Have you ever thought about: Why is the bigger the computing power of the mining machine, the better? (Since it’s about solving math problems, why not compete with someone whose algorithm is better?) Why is the total number of Bitcoins 21 million? What is happening with Bitcoin theft? If I don’t play with Bitcoin, do I really have nothing to do with Bitcoin...?
There are many ingenious things behind Bitcoin, which is no longer unfamiliar to the public. This article introduces the basic principles and main principles of Bitcoin, and combines the analysis of some technical details to answer some of the above questions. The full text is long, about 7,000 words, and the reading time is about 22 minutes. Is it recommended to save it and read it?
The article can be divided into the following parts:
* Prior knowledge of Bitcoin
p>-- Cryptozoology related
-- Important concepts of Bitcoin
* The life cycle of transactions
* The composition of the blockchain
* The growth of blockchain
?--The mathematical essence of “mining”
?--The benefits of “miners”
* Bitcoin’s consensus mechanism
? -- Bitcoin’s decentralized consensus
? -- “Longest chain first” principle
* Bitcoin Security
As the first decentralized digital currency, Bitcoin uses a lot of cryptography-related knowledge in its design, mainly including asymmetric encryption technology, hashing functions and so on. Understanding this cryptographic knowledge can help us better understand some concepts and rules in Bitcoin.
The following are some definitions and conceptual explanations of Bitcoin. Friends who know it before can skip it directly ~
In Bitcoin, an innovative payment network, the life of a transaction The cycle can be roughly divided into several stages: creation, dissemination and verification, being packaged into blocks and recorded in the blockchain, and obtaining more confirmations. Figure 1 illustrates these stages.
Note:
1. When a payer A initiates a Bitcoin transaction, he will use his private key to sign the hash value of the transaction information. Therefore, in addition to the transaction information, the content broadcast by A to the entire network also includes its own public key information and signature of the message. Other miners can use A's public key to verify the transaction and determine whether it was actually created by A.
2? "Transaction propagation and transaction verification" alternately means that each node independently verifies each transaction based on certain rules (*** knowledge base 1). A node will only process it if it believes that the transaction is valid. Keep spreading the word.
The underlying technology of Bitcoin is blockchain. The blockchain system is a distributed consensus system, and all participating nodes in the blockchain network will reach an agreement on the status of the transaction.
What exactly is blockchain? You can think of it as a distributed shared ledger of transactions, linked together with blocks as the basic unit. Transaction information will be organized and packaged and recorded in blocks. Each block contains a block header followed by a transaction list. The block header contains 3 block metadata sets: pre-order block hash (strictly speaking, pre-order block header hash, because only the block header is used for hash operations), metadata set (including difficulty, timestamp , random numbers, etc.), a Merkle tree that efficiently summarizes all transactions in a block based on cryptographic hashes. Understanding this structure will help us better understand the mathematical nature of mining.
You may have heard the word "mining" or heard about people rushing to buy mining machines to make a fortune. But what makes people confused is: they say that the essence of packing blocks is to solve mathematical problems, but can you ensure that you have a high winning rate in solving Bitcoin problems just by relying on those seemingly simple machines buzzing and consuming electricity like crazy? In the technical principles of Bitcoin, is the mathematical problem that miners solve a brute force problem?
After looking around, I found that the problems solved by the miners are really a bit of a brute force solution. Every time I try to solve the problem, I am almost at a loss and trying my luck. Whoever is lucky enough to compete will also calculate quickly enough. If the calculation is fast enough, the more trials and errors, the greater the chance of winning.
The background to solving the problem is this - the mining node independently aggregates transactions into new blocks through proof operations based on the Proof-of-Work (POW) algorithm (*** Knowledge base 2). When the miner receives a new block from the network, he discovers that he has failed in the previous round of competition, so he immediately starts the mining process of the new block. To create a new block, it selects transactions from the mempool to populate the block (the first transaction added to the block is a "minting transaction", details of which are given in Section 3.2). The next step is to fill in the fields to create the block header (including the block header hash of the previous block, the Merkel tree of the transaction (Merkel tree), timestamp, difficulty target value, random number), and then start calculating the new block Proof of work.
To put it simply, this calculation process is to perform two sha256 operations on the block header to obtain a RESULT. If this RESULT meets specific requirements, the person can be considered correct and have the right to record it. account. The RESULT that meets the requirements is called "proof of work" (called "proof of work" in Satoshi Nakamoto's paper).
Regarding this calculation process, the following points are emphasized:
First, the block header contains the hash of the previous block header and the transaction information of this block. Merkle tree, timestamp, difficulty target value, random number and other information (see Figure 2).
Second, hash operation has the following characteristics: "Knowing y, it is impossible to deduce x that makes h(x)=y true", "Even if the input changes only a little bit, the output will be much different", "Using arbitrary length of data as input and generates a fixed-length deterministic result" feature. Therefore, no one knows what kind of input can produce the results they want, and miners can only keep trying.
Third, as mentioned earlier, the block header hash value needs to meet a specific requirement to become a proof of work - less than a certain threshold, or the hash value contains a given prefix. The size of the threshold is related to the mining difficulty: the mining difficulty is a dynamic parameter. The larger the value, the smaller the threshold, which means that the probability of the hash value meeting the requirements is smaller, and the probability that the miner can become a proof of work each time it calculates The smaller. Bitcoin has a self-adjusting process - by estimating the existing mining computing power and adjusting the mining difficulty accordingly, it can ensure that the blockchain produces a block every ten minutes to achieve the purpose of controlling the issuance speed. (The basic idea of ??this process is similar to the data estimation question in the product written test. According to the idea of ??"one supply, one need", an equation is constructed, and then a factor on one side of the equation is solved; students who want to understand the mining difficulty system and adjustment methods You can check it further~)
Based on the above three points, in order to generate proof of work, users will basically try their luck by adjusting random numbers (because other fields are basically unchanged), and perform multiple operations until Meet the requirements and there is no other way. Looking at it this way, random numbers have the meaning of "lucky numbers". Therefore, on average, whoever is more computationally capable (more attempts) has a better chance of packing a block.
You may be thinking, what kind of interests are driven by the miners who are so willing to consume computing power to maintain the blockchain? Simply put, there are two sources of income for miners: 1. Calculating the proof of work and creating a new block as a reward for new coins; 2. Accounting for mining fees.
When a miner finds the proof of work, packages a new block, and transmits the block to all of his peers. Each mining node independently verifies the new block, integrates the qualified new block into the blockchain (***Basic Knowledge 3), and continues to pass the block to its peer node. As a result, only verified blocks will be widely disseminated in the network, ensuring that new blocks dug by honest miners can be accepted by the blockchain. Individual nodes or collective nodes that successfully mine can receive new currency rewards and accounting mining fees at the same time.
The new currency reward is similar to the issuance of currency. The rules are that each new block will generate 50 btc in the first four years, 25 btc will be generated in each new block in the second four years, and 25 btc will be generated in the third four years. Each new block generates 12.5 BTC, and this cycle decreases exponentially. According to the summation of the geometric series, it can be seen that by 2140, the total number of Bitcoins generated will be approximately 21,000,000 (so the number of Bitcoins is limited and inherently deflated). At that time, new Bitcoins will no longer be added with the generation of blocks, and miners will no longer have the first income. But in reality, due to the high cost of mining, successful mining is often the result of all participants in a mining pool. The income is distributed to the mining pool address, and the mining pool shares the income according to the proportion of the computing power contribution within the group.
Accounting mining fees, also known as transaction fees, exist in the form of the difference between transaction input and transaction output; the total transaction fee of a block is for all transactions added to the block (transaction input - transaction outputs) sum. Generally speaking, transactions with higher mining fees will be processed faster. Mining fees play two roles here, one is to reward miners, and the other is to prevent abuse of the main chain (preventing everyone from sending transaction spam, because there is a certain cost for proposing transactions).
In what form are miners’ profits verified? I have to mention “coin trading” here. The first transaction added to the block by each computer node before performing the proof-of-work calculation is the "minting transaction". This transaction generates Bitcoin from scratch, and the amount is the sum of the new coin reward and the accounting miner fee, which is paid to the mining miner's own Bitcoin address. If the miner finds a proof of work that makes the block valid, he wins this reward because the "minting transaction" he constructed takes effect.
Regarding minting transactions and "new coin rewards", a reader asked me before: If a miner announces that he has dug a new block, will his proof of work not be plagiarized by others?
Personally, I think that at least "coin trading" can prevent this from happening.
Let us reiterate the process of calculating the proof of work - a miner E adds a "coin transaction" to reward himself in the new block, and uses the timestamp, the previous block header hash, the random number, and the transaction value of this block. Merkle tree and other information are used to calculate a workload proof that meets the requirements.
In this process, what the merkle tree looks like depends on all transaction information in this block including "coin transactions". Therefore, minting transactions can be regarded as one of the indirect variables of proof of work. Then, even if others get E's proof of work, this proof of work is marked by E and is related to the coin transaction that rewards E, and others cannot use it for their own use.
You can also deepen your understanding of Basic Knowledge 2 by imagining the following scenario: "Mining nodes independently aggregate transactions into new blocks through proof operations based on the proof-of-work algorithm."
Why doesn’t a miner who digs out a new block secretly set the minting transaction amount to 1,000 BTC at the beginning of creating the block? The reason is that each node independently verifies blocks based on the same rules. Miners must create perfect blocks that comply with public rules and correctly follow the proof-of-work method; and an invalid minting transaction will cause the entire block to be invalid and rejected by other nodes, and will never become part of the ledger. It can be expected that in order to generate this proof of work, miners have invested huge computing power and electricity in mining. If it is rejected due to suspicion of fraud, the cost of mining will be in vain.
To sum up, miners cannot pretend to receive rewards from others, and miners who receive rewards must only take the amount that meets the regulations.
The excellence of Bitcoin lies in the establishment of a decentralized spontaneous consensus. This kind of independent consciousness is generated spontaneously, formed in asynchronous interactions by thousands of nodes in the network that follow the same rules, and does not rely on the mediation and intervention of any central agency.
Regarding the four main knowledge bases of Bitcoin, this article mentions them when explaining the corresponding details. Here is an integration:
? These four processes complement each other and complement each other. As a result, a spontaneous network-wide consensus is formed, prompting nodes across the network to assemble a credible, open, and authoritative general ledger. ?
You may think that Bitcoin is a decentralized thing that is based on public trust and relies on the power of everyone. What if some miners are bribed by bad guys? What does "51% attack" refer to? What about the “6 confirmations” required by Bitcoin exchanges?
Here we must first mention a rule of Bitcoin "longest chain first". This means that when the Bitcoin bill chain forks, each miner will independently choose the longer chain (which has accumulated the most proof of work) and continue mining on it (***Basic Knowledge 4).
This principle mainly involves two issues:
When two miners A and B successfully mine at the same time (calculate a mathematical answer that meets the requirements), they respectively calculate their own The resulting proof of work is used as the pre-order block hash of the next block, generating a block connected to the back of the original chain, thus resulting in two branches.
At this time, these two successful miners broadcast the news of their successful packaging. Since the blockchain is a decentralized data structure, the time points at which block messages arrive at different nodes are inconsistent, so different nodes may not have exactly the same view of the blockchain - some miners will receive A's message first , some will receive B’s message first. To solve this problem, miners who receive the message follow a principle: select and try to extend the longest chain.
Therefore, the two branches will each grow for a short period of time until their lengths differ (it is impossible for the lengths to always be the same). For example, the miners of one of the chains will package in the branch chain faster. Add another piece at the back. According to the "longest chain first" rule, shorter chains will be abandoned, and miners who originally worked on the short chain will return to work on the long chain.
In other words, forks are just temporary inconsistencies between different nodes. When new blocks are added to one of the branches, final convergence will solve this problem. [Readers can think about why the blockchain is set to dig out a block every ten minutes: If the time is short, does it increase the number of branches? If it takes a long time, will the efficiency of transaction settlement be too low? ]
The essence of double payment is actually a fork of the blockchain, but this fork is the product of "unnatural malicious intent".
We assume that Xiao Min is the party who conspired to double-spend. She first gave her only 10 BTC to Xiao Qiang in exchange for a piece of gold. After the transaction information P was packaged into block Q, she gave it to Xiao Qiang. Got gold in hand. At this time, Xiao Min made a trick. She wanted to secretly erase and tamper with the transaction information P on block Q, so as to "purchase" this piece of gold. In order to achieve this goal, according to the "longest chain first" rule, Xiao Min must eliminate the transaction P and re-do the settlement work, concentrate the computing power to form a fork, and let the fork grow faster than the merger. Replace the main chain where Q is located. If Xiao Min can indeed make the fork longer, the fork will become the main chain, and other nodes will switch to the new main chain to continue working.
In this way, Xiaoqiang paid gold, but did not receive the 10 Bitcoins, "losing his wife and losing his troops."
In this process, Xiao Min needs to "fight" with the original chain to make the new fork become the longest main chain. This is called a "*** consciousness attack". "Basic knowledge attack" is essentially a competition for the next block. The "stronger" the attacker and the greater the hashing power, the easier it is to succeed.
What are the chances of a “cognitive attack” succeeding?
Most Bitcoin exchanges stipulate that after a transaction is transmitted to the blockchain, 6 "confirmations" are required to complete the verification of the transaction. The basis for this regulation is that assuming that the miner intending to commit fraud has 10% of the computing power (mining success probability 0.1), then the fraud miner must successfully mine at least 6 times in order to construct another fake chain to exceed the length. Then the probability of the original chain being replaced or abandoned is about 0.1 raised to the 6th power, approaching 0. You can think of Bitcoin as a geological structure. The surface layer may change due to seasonal changes, or even be blown away by the wind, but once it goes deep underground, the geological layer will be more stable and undisturbed.
Suppose there is a group of miners with 51% of the computing power. They control more than half of the hashing power of the entire network and can deliberately create forks in the blockchain and conduct double-spend transactions. But the fact is that with the massive increase in the hash power of the entire network, it is almost impossible for individual miners to control even 1% of the hash power (but the centralized control of hash power brought by mining pools has certain risks). What's more, if there is an organization with such powerful computing power, he can use his powerful computing power to invest in mining to obtain the Bitcoin rewards for developing new blocks. Honest mining is more profitable than double spending. .
Although the problem of 51% attack has not actually occurred, it is undeniable that the concentration of computing power violates the original intention of Bitcoin's decentralization and has become a major hidden danger for its continued development.
The security of a system often depends on the weakest link in system security. This is the so-called "barrel principle". Security issues related to blockchain systems include but are not limited to the following:
(1) The public key system widely used on blockchains is basically secure, but quantum algorithms are It is theoretically possible to break the public key system; therefore, the algorithmic security of the blockchain is relative.
(2) The blockchain protocol itself has logical flaws, such as the blockchain system’s identification mechanism that is attacked by hackers.
(3) All digital currency systems are highly dependent on private keys, and the security of private keys in storage and use has become a crucial part of the security of the blockchain system.
Although the blockchain is a decentralized system, the vast majority of current digital exchanges are centralized, and there are human security vulnerabilities and technical security vulnerabilities. These digital exchanges hold private keys that store large amounts of cryptocurrency, which is undoubtedly the most attractive target for hackers; as long as hackers steal these private keys, they can obtain these cryptocurrencies.
The author will continue to read relevant materials and continuously improve this article, with the goal of completing an easy-to-understand Bitcoin science article. :)
**This article is a combination of online information and personal understanding. If there are any deviations or misunderstandings, readers are welcome to point them out.
Guidance on the structure of the article is also welcome~