Shulou(Shulou.com)06/02 Report--

How Facebook's Libra blockchain works, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

Abstract

The Libra protocol allows a set of replicas-referred to as validators-from different authorities to jointly maintain a database of programmable resources.

In other words, the system needs to be controlled by a group of authorities in a top-down manner. Note, however, that the database is designed to maintain "programmable resources" and not just digital currency.

These resources are owned by different user accounts authenticated by public key cryptography and adhere to custom rules specified by the developers of these resources.

The use of generic words such as "resources" makes me suspect that it is not just a stable currency.

Transactions are based on predefined and, in future versions, user-defined smart contracts in a new programming language called Move. We use Move to define the core mechanisms of the blockchain, such as the currency and validator membership.

Okay, this is interesting. The use of a specialized intelligent contract language will lead to many problems, such as the functional richness of the language and the robustness of the system to adversarial contracts. There are also questions about developer friendliness and how Libra protects smart contract developers from being affected.

These core mechanisms enable the creation of a unique governance mechanism that builds on the stability and reputation of existing institutions in the early days but transitions to a fully open system over time.

This is still a question about developer friendliness and how Libra protects smart contract developers from being affected.

1. Brief introduction

This ecosystem will offer a new global currency-the Libra coin-which will be fully backed with a basket of bank deposits and treasuries from high-quality central banks.

Libra is a general encrypted asset protocol, and the first asset will be a stable currency.

Over time, membership eligibility will shift to become completely open and based only on the member's holdings of Libra.

Sounds a lot like equity proof. Obviously, the plan is to open membership in five years' time, and I hope they will be able to find proof of shares at that time-although I expect them to encounter the same problems as Ethereum.

The association has published reports outlining... The roadmap for the shift toward a permissionless system.

I'm pretty sure this will be the first time that distributed networks have shifted from licensed to non-licensed. Perhaps the entire network can be converted into equity proof, but in order to stabilize the currency / basket, some entities must remain open to the traditional financial system. This will be the focus of long-term centralized control through the Libra Association.

Validators take turns driving the process of accepting transactions. When a validator acts as a leader, it proposes transactions, both those directly submitted to it by clients and those indirectly submitted through other validators, to the other validators. All validators execute the transactions and form an authenticated data structure that contains the new ledger history. The validators vote on the authenticator for this data structure as part of the consensus protocol.

This sounds like Practical Byzantine Fault Tolerance (practical Byzantine fault tolerant algorithm), which is a well-understood algorithm that has been developed for 20 years, although they may have made some adjustments. We learned in section 5 of the white paper that it is called LibraBFT, which is a variant of the HotStuff consensus protocol.

As part of committing a transaction T i at version i, the consensus protocol outputs a signature on the full state of the database at version i-including its entire history-to authenticate responses to queries from clients.

This is noteworthy mainly because it means that new verifiers should be able to join the network and synchronize quickly without having to trace the entire history of the blockchain, provided they trust existing verifiers.

This account model is possible because Facebook is unlikely to care about privacy, and it is really interested in smart contracts.

two。 Logical data model

The Libra protocol uses an account-based data model to encode the ledger state.

From a data structure point of view, Libra is more like Ethereum or Ripple than bitcoin. The UTXO model has both advantages and disadvantages-- better privacy and more robust transaction history due to the simplicity of output-based history-- but it may be more difficult to handle complex intelligent contracts. Therefore, the account model makes sense because Facebook is unlikely to care about privacy, although it sounds interested in smart contracts.

The Libra protocol does not link accounts to a real-world identity. A user is free to create multiple accounts by generating multiple key-pairs. Accounts controlled by the same user have no inherent link to each other. This scheme follows the example of Bitcoin and Ethereum in that it provides pseudonymity for users.

It sounds amazing, but I wonder if the same is true of Libra coin. For developers who want to develop applications that protect more privacy, it will be interesting to observe the openness of the system.

Every resource has a type declared by a module. Resource types are nominal types that consist of the name of the type and the name and address of the resource's declaring module.

It looks like you can generate an address that can allocate any number of assets as long as each asset has a unique name.

Executing a transaction T i produces a new ledger state S i as well as the execution status code, gas usage, and event list.

Well, now we know how to protect the system from resource exhaustion attacks, probably by using a resource cost system like Ethereum.

There is no concept of a block of transactions in the ledger history.

Interesting. There is no actual blockchain data structure in the Libra protocol-- a block is more like a virtual logical structure that verifiers use to coordinate confirmation snapshots of system state. In retrospect, the first sentence of this section now has more meaning:

All data in the Libra Blockchain is stored in a single versioned database. A version number is an unsigned 64-bit integer that corresponds to the number of transactions the system has executed.

Every cryptographic asset network I'm familiar with works at a very high level in the same way: first there is a system state, then a transaction is executed, which is actually a state transition function, and then a new system state emerges.

The purpose of placing bulk transactions in containers or blocks is to sort and time-stamp them. This is very important for unlicensed networks, where data is authenticated by dynamic multi-party member signatures, and the verifier is free to join and leave the network. Because Libra runs a licensed system, it can use a more efficient consensus algorithm without batching transactions, because transaction history is much less likely to be rewritten.

In the initial version of the Libra protocol, only a limited subset of Move's functionality is available to users. While Move is used to define core system concepts, such as the Libra currency, users are unable to publish custom modules that declare their own resource types. This approach allows the Move language and toolchain to mature-informed by the experience in implementing the core system components-before being exposed to users. The approach also defers scalability challenges in transaction execution and data storage that are inherent to a general-purpose smart contract platform.

This sounds very similar to the open validator membership (Open verifier membership) program mentioned earlier. It seems that Facebook has not solved any of the major problems that Ethereum has been trying to solve for many years.

In order to manage demand for compute capacity, the Libra protocol charges transaction fees, denominated in Libra coins.

Libra coins is actually the native unit of the protocol, just as ETH is the native unit of Ethereum. This leads to another question about the anonymous nature of Libra: can you get coins without AML / KYC? If not, you don't seem to be able to use any of the features of the system anonymously. Check the Calibra wallet, which will require AML / KYC. So I want to know whether there will eventually be some ways of entering the system that are not strictly controlled.

The system is designed to have low fees during normal operation, when sufficient capacity is available.

This is really vague and raises a lot of questions: what is a low charge? What is normal operation? What is sufficient capacity?

3. Execute the transaction

Many parts of the core logic of the blockchain are defined using Move, including the deduction of gas fees. To avoid circularity, the VM disables the metering of gas during the execution of these core components.

This sounds dangerous, but the authors of the document point out that core components must be written in a defensive manner to prevent DoS attacks.

The key feature of Move is the ability to define custom resource types... The Move type system provides special safety guarantees for resources. A resource can never be copied, only moved. These guarantees are enforced statically by the Move VM. This allows us to represent Libra coins as a resource type in the Move language.

This clarifies the previous question: whether Libra coins is a local asset like ETH or BTC. I hope that these coins are only the default or only allowed resource types when the system starts, and other resources will be provided in the future.

Move's stack-based bytecode has fewer instructions than a higher-level source language would. In addition, each instruction has simple semantics that can be expressed via an even smaller number of atomic steps. This reduces the specification footprint of the Libra protocol and makes it easier to spot implementation mistakes.

This sounds deliberate; hopefully it means that their scripting language will be more secure than Ethereum.

We see that the "Libra blockchain" is not really a blockchain.

4. Validated data structures and storage

The Libra protocol uses a single Merkle tree to provide an authenticated data structure for the ledger history... Specifically, the ledger history uses the Merkle tree accumulator approach to form Merkle trees, which also provides efficient append operations.

Once again, we see that the "Libra blockchain" is not actually a blockchain. This protocol seems to be very well designed, but oddly enough, when the data structure of the account history is a set of signed account states, they still call it a blockchain. The verifier is making a commitment for each account status, and all historical account status is committed in the Merkle tree, but I haven't really seen any list of backlinked data that forms the chain-let alone a block chain.

The authenticator of an account is the hash of this serialized representation.

Note that this representation requires recomputing the authenticator over the full account after any modification to the account. The cost of this operation is O (n), where n is the length of the byte representation of the full account.

Well, if there is no limit on the amount of data a given account can store, it sounds like the beginning of a DoS attack.

We anticipate that as the system is used, eventually storage growth associated with accounts may become a problem. Just as gas encourages responsible use of computation resources, we expect that a similar rent-based mechanism may be needed for storage. We are assessing a wide range of approaches for a rent-based mechanism that best suits the ecosystem.

Another unsolved problem. Can't wait to say, "the rent is too high!"

The voting power must remain honest both during the epoch as well as for a period of time after the epoch in order to allow clients to synchronize to the new configuration. A client that is offline for longer than this period needs to resynchronize using some external source of truth to acquire a checkpoint that they trust.

Hey. It is not clear how long this "time period" is, but if an epoch is less than a day, then I guess the same is true of the specified "time period". It seems that this consensus protocol is not strong enough, and participants may leave and rejoin the network at will.

5. Byzantine fault tolerance consensus

LibraBFT assumes that a set of 3f + 1 votes is distributed among a set of validators that may be honest, or Byzantine. LibraBFT remains safe, preventing attacks such as double spends and forks when at most f votes are controlled by Byzantine validators.

Like PBFT, this consistency algorithm can tolerate 33% of verifiers being dishonest. The changes to HotStuff sound reasonable:

Resist non-deterministic errors by having the validator sign the state of the block (not just the transaction sequence).

A pacemaker that sends out clear timeout signals, and the verifier relies on the arbitration set of these timeout signals to move on to the next round-which should improve activity.

Unpredictable leader election mechanism to limit DoS attacks against leaders.

Aggregate signatures to save authenticators who have signed arbitration set certificates to accept votes for blocks.

6. The network

Each validator in the Libra protocol maintains a full membership view of the system and connects directly to any validator it needs to communicate with. A validator that cannot be connected to directly is assumed to fall within the quota of Byzantine faults tolerated by the system.

This will require a lot of work to extend the system to hundreds of verifiers.

7. Libra core implementation content

The security of the Libra Blockchain rests on the correct implementation of validators, Move programs, and the Move VM. Addressing these issues in Libra Core is a work in progress.

This section is basically summarized, although they wrote the implementation in Rust, which seems to be a good start for performance and security.

8. Performance

We anticipate the initial launch of Libra protocol to support 1000 payment transactions per second with a 10-second finality time between a transaction being submitted and committed.

Since there are only about 100 verifiers, and they are all directly connected to each other, a block time of 10 seconds sounds feasible.

Minimum node requirements:

40 Mbps network connection

1 commodity CPU

16 TB SSD

There are some references on the ability to maintain the verifier's ability to perform initial synchronization from scratch, rather than trusting the signature status of other verifiers. I expect that if Libra is fully utilized, performing such synchronization will soon become very impractical, so the node security model will be highly dependent on trusted validators.

9. Implementation of Libra ecosystem Strategy with Move

The [Libra coin] reserve is the key mechanism for achieving value preservation. Through the reserve, each coin is fully backed with a set of stable and liquid assets. The Libra coin contract allows the association to mint new coins when demand increases and destroy them when the demand contracts. The association does not set a monetary policy. It can only mint and burn coins in response to demand from authorized resellers. Users do not need to worry about the association introducing inflation into the system or debasing the currency: For new coins to be minted, there must be a commensurate fiat deposit in the reserve.

Okay, but now we're talking about events outside the network. As mentioned earlier in the white paper, the network cannot execute scripts that use data entry outside the network state. Therefore, the "can" and "must" modifiers in the above code snippet must refer to Libra Association policies or contractual obligations that the network is not aware of.

The consensus algorithm relies on the validator-set management Move module to maintain the current set of validators and manage the allocation of votes among the validators. Initially, the Libra Blockchain only grants votes to Founding Members.

Suppose the verifier votes on the change in the validator set, which sounds like a problem similar to the one we see in the equity proof system-remote attacks. If the important threshold of the founding member's key is compromised, can the attacker write a new account history from the source? If so, will other nodes accept it? It is not clear whether the consensus agreement allows rewriting of the old state or just appending status.

We plan to gradually transition to a proof-of-stake.

If they can solve the unsolved problems.

Unsolved problems

How to manage it?

We can see that Libra Association is a committee made up of members who need an absolute majority of 2max 3 in order to make a change decision. They are the only ones qualified to cast or destroy Libra coin, but if there is enough consensus, they can make any change they want.

Is AML / KYC required?

Obviously, it is not required for the protocol level, but Calibra Wallet states that all users will be authenticated through a government-issued ID. It sounds like Calibra wallets will be the only wallets available for some time, so it's not clear whether developers and users can run applications on Libra networks that don't follow the same standards as Calibra.

What is a low charge? What is normal operation? What is sufficient capacity?

CALIBRA wallet FAQ promises a low charge, but this seems to conflict with the operation of the underlying protocol at high load.

Transaction fees will be low-cost and transparent, especially if you're sending money internationally. Calibra will cut fees to help people keep more of their money.

Will Libra really be open to developers?

According to the plan to achieve no license consensus:

The Libra Blockchain will be open to everyone-any consumer, developer, or business can use the Libra network, build products on top of it, and add value through their services. Open access ensures low barriers to entry and innovation and encourages healthy competition that benefits consumers.

I doubt whether developers will be able to run any technically effective applications they can imagine on this platform. I haven't read anything that makes me believe that the system will resist censorship, but only time will tell us the answer!

This is the answer to the question about how Facebook's Libra blockchain works. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.