This series of articles is based on the North Xiao Zhen teacher's open class "block chain technology and application" Organize notes, accompanied by open class video link: block chain technology and application Peking University Xiao Zhen
Because after watching the video you want to review the case again to see the video would be more trouble, so the teacher Xiao organized into video notes for study and reference.
Block chain this term, everyone is familiar with, then the block chain nature of what is? Some people say that the value of the block chain is the next generation of the Internet; others say that it is the world's slowest database. Indeed, if it is as if the database used is very slow, and only a small portion of the database can only be achieved in the function.
This technology can be said block chain is highly controversial, some people call it up too much, it will be compared with the industrial revolution, it is a great invention like the steam engine of the same; there are many belittle block chain, says it will as a Ponzi scheme. But no matter what kind of argument, people who really understand the block chain is not much, in fact, a lot of people just talking about the business model block chain, and the nature of some business models and block chain actually does not matter.
Although Bitcoin price trend, and now seems to have missed a good time Bitcoin skyrocketing, but in fact, the whole block chain development point of view, it is now at a very early stage, so from now on learning then, it can be said to be a pioneer in this field. Moreover, the block chain is not equal to Bitcoin, Bitcoin currency is only based on an encryption block chain technology only, do not be Bitcoin limit imagination!
By learning these courses, so that they are better than the vast majority of people understand the block chain! This series of courses mainly on Bitcoin and Square both Ethernet encryption currency.
Learning premise : premise that learning courses that have already learned the basic data structures and algorithms, master basic programming skills
References :
-
BitCoin and Cryptocurrency Technologies
-
Ethernet Square White Paper, Yellow Book, the source code
-
Solidity document
Cryptography principle used in bitcoin
Bitcoin currency is called encryption, but encryption is actually money is not encrypted, the contents of all transactions on the block chain are open, including the address of the account, transfer amount, and so on. Bitcoin is mainly used in cryptography two elements: the hash and signature .
Hash
Password hash function is referred to: cryptographic hash function, which has two important properties: collision resistance and hiding.
collision resistance
Which means that the collision hash collision, what is a hash collision?
If the hash function H (), assuming two inputs x, y and x does not equal y, such that H (x) = H (y), it is called a hash collision.
collision resistance 的解释是: Collision resistance is a property of cryptographic hash functions: a hash function H is collision resistant if it is hard to find two inputs that hash to the same output; that is, two inputs a and b such that H(a) = H(b), and a ≠ b.
it is hard to find meaning is hard to find two different input so that the two hash values are equal, that wants to artificially create a hash collision is very difficult, but hash collision is an objective reality, for example, when we use the hash table, different inputs can be mapped to the same location in the hash table, since the space is larger than the input output space.
Then the collision resistance of this nature what use is it?
It can be used for a massage digest request, for example, a massage m, it takes a hash value H (m) as the digest for detecting whether m has been tampered with, because when m is tampered with, its corresponding hash value H (m) will change, and according to the nature of collision resistance can know, is difficult to find another input m 'such that H (m') = H (m), so you want to tamper with the content without being detected almost impossible.
For example: You want to save a file to the cloud storage service, one day when you need to use the download came back, how to determine the downloaded file is saved in the original file share it? Then you can use the collision resistance properties of the hash function, when the upload input count out a hash value, saved locally, in the future take the time and then count the files using a hash out the contents of a file as with the original local hash value, if consistent then the file has not been tampered with.
But it notes that, collision resistance hash function of the nature of the theory can not prove it, which is derived from practical experience, and some hash function can artificially create a hash collision, it is one famous example is MD5, before it is a very popular hash function, initially thought it was safe, but now has been able to artificially create a hash collision.
hiding
This property refers to the calculation of the hash function is one-way, irreversible.
Meaning that a given input x, can calculate its hash value H (x), but not H (x) Anti-launch the original input x based on a hash value, that is, the hash value H (x) no disclose any information about the input x.
But think carefully, really there is no way through H (x) x Anti-launch it? In fact, as long as the input of all possible values traversal again, the value of each result with the target H (x) x input for comparison can be drawn by the method of brute force to solve until you find the same result can know corresponding to the input.
Therefore, hiding the nature of the establishment on the premise that the input space to be large enough to make such a brute force way to solve the above does not work, and the distribution of inputs to be relatively uniform, the possibility of a variety of value is the same. This is well understood, because even if the input is big enough, but if the common input are more concentrated in some of the value, it is also possible to break through brute force.
hiding the nature of what use is it?
The collision resistance and hiding properties can be combined to implement digital commitment, it is sometimes referred to as a digital equivalent of a sealed envelope, the literal translation can be understood as digital encryption envelope.
To give an example to illustrate the significance under sealed envelope (encrypted envelope) in real life: Let's say there is a person, whether he wants to predict the next day's stock will go up, how to prove whether his prediction is accurate it ?
One way is, he announced a day ahead of the second day of a certain stock will go up, wait until the next day the results came out after the judge his prediction is accurate, then the problem with this method in existence? If this person is a world authority on the stock, then he is bound to predict whether a direct impact on the next day the stock will go up, making the original may not rise in the stock actually rose.
This shows that the results can not be predicted publicly that if the prediction does not open until the next day after the results came out publicly, then what assurance whether the predicted results were tampered with it? That's where sealed envelope, write down the forecast results, put in an envelope, the envelope by a third party notary public custody until the next day the results came out after verifying whether the prediction is accurate. This is the reality of life in the sealed envelope usefulness.
That in the electronic world, a digital sealed envelope how to achieve it?
The predicted results as input x calculates a hash value, the hash value will be published this out, due to the nature of this hiding, only know the hash value can not be published to launch anti-input, which is predicted results; but due to the nature of the collision resistance so that the input can not be tampered with, because once the tamper input, the resulting hash value will be different than originally announced. This has played a digital sealed envelope function.
But in practice some of the details to be noted that since hiding properties is provided to the input space is large enough to be distributed more evenly, and in the example of the stock in the prediction, it is not large enough to enter the space, because of the stock count is limited. Common solution is: splicing input a random number as a whole back to take a hash to ensure that the input after splicing sufficiently random, the distribution is sufficiently uniform.
puzzle friendly
The bit credits in addition to the above-described two properties is used, also called the third nature: puzzle friendly
It means that the hash value is calculated in advance unpredictable. Enter look hard to guess what the final output is, so when you want a hash value is calculated to fall within a certain range (target space), it can only be considered one by one, no other shortcut. For example: If you want to get a 256-bit hash value, the previous k bits are 0, what kind of input can calculate this hash value? The only way is to try one by one until you try out an input to meet the requirements.
Bitcoin mining process mentioned later is based on such a principle. Mining is actually a random number to find the nonce, and the tile header information which (block header) is taken as the input hash together, such that a resulting hash satisfies certain conditions. Because only a random number to try, so the mining process can be used as proof of workload (proof of work).
Although the mining process requires a lot of effort to find qualified nonce, but once a person has found the nonce, will be announced after it out, others want to verify that it meets the requirements easily, only once hash on it, this property is called difficult to solve, but easy to verify.
Bit hash function using credits called SHA-256, its three properties described above are satisfied.
signature
Need to know before signing introduction about Bitcoin account management system, in daily life, if you want to open an account, we need to bring documents to the bank to open an account, this is the account management center of the system. The Bitcoin is a decentralized, there is no institution like this bank. How to account management that it?
Each user to decide whether to open an account, do not need anyone approval to open an account is a simple process, is the creation of a local public and private key pair: (public key, private key), the public-private key pair on behalf of a accounts, the public key is public, private key that only you know. This concept comes from the public and private key asymmetric cryptography system (asymmetric encryption algorithm)
In the first to say before asymmetric encryption will look symmetric encryption (symmetric encryption algorithm), for example: A small information you want to pass a small B, but the communications network is likely to be tapped, in order to solve this problem, a small A and small B discuss in advance what a secret key encryption key, small a with the secret key to encrypt information passed to the small B, small B and then decrypt the received information with the secret key, because the encryption and decryption use the same secret key, so called symmetric encryption. But to do this premise is to have enough security between small A small B channels of communication to ensure the transmission of a secret key, which is obviously at a symmetric encryption deficiencies.
To solve this problem, asymmetric encryption was put out: encrypted with the public, with the private key to decrypt. When this time, a small small B to A biography information, information needs to be encrypted with the public key of B small, small B after receiving the message with its private key to decrypt. That is, encryption and decryption are used in the recipient's public key and private key. Since the public key is published, send information only when the public needs to know each other, while the private key is not required transparent to each other, because it is used to decrypt. This therefore solves the security problem of a symmetric encryption key distribution exists.
In the Bitcoin system, the creation of the account only requires a pair of public and private key, the public key can be understood as bank accounts, while the private key is a password account, password only you know, you just need to know someone when you transfer public key.
Assume that such a scenario: one day turn 10 A little bit less money to B, and then broadcast to the block chain, that other people know how the deal is indeed A small operation it will not be there others impostor? This time you need to use public and private key, in order to solve this problem, a small A need to sign the deal with his private transaction at the time of publication, the others had received information about the transaction with a small A public-key authentication the deal signed correctness, to determine the deal is a small operation.
See here, some people may doubt the will, since everyone can generate their own public and private key pairs, that would not be two people to generate public-private key pair do exactly the same? In fact, this possibility is minimal, even if you have a supercomputer, losers quit every day, went to generate public-private key pair, it is almost impossible to produce the same public and private key pairs. It should be emphasized that the public and private key is generated when the need to have a good random source (a good source of randomness), if a random source is not good, there may be public and private key to generate the same situation two people appeared. Bitcoin signature algorithm used in, not only to generate public and private key time to have a good source of randomness, after every signature we should also have good random source, otherwise it may leak private key.
Among bit token system, hashing and signing are used in combination, taking generally to a massage hash, then the hash value of the signature.