Bitcoin is called cryptocurrency ( crypto-currency )
The content on the blockchain is public, including the address of the block and the amount of the transfer.
Bitcoin mainly uses two functions in cryptography: 1. Hash 2. Signature
1. The hash function used in cryptography is called a cryptographic hash function :
It has two important properties:
| ① collision (here refers to hash collision) resistance : For example, x≠y H(x)=H(y) Two different inputs have the same output, which is called hash collision . It is unavoidable because the input space is always larger than the output space. Given x, it is difficult to find y unless brute-force. The role of this property: Digest for a message For example, the message takes m, and the hash value of m is H(m)=digest. If someone wants to tamper with the m value and H(m) remains unchanged, it cannot be done. Hash collision cannot be artificially created or verified, and is based on practical experience.
|
| ② Hiding The calculation process of the hash function is one-way and irreversible. (X cannot be deduced from H(x)) The premise of hiding property is that the input space is large enough and the distribution is relatively uniform. If it is not large enough, a random number is usually spliced after x, such as H(x||nonce). The effect of this property: Combined with collision resistance to achieve digital commitment (also known as digital equivalent of a sealed envelope ) Take the prediction result as the input x, calculate a hash value, publish the hash value, hide let people know the hash value but not the prediction value, and finally publish x, because of the nature of collision resistance, the prediction result cannot be tampered with of.
|
In addition to these two properties required in cryptography, the hash function used in Bitcoin has a third property:
③ Puzzle friendly means that the budget of the hash value is unpredictable in advance, that is, it is impossible to know what the calculated hash value may look like (what characteristics) just by looking at the input.
That is, for example, if the hash value you want to calculate falls within a certain range, there is no specific way to construct the input. For another example, if the hash value you want to calculate is preceded by k consecutive 0s, there is no specific way to construct the input. There is no way to even know what kind of input is more likely to get a hash value with a certain characteristic , and to get this kind of input can only be tried one by one, there is no shortcut.
The process of Bitcoin mining is actually to find a nonce . Note thatnonceit is not something other than the block header. It is one of the domains, but it can be set manually. The process of mining is to keep tryingnonce, so that the hash of the entire block header is less than or equal to the target. The nonce is combined with other information in the block header as input, and the resulting hash value should be less than or equal to a specified target pre-value: H(block header)≤target
The block header refers to the block header. There are many fields in the block header. One of the fields is the random number nonce that we can set. The mining process is to continuously try the random number, so that the block header is hashed and falls within the specified range.
Puzzle friendly means that there is no shortcut in the mining process. In order to make the output value fall within the specified range, you can only try one by one. So this process can also be used as proof of work .
This
puzzle friendlyonecollision resistancehas a certain connection with the previous one, but it is not exactly the same. That is the inability to artificially create hash collisions, and this is the inability to artificially construct hash values that meet specific characteristics.
Mining is hard, verification is easy. (difficult to solve ,but easy to verify)
Although
nonceit is difficult to find one that meets the requirements, once it is found, after publishing it, it is very easy for others to verifynoncewhether it meets the requirements, just calculate the hash value and compare it with the target.
The hash function used in Bitcoin is called SHA-256 (secure hash algorithm). It satisfies the above three properties.
To open an account in the Bitcoin system:
Create a public-private key pair (public key, private key) locally, which is an account. The public-private key pair is derived from an asymmetric encryption algorithm.
Definition:
The exchange of information between two people can use the encryption key. A encrypts the information and sends it to B, and B decrypts it with the key after receiving it. Because the same key is used for encryption and decryption, it is called symmetric encryption . . The premise is that there is a channel that can securely distribute the key to both parties of the communication. Therefore , the disadvantage of symmetric encryption is that the distribution of keys is inconvenient, because it is easy to be eavesdropped on the network . Asymmetric keys use a pair of keys instead of one. The public key is used for encryption, the private key is used for decryption , and both the public and private keys of the receiver are used for encryption and decryption . The public key does not need to be kept secret, and the private key needs to be kept secret, but the private key only needs to be stored locally and does not need to be passed to the other party . The public key is equivalent to the bank account number. Others only need to know the public key to transfer money. The private key is equivalent to the account password. Knowing the private key can transfer the money in the account.
The public and private keys are used to sign. If A wants to transfer 10 bitcoins to B, and A puts the transaction on the blockchain, how can others know that the transaction was initiated by A? This requires A to sign the transaction with his own private key, and others receive the transaction. After arriving at this transaction, use A's public key to verify the signature. The private key is used for signature and the public key is used for verification, and the same person is still used. It is very unlikely that creating accounts will generate the same public and private keys, so it is not feasible to create a large number of accounts to steal other people's accounts.
The problem of duplication of public and private key pairs
Since the public key and private key pairs are always generated locally, what should we do if they are duplicated?For example, generate a large number of public and private key pairs, and then compare whether the generated public key is the same as an existing public key on the blockchain. If they are the same, then you can use the corresponding private key to transfer the money in the account.
This method is theoretically feasible, but practically impossible, because the probability of generating duplicate public key and private key pairs is very small and can be ignored. So far there is no precedent for a successful attack using this method.
a good source of randness
The process of generating the public key and private key is random, but a good source of randomness is required , otherwise the previous analysis will not hold (there is a small enough possibility to generate duplicate public key and private key pairs) . We assume that there is a good source of randomness when generating the public and private keys. The public and private keys are generated randomly. If the random source is not good, it is possible to generate the same public and private keys . The signature algorithm used in Bitcoin is not only a good source of randomness when generating public and private keys, but also a good source of randomness for each signature after that. As long as the random source used for the signature is not good, it is possible to leak the private key.