火星链 火星链
Ctrl+D收藏火星链
首页 > Bitcoin > 正文

tron:比特币白皮书(英文版)

作者:

时间:1900/1/1 0:00:00

比特币白皮书

Bitcoin:APeer-to-PeerElectronicCashSystem

SatoshiNakamoto

satoshin@gmx.com

www.bitcoin.org

Abstract

Bitcoin:APeer-to-PeerElectronicCashSystem

SatoshiNakamoto

satoshin@gmx.com

www.bitcoin.org

1.Introduction

CommerceontheInternethascometorelyalmostexclusivelyonfinancialinstitutionsservingastrustedthirdpartiestoprocesselectronicpayments.Whilethesystemworkswellenoughformosttransactions,itstillsuffersfromtheinherentweaknessesofthetrustbasedmodel.Completelynon-reversibletransactionsarenotreallypossible,sincefinancialinstitutionscannotavoidmediatingdisputes.Thecostofmediationincreasestransactioncosts,limitingtheminimumpracticaltransactionsizeandcuttingoffthepossibilityforsmallcasualtransactions,andthereisabroadercostinthelossofabilitytomakenon-reversiblepaymentsfornonreversibleservices.Withthepossibilityofreversal,theneedfortrustspreads.Merchantsmustbewaryoftheircustomers,hasslingthemformoreinformationthantheywouldotherwiseneed.Acertainpercentageoffraudisacceptedasunavoidable.Thesecostsandpaymentuncertaintiescanbeavoidedinpersonbyusingphysicalcurrency,butnomechanismexiststomakepaymentsoveracommunicationschannelwithoutatrustedparty.

Whatisneededisanelectronicpaymentsystembasedoncryptographicproofinsteadoftrust,allowinganytwowillingpartiestotransactdirectlywitheachotherwithouttheneedforatrustedthirdparty.Transactionsthatarecomputationallyimpracticaltoreversewouldprotectsellersfromfraud,androutineescrowmechanismscouldeasilybeimplementedtoprotectbuyers.Inthispaper,weproposeasolutiontothedouble-spendingproblemusingapeer-to-peerdistributedtimestampservertogeneratecomputationalproofofthechronologicalorderoftransactions.ThesystemissecureaslongashonestnodescollectivelycontrolmoreCPUpowerthananycooperatinggroupofattackernodes.

2.Transactions

Wedefineanelectroniccoinasachainofdigitalsignatures.Eachownertransfersthecointothenextbydigitallysigningahashoftheprevioustransactionandthepublickeyofthenextownerandaddingthesetotheendofthecoin.Apayeecanverifythesignaturestoverifythechainofownership.

Greg Foss:比特币是最好的硬资产之一:金色财经报道,在最近的一段 Youtube 视频中,Validus Power Corp 执行董事 Greg Foss 讨论了银行业失败的可能性,以消除 10 万亿美元的股权。Foss表示支持房地产、黄金和比特币等硬资产。Foss认为,领先的加密资产比特币是最好的硬资产之一。比特币为一篮子法定货币的失败提供了保险。[2023/5/8 14:49:11]

Theproblemofcourseisthepayeecan'tverifythatoneoftheownersdidnotdouble-spendthecoin.Acommonsolutionistointroduceatrustedcentralauthority,ormint,thatcheckseverytransactionfordoublespending.Aftereachtransaction,thecoinmustbereturnedtotheminttoissueanewcoin,andonlycoinsissueddirectlyfromthemintaretrustednottobedouble-spent.Theproblemwiththissolutionisthatthefateoftheentiremoneysystemdependsonthecompanyrunningthemint,witheverytransactionhavingtogothroughthem,justlikeabank.

Weneedawayforthepayeetoknowthatthepreviousownersdidnotsignanyearliertransactions.Forourpurposes,theearliesttransactionistheonethatcounts,sowedon'tcareaboutlaterattemptstodouble-spend.Theonlywaytoconfirmtheabsenceofatransactionistobeawareofalltransactions.Inthemintbasedmodel,themintwasawareofalltransactionsanddecidedwhicharrivedfirst.Toaccomplishthiswithoutatrustedparty,transactionsmustbepubliclyannounced,andweneedasystemforparticipantstoagreeonasinglehistoryoftheorderinwhichtheywerereceived.Thepayeeneedsproofthatatthetimeofeachtransaction,themajorityofnodesagreeditwasthefirstreceived.

3.TimestampServer

Thesolutionweproposebeginswithatimestampserver.Atimestampserverworksbytakingahashofablockofitemstobetimestampedandwidelypublishingthehash,suchasinanewspaperorUsenetpost.Thetimestampprovesthatthedatamusthaveexistedatthetime,obviously,inordertogetintothehash.Eachtimestampincludestheprevioustimestampinitshash,formingachain,witheachadditionaltimestampreinforcingtheonesbeforeit.

4.Proof-of-Work

Toimplementadistributedtimestampserveronapeer-to-peerbasis,wewillneedtouseaproofof-worksystemsimilartoAdamBack'sHashcash,ratherthannewspaperorUsenetposts.Theproof-of-workinvolvesscanningforavaluethatwhenhashed,suchaswithSHA-256,thehashbeginswithanumberofzerobits.Theaverageworkrequiredisexponentialinthenumberofzerobitsrequiredandcanbeverifiedbyexecutingasinglehash.

Forourtimestampnetwork,weimplementtheproof-of-workbyincrementinganonceintheblockuntilavalueisfoundthatgivestheblock'shashtherequiredzerobits.OncetheCPUefforthasbeenexpendedtomakeitsatisfytheproof-of-work,theblockcannotbechangedwithoutredoingthework.Aslaterblocksarechainedafterit,theworktochangetheblockwouldincluderedoingalltheblocksafterit.

比特币资产管理规模下跌9.5%,创下7月以来最大月度回调:11月28日消息,根据CryptoCompare的一份报告,比特币AUM市场在11月份下跌9.5%至487亿美元,这是自7月份以来最大的年度环比回调。另一方面,ETH等基于山寨币的加密基金的资产管理规模增长了5.4%,达到166亿美元。所有数字资产投资产品的总资产管理规模下降了5.5%至700亿美元,这恰逢比特币创下65,000美元以上的历史新高以来持续的熊市。(Cointelegraph)[2021/11/28 12:37:32]

Theproof-of-workalsosolvestheproblemofdeterminingrepresentationinmajoritydecisionmaking.Ifthemajoritywerebasedonone-IP-address-one-vote,itcouldbesubvertedbyanyoneabletoallocatemanyIPs.Proof-of-workisessentiallyone-CPU-one-vote.Themajoritydecisionisrepresentedbythelongestchain,whichhasthegreatestproofof-workeffortinvestedinit.IfamajorityofCPUpoweriscontrolledbyhonestnodes,thehonestchainwillgrowthefastestandoutpaceanycompetingchains.Tomodifyapastblock,anattackerwouldhavetoredotheproof-ofworkoftheblockandallblocksafteritandthencatchupwithandsurpasstheworkofthehonestnodes.Wewillshowlaterthattheprobabilityofaslowerattackercatchingupdiminishesexponentiallyassubsequentblocksareadded.

Tocompensateforincreasinghardwarespeedandvaryinginterestinrunningnodesovertime,theproof-of-workdifficultyisdeterminedbyamovingaveragetargetinganaveragenumberofblocksperhour.Ifthey'regeneratedtoofast,thedifficultyincreases.

5.Network

Thestepstorunthenetworkareasfollows:

1)Newtransactionsarebroadcasttoallnodes.

2)Eachnodecollectsnewtransactionsintoablock.

3)Eachnodeworksonfindingadifficultproof-of-workforitsblock.

4)Whenanodefindsaproof-of-work,itbroadcaststheblocktoallnodes.

5)Nodesaccepttheblockonlyifalltransactionsinitarevalidandnotalreadyspent.

6)Nodesexpresstheiracceptanceoftheblockbyworkingoncreatingthenextblockinthechain,usingthehashoftheacceptedblockastheprevioushash.

Nodesalwaysconsiderthelongestchaintobethecorrectoneandwillkeepworkingonextendingit.Iftwonodesbroadcastdifferentversionsofthenextblocksimultaneously,somenodesmayreceiveoneortheotherfirst.Inthatcase,theyworkonthefirstonetheyreceived,butsavetheotherbranchincaseitbecomeslonger.Thetiewillbebrokenwhenthenextproofof-workisfoundandonebranchbecomeslonger;thenodesthatwereworkingontheotherbranchwillthenswitchtothelongerone.

Newtransactionbroadcastsdonotnecessarilyneedtoreachallnodes.Aslongastheyreachmanynodes,theywillgetintoablockbeforelong.Blockbroadcastsarealsotolerantofdroppedmessages.Ifanodedoesnotreceiveablock,itwillrequestitwhenitreceivesthenextblockandrealizesitmissedone.

Eric Adams赢得纽约市长民主党初选,此前称纽约市将成为“比特币中心”:7月7日消息,纽约市民主党领跑者Eric Adams赢得了纽约市市长的民主党初选。根据周二公布的最新统计结果显示,他以8,426票领先于前市卫生局局长Kathryn Garcia,即略多于1个百分点。如果当选,他将成为该市第二位黑人市长。此前消息,Eric Adams对比特币表示了认可。Adams表示,“我会向你保证,一年后你会看到一个不同的城市,我们将成为生命科学的中心、网络安全的中心、自动驾驶汽车的中心、无人机和比特币的中心。”(Apnews )[2021/7/7 0:32:53]

6.Incentive

Byconvention,thefirsttransactioninablockisaspecialtransactionthatstartsanewcoinownedbythecreatoroftheblock.Thisaddsanincentivefornodestosupportthenetwork,andprovidesawaytoinitiallydistributecoinsintocirculation,sincethereisnocentralauthoritytoissuethem.Thesteadyadditionofaconstantofamountofnewcoinsisanalogoustogoldminersexpendingresourcestoaddgoldtocirculation.Inourcase,itisCPUtimeandelectricitythatisexpended.

Theincentivecanalsobefundedwithtransactionfees.Iftheoutputvalueofatransactionislessthanitsinputvalue,thedifferenceisatransactionfeethatisaddedtotheincentivevalueoftheblockcontainingthetransaction.Onceapredeterminednumberofcoinshaveenteredcirculation,theincentivecantransitionentirelytotransactionfeesandbecompletelyinflationfree.

Theincentivemayhelpencouragenodestostayhonest.IfagreedyattackerisabletoassemblemoreCPUpowerthanallthehonestnodes,hewouldhavetochoosebetweenusingittodefraudpeoplebystealingbackhispayments,orusingittogeneratenewcoins.Heoughttofinditmoreprofitabletoplaybytherules,suchrulesthatfavourhimwithmorenewcoinsthaneveryoneelsecombined,thantounderminethesystemandthevalidityofhisownwealth.

7.ReclaimingDiskSpace

Oncethelatesttransactioninacoinisburiedunderenoughblocks,thespenttransactionsbeforeitcanbediscardedtosavediskspace.Tofacilitatethiswithoutbreakingtheblock'shash,transactionsarehashedinaMerkleTree,withonlytherootincludedintheblock'shash.Oldblockscanthenbecompactedbystubbingoffbranchesofthetree.Theinteriorhashesdonotneedtobestored.

Ablockheaderwithnotransactionswouldbeabout80bytes.Ifwesupposeblocksaregeneratedevery10minutes,80bytes*6*24*365=4.2MBperyear.Withcomputersystemstypicallysellingwith2GBofRAMasof2008,andMoore'sLawpredictingcurrentgrowthof1.2GBperyear,storageshouldnotbeaproblemeveniftheblockheadersmustbekeptinmemory.

8.SimplifiedPaymentVerification

分析师The Moon:比特币喜欢考验人们是不是真正的信徒:加密分析师The Moon发推称,比特币喜欢考验你的信仰。你是一个真正的信徒吗?[2020/8/2]

Itispossibletoverifypaymentswithoutrunningafullnetworknode.Auseronlyneedstokeepacopyoftheblockheadersofthelongestproof-of-workchain,whichhecangetbyqueryingnetworknodesuntilhe'sconvincedhehasthelongestchain,andobtaintheMerklebranchlinkingthetransactiontotheblockit'stimestampedin.Hecan'tcheckthetransactionforhimself,butbylinkingittoaplaceinthechain,hecanseethatanetworknodehasacceptedit,andblocksaddedafteritfurtherconfirmthenetworkhasacceptedit.

Assuch,theverificationisreliableaslongashonestnodescontrolthenetwork,butismorevulnerableifthenetworkisoverpoweredbyanattacker.Whilenetworknodescanverifytransactionsforthemselves,thesimplifiedmethodcanbefooledbyanattacker'sfabricatedtransactionsforaslongastheattackercancontinuetooverpowerthenetwork.Onestrategytoprotectagainstthiswouldbetoacceptalertsfromnetworknodeswhentheydetectaninvalidblock,promptingtheuser'ssoftwaretodownloadthefullblockandalertedtransactionstoconfirmtheinconsistency.Businessesthatreceivefrequentpaymentswillprobablystillwanttoruntheirownnodesformoreindependentsecurityandquickerverification.

9.CombiningandSplittingValue

Althoughitwouldbepossibletohandlecoinsindividually,itwouldbeunwieldytomakeaseparatetransactionforeverycentinatransfer.Toallowvaluetobesplitandcombined,transactionscontainmultipleinputsandoutputs.Normallytherewillbeeitherasingleinputfromalargerprevioustransactionormultipleinputscombiningsmalleramounts,andatmosttwooutputs:oneforthepayment,andonereturningthechange,ifany,backtothesender.

Itshouldbenotedthatfan-out,whereatransactiondependsonseveraltransactions,andthosetransactionsdependonmanymore,isnotaproblemhere.Thereisnevertheneedtoextractacompletestandalonecopyofatransaction'shistory.

10.Privacy

Thetraditionalbankingmodelachievesalevelofprivacybylimitingaccesstoinformationtothepartiesinvolvedandthetrustedthirdparty.Thenecessitytoannouncealltransactionspubliclyprecludesthismethod,butprivacycanstillbemaintainedbybreakingtheflowofinformationinanotherplace:bykeepingpublickeysanonymous.Thepubliccanseethatsomeoneissendinganamounttosomeoneelse,butwithoutinformationlinkingthetransactiontoanyone.Thisissimilartothelevelofinformationreleasedbystockexchanges,wherethetimeandsizeofindividualtrades,the"tape",ismadepublic,butwithouttellingwhothepartieswere.

动态 | 美国议员或提出法案以阻止Libra,加密说客正加紧努力以避免比特币等遭波及:彭博社发文称,Facebook的Libra已成为监管机构和议员们的的攻击目标。彭博看到的一份立法草案显示,夏威夷州民主党参议员Brian Schatz可能会提出一项法案,其目的是使Libra等货币成为非法货币。该法案将修改一项原本旨在阻止美国人铸造本国实物货币的法律。其修正案将规定,创造一种价值基于储备资产的数字货币的行为非法。 其他加密货币的支持者们正在加紧努力,以确保其他货币不会遭受Libra的牵连。加密说客正在试图说服议员们,旨在暂缓或阻止Libra发布的举措不应该适用于比特币和其他老牌数字货币。在接下来的几周,随着议员们从休会中归来并重新关注Libra,游说活动将变得更加紧迫。[2019/8/28]

Asanadditionalfirewall,anewkeypairshouldbeusedforeachtransactiontokeepthemfrombeinglinkedtoacommonowner.Somelinkingisstillunavoidablewithmulti-inputtransactions,whichnecessarilyrevealthattheirinputswereownedbythesameowner.Theriskisthatiftheownerofakeyisrevealed,linkingcouldrevealothertransactionsthatbelongedtothesameowner.

11.Calculations

Weconsiderthescenarioofanattackertryingtogenerateanalternatechainfasterthanthehonestchain.Evenifthisisaccomplished,itdoesnotthrowthesystemopentoarbitrarychanges,suchascreatingvalueoutofthinairortakingmoneythatneverbelongedtotheattacker.Nodesarenotgoingtoacceptaninvalidtransactionaspayment,andhonestnodeswillneveracceptablockcontainingthem.Anattackercanonlytrytochangeoneofhisowntransactionstotakebackmoneyherecentlyspent.

TheracebetweenthehonestchainandanattackerchaincanbecharacterizedasaBinomialRandomWalk.Thesuccesseventisthehonestchainbeingextendedbyoneblock,increasingitsleadby+1,andthefailureeventistheattacker'schainbeingextendedbyoneblock,reducingthegapby-1.

TheprobabilityofanattackercatchingupfromagivendeficitisanalogoustoaGambler'sRuinproblem.Supposeagamblerwithunlimitedcreditstartsatadeficitandplayspotentiallyaninfinitenumberoftrialstotrytoreachbreakeven.Wecancalculatetheprobabilityheeverreachesbreakeven,orthatanattackerevercatchesupwiththehonestchain,asfollows:

Givenourassumptionthatp>q,theprobabilitydropsexponentiallyasthenumberofblockstheattackerhastocatchupwithincreases.Withtheoddsagainsthim,ifhedoesn'tmakealuckylungeforwardearlyon,hischancesbecomevanishinglysmallashefallsfurtherbehind.

Wenowconsiderhowlongtherecipientofanewtransactionneedstowaitbeforebeingsufficientlycertainthesendercan'tchangethetransaction.Weassumethesenderisanattackerwhowantstomaketherecipientbelievehepaidhimforawhile,thenswitchittopaybacktohimselfaftersometimehaspassed.Thereceiverwillbealertedwhenthathappens,butthesenderhopesitwillbetoolate.

Thereceivergeneratesanewkeypairandgivesthepublickeytothesendershortlybeforesigning.Thispreventsthesenderfrompreparingachainofblocksaheadoftimebyworkingonitcontinuouslyuntilheisluckyenoughtogetfarenoughahead,thenexecutingthetransactionatthatmoment.Oncethetransactionissent,thedishonestsenderstartsworkinginsecretonaparallelchaincontaininganalternateversionofhistransaction.

Therecipientwaitsuntilthetransactionhasbeenaddedtoablockandzblockshavebeenlinkedafterit.Hedoesn'tknowtheexactamountofprogresstheattackerhasmade,butassumingthehonestblockstooktheaverageexpectedtimeperblock,theattacker'spotentialprogresswillbeaPoissondistributionwithexpectedvalue:

Togettheprobabilitytheattackercouldstillcatchupnow,wemultiplythePoissondensityforeachamountofprogresshecouldhavemadebytheprobabilityhecouldcatchupfromthatpoint:

Rearrangingtoavoidsummingtheinfinitetailofthedistribution...

ConvertingtoCcode...

#includedoubleAttackerSuccessProbability(doubleq,intz)

{

doublep=1.0-q;

doublelambda=z*(q/p);

doublesum=1.0;

inti,k;

for(k=0;k<=z;k++)

{

doublepoisson=exp(-lambda);

for(i=1;i<=k;i++)

poisson*=lambda/i;

sum-=poisson*(1-pow(q/p,z-k));

}

returnsum;

}

Runningsomeresults,wecanseetheprobabilitydropoffexponentiallywithz.

q=0.1

z=0P=1.0000000

z=1P=0.2045873

z=2P=0.0509779

z=3P=0.0131722

z=4P=0.0034552

z=5P=0.0009137

z=6P=0.0002428

z=7P=0.0000647

z=8P=0.0000173

z=9P=0.0000046

z=10P=0.0000012

q=0.3

z=0P=1.0000000

z=5P=0.1773523

z=10P=0.0416605

z=15P=0.0101008

z=20P=0.0024804

z=25P=0.0006132

z=30P=0.0001522

z=35P=0.0000379

z=40P=0.0000095

z=45P=0.0000024

z=50P=0.0000006

SolvingforPlessthan0.1%...

P<0.001

q=0.10z=5

q=0.15z=8

q=0.20z=11

q=0.25z=15

q=0.30z=24

q=0.35z=41

q=0.40z=89

q=0.45z=340

12.Conclusion

Wehaveproposedasystemforelectronictransactionswithoutrelyingontrust.Westartedwiththeusualframeworkofcoinsmadefromdigitalsignatures,whichprovidesstrongcontrolofownership,butisincompletewithoutawaytopreventdouble-spending.Tosolvethis,weproposedapeer-to-peernetworkusingproof-of-worktorecordapublichistoryoftransactionsthatquicklybecomescomputationallyimpracticalforanattackertochangeifhonestnodescontrolamajorityofCPUpower.Thenetworkisrobustinitsunstructuredsimplicity.Nodesworkallatoncewithlittlecoordination.Theydonotneedtobeidentified,sincemessagesarenotroutedtoanyparticularplaceandonlyneedtobedeliveredonabesteffortbasis.Nodescanleaveandrejointhenetworkatwill,acceptingtheproof-ofworkchainasproofofwhathappenedwhiletheyweregone.TheyvotewiththeirCPUpower,expressingtheiracceptanceofvalidblocksbyworkingonextendingthemandrejectinginvalidblocksbyrefusingtoworkonthem.Anyneededrulesandincentivescanbeenforcedwiththisconsensusmechanism.

References

W.Dai,"b-money,"http://www.weidai.com/bmoney.txt,1998.

H.Massias,X.S.Avila,andJ.-J.Quisquater,"Designofasecuretimestampingservicewithminimal

trustrequirements,"In20thSymposiumonInformationTheoryintheBenelux,May1999.

S.Haber,W.S.Stornetta,"Howtotime-stampadigitaldocument,"InJournalofCryptology,vol3,no

2,pages99-111,1991.

D.Bayer,S.Haber,W.S.Stornetta,"Improvingtheefficiencyandreliabilityofdigitaltime-stamping,"

InSequencesII:MethodsinCommunication,SecurityandComputerScience,pages329-334,1993.

S.Haber,W.S.Stornetta,"Securenamesforbit-strings,"InProceedingsofthe4thACMConference

onComputerandCommunicationsSecurity,pages28-35,April1997.

A.Back,"Hashcash-adenialofservicecounter-measure,"

http://www.hashcash.org/papers/hashcash.pdf,2002.

R.C.Merkle,"Protocolsforpublickeycryptosystems,"InProc.1980SymposiumonSecurityand

Privacy,IEEEComputerSociety,pages122-133,April1980.

W.Feller,"Anintroductiontoprobabilitytheoryanditsapplications,"1957.

沙棘财经是沙棘传媒旗下专注大数据、人工智能、区块链、币圈的深度报道的垂直自媒体。微信公众号:shaji-media

标签:atcCPUtronatc币是什么币CPU币CPU价格tron币是什么币

Bitcoin热门资讯
比特币:一篇文章,看透500多种数字货币哪些是真正有价值的技术创新

对于区块链技术而言,比特币只是一个开始。目前市场上已经发行了500多种数字货币,共占有了27,845.399亿元的市值,其中的40.97%的市值都归比特币所有,可想而知,比特币作为区块链应用中备.

1900/1/1 0:00:00
区块链:【观点】比特币代表一种理想,正如钻石代表爱情

图片来源:视觉中国 一如果我们需要找一个我们熟悉的东西来类比比特币的话,应该是什么?在比特币刚出现并爆炒的时候,我的答案是:郁金香.

1900/1/1 0:00:00
区块链:区块链就是用来发币的吗?智能合约将告诉你答案

随着人工智能技术的兴起,互联网上充斥着各种带“智能”二字的名词:智能手环、智能水杯、智能垃圾桶等等,总之,让一切智能化成为社会关注的终极目标。而2018年至今,这类名词中最火的莫过于智能合约.

1900/1/1 0:00:00
比特币:刚刚,量子科技新突破,比特币将一文不值?

在所有的财富神话里,我听过的最悲惨的故事是,“曾经,有一些珍贵的比特币摆在我的面前,我竟然一脸漠然视而不见”...... 火爆的比特币 多年前,没有人会想到,数字货币会有改变人生的力量.

1900/1/1 0:00:00
人工智能:「干货」健康十条问答,2018年最有前景的十大行业IT科技头条100

无论何时,健康,都是个永恒的话题。关于健康,相信你也有很多亟待解答的困惑。著名科普作者卓克的这篇清单,十个问答,解决生活中常见的十个健康问题,强烈建议分享给家人朋友问答一晚睡晚起对身体有害吗?如.

1900/1/1 0:00:00
比特币:价值 5.3亿美元高额加密货币遭窃 虚拟货币不再安全?

当地时间2018年1月27日,日本虚拟货币交易所的运营巨头Coincheck在东京召开新闻发布会称,价值约580亿日元(约合34亿元人民币.

1900/1/1 0:00:00