Independent verification also ensures that blocks generated by honest miners can be included in the blockchain and thus be rewarded. The blocks generated by dishonest miners will be rejected, which will not only make them lose their rewards, but also waste the opportunity to find a solution to the workload proof, resulting in the loss of their electricity bills.
When a node receives a new block, it will verify the block against a long list of standards. If it fails verification, the block will be rejected. These standards can be obtained in the CheckBlock function and CheckBlockHead function of Bitcoin core client.
It includes:
Why don't miners record a deal for themselves to get thousands of bitcoins?
This is because each node checks blocks according to the same rules. Invalid coinbase transaction will invalidate the whole block, which will cause the block to be rejected, so the transaction will not become part of the general ledger. Miners must build a perfect block, based on the rules shared by all nodes, and mine according to the correct workload-proven solution. They have to spend a lot of electricity to mine to do this. If they cheat, all the electricity and efforts will be wasted. This is why independent verification is an important part of decentralized knowledge.
The last step of Bitcoin's decentralized knowledge mechanism is to assemble blocks into chains with maximum workload proof. Once the node verifies the new blocks, it will try to connect the new blocks to the existing blockchain and assemble them.
Nodes maintain three kinds of blocks: one is connected to the main chain, the other is branched from the main chain (standby chain), and the last is that no known parent block is found in the known chain. In the verification process, once something that does not meet the standard is found, the verification will fail, so the block will be rejected by the node, so it will not join any chain.
At any time, the main chain is the blockchain that has accumulated the most difficulties. Usually, the main chain is also the chain with the most blocks, unless there are two chains of equal length, and one of them has more workload proofs. The main chain will also have some branches, and the blocks in these branches and the blocks on the main chain are "brother" blocks. These blocks are valid, but they are not part of the main chain. The purpose of keeping these branches is that if one of them is extended and the difficulty value exceeds the main chain at some point in the future, subsequent blocks will refer to them.
If a node receives a valid block, but its parent block is not found in the existing blockchain, then this block is considered as an "orphan block". Orphans are kept in the orphan pool until their parent block is received by the node. Once the parent block is received and connected to the existing blockchain, the node will take the orphan block from the orphan block pool and connect it to its parent block as part of the blockchain. When two blocks are dug up in a short time interval, the nodes may receive them in the opposite order, and the phenomenon of solitary blocks will appear at this time.
After selecting the most difficult blockchain, all nodes in the whole network finally reach * * * knowledge. As more workload proofs are added to the chain, the temporary differences in the chain will eventually be solved. The mining node selects the blockchain that it wants to expand by "voting". When they dig a new block and extend a chain, the new block itself represents their vote.
Because blockchain is a decentralized data structure, it is not always consistent between different copies. Data blocks may arrive at different nodes at different times, resulting in different node blockchain panoramas.
The solution is that each node always chooses and tries to expand the blockchain representing the cumulative maximum workload certificate, that is, the longest or maximum cumulative work chain. By accumulating the workload of each block on the chain, the node obtains the total amount of workload certificates to be paid to establish the chain. As long as all nodes choose the blockchain with the longest cumulative working time, the whole bitcoin network will eventually converge to a consistent state. Forks are temporary differences between different blockchains. This problem is solved when more blocks are added to a fork.
It has been suggested that the blockchain bifurcation described in this section will occur automatically due to the transmission delay in the global network.
However, the inverted triangle blocks will not be discarded. It is linked to the parent block of the star chain to form a spare chain. Although node X thinks that it has selected the correct winning chain, it will also save the "lost" chain, so that the "lost" chain will eventually "win" if possible, and it also has the necessary information for repackaging.
This is a new understanding of the chain, because these nodes are forced to modify their positions on the blockchain and include themselves in a longer chain. Any miner who works in the extended star-inverted triangle will stop working now, because their candidate is an "orphan" and because their parents "inverted triangle" is no longer the longest chain.
Transactions in the "inverted triangle" are reinserted into the memory pool to be included in the next block because the block they are in is no longer in the main chain.
The whole network returned to the single-chain state, and the star-triangle-diamond became the last piece in the chain. All miners immediately began to study the candidate block with "diamond" as the mother block to expand this star-triangle-diamond chain.
Theoretically, the bifurcation of two blocks is possible. This happens when miners are opposed because of previous differences, and the solutions of two different blocks are found almost at the same time.
However, the probability of this happening is very low. One-piece bifurcation occurs every week, and two-piece bifurcation is very rare. Bitcoin designs the block interval as 10 minute, which is a compromise between faster transaction confirmation and lower bifurcation probability. Shorter block generation interval will make the transaction clearing faster, and also lead to more frequent blockchain bifurcation. In contrast, a longer interval will reduce the number of forks, but it will lead to a longer liquidation time.
Since 20 12, bitcoin mining has developed a scheme to solve the basic structural limitation of the block head. In the early days of Bitcoin, miners can dig out a block by traversing Nonce to obtain a hash that meets the requirements.
After the difficulty increases, miners often try 4 billion yuan and still can't get out. However, this can be easily solved by reading the timestamp of the block and calculating the elapsed time. Because the timestamp is part of the block header, its change allows miners to traverse it again with different random values. When the speed of mining hardware reaches 4GH/ s, this method becomes more and more difficult, because the random number is used up in one second.
When ASIC mining machine appears and quickly reaches the hash rate of TH/ s, mining software needs more space to store nonce values in order to find effective blocks. You can delay the timestamp a little, but if you move too far in the future, the block will be invalid.
Idiots need a new change in the source of information. The solution is to use coinbase transactions as an additional source of random values. Because coinbase scripts can store 2- 100 bytes of data, miners began to use this space as a source of extra random values, allowing them to explore a wider range of block header values to find effective blocks. This coinbase transaction is contained in the merkle tree, which means that any change in the coinbase script will lead to a change in the Merkle root.
The extra random number of 8 bytes plus the "standard" random number of 4 bytes allows miners to try 2 96 possibilities per second (8 followed by 28 zeros) without modifying the timestamp. If future miners pass all the above possibilities, it can also be solved by modifying the timestamp. Similarly, there is more extra space in the coinbase script to prepare for the expansion of random numbers in the future.
The cognitive mechanism of bitcoin means that it is difficult for miners (or mine pools) to try to cheat or destroy with their own computing power, at least in theory. As we said before, the * * * knowledge mechanism of Bitcoin depends on the premise that most miners will honestly dig for their own interests to maintain the entire Bitcoin system. However, when one or a group of miners who have a lot of computing power in the whole system appear, they can attack the * * * knowledge mechanism of Bitcoin to achieve the purpose of undermining the security and reliability of Bitcoin networks.
It is worth noting that the * * * knowledge attack can only affect the future * * knowledge of the whole blockchain, or at most, the * * knowledge of the recent past block (at most, the past 10 block). Moreover, with the passage of time, the possibility of tampering with the entire bitcoin blockchain is getting lower and lower.
In theory, blockchain bifurcation can become very long, but in practice, it takes a lot of computing power to achieve very long blockchain bifurcation. With the gradual growth of the entire bitcoin blockchain, the past blocks can basically be considered to be unable to be tampered with by forks.
At the same time, * * * attacks will not affect the user's private key and encryption algorithm (ECDSA).
* * * Knowledge attacks cannot steal bitcoin from other wallets, pay unsigned bitcoin, redistribute bitcoin, change past transactions or change bitcoin holding records. * * * The only possible impact of the attack is to affect the nearest block (at most 10) and the generation of future blocks through denial of service.
* * * A typical scenario of knowledge attack is "5 1% attack". Imagine a scene where a group of miners control 5 1% of the computing power of the entire bitcoin network, and they unite to attack the entire bitcoin system. Because these miners can generate most of the blocks, they can achieve "double payment" by deliberately creating a blockchain fork, or block specific transactions or attack specific wallet addresses by refusing service.
Blockchain forking/double payment attack refers to that the attacker generates a new fork by not confirming the latest transaction and rebuilding a new block before this transaction, and then realizes double payment. Under the condition of ensuring sufficient computing power, an attacker can tamper with the latest six or more blocks at one time, thus making the transactions contained in these blocks disappear.
It is worth noting that double payment can only be made on the transaction of the wallet owned by the attacker, because only the owner of the wallet can generate a legal signature for the double payment transaction. Attackers carry out double payment attacks on their own transactions, and if irreversible purchase behavior can be avoided by invalidating the transactions, such attacks are profitable.
The attacker Mallory bought a fire in Carol's gallery, and Mallory traded with Carol by transferring bitcoin worth $250,000. After waiting for one transaction instead of six, Carol safely packed the group painting and gave it to Mallory. At this time, one of Mallory's associates, Paul with strong computing power, launched a 5 1% attack when the transaction was written into the blockchain.
First of all, Paul uses the computing power of his own mine pool to recalculate the block containing this transaction and replace the original transaction with another transaction in the new block (for example, directly transfer to Mallory's other wallet instead of Carol's), thus realizing "double payment". This "double payment" transaction uses UTXO consistent with the original transaction, but the payee is replaced by Mallory's wallet address.
Then, Paul uses the mine pool to calculate an updated block based on the forged block, so that the blockchain containing this "double payment" transaction is one block higher than the original blockchain. At this point, the higher forked blockchain replaced the original blockchain, and the "double payment" transaction replaced the original transaction with Carol. Carol didn't receive $250,000 worth of bitcoin, and three priceless paintings she originally owned were taken away by Mallory for nothing.
During the whole process, other miners in Paul's mine pool may not have noticed anything unusual about this "double payment" transaction from beginning to end, because the mining program is automatic and does not always monitor every transaction in each block.
In order to avoid this attack, merchants selling bulk commodities should deliver the goods after the transaction is confirmed by the whole network. Alternatively, the merchant should use the multi-party signature account of a third party to conduct the transaction, and then deliver the goods after the transaction account has been confirmed by the whole network. The more transactions are confirmed, the more difficult it is for attackers to tamper with transactions through 5 1% attacks.
For bulk commodity transactions, it is convenient and efficient for buyers and sellers to use bitcoin to pay even if the goods are delivered 24 hours after payment. After 24 hours, the number of network-wide confirmations of this transaction reached at least 144 (which can effectively reduce the possibility of 5 1% being attacked).
It should be noted that the 5 1% attack does not require the attacker to have at least 5 1% computing power to launch. In fact, even if the attacker has less than 5 1% system computing power, he can still try to launch such an attack. It is named 5 1% attack only because when the attacker's computing power reaches the threshold of 5 1%, his attack attempt will almost certainly succeed.
In essence, * * * knowledge attack is like dividing the computing power of all miners in the system into two groups, one is honest computing power and the other is attacker computing power. Both groups are scrambling to calculate new blocks in the blockchain, but the attacker's computing power is carefully constructed, including or excluding some transactions. So the less computing power the attacker has, the less likely he is to win this duel.
On the other hand, the more computing power an attacker has, the longer the forked blockchain he intentionally creates, and the more blocks that may be tampered with recently or under his control in the future. Some security research institutions use statistical models to conclude that 30% of the computing power of the whole network is enough to launch 5 1% attacks. The rapid growth of the computing power of the whole network makes it impossible for the Bitcoin system to be attacked by a miner, because a miner cannot occupy even 1% of the computing power of the whole network.
To be supplemented
To be supplemented