Bitcoin has no central organization, and almost all complete nodes have a public general ledger, which can be regarded as an authentication record.
So far, there has not been a successful attack on the backbone blockchain, not once.
By creating new blocks, bitcoin was cast at a certain but slow speed. A new block is generated about every ten minutes, and each new block is accompanied by a certain number of new bitcoins from scratch. It takes about 4 years to mine 2 10000 block, and the coin issuing rate is reduced by 50%.
At some time in 20 16, after the 420000th block was "excavated", it was reduced to 12.5 bitcoin/block. Before13,230,000 yuan (excavated on 2 137), the issuing speed of new coins will be "halved" by 64 times exponentially. By then, the number of bitcoins issued per block will become the minimum monetary unit of bitcoin-1cluster. In the end, after10.344 billion, all * * * 20999999769 billion bitcoins will be completely released. In other words, by 2 140, there will be nearly 210 billion bitcoins. After that, the new block no longer contains bitcoin rewards, and the miners' income comes from transaction fees.
After receiving the transactions, each node will check these transactions before the whole network broadcast, and establish a pool (transaction pool) for effective new transactions in the corresponding order when receiving them.
When verifying each transaction, each node needs to check against a long list of standards:
The syntax and data structure of the transaction must be correct.
Input and output lists cannot be empty.
The byte size of the transaction is less than MAX_BLOCK_SIZE.
Each output value, as well as the total amount, must be within the specified range (less than 265,438+0 million, greater than 0).
There is no input with hash equal to 0 and n equal to-1 (coinbase transactions should not be relayed).
NLockTime is less than or equal to INT_MAX.
The byte size of the transaction is greater than or equal to 100.
The number of signatures in a transaction should be less than the maximum number of signature operations.
Unlock script (Sig) can only push numbers onto the stack, and lock script (Pubkey) must conform to the format of isStandard (it will reject nonstandard transactions).
There must be a matching transaction in the pool or the main branch block.
For each input, if the referenced output exists in any transaction in the pool, the transaction will be rejected.
For each input, the referenced output transaction is found in the main branch and transaction pool. If the output transaction lacks any input, it will become an isolated transaction. If the matching transaction does not appear in the pool, it will be added to the isolated transaction pool.
For each input, if the referenced output transaction is coinbase output, the input must be at least confirmed by COINBASE_MATURITY (100).
For each input, the referenced output must exist and not be consumed.
Use the quoted output transaction to obtain input values, and check whether each input value and total value are within the specified range (less than 265,438+0 million coins, greater than 0).
If the sum of the input values is less than the sum of the output values, the transaction will be aborted.
If the transaction cost is too low to enter the empty block, the transaction will be rejected.
Each input unlocking script must be verified according to the corresponding output locking script.
The following mining node is named mining node a.
Mining nodes are always listening for new blocks that propagate to bitcoin networks. These newly added blocks are of special significance for mining nodes. The competition among miners ends with the spread of new blocks, just like announcing who is the final winner. For miners, getting a new block means that the participants win and they lose. However, the end of one round also represents the beginning of the next round.
After verifying the transactions, the Bitcoin node will add these transactions to its own memory pool. The memory pool, also known as the transaction pool, is used to temporarily store transaction records that have not been added to the block.
Node A needs to assign a priority to each transaction in the memory pool, and select the transaction record with higher priority to build the candidate block.
To become a "higher priority", a transaction must meet the following conditions: the priority value is greater than 57,600,000, and the generation of this value depends on three parameters: a bitcoin (that is, 65.438+0 billion clusters), the age of one day (654.38+0.44 blocks), and the transaction size of 250 bytes:
High priority & gt100,000,000 satoshis *144 blocks/250 bytes = 57,600,000.
The first 50K bytes used to store transactions in a block are reserved for higher priority transactions. Nodes will give priority to these transactions with the highest priority when filling these 50 kilobytes, regardless of whether miners' fees are included or not. This mechanism enables high-priority transactions to be processed first, even if they are zero miners' fees.
Then, mining node A will select those transactions that contain the minimum miner's fee, sort by "miner's fee per kilobyte", and preferentially select the transactions with high miner's fee to fill the remaining blocks.
If there is still space left in the block, mining node A can select those transactions that do not include miners' fees. Some miners will try their best to integrate those transactions without miners' fees into the block, while others may choose to ignore these transactions.
After a block is filled, the remaining transactions in the memory pool will become candidates for the next block. Because these transactions are still in the memory pool, as new blocks are added to the chain, the depth of UTXO referenced by these transactions (that is, the transaction "block age") will also increase. Because the priority value of a transaction depends on the "block age" it entered, the priority value of this transaction has also increased. Finally, the priority value of zero miner's fee transaction may meet the threshold of high priority and be packaged into blocks for free.
UTXO (Unused Transaction Output): Every transaction has several transactions input, that is, the source of funds, and several transactions output, that is, the destination of funds. Generally speaking, every transaction takes an input to produce an output, and the output it produces is the "unused transaction output", which is UTXO.
Block age: The "block age" of UTXO is the number of blocks experienced since the block chain recorded UTXO, that is, the depth of the UTXO in the block chain.
The first transaction in a block is a special transaction called a coin creation transaction or a coin library transaction. This transaction consists of mining nodes, which are used to reward the contribution of miners. Assuming that the reward of a block is 25 bitcoins at this time, A's mining node will create a transaction of "paying 25. 1 bitcoins to A's address (including 0. 1 bitcoins for miners' fees)" and send the generated reward to its wallet. A The reward amount obtained by digging out the block is the sum of coinbase reward (25 brand-new bitcoins) and the fees of all miners in the block.
When a node constructs a candidate block, it is the turn of A's digger to "dig" the new block and solve the workload proof algorithm to make the block effective. SHA256 hash function is used in bitcoin mining.
In the simplest terms, the mining node tries again and again until it finds a random adjustment that makes the hash value lower than a specific target. The result of hash function cannot be known in advance, and there is no pattern to get a specific hash value. For example, you are playing billiards alone in the house, and the white ball reaches from point A to point B, but a person pushes the door and comes in to see the white ball at point B, but he doesn't know how to get from point A to point B anyway. This characteristic of hash function means that the only way to get the hash value is to keep trying and randomly modify the input every time until a suitable hash value appears.
The following parameters are required
? Version of the block
? Hash value of the last block: prev_hash.
? The value of the hash tree of the transaction to be written: merkle_root.
? Update time: ntime
? Current difficulty: nbits
The process of mining is to find X to do it
sha 256(sha 256(version+prev _ hash+merkle _ root+ntime+nbits+x))& lt; target
The value range of x in the above formula is 0 ~ 2 32, and the target can be obtained according to the current difficulty.
For example, imagine that people keep throwing a pair of dice to get less than a certain number of points. The first game, the goal is 12. As long as you don't throw two sixes, you win. Then the next target is 1 1. Players only need to throw points below 10 to win, but it is also very simple. If the target is reduced to 5 after a few innings. Now more than half of the dice rolled will add up to more than 5 points, so it is invalid. As the goal gets smaller and smaller, if you want to win, the number of dice rolls will multiply. In the end, when the goal is 2 (minimum possible points), the average number of shots is 36 or 2%, and only one person can win.
As mentioned above, the goal determines the difficulty, which in turn affects the time required to solve the workload proof algorithm. Then the question comes: Why is this difficulty value adjustable? Who will adjust? How to adjust?
On average, one bitcoin block is generated every 10 minute. This is the heartbeat of Bitcoin and the basis of currency issuance rate and transaction speed. It must remain unchanged not only in the short term, but also for decades. During this period, computer performance will improve rapidly. In addition, the people and computers involved in mining will constantly change. In order to keep the production speed of the new block at 10 minute, the mining difficulty must be adjusted according to these changes. In fact, the difficulty is a dynamic parameter, which will be adjusted regularly to achieve the goal of a new block every 10 minute. Simply put, the difficulty is set at 10 minute, regardless of the mining capacity.
So, how does this adjustment work in a completely decentralized network? The adjustment of difficulty occurs independently and automatically in each complete node. Every 20 16 blocks (blocks generated in 2 weeks), all nodes will adjust the difficulty. The adjustment formula of difficulty is obtained by comparing the time of the latest 20 16 squares with 20 160 minutes (two weeks, that is, the expected time of these squares at the rate of 10 minutes). Adjust the difficulty (or become difficult or easy) according to the ratio of actual duration to expected duration. Simply put, if the network discovery block generation rate is faster than 10 minutes, it will increase the difficulty. If it is found to be slower than 10 minutes, the difficulty will be reduced.
In order to prevent the difficulty from changing too fast, the adjustment range of each cycle must be less than a factor (value is 4). If the range to be adjusted exceeds 4 times, adjust it by 4 times. Because the periodic imbalance in the next 2,065,438+06 blocks will continue to exist, the difficulty will be further adjusted in the next cycle. Therefore, it may take 20 16 block cycles to balance the huge difference in hash calculation ability and difficulty.
For example, node A is currently digging 277,365,438+06 blocks. Once the mining node A finishes its calculation, it will immediately send this block to all its neighbor nodes. After receiving and verifying this new block, these nodes will continue to propagate this block. When this new block propagates in the network, each node will add it to its own blockchain copy as the 277th, 3rd16th block (the parent block is 277th, 3rd15th). When the mining nodes receive and verify this new block, they will give up the previous calculation of building this block with the same height and immediately start calculating the next block in the blockchain.
The third step of Bitcoin * * * knowledge mechanism is to check each new block independently through each node in the network. When a new block propagates in the network, each node will conduct a series of tests to verify it and then forward it to its nodes. This ensures that only valid data blocks are propagated in the network.
The independent verification of each node for each new block ensures that miners can't cheat. In the previous chapter, we saw how miners recorded transactions to obtain new bitcoins and transaction fees created in the block. Why don't miners record a deal for themselves to get thousands of bitcoins? This is because each node checks blocks according to the same rules. Invalid coinbase transaction will invalidate the whole block, which will cause the block to be rejected, so the transaction will not become part of the general ledger.
The last step of the decentralized * * * knowledge mechanism of Bitcoin is to assemble blocks into chains with the greatest workload proof. Once the node verifies the new blocks, it will try to connect the new blocks to the existing blockchain and assemble them.
Nodes maintain three types of blocks:
The first one is connected to the main chain,
The second is the branch from the main chain (standby chain),
The third is that no known parent block is found in the known chain.
Sometimes, the blockchain extended by a new block is not the main chain, which we will see in the following "Blockchain Bifurcation".
If a node receives a valid block, but its parent block is not found in the existing blockchain, then this block is considered as an "orphan block". Orphans are kept in the orphan pool until their parent block is received by the node. Once the parent block is received and connected to the existing blockchain, the node will take the orphan block from the orphan block pool and connect it to its parent block as part of the blockchain. When two blocks are dug up in a short time interval, the nodes may receive them in the opposite order, and then the phenomenon of solitary blocks will appear.
After selecting the most difficult blockchain, all nodes in the whole network finally reach * * * knowledge. As more workload proofs are added to the chain, the temporary differences in the chain will eventually be solved. The mining node selects the blockchain that it wants to expand by "voting". When they dig a new block and extend a chain, the new block itself represents their vote.
Because blockchain is a decentralized data structure, it is not always consistent between different copies. Data blocks may arrive at different nodes at different times, resulting in different blockchain perspectives of nodes. The solution is that each node always chooses and tries to expand the blockchain representing the accumulated maximum workload proof, that is, the longest or most accumulated difficulty chain.
Bifurcation occurs when two candidate blocks want to extend the longest blockchain at the same time. Under normal circumstances, when two miners work out a workload proof solution in a short time, bifurcation will occur. As soon as the two miners found the solution in their respective candidate blocks, they immediately spread their "winning" blocks to the network, first to neighboring nodes, and then to the whole network. Each node that receives a valid block will merge it and expand the blockchain. If the node subsequently receives another candidate block and the block has the same parent block, the node connects the block to the candidate chain. As a result, some nodes receive one candidate block, while other nodes receive another candidate block. At this time, two different versions of blockchain appeared.
Before bifurcation
Bifurcation starting point
We saw two miners digging in two different blocks almost at the same time. To facilitate the tracking of this bifurcation event, we assume that there is a block marked red from Canada and a block marked green from Australia.
Suppose there is such a situation that a miner in Canada has found the workload proof solution of the "red" block and expanded the blockchain on the "blue" mother block. Almost at the same time, an Australian miner found the solution of the "green" block and expanded the "blue" block. So now we have two blocks: one is the "red" block from Canada; The other is "green" from Australia. Both blocks are valid, contain valid workload proof solutions, and extend the same parent block. These two blocks may contain almost the same transactions, but there are some differences in the order of transactions.
Nodes in the Bitcoin network that are adjacent to Canada (topologically adjacent, not geographically adjacent) will receive the "red" blocks first and build the blocks with the greatest accumulation difficulty. The "red" block is the last block in the chain (blue-red), and the "green" block that arrives later is ignored. In contrast, nodes closer to Australia will decide that the "green" block wins and use it as the last block of the extended blockchain (blue-green), ignoring the "red" block that arrives a few seconds later. Those nodes that receive the "red" block first will immediately take this block as the parent block to generate a new candidate block and try to find a workload proof solution for this candidate block. Similarly, nodes that accept a "green" block will start to generate new blocks with this block as the vertex of the chain and expand the chain.
Disagreements are almost always resolved in one block. Some computing power in the network concentrates on the "red" block as the parent block, and builds new blocks on it; Another part of the computing power is concentrated on the "green" module. Even if the computing power is evenly distributed between the two camps, one camp will always find a workload proof solution before the other camp and spread it. In this example, we can make an analogy. If miners working in a "green" block find a "pink" block and extend the blockchain (blue-green-pink), they will immediately spread this new block, and the whole network will think that this block is effective, as shown above.
All nodes that selected the "green" block as the winner in the last round will directly extend the chain by one block. However, those nodes that choose the "red" block as the winner will now see two chains: "turquoise pink" and "blue red". As shown in the above figure, these nodes will set the "blue-green-pink" chain as the main chain and the "blue-red" chain as the standby chain according to the results. These nodes accepted a new and longer chain and were forced to change their original views on blockchain, which is called a new understanding of the chain. Because the "red" block as the parent block is no longer on the longest chain, their candidate block has become an "orphan block", so now any miner who originally wanted to extend the blockchain on the "blue-red" chain will stop. The whole network recognizes that the "blue-green-pink" chain is the main chain, and the "pink" block is the last piece of this chain. All miners immediately switch the parent block of their candidate block to "pink" to extend the "blue-green-pink" chain.
Theoretically, the bifurcation of two blocks is possible. This happens when miners are opposed because of previous differences, and the solutions of two different blocks are found almost at the same time. However, the probability of this happening is very low. One-piece bifurcation occurs every week, and two-piece bifurcation is very rare.
Bitcoin designs the block interval as 10 minute, which is a compromise between faster transaction confirmation and lower bifurcation probability. Shorter block generation interval will make the transaction clearing faster, and also lead to more frequent blockchain bifurcation. In contrast, a longer interval will reduce the number of forks, but it will lead to a longer liquidation time.