BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

这篇具有很好参考价值的文章主要介绍了BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

Chapter 1 Introduction to Cryptography and Cryptocurrencies

In fiat currencies, law enforcement is necessary for stopping people from breaking the rules of the system.Howerver,Cryptocurrencies need to be enforced purely technologically and without relying on a central authority.

  • 传统法定货币(fiat currencies),使用法律手段来确保安全性。但加密货币(cryptocurrencies)采用存粹的技术手段来保证安全性。

Bitcoin relies on only a handful of relatively simple and well-known cryptographic constructions: cryptographic hashes and digital signatures,zero-knowledge proofs.

  • 比特币依赖哈希(hashes), 数字签名(digital signitures)以及零知识证明(zero-knowledge proofs).

1.1 CRYPTOGRAPHIC HASH FUNCTIONS

Properties of a hash fuction:

  1. Its input can be any string of any size.
  2. It produces a fixed-sized output.
  3. It is efficiently computable.More technically, computing the hash of an n-bit string should have a running time that is O(n).
  • 哈希函数(Hash function)属性:
    输入可以是任何长度的字符串;
    产生固定长度的输出;
    时间复杂度O(n),即n位的输入所需要的计算时间是O(n).

Three additional properties to be secure for a hash function:

  1. collision resistance
  2. hiding
  3. puzzle friendliness
  • 三个额外的属性
    collision resistance
    hiding
    puzzle friendliness

1.1.1 Collsion resistance

Collsion resistance:
A hash function H is said to be collision resistant if it is infeasible to find two values, x and y, such that x ≠ y, yet H(x) = H(y).
A collision occurs when two distinct inputs produce the same output.
Consider the following simple method for finding a collision for a hash function with a 256-bit output size: pick 2256 + 1 distinct values, compute the hashes of each of them.

  • collision resistance :
    除了穷举遍历,没有人能找到高效(efficient)的方法去实现 : x ≠ y, 有 H(x) = H(y)。但碰撞(collision)对于每个哈希函数都是客观存在的。因为,给定 2^256 + 1^ 个不同的输入,对于一个结果长度固定在256位的哈希函数而言,一定会产生碰撞。
    关于高效(efficient)的理解,哈希函数: H(x)= x mod 2256 可以很容易推算出3和**3 + 2256**会映射到相同的结果,所以不符合这一属性。

APPLICATION: MESSAGE DIGESTS
To ensure file integrity:
the file people download is the same as the one he uploaded to a online file storage system.
That is, Compare the hash of the downloaded file to the local copy.

  • 应用:通过比较网络文件和本地文件的哈希值,来验证二者是否相同。

1.1.2 Hiding

Hiding:
A hash function H is said to be hiding if when a secret value r is chosen from a probability distribution that has high min-entropy, then, given H(r ‖ x), it is infeasible to find x.
The hiding property asserts that if we’re given the output of the hash function y = H(x), there’s no feasible way to figure out what the input, x, was

  • r和x做链接,得到H(r || x),其中 r 符合high min-entropy的概率分布,这样则没有可行的方法在已知输出的情况下推算出输入x是什么。

APPLICATION: COMMITMENTS
commitment:
the digital analog of taking a value, sealing it in an envelope, and putting that envelope out on the table where everyone can see it.
---------------------------------------------------
Commitment scheme:
com := commit(msg, nonce) : The commit function takes a message and secret random value, called a nonce, as input and returns a commitment.
verify(com, msg, nonce) : The verify function takes a commitment, nonce, and message as input. It returns true if com == commit(msg, nonce) and false otherwise.
-------------------------------------------------------
Two security peoperties:
Hiding: Given com, it is infeasible to find msg.
Binding: It is infeasible to find two pairs (msg, nonce) and (msg′, nonce′) such that msg ≠ msg′ and commit(msg, nonce) == commit(msg′, nonce′).

  • Commitment: 将一个数据放在封好的信封里,并且放在桌子上向人们展示。
    -------------------------------
    Commitment scheme:
    com := commit(msg, nonce) : 函数commit以msg和nonce为参数,返回一个commitment
    verify(com, msg, nonce) : 函数verify以commitment, nonce, message为参数。返回 com == commit(msg, nonce).
    ------------------------------------
    Two security peoperties:
    Hiding: 对于给定的com,无法找到msg。
    Binding: 当msg != msg’时,commit(msg, nonce) != commit(msg’,nonce’)

To use a commitment scheme :
We first need to generate a random nonce. We then apply the commit function to this nonce together with msg, the value being committed to, and we publish the commitment com. This stage is analogous to putting the sealed envelope on the table. At a later point, if we want to reveal the value that we committed to earlier, we publish the random nonce that we used to create this commitment, and the message, msg. Now anybody can verify that msg was indeed the message committed to earlier. This stage is analogous to opening the envelope.

  • commitment的流程
  1. 生成随机nonce
  2. 使用com:=commit(nonce,msg)
  3. 公布com

Implemetation of a commitment scheme:
commit(msg, nonce) := H(nonce ‖ msg).
Nonce is a random 256-bit value.
Then, concatenate the nonce and the message.
Return the hash of this concatenated value as the commitment.

  • commit(msg, nonce) := H(nonce ‖ msg).
    nonce 是一个256位的值
    然后将nonce 和 msg连接
    最后返回计算好的哈希值,作为commitment

1.1.3 Puzzle Friendliness

Puzzle friendliness. A hash function H is said to be puzzle friendly if for every possible n-bit output value y, if k is chosen from a distribution with high min-entropy, then it is infeasible to find x such that H(k ‖ x) = y in time significantly less than 2n.

  • Puzzle friendliness:对于如果每一个的n位的结果,如果k符合high min-entropy分布,则不能在2n的时间找到x使得H(k ‖ x) = y 。

Intuitively, if someone wants to target the hash function to have some particular output value y, and if part of the input has been chosen in a suitably randomized way, then it’s very difficult to find another value that hits exactly that target.

  • 已知y,已知k(符合随机分布),很难找到x。

APPLICATION: SEARCH PUZZLE
A search puzzle consists of
• a hash function, H,
• a value, id (which we call the puzzle-ID), chosen from a high min-entropy distribution
• a target set Y.

A solution to this puzzle is a value, x, such that
H(id || x) ∈ Y

  • 一个search puzzle包括
    一个哈希函数H ;
    一个符合high min-entropy分布的puzzle-ID ;
    一个目标集Y ;

If a hash funtion is puzzle friendly, then there’s no solving strategy for this puzzle that is much better than just trying random values of x.

  • 对于一个puzzle friendly的哈希函数,一个个随机地试x的值是最好的求解方法。

1.1.4 SHA-256

Merkle-Damgård transform
As long as we can build a hash function that works on fixed-length inputs, there’s a generic method to convert it into a hash function that works on arbitrary-length inputs.

  • Merkle-Damgård transform
    只要我们能构建一个可以处理定长输入的哈希函数,则就可以转换成一个可以处理随意长度的哈希函数。

Compression function
the underlying fixed-length collision-resistant hash function is called the compression function.

  • Compression function
    可以处理定长输入的collision-resistant的哈希函数。

The process of Merkle-Damgård transform
Suppose that the compression function takes inputs of length m and produces an output of a smaller length n.
The input to the hash function, which can be of any size, is divided into blocks of length m – n.
The construction works as follows: pass each block together with the output of the previous block into the compression function.
Input length will then be (m – n) + n = m.

  • 首先,我们有一个compression function, 它接受长度为m的输入,产生长度为n的输出。
  • 接下来,对于任意长度的输入,我们将它划分为多个长度为(m - n)的块。
  • 将每个(m - n)的块连带着上个块的输出(长度为n)传递给compression function,即(m - n)+n = m, 满足了compression输入要以m为长度的要求。

1.2 HASH POINTERS AND DATA STRUCTURES

Hash pointer:
A hash pointer is a pointer to where data is stored together with a cryptographic hash of the value of this data at some fixed point in time.
Whereas a regular pointer gives you a way to retrieve the information, a hash pointer also allows you to verify that the information hasn’t been changed

  • 哈希指针:
    不仅指明了地址,还能去查看当前地址的内容是否被更改过。

Block Chain
Similat to a linked list
Each block not only tells us where the value of the previous block was, but it also contains a digest of that value, which allows us to verify that the value hasn’t been changed.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • 区块链
    每一个块指明了前一个块的值,同时包含了这个值的摘要。这个摘要可以帮助我们判断这个值是否被改变过。

If an adversary modifies data anywhere in the block chain, it will result in the hash pointer in the following block being incorrect

  • 如果其他人修改了区块里的数据,将会导致后面区块里的哈希指针出错。

Merkle Trees
In a Merkle tree, data blocks are grouped in pairs, and the hash of each of these blocks is stored in a parent node. The parent nodes are in turn grouped in pairs, and their hashes stored one level up the tree. This pattern continues up the tree until we reach the root node.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • Merkle Trees
    数据块成对分组,每个块的哈希值被存储在他们的父节点当中。向上往复,直至根节点。

Proof of membership
To prove that a data block is included in the tree only requires showing the blocks in the path from that data block to the root.
If there are n nodes in the tree,it takes about log(n) time for us to verify it.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • 去证明一个块属于这棵树,只要顺着路径遍历即可,对于n个节点的树,时间复杂度约为log(n).

1.3 DIGITAL SIGNATURES

Two properties of digital signatures
First, only you can make your signature.
Second, the signature is to be tied to a particular document, so that the signature cannot be used to indicate your agreement or endorsement of a different document.

  • 数字签名的两个属性
    只有本人可以签名;
    每个签名绑定在固定的文件上, 当前这个签名不能代表其他的文件。

Digital signature scheme
three algorithms are consisted:
-----------------------------------------------------------------
First, (sk, pk) := generateKeys(keysize)
The generateKeys method takes a key size and generates a key pair. The secret key sk is kept privately and used to sign messages. pk is the public verification key that you give to everybody. Anyone with this key can verify your signature.
------------------------------------------------------------------
sig := sign(sk, message)
The sign method takes a message and a secret key, sk, as input and outputs a signature for message under sk.
------------------------------------------------------------------
isValid := verify(pk, message, sig)
The verify method takes a message, a signature, and a public key as input. It returns a boolean value, isValid, that will be true if sig is a valid signature for message under public key pk, and false otherwise.

  • 数字签名的三个方法
    ------------------------------------------------------------
    (sk, pk) := generateKeys(keysize)
    产生一对给定长的的私钥(sk/secret key)和公钥(pk/ public key)。私钥的由当前用户个人保管,用来签名。公钥是对所有人公开的,别人可以用来检验签名的有效性。
    ------------------------------------------------------------
    sig := sign(sk, message)
    产生签名。以私钥(sk)和信息(message)为参数,产生产生与这个文件和私钥相对应的签名。
    ------------------------------------------------------------
    isValid := verify(pk, message, sig)
    检验有效性。当前签名(sig)如果和信息(message)以及公钥(pk)对应的起来则返回真。

Unforgeability game
If the attacker is able to successfully output a signature on a message that he has not previously seen, he wins.
If he is unable to do so, the challenger wins, and the digital signature scheme is unforgeable.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction
We give the secret key to the challenger, and we give the public key to both the challenger and the adversary. So the adversary only knows information that’s public, and his mission is to try to forge a message. The challenger knows the secret key. So he can make signatures.
we allow the adversary to try a number of guesses that is a polynomial function of the key size, but no more (e.g., he cannot try exponentially many guesses).
The challenger runs the verify algorithm to determine whether the signature produced by the attacker is a valid signature on M under the public verification key.

  • Unforgeability game
           如果攻击者(attacker/adversary)能够伪造出签名,攻击者获胜。如果他不能,则挑战者(challenger)获胜。
           我们把私钥给挑战者,而公钥的话,为挑战者和攻击双方共有。私钥类似于密码,公钥类似于账号。
           攻击者可以多次尝试伪造签名,挑战者去检验该签名是否正确。

1.4 PUBLIC KEYS AS IDENTITIES

The idea is to take a public key, one of those public verification keys from a digital signature scheme, and equate it to an identity of a person or an actor in a system.

  • 拿一个公钥,并将和一个人相对应。

1.5. TWO SIMPLE CRYPTOCURRENCIES

1.5.1 Goofycoin

The first rule of Goofycoin is that a designated entity, Goofy, can create new coins whenever he wants and these newly created coins belong to him.

  • 一个特定的实体可以创建新的币,这个币为他所拥有。

The second rule of Goofycoin is that whoever owns a coin can transfer it to someone else.

  • 第二个规则是,币可以转让。

Let’s say Goofy wants to transfer a coin that he created to Alice. To do this, he creates a new statement that says “Pay this to Alice” where “this” is a hash pointer that references the coin in question. And as we saw earlier, identities are really just public keys, so “Alice” refers to Alice’s public key. Finally, Goofy signs the string representing the statement. Since Goofy is the one who originally owned that coin, he has to sign any transaction that spends the coin. Once this data structure representing Goofy’s transaction is signed by him, Alice owns the coin. She can prove to anyone that she owns the coin, because she can present the data structure with Goofy’s valid signature. Furthermore, it points to a valid coin that was owned by Goofy. So the validity and ownership of coins are self-evident in the system.

  • Goofy想要将他的币转给Alice, 他发起一个声明"我将这枚币转给Alice"。这个声明须由Goofy签名,则这枚币就属于Alice了。

double-spending attack
Someone spends a coin twice.
Goofycoin does not solve the double-spending attack, and therefore it’s not secure.

  • double-spending attack*
    一个人将一枚币转让给多个人。Goofycoin未能解决这个问题。

1.5.2 Scroogecoin

The first key idea is that a designated entity called Scrooge publishes an append-only ledger containing the history of all transactions.
The append-only property ensures that any data written to this ledger will remain forever in the ledger.
If the ledger is truly append only, we can use it to defend against double spending by requiring all transactions to be written in the ledger before they are accepted.
That way, it will be publicly documented if coins were previously sent to a different owner.

  • 设计一个只可以在后面添加内容而不可以再做其他修改的账本。将所有的交易记录下到账本里,便可以知道当前币是属于谁的,有没有转让给多个人。

To implement this append-only functionality, Scrooge can build a block chain, which he will digitally sign. It consists of a series of data blocks, each with one transaction in it (in practice, as an optimization, we’d really put multiple transactions in the same block, as Bitcoin does.) Each block has the ID of a transaction, the transaction’s contents, and a hash pointer to the previous block. Scrooge digitally signs the final hash pointer, which binds all the data in this entire structure, and he publishes the signature along with the block chain.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

  • 为实现这一功能,建立一个区块链,每一个区块对应一个交易信息(现实生活中,可能一个区块包含多个交易信息)。
    每个区块的数据结构是(ID, contents, hash pointer to previous block)。Scrooge 为最后一个哈希指针签名即可,然后连带着整个区块链公布他的签名。

Why do we need a block chain with hash pointers in addition to having Scrooge sign each block?
As long as someone is monitoring the latest hash pointer published by Scrooge, the change will be obvious and easy to catch.
A block chain makes it easy for any two individuals to verify that they have observed the same history of transactions signed by Scrooge.

  • 为什么采用一个带有哈希指针的区块链?
    哈希指针: 方便人们察觉到到当前区块链发生的变化。
    区块链:方便人们查看交易的纪录。
1.5.2.1 Two kinds of transactions in Scrogecoin

CreateCoins
to make new coins.
Datastructure:
(serial number, value, recipent)
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction
TransID: to represent a transaction
num: Each coin has a serial number in the transaction.
value: it’s worth a certain number of scroogecoins.
recipient: a public key that gets the coin.

PayCoins
It consumes some coins (i.e., destroys them) and creates new coins of the same total value.
So if you’re the owner of one of the coins that’s going to be consumed in this transaction, then you need to digitally sign the transaction to say that you’re OK with spending this coin.
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction

The problem here is centralization.much of the early research on cryptosystems assumed there would indeed be some central trusted authority.
The minting of new coins also needs to be decentralized. If we can solve these problems, then we can build a currency that would be like Scroogecoin but without a centralized party. In fact, this would be a system much like Bitcoin.文章来源地址https://www.toymoban.com/news/detail-419158.html

  • 这个系统存在一个问题,即中心化。所有的交易都需要由Scrooge签名,Scrooge类似于现实中的政府。这个系统需要去中心化,则就有了比特币的概念。

到了这里,关于BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES - chapter 1 -Introduction的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • ChatGP4 的体验 一站式 AI工具箱 -—Poe(使用教程)

    界面介绍: 是一个基于机器学习的聊天机器人,能够识别自然语言并做出智能回答。Sage通过自然语言处理和对话管理技术来实现对话的自然流畅和个性化,同时支持多种语言。Sage较为擅长语言相关的工作,例如创作文章,做摘要等。 是由开放人工智能(OpenAI)公司开发的一

    2024年02月11日
    浏览(100)
  • 第一章 熟悉Objective-C

    Objective—C语言是由Smalltalk演化而来,后者是消息型语言的鼻祖,所以该语言使用的“消息结构”而非“函数调用”。 1. 消息和函数调用之间的区别 关键区别在于: 使用消息结构的语言,其运行所应执行的代码由运行环境来决定;而使用函数调用的语言,则由编译器决定。

    2024年01月18日
    浏览(39)
  • ChatGPT 报错“Oops!We ran into an issue while signing you in…”如何解决?

    ChatGPT报错:“Oops!We ran into an issue while signing you in, please take abreak and try again soon.” 说明:哎呀!我们在登录时遇到了一个问题,请稍作休息并尽快再试一次。 原因: 看到这个提示时,说明环境有问题,浏览器可能不干净,有缓存等。并非账号被封了! 解决: 请清理下浏览

    2024年01月20日
    浏览(40)
  • Dragonfly 基于 P2P 的文件和镜像分发系统

    作者: 孙景文、吴迪 网络下载 提起网络下载领域,你应该首先会想到基于 TCP/IP 协议簇的 C/S 模式。这种模式希望每一个客户机都与服务器建立 TCP 连接,服务器轮询监听 TCP 连接并依次响应,如下图: 上世纪末期,基于 C/S 模式的思想,人们发展了 HTTP , FTP 等应用层协议。

    2024年01月15日
    浏览(43)
  • 【微信小程序】通过云函数获取用户openid

    1.pages同级目录下新建新文件夹,命名为cloudFunctions(其他名字也可以)。 2.project.config.json中添加以下内容,值为上一步创建的文件夹名字。编译一次后上一步创建的文件夹前图标就带“云”了。 3.app.js内的App中添加 1.右击cloudFunctions文件夹,点击【新建Node.js云函数】,命名为

    2024年02月10日
    浏览(57)
  • SpringBoot下使用自定义监听事件

    事件机制是Spring的一个功能,目前我们使用了SpringBoot框架,所以记录下事件机制在SpringBoot框架下的使用,同时实现异步处理。事件机制其实就是使用了观察者模式(发布-订阅模式)。 Spring的事件机制经过如下流程: 1、自定义事件,继承org.springframework.context.ApplicationEvent抽象类

    2024年02月14日
    浏览(78)
  • 国内网络摄像机的端口及RTSP地址

    默认IP地址:192.168.1.64/DHCP 用户名admin 密码自己设 端口:“HTTP 端口”(默认为 80)、“RTSP 端口”(默认为 554)、“HTTPS 端 口”(默认 443)和“服务端口”(默认 8000),ONVIF端口 80。 RTSP地址:rtsp://[username]:[password]@[ip]:[port]/[codec]/[channel]/[subtype]/av_stream 说明: username: 用户

    2024年02月14日
    浏览(74)
  • 华为认证云计算专家(HCIE-Cloud Computing)--练习题

    1.(判断题)华为云stack支持鲲鹏架构,业务可从X86过渡到鲲鹏。 正确答案:正确 2.(判断题)业务上云以后,安全方面由云服务商负责,客户自己不需要做任何防护 A 对 B 错 正确答案:B 3.( 多选题 ) 某企业有一个购物系统部署在HCS,可以选择哪些服务做安全保障? A WAF B HSS C DBAS

    2024年01月17日
    浏览(56)
  • 修改 Zookeeper 的客户端连接端口(默认2181端口)

    Zookeeper 的配置文件通常名为 zoo.cfg,位于 Zookeeper 安装目录的 /conf 目录下。初始配置如下: 修改客户端连接端口的步骤如下: 找到并打开 zoo.cfg 文件 修改客户端端口:找到或添加 clientPort 属性,将其更改为 2281。 保存并重启 Zookeeper 服务。 特别提醒 : 如果在 zoo.cfg 文件中

    2024年04月28日
    浏览(38)
  • 数据分析(以kaggle上的加州房价为例)

    数据来源:House Prices - Advanced Regression Techniques 参考文献: Comprehensive data exploration with Python 偏度(Skewness)是一种衡量随机变量概率分布的偏斜方向和程度的度量,是统计数据分布非对称程度的数字特征。偏度可以用来反映数据分布相对于对称分布的偏斜程度。偏度的取值范

    2024年02月09日
    浏览(43)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包