Peking University Xiao Zhen teacher "block chain technology and application" open class notes
Bitcoin concrete realization of articles, correspondence Xiao teacher video: https: //www.bilibili.com/video/av37065233 p = 5?
Full range of notes, see: https: //blog.csdn.net/Mu_Xiaoye/article/details/ 104 299 664
Block chain is a decentralized books, coins using bit books mode based on the transaction . However, the system does not display account records contain bits coins, in fact, it needs to be estimated by the transaction. The bit coin system, all nodes need to maintain a named UTXO (Unspent Transaction Output Not spent transaction output) data structure.
As shown, A B transferred five BTC, BTC transferred C3 a, B will spend five BTC, then the transaction is not saved in the UTXO, C is not spent, the transaction records stored in the UTXO
UTXO set to be given for each element of the transaction that generates the output hash value, and its output is the first of several transactions. With these two information, you can navigate to the output UTXO.
Why maintain such a data structure? ? ?
In order to prevent "double attack" to determine the legality of a transaction, to check whether the BTC what you want to spend in the set, only in the collection is legitimate. BTC's not UTXO If you want to spend, then explain this BTC either did not exist or had already been spent. Therefore, all nodes need to maintain a UTXO in memory, thereby facilitating rapid detection of double spending (double flowers attacks).
Fair consume each output, but it can also generate new output.
As shown, A B5 transferred to a BTC, then transferred to B to D, the UTXO will delete A-> B records the transaction, and add B-> D records the transaction.
If someone transfers received BTC, but has no flowers, then the message will remain in the UTXO in. This may be the case that the user does not want to spend the BTC (such as: Nakamoto), there may be cause to forget the private key can not be spent. So, UTXO is gradually increasing, but the data now, a common server hard drive is completely save the data.
Each transaction may have a plurality of inputs, there may be a plurality of output, but the output is equal to the sum of the input sum (total inputs = total outputs).
There are some transactions total inputs slightly larger than the total outputs, which will be part of the difference as a transaction fee, to get the accounting right node. In the open class notes in the last-mentioned 4 to "save the block transaction, if only to set the block reward, then the node will exist only want to publish the block to get a bonus block and do not want a package deal?"
Therefore, BTC the system is designed Tranction fee (transaction fee), accounting for obtaining the right node, in addition to a reward block, you can also get a package deal of the transaction fee. But now, the transaction fee is far less than the block reward. Wait until the next block reward becomes less likely to maintain the block chain will mainly depend on the transaction fees.
BTC system every 210,000 blocks, BTC block out the award in half. Calculated according to the following figure, substantially the half block bonus every four years.
The credit is based on the bit pattern transaction corresponding thereto, there is a pattern based on the account (such as: Square ether). Mode based on the account of the requirements, account balance display recording system. In other words, you can directly query the current account balance is how much money. It can be seen Bitcoin this model, privacy is good, but it also comes at a price. During the transaction, because there is no account of the concept, we can not know how many account surplus BTC, it is necessary to explain the source currency (to prevent double flowers attacks). The account based on the mode, the naturally avoids this drawback, is to a digital transfer transaction (s) account balances and other digital subtraction (s) plus account balance
BTC specific system information block
As shown below, is a block of information (from video shots, from blockchain.info)
- What is mining?
Can be seen, the block hash is a hash of the previous block begins with a long string of 0's, try a variety of mining itself is the nonce, the hash value generated such that the block is equal to the target is less than the threshold value. The target threshold, expressed as hexadecimal, is in front of a long list containing 0
The block header data structure of the code implemented. Inside the class disclosed in several domains Notes 4 (bits credits block information) already explained, no further explanation.
Can be seen, a nonce is a 32 bit unsigned integer data, when the mining is carried out by continuously adjusting the nonce, but you can see, the nonce value up to (2 ^ 32) 2 ^ 32 kinds . But not all of these nonce traverse again, it will be able to find to meet the requirements of the nonce. In recent years, more and more people mining, mining has been the difficulty of adjustment is relatively large (about the difficulty of adjustment please pay attention to the follow-up blog post, there will be an introductory special difficulty adjustment), and 2 ^ 32 The search space is too small , so the only adjustment nonce is very likely not find the correct result.
What domains can adjust it?
each of the header fields described below shows the block. The only adjustment nonce is not enough, so there can be adjusted by modifying Merkle Tree root hash value.
Thoughts: Packaged trading and order to determine the root hash value is determined not to do? How can this be amended?
Mint Trading (coinbase transaction)
在公开课笔记4中提及,每个发布区块者可以得到出快奖励,也就是可以在区块中发布一个 铸币交易(coinbase交易) ,这也是BTC系统中产生新比特币的唯一方式。下为一个铸币交易的内容:
可以看到,有一个CoinBase域,其中可以写入任何内容,在这里写什么都没有影响。所以可以在这里添加一些任意信息,便可以实现无法篡改(也无法删除)。(例如:提前写入股票预测结果的哈希值、写入人生感想,写入爱情誓言(无法删除,想想删不掉十年前发表的QQ空间非主流说说是多么痛苦吧,嘿嘿嘿))
所以,只要我们改变了写入内容,便可以改变Merkle Tree 的根哈希值。
下图为一个小型的区块链,假定左下角交易为coinbase交易,可以看到,该交易发生改变会逐级向上传递,最终导致Merkle Tree根哈希值发生改变。
所以,在实际的挖矿中,包含两层循环。外层循环调整coinbase域(可以规定只将其中前x个字节作为另一个nonce),算出block header中根哈希值后,内层循环再调整nonce。
普通转账交易
如果将输入脚本和输出脚本拼接起来可以顺利执行不出现错误,则说明交易合法。
挖矿过程的概率分析
挖矿本质上是不断尝试各种nonce,来求解这样一个puzzle。每次尝试nonce,可以视为一次伯努利试验。最典型的伯努利试验就是投掷硬币,正面和反面朝上概率为p和1-p。在挖矿过程中,一次伯努利试验,成功的概率极小,失败的概率极大。挖矿便是多次进行伯努利试验,且每次随机。这些伯努利试验便构成了a sequence of independent Bernoulli trials(一系列独立的伯努利试验)。根据概率论相关知识知道,伯努利试验本身具有无记忆性。也就是说,无论之前做多少大量试验,对后续继续试验没有任何影响(车牌摇号也是如此,,心痛…)。
对于挖矿来说,便是多次伯努利试验尝试nonce,最终找到一个符合要求的nonce。在这种情况下,可以采用泊松分布进行近似,由此通过概率论可以推断出,系统出块时间服从指数分布。(需要注意的是,出块时间指的是整个系统出块时间,并非挖矿的个人)
系统平均出块时间为10min,该时间为系统本身设计,通过难度调整维护其平均出块时间。
指数分布本身也具有无记忆性。也就是说,对整个系统而言,已经过去10min,仍然没有人挖到区块,那么平均仍然还需要等10min(很不符合人的直觉)。也就是说,将来要挖多久和已经挖多久无关。
虽然这样看起来是一个冷酷的事情,过去的工作可能都会白做。但实际上这才是挖矿公平性的保障。对算力有优势的矿工来说,其之前所做大量工作仍有可能会白费。
比特币总量计算
也就是说,比特币系统中已经挖出和未挖出的比特币总数便是2100万个。
实际上,挖矿这一操作并非在解决数学难题,而是单纯的算力比拼。也就是说,挖矿这一过程并没有实际意义,但挖矿这一过程,却是对比特币系统的稳定起到重要维护作用。
所以,只要大多数算力掌握在好的节点手中,便能够保障比特币系统的稳定。
比特币越来越难被挖到,且出块奖励越来越少,是否说明其未来挖矿的动力将越来越低呢?
实际上,恰恰相反。在早期比特币很容易挖到的时候,比特币并不被人们所看好,而后,比特币估值上涨,吸引其他人参与挖矿,又进一步促进了比特币价值上涨,进而又吸引更多人参与进来。
当出块奖励趋于0时,则整个系统将依赖于交易费运行,届时交易费将成为维护比特币系统运行的重要保障。
比特币系统安全性分析
大多数算力掌握在好的用户手中,能否保障不良交易记录不会被写入区块链?
需要注意的是,算力低的用户并非完全不能获得记账权,仅仅是概率上较低的问题。但实际上,即使拥有少量算力的恶意节点,也有一定概率获得某个区块的记账权。
-
- 可否"偷币"?(恶意节点能不能将其他账户上比特币转给自己?)
答案:不能。因为转账交易需要签名,恶意节点无法伪造他人签名。加入其获得记账权并硬往区块中写入该交易,大多数用户会认为其是一个非法区块,大多数算力将不认可该区块,从而沿着其他路径挖矿,随着时间推移,拥有大多数算力的诚实的节点将会仍然沿着原来区块挖矿,从而形成一条“最长合法链”,该区块变成孤儿区块。对于攻击者来说,不仅不能偷到其他人的比特币,而且得不到出块奖励,还浪费了挖矿花费的电费等成本。
- 可否"偷币"?(恶意节点能不能将其他账户上比特币转给自己?)
-
- 可否将已经话过的币再花一遍?
如下图1,若M已经将钱转给B,现在想再转给自己,假设其获得记账权,若按照图1方式,很明显为一个非法区块,不会被其他节点承认。
所以,M只能选择图2方式,将M转账给B的记录回滚掉。这样就有了两条等长合法链,取决于哪一个会胜出。(如果上面交易产生不可逆的外部效果,下面交易回滚便又拿回钱,从而不当获益)
- 可否将已经话过的币再花一遍?
需要注意的是,再挖矿之初便要选择上一个区块是谁。也就是说,并不是获得记账权之后才选择插入到哪一个区块之后。
如何防范这种攻击???
如果再M->B这个交易之后还延续有几个区块,如下图所示,则大多数诚实节点不会承认下面的链。所以,便变成了恶意节点挖下面的链,其他节点挖上面的链的算力比拼。由于区块链中大多数节点为善意节点,则最终上面链会胜出,而恶意节点的链会不被认可,从而导致投入成本白费。
所以,一种简单防范防范便是多等几个确认区块。比特币协议中,缺省需要等6个确认区块,此时才认为该记录是不可篡改的。平均出块时间10min,六个确认区块便需要1小时,可见等待时间还是相对较长的。
-
- 可否故意不包含合法交易?
可以,但是可以等待后续区块包含,所以问题不大。实际运行中,可能由于某段时间实际交易数太多,而一个区块包含交易数存在最大值,导致某些合法交易并未被写入区块链(等待后续区块写入)。
- 可否故意不包含合法交易?
-
- selfish mining
提前挖到但不发布,继续挖下去,等到想要攻击的交易等了6次确认认为安全之后将整条链发布出去,试图回滚原来记录。这种情况,需要恶意节点掌握系统中半数以上算力才行,否则无法成为最长合法链。
- selfish mining
selfish mining有好处吗?
如图所示,假使挖到2号时候先不发布,则其他人仍然需要挖1号区块,若其算力足够强,能保证别人挖出1之后可以挖出3.可以此时将2和3一起发布,从而将1区块所在链最长合法链挤掉(减少了别人和自己竞争挖3号区块)。
但这样存在风险,如果别人已经挖出1,自己还没挖出3,则需要尽快发布2和别人竞争最长合法链地位。
It should be noted that the Bitcoin system, if the following occurs, each node in order to receive their first chain block where the main chain of the block will not receive legal recognition (but will first be saved) . At this point it will become two groups of operators digging force distribution 1 and 2, which became the backbone of concrete, depending on which one chain to dig into the next block, so that both legal as long as the length of the chain appear inconsistent, the ultimate winner the longest legal chain.
