Current location - Quotes Website - Personality signature - Research on Bitcoin Mechanism
Research on Bitcoin Mechanism

The electronic payment system in today's world has been very developed, and our daily consumption can basically be easily solved on Alipay and WeChat. However, whether it is Alipay or WeChat, they essentially rely on a centralized financial system. Even if this system runs very well in most cases, due to the existence of the trust model, there will still be arbitration disputes. If there are arbitration disputes, It means that there are no irrevocable transactions, so for irrevocable services, a certain proportion of fraud is inevitable. Before the advent of Bitcoin, there was no solution that could solve payments on communication channels without introducing a centralized trusted party.

The power of Bitcoin is that it is an electronic payment system based on cryptography principles rather than relying on centralized institutions. It allows any two parties willing to trade to trade directly without the need for A trusted third party. The mathematical irreversibility of transactions will protect merchants who provide irrevocable services from being defrauded, and the programmatic contract mechanism used to protect buyers is also easier to implement.

Suppose there are three people A, B and C in the network.

A pays B 1 Bitcoin, B pays C 2 Bitcoins, and C pays A 3 Bitcoins.

As shown in the figure below:

In order to stimulate users in the Bitcoin system to keep accounts, there are rewards for accounting. There are two main sources of rewards:

Every transaction in Bitcoin will have a handling fee, and the handling fee will be given to the bookkeeper

The bookkeeper will have rewards for packaging blocks. The plan designed by Satoshi Nakamoto in 2008 is: one package is made every 10 minutes, and each package is rewarded with 50 Bitcoins. The reward for a single package is halved every 4 years, that is, after 4 years, each package is rewarded with 25 Bitcoins. 1 Bitcoin, and 12.5 Bitcoins will be awarded after four years... In this way, we can actually calculate the total amount of Bitcoins:

To explain the question of who is the basis for the packaged records, we need to Introducing a well-known Byzantine generals problem (Byzantine failures). The Byzantine Generals Problem is a fundamental problem in point-to-point communications posed by Leslie Lambert. The implication is that it is impossible to achieve consistency through message passing over an unreliable channel where message loss exists.

Assume that 9 generals who are far away from each other surround the Byzantine Empire. Unless 5 or more generals attack together, the Byzantine Empire can be defeated. These nine generals do not trust each other. They do not know whether there are traitors among them. So how can they win the battle through long-distance negotiation?

There are 3 default rules for verbal agreements:

1. Every message can be received accurately

2. The receiver knows who sent it to him

3. Everyone knows who did not send the message

4. The recipient does not know who forwarded the message

If the generals follow the verbal rules, That is the following scene: General 1 sends a message to the other 8 generals, and then Generals 2~9 relay (broadcast) the message. Each general is the receiver and forwarder of the message. In this way, after one round, the total number* **There will be 9×8=72 times sent. In this way, the generals can choose to act based on the information in their hands and the voting results of the majority. Even if there are spies at this time, because the minority obeys the principle of the majority, as long as the majority of the generals agree to attack Byzantium, they will take action.

This solution has many shortcomings:

1. First of all, the sending volume is large, 72 times between 9 generals. As the number of nodes increases, the workload increases geometrically. .

2. Furthermore, it is impossible to find out who is the traitor, because it is a verbal agreement, and the recipient does not know who is the forwarder of the information. The data in the hands of each general is only a quantitative comparison:

Here we assume that there are three traitors. In the most extreme case, that is, the traitors always tamper with "no attack" when forwarding information, then our worst result is as shown in the figure above. General 1 can conclude that he will attack based on the information in his hand, but he cannot know who among the generals is the traitor.

So we have option two: a written agreement.

The written agreement means that the military can sign after receiving the information, and everyone can identify whether the signature is his or her. In other words, if someone tampered with the signature, everyone can know. Compared with oral agreements, written agreements add an authentication mechanism, and all messages are recorded. Once you discover that someone is giving inconsistent information, you are hunting down spies.

With the written agreement, the information in the hands of General 1 is like this:

It can be clearly seen that in the worst case - the traitor always forwards Under the message of "no attack", generals 7, 8, and 9 are traitors in the team.

This solution solves the problem of non-traceability of historical information in oral agreements, but does not achieve any improvement in terms of sending volume.

In our example, every user in the Bitcoin system who initiates a transaction will sign it with his own private key. The mathematical formula is:

So The previous block became like this:

In this way, each transaction is digitally signed by the transaction initiator through the private key. Since the private key is not public, the transaction information cannot be forged. .

As stated at the end of the written agreement, the written agreement fails to solve the problem of too much information exchange. When there are tens of millions of nodes in the Bitcoin system, if they want to broadcast verification to each other, the number of request responses will be a very huge number, which will obviously cause network congestion and slow down node processing. In order to solve this problem, Satoshi Nakamoto simply allowed a block to be produced in 10 minutes. Who will package and send this block? The proof-of-work mechanism (PoW) is used here. Proof of work, to put it bluntly, is to solve a mathematical problem. Whoever solves the mathematical problem first will have the right to package the block. In the case of the Byzantine generals, whoever solves the math problem first becomes the commander-in-chief among the generals, and the other generals obey his orders.

First, the miner will perform sha256 evaluation twice on the 128-byte string occupied by the block header, that is:

In this way, a value Hash is obtained, and it is compared with the target The values ??are compared, and if the conditions are met, the proof of work is deemed successful.

The conditions for the success of the workload proof are written in the difficulty number field in the header of the blockchain, which requires that the Hash value of the last two sha256 operations must be less than the set target value; if not, Then change the random number (nonce) in the block header and repeat the calculation and verification again and again until the conditions are met.

In addition, Bitcoin has its own difficulty control system, which enables the Bitcoin system to maintain a 10-minute rate of generating a block under different computing power conditions across the entire network. This also means that the difficulty value must be adjusted according to changes in the computing power of the entire network. The difficulty adjustment strategy is calculated by comparing the time spent on the latest 2016 blocks with the expected time (the expected time is 20160 minutes or two weeks, which is the total time calculated based on the generation rate of one block every 10 minutes). According to The ratio of actual duration to expected duration will be adjusted accordingly (either harder or easier). In other words, if the block generation rate is faster than 10 minutes, the difficulty will be increased, and if the block generation rate is slower than 10 minutes, the difficulty will be decreased.

PoW actually does the following three things in Bitcoin.

This prevents a high-performance machine from running tens of thousands of nodes at the same time, because sufficient computing power is required to complete each job.

Having economic rewards will accelerate the decentralization of the entire system, and also encourage everyone not to do evil, but to actively implement the protocol in accordance with its original implementation method. (So, the currencyless blockchain is actually not feasible, and the currencyless blockchain will definitely lead to centralization.)

In other words, each node cannot control a fast transaction based on its own hardware conditions. Spend. On average, one block is produced in Bitcoin every 10 minutes. No matter how good the machine is, it cannot break this rule. This ensures that the blockchain can converge to the same main chain, which is what we call ***knowledge.

In summary, knowledge is only one of the three functions of PoW. In fact, there are at least three functions of PoW design.

The concept of Merkle tree is actually very simple, as shown in the figure

In this way, the structure of our block is roughly complete, which is divided into block header and block body. part.

Each node of the blockchain stores every block of the blockchain from its creation to the present, that is, every transaction is stored on the node. There are now hundreds of them. GB.

Whenever a new transaction is generated in the Bitcoin system, the new transaction will be broadcast to all nodes. Each node collects new transactions and generates the corresponding Merkel root. After splicing the block header, it begins to adjust the random value in the block header, and then starts to calculate the math problem

Will calculate The result is compared with the target value in the network. If the result is less than the value, the answer is broadcast to the entire network. After other miners receive this information, they will immediately put down their calculations and start calculating the next block.

For example, node A is currently mining 38936 blocks. Once mining node A completes the calculation, it will immediately send this block to all its neighboring nodes. After these nodes receive and verify this new block, they will continue to propagate this block. As this new block propagates through the network, each node will add it to its own node’s copy of the blockchain as the 38936th block (the previous block was 38935). When the mining nodes receive and verify this new block, they abandon their previous calculations to build this block of the same height and immediately begin the work of calculating the next block in the blockchain.

The entire process is as shown in the next picture:

Simply put, the double-spending problem is that a sum of money is spent twice.

Specifically, the double-spending problem can be divided into two situations:

1. The same money is used multiple times;

2. A sum of money is used only once, but Through hacking or forgery, a copy of the money is made and used again.

In the digital system we live in, due to the replicability of data, the same digital asset may be reused due to improper operations. In order to solve the double-spending problem, daily life relies on to a third-party trust organization. Such institutions centrally manage data and prevent double payments by modifying account balances in real time. As a decentralized peer-to-peer value transmission system, Bitcoin solves the double-spend problem through the integration of UTXO, timestamp and other technologies.

The full English name of UTXO is unspent transaction outputs, which means unused transaction outputs. UTXO is a new accounting model that is different from traditional accounting methods.

The traditional accounting method in banks is based on accounts, which mainly records the account balance of a certain user. The UTXO transaction method is based on the transaction itself and does not even have the concept of an account. In the UTXO accounting mechanism, in addition to currency issuance, all sources of funds must come from one or several previous transactions. The total amount of any transaction must be equal to the total transaction output. The UTXO accounting mechanism allows every transfer in the Bitcoin network to be traced back to its previous transaction.

The Bitcoin mining node obtains the mining reward of the new block, such as 12.5 Bitcoins. At this time, its wallet address gets a UTXO, which is the currency base transaction of this new block (also Called coin creation transaction) output. A coinbase transaction is a special transaction that has no inputs, only outputs.

When A wants to transfer a bitcoin to B, the process is to sign the previous UTXO in A's wallet address with the private key and send it to B's address. This process is a new transaction, and what B gets is a new UTXO.

This is why some people say that there is no Bitcoin in this world, only UTXO. The Bitcoin in your address refers to the unspent transaction output.

Take the process of Alice transferring money to Bob as an example:

UTXO is very different from the account concept we are familiar with. What we have the most daily contact with is accounts. For example, if I open an account in a bank, the balance in the account is my money.

But there is no concept of an account in the Bitcoin network. You can have multiple wallet addresses, and each wallet address has multiple UTXOs. Your money is the sum of the UTXOs in all these addresses. sum.

Satoshi Nakamoto’s goal in inventing Bitcoin was to create a peer-to-peer electronic cash. The design of UTXO can be seen as drawing on the idea of ????cash: we may put some cash in this pocket and in the corner of that cabinet Put some cash in there, in this case there isn't an account, the cash you put everywhere adds up to all the money you have.

There is also a technical reason to adopt the UTXO design. This special data structure can make double spending easier to verify. Compare: