Índice Introduccion………………………………………………………………..……….2 FUNCION HASH VENTAJAS: DESVENTAJAS: Algoritmos hasting……………………………………………………………3 ALGORITMO HASHING ALGORITMOS DE HASH MAS COMUNES F…Descripción completa
Bitcoin
Bitcoin implementation secrets.
Crypto Trading PHP Script from Coinjoker is well structured by considering the exchanger's minds and future prediction of cryptocurrency business industry and markets.The features includes in the script are p2p, liquidity, buy sell option etc.
Descripción completa
Understanding Bitcoin
asd
Descripción: Glosario Bitcoin
Bitcoin Lawsuit against Craig Wright
ummary: I use a very simple model of transaction value, bitcoin velocity and the number of bitcoins in use to derive a fair value for a bitcoin today. Rather than trying to analyse in detail the li...
Andreas M. Antonopoulos é um grego especialista em segurança da informação atualmente reside na califórnia, empresário e autor de um podcast sobre tecnologia e Bitcoin. Atua no ensino sob…Descrição completa
Bitcoin Lawsuit against Craig WrightFull description
www.bitcoin.nl
okDeskripsi lengkap
Cara mendapatkan bitcoin
Description : saxophone duets
Tesis de maestría de Nicholas Joseph Rageb sobre la darbuka con énfasis especial en Turquía.Descripción completa
e liquid guide for dummies
Fr om Hashi ngt oBi t coi n Encodi ng,Encr pyti on and Hashi ng Encodi ng,encrpyt i onandhashi ngar eeasi l yconf used.Al lt hr eeoft hem t ransf orm dat ai nt oanot herf orma mat ,encodi ng a nde nc r y pt i o na r er e v e r s i bl e( e nc o di ngv sde c o di ng ,whi l ee nc r y pt i o nv sde c r y pt i o n) ,whi l eha s hi ngi si r r e v e r s i bl e .The purposeofencodi ngi st ot r ansf orm dat ai nt oaproperf orma matf orasys t em t oconsume( ort oacces s) ,suchasASCI I andbase64,t heschem me ei spubl i cl yavai l abl e,nokeyi sneededt odecode.Thepurposeofencrypt i on i st ot r ansf orm da t ai no r d e rt oke e pi ts e c r e tf r o mo t he r s ,s ot ha ti tc a no nl ybec o ns ume db yt a r g e t e dr e c i pi e nt s ,whoc anr e v e r s et he t r ansf orma mat i onwi t hpasswor d( key) .Hashi ngi sama mappi ng( knownashashi ngf unct i on )t hatma mapanyi nput( usual l y f as t r i ngo ra s e r i a l i z e dda t as t r uc t ur e )i nt oafix e ds i z es t r i ng( o ra fix e ds i z ei nt e g e r ,o ra fix e dl e ng t hb yt es t r e a m) m) , whi l ef ul f ul l i ngt hef ol l owi ngpr oper t i e s:( 1)t hes amei nput sgi v et hesameout put s,di ffe r e nti nput sgi v edi ffer ent 1 o ut put s ,( 2)r e v e r s i ngt h et r a ns f o r ma ma t i o ni si mpo s s i bl e( i . e .wec anno tfi ndi nputg i v e no ut put ,o r i sunknown)and f ( 3)ami mi norchangei ni nputwi l lr esul ti n a drast i cchangei n out put( known ast heaval anche effect ) .Ther ei sno obvi ouspat t erni nt hema mappi ng,hashi ngf unct i oni sl apseudorandom r edi st ri but i on oft hei nput s,butofcour se, i ke hashi ng f unct i on i snonst ochast i c( i ti sdet ermi mi ni st i c) .Hashi ngan obj ectme meansdi gest i ngt heobj ectwi t h hashi ng f unc t i o nt og e taha s hv a l ue ,i . e .s e r i a l i z e do bj e c ti st hei nputo fha s hi ngf unc t i o n,whi l eha s hv a l uei st heout puto f hashi ngf unct i on.
encodi ng encr ypt i on hashi ng
r e v e r s i bl e y e s y e s no
cr ypt ogr aphi chas hi ng
no
ke yi nv ol v e dpur po se s no f or matconv e r s i on y e s ke epi ngs ec r e t y e s/no ( 1)has ht abl e ,al l ow O( s e a r c h i ng 1) ( 2)v er i f yi ngfil ei nt e gr i t y ( 3)pr o t e c t i ngpa ss wo r d y e s di gi t alsi gnat ur e
Fi na l l y ,weha v ec r y pt o g r a phi cha s hi ng ,whi c hi sac o m mb bi na t i o no fe nc r y pt i o na ndha s hi ng ,i ti sus ua l l yus e da sdi g i t a l si gnat ur e.Pl easedonotconf useencrypt i on wi t hdi gi t alsi gnat ur e,adi gi t alsi gnat ur eon adocumentcannotmaket he documentconfident i al ,t hedi gi t alsi gnat ur ecan onl ybeusedasan endorseme mentoft hedocument ,i . e.decl ari ngt hat t hedocumenti sappr ovedbyt hesi gner .Gi vent hecr edi toft hesi gner ,wecant rustt hedocument .
Encr ypt i on Cr y p t o g r a phyi nv o l v e se nc r y pt i o n( f r o m pl a i nt e x tt oc i phe r t e x t )a ndde c r y pt i o n( f r o mc i phe r t e x tt opl a i nt e x t ) .A k e yi s needed,her et hekeym me eanspasswor d,whi chi sadi ffer entconceptf r om t hekeyi nhash.Crypt ogr aphycanber oughl y di vi ded i nt osymm mmet ri candasymm mmet ri c,t hel at t eri sknown aspubl i ckeycrypt ogr aphy.Forsym mm met ri ccrypt ogr aphy , t he r ei sapr i v a t eke y ,a v ai l a bl eo nl yt ot h epa r t i e swhos ha r et hes e c r e t ,t hes ameke yi sus e df o rbo t he nc r y pt i o na nd decrypt i on.Forasymm mmet ri ccrypt ography ,t her ear et wokeys:publ i ckeyandpri vat ekey ,you can doencrypt i on wi t h ei t herkeyand do decrypt i on wi t h anot herkey( i . e.you cannotencryptanddecr yptwi t ht hesamekey) .Consi dera managerhavi ng t hepri vat ekey ,publ i shest he publ i ckeyt o al lhi scol l eagues.Al ldocument ssentby col l eagues shoul dbeencrypt edwi t ht hepubl i ckey,t husonl yt hema managerhastheri ghtt odecryptusi nghi spri vat ekey .I nt he ot herwayround,whendocument ssentbyt hema managerar eencr ypt edwi t h hi spr i vat ekey,ev er yoneabl et odecr ypt usi ngt hepubl i ckey ,doi ngt hi swayseem ms st obeme meani ngl ess,butl at erwewi wi l lsee,t hi scan beusedt oget herwi t h ha s hi ngt og e ne r a t edi g i t a ls i g na t ur e ,t hi sappl i c a t i o ni sno tr e g a r de da sc r y pt o g r a phy ,i ti skno wn a sc r y pt o g r a phi c ha shi ng ,pl e as er e adl a t t e rs e c t i o ns .
cr ypt ogr aphy cr ypt og r aphi chashi ng
publ i cke y f ore nc r ypt i on f ors i gni ngdoc ume ment
pr i v at eke y f orde cr ypt i on f orsi gnat ur eve r i ficat i on
Hashi ng Hashi ngf unct i on mapskeyi nt oi nt eger s( orbucket s) .Thehash f unct i on shoul d di st ri but et hekeysasuni f orml ml yas po ss i bl et ot hebuc ke t s( i . e .o ut puts pa ce ) ,s ot hatt heout puts pa cei se v e nl yus e d( i nt hi sc ont e x t ,ke yi st hei nputt o hash f unct i on,i ti sadi ffer entconceptf r om wi t ht hekeyi n encrypt i on) .Supposehash f unct i on h( hasbucketsi ze k) M: h(k ) ∈ {1, 2,3,..., M }
∑ prob( k ) k |h ( k ) =1
=
∑ prob ( k ) k |h ( k ) = 2
=
∑ prob( k ) k |h ( k ) =3
=… 1
i . e.
∑ prob( k ) = 1 / M
k |h ( k ) = m
∀m ∈ [1, M ]
Someexampl esofhashf unct i ons: ( 1)
h(k )
=
k mod M
( 2)
h(k )
=
floor (( kc − floor ( kc )) × M )
=
floor ((kc mod 1) × M )
known asKnut i si r r at i onal hmul t i pl i c at i v ehas h,c
Thefir s te xampl ei sappl i cabl eonl ywhen M i sno tapo we ro f2,o t he r wi s ei fweal l o w M =2n,t hent hehashf unct i oni s afil t e rt ha ts i mpl ys el e c tt hen l owerbi t sast hehashout put .Pri menumberwhi chi scl osedt oapowerof2 i sag o od c ho i c eo fM.Thesecondexampl emul t i pl i esM wi t haf r a ct i o n,whi c hl i e swi t hi n[ 0, 1] ,t ocr e a t eaflo at i ngpo i ntt hatl i e s wi t hi n[ 0, M] .Foreffic i e nti mpl e me nt at i on,wecanpi c k M t obepowerof2 andKnut hsugges t st hatt heopt i malval ue ofc t o be ( i st her e any pr oof?) .Let st ake a l ook att hef ourdi ffer entappl i cat i ons of √ 51) /2 = 0. 6180339887. . .( hashi ng. Appl i c at i on1–Hasht abl e Al i nears ear c hi nanunor der edl i neardat as t r uct ur e ,suc hass t d: : v ec t orands t d: : l i s t ,hasaneffic i encyof O( ,whi l e N) abi narysear chi n an ordereddat ast ruct ur e,suchasst d: : setandst d: : map,hasabet t ereffici encyof O( ,whi c h l ogN) canbef urt heri mpr ovedt oO( i na no t he rd at as t r uc t ur e ,t heha s ht a bl e! !Ha s ht a bl ei sana r r a yo f M buc k e t s ,wi t h 1) i ndexm∈[ .When an obj ecti si nser t edi nt ohash t abl e,i tshoul dbehashed( wi t h hash f unct i on)t ogetabucket 1, M] i nde x( ha s hv a l ue ) ,t heo bj e c ti st he n puti nt ot h ebuc k e t .The o r e t i c a l l y ,whe n ago odha s hf unc t i o ni sus e d,di ffe r e n t obj ect shavedi ffer enthashval ues,howeve rt her ei snoguarant ee.Whenmul t i pl eobj ect ssharet hesamehash val ue, c ol l i s i o no c cur s .T os o l v ehas hc ol l us i o n,wec ans t o r eal i s to fo bj e c t si ns t e ado fo nes i ng l eobj e c ti ne ac hbuc ke t ,t hi s me t ho di sc a l l e ds e pa r a t ec ha i ni ng .Ho we v e r ,i fc o l l i s i o n ha ppe nst o of r e q ue nt l y ,s e a r c hi nge ffic i e nc ywi l lber e d uc e d. Exampl esofhasht abl ei ncl udest d: : unor der ed_setandst d: : unor dered_map. Appl i c at i on2–Fi l ei nt egr i t y Si nc edi ffe r e nto bj e c t sha v edi ffe r e ntha s hv a l ue s( f o ra ni de a lha s hi ngf unc t i o n) ,be s i de s ,ami no rc ha ng ei nt heo bj e c t wi l lr e sul ti n adr as t i cc hang ei n has hv al ue( av al anc hee ffe ct ) ,has hi ngt husbe come saus e f ult oolf orv er i f yi ngfil e i nt egr i t y .When a fil ei shashed,i thasa uni quehash val ue,when i ti scorr upt ed,i t shash val uechanges.I fyou downl oad afil ef r om asi t e,you can doi nt egri t ychecki ngi ft hesi t epubl i sheshash val uest oget herwi t h downl oad l i nk.Pr ogram md5s i spr ovi dedi nl i nuxt oper f orm t hewel lknownMD5hashi ng.Forexampl e,i nl i nux: um $ cat file1 This is a very small file with a few characters. $ cat file2 this is a very small file with a few characters. $ md5sum file1 file2 75cdbfeb70a06d42210938da88c42991 file1 6fbe37f1eea0f802bd792ea885cd03e2 file2
Pl e as eno t et hatt hesi z eofhas hv al uei sfix e d( i . e . 32×4 numberofbucket si sconst ant ) ,whi ch i s2 i n t hi sexampl e.
Appl i c at i on3–Pr ot ec t i ngpasswor d Somepeopl el i ket ouset hesamepasswordf ormul t i pl ewebsi t es,i ti sa bad i deaf orwebsi t est ost oret hei ruser s’ passwor dsi nsi dewebser ver si nr aw f ormat ,i nst ead t heyshoul dhash t hepasswor dsbef or est ori ngi n webser ver s. Passwordst r ansf err edi nt henet wor ki si nr aw f ormat ,whi l epasswordsst oredi nserv er sarehashed,t huspasswords r ead f r om t henet wor k shoul d befirs t l yhashedbef or ecompari ngwi t ht hehashedpasswor dsi n ser ve r s.Assumi ng t hatdi ffer entserv er susedi ffer enthashi ngf unct i ons,wecanavoi dhackersf r om hacki nguser s’ ot heraccount si ft hei r hashedpasswordsarest ol enf r om oneoft hewebserver s( butwhathappensi fhacker sst ealpasswordsdi r ect l yf r om t henet wor k,rat hert hanf r om t heserver s?) .
Cr ypt ographi chashi ng Di gi t alsi gnat ur ei sacombi nat i onofpri vat ekeycrypt ographyandhashi ng( pl easenot et hatyoucannotaccompl i shi t wi t hs ymme t r i cc r ypt ogr aphy) .Thedoc ume ntt obes i gne di sfir s t l yhashed,sot hati ti st r ansf or me di nt oan out put wi t hfixe ds i z e,c al l edt heme ss agedi g es t( not e:docume ntcanbev e r yl ar ge ,whi l eme ss ag edi g es thasfixe ds i z e) .The me s s ag edi g e s ti st he ne nc r y pt e dus i ngpr i v a t eke yt og ene r a t eas i g na t ur e( i . e .wi t h me s s ag edi g e s ta spl a i nt e x t ,a nd si gnat ur easci pher t ext ) ,t hesi gnat ur ei st henappendt ot heraw documentt of orm asi gneddocument .Pl easenot e: ( 1)t hehol derofpri vat ekeyi st heonl ywhocanmaket hesi gnat ur eand( 2)t hedocumenti snotencr ypt ed,eve ry one canr eadt hedocument ,t heyj ustdon’ tknow whet hert hedocumenti sr el i abl e,unl essdocumenti sendor sedbysome aut ho r i t i e s .He r ei st hes i g ni ngal g or i t hm :
hashi ng
e nc r y p twi t h pr i v at eke y
s i g nat ur e
appendt ot he r awdocument
s i g nat ur e 2
r aw doc ume nt
me s s ag edi g es t ed
s i gneddoc ument
How can wever i f ywhet heradocumenti ssi gnedf r om t hesi gneddocumentandpubl i ckeyonl y?Fi r st l y ,t hesi gned documenti spart i t i onedi nt oasi gnat ur eandaraw document ,t hesi gnat ur ei st hendecrypt edwi t hpubl i ckey,whi ch i st hencompare dwi t ht hemessagedi gestgenerat edbyhashi ngt herawdocument .I ft heyaree qui val ent ,t henwecan c l a i mt ha tt hedo c ume nti ss i g ne d.He r ei st hes i g na t ur ev e r i fic a t i o na l g o r i t hm :
hashi ng
s i g nat ur e
s i g nat ur e
d e c r y ptwi t h publ i ck e y
I ft he yar ee q ui v al e nt ,t he n t hedocumenti ssi gned.
Pract i calpubl i ckeycrypt ographyandhashi ngi ncl ude: al g or i t hm hashi ng ha shi ng publ i ck e yc r y pt o g r a phy publ i cke yc r ypt og r aphy
MD5 SHA256 ECDSA RSA
appl i c at i on l i nuxcommandmd5sum bi t coi n bl oc kc ha i n’ scons t r uc t i on ( al socal l e dbi t c oi n mi ni ng ) bi t c o i nt r a ns a c t i o n’ sdi g i t a ls i g na t ur e HKEX’ sOr i onope nga t e way( useope nss ll i br ar y)
El l i pt i ccurvedi gi t alsi gnatureal gori thm ( ECDSA) No wl e t st a k eal o oka tho we l l i p t i cc ur v edi g i t a ls i g na t ur ea l g o r i t hm g e ne r a t eapa i ro fpubl i cke yandpr i v a t eke y .I t i nv o l v e st woma t h ema t i c a lc o nc e pt s( 1)e l l i p t i cc ur v ea nd( 2)fini t efie l da r i t hme t i c ,t hel a t t e rr e q ui r e snumbe rt he o r y , pl easenot et hatt hi ssect i on i sj ustasi mpl ei nt r oduct i on t oECDSA whi l eski ppi ngcompl i cat ednumbert heory ,t hus t hema t he ma t i c a lt r e a t me nti nt hi ss ec t i o ni sno tv i g o r o use no ug h.Fi r s to fa l l ,a ne l l i pt i cc ur v ei sde fine da s: y 2
=
x 3 + ax + b
Fo rb i t c o i n,weha v ea=0 andb=7,whi c hl o okl i ke st hi s:
I thasse v e r a lus e f ulpr o pe r t i e s:( 1)i ti ss y mme t r i cabo utxax i s( t hepr o o fi sea sy ) ,( 2)anyno nv e r t i c als t r a i g htl i ne i nt e r s e c t i ngt heel l i p t i ccur v eatt wono nt a ng e ntp oi nt s ,wi l la l wa y si nt e r s e c tat hi r dpo i nto nt hec ur v eand y=mx+c ( 3)a nyno nv e r t i c als t r a i g htl i ne y=mx+c t a ng e ntt ot hee l l i pt i cc ur v ea to nepo i nt ,wi l li nt e r s e c tpr e c i s e l yo neo t he r poi ntont hecurve( how canwepr ovepropert y2and3) .Let sconsi dert hef ol l owi ngsyst em ofequat i ons: y 2
=
y = ⇒
mx + c
2
=
0 =
x
(mx + c)
x 3 + ax + b
3
whi c hi st heel l i pt i ccur v e whi c hi st henonv er t i c all i ne
x 3 + ax + b
− m 2 x 2 + ( a − 2mc) x + (b − c 2 )
( e q ua t i o n1)
Ther ef or epr oper t y2and3c anbecombi ne dast hi ss t at eme nt:c u bi ce q uat i o n1e i t he rh as 3
0r e alr o ot ,i . e .3i magi nar yr o ot sor 1r e alr o ot ,i . e .2i magi nar yr o ot sor 3r ealr oot s,amongwhi c h,t wooft hem maybet hesame. Wi t hpr oper t y2and3,wecandefinepoi ntaddi t i on( LHSfigur e)andpoi ntdoubl i ng( RHSfigur e ) .Poi ntaddi t i on P+Q = oft wopoi nt sP andQ l y i ngo nt hee l l i p t i ccur v ei sde fine da st her e fle c t i o nt hr o ug hx a x i so ft het hi r di nt e r s e c t i ng R po i ntR’ be t we e nt hec ur v ea ndt hes t r a i g htl i nej o i ni ng P andQ,whi l epo i ntdo ubl i ngP+P=R o fapo i ntP l y i ngont he e l l i pt i cc ur v ei sde fine da st her e fle c t i o nt hr o ug hx a xi so ft hei nt e r s e c t i ngpo i nt R’ bet weent hecurveandt het angent atP.
Wi t hpoi ntaddi t i onandpoi ntdoubl i ng,wec ande finepoi ntmul t i pl i c at i onas:
( e q ua t i o n2) Le t sfindt hei nt e r s e c t i o n R’ a ndi t sr e fl ec t i o n R=( g i v e npo i ntP=( andQ=( f o rpo i nta ddi t i o n. =( r r r r px, py) qx, qy) x, y) x, y) − r y
whe r e m =
m( r x − p x ) + p y
=
asR’mus tl i eo nt hel i nePQ
( q y − p y ) /( q x − p x )
and supposet hel i nej oi ni ngPQi sy=mx+c ,i t si nt e r s e c t i o n wi t he l l i pt i cc ur v ec anbeobt a i ne ds o l v i ngeq uat i o n 1. x
3
− m 2 x 2 + (a − 2mc) x + (b − c 2 )
≡
( x − p x )( x − q x )( x − r x )
x
3
− m 2 x 2 + (a − 2mc) x + (b − c 2 )
≡
x
m
2
=
3
− ( p x + q x + r x ) x
p x + q x + r x
2
+ ( p x q x + q x r x + r x p x ) x − p x q x r x
b yc o mpar i ngt heq uadr at i ct e r m
Thuswehav et her eflec t i onofi nt e r s ec t i on: r y =
m( p x − r x ) − p y
r x =
m
2
− ( p x + q x )
wher e m = ( q y − p y ) /( q x − p x )
( e quat i on
3a) Le t sfindt hei nt e r s e c t i o n R’ andi t sr e fl e c t i o n R=( g i v e npo i ntP=( f o rpo i ntd oubl i ng .Al lt hea bo v ear e =( r r r r px, py) x, y) x, y) s t i l lv al i d,onl ye xc eptf ort hev al ueofm,wene e dt ofindbyt a ki ngde r i v at i v eo ft hee l l i pt i cc ur v e . 4
dy 2
=
d ( x
3
+ ax + b)
2 ydy =
3 x 2 dx + adx
dy / dx
=
(3 x 2 + a ) /( 2 y )
Thuswehav et hei nt e r s ec t i on: r y =
m( p x − r x ) − p y
r x =
m 2 − 2 p x
2 wher e m = (3 p x + a ) /(2 p y )
( e quat i on
3b) Now,l et si nt r oducet hefini t efiel d.I nt hecont extofECDSA,fini t efiel dcan beregar dedasapr edefinedsetofposi t i ve i nt e g e r swi t hi n whi c he v e r yc a l c ul a t i o n mus tf a l l( he r ec al c ul a t i o ni nc l ude sa ddi t i o n,s ubt r a c t i o n,mul t i pl i c a t i o na nd di v i s i o n) .Ho we v e r ,e l l i pt i cc ur v ei sac ont i nuo uscur v ei n ℜ2,how can wet r ansf orm afloat i ngpoi ntcoor di nat epai r i nt oa ni nt e g e rpa i rt hatl i e swi t hi nar a ng e(0≤ ?I ti nv o l v e sr a t i o na lnumbe ra nd mod o pe r a t i o n( a ny x
R’ Q R P
Pl e a s eno t et h ef o l l o wi ng .( 1)Ase l l i p t i cc ur v ei ss y mme t r i ci nc o nt i nuo usfie l d,i tmus tbes y mme t r i ci nfini t efie l d,but t hea xi so fs y mme t r ys hi f t st oy=67/2,s i nc er e fl ec t i o n– o re xampl e ,r e fle c t i o no f34i symod67=( 67y)mod67,f 34 c hi s33.( 2)Whe nwepl o ti nfini t el o ngs t l i nei nt hefini t efie l d,i twi l lwr a pa r o undwhe ni tr e a c he se i t he r mod67,whi e a ses e eho wt hel i nePQ wr apar oundi nRHSfigur e.( 3)Thepoi nt sonLHSfigur esf or m afini t efiel d, x=67ory=67,pl aso pe r a t i o nsoft hepo i nt s( i . e .po i nta ddi t i o n,po i ntdo ubl i ngandpo i ntmul t i pl i c at i o n)r e t ur napo i ntt hatbe l o ng st o t hes ames e t .( 4)Po i ntl y i ngont hee l l i pt i cc ur v ec anbes ol e l yde t e r mi ne dbyxco or d i na t e ,a si t syc oo r di na t e( andi t s 3 r e fl e c t i o n’ syc o or di na t e )c a n bef o undb y:y=±√ ( .He nc ei nt e r s e c t i o n R’ c anbee as i l yf o und:e x t e nds t l i nePQ x+ax+b) 2 ( wr a pa r o undi fne c e s s ar y )unt i li tr e a c he sx=m accor di ngt oequat i on3a,whi chi sx=47 i nt heabovee xampl e. ( px+qx) TheECDSApr ot ocoli suni quel yde finedbyt hef ol l owi ngs e tofpar ame t e r s: • • • •
e l l i pt i ccur v epar a me t e r sa andb pr i memodul oM basepoi ntP o r d e rN
Publ i cke yc r y pt o g r a phyt he ni nv o l v e spo i ntmul t i pl i c a t i o n P× n,wher eP l i e sone l l i pt i cc ur v ewi t hpar a me t e r sa andb whi l en∈[ .Forbi t coi n,al lt heparamet er sarever yenormousnumberswhi chmakebrut ef or cer eve r seengi neer i ng 1, N] 2 3 i mpo ss i bl e .Bi t c oi nus e sel l i pt i cc ur v ey =x +7,whi l e rime m!dul!
Not e:Basepoi ntshoul dbeacoordi nat epai r ,we somehow combi net hexand ycoor di nat e,t hen c o nv e r ti tt oaby t es t r e a m. 5
)++&*'&6 +%48+03) )%*25&8' *0364141
Now l et sseehow wecangenerat eapri vat e–publ i ckeypai r .Pri vat ekeyi sj ustarandom numberchoseni nbet ween1 andN,t hen publ i ckeyi sderi vedf r om poi ntmul t i pl i cat i on : ublic,-ey " rivate,-ey × base,!i(t ,whi chcan be i mpl ement edbyequat i on 2f orbet t ereffici ency .Thusgi venpri vat ekey ,wecan gener at epubl i ckey,butnott heot her wayr ound,t hi si saonewayt r i p.Si nceapoi ntone l l i pt i ccur v efini t efiel dcanbede t er mi ne ds ol el ybyxc oor di nat e , t hepubl i ck e yca nbec o mpr e s s e db ys t o r i ngt hexc oo r d i na t eo nl y( o fc o ur s ey o ua l s one e dt or e c o r dwhi c hs i dei tl i e s: o r i g i na ls i dev sr e fl e c t i o n) .No w,Ia mg o i ngt os ki pt hes i g ni ngpr o c e dur ea nds i g na t ur ev e r i fic a t i o npr o c e dur e . Formoredet ai l saboutfini t efiel d ari t hmet i c,pl easer ef ert ot hebook Cr ypt ogr aphyand Sec ur i t yi n Comput i ng by I n Te c h,pa r t i c ul a r l yc ha pt e r6 .Amo ngt ho s epubl i cke yc r y pt o g r a phy ,RSAi sag o oda l g o r i t hm t os t a r twi t h( i ti nv o l v e s t hef ol l owi ngconcept sonl y:pri menumber ,gre at estcommon di vi sor ,congruenceandEul er ’ sphif unct i on) ,f ormore de t a i l sabo utRSA,pl e a s er e f e rt ot hewe bs i t e NumberTheor yand t heRSAPubl i cKeyCr ypt osy st em . F ormo r ed e t a i l s aboutECDSA,pl easer ef ert ot hewebsi t eMat hsbehi ndbi t boi n byEri cRykwal der .
Payment Paymenti saseparat epr ocessf r om t radi ng,becausepaymentcanbeverysl ow,i ti nvol vesal otpr ocedur est oensur ea saf et ransf erofmoney( ri skmanagement ) ,whi l etr adi ngcan beveryf ast ,l i ket hosei nhi gh f r equencyt r adi ng( hence t her eexi st saset t l ementst epwhi chhandl espaymentseparat el y) .VI SAhandl es2000t r ansact i onspersec ond( t ps)on aver age,wi t hpeakcapaci t yat56000t ps,whi l ePaypalhandl es115t psonaver age.Nowadaysbi t coi nhandl es7t pson a v er a ge .The r e f o r es c al abi l i t yi sani s s uef o rbi t c oi n. Mo ne ys e r v e st hr e ep ur p os e s:( 1)pa y me nt ,( 2)s t o r a g eo fv a l ue sa nd( 3)a c co unt i ng( l i kec a l c ul a t i ngGDP) .Pa y me nti s meansmoneyt ransf er ,whi l emoneysuppl yM1i ncl udescurr ency ,deposi tandcr edi t .Tradi t i onal l y,paymenti sdonei n acent r al i zedway ,whi chmeanst her eexi st safinanci ali nst i t ut i on asan i nt er medi at or .SupposeA gi vesB acheque wi t h auni ques e r i alnumbe r ,B r equi r esace nt r al i z e d financ i ali ns t i t ut i on’ she l pt oensur et wot hi ngsbe f or ehec an acceptt hepayment:( 1)A doeshavet heowner shi poft hecheque( i . e.A hast heri ghtt ospendi t )and( 2)A hasnot spentt hemoneybef ore( knownasdoubl espendi ng) .Bot hpr obl emscanbesol vedeasi l yei t herby( 1)goi ngt hr oughan i nt e r me di at o ro r( 2)us i ngphy s i c alc ur r e nc y( c e nt r a lba nkc e nt r a l i z e sl e g alt e nde rpr i nt i ng ) .Ho wa bo utade c e nt r a l i z e d wor l d?
I nt r oducti on t obi t coi nnet work Owni ngabi t coi ndoesnotmeanowni nganencryt edbi t coi nfil e,at r ansact i ondoesnotmeanpassi ngt hatfil ear ound, i ns t e a do wni ngabi t c o i nme a nsy o uha v et her i g htt os pe ndi t( o rt r a ns f e ri tt os o me o ne )b ybr o adc a s t i nga t r a ns a ct i o n messagei nt hebi t coi n net wor k,whi ch wi l lcr eat ea t r ansact i on r ecor di n adi st ri but edl edger ,known asbl ockchai n, af t erbi t coi n net work’ s ver i ficat i on ( ormorepr eci sel y,r eachi ng consensus by t he nodes i n bi t coi n net work) .The bl oc kc hai ni sapubl i c l yav ai l abl el e dg e r( l i keanacc ount i ngbook) ,i ti sar ec or dofal lt r ansact i onsi nt hee nt i r ebi t c oi n hi s t o r y .Bl o c kc hai nr e c o r dsbi t c oi nt r a ns ac t i o nsonl y ,i tdo e sno tr e c or dbi t c oi n ba l a nc ef o re ac ha cc ount( i ti sus e r ’ s r esponsi bi l i t yt oworkonhi sownbal ance) ,andofcours e,wecanwor koutt hebal anceofal laccount sgi vent heent i r e bl oc kc hai n.I nbi t c oi npr ot ocol ,bl oc kc hai ni sac hai n( oral i s t )ofbl oc ks ,t obemo r epr ec i se ,i ti sa“ v er yl i ne ar ”t r e eof ockchai n,block ransact i on r ecord bl oc ks,whi l ebl oc ki sagr oupoft r ansact i onr e cor ds .Thus bl andt a r et het hr e e mo s tf unda l me nt a lc o nc e pt si nbi t c o i npr o t o c ol . Each part i ci panti sanodei nt hebi t coi nnet work.Ther earet hr eet ypesofnodes,( 1)mi ner swhohel pt omanaget he l edgerwhi l eearni ngnew bi t coi nsandt r ansact i on f eei nr et urn,( 2)moni t orwhopr ovi demoni t ori ngservi ceovert he bi t c oi n ne t wor k,suc h asbl oc kc hai n. i nf o,whi c h publ i s he sal otofr e al t i mes t at i s t i cssuc h ast ur nov e r ,t ot alma r ke t capi t al i zat i onandbl ocki nf ormat i ons,andfinal l y( 3)user swhousebi t coi nf orpayment .User sneedt orunasof t ware, ormobi l eapps,known ast hewal l et ,f orgenerat i ngt r ansact i on messages ,maki ngsi gnat ur eandchecki ngwhet hera t r ansact i on i sconfirmedbyt hebi t coi n net work.Thebi t coi n net worki sgover nedsol el ybybi t coi n pr ot ocol ,whi ch i s si mpl yasetofrul esandmessagedefini t i on.Ther ei s nocent ,t henhow doesbi t coi n pr ot ocol ral i zed bi t coi n server v er i f ybi t c oi n owne r shi pandaddr e s sdoubl espe ndi ngpr obl e m?Theshor tans weri s,bi t c oi n pr ot ocolv er i fiesbi t coi n owner shi pusi ngECDSA andaddre sse sdoubl espendi ngpr obl em bybl ockchai n,whi chi sconst r uct edt hr oughvo t i ng bymi ne r swi t ht he i rc omput at i onpower ,i nv ol vi ngi nnume r ousSHA256hashi ng.Her ear es omema j ormi ner s.
6
b ybl o c k c hai n. i nf o1s tAug2015
Tr ansact i on Tr ansact i oni st hec or eofbi t coi npr ot ocol .Supposet haty ouwantt ot r ansf e ranamo untofbi t c oi nst os ome one,fir s t l y y ou s houl dg ene r at eat r ans ac t i onme ssage( i nc l udi ngy ours i gnat ur e ) ,andbr oadcas ti tt obi t c oi nne t wor k,t hene ac h no dei nt hene t wo r kwi l lv e r i f yt hi st r a ns a c t i o n( i . e .whe t he ry o u ha v et her i g htt os pe ndt hebi t c o i ns ) .A t r a ns a c t i o n messagerecor ds( 1)t hesi ngl esour ce( ormul t i pl esour ces)f r om whi chyou gett hebi t coi ns,whi chi sknownasi nput , ( 2)t heamountofbi t coi nsandt hedest i nat i on,whi chi sknownasout put ,and( 3)yourownECDSAsi gnat ur et oget her wi t ht hecor r es pondi ngpubl i cke y( ECDSAs i gnat ur eme ans:appe ndi ngi nputwi t hout put ,whi c hi st he nsi gnedwi t h ECDSA pri vat ekey) .[ T r a ns a c t i o n me s s ag ef o r ma tde s c r i be d he r ei sj us tf o ri l l us t r a t i o no nl y ,i ti sdi ffe r e n tf r o m t he e xac tpr o t o co l ,f o rde t ai l s ,p l e as er e f e rt ot hebi t c oi ns pe ci fic at i o ns ] .I nputsour cei sspeci fiedbyt r ansact i on i d,out put dest i nat i on i sspeci fiedbyt headdres soft herece i ver ,butwai t… how can wegener at et r ansact i on i dandaddres s? Tr ansact i oni di sge ner at edbyhashi ng( bydef aul t ,weas sumeSHA256i suse d)t het r ans ac t i on.Thuswee xpe ctt hat mi ner sar eresponsi bl ef orbui l di ngast d: : map
whenevert heyr ecei veanew br oadcast ed t r ansact i onmessagef r om t henet wor k.Thi si swhatmi ner sdo: v!id (ew,T,received/stdmaT,id T e(di(,T c!(st T T T,id T,id " +256.hash/T: ;; /1 T sta(ds f!r tra(sacti!(. e(di(,Te(di( T are u(c!(firmed tra(sacti!(s. ?
Tr ansact i on mes sagedoe snotc ont ai ni t sown t r ans act i on i d.Wi t ht heabov er out i ne,al lol dt r ans ac t i ons,noma t t er whe t hert he yar ec onfir me dornot ,canber e t r i e v edf r om t hema pusi ngt hei ri d.Unl i ket r ans ac t i oni d,bi t c oi naddr e s s i sge ner at edf r om t heECDSApubl i ckeyby: &'*+.ublic,-ey " &'*+.rivate,-ey @ &'*+.base,!i(t: ;; Aecall &'*+ address " base58.e(c!de/AB>&C*160.hash/+256.hash/&'*+.ublic,-ey:
Wec ang ene r at eaddr e ssf r om publ i cke y ,butnott heot he rwayr ound.Suppos emi ner sr e ce i v eat r ansact i onme s sage f r om t henet work,t her ei sapr obl em wi t ht heaboverout i nes:t heysi mpl yacceptal lt r ansact i onswi t houtchecki ng whe t hert hes ende rhast her i ghtt os pendt hebi t c oi nshec l ai msheowns .At r ansact i onme ansgr ant i ng pr i vat ekey o ft headdr e s ss pe c i fie di nt hede s t i na t i o n( i . e .o ut putfie l di nt r a ns a c t i o nme s s a ge )t her i g htt ospe ndac e r t a i n hol der a mo unto fbi t c o i ns ,t he r e f o r emi ne r sc a nv e r i f ybi t c o i ns ’o wne r s hi pt hr o ug ht wos t e ps:( 1)v e r i f yt hes o ur c eofbi t c o i ns ( i . e .i nputfie l di nt r a ns ac t i o n me s s ag e )a nd( 2)v e r i f yi ft hes e nde rha st her e q ui r e dsi g na t ur e . b!!l verify,!w(ershi/c!(st stdmaT,id T e(di(,T c!(st T T ;; ste 1 verify whether the s!urce is valid address " base58.e(c!de/AB>&C*160.hash/+256.hash/T.ublic,-ey: T s!urce,T " e(di(,T
Furt hermore,i fuser swantt ocachet hebi t coi nst heyrec ei vef r om net work,i tcan bedonebycompari ngdest i nat i on addressi nt r ansact i on messagewi t ht hei rown.Ther ef or e user s can deri vet hei rbal ance f r om t he ent i r e bi t coi n hi s t o r y . v!id wallet(ew,T,received/c!(st T T wallet.address " base58.e(c!de/AB>&C*160.hash/+256.hash/wallet.ublic,-ey: if /T.!utut.desti(ati!(,address "" wallet.address T,id T,id " +256.hash/T: 7
wallet.i(c!mi(,T
;; fill this lease ;; fill this lease ;; fill this lease
I ngener al ,onet r ansact i onsupport smul t i pl ei nput sandmul t i pl eout put s,whi chmeans,wecangroupal lbi t coi nswe r e c e i v e df r o m di ffe r e n ts o ur c e s ,s pe ndt hes um bydi s t r i but i ngt odi ffe r e n td e s t i na t i o ns ,s ot ha tt hea mo unto fbi t c o i ns i nt hei nputandouputconserve s,i not herwords,i tal l owsmer gi ngandspl i t t i ngofval ue.Oneoft heout put scan be y ourownaddr es sf orc ol l ec t i ngc hange s.Pl e as enot et hat ,y ounee dt hespec i f yt he out i nt hes o ur c e .Fo r putchannel ex ampl e,suppos emyo wnaddr es si sF452EA90: v!id wallet(ew,T,tra(sferred/T T T.i(ut<0=.s!urce,T,id " /*56+83)16: T.i(ut<1=.s!urce,T,id " /*56+83)22: T.i(ut<2=.s!urce,T,id " /*56+83)33: T.!utut<0=.desti(ati!(,address " %452&+90: T.!utut<1=.desti(ati!(,address " %452&+91: T.!utut<2=.desti(ati!(,address " %452&+92: T.!utut<0=.am!u(t " 5: T.!utut<1=.am!u(t " 40: T.!utut<2=.am!u(t " 15: wallet.bala(ce "60: ?
Al lt r ans ac t i onsf or m a di ,wher evert exvn∈Vdenot esan account( wi t h uni queaddre ss, V, E} rect ed cycl i cgraphG={ pr i v a t e publ i cke ypa i r )a nddi r e c t e de dg een,m∈E denot esat r ansact i on f r om ver t exvn t ov er t e xvm.He r ei st hedi r e c t e d a c y cl i cg r a phf o rt hea bo v emul t i i nput smul t i o ut put se x ampl e ,pl e a s eno t et ha tt i mep r o pa g at e sa l o ngdi r e c t e de dg e s . F account-A
account that can make signature for addr F452EA91 account that can make signature for addr F452EA92
Pl easenot et hef ol l owi ng.( 1)Transact i onsD56A83B1,…B2and…B3al lhavemul t i pl eout put s,t hough t heyar enot pl o t t e di nt hea bo v eg r a ph,wec ani ma gi net ha ti ti sav e r yc o mpl i c a t e dg r a ph.( 2)T r a ns a c t i o ni di sno ti nc l ude di nt he t r ansact i onmessage,i ti sgener at edt hr oughhashi ngbymi ner sanduser s.( 3)Addr essofsenderi snoti ncl udedi nt he t r a ns c at i o nme s s a ge ,i ti sr e d unda nt ,a si tc a n bet r a c e do utl i k es t e p1i nr o ut i ne verify,!w(ershi ,l e t sr ecal l: address et,se(der,address/c!(st T T retur( e(di(,T
When ane w bi t coi ni sg ener at e dasar e war df orami ne r ,i ti sal sor e pr e s ent e dasat r ans act i on,whi c hhasnoi nput s o ur c e .Thene w bi t c o i ni sc al l e da coi . nbase v!id (ew,bitc!i(,f!r,rewardi(,mi(er/T T T.i(ut<0=.s!urce,T,id " 'GBH)+& : T.!utut<0=.desti(ati!(,address " mi(erIs address: T.!utut<0=.am!u(t " rewardi(,am!u(t: ?
8
Le t ss umma r i s ewha tweha v eg o ta tt hi smo me nt .Att hec o r eo fbi t c o i ni sadi s t r i but e dl e dg e ro fa l lt r a ns a c t i o ns ,f r o m whi c ht hec ur r e ntbal anceofeac hac countcanbede r i v e d.A t r ansact i oni ssi mpl yames saget hati ns t r uct sl edge rt o debi tse nderaddr essand cr edi tr ecei veraddr ess,t he t r ansact i on mustbesi gned wi t h sender ’ spri vat e key.Wi t h r out i ne verify,!w(ershi ,noonecan spend bi t coi nst hatar enotowned by t hemsel ves ,onl ypr i vat ekeyhol derof “ de s t i nat i o na ddr e s ss pe c i fie di ns o ur c e ’ st r a ns ac t i o n”ha st her i g htt ospe nd.Ho we v e r ,i ti ss t i l lpo ss i bl ef o rt heus e r t obr o adc a s tf a l s et r a ns a ct i o nsby doubl . e .aus e rr e a l l yo wnsso mebi t c o i ns ,buth es pe ndsi tt wi c e ,i n es pendi ng,i ot herwor ds,hecr eat esmoney .Thusbi t coi nshoul dhavesomemechani smst opr eve ntdoubl espendi ng,ot her wi sei t wi l lr es ul ti nhyper i nflat i on,andde s t r o yt hec ur r e ncye v ent ual l y .
Bl ockchai n Let sfir st l yi nt r oducebl ockandbl ockchai n,t henwewi l lseehow doubl espendi ngcan beexec ut edandhow i tcanbe pr e v e nt e db ybl o c kc ha i n.A bl o c ki sac o l l e c t i o no ft r a ns a c t i o ns ,t he r ei snor e t r i c t i o nsont henumbe ro ft r a ns a c t i o ns perbl ock( pl e as ec he c kbi t c oi n’ ss pe c i fic at i o n) .Whenami nerkeepsr ecei vi ngbr oadcastt r ansact i on messages ,hecan st artbui l di ngbl ocksi nparal l el .You cani magi net hatami nerr unni ngapr ocesswi t hmul t i t hr eads,onet hr eadkeeps r ecei vi ngt r ansact i onsandappendst hem i nt oamapofpendi ngt ransact i ons,whi l eanot hert hr eadbui l dsbl ockf r om t hemap,t hemapi st hust hecommon r esourc eshare dbet weent heset wot hr eads( si ngl eproducersi ngl econsumer mo de l ) .La t e rwewi l ls e et ha tt hi si si nf ac tapr o c e s swi t ha tl e as tt hr e et hr e a ds .Be f o r ei nt r o duc i ngt hebl o c kc o nt e nt , l et sseewhati saMer kl et r ee,whi chi sal soknownasahasht r ee. Cer-le r!!t J"hash/J0EJ1
where !"a#e"$ hash%&!hash'function
J0"hash/J00EJ01
J1"hash/J10EJ11
J00"hash/data0
J01"hash/data1
J10"hash/data2
J11"hash/data3
data0
data1
data2
data3
AMe r kl et r eei sat r eei nwhi c he v er ynonl e afnodei sl abe l l edwi t ht hehas hv al ueoft heconcat enat edl abel sofal li t s chi l dr ennodes,whi l eeveryl eafnodei sl abel l edwi t ht hehashval ueofadat a.SHA256i susedasthehashf unct i oni n bi t c oi n.Abl oc ki sconsi s t e dofabl oc kheade randabl oc kbody: bl!c- header bl!c- b!dy
" "
Cer-le r!!t E hash value !f revi!us bl!c- /are(t bl!c- E (!(ce Cer-le tree
Al lbl oc ksc onc at e nat et of or m al i nkedl i s t( orat r e et obepr e ci se ,butar at he rl i ne arone ) ,knownast hebl oc kc hai n. Eachbl ockpoi nt st oi t spr evi ousbl ock( orparentbl ock)wi t ht hehash val ueofpr evi ousbl ock.Thusi fami nerwant s t osear chan ol dbl ockeffici ent l y ,i tshoul dbui l dast d: : map.Noncei sj ustar andom number .A bl oc ki scons i der edt obev al i di fhas hv al ueoft hebl oc kheade ri swi t hi nac er t ai nt hr e shol d,i . e .hash( bl oc k. he ader )< t hr e s ho l d,o re q ui v a l e nt l y ,t heha s hv a l uei nbi na r yorhe x i ma lf o r ma t ,s t a r t swi t hac e r t a i nnumbe ro fz e r o s ,s uc ha s: 000000000000002e9067f1cf7252333f7aeb619c89d220985a70ac0e015248e0
Tocons t r uctav al i dbl oc kgi v enama pofpe ndi ngt r ans ac t i ons,mi ne r sshoul dbui l dt heMer kl et r eeands ear c hf ora nonceval ue,t hatmakesaval i dhash val ue.Thi spr ocessi sdonebybrut ef orce,i tt akest i me,andt husi ti sknownas oofofwor k) mi ni ng( o rpr .Di fficul t yofmi ni ngdependson t hethreshol d,whi chi sadj ust edbybi t coi n pr ot ocolf r om t i met ot i mesot hati tkeepsanearl yconst antgrowt hr at eofbl ockchai nr oughl yat1new bl ockper10mi nut es.When ami nercompl et esabl ock,heshoul dt hen( 1)br oadcastt hebl ockt ot henet wor kand( 2)r emovesal lt r ansact i onst hat const i t ut et hebl ockf r om t hemapofpendi ngt r ansact i onst hathemai nt ai ns( ofcour se,hecantmodi f yot hermi ner s’ mapofpendi ngt r ansact i ons) .Al lmi ner sshoul dcompet et ofindt henextval i dbl ock,t hewi nneri sr ewardedwi t h( 1) ne w bi t c o i nsc al l e dcoi and( 2)t r a ns ac t i o nf e ef o ral lt r a ns ac t i o nsi nt hec ompl e t e dv al i dbl o c k. nbases Whenami nerr e ce i v esabr oadcas tmess ag eoft hene xtbl oc kwhi l ehei swor ki ngont hatbl oc k( i . e.s ome onei sf as t er t han hi mi nfindi ngthenonceval ueandearnst hecoi nbases) ,heshoul dfir st l yveri f yi ft herecei vedbl ocki sval i dby checki ngal lhash val uesi nbl ockheaderandbl ockbody( t hi si sf astasthemostt i meconsumi ngcal cul at i on i sbrut e f o r c es e ar c hf o rno nc ev a l ue ,whi c hi sno wf o und) ,i fi ti sv al i d,hec an i ns e r tt her e c e i v e dbl o c ki nt ohi sbl o c kc ha i n, wi t hi nse r si onl oc at i onspe ci fiedbyt hebl oc ki nt hefie l d“ has hv al ueofpr e v i ousbl oc k” .The r e f or e,i nse r si ondoe snot neces sari l yhappen att heendofbl ockchai n,i nst ead i tmayhappen i nt hemi ddl e,whi ch r esul t si n branches.Thus t het e r m bl o c kc hai ni sal i t t l ebi tc o nf us i ng ,be c aus ei ti si nf a ctat r e e .Af t e rt hat ,heca ne i t he r:( 1)ke e psonwo r ki ng hi sbl o c kunt i li ti sfini s he d,a ndbr o adc a s t si t ,i nt hi sc as e ,hei si nt r o duc i ngbr a nc he si nt hebl o c kc ha i n( a st he r ea r e mul t i pl ebr oadcast edbl ocksshari ngt hesameparentbl ock)or( 2)abandonest hewor ki ngbl ock,st art sworki ngaf t er 9
t her e c e i v e dbl o c k( i . e .wo r k so n ane w bl o c kus i ngt her e c e i v e dbl o c ka st hepa r e ntbl o c k) ,butbe f o r et ha t ,hes ho ul d updat ehi smapofpendi ngt r ansact i onsbyremovi ngal lt r ansact i onsi ncl udedi nt her ecei vedbl ock.Mi nerc anchoose be t wee nt hes et woopt i onsbas edonhi sl ogi c s( ore v eni nar andom f ashi on) ,i mpl e me nt at i oni sr e al l yupt ot hemi ner , asl ongashecanmaxi mi sehi sprofit . Ther ear es t i l lal otofunanswer edques t i ons .( 1)Domi ne r sma i nt ai nt hes amema pofpe ndi ngt r ansact i ons ?( 2)Do mi ner smai nt ai nt hesamebl ockchai n?I st her eanyoffici alver si onbl ockchai n( orgr oundt rut h) ?( 3)Asbl ockchai ni sa t r e e ,t he r ea r emul t i pl el e a f no de so rl e a f bl o c ks ,s owhe nmi ne r sb ui l dane w bl o c k,t owhi c hpr e v i o usbl o c ks ho ul di t poi ntt o?( 4)I st her eanyl i mi tont henumberofpendi ngt r ansact i ons?Canami nerbui l dabl ockwi t hnot r ansact i on? ( 5)Ar emi ner sl ooki ngf ort hesamenonce?( 6)Ast her ear emul t i pl ebr anches,how doweknow t herealt r ansact i on hi st ory?Let sfindaddr esst hem onebyone. Fi rs tofal l ,bi t coi nnet worki sl ossy.Somebr oadcastt r ansact i on messagesandsomebr oadcastcompl et edbl ocksmay bedr opped,somemi ner sma ymi s sc e r t ai nt r ansact i onme s sage sorc er t ai nc ompl e t edbl oc ks .Bi t c oi npr ot ocolshoul d t ol er at et hel ossandr ecov ert het rut h ofwhol et r ansact i on hi st oryasbl ockchai ngr ows.Thuseachmi nermayowna di ffe r e n tma po fpe ndi ngt r a ns a c t i o nsanda l s oadi ffe r e ntv e r s i o no fbl o c kc ha i n.Ast he r ee x i s t snoc e nt r a l i z e ds er v e r , nooneknowst hesocal l ed“gr oundt rut h”ofbl ockchai n.Asshowni nt hef ol l owi ngexampl e,LHSandRHSares l i ght l y di ffer entver si onsofbl ockchai nmai nt ai nedbyt womi ner s,eachsquaredenot esaval i dcompl et edbl ockr ecei vedf r om t henet wor k.Al t hough t her eexi st snooffici al l yr ecor dedt r ansact i on hi st ory ,mi ner sdocomet oconsensusaboutt he r ealhi st ori calpat h( known ast he trunk,asi ndi c at e dbybl ac ks o l i dl i ne ) .I ti sno t100% a cc ur a t e ,buti t sl i ke l i ho od i ncr easesasbot hbl ockchai nsgrow.Besi des,wearemorec onfidentaboutt hef r ontendoft het runk,whi l euncert ai n aboutt hebackendoft het r unk. t het r unk
mi ner1
mi ner2
Secondl y,gi venabl ockchai nt r ee,ami nercanbui l danew bl ockusi nganyexi st i ngbl ockast heparentbl ock.I ft he mi ne rc h oo s et opo i ntt oal e a f bl o c k,t he nhei se x t e n di ngt h et r unko rt hebr a nc ht ha tt hel e a f bl o c kl i e s ,i ft hemi ne r c ho os et opo i ntt ono nl e a f no de ,hei si nt r o duc i ngne w br a nc he si nt hebl o c kc ha i n.Be s i de s ,t he r ei snor e t r i c t i o no n t het r ansact i onst hatami nerput si nanew bl ock,hecan ei t herputmanyt r ansact i onsi nt ot hebl ock,hopi ngt oearn mo r et r a ns a ct i o nf e e ,o rs t a r t sbl o c kbui l di ngwi t ho utwa i t i ngf o rmo r ep e ndi ngt r a ns a ct i o ns ,ho pi ngt oc o mpl e t ebr ut e f o r c es e a r c ha sso o na shec a n,t hi si supt ohi ss t r a t e g y .St a t i s t i c ss ho wt ha tt hea v e r a g enumbe ro ft r a ns a c t i o nspe r bl oc ki sar ound200300.Bes i des ,e ac hmi ne rmus ti ncl udeat r ans ac t i ont hatt r ans f e rc oi nbasei nt ohi sownaddr e s s i nt heMe r k l et r e e ,t hi ss e r v e sa sar e wa r df o rt hemi ne r ,whi c hf o r mst hes o ur c eo fne w bi t c o i ns . Thi r dl y ,eac h mi nerar el ooki ngf oradi ffer e ntnoncev al ue ,t hi si sbec aus eof3r e as ons.Eac h mi nerbui l dst hene w bl oc kwi t h( 1)adi ffer entsubse tofpendi ngt r ansact i ons ,( 2)adi ffe r e ntpar e ntbl oc kand( 3)acoi nbas et r ansac t i ont o adi ffer entaddr ess.Duet oaval ancheeffectofhashi ng,anymi norchangei nt het r ansact i onswi l lr esul ti n adr ast i c changei nMer kl et r eeandhenceacompl et edi ffer entnonceval ue.Henceal lmi ner saresear chi ngf oradi ffer entval i d nonceval ue.Wi nni ngi st huscompl et el yrandom ( pr obabl yuni f orml ydi st ri but ed) ,chanceofwi nni ngthenextbl ocki s proport i onalt oami ner ’ scomput at i onalpower .Forexampl e,ami nerhavi ng10% ofcomput at i on poweroft hewhol e bi t c oi nne t wor kwi l lhav e10% c hanceofwi nni ngt hene xtbl oc k.The r e f or et hec hanc eofwi nni ngconse cut i v e l ybyt he samemi neri sl ow,eveni fhei st hemostpowerf ulone.Thi s f r om mani pul at i ngt hebl ockchai n. pr event shacker s Fi nal l y ,wecan seehow t hewhol et hi ngwor ks.Ther ei snocent r al i zedbl ockchai n.Mi ner sdonotcommuni cat e.Each mi nerkeepshi sown ver si on ofbl ockchai n,al t hough t heyar edi ffer ent ,t heyar eoverl appi ng.Thel ongestover l appi ng pa t hi skno wna st het r unk.Thef r o nte ndo ft het r unki sr e l a t i v e l ys t a bl e ,whi l et heba c ke ndo ft het r unki ss t i l lf uz z y asbl ockchai nsi n al lmi ner sgrow.Wewi l lseet hatwhen abl ockl i esmoret han si xbl ocksdeepi nsi det het runk,i t c a n bec o ns i de r e dt obes t a bl e ,a l lt r a ns a ct i o nsi nt ha tb l o c k( o rp r i o rt ot h atbl o c k)c a n bec o ns i de r e dt obec o nfir me d, t husr ecei ver sofconfirmedt r ansact i onscan t hen spendt hei rbi t coi ns ( q ue s t i o n :bl o c ki sg e ne r a t e da tt her a t eo f1 per10 mi nt ues,r ecei ver sofbi t coi nsneedt owai tf oran hoursothatt hei rt r ansact i onscansi nkt o6bl ocksdeepi n t het runk bef oret heycan spend t hei rbi t coi ns,i st hatri ght ?).Pl ease not et hatt het runk cont ai nsno l eaf bl ock, exce ptneart hebackend. Be s i de s ,g i v e na ne nt i r eb l o c kc ha i n wi t h mul t i pl el e a f bl o c ks ,whe nwet r a ns v e r s et het r e es t a r t i ngf r o mr o o tb l o c kt o e a c hl e a f bl o c kv i aadi ffe r e ntpa t h,wene e dt oupda t et hepe ndi ngt r a ns a c t i o nsi nde pe nde nt l y( f o rd i ffe r e ntpa t hs ) .I n 10
ot herwords,each l eaf bl ock shoul d own an i ndi vi dualmap ofpendi ngt r ansact i ons( whi l enonl eaf bl ocksdonot ) . Howeve r ,asbl ockchai ngr ows,numberofl eaf bl ocksi ncr eases,mi ner sneedt omanagei ncr easi ngnumberofpendi ng t r ansact i on map,whi chi si nf easi bl e.Ther ef or emi ner sshoul dst opmanagi ngpendi ngt r ansact i on mapf orconfirmed po r t i o no ft hebl o c kc ha i n. Whatpe ndi ngt r ansact i onsshoul dami nerpi c ki nhi sne w bl oc k?How s houl dhec hoos et hepar e ntbl oc k?Heshoul d c ho os ei n awa ysot h athi sc o mpl e t e dbl o c k ha sahi g he rp r o ba bi l i t yt of a l li nt ot het r unk( i nc a sei fhei st hel uc ky onewhowi nst henextbl ock,now youknow,wi nni ngabl ocki spur el yar andom ev ent ) ,sot hathecanear nbot ht he coi nbasesandt ransact i onf ee.Abl ockcanbecomeabl ocki nt het runki fi ti sf ol l owedbymanyl at t erbl ocks,t hemore f o l l o we r si tha s,t hehi g he rpr o ba bi l i t yi ti si nt het r unk.The r e f o r et hi si sav o t i ng ,av o t i ngbyco mput a t i o na lp owe r .I f ot hermi ner str ustyourbr oadcast ed bl ock,t hey wi l lvot eby i nvest i ng t hei rcomput at i onalpoweri n bui l di ng new bl oc ksbe hi ndy our s( i . e.us i ngy ourbl oc kaspar entbl oc k) .The r e f or e,whatami ne rc hooset oi ncl udei nhi sne w bl oc k aret hoset hatmakeot hermi ner svot ehi m :t obeahonestmi ner ,pi ckt rue( ver i fied)t ransact i onsi nt ohi snew bl ock, anduset hemostt rust abl el eaf bl ockastheparentbl ock.Thi si show bi t coi npr ot ocolencour agemi ner st owor kt he t r unkho ne s t l yi naco l l e c t i v ewa y . Themi nershoul dbei mpl e me nt e dwi t hatl e as t3t hr eads: t hr ead1–r ecei vebr oadcastmessageoft r ansact i on,updat ependi ngt r ansact i onmapf orl eaf bl ocks, • t hr e a d2–r e c e i v eb r o adc a s tme s s ag eo fbl o c ks ,v e r i f ya ndi ns e r tt he mi nt obl o c kc ha i n,a nd • t hr e a d3–wi t hs o mel o g i c s ,pi c kal e a f bl o c ka ndbui l dane w bl o c ka f t e ri t . • How canbl ockchai navoi dmi ssi ngt r ansact i ons?SupposeTx10 → Tx18arependi ngt r ansact i ons,somearemi ssi ngi n somebl ocks,di ffer entmi ner st ryt obr oadcastnew bl ockswi t hpendi ngt r ansact i ons.Thi si show bl ockchai nr ecover s t hemi ssi ngpart .Wedenot et het runki nr ed,andparentbl ocksbybr acket s. bl-,+ T1014
bl-,)/+ T1113
bl-,*/) T1215
bl-,%/& T1718
bl-,'/+ T15
bl-,&/' T1613
bl-,K/& T17 bl-,/& T1112
I fy o ua r eami ne rbui l di ngane wb l o c k,whi c h bl oc k woul dy ou l i ket of ol l ow :bl oc k IorJ? B l o c k J o f c o u r s e , t h i s i s h o w t h e mi s s i ngpa r t bl-,B/K i s r ec ov er ed! Be si des , t he or der of T18 t r ansact i ons i st he deci si on of t he t runk, bl-,L/ r at hert heact ualt i mewhen userbroadcast s T1718 t het r a ns a c t i o n.
How t opreventdoubl es pendi ng? Can ami ners t ealcoi nbasesbycopyi nganexi st i ngbl ocki nbl ockchai n,andmodi f yi ngonl yt hecoi nbaset ransact i on out puti nordert ot r ansf eral lcoi nbasest ohi sownaddr ess,t henbr oadcast i ngthebl ockasi fanewl yf oundbl ockby r eusi ngt henoncef ound byot her s?Theansweri sno,becauseonceanycont entoft hebl ockchanges ,heneedst o r eworknonceval ueby brut ef orceagai n.Now weknow t hat( 1)abi t coi n mi nercannotst ealan exi st i ngbl ock,( 2)a bi t c oi n us erc annots t ealat r ansact i on.Ther e ma i ni ngpr obl em t hatbi t c oi n nee dst oaddr e ssi sdoubl i ngs pendi ng, whi c hme ansbi t c oi nowne rbr oadcas t st wot r ansact i onmes sages ,shar i ngt hesamei nputs our c eofbi t coi n.The r ear e t hr e epo s si bl ec as e s . Case1,ami ner( carel essl yordel i ber at el y)put st heset wot r ansact i onsi nt ot hesamebl ockandbr oadcast st hebl ock, t hi sbl o c kwi l lno tpa s st hev e r i fic a t i o nb yo t he rmi ne r s ,he nc et he ydono tv o t et hi si nv a l i dbl o c kb yf o l l o wi ngano t he r br anc h.Case2,t wo mi ner s,e ac h oft he m s e eei t he ronet r ansact i on onl y ,br oadcas tt he i rne wv al i d bl oc ks( e ac h cont ai nsoneoft hedupl i cat edt r ansact i ons)t ot henet work.Now supposet het wobl ockssharet hesamepar entbl ock, t huscr eat i ngbr anchesi nt hebl ockchai n,ot hermi ner swi l lvot eei t heronebr anchbyf ol l owi ngt hei rf avour abl eone. Thet r unk wi l le v ent ual l yt r ansv er s et hr ough e i t he roneoft hem onl yast hebl oc kc hai n gr ows .Asar esul t ,doubl e s pe ndi ngi sav o i de d,mi ne r swi l lpi c ko neoft he mt hr o ug hc o l l e c t i v ede c i s i o n,whi l et h eo t he rt r a ns a c t i o ni sc ons i de r e d t obeunconfirmed.SupposeTx13andTx14aredoubl es pendi ng: bl-,+ T1012
bl-,)/+ T1113
bl-,*/) T15
bl-,%/* T1718
bl-,'/+ T14
bl-,&/' T1613
bl-,K/* T17
bl-,B/K T1618
bl-,/& T1115
bl-,L/ T1718
()1* ! A sends #itcoins to B+ ()14 ! A sends #itcoins to C+
I nc a s e2,i fAd oubl es pe nds ,t hene t wo r kwi l l pi c ke i t he ro neoft he mo nl y ,a v o i di ngdo ubl e s p e ndi ng .Thec ha nc ef o rb i t c o i nsg o i ngt ot h e hands ofB or C i s 5050, as a r es ul t ,A cannotcont r olhow hespends.
I nt heexampl eabove,ahonestmi nerwi l lnotgenerat ebl ockE,asheshoul dhavedet ect eddoubl espendi ng( oncei n bl oc kC andoncei n bl oc kE) ,si mi l ar l y ,nohone s tmi ne rwi l lf ol l ow bl oc kE asi ti si nv al i d.Thusher ecome s cas e3, t heonl ywayaf r audul entusercandoubl espendi st obui l dt hebl ocksC,E,H andJal lbyhi msel f ,heneedst omi ne al lt henonceval uesandbroadcastt hewhol ef akepat h.Howeve r ,wi nni ngabl ocki sar andom eve nt ,t hechanceof
11
wi nni ngsucc e ss i v ebl oc ksbyt hes amehac kerwi t hl i mi t edcomput at i onalpowe ri sv e r yl ow.Byt het i met hehac ke r sol veshi sfir stbl ock,t henet workwoul dpr obabl ycompl et ednextf ew bl ocks,andhecannevercat chup. Thi si sar acebe t we enhones tc hai n( BDGI )andat t ac ke rc hai n( CEHJ) .Thebl oc konwhi c hbr anc hi ngs t ar t si st r eat ed ast heref er encepoi nt( bl ockB orbl ockC) ,andl ett hecurr entprogres soft hehonestmi nerandt heat t ackerbe xand r e s pe c t i v e l y ,t he nt hedi ffe r e nc ei npr o g r e s sm =xcanbemodel l edasaBer y y noul l ir andom wal k. honest chain honest miner /rogress %)& attacker chain attacker /rogress %y&
B 0 C 0
, 1 E 1
2 2
. * *
Thi si sanal ogoust oGambl e r ’ sr ui npr obl em.Le tt hepr obabi l i t yt hathone s tmi nerwi nst hene xtbl oc kbe i st he n p( m i ncr ement edby1) ,whi l et hepr o ba bi l i t yt ha ta t t a c ke rwi nst hene x tb l o c kbe q=1i s t h e n d e c r e me n t e d b y1 ) . T h e p( m hones tmi neri snow m bl o c ksf a st e rt hant heat t a c ke r ,pr o babi l i t yt hatt heat t a c ke rwi l lc at c hupf r o m be hi ndi sg i v e n by e q uat i o n2i n“ Gambl e r sr ui n. do c ”as:
prob(unsafe | m = x − y )
=
( q / p ) x − y 1
if
p > q
and
x > y
if
p ≤ q
and
x ≤ y
Supposenow userB hasr ecei vedTx13,ourobj ect i vei st ofind x sucht hatTx13can beconfir medanduse rB i ssaf e ob( unsaf e|x)i t ospend t hebi t coi ns.Thi si saccompl i shed by sol vi ngf or x such t ha tpr ssmal l ert han a pre defined t hr e s ho l d.Gi v e nnoe x t r ai nf o r ma t i o n,bo t h x andy f o l l o w Po i s s ondi s t r i but i o n.
x ~
Poisson(λ = E [ x])
y ~
Poisson (λ = E [ y ])
Si nc et hee xpe c t e dpr o g r e s si sdi r e c t l ypr o po r t i o na lt ot hes uc c e ss f ulpr o ba bi l i t y ,weha v e:
⇒
E [ y ] / E [ x ]
=
q / p
prob ( y | x )
=
λ
prob (unsafe | x )
=
∑ y∞=0 prob(unsafe | x, y ) prob( y | x)
y
e − λ / y!
whe r e λ = E [ x | x](q / p) = x( q / p ) by l aw of
t ot alpr o babi l i t y =
∑ y∞=0 prob(unsafe | m = x − y ) prob( y | x)
=
∑ y =0 prob (unsafe | m = x − y) prob ( y | x) + ∑ y = x prob (unsafe | m = x − y ) prob ( y | x)
=
∑ y =0 ( q / p)
=
∑ y =0 ( q / p )
x −1
∞
x −1
x − y
∞ (λ y e −λ / y! ) + ∑ y ( λ y e − λ / y! ) = x
x −1
x − y
1 (λ y e −λ / y! ) + 1 − ∑ yx − ( y −λ / y! ) =0 λ e
al ways assume
p>q av oi d
summat i ont oi nfini t y =
x 1 x y y 1 + ∑ y− ((q / p) − − 1)(λ e −λ / y! ) =0
aw oft otalprobabil i t y Le t sr e cal lt hel . prob( x )
=
prob ( x | y )
=
∑ prob( x | A) prob( A) A
∑ prob ( x | y, A) prob ( A | y) A
Her ei sani mpl ement at i oni nC++. d!uble u(safe,r!bability/d!uble u(si(ed sh!rt d!uble M " 1: d!uble lambda " @/M;: d!uble sum " 1: f!r/u(si(ed sh!rt y"0: y: EEy d!uble !iss!( " e/lambda: 12
Concl usi on Wehav eknownf ordec ades,t he r ear es c i e nt i ficpr oof st hati ti si mpos si bl et oc oor di nat et hee xacti nf or ma t i onamo ng mul t i pl edi s t a ntn ode si n a ne t wo r k wi t ho utac e nt r a la ut ho r i t y( t hi si sno tl i mi t e dt ot hec o nt e x to fc ur r e nc y ) .I n 2008,Sat oshiNakamot o,publ i shedapaperwi t hapract i calsol ut i on t othi si mpossi bl epr obl em.Al lnew t r ansact i ons wi l lbeke pti nsi deabl oc k,whi c hi sper i odi c al l ys eal e d,andi nse r edi nt oabl oc kc hai n.Ev er ynodesi nt hene t wor khas i t s own ve r si on ofbl oc kchai n. The t r unk can be f ound when nodes r eac h consensus, Thi si s a vo t i ng wi t h comput at i onalpower .Thi si swhyt hebl ockchai ni st hemosti mport anti nvent i oni nbi t coi n.
Ref er ence Bi t coi n:APeer t oPeerEl ect r oni cCashSyst em,Sat oshiNakamot o,2008. Bi t c o i nMi ni ngEx pl a i ne dLi keY o u’ r eFi v e Bi t c oi nt r a ns ac t i o nf e e sex pl a i ne d