Blockchain 2.0 Ethereum talk (1)

Yin Cheng 2021-11-24 08:10:44 阅读数:543

blockchain ethereum talk

      Among them, Ben Cong is 2009 year 1 When bitcoin blockchain is launched in June , He also introduced two new, revolutionary, untested concepts to the world . The first is bitcoin (bitcoin), A decentralized point-to-point online currency , Without any asset guarantee 、 Intrinsic value or value is maintained in the case of the central issuer . up to now , Bitcoin has attracted a lot of public attention , Politically, it is a currency without a central bank and has violent price fluctuations . However , Nakamoto's great experiment has an equally important part as bitcoin : The blockchain concept based on workload proof enables people to reach a consensus on the transaction sequence . Bitcoin as an application can be described as a first application (first-to-file) System : If someone has 50BTC And at the same time to A and B Send this 50BTC, Only transactions that are first confirmed will take effect . There is no inherent way to decide which of the two transactions comes first , This problem has hindered the development of decentralized digital currency for many years . Nakamoto's blockchain is the first reliable decentralized solution . Now? , Developers' attention began to quickly turn to the second part of bitcoin Technology , How blockchain can be applied in fields other than money .

Frequently mentioned applications include the use of digital assets on the chain to represent customized currencies and financial instruments ( Color coin ), Ownership of some basic physical equipment ( Smart assets ), There are no replaceable assets like domain names ( Domain name currency ) And such as decentralized exchanges , Financial derivatives , More advanced applications such as point-to-point gambling and online identity and reputation systems . Another important area often asked is “ Intelligent contract ”- A system that automatically transfers digital assets according to arbitrary rules in advance . for example , A person may have a storage contract , In the form of “A You can withdraw up to... Every day X Coins ,B At most every day Y individual ,A and B Together, you can extract ,A You can stop B The right to withdraw cash ”. The logical extension of this contract is the decentralization of autonomous organizations (DAOs)- A long-term smart contract that contains an organization's assets and encodes the organization's rules . The goal of Ethereum is to provide a blockchain with built-in mature Turing complete language , In this language, contracts can be created to encode any state transition function , Users simply use a few lines of code to implement logic , You can create all the systems mentioned above and many other systems we can't imagine .

The concept of decentralized digital currency , As with alternative applications such as property registration , It was put forward decades ago .1980 and 1990 Anonymous e-cash protocol in the s , Most of them are based on JOM blind signature technology (Chaumian blinding) On the basis of . These e-cash protocols provide a highly private currency , But none of these agreements became popular , Because they all rely on a centralized intermediary .1998 year , Dai Wei (Wei Dai) Of b-money The idea of creating money by solving computational problems and decentralized consensus is introduced for the first time , However, the proposal does not give a specific way to achieve decentralized consensus .2005 year , Finney (Hal Finney) Introduced “ Reusable workload proof mechanism ”(reusable proofs of work) Concept , It is used at the same time b-money Thoughts and Adam Back Proposed computationally difficult hash cash (Hashcash) Problem to create cryptographic currency . however , This concept is once again lost in idealization , Because it relies on trusted computing as the back end .

Because currency is a first application , The order of transactions is crucial , So a decentralized currency needs to find a way to achieve a decentralized consensus . The main obstacle encountered by all previous e-money protocols of bitcoin is , Despite the fault tolerance on how to create a secure Byzantine problem (Byzantine-fault-tolerant) The research of multi-party consensus system has been going on for many years , But the above agreement solves only half of the problem . These protocols assume that all participants in the system are known , And produce such as “ If there is N Parties participate in the system , Then the system can tolerate N/4 Malicious participants ” This form of security boundary . The problem with this assumption, however, is , Anonymously , The security boundary set by the system is vulnerable to attack , Because an attacker can create thousands of nodes on a server or botnet , So as to unilaterally ensure a majority share .

Nakamoto's innovation is to introduce such a concept : Combine a very simple node based decentralized consensus protocol with workload proof mechanism . Nodes obtain the right to participate in the system through the workload proof mechanism , Package transactions every ten minutes to “ block ” in , To create a growing blockchain . Nodes with a lot of computing power have greater influence , But getting more computing power than the whole network is much more difficult than creating a million nodes . Although the bitcoin blockchain model is very simple , But practice has proved that it is good enough , In the next five years , It will be the basis for more than 200 currencies and agreements around the world .

From a technical point of view , Bitcoin ledgers can be thought of as a state transition system , The system includes all existing bitcoin ownership status and “ State transition functions ”. The state transition function takes the current state and transaction as inputs , Output new state . for example , In a standard banking system , Status is a balance sheet , A from A Account to B Account transfer X The dollar request is a transaction , The state transition function will start from A Subtract... From the account X dollar , towards B Account increase X dollar . If A The balance of the account is less than X dollar , The state transition function returns an error message . So we can define the state transition function as follows :

In the banking system mentioned above , The state transition function is as follows :

however :

Of bitcoin system state Is all that has been dug up 、 Bitcoin without cost ( It's technically called Transaction output not spent ,unspent transactionoutputs or UTXO”) Set . Every UTXO Each has a face value and owner ( from 20 A byte is essentially defined by the address of a cryptographic public key [1]). A transaction includes one or more inputs and one or more outputs . Each input contains a pair of existing UTXO And a cryptographic signature created by the private key corresponding to the owner address . Each output contains a new... Added to the state UTXO.

In bitcoin system , State transition functions APPLY(S,TX)->S’ In general, it can be defined as follows :

(1) Each input of the transaction :

  • If you quote UTXO Does not exist in the present state (S), Return error prompt
  • If the signature is consistent with UTXO The owner's signature is inconsistent , Return error prompt

(2) If all UTXO The total face value entered is less than all UTXO Total output face value , Return error prompt

(3) Return to the new state S’, New status S Remove all inputs from the UTXO, Added all outputs UTXO.

        The first part of the first step prevents the sender of the transaction from spending non-existent bitcoin , The second part prevents the sender of the transaction from spending other people's bitcoin . The second step is to ensure the conservation of value . The payment agreement of bitcoin is as follows : hypothesis Alice Want to give Bob send out 11.7BTC. in fact ,Alice It can't happen to have 11.7BTC. hypothesis , The minimum amount of bitcoin she can get is :6+4+2=12. therefore , She can create a pen with 3 Inputs ,2 An output transaction . The face value of the first output is 11.7BTC, The owner is Bob(Bob My bitcoin address ), The face value of the second output is 0.3BTC, The owner is Alice own , That is, change .

dig :

A block , Each block contains a timestamp 、 A random number 、 A reference to the previous block ( That is hash ) And a list of all transactions that have occurred since the last block was generated . This creates a growing blockchain over time , It's constantly updated , So that it can represent the latest status of the bitcoin ledger .

A block , Each block contains a timestamp 、 A random number 、 A reference to the previous block ( That is hash ) And a list of all transactions that have occurred since the last block was generated . This creates a growing blockchain over time , It's constantly updated , So that it can represent the latest status of the bitcoin ledger

According to this paradigm , The algorithm to check whether a block is valid is as follows :

(1) Check whether the previous block referenced by the block exists and is valid .

(2) Check whether the timestamp of the block is later than that of the previous block , And before the future 2 Hours .

(3) Check whether the workload certificate of the block is valid .

(4) Assign the final state of the previous block to S[0].

(5) hypothesis TX Is the transaction list of the block , contain n transaction . To belong to 0……n-1 All of the i, State transition S[i+1] = APPLY(S[i],TX[i]). If any transaction i Error in state transition , Exit procedure , Returns an error .

(6) Back to right , state S[n] Is the final state of this block .

Essentially , Each transaction in the block must provide a correct state transition , It should be noted that ,“ state ” Not encoded into blocks . It is purely an abstract concept remembered by the verification node , For any block, you can start from the creation state , Add each transaction of each block in order ,( Properly ) Calculate the current state . in addition , Note the order in which miners include transactions in the block . If there is... In a block A、B Two transactions ,B The cost is A Created UTXO, If A stay B before , This block is valid , otherwise , This block is invalid

The interesting part of the block verification algorithm is “ Proof of workload ” Concept : For each block SHA256 Hash processing , Treat the resulting hash as having a length of 256 Bit value , This value must be less than the target value of continuous dynamic adjustment , At the time of writing this chapter, the target value is about 2^190. The purpose of workload proof is to make the creation of blocks difficult , This prevents attackers from maliciously regenerating blockchains . because SHA256 Is a completely unpredictable pseudo-random function , The only way to create a valid block is simply to keep trying and error , Increasing the number of random numbers , Check whether the new hash value is less than the target value . If the current target value is 2^192, It means that on average you need to try 2^64 Only once can a valid block be generated . generally speaking , Bitcoin network 2016 Reset the target value for each block , Ensure that one block is generated every ten minutes on average . In order to reward miners for their calculation work , Every miner who successfully generates a block has the right to include a sum in the block and send it to themselves out of thin air 25BTC Transactions . in addition , If the input of the transaction is greater than the output , The difference is taken as “ transaction cost ” Pay the miners . By the way , The reward for miners is the only mechanism for bitcoin issuance , There is no bitcoin in the creation state .

In order to better understand the purpose of mining , Let's analyze what happens when there are malicious attackers on the bitcoin network . Because the cryptographic basis of bitcoin is very secure , Therefore, the attacker will choose to attack the part that is not directly protected by cryptography : Transaction order . The attacker's strategy is very simple :

(1) Send... To the seller 100BTC Purchase goods ( Especially electronic goods that do not need to be mailed ).

(2) Wait until the goods are delivered .

(3) Create another transaction , Will be the same 100BTC Send to your account .

(4) Make the bitcoin network believe that the transaction sent to its own account was sent first .

Once step (1) happen , In a few minutes, the miners will package the deal into blocks , Suppose it's the 270000 Block . About an hour later , There will be five blocks behind this block , Each block indirectly points to the transaction , To confirm the transaction . At this time, the seller receives the payment , And deliver to the buyer . Because we assume that this is a digital commodity , The attacker can receive the goods immediately . Now? , The attacker creates another transaction , Will be the same 100BTC Send to your account . If the attacker only broadcasts this message to the whole network , This transaction will not be processed . The miner will run the state transition function APPLY(S,TX), It is found that this transaction will cost UTXO. therefore , The attacker will fork the blockchain , Will be the first 269999 Regenerate the... Block as the parent block 270000 Block , Replace old transactions with new transactions in this block . Because the block data is different , This requires a new proof of workload . in addition , Because the attacker generated a new second 270000 Blocks have different hashes , So the original second 270001 To the first 270005 The block of does not point to it , Therefore, the original blockchain is completely separated from the attacker's new block . When blockchain bifurcation occurs , The long branch of the blockchain is considered to be an honest blockchain , The legal miners will follow the original second 270005 Post block mining , Only the attacker is in the new section 270000 Post block mining . In order to make his blockchain the longest , He needs to have more computing power than the whole network except him to catch up with ( namely 51% attack )

Ms merkel tree :


Left : Only Merkel tree (Merkle tree) A few nodes on the are enough to give a legal proof of the branch .

Right : Any attempt to change any part of Merkel's tree will eventually lead to inconsistency somewhere in the chain .

An important scalability feature of bitcoin system is : Its blocks are stored in a multi-level data structure . The hash of a block is actually just the hash of the block header , The block header contains a timestamp 、 random number 、 The length of the last block hash and the root hash of the Merkel tree that stores all block transactions is about 200 A piece of data in bytes .

Merkel tree is a binary tree , Consists of a set of leaf nodes 、 A set of intermediate nodes and a root node constitute . A large number of leaf nodes at the bottom contain basic data , Each intermediate node is a hash of its two child nodes , The root node is also hashed by its two child nodes , Represents the top of the Merkel tree . The purpose of Merkel tree is to allow block data to be transmitted sporadically : Nodes can download block headers from a source , Download other parts of the tree related to it from another source , And still be able to confirm that all the data are correct . This is because of the upward diffusion of hashes : If a malicious user tries to add a fake transaction at the bottom of the tree , The resulting changes will result in changes to the upper nodes of the tree , And changes to higher nodes , Eventually, the root node and the block hash are changed , In this way, the protocol will record it as a completely different block ( Almost certainly with an incorrect workload ).

The long-term sustainability of the Merkel tree agreement bitcoin can be said to be crucial . stay 2014 year 4 month , A full node in the bitcoin network - A node that stores and processes all data for all blocks - Take up 15GB Of memory space , And more than... Every month 1GB The rate of growth . at present , This storage space is acceptable for desktop computers , But the mobile phone can no longer load such huge data . In the future, only commercial institutions and enthusiasts will act as a complete node . Simplify payment confirmation (SPV) The protocol allows another node to exist , Such nodes are called “ Light node ”, It's in the download area , Use the block header to confirm the proof of workload , Then only download the Merkel tree related to its transaction “ Branch ”. This enables the light node to safely determine the status of any bitcoin transaction and the current balance of the account as long as it downloads a small part of the whole blockchain .

Other blockchain applications :

The idea of applying the idea of blockchain to other fields has long appeared . stay 2005 year , Nick Saab proposed “ Title Property with ownership ” The concept of , This paper describes how the development of replication database technology makes the blockchain based system applicable to the registration of land ownership , Creation includes, for example, property rights 、 Detailed framework of concepts such as illegal occupation and Georgia land tax . However , Unfortunately, there was no practical replication database system at that time , So this agreement has not been put into practice . however , since 2009 Since the successful development of decentralized consensus of bitcoin system in , Many other applications of blockchain are beginning to appear rapidly .

Domain name currency (namecoin)- Founded in 2010 year , A name registration database called decentralization . image Tor、Bitcoin and BitMessage Such a decentralized protocol , Need some way to confirm the account , In this way, other talents can interact with users . however , The only identity available in all existing solutions is like 1LW79wp5ZBqaHW1jL5TciBCrhQYtHagUWy Such a pseudo-random hash . ideally , People want to have an elephant “george” An account with such a name . However , The problem is if someone can create “george” Account , Then others can also create “george” Account to pretend . The only solution is to apply first (first-to-file), Only the first registrant can successfully register , The second cannot register the same account again . This problem can be solved by using the consensus protocol of bitcoin . Domain name currency is the earliest way to realize the name registration system by using blockchain 、 The most successful system .

Color coin (Colored coins)- The purpose of color currency is to create people's own digital currency on the bitcoin blockchain , perhaps , Money in a more general sense – Digital token provides services . According to the color coin agreement , People can pay for a particular bitcoin UTXO Assign colors , Issue new currency . The protocol recursively converts other UTXO Defined as a transaction input UTXO The same color . This allows the user to keep a color that contains only a specific color UTXO, Send these UTXO Just like sending ordinary bitcoin , Judge the received by tracing back all blockchains UTXO Color .

Yuan (Metacoins)- The concept of yuancoin is to create a new protocol on the bitcoin blockchain , Use bitcoin transactions to save yuan currency transactions , But different state transition functions are used APPLY. Because the meta currency protocol cannot prevent invalid meta currency transactions on the bitcoin blockchain , So add a rule if APPLY'(S,TX) Returns an error , This agreement will default APPLY'(S,TX) = S. This creates an arbitrary 、 The advanced cryptographic currency protocol that cannot be implemented in bitcoin system provides a simple solution , And the development cost is very low , Because the problems of mining and network have been handled by bitcoin protocol .

therefore , generally speaking , There are two ways to build consensus agreements : Establish an independent network and establish protocols on bitcoin network . Although applications like domain currency have been successful using the first method , However, the implementation of this method is very difficult , Because each application needs to create an independent blockchain and establish 、 Test all state transitions and network code . in addition , We predict that the application of decentralized consensus technology will obey power-law distribution , Most applications are too small to ensure the security of free blockchain , We also notice a large number of decentralized applications , Especially decentralized autonomous organizations , Interaction between applications is required .

On the other hand , The bitcoin based approach has drawbacks , It does not inherit bitcoin and can make simplified confirmation payment (SPV) Characteristics of . Bitcoin can simplify the confirmation of payment , Because bitcoin can use the blockchain depth as the validity confirmation agent . At some point , Once the ancestors of a transaction are far enough away from now , They can be considered part of the legal state . By contrast , The bitcoin blockchain based meta currency protocol cannot force the blockchain not to include transactions that do not comply with the meta currency protocol . therefore , The simplified payment confirmation of secure RMB protocol requires backward scanning of all blocks , Until the initial point of the blockchain , To confirm whether a transaction is valid . at present , Of all bitcoin based meta currency protocols “ light ” All implementations rely on trusted servers to provide data , This is for cryptographic currencies whose main purpose is to eliminate the need for trust , Just a fairly suboptimal result .

Script :

Even without extending the bitcoin protocol , It can also achieve... To some extent ” Intelligent contract ”. The currency of the UTXO Can be owned by more than one public key , It can also be owned by more complex scripts written in stack based programming languages . In the first mock exam , Spend such UTXO, Data that satisfies the script must be provided . in fact , The basic public key ownership mechanism is also implemented through scripts : The script takes the elliptic curve signature as input , Verify the transaction and own this UTXO The address of , If the validation is successful , return 1, Otherwise return to 0. More complex scripts are used for other different applications . for example , One can create a script that requires two of the three private keys to confirm the transaction ( Multisignature ), For company accounts 、 For savings accounts and some business agents , This script is very useful . Scripts can also be used to send rewards to users who solve computing problems . People can even create such scripts “ If you can provide the simplified confirmation payment certificate that you have sent a certain amount of dog coins to me , This bitcoin UTXO It's yours ”, Essentially , Bitcoin system allows decentralized exchange of different cryptographic currencies .

However , There are some serious restrictions on the scripting language of bitcoin system :

1) Lack of Turing completeness  – That is to say , Although bitcoin scripting language can support a variety of Computing , But it can't support all calculations . The main missing is the circular statement . Circular statements are not supported to avoid infinite loops during transaction confirmation . Theoretically , For script programmers , This is an insurmountable obstacle , Because any loop can be repeated many times if Statement to simulate , But doing so will lead to inefficient utilization of script space , for example , Implementing an alternative elliptic curve signature algorithm may require 256 Repeated multiplication , Each time, it needs to be coded separately .

2) Value blindness (Value-blindness.UTXO The script cannot provide fine control over the withdrawal limit of the account . for example , Oracle contract (oracle contract) A powerful application of is hedging contracts ,A and B Each sends value to the hedging contract 1000 Bitcoin for dollars ,30 After heaven , Script to A Send value 1000 Bitcoin for dollars , towards B Send the remaining bitcoin . Although implementing hedging contracts requires a prophet (oracle) Decide how many dollars a bit is worth , But compared with today's fully centralized solutions , This mechanism has made great progress in reducing trust and infrastructure . However , because UTXO Is inseparable , To realize this contract , The only way is to use many different denominations very inefficiently UTXO( For example, it corresponds to a maximum of 30 Each k, There is one 2^k Of UTXO) And make the Oracle pick out the right UTXO Send to A and B.

3) Missing status  – UTXO Can only be spent or not spent , This leaves no room for multi-stage contracts or scripts that require any other internal state . This enables the realization of multi-stage option contracts 、 Decentralized exchange offer or two-stage encryption acceptance protocol ( Necessary to ensure that rewards are calculated ) Very difficult . It also means that UTXO Can only be used to build simple 、 A one-time contract , Instead of contracts with more complex states, such as decentralized organizations , Makes the meta protocol difficult to implement . The combination of binary state and value blindness means another important application - Withdrawal limit - It is impossible to achieve .

4) Blockchain blind (Blockchain-blindness- UTXO Can't see the data of the blockchain , For example, random numbers and the hash of the previous block . This flaw deprives the scripting language of its potential value based on randomness , It seriously limits the application of gambling and other fields .

We have examined three ways to build advanced applications on cryptographic currencies : Build a new blockchain , Use scripts on the bitcoin blockchain , Establish a bitcoin protocol on the bitcoin blockchain . The method of building a new block chain can freely realize any characteristics , Cost is the development time and cultivation effort . The method of using scripts is very easy to implement and standardize , But its ability is limited . Yuan currency protocol, although very easy to implement , But it has the defect of poor scalability . In Ethereum system , Our goal is to build a common framework that can have all the advantages of these three models at the same time .

website :

Want to get the coinage technology and a full set of virtual machine information

Blockchain technology exchange QQ Group :756146052   remarks :CSDN

Wechat of Yin Cheng College : remarks :CSDN

版权声明:本文为[Yin Cheng]所创,转载请带上原文链接,感谢。