List of articles
- brief introduction
- The foundation of bitcoin cryptography
- secret key , Address and wallet
- Transactions in bitcoin
- Extended reading ： Turing is not complete
What does a wallet do in bitcoin ？ What are the characteristics of bitcoin trading ？ How can we forge bitcoin transactions ？ Today, let's learn about the wallet and transaction in bitcoin .
We mentioned before that bitcoin is not a new technology , Just for old technologies like ：P2P The Internet , Distributed systems , cryptography , The new and ingenious application of consensus algorithm .
In the process of wallet and transaction generation verification , We need to use cryptographic computation . Here we first introduce several cryptography technologies that will be used in bitcoin .
Let's see more ：
- A series of tutorials on blockchain from getting started to giving up - Covering cryptography , Super ledger , The etheric fang ,Libra, Bitcoin and so on are constantly updated
- Spring Boot 2.X Series of tutorials : Seven days from scratch Spring Boot- Continuous updating
- Spring 5.X Series of tutorials : Meet your needs for Spring5 All imagination of - Continuous updating
- java The way for a programmer to become a God from a small worker to an expert （2020 edition ）- Ongoing update , With a detailed article tutorial
Before introducing the one-way hash function , Let's first find out when we need to use a one-way hash function .
If you need to download a software from a foreign website , But for a variety of reasons , Foreign networks are too slow , Download a few G It's almost impossible to find the right data . It happens that there are mirror websites in China , You can download data from home . But how to ensure that the domestic image is not tampered with ？ One way hash function is needed at this time . Generally speaking, the website will provide MD5 perhaps SHA As the validation value .
The one-way hash function has an input and an output . The input is called a message , The output is called a hash value .
The length of the hash value is independent of the length of the message , No matter how large or small the length of the message , They all calculate a fixed length hash .
hash The algorithm has the following characteristics ：
It can calculate the hash value of fixed length according to the message of any length .
It's faster .
The news is different , Hash values are also different .
That means , If only a little change will cause a huge change in the whole hash value .
Because the size of the hash value is fixed , So it is possible that different messages produce the same hash value . This is called a collision .
The property that it is difficult to find collisions is called anticollision . Given the hash value of a message , It must be guaranteed that it is difficult to find another message with the same hash value as the message .
A one-way hash function must be one-way . The so-called unidirectionality refers to the nature of the message that cannot be inferred by hash value .
The hash algorithm used by bitcoin is SHA256, It's a secure hash algorithm SHA（Secure Hash Algorithm） One of a series of algorithms （ And then there is SHA-1、SHA-224、SHA-384 and SHA-512 And so on ）,SHA It's the national security agency （NSA） Design , National institute of standards and technology （NIST） released , Mainly applicable to digital signature standards （DigitalSignature Standard DSS） Digital signature algorithm defined in （Digital Signature Algorithm DSA）.
RIPEMD（RACE Integrity Primitives Evaluation Message Digest,RACE Raw integrity check message digest ）, yes Hans Dobbertin etc. 3 People are md4,md5 On the basis of , On 1996 It was put forward in 1986 .
Asymmetric encryption algorithm is also called public key cryptography algorithm , The plaintext ciphertext is encrypted and decrypted through the generated public and private keys .
Asymmetric encryption algorithm requires two keys ： public key （publickey） And private key （privatekey）. Public key and private key are a pair , If public key is used to encrypt data , Can only be decrypted with the corresponding private key ; If you encrypt data with a private key , Then only the corresponding public key can be used to decrypt . Because encryption and decryption use two different keys , So this algorithm is called asymmetric encryption algorithm .
Homomorphic encryption is a form of encryption , It allows people to perform specific algebraic operations on ciphertext to get the result that is still encrypted , The result of decryption is the same as that of plaintext . In other words , This technology allows people to do things like retrieval in encrypted data 、 Comparison and other operations , Get the right results , There is no need to decrypt the data in the whole process . Its significance lies in , It really fundamentally solves the problem of confidentiality when entrusting data and its operation to a third party , For example, for various cloud computing applications .
Bitcoin is owned by digital keys 、 Bitcoin address and digital signature . The digital key is not actually stored in the network , It's generated by the user and stored in a file or a simple database in , It's called a wallet . The digital key stored in the user's wallet is completely independent of the bitcoin protocol , It can be generated and managed by the user's wallet software , Without a blockchain or network connection . The key implements many interesting features of bitcoin , Including decentralizing trust and control 、 Ownership Authentication and security model based on cryptography proof .
The bitcoin wallet contains only the private key, not bitcoin . Each user has a wallet with multiple private keys . The wallet contains a pair of private keys and public keys . Users use these private keys to sign transactions , To prove that they have the output of the transaction （ That's bitcoin ）. Bitcoin is stored in the blockchain in the form of transaction output （ It's usually written as vout or txout）.
If the wallet contains only the private key , So what's the wallet address ？ The wallet address is from the public key hash It's worth it , As shown in the figure below ：
First, use the random number generator to generate a 『 Private key 』. Generally speaking, this is a 256bits Number of numbers , With this string of numbers, you can compare the corresponding 『 Wallet address 』 In bitcoin , So it has to be kept safe .
『 Private key 』 after SECP256K1 Algorithmic processing produces 『 Public key 』.SECP256K1 It's an elliptic curve algorithm , Through a known 『 Private key 』 It can be counted as 『 Public key 』, and 『 Public key 』 When it is known, it cannot be calculated backward 『 Private key 』. This is the algorithmic basis for ensuring the security of bitcoin .
Same as SHA256 equally ,RIPEMD160 It is also a kind of Hash Algorithm , from 『 Public key 』 It can be calculated that 『 Public key hash 』, And the reverse doesn't work .
Connect one byte address version number to 『 Public key hash 』 Head （ For bitcoin networks pubkey Address , This byte is “0”）, And then do it twice SHA256 operation , Put the results before 4 Bytes as 『 Public key hash 』 Check value , It's attached to the tail .
Use the result of the previous step BASE58 Encoding ( Bitcoin custom version ), Got it. 『 Wallet address 』. such as ,1A1zP1eP5QGefi2DMPTfTL5TTmv7DivfNa.
So the private key , The relationship between public key and wallet address is shown in the figure below ：
You see the wallet address 1A1zP1eP5QGefi2DMPTfTL5TTmv7DivfNa What do you think ？
Someone must be thinking , It's hard to remember such a long string of letters and numbers . Can we produce a wallet address that is easy to remember ？ such as MyNameIsHanMeiMei… The address that starts like this ？
Certainly. , It's called a pretty address , It just takes a lot of computing power .
Simply speaking , Trading is telling the whole network ： The holder of bitcoin has authorized the transfer of bitcoin to others . And the new holder can delegate again , To someone else in the bitcoin ownership chain .
Be careful , In the world of bitcoin, there are no accounts , And there's no balance , Only those scattered in the blockchain UTXO（Unspent Transaction Outputs）.
How to understand this UTXO Well ？ No account, no balance , How to calculate the amount in the wallet ？
Don't worry. , Let's come together .
Words , In bitcoin , The transfer between bitcoin wallets is through transactions （Transaction） Realized .
Let's look at a standard trading process .
So here comes the question , Where did the world's first bitcoin come from ？
answer , It's from mining . Okay , our 001 A deal is a mining process , In this deal , Input is mining , Output number 1,BTC The number is 50, The destination address is A, It means 50 individual BTC to A 了 .
Next ,A Want to send 25 individual BTC to B, How to construct this transaction ？
alike , We need an input , This input is 001 Traded 1 Output No , We use it 001.1 To express . The output is divided into two , The first output number 1, To pay for 25 individual BTC to B. The second output number 2, Means the rest BTC Give it back A.
You may have asked , Input is 50BTC, The two outputs add up to 45 individual BTC, There seems to be less 5 individual BTC？ you 're right , This 5 individual BTC That's what the miners get from digging .
Next ,A And continue to transfer to C, Same thing , Connect one deal to another .
From the example above, we can see that , In fact, the money is stored in the transaction records one by one , The output that's not being spent , It's called UTXO（Unspent Transaction Outputs）.
So how to guarantee the transfer to B The money , It won't be consumed by other people ？ This involves the encryption process of the transaction .
Let's take a single input and output as an example to learn more about the composition of a transaction ：
Above picture , The input to the transaction is txid, That is to say, the transaction generated before has not been exported ID.output index It's the output of the trade id.
A very important ScriptSig It's the validation of the input transaction , Indicates that the user has the transfer rights of the account .
The output is a script , Only those who meet the conditions for the script to run can spend this output. This is the same. ScriptSig Scripts that need to be validated .
Let's take a look at how scripts do authentication .
There are two standard forms of bitcoin output .Pay To Public Key Hash (P2PKH) and Pay To Script Hash (P2SH). The difference between the two is , One is output to public key Of hash, One is output to any script output hash.
To ensure that the output can only be spent by specific people , In general, it is directly output to the other party public key hash. Because only the private key owned by the other party can generate this public key hash, That is to say, only the other party can verify the output .
But every time you need to know each other's public key hash It's still a bit of a hassle , It's easier to , The sender outputs directly to a specific hash It's worth it , As long as the other party can generate this hash Can .
The following example is a P2PKH In script form .
P2PKH The output of is a script , One of the important values is PK hash.
How to verify ？
The verifier provides two values , One is sig, One is PubKey. Because bitcoin's virtual machine is stack structured , Let's stack these two values first .
And then call OP_DUP To the top PubKey Copy , And then call OP_HASH160 Algorithm to calculate Pk Hash, And then the sender saved Pk Hash Push . Next call OP_EQUALVERIFY The two one. PK Hash Contrast .
If the comparison is successful , The final step is to verify Sig and PubKey match .
If they all succeed , It shows that the receiver is really this PK Hash The owner of the . Then the other party can use it as much as they like .
And Feng · Alan, who is also the founder of modern computer · Turing （AlanTurin） stay 1950 It was proposed to determine whether computers can be as practical as human beings “ reflection ” Standards for , That's famous “ Turing test ”.
He envisions a supercomputer and a man hiding behind the scenes answering questions from the questioner , And the questioner tries to tell which is a person and which is a computer .
Turing argued that , If computers are so cleverly disguised , So that no one can actually distinguish it from a real person , Then we can claim , This computer has the same thinking ability as human beings , Or say , consciousness （ His original word is “ wisdom ”）.
In computability theory , If a set of rules for manipulating data （ Such as instruction set 、 programing language 、 Cellular automata ） The results can be calculated in a certain order , It's called Turing complete （turing complete）.
Bitcoin scripting language is not Turing complete , With certain limitations , It has no loop statements and complex conditional control statements .
This article introduces the concept of bitcoin wallet and transaction , I hope you like it .
The author of this article ：flydean Program those things
Link to this article ：http://www.flydean.com/bitcoin-transactions/
In this paper, the source ：flydean The blog of
Welcome to my official account. : Program those things , More wonderful waiting for you ！