Blockchain Bitcoin

Cryptozoology Principles in Bitcoin

• Bitcoin is just a cryptocurrency in blockchain technology and does not represent the same thing as blockchain.

hash

Mainly utilized properties: collision resistance, hiding (unidirectionality), output unpredictability (mining).

In addition, during actual operation, the input space in real situations may not be large enough. In this case, you can passAdd nonce to increase input space。

sign

Bitcoin account creation - Create a public and private key pair locally.

Bitcoin data structure

Hash pointer

It not only saves the starting position of the structure in memory, but also saves the hash value of the structure.

Merkle tree

The difference from ordinary trees is that hash pointers are used instead of ordinary pointers.

A block contains block header and block body. The root hash of the merkle tree is stored in the header. Transaction records are stored in the body.

• Full node: includes block header (stores hash value) and block body (stores specific transaction information)
• Light node: only the root hash is saved

Prove to the light nodes that the content of the yellow block has indeed been written to the blockchain.

First, the verifier will receive the contents of the yellow block, and then request data from the full node (the red part), and then calculate the hashes in sequence until the root hash is calculated, and compare it with the root hash saved by itself. (I am also a node - a light node, which saves less data)

Bitcoin protocol

• How to verify the validity of transactions and prevent double spending

  How to prevent B' from forging A to conduct transactions (the possibility of forgery exists because the public key used to verify the block signature is said by the transferor himself, which means that B' can use his own private key to sign the block , and then publish his public key, and then say it is A’s public key. If you just use the published public key to verify the signature, the result will be no problem). In order to prevent this attack, you can verify the source of the currency. Verify that the public key of the person receiving the coin is consistent with the published public key.

  This same method of verifying the source of coins also prevents double spending

• There are also some consensus mechanism issues (such as which ledger should be recorded and who calculates the blocks) which I am familiar with so I haven’t written them down (if you forget, you can bing them)

Bitcoin implementation (transaction-based model)

• Nodes in Bitcoin do not show how much money is in an account, they can only be calculated by calculating transaction records. Therefore, before each transaction, you must explain which output the Bitcoin you use to trade comes from.

• UTXO (unspent Transaction Output) is maintained by all nodes. Save output that has not been spent. What this output needs to provide is the hash value of the transaction in which it is located (locating the position of the transaction), and the position of the transaction in which it is located.

The nonce is no longer enough to create difficulty, because the nonce value is a 32-bit unsigned integer, and the traversal space is not large enough. There is a minting transaction in each published block, and there is a coinbase field that can be used as a nonce (the influence on the header hash value is achieved by affecting the root value of the merkle tree, and the merkle root cannot be traversed directly, because the merkle root still needs Ensure the accuracy of transaction information hash)

Mining protects the blockchain. If a malicious node gets the accounting rights and he wants to record an illegal transaction (A------>M (malicious person)) because he does not have A’s private key, then even if he Write this illegal record into the blockchain. Since this record is illegal, the block will not be accepted by other nodes, and other nodes will continue to record accounts along the previous node, as shown in the figure:

selfish mining

Assuming that B digs out the next block first, he can choose not to publish it temporarily, but secretly calculate the next block. When he finds that someone has calculated the previous block chain, he will immediately publish the two blocks together. As a result, it becomes the longest chain and gets two block rewards at once. Reduce competitive pressure to some extent.

Bitcoin network

• p2p network: User nodes are all equal. There is a seed node. He knows some other nodes on the network and can join the network by communicating with him. If he wants to exit, he can exit directly. After the nodes on the block cannot receive the message, the exiting node information will be automatically deleted.
• Each node maintains a set of neighbor nodes. After a node receives a message, it forwards the message to the neighbor node and marks the message as accepted. I won’t accept it next time I receive it.

Mining

• If the block generation time is too short, many forks will appear at the same time, which will disperse the total computing power. As a result, malicious nodes do not need to reach 51% of the total computing power to be more likely to carry out fork attacks, because they can concentrate Use computing power to expand your own chain.

Mining pool (mining is full node, after all, transaction information must be saved)

• There are multiple light nodes under a full node (only hash values ​​are calculated). The task of calculating hash is released by the full node to the light node. The full node also requires the workload proof of the light node (the mine owner lowers the target threshold, as long as the light node The node calculates a nonce value (a share) that meets the miner's requirements and hands it to the miner to prove its workload. In most cases, this nonce value is only used as the miner's workload proof.)

• It is impossible for the miner to publish the block hash calculated by itself and then monopolize the block reward:

  1. The first address in the task block assigned by the miner to the miner is the miner's address, so even if the miner releases it himself, the money will not go to him.
  2. If you change the payment address to your own address, the block share calculated in this way will be handed over to the manager and will not be accepted, so it is equivalent to doing it yourself from the beginning, regardless of whether you join the mining pool (the mining pool distributes rewards It is distributed according to the submitted share (proof of work))

boycott boycotts a transaction (prerequisite is that it has 51% of the computing power)

For example, after the block containing the A->B transaction is released, the attacker can immediately launch a fork attack. At this time, there is no need to wait for 6 blocks to be extended behind the A->B block, because the purpose of the attack is Do not allow the transaction A->B to be uploaded to the chain. In this case, other nodes will not easily include such transactions, because once such transactions are included, they will be subject to fork attacks, which may lead to the loss of block rewards due to not being the longest legal chain.

bitcoin script

https://www.bilibili.com/video/BV1Vt411X7JF?p=9&spm_id_from=pageDriver

Bitcoin fork

• A fork attack is just a case of forking
• Protocol fork, due to the upgrade of the protocol, some users do not agree with the changes in the protocol, resulting in some users not upgrading the protocol.

It can be divided into hard fork and soft fork according to different situations.

Distinguishing: Whether the old node recognizes the new node

hard fork: means that the fork will exist forever.

​Reason for the fork: The block protocol was upgraded and the block size was increased. That is to say, for the upgraded node, he will still recognize the old block because he has not exceeded the current block size limit. But for nodes that have not upgraded the protocol, they will think that the blocks generated by the new nodes are illegal, so there will always be a chain of small blocks in the blockchain.

soft fork: means that the fork is only temporary

Fork situation:

In reality For the updated small node, the old one is illegal, so he will not dig down along the large block, and for the node that mines the large block, because the small block is also illegal for him Legal, so when most nodes in the blockchain network are updated, the chain composed of small blocks will become the longest legal chain, and large blocks will also be mined along the small one, although they will still be mined later . abandon

​

In BTC, if the key is lost, the money will never be available.

Anonymity in BTC

• Account registration in BTC does not require personal identity information. To create an account, you only need to generate a public and private key pair, which means a user is generated.

Possibility of privacy leakage:

1. Privacy does not necessarily mean knowing the user's name. For example, I know that there is a user who has another account address for this account. This is also a privacy leak to some extent. That is to say, it is possible to link different accounts from the blockchain transaction records.
2. When using Bitcoin to connect it with real life, it will connect the blockchain account with real people. For example, I bought a computer with Bitcoin, so merchants will know my Bitcoin. Coin address, if someone else knows that I bought a computer during this time period, then it can filter out many impossible options on the blockchain transaction. After a few more such screenings, they can know that I Which account is it? Combined with 1, it is possible that all my accounts will be leaked.

Implementation of anonymity:

Two aspects:

network layer：

The blockchain network is a p2p network. When forwarding a message, he only knows who forwarded it to him last time and does not know the original source of the message.

application layer：

coin mixing: mixing one's coins with other coins

Zero knowledge proof

It refers to one party (the prover) proving to another party (the verifier) ​​that a statement is correct without revealing any information other than that the statement is correct.

Homomorphic hiding

• Hidden properties of homomorphism

  1. If x, y are different, then their encryption function values ​​E(x), E(y) are also different, and there is no collision.
  2. Given the value of E(x), it is difficult to deduce the value of x
  3. Homomorphic addition (the value of E(x+y) can be calculated from the values ​​of E(x), E(y))
  4. Homomorphic multiplication (the value of E(xy) can be calculated from the values ​​of E(x), E(y))
  5. 3 and 4 can be extended to polynomials

Blind signature algorithm, zero coins and zero notes

https://www.bilibili.com/video/BV1Vt411X7JF?p=12&spm_id_from=pageDriver

The address in BTC is obtained by hashing the public key.

In BTC transactions, the money from the payment source needs to be transferred in one go, otherwise the remaining money will be transferred to the miners who released the block as transaction fees.

3 and 4 can be extended to polynomials

Blind signature algorithm, zero coins and zero notes

https://www.bilibili.com/video/BV1Vt411X7JF?p=12&spm_id_from=pageDriver

The address in BTC is obtained by hashing the public key.

In BTC transactions, the money from the payment source needs to be transferred in one go, otherwise the remaining money will be transferred to the miners who released the block as transaction fees.