1. What is Bitcoin?

Bitcoin is an electronic currency (digital currency), and Bitcoin is a currency based on cryptography. On November 1, 2008, Satoshi Nakamoto (I don’t know whether it is a human or an AI, an organization or an individual?) proposed the concept of Bitcoin. He published a paper on Bitcoin, which is now the white paper of Bitcoin.

In this whiter paper, a decentralized electronic bookkeeping system is proposed. The traditional electronic cash is used by the bank to keep accounts, because the bank is behind the country’s credit, and the decentralized electronic bookkeeping system is shared by the participants. Account. People obtain bitcoins through mining, and complete payment through public accounting.

2. The principle of blockchain

(1). Merkel Tree

Hash tree or Merkel tree is a tree in which each leaf node is marked with the password hash of the data block, and each non-leaf node is marked with the password of its child node label. Greek mark. . Hash trees allow effective and safe verification of the contents of large data structures. Hash tree is a generalization of hash list and hash chain. In order to prove that a leaf node is part of a given binary hash tree, it is necessary to calculate the number of hashes that is proportional to the logarithm of the number of leaf nodes of the tree. This is the opposite of the hash list, and the number of the hash list is the same as the leaf node itself. Is directly proportional to the number.

This is an example of a binary hash tree. Hash 0-0 and 0-1 are the hash values ​​of data blocks L1 and L2, respectively, and hash 0 is the concatenation of hashes 0-0 and 0-1.

(2). Block and blockchain

There are many blocks in blockchain, these blocks are encrypted using links, and each block contains a block header and transaction information (usually ** Merkel tree ** means), the header information contains the hash sequence and the timestamp. According to the design, the blockchain can resist the modification of its data. This is because once recorded, the data in any given block cannot be changed retrospectively without changing all subsequent blocks.

Logically speaking, the blockchain can be seen as consisting of 5 layers:

  1. Infrastructure (hardware)
  2. Network (node ​​discovery, information dissemination and verification)
  3. Consensus (proof of work, certificate of shareholding)
  4. Data (blocks, transactions)
  5. Apps (dApps)
    Because the data in any given block cannot be changed retrospectively, without changing all subsequent blocks.

The formation of the blockchain. The main chain (black) consists of the longest series of blocks from the founding block (green) to the current block. There are isolated blocks (purple) outside the main chain.

Allow participants to verify and review transactions independently and relatively cheaply. Use peer-to-peer networks and distributed timestamp servers to independently manage blockchain databases. They certify that they carry collective self-interest through large-scale collaboration. Such a design promotes a robust workflow in which participants’ uncertainty about data security is negligible. The use of blockchain eliminates the infinite reproducibility of digital assets. It confirmed that each unit of value was transferred only once, thus solving the long-standing double-spending problem. Blockchain has been described as a value exchange protocol. Blockchain can maintain ownership because when properly set up to detail the exchange agreement, it can provide a record of mandatory offers and acceptances.

A simple example: A transaction was initiated among the four persons on ABCD. Among them, A transferred 100 bitcoins to B. Because this is a decentralized accounting method. Therefore, each of these four people will record this transaction on their own ledger, and will record the transfer of 100 Bitcoins from A to B. This is a piece of transaction information that will be recorded in the block ** Each block is 1MB in size and can store about 4k pieces of information. ** In this section, why would I use A as the standard to notify others? Who will we use in normal trading? And why should we keep accounts? Is it good for us? These are all problems encountered in design.

3. Reasons for using blockchain for accounting

As it is said that there is no benefit, Satoshi Nakamoto mentioned the incentive scheme in his paper on the design of blockchain. The person who keeps the book will get two kinds of benefits: the first is rewards for handling fees, and the second is rewards for packaging blocks (rewards from the system). The initiation of each transaction will charge the user a small fee, and these fees will be rewarded to the users who book the package. In the second reward, the system rewards the person who booked the package. In Satoshi Nakamoto’s paper, he wrote that this system will generate a block every ten minutes, and every time a block is generated, a certain amount of Bitcoin will be rewarded. Since 2008, it has been 50 bitcoins, which will decay by half every four years. By analogy, the number of bitcoins obtained will decrease. According to this algorithm, we can calculate that there are about 21 million Bitcoins in the world, so Bitcoin will become more and more difficult to mine over time.

4. Who is the so-called “center” in each block

(1). Obtain the power of packaging through the proof-of-work mechanism

Satoshi Nakamoto also wrote in the paper that each user or node will compete for the power of bookkeeping through a proof-of-work mechanism. The first user that can be calculated for each block is the producer of the next block. The only way to select users through proof of work is to let users solve “mathematics” problems. This mathematical problem is based on the SHA256 algorithm, so the only way is to try one by one. Whoever gets the answer to this question first will be eligible for packaging. This is also called the so-called ** Mining**.

(2). SHA256 algorithm

The Secure Hash (SHA) algorithm is a series of cryptographic hash functions issued by the National Institute of Standards and Technology as the U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-1 and SHA-2 are two different versions of this algorithm. They differ in structure (the way the resulting hash is created from the original data) and the bit length of the signature. SHA-2 is regarded as the successor to SHA-1 because it is an overall improvement. First of all, people regard the position length as an important difference. SHA-1 is a 160-bit hash. SHA-2 is actually a “hash” series, and has various lengths, the most popular is 256-bit (SHA256), The final output is a 256-bit binary number. The following is the pseudo code of the SHA256 algorithm:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
Initialize hash values:
(first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
h0 := 0x6a09e667
h1 := 0xbb67ae85
h2 := 0x3c6ef372
h3 := 0xa54ff53a
h4 := 0x510e527f
h5 := 0x9b05688c
h6 := 0x1f83d9ab
h7 := 0x5be0cd19

Initialize array of round constants:
(first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311):
k[0..63] :=
   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

Pre-processing (Padding):
begin with the original message of length L bits
append a single '1' bit
append K '0' bits, where K is the minimum number >= 0 such that L + 1 + K + 64 is a multiple of 512
append L as a 64-bit big-endian integer, making the total post-processed length a multiple of 512 bits
such that the bits in the message are L 1 00..<K 0's>..00 <L as 64 bit integer> = k*512 total bits

Process the message in successive 512-bit chunks:
break message into 512-bit chunks
for each chunk
    create a 64-entry message schedule array w[0..63] of 32-bit words
    (The initial values in w[0..63] don't matter, so many implementations zero them here)
    copy chunk into first 16 words w[0..15] of the message schedule array

    Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array:
    for i from 16 to 63
        s0 := (w[i-15] rightrotate  7) xor (w[i-15] rightrotate 18) xor (w[i-15] rightshift  3)
        s1 := (w[i- 2] rightrotate 17) xor (w[i- 2] rightrotate 19) xor (w[i- 2] rightshift 10)
        w[i] := w[i-16] + s0 + w[i-7] + s1

    Initialize working variables to current hash value:
    a := h0
    b := h1
    c := h2
    d := h3
    e := h4
    f := h5
    g := h6
    h := h7

    Compression function main loop:
    for i from 0 to 63
        S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25)
        ch := (e and f) xor ((not e) and g)
        temp1 := h + S1 + ch + k[i] + w[i]
        S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22)
        maj := (a and b) xor (a and c) xor (b and c)
        temp2 := S0 + maj
 
        h := g
        g := f
        f := e
        e := d + temp1
        d := c
        c := b
        b := a
        a := temp1 + temp2

    Add the compressed chunk to the current hash value:
    h0 := h0 + a
    h1 := h1 + b
    h2 := h2 + c
    h3 := h3 + d
    h4 := h4 + e
    h5 := h5 + f
    h6 := h6 + g
    h7 := h7 + h

Produce the final hash value (big-endian):
digest := hash := h0 append h1 append h2 append h3 append h4 append h5 append h6 append h7

(3). SHA256 core algorithm code formed by C++ language

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#pragma once
 
#ifndef SHA256_H
#define SHA256_H
#include <string>
 
class SHA256
{
protected:
	typedef unsigned char uint8;
	typedef unsigned int uint32;
	typedef unsigned long long uint64;
 
	const static uint32 sha256_k[];
	static const unsigned int SHA224_256_BLOCK_SIZE = (512 / 8);
public:
	void init();
	void update(const unsigned char* message, unsigned int len);
	void final(unsigned char* digest);
	static const unsigned int DIGEST_SIZE = (256 / 8);
 
protected:
	void transform(const unsigned char* message, unsigned int block_nb);
	unsigned int m_tot_len;
	unsigned int m_len;
	unsigned char m_block[2 * SHA224_256_BLOCK_SIZE];
	uint32 m_h[8];
};
 
std::string sha256(std::string input);
 
#define SHA2_SHFR(x, n)    (x >> n)
#define SHA2_ROTR(x, n)   ((x >> n) | (x << ((sizeof(x) << 3) - n)))
#define SHA2_ROTL(x, n)   ((x << n) | (x >> ((sizeof(x) << 3) - n)))
#define SHA2_CH(x, y, z)  ((x & y) ^ (~x & z))
#define SHA2_MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
#define SHA256_F1(x) (SHA2_ROTR(x,  2) ^ SHA2_ROTR(x, 13) ^ SHA2_ROTR(x, 22))
#define SHA256_F2(x) (SHA2_ROTR(x,  6) ^ SHA2_ROTR(x, 11) ^ SHA2_ROTR(x, 25))
#define SHA256_F3(x) (SHA2_ROTR(x,  7) ^ SHA2_ROTR(x, 18) ^ SHA2_SHFR(x,  3))
#define SHA256_F4(x) (SHA2_ROTR(x, 17) ^ SHA2_ROTR(x, 19) ^ SHA2_SHFR(x, 10))
#define SHA2_UNPACK32(x, str)                 \
{                                             \
    *((str) + 3) = (uint8) ((x)      );       \
    *((str) + 2) = (uint8) ((x) >>  8);       \
    *((str) + 1) = (uint8) ((x) >> 16);       \
    *((str) + 0) = (uint8) ((x) >> 24);       \
}
#define SHA2_PACK32(str, x)                   \
{                                             \
    *(x) =   ((uint32) *((str) + 3)      )    \
           | ((uint32) *((str) + 2) <<  8)    \
           | ((uint32) *((str) + 1) << 16)    \
           | ((uint32) *((str) + 0) << 24);   \
}
#endif

5. Blockchain and Bitcoin security

Are blockchain and Bitcoin safe? How do they prevent counterfeiting, tampering and double payment? Identity authentication technology can be face recognition, signature, fingerprint, etc. in life. But once they are digitized, they can be forged by copying, so Bitcoin uses the electronic signature method. Electronic signature technology mainly uses asymmetric encryption. First, Bitcoin will generate a random number, this technology will generate a private key (only the user knows) through a random number, encrypt it with a private key, and then generate a public key through the private key. Public) can be decrypted by the public key, and finally a public address will be generated, and the user can use the address to conduct anonymous transactions. The typical algorithm is RSA, and Bitcoin uses an elliptic curve encryption algorithm.

Conversion process

  1. First use a random number generator to generate a private key, which is a 256-bit binary number. The private key cannot be made public and is equivalent to the password of a bank card.

  2. The private key generates a public key through the SECP256K1 algorithm. SECP256K1 is an elliptic curve encryption algorithm. Its function is similar to the RSA algorithm. A public key is generated through a known private key, but the private key cannot be deduced from the public key.

  3. Like the SHA256 algorithm, RIPEMD160 is also a HASH algorithm. The hash value of the public key can be obtained from the public key, but the public key cannot be derived from the hash value.

  4. Connect the one-byte version number to the header of the public key hash, and then perform two SHA256 operations on it, and use the first 4 bytes of the result as the check value of the public key hash and connect it at the end.

  5. Use BASE58 to encode the result of the previous step to get the wallet address (equivalent to a bank account). For example, A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa

(1). Solve forged transaction records

The figure shows the event that A gives B1 bitcoins. After obtaining the digest through the hash operation, the digest is encrypted with the private key to obtain the password. Due to the uniqueness of the private key, the digest is unique. Through broadcasting, the messages delivered by A are: A transfers to B 1 bitcoin, A’s public key, and A’s password.
Of course, we can assume that the message that A transferred 1 Bitcoin to B is false, and the digest 1 is obtained based on this hash operation. And using A’s public key to decrypt the password to get Digest 2. At this time Digest 1 and Digest 2 are different. Obviously, “A gives B 1 bitcoin” is a forged message.

(2). Prevent tampering with transaction records

In order to prevent tampering events, the blockchain will protect the entire blockchain according to the longest chain principle:

When the block chain branches, that is, more than one person dug up the next block in almost the same time, and the chain direction has branched. Generally speaking, the longest chain principle is used for selection. Suppose that user group A chooses to go on the chain to continue mining, and user group B chooses to go off the chain to continue mining. If group A digs out the next mine first and adds a new block to the chain, group B will continue mining after moving to the new block. Normally, the down chain is discarded.

That is to say, where there is a branch in the blockchain, it will compare the upper and lower chains who dig out the second block first (whose chain becomes the long branch first), keep the long chain, and give up the short chain.
Therefore, according to the longest chain principle, if someone wants to tamper with the information of a block on the block chain, he must lead a branch at that block and create a new chain to make the new chain exceed the length of the original chain. That is to say, the computing power of the mining machine controlled by him alone exceeds the computing power of the remaining mining machines in the world ** (faster than anyone else). The probability of this realization is very small. For example, a person controls 90% of the mining machines in the world to tamper with the transaction records of a chain. Why doesn’t he use so many mining machines to mine seriously?

(3). Prevent double payment transactions

When a double payment event occurs, for example, A has only 100 bitcoins, but at the same time broadcasts the message “A to B 100 bitcoins” (recorded as message b) and “A to C
100 Bitcoins” (recorded as message c), group D will not confirm message c if it receives message b first. Similarly, group E will not confirm message b if it receives message c first. At this time It depends on who in groups D and E can calculate the math problem first, and the one who digs the mine first can write the confirmed message in the new block, while the other message is invalid.

Copyright Notice
This article is the original content of Junhao except the referenced content below, and the final interpretation right belongs to the original author. If there is any infringement, please contact to delete. Without my authorization, please do not reprint it privately.

6. References

[1]. BMoney http://www.weidai.com/bmoney.txt
[2]. Wikipedia https://en.wikipedia.org/wiki/Bitcoin
[3]. Wikipedia https://en.wikipedia.org/wiki/SHA-2
[4]. Wikipedia https://en.wikipedia.org/wiki/Blockchain
[5]. Youtube https://www.youtube.com/watch?v=g_fSistU3MQ&t=11s
[6]. BitcoinOrg https://bitcoin.org/bitcoin.pdf