Merkle tree
https://www.jianshu.com/p/fc439a8fd0de
The so-called Bitcoin transaction is the transfer from one to another in bitcoin wallet, each transaction has a digital signature to ensure the safety. A transaction in the event it is open to everyone, and history of each transaction can ultimately be traced back to the point corresponding Bitcoin was originally dug.
First a brief review of Bitcoin transaction.
In fact, Bitcoin does not exist anywhere. If someone holds bitcoin, they actually have a specific address Bitcoin, but not directly on the so-called currency exist in this address, the address is equivalent to your bank account.
There are only between each address transfer records, the balance increases and decreases. All transactions are stored in a very large books file, this file is called "block chain." A Bitcoin address the balance, not directly stored in the Bitcoin address, we need to block the chain to be calculated.
If Alice sends to Bob a few bits currency, then the transaction will have three pieces of information:
§ input. There is the original Alice has recorded these addresses from which money is transferred to her, assuming she is Eve get money from her friends.
The number §. This is Alice in the end turn to Bob how many bitcoins.
§ output. Bob's credits bit address.
Send transaction requires two things, Bitcoin address and the corresponding private key. Bitcoin address with the bank account is not the same, no need to sign a bunch of papers to apply, they are randomly generated string is a string of letters and numbers. The private key is a string of similar, but this is to be strictly confidential. Bitcoin address is just like a transparent piggy bank, everyone can see what's inside, but the only person with the private key can open it.
When Alice wants to transfer money to Bob, they use the private key to sign a piece of information, including input, output and the number three. Thus, the information broadcast on the network Bitcoin miners can validate this transaction, the transaction is added in the block chain.
Because Bitcoin is only in the form of transaction records, so a lot of time corresponding to the address above is actually a number of transactions. Jane may be sent to the Alice 40 bitcoins, Lucy gave 40, Eve gave 20, which are different deals at different times, they have not been synthesized into a purse Alice in form of a 100 coins files, but still exists as a separate record of each transaction.
When Alice wants to transfer money to Bob, her purse will find several transactions, so that they add up to exactly the amount you want to transfer a number of Alice. Of course, it is likely to Bob when Alice wants to transfer money, there is no way to find a few transactions add up to exactly the amount transferred. Maybe she wants to turn 30 coins, but no wallet or a transaction and this is just the number of multiple transactions.
At the same time, she could not put a deal cut into small amounts. Is such that you can not cut a great deal into a plurality of small amounts, each must spend the entire transaction. But do not worry, the system will send out more than her money back as change for you.
Two coins Alice Jane then you can send her to send over to Bob, so Jane is the "input", Bob is the "output", "amount" is 30 coins, Alice really want is the number of transfers. In this way, Alice wallet will automatically give her this transaction creates two outputs: the 30 coins to Bob, the rest of the money into a new address, this is the change back.
Block structure
In the effort to prove there have been a block of information screenshot:
FIG above (block structure view): Each data block comprises a block body and a header area.
Header region encapsulates the current version number, a hash value of the previous block, the current block PoW claim random number (a Nonce), timestamp, and Merkle root information.
Blocks the body including the current block proven, block creation process all transactions generated. The recording process by Merkle hash tree roots and generating unique Merkle credited header area.
Block hash value is not actually contained in the data block structure, in fact, only when the packaging block header area are used to compute a hash (received from the network is computed by each node), often said region block actually hash value hash bucket header, it can be used to uniquely explicitly identifies a block.
80 byte header area, the average transaction at least 250 bytes, and each block contains an average of 2,000 transactions. Therefore, the block contains a complete transaction 4 thousand times bigger than the area of the header.
Therefore, the network bit token, not every node has the ability to store the entire chain of data blocks, to limit the storage space is limited, many nodes are SPV (Simplified Payment Verification simple payment authorization) bits wallet access network credits can authenticate transactions without having to store the full block chain with a simple payment verification, today we have to analyze the structure of Merkle tree block and how to verify the transaction. First, we need a generalized answer it Merkle tree
Assuming you already know what is the role of hash algorithm, and hash.
When data transmission network, A received document pass over the B, the file need to confirm there is no damage received. How to solve?
One method is to transfer the file B before the first hash result files to the A, A received a recalculation the hash file and then compared with the received hash file to know damage.
But when a large file, they often need to split a lot of data blocks each file transfer, this time on the need to know the hash value of each data block. How to do it?
This case, by downloading a list of the hash (hash list) before downloading the data, the list of hash values corresponding to each data block. This may calculate a hash of the root hash list after splicing. Practical application, just make sure we get the correct root hash from a trusted channel, you can be sure to download the correct file.
Based on the above question hash list of programs:
Sometimes we get (traverse) hash list of all the cost data block is relatively large, it can only get part of the hash node.
Is there a way to be able to verify the integrity of the entire file by partial hash of it?
The answer is yes, Merkle tree can do. It grows like this:
Features are as follows:
1, the data structure is a tree, which can be a binary tree, or a multi-tree (binary tree to analyze today)
2, value Merkle leaves node is a unit of data or a hash of the data set unit data.
3, Merkle tree is a non-leaf node value of all its child nodes hash value.
Clearly, this structure is compared with the hash list, not the root hash with the hash of all blocks stitching together the calculation, but calculated by a relation hierarchy.
The value (v7) = hash (f1) the figure above, the leaf node Node7, f1 is the hash of the file; node3 of the parent node value = hash (v7, v8), i.e. the value of its child nodes node7 node8 hash.
Other scenarios
document dowload
Suppose I have two machines, A and B, and a file transfer from A to B. B first obtain reliable Merkle tree file, when the file downloading is completed, compare the root node B Merkle root node acquired by the own build, and if not, the binary tree structure may be such a degree of complexity in the log (N) of to quickly locate a data block having the error.
Synchronized copy
A cluster of all the machines, you need to synchronize the data, if the data are inconsistent, you need to quickly locate the node inconsistent.
When can a Merkle tree for each interval in the data structure on each machine, so that the data comparison between the two machines, from the root of the Merkle tree begin to compare, as if the root node, then two copies of the current is the same, no longer need any treatment; If not, then traverse the Merkle tree, navigate to the node inconsistent very fast.
Each block in the block chain contains all of the transactions generated in the block, and is represented by Merkle tree.
Merkle hash tree is a binary tree, which is used as a rapid induction of large-scale data integrity checking and data structure. This binary tree containing encrypted hash value. The term "tree" are often used in computer science to describe a data structure having a branch, but the tree is often displayed upside down, "Root" simultaneous "leaf" in the lower part of FIG, you'll seen in subsequent sections in the upper part of FIG. the appropriate example.
In bitcoin network, to the Merkle tree is summarized in a block of all transactions, while generating a digital fingerprint of the entire set of transactions, and a way to provide an efficient check whether there is a block transaction. Generating a full Merkle hash tree requires recursively hash nodes, and the new node is inserted into the generated Merkle hash tree, until only a hash node that is the root of the Merkle tree. Two bits in currency Merkle tree to SHA256 algorithm, so that a cryptographic hash algorithm is also known as double-SHA256.
When N data elements after insertion encrypted Merkle tree, up to calculate 2 * log2 (N) times an arbitrary data can check whether the elements in the tree, so that the data structure which is very efficient.
Merkle tree is constructed from the bottom up. In the following example, we start with A, B, C, D constituting the four transactions Merkle tree leaves, shown in Figure 1:
All transactions are not stored in the Merkle tree, but the data is hashed and then stored hash value corresponding to the leaf nodes. These leaf nodes are HA, HB, HC and HD:
HA = SHA256(SHA256(Transaction A))
The two leaf nodes adjacent to the hash value of the series with hash, which is then summarized the parent node of the leaf node. For example, in order to create a parent node H ~ AB ~, two 32-byte hash value of the child node and child nodes A to B will be concatenated into a string of 64 bytes. Then two strings hash to generate a hash value of the parent node:
HAB = SHA256(SHA256(HA + HB))
A node to continue until only a procedure similar to the top, i.e. Merkle root. 32-byte hash value generated is stored in the header area, while data is summarized for all four transactions. Figure 1 shows how to calculate a hash value by Merkle tree root node pair.
Because Merkle tree is a binary tree, so it requires an even number of leaf nodes. If only an odd number of transactions require induction, it will be the last transaction to constitute a copy of an even number of leaf nodes, this even-tree leaf nodes are also called balanced tree. As shown in FIG. 2, C a node is copied.
The method of the four transactions Merkle tree structure is equally applicable to any number of transactions from a Merkle tree structure. The bit coin, there is a single block in the hundreds of transactions is very common, these transactions will be summarized using the same method, to produce a mere 32 bytes of data as Merkle root. In Figure 3, you will see a tree formed from 16 transactions. Note that, although FIG roots appear larger than all of the leaf nodes, but in fact they are the same size of 32 bytes. Whether there is a block transactions or one hundred thousand transactions, Merkle root always put all transactions grouped into 32 bytes.
为了证明区块中存在某个特定的交易,一个节点只需要计算log~2~(N)个32字节的哈希值,形成一条从特定交易到树根的认证路径或者Merkle路径即可。随着交易数量的急剧增加,这样的计算量就显得异常重要,因为相对于交易数量的增长,以基底为2的交易数量的对数的增长会缓慢许多。这使得比特币节点能够高效地产生一条10或者12个哈希值(320~384字节)的路径,来证明一个巨量字节大小的区块里上千笔交易中某笔交易的存在。
在图4中,一个节点能够通过生成一条仅有4个32字节哈希值长度(总128字节)的Merkle路径,来证明区块中存在的一笔交易K。该路径有4个哈希值(图中蓝色)HL、HIJ、HMNOP和HABCDEFGH。由这4个哈希值产生的认证路径,再通过计算另外四对哈希值HKL、HIJKL、HIJKLMNOP和Merkle树根(虚线标注),任何节点都能证明H~K~(黑色标注)包含在Merkle根中。
Merkle树的高效随着交易规模的增加而变得异常明显。表2展示了为了证明区块中存在某交易而所需转化为Merkle路径的数据量。
从表中可以看出,当区块大小由16笔交易(4KB)急剧增加至65,535笔交易(16MB)时,为证明交易存在的Merkle路径长度增长极其缓慢,仅仅从128字节到512字节。有了Merkle树,一个节点能够仅下载区块头(80字节/区块),然后从一个全节点回溯一条小的Merkle路径就能认证一笔交易的存在,而不需要存储或者传输大量区块链中的大多数内容,这些内容可能有几个G的大小。这种不需要维护一条完整的区块链的节点,又被称作简单支付验证(SPV)节点,它不需要下载整个区块而通过Merkle路径去验证交易的存在。
Merkle树和简单支付验证(SPV)
Merkle树被SPV节点广泛使用。SPV节点不保存所有交易也不会下载整个区块,仅仅保存区块头。它们使用认证路径或者Merkle路径来验证交易存在于区块中,而不必下载区块中所有交易。
例如,一个SPV节点想知道它钱包中某个比特币地址即将到达的支付。该节点会在节点间的通信链接上建立起bloom过滤器,限制只接受含有目标比特币地址的交易。当节点探测到某交易符合bloom过滤器,它将以Merkleblock消息的形式发送该区块。Merkleblock消息包含区块头和一条连接目标交易与Merkle根的Merkle路径。SPV节点能够使用该路径找到与该交易相关的区块,进而验证对应区块中该交易的有无。SPV节点同时也使用区块头去关联区块和区块链中的其余区块。这两种关联、交易与区块、区块和区块链,就可以证明交易存在于区块链。简而言之,SPV节点会收到少于1KB的有关区块头和Merkle路径的数据,其数据量比一个完整的区块(目前大约有1MB)少了一千多倍。