空手一方客

收獲了一種恬靜的生活, 像一條波瀾不驚的小河, 流過春夏 流過秋冬
個人資料
  • 博客訪問:
正文

電子貨幣(6):BitCoin的工作原理 (大眾版)

(2013-12-02 00:10:25) 下一個

BitCoin夠熱了,熱得讓人搞不清東西。現在看看BitCoin的技術原理,看看到底它能解決什麽問題,還有什麽缺陷,還有什麽發展的空間。

作為流通貨幣,都有四個方麵: 交易(transaction), 支付提兌(payment),審計(audit), 鑄幣(mintage)。現在就來看看bitcoin在這四個方麵的表現。
  
交易(transaction) 
 
交易的基本訴求,就是付款人(payer)匯款給收款人(payee)。其技術的挑戰就是加密(cryptography),原因是不能讓第三者截獲或篡改匯款金額。

BitCoin的交易加密方式沿用了現成的,基於公鑰(public-key)私鑰(private-key)的非對稱加密體係(asymmetriccryptography)。這裏沒有什麽創新,都是現成的算法。

現在看看Owner0給Owner1交易的過程:

a。Owner0 先找到Owner1的公鑰,然後用Owner1的公鑰(Public Key)把匯款詳情加密。這樣,隻有Owner1 本人用自己的私鑰(PrivateKey),才能打開加了密的匯款詳情。

   
b。為了方便 Owner1驗證這筆匯款的確來自Owner0,而不是別人,Owner0發出的匯款單裏,除了有加了密的匯款詳情,還有Owner0的數字簽名(Signature)。Owner1拿到匯款時,為了驗證這筆匯款的確來自Owner0,他可以用 Owner0 的公鑰,來驗證匯款單中 Owner0的數字簽名。
 
c。Owner0發出匯款單時,匯款單不僅僅投遞到Owner1,而且還要廣而告之,任何人隻要願意參與BitCoin審計,都可以收到全球所有人發出的所有匯款單。---這一條是非常重要的,現實貨幣流通時不存在的特征。

d。沿用 1、2、3 的原理,Owner1 給 Owner2 匯款,然後 Owner2 給 Owner3匯款。BitCoin 通過Hash機製,把涉及同一枚BitCoin的所有匯款交易(Tranaction)串連起來,目的是為了追查重複付款(double spending)的欺詐行為。

支付(payment)

當付款人(payer)向收款人(payee)發出匯款交易(transaction)後,支付過程(payment)並沒有完成。直到收款人簽收了匯款以後,支付過程才算正式結束。

在收款人接受匯款以前,他必須確認匯款人沒有重複付款(double spending),就是說沒有一款兩付:你不能把一筆錢同時付給兩個人或多個人;也沒有類似於紙幣是假鈔等。

BitCoin驗證重複付款的辦法,是靠群眾檢舉。當收款人收到匯款時,他把匯款單廣而告之。審計站點收到廣而告之的匯款單時,會檢查匯款單中涉及的BitCoin,是否出現在其它匯款單中,是否被重複付款。如果出現這種重複付款,審計站點會檢舉,並通知收款人拒絕簽收匯款。

BitCoin隻保證重複付款的行為能被檢舉,但不保證能被當場抓獲。這是一個目前所有貨幣係統都存在的問題。

看看一個騙子的假設:

a. 某騙子開設了兩個賬號,A 和 B。他先把一枚BitCoin由賬號A匯款到賬號B,賬號B立刻簽收。但賬戶B簽收匯款前,沒有把匯款單廣而告之。
  
b. 同時,騙子去C的網店買東西,他把同一枚BitCoin由賬號A匯款到賬號C。C收到匯款單後,等待幾秒鍾,如果各個審計網站沒有檢舉,C就簽收A的匯款,同時交付了商品。

c. 就在C等待的時候,騙子又把從A到B的匯款單廣而告之,並且這是一個已經被B簽收了的匯款單。因為從A到B的匯款單是合法的,這個匯款單被各個審計站點接受。

d. 等到C簽收了A發來的匯款單,並廣而告之時,各個審計網站會檢舉,說A到C的匯款單是重複付款,無效。雖然騙子被檢舉,但是C已經交付了商品,C被騙了。

為了防範重複付款,現行BitCoin的支付方式,可以強製付款人給收款人發匯款單時,必須同時把匯款單廣而告之,這時匯款單尚未被簽收。然後,當收款人簽收匯款時,也必須再次廣而告之,不過與第一次的不同在於,第二次廣而告之的,是已經被簽收的匯款單。

到目前為止,現代世界各銀行的匯款係統也有此類詐騙問題,並不是BitCoin特有的缺陷。因為,目前即使在數學上還沒有發現一個完全嚴謹的辦法,能夠徹底杜絕重複支付的發生。

審計(audit)

為了杜絕重複付款的欺詐行為,一個簡單的辦法是全球的人每次支付,先把匯款單提交給一個權威機構,例如Paypal。Paypal先收下付款人匯來的BitCoin,然後發另一枚 BitCoin 給實際收款人。這樣可以保證收款人收到的 BitCoin不會有詐,但並不能保證Paypal從匯款人那裏收到的BitCoin沒有被重複支付/作假。---這是我們現實社會每天麵對的現實。現實沒有解決的問題,我們也不能就此苛刻BitCoin就能解決。

人們質疑BitCoin的一個原因就是去中心後,沒有監控和背書。現在就來說說現實社會中不可壟斷的“中心”監控的非安全性,天天都存在,銀行的壞賬之一是如何來的。

例,假如權威機構除了Paypal之外,還有支付寶等。付款人用同一枚BitCoin向兩個收款人匯款,匯款時分別經過支付寶和Paypal。假如重複支付成功,兩個收款人沒有損失,但是支付寶和Paypal中,一定有一家機構被欺詐。

這種“中心”監控的防範欺詐的機製,不僅技術上有漏洞,沒有解決任何問題,而且這種依賴權威機構的做法與BitCoin的群眾路線/去中心的設計理念相違背。

反而,BitCoin的做法,更勝一籌。它是把任何一枚BitCoin,從誕生到當下,每一次交易都記錄在案,而且按時間順序串聯起來。這就像古董,通常都附帶曆史記錄,從製作出售之初,每一次轉手,都被記錄下來,這樣有利於防範被冒牌頂替。

BitCoin 的每次記錄都被廣而告之,並且記錄下來,並且連綴成串。這樣,每一次 BitCoin的交易,不僅有付款人和收款人參與,而且有第三方審計人參與。審計人可以是專職機構,也可以是任何一台電腦。審計不僅能夠及時發現違法操作,例如重複付款,而且即便當時漏網,事後也能回溯。

在BitCoin交易記錄中串聯的數據結構,有兩點值得注意:

a. 為了提高審計效率,BitCoin 把多個交易(Transaction)合並成一個塊(Block),同時用 Merkle Hash Tree,把這些交易詳情組織起來。
  
如果想檢查一個Block裏是否包含有某個Transaction,最簡單的辦法是找到合適的私鑰,把 Block,以及其中包含的Transactions,解密打開,然後逐一核對。很顯然,這樣的做法,既浪費時間,也很不安全。

使用 Merkle Tree的好處是:不需要解密開包,隻需要把Transaction也Hash一下,然後把Hash的結果與Merkle Tree中各個中間節點的Hash值依次對比,然後輕鬆地確定Merkle Tree中,是否包含著指定的Transaction,如果有,找出它是哪一個葉子節點。

b。
如果每次交易,隻包含一枚BitCoin,那麽每枚BitCoin的曆史記錄就是一根單線。但是事實上,每次交易,可以涉及多枚BitCoins,所以交易的曆史記錄,不僅有單線,還有多根單線合並成(攪成)一根線的情況。

這個攪成,不僅有合並,還有分叉,這種情況出現在A給B匯款了多枚BitCoins,B簽收了這筆匯款交易後,又把多枚BitCoins轉手分發給了多個收款人。

不僅 BitCoin的曆史記錄有多線合並成單線,又有單線分叉成多線。而且一枚 BitCoin 還可以分裂成多個小幣。這樣問題就出現了。大家想想,現實中的現代銀行麵對這樣的問題是如何處理的,也是很有趣的問題。

鑄幣(mintage

在BitCoin 體係中,任何參與審計的人,都自動參與貨幣的生產。貨幣的生產,即鑄(mintage)的過程,在BitCoin體係中被稱為挖金礦(gold mining)。

從技術上講,審計和鑄幣完全是可以拆分的兩件事情。把鑄幣權與參與審計綁定在一起,是遊戲規則的設定,目的是發動群眾,共同維護BitCoin的體係誠信。

另外,BitCoin的總蘊藏量,被預先設定了上限。這樣做的目的,是通過限製貨幣流通量,遏製通貨膨脹。未來為了讓更多的人使用Bitcoin,這個上限是可以改變的,但隻能是類似股票的一分二,而不能是亂印錢的“量化寬鬆”。

從技術上來看,完全可以把 BitCoin體係當成一個工具箱,用這些工具,配置不同的規則,從而創造另一種貨幣體係。這就是BitCoin係統揭示的偉大意義:未來的現實銀行係統多少也會借用BitCoin係統的機製。
 
例如,我們完全可以建一個全球各國政府使用的流通貨幣的現實係統:
 
a. 可以設定隻有各國"政府"才有資格挖金礦,把世界流通貨幣的鑄幣權收歸政府。
b. 設定全球貨幣的流通上限。然後根據新增財富,把原有貨幣一分二,以期增加貨幣發行,但不是量化寬鬆的胡亂加印。

c. 可以通過公開認證,給每個付款人設定信用值,用於加快支付簽收速度。每次
跳票,信用值減一,底線基礎是現付。

d. 也可以通過保險,讓每一筆匯款交易的收款人,立刻簽收匯款。如果出現重複付款,保險公司賠付。這個保險就是杠杆衍生品的基礎,為了防範金融危機,“全球貨幣係統”比須嚴格加以規管--- 比如隻能1:2為上限。
 
e. 雖然理論上每個人(實際上是每台電腦)都有資格成為審計員,實際上,必定會出現大型機構,憑借強大的計算和存儲能力,成為專業審計機構。這是必須歸管的一個問題。如何設置規則,可以仿造Bitcoin係統的設置再加權,如果有一個可實現的可控算法的話。

這個係統不是不可能。因為有了bitcoin,同樣也會有別的電子係統,類似Litecoin的發展,就表明了多元的趨勢。電子貨幣的人類趨向,已經形成,不會以你的好惡而改變。雖然
現實的既得利益貨幣資本會百般阻撓,它注定還有漫長的路要走。一個新鮮事物的出現本來就不容易,他要在萬般競爭中立有一足之地,當然不是順風順雨順水人情,他是一場一個事物代替一個事物,一個朝代代替另一個朝代的壯舉,非一日一朝之功可為。

關於GPU挖掘快於CPU挖掘的討論你可以google。下麵是Tom’s hardware討論的中低檔
GPU挖掘性能的比較(僅供參考):

AMD leads the way, as it has in the past, though the differences between this generation and last are very small.、

Listing my bitcoin addresses

Listing the bitcoin addresses in your wallet is easily done via listreceivedbyaddress. It normally lists only addresses which already have received transactions, however you can list all the addresses by setting the first argument to 0, and the second one to true.

Accounts are used to organize addresses.

Full list

Required arguments are denoted inside < and > Optional arguments are inside [ and ].

Command Parameters Description Requires unlocked wallet? (v0.4.0+)
addmultisigaddress <'["key","key"]'> [account] Add a nrequired-to-sign multisignature address to the wallet. Each key is a bitcoin address or hex-encoded public key. If [account] is specified, assign address to [account]. N
addnode version 0.8 Attempts add or remove from the addnode list or try a connection to once. N
backupwallet Safely copies wallet.dat to destination, which can be a directory or a path with filename. N
createmultisig <'["key,"key"]'> Creates a multi-signature address and returns a json object  
createrawtransaction [{"txid":txid,"vout":n},...] {address:amount,...} version 0.7 Creates a raw transaction spending given inputs. N
decoderawtransaction version 0.7 Produces a human-readable JSON object for a raw transaction. N
dumpprivkey Reveals the private key corresponding to Y
encryptwallet Encrypts the wallet with . N
getaccount Returns the account associated with the given address. N
getaccountaddress Returns the current bitcoin address for receiving payments to this account. N
getaddednodeinfo [node] version 0.8 Returns information about the given added node, or all added nodes

(note that onetry addnodes are not listed here) If dns is false, only a list of added nodes will be provided, otherwise connected information will also be available.

getaddressesbyaccount Returns the list of addresses for the given account. N
getbalance [account] [minconf=1] If [account] is not specified, returns the server's total available balance.
If [account] is specified, returns the balance in the account.
N
getbestblockhash   recent git checkouts only Returns the hash of the best (tip) block in the longest block chain. N
getblock Returns information about the block with the given hash. N
getblockcount   Returns the number of blocks in the longest block chain. N
getblockhash Returns hash of block in best-block-chain at ; index 0 is the genesis block N
getblocknumber   Deprecated. Removed in version 0.7. Use getblockcount. N
getblocktemplate [params] Returns data needed to construct a block to work on. See BIP_0022 for more info on params. N
getconnectioncount   Returns the number of connections to other nodes. N
getdifficulty   Returns the proof-of-work difficulty as a multiple of the minimum difficulty. N
getgenerate   Returns true or false whether bitcoind is currently generating hashes N
gethashespersec   Returns a recent hashes per second performance measurement while generating. N
getinfo   Returns an object containing various state info. N
getmemorypool [data] Replaced in v0.7.0 with getblocktemplate, submitblock, getrawmempool``` N
getmininginfo   Returns an object containing mining-related information:
  • blocks
  • currentblocksize
  • currentblocktx
  • difficulty
  • errors
  • generate
  • genproclimit
  • hashespersec
  • pooledtx
  • testnet
N
getnewaddress [account] Returns a new bitcoin address for receiving payments. If [account] is specified (recommended), it is added to the address book so payments received with the address will be credited to [account]. N
getpeerinfo   version 0.7 Returns data about each connected node. N
getrawchangeaddress [account] recent git checkouts only Returns a new Bitcoin address, for receiving change. This is for use with raw transactions, NOT normal use. Y
getrawmempool   version 0.7 Returns all transaction ids in memory pool N
getrawtransaction [verbose=0] version 0.7 Returns raw transaction representation for given transaction id. N
getreceivedbyaccount [account] [minconf=1] Returns the total amount received by addresses with [account] in transactions with at least [minconf] confirmations. If [account] not provided return will include all transactions to all accounts. (version 0.3.24) N
getreceivedbyaddress [minconf=1] Returns the amount received by in transactions with at least [minconf] confirmations. It correctly handles the case where someone has sent to the address in multiple transactions. Keep in mind that addresses are only ever used for receiving transactions. Works only for addresses in the local wallet, external addresses will always show 0. N
gettransaction Returns an object about the given transaction containing:
  • "amount" : total amount of the transaction
  • "confirmations" : number of confirmations of the transaction
  • "txid" : the transaction ID
  • "time" : time associated with the transaction[1].
  • "details" - An array of objects containing:
    • "account"
    • "address"
    • "category"
    • "amount"
    • "fee"
N
gettxout [includemempool=true] Returns details about an unspent transaction output (UTXO) N
gettxoutsetinfo   Returns statistics about the unspent transaction output (UTXO) set N
getwork [data] If [data] is not specified, returns formatted hash data to work on:
  • "midstate" : precomputed hash state after hashing the first half of the data
  • "data" : block data
  • "hash1" : formatted hash buffer for second hash
  • "target" : little endian hash target

If [data] is specified, tries to solve the block and returns true if it was successful.

N
help [command] List commands, or get help for a command. N
importprivkey [label] [rescan=true] Adds a private key (as returned by dumpprivkey) to your wallet. This may take a while, as a rescan is done, looking for existing transactions. Optional [rescan] parameter added in 0.8.0. Y
keypoolrefill   Fills the keypool, requires wallet passphrase to be set. Y
listaccounts [minconf=1] Returns Object that has account names as keys, account balances as values. N
listaddressgroupings   version 0.7 Returns all addresses in the wallet and info used for coincontrol. N
listreceivedbyaccount [minconf=1] [includeempty=false] Returns an array of objects containing:
  • "account" : the account of the receiving addresses
  • "amount" : total amount received by addresses with this account
  • "confirmations" : number of confirmations of the most recent transaction included
N
listreceivedbyaddress [minconf=1] [includeempty=false] Returns an array of objects containing:
  • "address" : receiving address
  • "account" : the account of the receiving address
  • "amount" : total amount received by the address
  • "confirmations" : number of confirmations of the most recent transaction included

To get a list of accounts on the system, execute bitcoind listreceivedbyaddress 0 true

N
listsinceblock [blockhash] [target-confirmations] Get all transactions in blocks since block [blockhash], or all transactions if omitted. N
listtransactions [account] [count=10] [from=0] Returns up to [count] most recent transactions skipping the first [from] transactions for account [account]. If [account] not provided will return recent transaction from all accounts. N
listunspent [minconf=1] [maxconf=999999] version 0.7 Returns array of unspent transaction inputs in the wallet. N
listlockunspent   version 0.8 Returns list of temporarily unspendable outputs
lockunspent   version 0.8 Updates list of temporarily unspendable outputs
move [minconf=1] [comment] Move from one account in your wallet to another N
sendfrom [minconf=1] [comment] [comment-to] is a real and is rounded to 8 decimal places. Will send the given amount to the given address, ensuring the account has a valid balance using [minconf] confirmations. Returns the transaction ID if successful (not in JSON object). Y
sendmany {address:amount,...} [minconf=1] [comment] amounts are double-precision floating point numbers Y
sendrawtransaction version 0.7 Submits raw transaction (serialized, hex-encoded) to local node and network. N
sendtoaddress [comment] [comment-to] is a real and is rounded to 8 decimal places. Returns the transaction ID if successful. Y
setaccount Sets the account associated with the given address. Assigning address that is already assigned to the same account will create a new address associated with that account. N
setgenerate [genproclimit] is true or false to turn generation on or off.
Generation is limited to [genproclimit] processors, -1 is unlimited.
N
settxfee is a real and is rounded to the nearest 0.00000001 N
signmessage Sign a message with the private key of an address. Y
signrawtransaction [{"txid":txid,"vout":n,"scriptPubKey":hex},...] [ ,...] version 0.7 Adds signatures to a raw transaction and returns the resulting raw transaction. Y/N
stop   Stop bitcoin server. N
submitblock [optional-params-obj] Attempts to submit new block to network. N
validateaddress Return information about . N
verifymessage Verify a signed message. N
walletlock   Removes the wallet encryption key from memory, locking the wallet. After calling this method, you will need to call walletpassphrase again before being able to call any methods which require the wallet to be unlocked. N
walletpassphrase Stores the wallet decryption key in memory for seconds. N
walletpassphrasechange Changes the wallet passphrase from to . N

下麵有時間的話,我們還會談Bitcoin方麵的黑客問題和Bitcoin的丟失問題和消失問題。
 
[ 打印 ]
閱讀 ()評論 (1)
評論
雖閑不散 回複 悄悄話 專業性還是很強,再來個更大眾版。
登錄後才可評論.