电子货币(6):BitCoin的工作原理 (大众版)

收获了一种恬静的生活, 像一条波澜不惊的小河, 流过春夏 流过秋冬
打印 被阅读次数

BitCoin够热了,热得让人搞不清东西。现在看看BitCoin的技术原理,看看到底它能解决什么问题,还有什么缺陷,还有什么发展的空间。

作为流通货币,都有四个方面: 交易(transaction), 支付提兑(payment),审计(audit), 铸币(mintage)。现在就来看看bitcoin在这四个方面的表现。
  
交易(transaction) 
 
交易的基本诉求,就是付款人(payer)汇款给收款人(payee)。其技术的挑战就是加密(cryptography),原因是不能让第三者截获或篡改汇款金额。

BitCoin的交易加密方式沿用了现成的,基于公钥(public-key)私钥(private-key)的非对称加密体系(asymmetriccryptography)。这里没有什么创新,都是现成的算法。

现在看看Owner0给Owner1交易的过程:

a。Owner0 先找到Owner1的公钥,然后用Owner1的公钥(Public Key)把汇款详情加密。这样,只有Owner1 本人用自己的私钥(PrivateKey),才能打开加了密的汇款详情。

   
b。为了方便 Owner1验证这笔汇款的确来自Owner0,而不是别人,Owner0发出的汇款单里,除了有加了密的汇款详情,还有Owner0的数字签名(Signature)。Owner1拿到汇款时,为了验证这笔汇款的确来自Owner0,他可以用 Owner0 的公钥,来验证汇款单中 Owner0的数字签名。
 
c。Owner0发出汇款单时,汇款单不仅仅投递到Owner1,而且还要广而告之,任何人只要愿意参与BitCoin审计,都可以收到全球所有人发出的所有汇款单。---这一条是非常重要的,现实货币流通时不存在的特征。

d。沿用 1、2、3 的原理,Owner1 给 Owner2 汇款,然后 Owner2 给 Owner3汇款。BitCoin 通过Hash机制,把涉及同一枚BitCoin的所有汇款交易(Tranaction)串连起来,目的是为了追查重复付款(double spending)的欺诈行为。

支付(payment)

当付款人(payer)向收款人(payee)发出汇款交易(transaction)后,支付过程(payment)并没有完成。直到收款人签收了汇款以后,支付过程才算正式结束。

在收款人接受汇款以前,他必须确认汇款人没有重复付款(double spending),就是说没有一款两付:你不能把一笔钱同时付给两个人或多个人;也没有类似于纸币是假钞等。

BitCoin验证重复付款的办法,是靠群众检举。当收款人收到汇款时,他把汇款单广而告之。审计站点收到广而告之的汇款单时,会检查汇款单中涉及的BitCoin,是否出现在其它汇款单中,是否被重复付款。如果出现这种重复付款,审计站点会检举,并通知收款人拒绝签收汇款。

BitCoin只保证重复付款的行为能被检举,但不保证能被当场抓获。这是一个目前所有货币系统都存在的问题。

看看一个骗子的假设:

a. 某骗子开设了两个账号,A 和 B。他先把一枚BitCoin由账号A汇款到账号B,账号B立刻签收。但账户B签收汇款前,没有把汇款单广而告之。
  
b. 同时,骗子去C的网店买东西,他把同一枚BitCoin由账号A汇款到账号C。C收到汇款单后,等待几秒钟,如果各个审计网站没有检举,C就签收A的汇款,同时交付了商品。

c. 就在C等待的时候,骗子又把从A到B的汇款单广而告之,并且这是一个已经被B签收了的汇款单。因为从A到B的汇款单是合法的,这个汇款单被各个审计站点接受。

d. 等到C签收了A发来的汇款单,并广而告之时,各个审计网站会检举,说A到C的汇款单是重复付款,无效。虽然骗子被检举,但是C已经交付了商品,C被骗了。

为了防范重复付款,现行BitCoin的支付方式,可以强制付款人给收款人发汇款单时,必须同时把汇款单广而告之,这时汇款单尚未被签收。然后,当收款人签收汇款时,也必须再次广而告之,不过与第一次的不同在于,第二次广而告之的,是已经被签收的汇款单。

到目前为止,现代世界各银行的汇款系统也有此类诈骗问题,并不是BitCoin特有的缺陷。因为,目前即使在数学上还没有发现一个完全严谨的办法,能够彻底杜绝重复支付的发生。

审计(audit)

为了杜绝重复付款的欺诈行为,一个简单的办法是全球的人每次支付,先把汇款单提交给一个权威机构,例如Paypal。Paypal先收下付款人汇来的BitCoin,然后发另一枚 BitCoin 给实际收款人。这样可以保证收款人收到的 BitCoin不会有诈,但并不能保证Paypal从汇款人那里收到的BitCoin没有被重复支付/作假。---这是我们现实社会每天面对的现实。现实没有解决的问题,我们也不能就此苛刻BitCoin就能解决。

人们质疑BitCoin的一个原因就是去中心后,没有监控和背书。现在就来说说现实社会中不可垄断的“中心”监控的非安全性,天天都存在,银行的坏账之一是如何来的。

例,假如权威机构除了Paypal之外,还有支付宝等。付款人用同一枚BitCoin向两个收款人汇款,汇款时分别经过支付宝和Paypal。假如重复支付成功,两个收款人没有损失,但是支付宝和Paypal中,一定有一家机构被欺诈。

这种“中心”监控的防范欺诈的机制,不仅技术上有漏洞,没有解决任何问题,而且这种依赖权威机构的做法与BitCoin的群众路线/去中心的设计理念相违背。

反而,BitCoin的做法,更胜一筹。它是把任何一枚BitCoin,从诞生到当下,每一次交易都记录在案,而且按时间顺序串联起来。这就像古董,通常都附带历史记录,从制作出售之初,每一次转手,都被记录下来,这样有利于防范被冒牌顶替。

BitCoin 的每次记录都被广而告之,并且记录下来,并且连缀成串。这样,每一次 BitCoin的交易,不仅有付款人和收款人参与,而且有第三方审计人参与。审计人可以是专职机构,也可以是任何一台电脑。审计不仅能够及时发现违法操作,例如重复付款,而且即便当时漏网,事后也能回溯。

在BitCoin交易记录中串联的数据结构,有两点值得注意:

a. 为了提高审计效率,BitCoin 把多个交易(Transaction)合并成一个块(Block),同时用 Merkle Hash Tree,把这些交易详情组织起来。
  
如果想检查一个Block里是否包含有某个Transaction,最简单的办法是找到合适的私钥,把 Block,以及其中包含的Transactions,解密打开,然后逐一核对。很显然,这样的做法,既浪费时间,也很不安全。

使用 Merkle Tree的好处是:不需要解密开包,只需要把Transaction也Hash一下,然后把Hash的结果与Merkle Tree中各个中间节点的Hash值依次对比,然后轻松地确定Merkle Tree中,是否包含着指定的Transaction,如果有,找出它是哪一个叶子节点。

b。
如果每次交易,只包含一枚BitCoin,那么每枚BitCoin的历史记录就是一根单线。但是事实上,每次交易,可以涉及多枚BitCoins,所以交易的历史记录,不仅有单线,还有多根单线合并成(搅成)一根线的情况。

这个搅成,不仅有合并,还有分叉,这种情况出现在A给B汇款了多枚BitCoins,B签收了这笔汇款交易后,又把多枚BitCoins转手分发给了多个收款人。

不仅 BitCoin的历史记录有多线合并成单线,又有单线分叉成多线。而且一枚 BitCoin 还可以分裂成多个小币。这样问题就出现了。大家想想,现实中的现代银行面对这样的问题是如何处理的,也是很有趣的问题。

铸币(mintage

在BitCoin 体系中,任何参与审计的人,都自动参与货币的生产。货币的生产,即铸(mintage)的过程,在BitCoin体系中被称为挖金矿(gold mining)。

从技术上讲,审计和铸币完全是可以拆分的两件事情。把铸币权与参与审计绑定在一起,是游戏规则的设定,目的是发动群众,共同维护BitCoin的体系诚信。

另外,BitCoin的总蕴藏量,被预先设定了上限。这样做的目的,是通过限制货币流通量,遏制通货膨胀。未来为了让更多的人使用Bitcoin,这个上限是可以改变的,但只能是类似股票的一分二,而不能是乱印钱的“量化宽松”。

从技术上来看,完全可以把 BitCoin体系当成一个工具箱,用这些工具,配置不同的规则,从而创造另一种货币体系。这就是BitCoin系统揭示的伟大意义:未来的现实银行系统多少也会借用BitCoin系统的机制。
 
例如,我们完全可以建一个全球各国政府使用的流通货币的现实系统:
 
a. 可以设定只有各国"政府"才有资格挖金矿,把世界流通货币的铸币权收归政府。
b. 设定全球货币的流通上限。然后根据新增财富,把原有货币一分二,以期增加货币发行,但不是量化宽松的胡乱加印。

c. 可以通过公开认证,给每个付款人设定信用值,用于加快支付签收速度。每次
跳票,信用值减一,底线基础是现付。

d. 也可以通过保险,让每一笔汇款交易的收款人,立刻签收汇款。如果出现重复付款,保险公司赔付。这个保险就是杠杆衍生品的基础,为了防范金融危机,“全球货币系统”比须严格加以规管--- 比如只能1:2为上限。
 
e. 虽然理论上每个人(实际上是每台电脑)都有资格成为审计员,实际上,必定会出现大型机构,凭借强大的计算和存储能力,成为专业审计机构。这是必须归管的一个问题。如何设置规则,可以仿造Bitcoin系统的设置再加权,如果有一个可实现的可控算法的话。

这个系统不是不可能。因为有了bitcoin,同样也会有别的电子系统,类似Litecoin的发展,就表明了多元的趋势。电子货币的人类趋向,已经形成,不会以你的好恶而改变。虽然
现实的既得利益货币资本会百般阻挠,它注定还有漫长的路要走。一个新鲜事物的出现本来就不容易,他要在万般竞争中立有一足之地,当然不是顺风顺雨顺水人情,他是一场一个事物代替一个事物,一个朝代代替另一个朝代的壮举,非一日一朝之功可为。

关于GPU挖掘快于CPU挖掘的讨论你可以google。下面是Tom’s hardware讨论的中低档
GPU挖掘性能的比较(仅供参考):

AMD leads the way, as it has in the past, though the differences between this generation and last are very small.、

Listing my bitcoin addresses

Listing the bitcoin addresses in your wallet is easily done via listreceivedbyaddress. It normally lists only addresses which already have received transactions, however you can list all the addresses by setting the first argument to 0, and the second one to true.

Accounts are used to organize addresses.

Full list

Required arguments are denoted inside Optional arguments are inside [ and ].

Command Parameters Description Requires unlocked wallet? (v0.4.0+)
addmultisigaddress [account] Add a nrequired-to-sign multisignature address to the wallet. Each key is a bitcoin address or hex-encoded public key. If [account] is specified, assign address to [account]. N
addnode version 0.8 Attempts add or remove from the addnode list or try a connection to once. N
backupwallet Safely copies wallet.dat to destination, which can be a directory or a path with filename. N
createmultisig Creates a multi-signature address and returns a json object  
createrawtransaction [{"txid":txid,"vout":n},...] {address:amount,...} version 0.7 Creates a raw transaction spending given inputs. N
decoderawtransaction version 0.7 Produces a human-readable JSON object for a raw transaction. N
dumpprivkey Reveals the private key corresponding to Y
encryptwallet Encrypts the wallet with . N
getaccount Returns the account associated with the given address. N
getaccountaddress Returns the current bitcoin address for receiving payments to this account. N
getaddednodeinfo [node] version 0.8 Returns information about the given added node, or all added nodes

(note that onetry addnodes are not listed here) If dns is false, only a list of added nodes will be provided, otherwise connected information will also be available.

getaddressesbyaccount Returns the list of addresses for the given account. N
getbalance [account] [minconf=1] If [account] is not specified, returns the server's total available balance.
If [account] is specified, returns the balance in the account.
N
getbestblockhash   recent git checkouts only Returns the hash of the best (tip) block in the longest block chain. N
getblock Returns information about the block with the given hash. N
getblockcount   Returns the number of blocks in the longest block chain. N
getblockhash Returns hash of block in best-block-chain at ; index 0 is the genesis block N
getblocknumber   Deprecated. Removed in version 0.7. Use getblockcount. N
getblocktemplate [params] Returns data needed to construct a block to work on. See BIP_0022 for more info on params. N
getconnectioncount   Returns the number of connections to other nodes. N
getdifficulty   Returns the proof-of-work difficulty as a multiple of the minimum difficulty. N
getgenerate   Returns true or false whether bitcoind is currently generating hashes N
gethashespersec   Returns a recent hashes per second performance measurement while generating. N
getinfo   Returns an object containing various state info. N
getmemorypool [data] Replaced in v0.7.0 with getblocktemplate, submitblock, getrawmempool``` N
getmininginfo   Returns an object containing mining-related information:
  • blocks
  • currentblocksize
  • currentblocktx
  • difficulty
  • errors
  • generate
  • genproclimit
  • hashespersec
  • pooledtx
  • testnet
N
getnewaddress [account] Returns a new bitcoin address for receiving payments. If [account] is specified (recommended), it is added to the address book so payments received with the address will be credited to [account]. N
getpeerinfo   version 0.7 Returns data about each connected node. N
getrawchangeaddress [account] recent git checkouts only Returns a new Bitcoin address, for receiving change. This is for use with raw transactions, NOT normal use. Y
getrawmempool   version 0.7 Returns all transaction ids in memory pool N
getrawtransaction [verbose=0] version 0.7 Returns raw transaction representation for given transaction id. N
getreceivedbyaccount [account] [minconf=1] Returns the total amount received by addresses with [account] in transactions with at least [minconf] confirmations. If [account] not provided return will include all transactions to all accounts. (version 0.3.24) N
getreceivedbyaddress [minconf=1] Returns the amount received by in transactions with at least [minconf] confirmations. It correctly handles the case where someone has sent to the address in multiple transactions. Keep in mind that addresses are only ever used for receiving transactions. Works only for addresses in the local wallet, external addresses will always show 0. N
gettransaction Returns an object about the given transaction containing:
  • "amount" : total amount of the transaction
  • "confirmations" : number of confirmations of the transaction
  • "txid" : the transaction ID
  • "time" : time associated with the transaction[1].
  • "details" - An array of objects containing:
    • "account"
    • "address"
    • "category"
    • "amount"
    • "fee"
N
gettxout [includemempool=true] Returns details about an unspent transaction output (UTXO) N
gettxoutsetinfo   Returns statistics about the unspent transaction output (UTXO) set N
getwork [data] If [data] is not specified, returns formatted hash data to work on:
  • "midstate" : precomputed hash state after hashing the first half of the data
  • "data" : block data
  • "hash1" : formatted hash buffer for second hash
  • "target" : little endian hash target

If [data] is specified, tries to solve the block and returns true if it was successful.

N
help [command] List commands, or get help for a command. N
importprivkey [label] [rescan=true] Adds a private key (as returned by dumpprivkey) to your wallet. This may take a while, as a rescan is done, looking for existing transactions. Optional [rescan] parameter added in 0.8.0. Y
keypoolrefill   Fills the keypool, requires wallet passphrase to be set. Y
listaccounts [minconf=1] Returns Object that has account names as keys, account balances as values. N
listaddressgroupings   version 0.7 Returns all addresses in the wallet and info used for coincontrol. N
listreceivedbyaccount [minconf=1] [includeempty=false] Returns an array of objects containing:
  • "account" : the account of the receiving addresses
  • "amount" : total amount received by addresses with this account
  • "confirmations" : number of confirmations of the most recent transaction included
N
listreceivedbyaddress [minconf=1] [includeempty=false] Returns an array of objects containing:
  • "address" : receiving address
  • "account" : the account of the receiving address
  • "amount" : total amount received by the address
  • "confirmations" : number of confirmations of the most recent transaction included

To get a list of accounts on the system, execute bitcoind listreceivedbyaddress 0 true

N
listsinceblock [blockhash] [target-confirmations] Get all transactions in blocks since block [blockhash], or all transactions if omitted. N
listtransactions [account] [count=10] [from=0] Returns up to [count] most recent transactions skipping the first [from] transactions for account [account]. If [account] not provided will return recent transaction from all accounts. N
listunspent [minconf=1] [maxconf=999999] version 0.7 Returns array of unspent transaction inputs in the wallet. N
listlockunspent   version 0.8 Returns list of temporarily unspendable outputs
lockunspent   version 0.8 Updates list of temporarily unspendable outputs
move [minconf=1] [comment] Move from one account in your wallet to another N
sendfrom [minconf=1] [comment] [comment-to] is a real and is rounded to 8 decimal places. Will send the given amount to the given address, ensuring the account has a valid balance using [minconf] confirmations. Returns the transaction ID if successful (not in JSON object). Y
sendmany {address:amount,...} [minconf=1] [comment] amounts are double-precision floating point numbers Y
sendrawtransaction version 0.7 Submits raw transaction (serialized, hex-encoded) to local node and network. N
sendtoaddress [comment] [comment-to] is a real and is rounded to 8 decimal places. Returns the transaction ID if successful. Y
setaccount Sets the account associated with the given address. Assigning address that is already assigned to the same account will create a new address associated with that account. N
setgenerate [genproclimit] is true or false to turn generation on or off.
Generation is limited to [genproclimit] processors, -1 is unlimited.
N
settxfee is a real and is rounded to the nearest 0.00000001 N
signmessage Sign a message with the private key of an address. Y
signrawtransaction [{"txid":txid,"vout":n,"scriptPubKey":hex},...] [ ,...] version 0.7 Adds signatures to a raw transaction and returns the resulting raw transaction. Y/N
stop   Stop bitcoin server. N
submitblock [optional-params-obj] Attempts to submit new block to network. N
validateaddress Return information about . N
verifymessage Verify a signed message. N
walletlock   Removes the wallet encryption key from memory, locking the wallet. After calling this method, you will need to call walletpassphrase again before being able to call any methods which require the wallet to be unlocked. N
walletpassphrase Stores the wallet decryption key in memory for seconds. N
walletpassphrasechange Changes the wallet passphrase from to . N

下面有时间的话,我们还会谈Bitcoin方面的黑客问题和Bitcoin的丢失问题和消失问题。
 
虽闲不散 发表评论于
专业性还是很强,再来个更大众版。
登录后才可评论.