿难度在最开始时,t是2的224次方,下面加了一个难度系数。现在这个d已经很大。挖矿比原来难得多了。
现在比特币已经诞生,可以进行交易。怎么交易?用到数字签名。交易是这么一个信息,A帐户是Alice,要转到B帐户,以后谁保证?做一个签名,Alice用这个帐户私钥对信息进行签名,对这个签名把私钥对应的公钥公布出来,这时可看到如果用pk,这样一个公钥能够验证通过签名,说明这个签名是用pkA对应私钥签的。
A帐户对应私钥签就是合法的。A这个帐户私钥说我把帐户钱转到B,验证通过被认可,就是一笔合法交易。
当然现在还没有上到这里去。
这个怎么上到这儿去。这个交易放出去,放到比特币网上,怎么进入链上。假设这个区块链已经形成到这里,创造下一块怎么创造,现在为创造把下一块哈希值放到这一块里。然后选取一些交易,把这个交易也放到这一块里,这个交易怎么放?
就是一个数,把根放进去,现在我们又进入挖矿过程,随机一个Nonce,随机计算哈希值,如果大,就回去、如果小,就挖矿成功,这个链就上去了,这样就越来越长。
这个链可以看到,每一个链都记录了上一个链,每一块都有哈希值,这个哈希值记录在这里,这个记录在这里。这是不可能改变的。如果这边改变和那边对不起来。可以看到越往前面越安全。
因为改变一个会影响后面所有块,因此越往前越安全。这是关于区块链整个过程。
比特币,密码算法构造出的货币,此应该叫做密码货币,在英文里这个词叫Cryptocurrency,不是加密货币,哈希不是加密、签名不是加密,密码不等于加密。因此在用到哈希也好、签名也好是用来认证的。密码学属于认证算法。
因此以后在媒体报道时,尽量不要用加密货币,用密码货币,这是密码学者的共识。
总之区块链按照上述形成过程,是去中心化的,所有人都按照挖矿共识工作。
再一个是分布式的,任何人都可以下载区块链,都可以去上载区块链,也是公开的,任何人可以查。
里面媒体交易可以用数字签名验证,每一块可以用哈希值验证。既然可验证,而且我们保证防篡改。所有这些保证了可信机制。可信由这些信任保证的。
区块链应用可以做什么?做数字商店、防伪、证书管理。但银行银联我不知道,需要金融学家考虑。
区块链的隐私问题
一个区块链中有很多密码学问题。第一个是隐私问题。比特币匿名,如果用这种区块链方式来产生法币,这里隐私、认证、监管效率如何平衡。
第二比特币帐户虽然匿名,但是帐户之间关联,交易额度可以说一览无余,现实世界通过分析很容易确定帐户拥有者、你寄一笔钱,公布你的帐户,所有交易、来往都可以观察出来,或者观察关联,这个帐户一提款那边买房子,很容易推测。
隐私保护最好的是CASH,利用承诺将交易方、交易数额隐藏起来,用零知识证明来证明交易有效性。
Finally, the privacy issue is that it is not a currency, but there is some private information and health information. Here we can use some secret state processing technology, public encryption and homomorphic encryption. You can also use some confidential authentication, ring signatures, group signatures, commitments, zero-knowledge, etc.
Blockchain brings a new definition to cryptography. In the early days, the technology was mature when such ring signatures and group signatures were done, and they were given up when there was nothing to do.
Secure Multiparty Computation
Then I started to do multi-party calculations. I have been desperate for multi-party calculations for ten years. What's the use? Suddenly, the blockchain told me that multi-party computing is useful, which ignited our confidence in multi-party computing. Now our subject is also multi-calculated.
In short, the blockchain is constructed using cryptography, so there are a lot of cryptographic problems to study.
But on the other hand, blockchain also provides a valuable resource for cryptography. For example, secure multi-party computing, the most important thing is that there is no trusted center. If there is a trusted center, what will be solved, but can the blockchain regard it as the core center?
Another example is random number generation. Can blockchain be used as a good source of randomness? It is not only that many algorithms in cryptography activate various signatures, secure computing, and zero-knowledge, but many classic problems in cryptography are activated by blockchain.
On the other hand, it also provides many resources for the blockchain. Therefore, we who do cryptography are very excited about the blockchain. This technology activates many pure domain problems in our field and connects many pure theoretical problems.