13th anniversary of bitcoin white paper, 13 key knowledge points

UTC Time 2008 year 10 month 31 Japan 18 when 10 branch 0 second , Beijing time. 11 month 1 Early morning 2 spot 10 branch 0 second , The cryptography mailing list sent out a letter calling himself Nakamoto （Satoshi Nakamoto） E-mail delivered by the sender , The subject of the email is “ Bitcoin point-to-point e-cash paper ”（Bitcoin P2P e-cash paper）. The email body is straight to the point ：

I've been working on a new electronic cash system that's fully

peer-to-peer, with no trusted third party.

The paper is available at:

http://www.bitcoin.org/bitcoin.pdf

The main properties:

 Double-spending is prevented with a peer-to-peer network.

 No mint or other trusted parties.

 Participants can be anonymous.

 New coins are made from Hashcash style proof-of-work.

 The proof-of-work for new coin generation also powers the

    network to prevent double-spending.

I'm designing a new e-cash system , It's totally point-to-point , No trusted third party .

The paper is available at ：

http://www.bitcoin.org/bitcoin.pdf

The main features ：

  Prevent double spending through peer-to-peer networks .

  There is no mint or other trusted party .

  Participants can be anonymous .

  The new coin is generated by the workload proof of hash cash style .

  The workload proof for new coin generation also provides the network with the ability to prevent double spending .

This article only 9 A two page paper , Also known as bitcoin white paper . In the last year , The white paper was published 12 Anniversary , The official account of Liu Jiao chain was published. 《 The currency 12 Anniversary and Nakamoto's 12 A prediction 》

The first 1 A knowledge ： An electronic coin is a string of digital signatures . Location ： White Paper No 2 page , The first 2 Section “ transaction ”.

To the surprise of many people , There is no bitcoin on the blockchain of bitcoin , There are only electronic coins one by one . The denomination of these coins is a natural number , The unit is 0.00000001 BTC. Later, the bitcoin community commemorated Nakamoto , Just name this unit “ Cong ”（sats）.

therefore , It doesn't matter “1 Bitcoin ” This kind of thing . There are only a lot of electronic coins with different denominations , For example, this denomination is 100,000,000（1 BTC）, Another denomination is 5,000,000（0.05 BTC）, And so on .

What is the structure of electronic coins ？ In fact, electronic coins are a series of electronic signatures , It's a record of every change of hands , It's the whole trading history of coin exchange .

Changing hands is spending old coins , The process of generating new coins . The owner of the old coin digitally signs the old coin to be spent and the address of the receiver , Confirm the transfer of ownership , Generate new coins .

It is worth noting that , Bitcoin's white paper doesn't appear UTXO（ Transaction output not spent ） The words... . This concept usually refers to new coins that have not been spent .

In the coin model of bitcoin , It is different from the account model commonly used in the traditional financial system , An electronic coin has only two states , Completely spent , Or not spent yet . There is no case of spending half or part .

The first 2 A knowledge ： The blockchain with hash strings is used as the timestamp server . Location ： White Paper No 2 page , The first 3 Section “ Timestamp server ”.

The biggest function of blockchain is actually to sequence transactions , That is to determine the order of transactions . In order , Then there is history . There is history , Then there is the concept of time .

The bitcoin blockchain itself is a ticking clock . The hash of each of its blocks , It's like the jump of the second hand of a quartz clock every second . Time is not continuous , At least inside the clock of bitcoin .

The endogenous time of bitcoin is stored independently , It does not depend on the computer time outside the blockchain , That's the so-called wall time （wall time）—— The time of the clock hanging on the wall .

It is worth noting that , There is no blockchain in bitcoin white paper （blockchain） This compound word . This word was put together and invented by later generations .

The first 3 A knowledge ： Use workload to prove , Implement the timestamp server on the distributed point-to-point network . Location ： White Paper No 3 page , The first 4 Section “ Proof of workload ”.

Proof of workload , english Proof-of-Work, Abbreviation for PoW. The industry always puts PoW, And later PoS,PBFT,DPoS wait , Call it the so-called “ Consensus algorithm ”, perhaps “ Consensus mechanism ”, It's actually misleading .

similar PBFT And so on , Indeed, the design goal is to solve the problem of consistency between nodes , That is, the so-called consensus issue . Under the condition of open network （ The Internet is a closed network ）, This problem is also known as the Byzantine general problem .

But Nakamoto introduced PoW Not for Byzantine Generals , Although the final effect is to solve this problem , But to invent and build an unstoppable 、 The super clock all over the world .

therefore , Although bitcoin certainly overcomes the Byzantine general problem , and PoW Chain or time chain is indeed the solution to the Byzantine general problem , But Nakamoto, whether in the text of the white paper , Still in the references , There is no mention of this problem that has plagued the field of distributed systems for decades .

The first 4 A knowledge ： The calculation difficulty proved by adjusting the workload , Fluctuation of computing power in adaptive network , Ensure that the speed of block out remains stable . Location ： White Paper No 3 page , The first 4 Section “ Proof of workload ”.

Everyone who knows how bitcoin works , Will be surprised that the bitcoin network lacks centralized coordination , Can adjust and compare their own super clock , Leave the block spacing to track the real world in a statistical sense 10 Minutes .

It's kind of like a watch . Bitcoin will watch itself , One is the super clock , The other is the clock on the wall of the real world .

The first 5 A knowledge ： Network nodes achieve consensus through the longest chain principle . Location ： White Paper No 3 page , The first 5 Section “ The Internet ”.

With a global super clock , Transactions can be sequenced .

The network does not need special topology （ Such as DPoS How many super nodes are specified in that way ）, Communication can take the simplest form gossip, Network transmission does not need special guarantee , Just take the best effort principle . So we can easily reach a global consensus , Just need everyone to believe in a Schelling point , That is, the chain that contains the total amount of proof of maximum workload （ Longest chain ）.

Note that the longest chain does not mean the largest number of blocks , Instead, it refers to the of each block contained PoW difficulty , In the past nearly 13 Accumulated over the years , The chain with the largest total value .

If we read Leslie Lamport In the last century 80 The first papers on Byzantine Generals in the s , You will find , Nakamoto's focus is outside ordinary people .

BFT—— Including later distributed consistency algorithms under non open networks, such as Paxos—— Researchers usually focus on negotiation methods , For example, the voting mechanism . They take the assumption of clock synchronization as the default prerequisite , It won't even be discussed in the paper .

I guess it's because FLP The reason for the theorem , The Byzantine general problem is unsolvable in asynchronous networks .

But Nakamoto wants to dig deep into the key point of clock synchronization hypothesis, which is rarely noticed and discussed . When we can't make this assumption , So what happens ？

Nakamoto's answer is , We need to first invent a global super clock .

He invented this super clock . And then we found out , The so-called Byzantine general problem was solved by the way .

The first 6 A knowledge ： The network encourages the out of block nodes through block reward and transaction fee , To keep him honest . Location ： White Paper No 4 page , The first 6 Section “ incentive ”.

This is a clever game theory design .

Blockchain is a public ledger . If you maintain the security of the ledger 、 There is no benefit in being right , Tampering 、 If you can cheat and profit by destroying the account book , Then everyone will destroy the ledger , Eventually bitcoin returns to zero , No one gets any benefit . That's typical “ Tragedy of the Commons ” problem .

This kind of people choose to maximize rational self-interest , But eventually lead to the minimization of all benefits , In game theory, it is called “ Prisoner's dilemma ”. The rational choice of all parties in the prisoner's dilemma , Fall into an equilibrium , No one can get rid of , go by the name of “ Nash equilibrium ”.

In the past history of mankind , To overcome this problem , The method adopted is a centralized method . By introducing centralized authority , Punish those who do bad things , Just like all kinds of laws and regulations in our real society , Most are punitive mechanisms , Push the movement of Nash equilibrium with external force , To reverse the tragedy of the Commons , The mutual harm that allows people to escape from the prisoner's dilemma .

It was Nakamoto who creatively invented a decentralized system , Through an automatic incentive mechanism , Supplemented by the restriction of cryptography on the ability to do evil , It also magically promotes the movement of Nash equilibrium , Reversed the tragedy of the Commons , An involution game that gets rid of the prisoner's dilemma .

As for the subject matter of the reward , That's right. PoW The calculation of . fair 、 justice 、 Open . because PoW The calculation of , You can't cheat .

Blockchain industry innovation is emerging one after another , There are also many projects that imitate bitcoin to design various mining incentive mechanisms , But , It's rare to find anything like PoW Just as good, you can't cheat 、 There is no back door 、 Fair and just reward target .

The first 7 A knowledge ： Block reward is also a method to realize the decentralized issuance of bitcoin . Location ： White Paper No 4 page , The first 6 Section “ incentive ”.

What is more wonderful is that , Block rewards for changing the game structure , At the same time, we completed the issuance and distribution of bitcoin from scratch .

Because rewards are decentralized , Reward behavior is decentralized , Therefore, the issuance of bitcoin is automatically decentralized .

The first 8 A knowledge ： Use Merkel tree to separate transaction data from blocks , The remaining data is called the block header , With a small amount of data . Location ： White Paper No 4 page , The first 7 Section “ Reclaim disk space ”.

This is an optimization . After data splitting , The amount of remaining data in the block header is very small , It can be easily loaded into memory , Fast calculation .

meanwhile , The Merkel tree also supports pruning , You can cut out the coin data that has been spent , Save disk space . Here we can see one advantage of the coin model over the account model . Coins have only two states , No cost , It cost . You can cut it off if you spend it .

Then came. 2017 year , In order to expand the capacity of bitcoin without compromising its security , The core development team finally decided to adopt the physical size limit of the reserved block , And the signature part of the transaction data , Also known as witness data , Split from the block , In this way, the purpose of logical expansion is achieved . This technology , go by the name of “ Isolation witness ”（segwit）.

Isolation witness technology expands the logical capacity of bitcoin blocks , Alleviated the coping pressure caused by the growth of transaction volume .

The first 9 A knowledge ： You can allow users to retain only the header data of the longest chain block , This technology is called simplified payment verification （SPV）. Location ： White Paper No 5 page , The first 8 Section “ Simplify payment verification ”.

When we strip off the transaction data , The remaining block header data is very small . It can even be installed in mobile devices . This can be used to achieve lightweight wallets , Or lightweight nodes .

But for many people , May fry money for many years , Will only use a centralized exchange to host their own bitcoin . This kind of suggestion is to learn and master as soon as possible 《 How to keep bitcoin with private key 》

The first 10 A knowledge ： A transfer transaction can have multiple inputs and multiple outputs . Location ： White Paper No 5 page , The first 9 Section “ Merge and split value ”.

Melting and recasting similar to gold coins . Bitcoin transactions allow multiple transactions UTXO As input , Then split into multiple outputs , Distribute to different addresses , And so on .

This gives bitcoin transfer transactions great flexibility . It also gives us the ability to use coins with only two states to meet the demand for any amount of payment .

We can choose a large coin enough to meet the demand , Or a combination of small coins , Complete the payment demand , And put the remaining amount , Transfer to a new address of our own . This new address , Is often referred to as “ Change address ”（change address）.

The amount entered adds up to , And the amount of output , Often unequal . There is a difference between them . The output is less than the input . The difference implies that the transaction is willing to pay the transaction fee of the given block miner , It's also called “ Miner's fee ”.

Never forget to set the change address . Otherwise, you may give all the remaining amount to the miners ！ For example, you entered 1 BTC, To Zhang San 0.1 BTC, No change is set , Then the miner's fee implied in this transaction is 0.9 BTC.

Some people save trouble for laziness , Just reuse the input address as the change address . Bitcoin networks won't stop you from doing this . however , There is a security issue here , And a privacy issue . Privacy issues will be mentioned in the following two knowledge points . Quantum security is related to computers .

Quantum computing , If it can be applied （ Although it's still thousands of miles away ）, Theoretically, it can crack ECDSA Signature algorithm , But it's hard to crack SHA-256 The hash algorithm . A clean address without trading , The signature public key is not chained . There is only the hash of the public key on the chain , That is to say , Bitcoin addresses that have never been touched have quantum computing resistance , Enough to protect the assets in front of quantum computers .

The first 11 A knowledge ： Bitcoin network does not collect any user privacy data . Location ： White Paper No 6 page , The first 10 Section “ privacy ”.

In today's big data era , Privacy has become a serious social problem . And all this happened as early as 1993 Eric · Hughes wrote 《 Cryptopunk Manifesto 》 I had foreseen it when I arrived .

The ideological origin of bitcoin , It's from password punk . The privacy currency mentioned in the code punk declaration , It is the foresight of the bitcoin .

Leading to privacy problems is the comprehensive collection 、 Free use Internet business model . The traditional solution is to introduce centralized and strong supervision .

There are several possible drawbacks to the regulatory approach ：1, The lag of legislation ;2, The high cost of law enforcement ;3, Centralization, corruption and the possibility of being bought .

Nakamoto's solution is more thorough ： Refuse to touch any personal privacy from the beginning . Don't even touch , Not to mention collecting .

The first 12 A knowledge ： Nakamoto suggests changing the address for each transaction , To better protect privacy . Location ： White Paper No 6 page , The first 10 Section “ privacy ”.

Although the bitcoin system does not collect any privacy , But the Internet system is full of holes . Your personal privacy information is everywhere on the Internet , If you happen to disclose your address , Then through big data analysis , It's easy to associate your identity with your address .

So Nakamoto suggests ,“ One shot for another ”.

If it is applied in the business scenario , For example, build an e-commerce website that supports bitcoin payment , Then it's best to generate a separate address for each order .

But managing these addresses , It's a heavy job . To simplify the work , Later, the community put forward the so-called HD Wallet Technology , Also known as layered deterministic wallet technology .

The first 13 A knowledge ： As the computing power of the whole network increases , You don't have to wait for the arrival 6 Block confirmation . Location ： White Paper No 8 page , The first 11 Section “ Calculation ”.

Many people have heard that bitcoin needs to be so-called 6 A block confirmation statement .6 Block , Average each 10 minute ,6 Block confirmation is to wait 1 Hours . So someone criticized bitcoin for its slow trading speed and so on .

But open the bitcoin white paper , There is no waiting 6 A block confirmation statement .

In fact, the so-called 6 Block confirmation , It is really the result of a rigid learning of the later bitcoin white paper .

Nakamoto said in the White Paper No 8 After a lot of calculations on the page, a series of data are obtained . The conclusive data is ： The probability of being overturned after confirmation should be reduced to less than one thousandth , So when the malicious computing power is equivalent to the computing power of the whole network 10% when , Need to wait for extension 5 Block （ Including the first block that packaged the transaction, the total is 6 Block ）.

This is only the first result of Nakamoto's calculation . Later, he gave more results in a row . For example, it is followed by , If malicious computing power is equivalent to 15%, Then wait 8 Block .……

In bitcoin, the computing power of the whole network has reached 150E Today of , Malicious arithmetic is hard to master 10% Such a high computational power . Or vice versa , Master up to 10% People who calculate power , And I won't be interested in cheating you for 30 cents or 20 cents . He can use these computing power to seriously mine bitcoin , In this way, the income will be more stable 、 Higher . This is bitcoin leading evil to good .

Some coins turn people into ghosts , Bitcoin turns ghosts into .

And Nakamoto's deduction , It's the worst case .（ even so , Transactions most sensitive to fraud, such as coinbase It has already reduced the confirmation number of bitcoin recharge to 3 Block ）

A lot of times , We can make more optimistic assumptions .

For example, Starbucks can assume that customers who pay for coffee will hardly attack bitcoin system for tens of dollars of coffee . For example, you can assume that your friends 、 Acquaintances rarely cheat you . So when there is external trust , Can significantly reduce the number of confirmations , Even implement zero block confirmation .

Centralized system , Confirm whether the account is settled or not has the final say. . Decentralized systems , It's up to you to decide whether to confirm the receipt or not .

Decentralized bitcoin , Empowering individuals , Return power to the people , It's comprehensive 、 Completely .

Thank you , Nakamoto .

( official account ： Liu Jiaolian . Knowledge of the planet ： The official account replied “ star ”)

( disclaimer ： Nothing in this document constitutes any investment advice . Cryptocurrency is a very high-risk variety , There is a risk of returning to zero at any time , Please participate carefully , Self responsibility .)