BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

这篇具有很好参考价值的文章主要介绍了BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

Chapter 1 Introduction to Cryptography and Cryptocurrencies

In fiat currencies, law enforcement is necessary for stopping people from breaking the rules of the system.Howerver,Cryptocurrencies need to be enforced purely technologically and without relying on a central authority.

  • 传统法定货币(fiat currencies),使用法律手段来确保安全性。但加密货币(cryptocurrencies)采用存粹的技术手段来保证安全性。

Bitcoin relies on only a handful of relatively simple and well-known cryptographic constructions: cryptographic hashes and digital signatures,zero-knowledge proofs.

  • 比特币依赖哈希(hashes), 数字签名(digital signitures)以及零知识证明(zero-knowledge proofs).

1.1 CRYPTOGRAPHIC HASH FUNCTIONS

Properties of a hash fuction:

  1. Its input can be any string of any size.
  2. It produces a fixed-sized output.
  3. It is efficiently computable.More technically, computing the hash of an n-bit string should have a running time that is O(n).
  • 哈希函数(Hash function)属性:
    输入可以是任何长度的字符串;
    产生固定长度的输出;
    时间复杂度O(n),即n位的输入所需要的计算时间是O(n).

Three additional properties to be secure for a hash function:

  1. collision resistance
  2. hiding
  3. puzzle friendliness
  • 三个额外的属性
    collision resistance
    hiding
    puzzle friendliness

1.1.1 Collsion resistance

Collsion resistance:
A hash function H is said to be collision resistant if it is infeasible to find two values, x and y, such that x ≠ y, yet H(x) = H(y).
A collision occurs when two distinct inputs produce the same output.
Consider the following simple method for finding a collision for a hash function with a 256-bit output size: pick 2256 + 1 distinct values, compute the hashes of each of them.

  • collision resistance :
    除了穷举遍历,没有人能找到高效(efficient)的方法去实现 : x ≠ y, 有 H(x) = H(y)。但碰撞(collision)对于每个哈希函数都是客观存在的。因为,给定 2^256 + 1^ 个不同的输入,对于一个结果长度固定在256位的哈希函数而言,一定会产生碰撞。
    关于高效(efficient)的理解,哈希函数: H(x)= x mod 2256 可以很容易推算出3和**3 + 2256**会映射到相同的结果,所以不符合这一属性。

APPLICATION: MESSAGE DIGESTS
To ensure file integrity:
the file people download is the same as the one he uploaded to a online file storage system.
That is, Compare the hash of the downloaded file to the local copy.

  • 应用:通过比较网络文件和本地文件的哈希值,来验证二者是否相同。

1.1.2 Hiding

Hiding:
A hash function H is said to be hiding if when a secret value r is chosen from a probability distribution that has high min-entropy, then, given H(r ‖ x), it is infeasible to find x.
The hiding property asserts that if we’re given the output of the hash function y = H(x), there’s no feasible way to figure out what the input, x, was

  • r和x做链接,得到H(r || x),其中 r 符合high min-entropy的概率分布,这样则没有可行的方法在已知输出的情况下推算出输入x是什么。

APPLICATION: COMMITMENTS
commitment:
the digital analog of taking a value, sealing it in an envelope, and putting that envelope out on the table where everyone can see it.
---------------------------------------------------
Commitment scheme:
com := commit(msg, nonce) : The commit function takes a message and secret random value, called a nonce, as input and returns a commitment.
verify(com, msg, nonce) : The verify function takes a commitment, nonce, and message as input. It returns true if com == commit(msg, nonce) and false otherwise.
-------------------------------------------------------
Two security peoperties:
Hiding: Given com, it is infeasible to find msg.
Binding: It is infeasible to find two pairs (msg, nonce) and (msg′, nonce′) such that msg ≠ msg′ and commit(msg, nonce) == commit(msg′, nonce′).

  • Commitment: 将一个数据放在封好的信封里,并且放在桌子上向人们展示。
    -------------------------------
    Commitment scheme:
    com := commit(msg, nonce) : 函数commit以msg和nonce为参数,返回一个commitment
    verify(com, msg, nonce) : 函数verify以commitment, nonce, message为参数。返回 com == commit(msg, nonce).
    ------------------------------------
    Two security peoperties:
    Hiding: 对于给定的com,无法找到msg。
    Binding: 当msg != msg’时,commit(msg, nonce) != commit(msg’,nonce’)

To use a commitment scheme :
We first need to generate a random nonce. We then apply the commit function to this nonce together with msg, the value being committed to, and we publish the commitment com. This stage is analogous to putting the sealed envelope on the table. At a later point, if we want to reveal the value that we committed to earlier, we publish the random nonce that we used to create this commitment, and the message, msg. Now anybody can verify that msg was indeed the message committed to earlier. This stage is analogous to opening the envelope.

  • commitment的流程
  1. 生成随机nonce
  2. 使用com:=commit(nonce,msg)
  3. 公布com

Implemetation of a commitment scheme:
commit(msg, nonce) := H(nonce ‖ msg).
Nonce is a random 256-bit value.
Then, concatenate the nonce and the message.
Return the hash of this concatenated value as the commitment.

  • commit(msg, nonce) := H(nonce ‖ msg).
    nonce 是一个256位的值
    然后将nonce 和 msg连接
    最后返回计算好的哈希值,作为commitment

1.1.3 Puzzle Friendliness

Puzzle friendliness. A hash function H is said to be puzzle friendly if for every possible n-bit output value y, if k is chosen from a distribution with high min-entropy, then it is infeasible to find x such that H(k ‖ x) = y in time significantly less than 2n.

  • Puzzle friendliness:对于如果每一个的n位的结果,如果k符合high min-entropy分布,则不能在2n的时间找到x使得H(k ‖ x) = y 。

Intuitively, if someone wants to target the hash function to have some particular output value y, and if part of the input has been chosen in a suitably randomized way, then it’s very difficult to find another value that hits exactly that target.

  • 已知y,已知k(符合随机分布),很难找到x。

APPLICATION: SEARCH PUZZLE
A search puzzle consists of
• a hash function, H,
• a value, id (which we call the puzzle-ID), chosen from a high min-entropy distribution
• a target set Y.

A solution to this puzzle is a value, x, such that
H(id || x) ∈ Y

  • 一个search puzzle包括
    一个哈希函数H ;
    一个符合high min-entropy分布的puzzle-ID ;
    一个目标集Y ;

If a hash funtion is puzzle friendly, then there’s no solving strategy for this puzzle that is much better than just trying random values of x.

  • 对于一个puzzle friendly的哈希函数,一个个随机地试x的值是最好的求解方法。

1.1.4 SHA-256

Merkle-Damgård transform
As long as we can build a hash function that works on fixed-length inputs, there’s a generic method to convert it into a hash function that works on arbitrary-length inputs.

  • Merkle-Damgård transform
    只要我们能构建一个可以处理定长输入的哈希函数,则就可以转换成一个可以处理随意长度的哈希函数。

Compression function
the underlying fixed-length collision-resistant hash function is called the compression function.

  • Compression function
    可以处理定长输入的collision-resistant的哈希函数。

The process of Merkle-Damgård transform
Suppose that the compression function takes inputs of length m and produces an output of a smaller length n.
The input to the hash function, which can be of any size, is divided into blocks of length m – n.
The construction works as follows: pass each block together with the output of the previous block into the compression function.
Input length will then be (m – n) + n = m.

  • 首先,我们有一个compression function, 它接受长度为m的输入,产生长度为n的输出。
  • 接下来,对于任意长度的输入,我们将它划分为多个长度为(m - n)的块。
  • 将每个(m - n)的块连带着上个块的输出(长度为n)传递给compression function,即(m - n)+n = m, 满足了compression输入要以m为长度的要求。

1.2 HASH POINTERS AND DATA STRUCTURES

Hash pointer:
A hash pointer is a pointer to where data is stored together with a cryptographic hash of the value of this data at some fixed point in time.
Whereas a regular pointer gives you a way to retrieve the information, a hash pointer also allows you to verify that the information hasn’t been changed

  • 哈希指针:
    不仅指明了地址,还能去查看当前地址的内容是否被更改过。

Block Chain
Similat to a linked list
Each block not only tells us where the value of the previous block was, but it also contains a digest of that value, which allows us to verify that the value hasn’t been changed.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • 区块链
    每一个块指明了前一个块的值,同时包含了这个值的摘要。这个摘要可以帮助我们判断这个值是否被改变过。

If an adversary modifies data anywhere in the block chain, it will result in the hash pointer in the following block being incorrect

  • 如果其他人修改了区块里的数据,将会导致后面区块里的哈希指针出错。

Merkle Trees
In a Merkle tree, data blocks are grouped in pairs, and the hash of each of these blocks is stored in a parent node. The parent nodes are in turn grouped in pairs, and their hashes stored one level up the tree. This pattern continues up the tree until we reach the root node.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • Merkle Trees
    数据块成对分组,每个块的哈希值被存储在他们的父节点当中。向上往复,直至根节点。

Proof of membership
To prove that a data block is included in the tree only requires showing the blocks in the path from that data block to the root.
If there are n nodes in the tree,it takes about log(n) time for us to verify it.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • 去证明一个块属于这棵树,只要顺着路径遍历即可,对于n个节点的树,时间复杂度约为log(n).

1.3 DIGITAL SIGNATURES

Two properties of digital signatures
First, only you can make your signature.
Second, the signature is to be tied to a particular document, so that the signature cannot be used to indicate your agreement or endorsement of a different document.

  • 数字签名的两个属性
    只有本人可以签名;
    每个签名绑定在固定的文件上, 当前这个签名不能代表其他的文件。

Digital signature scheme
three algorithms are consisted:
-----------------------------------------------------------------
First, (sk, pk) := generateKeys(keysize)
The generateKeys method takes a key size and generates a key pair. The secret key sk is kept privately and used to sign messages. pk is the public verification key that you give to everybody. Anyone with this key can verify your signature.
------------------------------------------------------------------
sig := sign(sk, message)
The sign method takes a message and a secret key, sk, as input and outputs a signature for message under sk.
------------------------------------------------------------------
isValid := verify(pk, message, sig)
The verify method takes a message, a signature, and a public key as input. It returns a boolean value, isValid, that will be true if sig is a valid signature for message under public key pk, and false otherwise.

  • 数字签名的三个方法
    ------------------------------------------------------------
    (sk, pk) := generateKeys(keysize)
    产生一对给定长的的私钥(sk/secret key)和公钥(pk/ public key)。私钥的由当前用户个人保管,用来签名。公钥是对所有人公开的,别人可以用来检验签名的有效性。
    ------------------------------------------------------------
    sig := sign(sk, message)
    产生签名。以私钥(sk)和信息(message)为参数,产生产生与这个文件和私钥相对应的签名。
    ------------------------------------------------------------
    isValid := verify(pk, message, sig)
    检验有效性。当前签名(sig)如果和信息(message)以及公钥(pk)对应的起来则返回真。

Unforgeability game
If the attacker is able to successfully output a signature on a message that he has not previously seen, he wins.
If he is unable to do so, the challenger wins, and the digital signature scheme is unforgeable.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction
We give the secret key to the challenger, and we give the public key to both the challenger and the adversary. So the adversary only knows information that’s public, and his mission is to try to forge a message. The challenger knows the secret key. So he can make signatures.
we allow the adversary to try a number of guesses that is a polynomial function of the key size, but no more (e.g., he cannot try exponentially many guesses).
The challenger runs the verify algorithm to determine whether the signature produced by the attacker is a valid signature on M under the public verification key.

  • Unforgeability game
           如果攻击者(attacker/adversary)能够伪造出签名,攻击者获胜。如果他不能,则挑战者(challenger)获胜。
           我们把私钥给挑战者,而公钥的话,为挑战者和攻击双方共有。私钥类似于密码,公钥类似于账号。
           攻击者可以多次尝试伪造签名,挑战者去检验该签名是否正确。

1.4 PUBLIC KEYS AS IDENTITIES

The idea is to take a public key, one of those public verification keys from a digital signature scheme, and equate it to an identity of a person or an actor in a system.

  • 拿一个公钥,并将和一个人相对应。

1.5. TWO SIMPLE CRYPTOCURRENCIES

1.5.1 Goofycoin

The first rule of Goofycoin is that a designated entity, Goofy, can create new coins whenever he wants and these newly created coins belong to him.

  • 一个特定的实体可以创建新的币,这个币为他所拥有。

The second rule of Goofycoin is that whoever owns a coin can transfer it to someone else.

  • 第二个规则是,币可以转让。

Let’s say Goofy wants to transfer a coin that he created to Alice. To do this, he creates a new statement that says “Pay this to Alice” where “this” is a hash pointer that references the coin in question. And as we saw earlier, identities are really just public keys, so “Alice” refers to Alice’s public key. Finally, Goofy signs the string representing the statement. Since Goofy is the one who originally owned that coin, he has to sign any transaction that spends the coin. Once this data structure representing Goofy’s transaction is signed by him, Alice owns the coin. She can prove to anyone that she owns the coin, because she can present the data structure with Goofy’s valid signature. Furthermore, it points to a valid coin that was owned by Goofy. So the validity and ownership of coins are self-evident in the system.

  • Goofy想要将他的币转给Alice, 他发起一个声明"我将这枚币转给Alice"。这个声明须由Goofy签名,则这枚币就属于Alice了。

double-spending attack
Someone spends a coin twice.
Goofycoin does not solve the double-spending attack, and therefore it’s not secure.

  • double-spending attack*
    一个人将一枚币转让给多个人。Goofycoin未能解决这个问题。

1.5.2 Scroogecoin

The first key idea is that a designated entity called Scrooge publishes an append-only ledger containing the history of all transactions.
The append-only property ensures that any data written to this ledger will remain forever in the ledger.
If the ledger is truly append only, we can use it to defend against double spending by requiring all transactions to be written in the ledger before they are accepted.
That way, it will be publicly documented if coins were previously sent to a different owner.

  • 设计一个只可以在后面添加内容而不可以再做其他修改的账本。将所有的交易记录下到账本里,便可以知道当前币是属于谁的,有没有转让给多个人。

To implement this append-only functionality, Scrooge can build a block chain, which he will digitally sign. It consists of a series of data blocks, each with one transaction in it (in practice, as an optimization, we’d really put multiple transactions in the same block, as Bitcoin does.) Each block has the ID of a transaction, the transaction’s contents, and a hash pointer to the previous block. Scrooge digitally signs the final hash pointer, which binds all the data in this entire structure, and he publishes the signature along with the block chain.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • 为实现这一功能,建立一个区块链,每一个区块对应一个交易信息(现实生活中,可能一个区块包含多个交易信息)。
    每个区块的数据结构是(ID, contents, hash pointer to previous block)。Scrooge 为最后一个哈希指针签名即可,然后连带着整个区块链公布他的签名。

Why do we need a block chain with hash pointers in addition to having Scrooge sign each block?
As long as someone is monitoring the latest hash pointer published by Scrooge, the change will be obvious and easy to catch.
A block chain makes it easy for any two individuals to verify that they have observed the same history of transactions signed by Scrooge.

  • 为什么采用一个带有哈希指针的区块链?
    哈希指针: 方便人们察觉到到当前区块链发生的变化。
    区块链:方便人们查看交易的纪录。
1.5.2.1 Two kinds of transactions in Scrogecoin

CreateCoins
to make new coins.
Datastructure:
(serial number, value, recipent)
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction
TransID: to represent a transaction
num: Each coin has a serial number in the transaction.
value: it’s worth a certain number of scroogecoins.
recipient: a public key that gets the coin.

PayCoins
It consumes some coins (i.e., destroys them) and creates new coins of the same total value.
So if you’re the owner of one of the coins that’s going to be consumed in this transaction, then you need to digitally sign the transaction to say that you’re OK with spending this coin.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

The problem here is centralization.much of the early research on cryptosystems assumed there would indeed be some central trusted authority.
The minting of new coins also needs to be decentralized. If we can solve these problems, then we can build a currency that would be like Scroogecoin but without a centralized party. In fact, this would be a system much like Bitcoin.文章来源地址https://www.toymoban.com/news/detail-419158.html

  • 这个系统存在一个问题,即中心化。所有的交易都需要由Scrooge签名,Scrooge类似于现实中的政府。这个系统需要去中心化,则就有了比特币的概念。

到了这里,关于BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 云服务器SVN仓库搭建(以阿里云为例)

    远程连接阿里云服务器 安装svn(注意需要root权限使用命令sudo su) yum install subversion 安装成功后查看svn版本 svnserve --version  创建版本库的根目录 mkdir /var/svn 创建代码仓库 svnadmin create /var/svn/test    当前生成的目录结构 此处为svn的配置文件 创建用户名和密码 编辑passwd文件 创建

    2024年02月14日
    浏览(41)
  • 计算机网络——计算机网络体系结构

    1.1 概念 一般认为,计算机网络是一个将分散的,具有独立功能的计算机系统,通过通信设备与线路连接起来,由功能完善的软件实现资源共享的信息传递的系统,简而言之,计算机网络就是一些 互联的,自治的计算机系统的集合 1.2 组成 (1)从组成部分:由 硬件,软件,

    2024年02月15日
    浏览(52)
  • appium解决报错:ModuleNotFoundError: No modulenamed ‘selenium.webdriver.common.options‘

    出现这个错误是因为selenium与Appium-Python-Client版本不匹配。 appium: selenium: selenium要4.0版本以上 卸载selenium3.141: 如果安装selenium4.0 ** 会提示如果安装了,appium-python-client 2.7.1,那就要安装selenium~=4.1,这样依赖才匹配。selenium3.141和selenium4.0,4.1相差不是很大,但是selenium不同版本里

    2024年02月11日
    浏览(41)
  • SpringBoot+Prometheus+Grafana 监控面板(项目配置方式【入侵】)

    提示:本文使用SpringBoot 简单样例,介绍基础配置和使用方法 包含内容:Docker、SpringBoot、Maven、 Prometheus、Grafana等 提示:本文包含官网内容介绍,具体更项目的学习,请参照各官网文档,谢谢 官网:https://prometheus.io/ 文档地址:https://prometheus.io/docs/introduction/overview/ 使用领先

    2024年02月16日
    浏览(51)
  • 《动手学深度学习 Pytorch版》 10.6 自注意力和位置编码

    在注意力机制中,每个查询都会关注所有的键-值对并生成一个注意力输出。由于查询、键和值来自同一组输入,因此被称为 自注意力(self-attention),也被称为内部注意力(intra-attention)。本节将使用自注意力进行序列编码,以及使用序列的顺序作为补充信息。 给定一个由

    2024年02月06日
    浏览(44)
  • ubuntu22.04编译安装使用gstreamer指南

    ubuntu发行版22.04,该发行版内置Gstreamer1.20.1,gstreamer源码最新版本为1.20.3,差距不大 下载gstreamer源码 安装git 下载gstreamer 安装meson gstreamer1.60以后(不包含1.60),使用meson+ninja来构建 安装glib gstreamer是基于glib-gobject来实现的 安装libsoup 安装libunwind 安装libdw 安装g-ir-scanner 系统中

    2024年02月05日
    浏览(74)
  • 【Python 中的 plt.hist 函数详解】

    plt.hist 函数用于绘制直方图。直方图是一种用来表示数据分布的图形,它将数据分成若干个区间,然后统计每个区间中数据的数量,最终以柱状图的形式展示出来。 直方图主要用于可视化数据的分布情况。它将数据划分为一系列的区间(也称为箱子或柱子),然后计算每个区

    2024年04月13日
    浏览(44)
  • FDTD算法及其应用

    一、电磁场问题数值计算方法         有许多的数值计算方法用于解决电磁场问题。其中,一些最常用的方法包括:         1.有限元法(Finite Element Method,FEM):这种方法将连续的求解域离散化为有限个小的单元,对每个单元进行数值求解,然后将所有单元的解组

    2024年01月25日
    浏览(35)
  • idea2021配置Git&GitHub&账号登录授权

    下载地址:https://git-scm.com/downloads 安装很简单,这里不多废话。 点击 GitManage Remotes…点\\\"+\\\"号添加别名和仓库地址 转圈圈的同时会弹出浏览器,打开授权界面、 点击授权按钮后,输入账号密码登录,并再次点击授权按钮 最终出现下面提示,则over! over之后再去idea看,发现已

    2023年04月08日
    浏览(43)
  • 【0002】JDK1.7安装和环境变量配置(Windows7操作系统)

    链接:https://pan.baidu.com/s/1ZJTlD-bRw9VCNA5qY-ZU-A  提取码:3d4h 在Windows7操作系统下安装JDK1.7及配置环境变量。其它版本的JDK及操作系统安装步骤,基本上没有太大的差异,所以此文也可以指导安装其它系统中的不同版本的JDK。 先安装JDK再配置环境变量 JDK版本:JDK-7u80-windows-x64版本

    2024年03月25日
    浏览(52)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包