Shulou(Shulou.com)06/03 Report--

Quick introduction to blockchain (7)-- Bitcoin I. introduction to Bitcoin

Bitcoin (BitCoin,BTC) is a digital currency implementation based on blockchain technology. Bitcoin network is the first large-scale and long-time tested digital currency system in history.

The price of Bitcoin has fluctuated several times since it was officially launched in 2009. the market price of each bitcoin is now more than $6000 and was once close to $20000.

The Bitcoin network has the following functional characteristics:

A. decentralization

No individual can sabotage the transaction in the network, and any transaction request needs the consensus of most participants.

B, anonymity

Account addresses in Bitcoin networks are anonymous and cannot be associated with specific individuals from transaction information, but it is also difficult to audit

C, inflation prevention

The issuance of Bitcoin, which needs to be calculated by mining, halves every four years, and the total amount is capped at 21 million, which cannot be overissued.

Second, the implementation principle of bitcoin 1. A brief introduction to the implementation principle of bitcoin

Bitcoin network is a distributed peer-to-peer network, in which miners compete for bookkeeping rights to transaction records by digging mines. Miners with bookkeeping rights are responsible for generating blocks, recording the process of transaction records, and maintaining the normal operation of the network.

Blockchain network provides a publicly visible log book, which is not used to record the balance of each account, but to record the historical information of transactions that have occurred, which can avoid replay *, that is, a legitimate transaction has been re-sent multiple times.

2. The transaction process of Bitcoin

Every time a transaction occurs in the Bitcoin network, the user needs to write the transaction record into the Bitcoin network ledger and wait for the network to confirm that the transaction is completed.

In addition to mining reward coinbase transactions only output, normally each transaction needs to include several inputs and outputs, unused (referenced) transaction output (Unspent Transaction Outputs,UTXO) can be referenced by the new transaction as its legitimate input. The output (Spent Transaction Outputs,STXO) of a used transaction cannot be referenced as legitimate input.

Therefore, a legitimate transaction in a Bitcoin network must refer to the UTXO of some existing transaction (which must belong to the payer to be legally referenced) as input to the new transaction and generate a new UTXO (which will belong to the cashier).

In the course of the transaction, how does the payer prove that the UTXO he quoted is legal? Bitcoin is implemented through a "signature script" and specifies an "output script" to limit future access to the new UTXO to the designated cashier. For each transaction, the payer needs to sign and confirm. And, for each transaction, the total input cannot be less than the total output. The excess of the total input relative to the total output is called the transaction cost (Transaction Fee) and is obtained by the miners who generate the trading block. At present, it is stipulated that the transaction cost of each transaction can not be less than 0.0001BTC. The higher the transaction cost, the more miners are willing to include the transaction, and the sooner they will be put on the network. Transaction costs not only reward miners, but also avoid a large number of Internet users.

The smallest unit of the amount in the transaction is "Cong", or 1/100000000 (10 ^-8) bitcoin.

Transactions that have just been put into the network (depth 0) are not confirmed in real time. The transaction entering the network is likely to be overturned, and it is generally not considered to be confirmed until several new blocks are generated (the depth is greater than 0).

3. Account (address)

Bitcoin uses an asymmetric encryption algorithm in which users keep their private keys, sign and confirm their transactions, and disclose the public key.

The account address of Bitcoin is actually a 160-bit (20-byte) string generated by the user's public key through a series of Hash (HASH160 or SHA256 followed by RIPEMD160) and encoding.

In general, account address strings are often Base58Check-encoded and lead bytes (indicating which scripts are supported) and 4-byte parity bytes are added to improve readability and accuracy.

The account is not directly the content of the public key, but the value after Hash, to avoid cracking the private key after the public key is made public prematurely.

4. Transaction

Transactions are the core concept for completing Bitcoin functions, and a transaction may include the following information:

A, payer address: legal address, the public key through SHA256 and RIPEMD160 twice Hash to get 160bit Hash string.

B, the drawee's signature confirmation of the transaction: to ensure that the content of the transaction is not tampered with.

C, the source of the payer's funds transaction ID: from which transaction output as the input of this transaction.

D, the amount of the transaction: how much, and the difference between the input and the transaction is the service charge for the transaction.

E, payee address: legal address.

F, timestamp: when the transaction will take effect.

After receiving the transaction information, the nodes in the network will check as follows:

A. whether the transaction has been processed.

B, whether the transaction is legal. It includes whether the address is legal, whether the initiating trader is the legal owner of the input address, and whether it is a UTXO.

C. whether the sum of the inputs of the transaction is greater than the sum of the outputs.

If all checks are passed, the transaction is marked as a legitimate unconfirmed transaction and broadcast within the network.

Users can view real-time transaction information from the blockchain.info website. A sample transaction is as follows:

5. Transaction script

Script is the core mechanism to ensure the completion of the transaction (mainly used to verify the legality of the transaction), which is triggered when the attached transaction occurs. Through the script mechanism rather than writing the transaction process, the bitcoin network has achieved a certain degree of scalability. Bitcoin scripting language is not a complete Turing language.

Typically, each transaction includes two scripts: the unlock script responsible for input (scriptSig) and the lock script responsible for output (scriptPubKey).

The output script is generally set by the payer to lock the transaction and is used to control the object (the cashier) who can use the output of the transaction (for example, to spend the output of the transaction). For example, the restriction must be the owner of a public key to spend the transaction.

The claim script is used to prove that it can meet the locking condition of the transaction output script, that is, the ownership of the output (bitcoin) of a transaction.

Output scripts currently support two types:

P2PKH:Pay-To-Public-Key-Hash, which allows users to send bitcoin to one or more typical Bitcoin addresses (proving possession of the public key). The leading byte is usually 0x00.

P2SH:Pay-To-Script-Hash, the payer creates an output script containing a hash of another script (claim script), which is usually used in scenarios that require multiple signatures. The leading byte is usually 0x05.

Take P2PKH as an example, the format of the output script is:

ScriptPubKey: OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG

OP_DUP is the top element of the replication stack

OP_HASH160 is to calculate the hash value

OP_EQUALVERIFY determines whether the two elements at the top of the stack are equal

OP_CHECKSIG determines whether the signature is legal.

The above directive actually ensures that only the owner of the pubKey can legally reference this output.

If another transaction is to spend this output, when referencing the output, you need to provide a claim script in the format

ScriptSig:

Among them, the Hash value of the transaction (output, input and script of all transactions) is signed with the private key corresponding to pubKey, and the hash value of pubKey needs to be equal to pubKeyHash. When verifying a transaction, the transaction will be processed in the order of scriptSig and then scriptPubKey, that is, the complete instruction is:

OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG

The introduction of scripting mechanism brings flexibility, but also introduces more security risks. The instruction set supported by bitcoin scripts is simple, stack-based, and not Turing complete, with additional restrictions (size restrictions, etc.).

6. Block

One chunk of the Bitcoin blockchain cannot exceed 1MB and will mainly include the following:

A, block size: 4 bytes

B, block header: 80 bytes

C, number of transactions counter: 1-9 bytes

D, the specific content of all transactions can be lengthened to match the order of Merkle tree leaf nodes.

Among them, the block information includes:

A, version number: 4 bytes

B. Hash value of the previous block header: link to the last legal block and perform two SHA256 operations on its block header, 32 bytes

C. Hash value of the Merkle tree root of all transactions contained in this block: two SHA256 operations, 32 bytes

D, timestamp: 4 bytes

E, difficulty index: 4 bytes

F, Nonce:4 bytes, the answer to POW question.

It can be seen that in order to check the integrity of the block chain, we only need to check the head information of each block, and there is no need to obtain the specific transaction content, which is the basic principle of simple transaction Verification (Simple Payment Verification,SPV). In addition, through the link of the header, it not only provides the timing relationship, but also increases the difficulty of tampering with the data in the block.

An example block is as follows:

7. How to avoid doing evil

Based on the principle of economic game. In an open network, law ensures that everyone is cooperative through technical means. However, we can benefit the partners through the economic game and make the non-partners suffer losses and risks.

All the attempted participants (miners) in the Bitcoin network first have to pay the price of mining and expend their computing power, and the more they want to get the decision on the new block, the more powerful the mortgage will be. If it fails, the math will be confiscated and become a sunk cost. When there are many participants in the network, the computational cost of individuals trying to get the decision power of a new block is huge, and the cost of doing evil has outweighed the possible benefits.

8. Negative feedback regulation

The design of Bitcoin network well embodies the basic principle of negative feedback cybernetics.

The more miners in the Bitcoin network, the more stable the system and the higher the value of Bitcoin, but the lower the probability of finding a mine. Conversely, fewer miners in the network will make the system more likely to be killed, and the lower the value of bitcoin, the higher the probability of mining. Therefore, the price of Bitcoin should theoretically be stable at an appropriate value (and network stability will also be stable at the corresponding value), and the price multiplied by the probability of digging into the mine just meets the miners' earnings expectations.

In the long run, hardware costs are falling, but bitcoin rewards in each block are halved every four years, eventually reaching 21 million in 2140, after which miners will rely entirely on transaction fees to encourage miners to maintain the network.

The smallest unit of bitcoin is "Cong", that is, 10 ^ (- 8) Bitcoin, and the total number of "Cong" is 2.1E15. For 64-bit processors, the limitation of high-precision floating-point counting results in a single value that cannot exceed 2 ^ 53 approximately equal to 9E15.

9. Consensus mechanism

The traditional consensus problem is often considered in a relatively closed distributed system, allowing the existence of normal nodes and failure nodes at the same time, how to reach agreement quickly.

For Bitcoin network, it is completely open and may face all kinds of situations. At the same time, the network quality based on Internet can only ensure "best effort", which makes the problem more complicated, and the traditional consistency algorithm is difficult to be practical in this scenario.

Therefore, the Bitcoin network has to impose a series of restrictions on the goal and process of consensus, and put forward a consensus mechanism based on POW.

First of all, the consensus for final confirmation is not realized, but the consensus is gradually enhanced over time based on probability. The existing results may be overturned in theory, but the price paid by the insurgents increases exponentially over time, and the possibility of being overturned decreases exponentially.

In addition, considering the scale of Internet, it takes a relatively long time to reach a consensus. Periodic confirmation (snapshot) is carried out according to the block (a set of transactions) to improve the availability of the network as a whole.

Finally, limit the noise of consensus in the network. Through a large number of Hash calculations and a small number of legal results to limit the number of legal proposals, and further improve the stability of consensus in the network.

Third, mining 1. Basic principles of mining

Mining is the process of obtaining a certain amount of new bitcoin by assisting in the generation of new blocks by nodes involved in maintaining the bitcoin network. When a user posts a transaction to the Bitcoin network, someone needs to confirm the transaction, form a new block and connect it to the block chain. In a distributed system that distrusts each other, the Bitcoin network uses mining to confirm transactions.

Currently, a chunk no more than the size of 1MB is generated every 10 minutes or so (recording validated transactions that occur within 10 minutes), concatenated to the end of the longest chain, and successful submitters of each chunk are rewarded with 12.5 bitcoins from the system (the reward is the first transaction in the chunk, which can only be used after a certain number of chunks), as well as the payment service fees that users attach to the transaction. Miners can generate legal blocks and receive rewards on their own, even if there are no user transactions.

The reward for each block is initially 50 bitcoins, which is automatically halved every 210000 blocks, that is, over a period of four years, and the total number of bitcoins finally stabilizes at 21 million. Therefore, Bitcoin is a deflationary currency.

2. Mining process

The specific process of mining is as follows: the participants synthesize the hash value of the previous block, the newly verified transaction content after the generation of the previous block, plus a random number X that they guessed, and packaged together into a candidate new block. make the hash value of the new block less than a given number (difficulty value) in the bitcoin network.

Every two weeks (that is, through 2016 blocks), the system adjusts the mining difficulty (by adjusting the size of the limit number) according to the mining time of the previous cycle, so as to stabilize the block generation time at about 10 minutes. In order to avoid concussion, the maximum range of each adjustment is four times. The fastest block time in history is less than 10s, and the slowest block time is more than 1 hour.

In order to dig into the mine, the users involved in the processing of the block often need to pay a lot of time and computing power. The computing power is generally measured in terms of the number of Hash calculations per second, denoted as hwise s. At present, the peak computing power of Bitcoin network has reached tens of billions of times per second.

HSBC analysts Anton Tonev and Davy Jose have said that the Bitcoin blockchain (through mining) provides a local and by far the best solution: how to verify trust in decentralized systems. Blockchain essentially solves the problem of traditional reliance on third parties, because the protocol not only meets the needs of centralized institutions to track transactions, but also creates trust between strangers. The technology and security process of blockchain lead to trust between strangers when there is no trusted third party.

3. Evaluation of mining

Before 2010, mining was a very popular and profitable industry. However, with the development of related technology and equipment, the income of individuals digging has dropped very low. In terms of probability, because the current computing power involved in mining is so huge (it has exceeded most of the supercomputing centers), it is no longer possible for ordinary computing power to dig up bitcoin.

From the ordinary CPU (2009), to the later GPU (2010) and FPGA (late 2011), to the later ASIC mining machine (at the beginning of 2013, the single-chip computing power has reached tens of billions of Hash calculations per second), to now many mining machines combine to form ore pools (well-known mining pools include F2Pool, BitFury, BTCC, etc.). Over the years, Bitcoin miner technology has completed the evolution of integrated circuit technology over the past few decades, and there is still a lot of innovation. The computing power of the whole network has exceeded 10 ^ 18 Hash calculations per second.

Basically, the Bitcoin network is at risk of being disrupted when the individual reaches the computing power of 1max 3, and the Bitcoin network is in control of the whole network in terms of probability when the computing power of 1max 2 is reached. But to achieve such a large amount of computing power, it will take a huge economic cost.

IV. Consensus mechanism 1. POW

Workload proof guesses a value (nonce) by calculation, so that the hash value of the content after piecing together the transaction data meets the prescribed upper limit (from hashcash). As the Hash problem requires a large number of calculations under the current computing model, it can ensure that only a few legal proposals can appear in the system for a period of time. If a legal proposal can be put forward, it will also prove that the sponsors have indeed paid a certain amount of work.

The legal proposal will be broadcast on the network, and the received user will verify it and continue to calculate the problem based on the longest chain that the user thinks. Therefore, there may be chain bifurcations (Fork) in the system, but eventually one chain becomes the longest chain.

The Hash problem is irreversible, so there is no effective algorithm to solve it except brute force computing at present. If you get the nonce that meets the requirements, it means that you have paid the corresponding calculation power in terms of probability. Whoever has more power of calculation is more likely to solve the problem first. When mastering more than half of the computing power of the whole network, the trend of the chain in the network can be controlled in terms of probability.

People who participate in the POW computing competition will pay a lot of economic costs (hardware, power, maintenance, etc.). When not finally becoming the first lucky person to calculate the legal nonce value, the cost will be sunk. If someone tries to sabotage maliciously, it will cost a lot of money.

2 、 POS

Proof of interest (Proof of Stake,PoS) was first proposed in 2013 and was first implemented in Peercoin systems, where people with more shares are more likely to get bookkeeping rights (and are more inclined to maintain the normal work of the network).

The typical process is to bet on a legal block to become a new block through margin (tokens, assets, fame and other items with valuable attributes), and the income is the interest on the mortgage capital and the transaction service fee. The more margin to provide proof (for example, through money transfer records), the greater the probability of obtaining bookkeeping rights. The legal bookkeeper can make a profit. POS attempts to solve the problem that a large number of resources are wasted in POW, which has attracted wide attention. Malicious participants will have the risk of margin forfeiture, that is, the loss of economic benefits.

Usually, for POS, you need to master more than the resources of the whole network 1Accord 3 in order to influence the final result.

POS also has some improved algorithms, including the authorized equity certification mechanism (DPOS), in which all shareholders vote for a board of directors so that members of the board of directors have the right to keep accounts on their behalf. DPOS algorithm has been well verified in practice, but it has not been proved in theory.

In August 2017, Aggelos Kiayias and other scholars from the University of Edinburgh and the University of Connecticut proposed the Ouroboros block chain consensus protocol in their paper "Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol", which can achieve the approximate Nash equilibrium of honest behavior, and considered it to be the first provably secure POS protocol.

Lightning Network 1. Introduction to Lightning Network

The most criticized aspect of Bitcoin's trading network is its trading performance: the speed of about seven transactions per second is much lower than that of traditional financial trading systems; at the same time, waiting for a credible confirmation of six blocks will lead to a final confirmation time of about an hour. To improve performance, the Bitcoin community has come up with innovative designs such as the Lightning Network.

The main idea of the Lightning Network is simple-put a large number of transactions outside the bitcoin blockchain and only put the key links on the chain for confirmation. It was first proposed in the paper "The Bitcoin Lightning Network:Scalable Off-Chain Instant Payments" in February 2015. Lightning network mainly introduces the idea of intelligent contract to improve the trading channel under the chain. There are two main core concepts: RSMC (Recoverable Sequence Maturity Contract) and HTLC (Hashed Timelock Contract). RSMC solves the problem of confirmation of transactions under the chain, while HTLC solves the problem of payment channels.

2 、 RSMC

RSMC (Recoverable Sequence Maturity Contract), a revocable sequential maturity contract. First of all, it is assumed that there is a micro-payment channel (capital pool) between the two parties of the transaction. The two parties to the transaction first deposit part of the funds into the micro-payment channel, and in the initial case, the distribution plan of the two parties is equal to the amount of the deposit. Every time a transaction occurs, it is necessary to jointly confirm the result of the allocation of funds after the transaction, and sign to invalidate the old version of the allocation plan. When either party needs to withdraw cash, it can write the result of the transaction signed by both parties into the block chain network and be confirmed. It is only necessary to go through the block chain when withdrawing cash.

Any version of the scheme needs to be authenticated by both signatures in order to be legal. Either party can withdraw cash at any time, and both parties need to provide a fund allocation plan signed by both parties (which means it must be the result of a transaction, confirmed by both parties, but not necessarily the latest result). Within a certain period of time, if the other party provides proof that the scheme has been invalidated (not the latest transaction result), the funds will be forfeited to the questioner; otherwise, it will be allocated according to the result of the proposer. The forfeiture system ensures that no one will deliberately withdraw the result of an old transaction.

In addition, even if both parties confirm a withdrawal, it is first proposed that the funds of the withdrawing party will arrive later than the other, and everyone is encouraged to complete the transaction out of the chain as far as possible. Through RSMC, we can realize that a large number of intermediary transactions take place outside the chain.

3 、 HTLC

The micro-payment channel is realized through Hashed Timelock Contract, which means hash contract with clock, that is, time-limited transfer. Through the smart contract, the two parties agree that the transfer party first freezes a sum of money and provides a hash value. If someone can propose a string within a certain period of time to make the hash value match the known hash value, the money is transferred to the receiver.

4. Realization of Lightning Network

RSMC ensures that direct transactions between two people can be completed under the chain, and HTLC ensures that transfers between any two people can be completed through a payment channel. Lightning network integrates the two mechanisms of RSMC and HTLC, so that the transaction between any two people can be completed under the chain.

In the whole transaction, the intelligent contract plays an important role as an intermediary, while the block chain network ensures that the final transaction result is confirmed.

Side chain 1. Introduction to side chain

The side chain (Sidechain) protocol allows assets to switch between bitcoin blockchains and other blockchains. The side chain, which also comes from the Bitcoin community, was first proposed in December 2013 and launched in April 2014, led by Blockstream (co-founded by Bitcoin core developers Adam Back, Matt Corallo, etc.). The side chain agreement was published in the white paper "Enabling Blockchain Innovations with Pegged Sidechains" in October 2014.

Before the birth of the side chain, the emergence of many counterfeit coins was fragmenting the entire digital money market, coupled with competition from projects such as Etay Fang, some Bitcoin developers hope to expand the underlying protocols of Bitcoin in the form of side chains.

The bitcoin block chain is used as the main chain (Parent chain) and other block chains as the side chain. The two can transfer bitcoin from the main chain to the side chain for circulation through two-way Two-way peg.

The side chain can be an independent block chain with its own account book, consensus mechanism, transaction type, script and contract support, etc. The side chain cannot issue bitcoin, but a certain amount of bitcoin can be introduced and circulated by supporting linking to the bitcoin block chain. When Bitcoin circulates in the side chain, the corresponding Bitcoin on the main chain is locked until the Bitcoin returns from the side chain to the main chain. The side chain mechanism can extend the bitcoin block chain by placing some customized or high-frequency transactions outside the bitcoin main chain. The core principle of a side chain is that it can freeze assets on one chain and then generate them on another chain, which can be achieved in a variety of ways.

2. SPV proof

When verifying a transaction in a bitcoin system, it involves transaction legality check, double expense check, and foot.

Ben check and so on. Since the verification process requires complete UTXO records, it is usually done by miners running fully functional nodes.

In many cases, users only care about transactions related to them, such as when they receive bitcoins claimed to be sent by others. They only want to know whether the transaction is legal and whether it has been in the blockchain for enough time (that is, to get enough confirmation), without having to become a complete node to make a complete verification.

Simple payment Verification (Simplified Payment Verification,SPV) designed by Satoshi Nakamoto can achieve this. SPV can determine at a small cost whether a payment transaction has been verified (existing in the blockchain) and how much arithmetic protection it has got (locating the location of the block containing the transaction in the blockchain). The SPV client only needs to download the Block Header of all blocks and do simple positioning and calculation to give the verification conclusion.

In the side chain protocol, using SPV to prove that a transaction has indeed taken place in the blockchain is called SPV proof (SPV Proof). A SPV proof consists of two parts: a list of block heads that represents proof of workload, and cryptographic proof that a particular output (output) does exist in a block.

3. Two-way hook

The difficulty in the design of the side chain agreement is how to make the assets flow safely between the main chain and the side chain, that is, the chain that receives the assets must ensure that the coins on the chain of sending assets are reliably locked.

The side chain protocol uses a two-way hook mechanism to transfer and return Bitcoin to the side chain. The main chain and side chain need to do SPV verification on the specific transaction of the other party. The complete process is as follows:

A. when the user wants to transfer bitcoin to the side chain, the transaction is first created in the main chain, and the bitcoin to be transferred is sent to a special output and locked on the main chain.

B. wait for a confirmation period so that the above transaction can be confirmed by sufficient workload.

C, the user creates a transaction in the side chain to extract bitcoin, which requires the input of the transaction to indicate the output of the locked main chain and to provide sufficient SPV proof.

D. wait for a period of competition to prevent double expenses.

E, Bitcoin circulates freely on the side chain.

F. when the user wants Bitcoin to return to the main chain, take a similar reverse action. First, a transaction is created in the side chain, and the bitcoin to be returned is sent to a special output. After waiting for a confirmation period, unlock the earliest locked output with sufficient SPV proof of the side chain output in the main chain. After the competition period, bitcoin in the main chain is back in circulation.

7. Hot issues 1. Tradeoffs in design

Bitcoin is designed to support a secure, open and distributed digital currency system, so the idea of trade-off is embodied in many places in the design of Bitcoin protocol.

A, block capacity: larger block capacity can bring higher transaction throughput, but it will increase mining costs, bring the risk of centralization, and increase the cost of storage. Taking into account various considerations, the current block capacity limit is set at 1MB.

B, block interval time: a shorter block interval can shorten the transaction confirmation time, but it may also lead to more bifurcations and reduce network availability.

C, script support: a stronger script instruction set brings more flexibility, but also introduces more security risks.

2. Bifurcation

The Bitcoin protocol will not remain the same. When you need to fix vulnerabilities, expand functions, or adjust the structure, Bitcoin needs to be upgraded with the cooperation of the whole network. Upgrading usually involves changing the data structure of the transaction or the data structure of the chunk.

Because it is impossible for nodes distributed all over the world to upgrade at the same time to follow the new protocol, bitcoin blockchain may Fork during upgrade. For an upgrade, if the upgraded node in the network is called the new node, and the unupgraded node is called the old node, it can be divided into soft bifurcation (Soft Fork) and hard bifurcation (Hard Fork) according to the compatibility of the old and new nodes.

If the old node is still able to verify and accept the transactions and blocks generated by the new node, it is called soft bifurcation. The old node may not understand some of the data generated by the new node, but will not reject it. The network is both backward and forward compatible, so such upgrades can proceed smoothly.

If the old node does not accept the transactions and blocks generated by the new node, it is called hard bifurcation. The network is only backward compatible, not forward compatible. This kind of upgrade often leads to different blocks recognized by the new and old nodes over a period of time, dividing into two chains until the upgrade of the old node is completed.

Although upgrading block chain protocols through hard bifurcations is more difficult than soft bifurcations, there is a limit to what soft bifurcations can do, and some bold changes can only be done through hard bifurcations.

3. Transaction extensibility

Transaction extensibility (Transaction Malleablility) is a design flaw in Bitcoin, which means that when the initiator of the transaction signs the transaction (sign), the transaction ID can still be changed.

The initiator's signature to the transaction (scriptSig) is located in the input (vin) of the transaction and is part of the content of the transaction. The transaction ID (txid) is the hash value of the entire transaction content, so the person causing the transaction (especially the signer) can change the txid by changing the scriptSig, while the transaction remains legal. For example, if the S value in the ECDSA signature process is reversed, the signature is still legal and the transaction can still be propagated.

Malleability can change the transaction ID, but the input and output of the transaction will not be changed, so the person will not steal Bitcoin directly. As a result, malleability has always existed in the Bitcoin network and has not yet been cured.

However, malleability can still cause some problems. For example, broadcasting a transaction changed by ID before the original transaction is confirmed may mislead the parties concerned to judge the status of the transaction, or even initiate a denial of service * *. In the multi-signature scenario, a signer has the ability to change the transaction ID, which brings potential risks to the assets of other signers. At the same time, extensibility problems will also hinder the implementation of bitcoin expansion schemes such as Lightning Network.

4. Dispute over capacity expansion

Bitcoin currently limits the size of the block to less than 1MB. With the increase of users and transaction volume, block capacity restrictions have gradually failed to meet the trading needs of bitcoin, resulting in increasingly congested transactions and rising transaction fees.

The ongoing debate over Bitcoin expansion began in 2015, during which a series of proposals were put on the table, including various chain expansion proposals and expansion of Bitcoin with side chains or lightning networks. Given the complex community environment of Bitcoin, it is difficult to reach a broad consensus on any expansion plan, and it is difficult to reconcile different solutions.

At present, the debate over capacity expansion is mainly focused on two factions: the isolation witness solution promoted by the Bitcoin Core team representing the core developers and the solution launched by the Bitcoin Unlimited team.

Segregated Witness (SegWit for short) means that the signature part of the transaction is separated from the input of the transaction and placed in the field called Witness at the end of the transaction.

The calculation of the transaction ID will no longer include the signature part, which is a solution to the extensibility problem, which enhances the security for the introduction of layer 2 protocols such as lightning network.

At the same time, the isolation witness will theoretically increase the block capacity limit to 4MB.

The Bitcoin Unlimited scheme (BU for short) refers to extending the bitcoin client so that miners are free to configure the capacity of the blocks they want to generate and verify.

According to the scenario, the upper limit of block capacity will naturally converge according to the configuration of many nodes and miners.

5. Supervision and tracking of Bitcoin

The anonymity of Bitcoin makes it difficult to regulate transactions on it. Many illegal elements take advantage of its anonymity to transfer money through bitcoin. For example, the WannaCry network virus extorted bitcoin from victims, which spread and affected more than 150 countries in just three days.

But it is not realistic that complete anonymization can be achieved through bitcoin. Although the trading account itself is an anonymous Hash address, some studies, such as "An analysis of anonymity in the bitcoin system", suggest that by analyzing a large number of publicly available transactions, there is a good chance that the actual transfer route of bitcoin can be traced, and even real users can be traced.

8. Bitcoin related tools 1. Client

The Bitcoin client is used to interact with the Bitcoin network and can participate in the maintenance of the network.

There are three types of clients: full client, lightweight client and online client.

Complete client: store all transaction history with complete function.

Lightweight client: do not save a copy of the transaction, the transaction needs to check with others.

Online client: browse the services provided by the third-party server through the web mode.

Bitcoin client download address: https://bitcoin.org/en/download

Based on the Bitcoin client, the user wallet function can be easily implemented.

2. Wallet

Bitcoin wallets store and protect users' private keys, and provide functions such as querying Bitcoin balances, sending and receiving Bitcoins, etc. According to the different storage methods of private keys, wallets are mainly divided into the following categories:

Offline wallet: stores private keys offline, also known as "cold wallets". The security is the strongest relatively, but the transaction can not be sent directly, so the convenience is poor.

Local wallet: stores the private key with a local device. Transactions can be sent directly to the Bitcoin network, which is easy to use, but local devices are at risk of being attacked.

Online wallet: use the wallet server to store the private key encrypted by the user's password. Easy to use, but wallet servers can also be used.

Multi-signature wallet: a wallet address is managed by multiple parties. For example, in 2of 3 mode, a transaction can be sent by collecting the private keys of two of the three managers.

Download address of Bitcoin Wallet: https://bitcoin.org/en/choose-your-wallet

3. Mining machine

Bitcoin mining machine is a hardware device specially designed for "mining". At present, it mainly includes special mining machine based on GPU and ASIC chip. Mining machines often adopt special designs to speed up the calculation and processing in the process of mining.

The most important attributes of the mining machine are the computing power available (usually expressed in terms of the number of Hash calculations per second) and the power consumption required. When the calculation power is large enough to dig up enough new blocks in the sense of probability to cover the electricity cost, the mining machine can make a profit; when the calculation power generated by the unit of electricity is not enough to cover the electricity cost, the mine machine cannot make a profit and can only be eliminated.

At present, the computing power of the whole network in the Bitcoin network is still growing rapidly, and miners need to consider many problems, such as the change of computing power, the price of bitcoin, the electricity cost caused by power consumption and so on.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.