Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)

2,322 views

Published on

credit to Mastering Bitcoin by Andreas M. Antonopoulos, I learn a lot from this book

Published in: Technology
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)

  1. 1. BLOCKCHAIN 區塊鏈
  2. 2. CRYPTOGRAPHY HASH ENCRYPTION
  3. 3. DECENTRALIZATION
  4. 4. ITCOIN
  5. 5. 1. Decentralized 2. Anonymous 3. Completely Transparent 4. Less Fees 5. Easy to use
  6. 6. • Block Structure • Key, Address and Wallet • Transaction • Mining and Consensus • Network
  7. 7. BLOCK Chain of Blocks Inside a block Merkle Tree
  8. 8. Chain of Blocks Genesis Block prev #8FA That is all you need!
  9. 9. Inside a block: Merkle Tree What’s a Merkle Tree? Binary Hash Tree Data
  10. 10. How to locate transaction Assume P transactions in the Merkle tree, We need O(logN) hashes to construct a path to verify if a transaction exist here authentication path : HL , HIJ , HMNOP , HABCDEFGH
  11. 11. How to locate transaction Assume P transactions in the Merkle tree, We need O(logN) hashes to construct a path to verify if a transaction exist here authentication path : HL , HIJ , HMNOP , HABCDEFGH
  12. 12. Block Header?
  13. 13. • Block Structure • Key, Address and Wallet • Transaction • Mining and Consensus • Network
  14. 14. KEY,ADDRESS AND WALLET Password Account e-Wallet
  15. 15. KEY Private Key Public Key ≒ Address
  16. 16. PRIVATE KEY • SINGLE SHA256 BlockChainForTheWIN 5KjTnMMnFKd2rWZKejXXkWWkd1LJwhnHrKpBxXujRvr8nTjZwp6
  17. 17. PUBLIC KEY ECDSA • Curve : y2 mod p = x3+7 mod p • G : base point • p : prime number
  18. 18. ADDRESS • HASH 160 • BASE58 ENCODING 04f29a7f486c90281f9396945e99ab35e 2ed732c008ada71e8e745da38dc63ac9 7b723fe731555dfba9dd60c0cc8fbc8f26 c35739f10c068125e6394839a47eb1e 7c4c8fc7afbf33660bef88460b8ef86bcc9d1134 1CLEWPDWRkTV2wEKZsDGPUWR1yXZwxsPQ k
  19. 19. KEY Private Key Public Key Address ECDSA HASH160 + Base58Check
  20. 20. KEY(PUBLIC) • COMPRESSED • UNCOMPRESSED (x, y) k = 04xyk = 02x, if y is even k = 03x, if y is odd • 66 hex digits • 130 hex digits 04f29a7f486c90281f9396945e99ab35e2ed732c008a da71e8e745da38dc63ac97b723fe731555dfba9dd60c 0cc8fbc8f26c35739f10c068125e6394839a47eb1e 02f29a7f486c90281f9396945e99ab35e2 ed732c008ada71e8e745da38dc63ac97
  21. 21. WALLET
  22. 22. WALLET Non-deterministic Wallet : random generated Deterministic Wallet(Seeded Wallet)
  23. 23. Mnemonic Code Word 1. Create a random sequence (entropy) of 128 to 256 bits 2. Create a checksum of the random sequence by taking the first few bits of its SHA256 hash 3. Add the checksum to the end of the random sequence 4. Divide the sequence into sections of 11 bits, using those to index a dictionary of 2048 pre-defined words 5. Produce 12-24 words representing the mnemonic code
  24. 24. Mnemonic Code Word 1. Create a random sequence (entropy) of 128 to 256 bits 2. Create a checksum of the random sequence by taking the first few bits of its SHA256 hash 3. Add the checksum to the end of the random sequence 4. Divide the sequence into sections of 11 bits, using those to index a dictionary of 2048 pre-defined words 5. Produce 12-24 words representing the mnemonic code
  25. 25. Hierarchical Deterministic Wallets Each parent key can have 4 billion children keys
  26. 26. Hierarchical Deterministic Wallets • tree structure can be used to express additional organizational meaning • users can create a sequence of public keys without having access to the corresponding private keys • insecure server or in a receive-only capacity
  27. 27. Hierarchical Deterministic Wallets
  28. 28. Hierarchical Deterministic Wallets • parent private key and public key (256bit) • seed called a chain code (256bit) • index number (32bit) Extended Keys : key + chain code
  29. 29. Hierarchical Deterministic Wallets • Potential problems
  30. 30. Hierarchical Deterministic Wallets • Solution : Hardened Child Key Derivation • use parent private key to derive child chain code • best practice, the level-1 children of the master keys are always derived through the hardened derivation, to prevent compromise of the master keys
  31. 31. Hierarchical Deterministic Wallets • Index numbers for normal and hardened derivation • Normal : 0 ~ 2^31 -1 , first one displayed as 0 • Hardened : 2^31 ~ 2^32 -1 , first one displayed as 0’ • HD wallet key identifier (path)
  32. 32. FORMAT
  33. 33. Key Format • Private Key • Wallet Import Format(WIF) : a way of encoding a private key so as to make it easier to copy • Public Key
  34. 34. Other Format • Encrypted Private Key • private key(usually in WIF) + passphrase • => Base58Check encoded encrypted private key with the prefix 6P • need passphrase to decrypt
  35. 35. • Block Structure • Key, Address and Wallet • Transaction • Mining and Consensus • Network
  36. 36. TRANSACTION
  37. 37. TRANSACTION
  38. 38. Life Cycle • Most important thing in Bitcoin network • All designs in Bitcoin are created for transaction’s creation, broadcast and verification • Life cycle : CREAT ED SIGNE D BROADCAS TED VERIFIED AND COLLECT ED Every node will send validated transaction to its 3~4 neighbors.
  39. 39. UTXO • Unspent Transaction Output • locked to specific owner • no balance of a bitcoin address account; only scattered UTXO • balance is the sum of UTXO of that address Account-based ledger Alice transfer $10 to me Bob transfer $5 to me transfer $13 to David transfer $10 to Alice Transaction-based ledger Input from a1,$10, to me Input from b1,$5, to me Input from c1,c2,$13, to David Input from c3,$5, to Alice only need to verify output from specific transaction
  40. 40. UTXO • Unspent Transaction Output • locked to specific owner • no balance of a bitcoin address account; only scattered UTXO • balance is the sum of UTXO of that address Account-based ledger Alice transfer $10 to me Bob transfer $5 to me transfer $13 to David transfer $10 to Alice Transaction-based ledger Input from a1,$10, to me Input from b1,$5, to me Input from c1,c2,$13, to David Input from c3,$5, to Alice only need to verify output from specific transaction • efficient verification • consolidating funds : merge my own coins together to one address • joint payments : combine payments from multiple person • change address : the change are changed to another address
  41. 41. UTXO • Unspent Transaction Output • locked to specific owner • no balance of a bitcoin address account; only scattered UTXO • balance is the sum of UTXO of that address Account-based ledger Alice transfer $10 to me Bob transfer $5 to me transfer $13 to David transfer $10 to Alice Transaction-based ledger Input from a1,$10, to me Input from b1,$5, to me Input from c1,c2,$13, to David Input from c3,$5, to Alice only need to verify output from specific transaction • efficient verification • consolidating funds : merge my own coins together to one address • joint payments : combine payments from multiple person • change address : the change are changed to another address
  42. 42. Structure • Metadata • Locktime • the earliest time that a transaction is valid and can be relayed on the network or added to the blockchain • = 0 : no locktime limit • < 500 million : block height • > 500 million : Unix Epoch timestamp
  43. 43. Structure • Input : UTXO
  44. 44. Structure • Output
  45. 45. Script • Output • How to unlock? • concatenate input with output • Input
  46. 46. Script • Output • How to unlock? • concatenate input with output • Input • 5 standard transaction • Pay-to-public-key-hash (P2PKH) Majority • Public-key • Multi-Signature • Pay-to-Script-Hash(P2SH) • Data Output(OP_RETURN)
  47. 47. Script
  48. 48. Script
  49. 49. Script • Pay-to-public-key-hash (P2PKH) • Majority • Public-key • Public key is store in the locking script rather than Public key hash • generated by older mining software that has not been updated to use P2PKH
  50. 50. Script • Multi-Signature • Locking script • M <Public Key 1> <Public Key 2> ... <Public Key N> N OP_CHECKMULTISIG • Unlocking script • OP_0 <Signature B> <Signature C> • Data Output(OP_RETURN) • allows developers to add 40 bytes of non-payment data to a transaction output • un-spendable output
  51. 51. Script • Pay-to-Script-Hash(P2SH) • pay to a script matching this hash, a script which will be presented later when this output is spent • P2SH addresses are Base58Check encodings of the 20 byte hash of a script • use version prefix 5, which results in Base58Check encoded addresses starting with 3 • the redeem script can be invalid , which will result in un-spendable bitcoin
  52. 52. Script • Pay-to-Script-Hash(P2SH) • pay to a script matching this hash, a script which will be presented later when this output is spent • P2SH addresses are Base58Check encodings of the 20 byte hash of a script • use version prefix 5, which results in Base58Check encoded addresses starting with 3 • the redeem script can be invalid , which will result in un-spendable bitcoin
  53. 53. Script • Pay-to-Script-Hash(P2SH) • pay to a script matching this hash, a script which will be presented later when this output is spent • P2SH addresses are Base58Check encodings of the 20 byte hash of a script • use version prefix 5, which results in Base58Check encoded addresses starting with 3 • the redeem script can be invalid , which will result in un-spendable bitcoin
  54. 54. Script • Pay-to-Script-Hash(P2SH) • pay to a script matching this hash, a script which will be presented later when this output is spent • P2SH addresses are Base58Check encodings of the 20 byte hash of a script • use version prefix 5, which results in Base58Check encoded addresses starting with 3 • the redeem script can be invalid , which will result in un-spendable bitcoin advantage: nodes keep less record
  55. 55. Transaction Fee • = sum of output - sum of input • independent of the transaction’s bitcoin value, but generally determined by size of a transaction • others are more willing to put a transaction into a block if it’s fee is high • is used to stop spam transactions and DDoS
  56. 56. • Block Structure • Key, Address and Wallet • Transaction • Mining and Consensus • Network
  57. 57. NING AND CONSENS
  58. 58. NING AND CONSENS
  59. 59. NING AND CONSENS
  60. 60. MINER
  61. 61. Task of Bitcoin Miners • maintaining block chain and listen for new blocks • listen for transactions : listen and validate • assemble a new block • compute the answer(nonce) and broadcast the block
  62. 62. Proof of Work • spam email check • difficult to produce but easy to verify • a base string + nonce -> hash • nonce : number used only once • base string : Hello, world! • target : hash begins with certain zeros
  63. 63. Proof of Work • spam email check • difficult to produce but easy to verify • a base string + nonce -> hash • nonce : number used only once • base string : Hello, world! • target : hash begins with certain zeros
  64. 64. Difficulty • averagely 10 mins per block generation • determine the difficulty • adjust every 2 weeks • next_difficulty = previous_difficulty * (2 weeks) / (time to mine last 2016 blocks)
  65. 65. Coinbase Transaction • a null hash pointer • a parameter contain arbitrary data , usually used to signal support by miners for different new features (vote) • BIP , Bitcoin Improvement Proposal • value contains block reward and all the transaction fees of the block
  66. 66. Coinbase Transaction only transaction fees left
  67. 67. Broadcast • previous block hash value + nonce • put the nonce into block header • broadcast to network • easy verify by other miners
  68. 68. THREAT
  69. 69. Problem & Attack • steal bitcoin? • protected by digital signature • steal private keys • fork • P2P network latency • miner will go with the main(longest) chain • lose if not on the main chain • double-spend attack? • a block is generated about every 10 minutes • should wait at least 6 blocks(confirmation)
  70. 70. Problem & Attack • Sybil attacks • refuse to relay blocks and transactions, disconnecting you from the network • open to double-spending attacks • 51% attack • could change the main chain
  71. 71. Problem & Attack • Sybil attacks • refuse to relay blocks and transactions, disconnecting you from the network • open to double-spending attacks • 51% attack • could change the main chain
  72. 72. APPLICATION
  73. 73. Application of Bitcoin • Escrow Application • MULTISIG and a third party • green address • bank-controlled address • bank guarantee it will not double-spend (real world guarantee) , so recipient won’t have to worry about confirmations of the transaction which would take an hour • trackable
  74. 74. Application of Bitcoin • micro-payment • bond : broadcast by recipient in the beginning • refund : MULTISIG , requires both sender and receiver to sign ; spend the money of bond , transfer them to both sender and recipient • lock time : set the time t when recipient fail to broadcast the payment by t , sender can get the whole money back instead of money being hold hostage by recipient
  75. 75. Application of Bitcoin B A BBond refund 100
  76. 76. Ecosystem - a cyclic nature ValueSecurity Mining Digital Signature Tamper-resistent Market Price Massive Users
  77. 77. Mining History • CPU Mining • while Loop • too slow • GPU Mining • parallelism , overclocking • floating point units, power consuming, cooling
  78. 78. Mining History Source: LeonardH, cryptocurrenciestalk.com
  79. 79. Mining History • FPGA Mining • Field Programmable Gate Array, Verilog • allowing the owner of the card to customize it or reconfigure it • better performance, cooling • malfunction and errors, difficult to optimize the 32bit addition step, less accessible
  80. 80. Mining History
  81. 81. Mining History • ASIC Mining • Application Specific Integrated Circuits • chips designed, built, and optimized for the sole purpose of mining Bitcoins • rapidly increasing network hash rate, shipping speed is crucial • short lifetime
  82. 82. Mining History
  83. 83. Mining History • Today • professional mining, not friendly to individual
  84. 84. Mining History • Where to set up? • climate: cool • cost of electricity: cheap • network position • ideal place • Republic of Georgia • Iceland
  85. 85. Mining History
  86. 86. Mining Pool • Miner • only one mission: computing • Pool Manager • listen to transactions and verify • build blocks • update software
  87. 87. Mining Pool • Rewards • based on work done share
  88. 88. Mining Pool • Rewards • based on work done share
  89. 89. Mining Pool • pay-per-share • flat fee on every share, even no valid block found • manager absorb the risk • took advantage by competitors • proportional
  90. 90. Mining Pool • started around 2010 • 51% mining pools 2014/62014/8 2015/42016/3
  91. 91. Mining Pool • good for small miners, fast update • centralization, few fully-validating nodes
  92. 92. • Block Structure • Key, Address and Wallet • Transaction • Mining and Consensus • Network
  93. 93. Bitcoin Network • bitcoin P2P protocol • extended bitcoin network • bitcoin P2P protocol • mining pool protocol • Stratum protocol
  94. 94. Bitcoin Network • Node Functions
  95. 95. Bitcoin Network • Node Types
  96. 96. Bitcoin Network • Node Types
  97. 97. SPV client • Simplified Payment Verification nodes • retrieve only block headers, 1000 times smaller than full blockchain • request for specific transaction from peers • Sybil attack • double spending attack • privacy revealed • Bloom Filter
  98. 98. Bloom Filter • probabilistic search filter, a way to describe a desired pattern without specifying it exactly • a variable-size array of N binary digits • a variable number of M hash functions, output between 1 and N • varying the level of accuracy and therefore privacy by picking different N & M
  99. 99. Bloom Filter • To add a pattern to the bloom filter, the pattern is hashed by each hash function in turn • corresponding bit of hash output is set to 1
  100. 100. Bloom Filter collision probabilistic : more collision, less accuracy
  101. 101. Bloom Filter Maybe YES, Definitely NO
  102. 102. Bitcoin Network
  103. 103. • Block Structure • Key, Address and Wallet • Transaction • Mining and Consensus • Network

×