《精通比特币》阅读记录

Bitcoin is a collection of concepts and technologies that form the basis of a digital money ecosystem. The bitcoin system is based on decentralized trust and consists of users with wallets containing keys, transactions that are propagated across the network, and miners who produce the consensus blockchain, which is the authoritative ledger of all transactions.
比特币是组成数字货币生态的一系列概念和技术的集合，其系统基于去中心化的信任，由包含密钥的钱包用户、在网络中传播的交易和生产共识区块链的矿工组成，其中区块链是所有交易的权威账本。

This blog will examine Bitcoin’s underlying technology and operational mechanisms, using a transaction from Alice to Bob as an illustrative example. We will watch as it becomes “trusted” and accepted by the bitcoin mechansim of distributed consensus and finally recorded on the blockchain, the distributed ledger of all transactions.
这篇博客将通过一个从 Alice 到 Bob 的交易例子，来探讨比特币的技术原理和运行机制，我们将看到这笔交易如何通过比特币的分布式共识机制变得“可信”，并最终记录在区块链上，即所有交易的分布式账本。

Alice wants to send Bob some bitcoin to buy a cup of coffee. Bob’s point-of-sale system will automatically create a QR code containing a payment request. A payment request is a QR-encoded URL that contains a destination address, a payment amount, and a generic description such as “Bob’s Cafe”. Alice uses her smartphone to scan the QR code, and her bitcoin wallet software prepares a transaction that sends the required amount of bitcoin from her wallet to Bob’s address.
Alice 想给 Bob 发送一些比特币来买一杯咖啡。Bob 的 POS 系统将自动生成一个包含支付请求的二维码。支付请求是一个用二维码编码的链接，其中包含了目的地址、支付金额和一个通用描述，比如“Bob’s Cafe”。Alice 用她的手机扫描二维码，她的比特币钱包软件将准备一个交易，将所需金额的比特币从她的钱包发送到 Bob 的地址。

Keys & Addresses 密钥和地址

Bitcoin is based on cryptography, which can be used to prove knowledge of a secret without revealing that secret (digital signature), or to prove the authenticity of data (digital fingerprint). Ownership of bitcoin is established through digital keys, bitcoin addresses, and digital signatures.
比特币基于密码学，可以用来证明对一个秘密的知识而不泄露这个秘密（数字签名），或者证明数据的真实性（数字指纹）。比特币的所有权通过数字密钥、比特币地址和数字签名建立。

Digital Keys 数字密钥

The digital keys are not stored in the network, but are created and stored by users in a file or simple database called a wallet. Keys come in pairs consisting of a private (secret) key and a public key. The bitcoin private key $k$ is just a $256\text{-bit}$ number, usually picked at random. And the public key $K$ is generated from the private key.
数字密钥实际上并不存储在网络中，而是由用户创建并存储在文件中或被称为钱包的简单数据库中。密钥成对出现，包括一个私钥（秘密密钥）和一个公钥。比特币私钥只是一个 256 位的数字，通常是随机选择的。公钥是从私钥生成的。

More precisely, the private key $k$ can be any number between $1$ and $n-1$, where $n$ is a constant ($n = 1.158 \times 10^{77}$) defined as the order of the elliptic curve used in bitcoin. In programming terms, the private key $k$ is usually produced by the SHA256 hash algorithm from a larger string of random bits, collected from a cryptographically secure source of randomness.
更准确地说，私钥 $k$ 可以是 $1$ 到 $n-1$ 之间的任何数字，其中 $n$ 是比特币中使用的椭圆曲线的阶数（$n = 1.158 \times 10^{77}$）。在编程术语中，私钥 $k$ 通常是通过 SHA256 哈希算法从一个更大的随机比特字符串生成的，这个字符串是从一个密码学安全的随机源收集的。

The public key $K$ is calculated from the private key $k$ using an elliptic curve multiplication algorithm, which is irreversible: $K = k \times G$, where $G$ is a constant point called the generator point.
公钥 $K$ 是通过使用一个不可逆的椭圆曲线乘法算法从私钥 $k$ 计算得到的：$K = k \times G$，其中 $G$ 是一个常数点，称为生成点。

Bitcoin uses a specific elliptic curve and set of mathematical constants, as defined by the secp256k1 standard. The secp256k1 curve is defined by the following equation:
$$
y^2 = x^3 + 7 \quad\text{over}\quad(\mathbb{F}_p)
$$
or
$$
y^2 \equiv x^3 + 7 \mod p
$$
where $p=2^{256}-2^{32}-2^9-2^8-2^7-2^6-2^4-1$ is a very large prime number. It indicates that the curve is defined over a finite field $\mathbb{F}_p$ of prime order $p$.
比特币使用特定的椭圆曲线和一组数学常数，由 secp256k1 标准定义。secp256k1 曲线由以下方程定义：
$$
y^2 = x^3 + 7 \quad\text{定义在}\quad(\mathbb{F}_p)
$$
或
$$
y^2 \equiv x^3 + 7 \mod p
$$
其中 $p=2^{256}-2^{32}-2^9-2^8-2^7-2^6-2^4-1$ 是一个非常大的素数。它表明曲线是在一个素数阶 $p$ 的有限域 $\mathbb{F}_p$ 上定义的。

Bitcoin Addresses 比特币地址

A bitcoin address produced from public keys consists of a string of letters and numbers, usually starting with the number “1”. The bitcoin address is derived from the public key through the use of one-way cryptographic hashing. The algorithm used to create bitcoin addresses from public keys are the Secure Hash Algorithm (SHA) and the RACE Integrity Primitives Evaluation Message Digest (RIPEMD), specifically SHA256 and RIPEMD160.
从公钥生成的比特币地址由一串字母和数字组成，通常以数字“1”开头。比特币地址是由公钥单向加密散列而来的。用于从公钥创建比特币地址的算法是安全哈希算法（SHA）和 RACE 完整性原语评估消息摘要（RIPEMD），具体来说是 SHA256 和 RIPEMD160。

We can compute the bitcoin address $A$ from the public key $K$ as follows:
$$
A = \mathrm{RIPEMD160}(\mathrm{SHA256}(K))
$$
The result is a $160\text{-bit}(20\text{-byte})$ number, which is then encoded as a Base58 string using the Base58Check encoding. Then we get the bitcoin address.
我们可以从公钥 $K$ 计算比特币地址 $A$ 如下：
$$
A = \mathrm{RIPEMD160}(\mathrm{SHA256}(K))
$$
结果是一个 $160\text{-bit}(20\text{-byte})$ 数字，然后使用 Base58Check 编码将其编码为 Base58 字符串，然后我们便得到了比特币地址。

Encoding and Formats 编码和格式

Base58Check is a Base58 encoding format which has a built-in error-checking code. To convert data into a Base58Check format, we first add a prefix to the front of the data, called the “version byte”, which serves to identify the type of data. Next, we compute the “double-SHA” checksum: $\text{checksum} = \mathrm{SHA256}(\mathrm{SHA256}(\text{prefix} + \text{data}))$. From the resulting 32-byte hash, we take the first four bytes and append them to the end of the data. Finally, we encode the whole thing in Base58.
Base58Check 是一个 Base58 编码格式，内置了一个错误检查码。要将数据转换为 Base58Check 格式，我们首先在数据的前面添加一个前缀，称为“版本字节”，用于标识数据的类型。接下来，我们计算“双 SHA” 校验和：$\text{checksum} = \mathrm{SHA256}(\mathrm{SHA256}(\text{prefix} + \text{data}))$。从得到的 32 字节哈希中，我们取前四个字节并将它们附加到数据的末尾。最后，我们将整个东西编码为 Base58。

Base58Check version prefix and encoded result:
Base58Check 版本前缀和编码结果：

Private key representations (encoding formats):
私钥表示（编码格式）：

Public keys are usually represented in two formats: compressed and uncompressed. Compressed public keys are 33 bytes long, including a prefix byte to indicate whether the y-coordinate is even or odd. Uncompressed public keys are 65 bytes long, with a prefix byte of 0x04:
公钥通常有两种表示格式：压缩和未压缩。压缩公钥是 33 字节长，包括一个前缀字节，用于指示 $y$ 坐标是偶数还是奇数。未压缩公钥是 65 字节长，带有 0x04 的前缀字节：

Advanced Keys and Addresses: Encrypted Private Keys (BIP-38), Pay-to-Script Hash (P2SH) and Multisig Addresses, Vanity Addresses, Paper Wallets. TODO.
高级密钥和地址：加密私钥（BIP-38）、支付到脚本哈希（P2SH）和多签地址、虚拟地址、纸钱包。待补充。

Digital Signatures 数字签名

Most bitcoin transactions require a valid digital signature to be included in the blockchain, which can only be generated with the correct private key. The digital signature used to spend funds is also referred to as a witness, a term used in cryptography.
大多数比特币交易需要一个有效的数字签名才能被包含在区块链中，这个数字签名只能用正确的私钥生成。用于花费资金的数字签名也被称为证据，是密码学中的术语。

Bitcoin Transactions 比特币交易

Transaction Inputs and Outputs 交易输入和输出

The transaction from Alice to Bob contains one or more “inputs” and “outputs”. The outputs add up to slightly less than the inputs, with the difference representing a transaction fee. The transaction fee is collected by the miner who includes the transaction in a block in the ledger.
从 Alice 到 Bob 的交易包含一个或多个“输入”和“输出”。输出的总和略小于输入，差额代表交易费。交易费由将交易包含在账本区块中的矿工收取。

The transaction also contains proof of owenership for each input, in the form of a digital signature, which can be independently verified by anyone. TODO.
交易还包含每个输入的所有权证明，以数字签名的形式，可以被任何人独立验证。TODO: 数字签名的基础知识。

Alice’s payment to Bob’s Cafe uses a previous transaction’s output as its input. The transactions form a chain as described above. TODO.
Alice 对 Bob 的咖啡的支付使用了之前交易的输出作为输入。交易形成了如上所述的链。TODO：交易密钥加解密 参考 P27 最后

The output of the transaction references both an address of the new owner (Bob) and an address of the current owner (Alice), called the change address. The change address does not have to be the same address as that of the input and for privacy reasons is often a new address from the owner’s wallet.
交易的输出引用了新所有者（Bob）的地址和当前所有者（Alice）的地址，称为找零地址。找零地址不必与输入的地址相同，出于隐私原因，通常是所有者钱包中的新地址。

Transaction Outputs 交易输出

The fundamental building block of a bitcoin transaction is a transaction output. Bitcoin full nodes track all available and spendable outputs, known as unspent transaction outputs, or UTXO. The collection of UTXO is known as the UTXO set. Every transaction represents a change (state transition) in the UTXO set.
比特币交易的基本构建块是交易输出。比特币全节点跟踪所有可用和可花费的输出，称为未花费交易输出，或UTXO。UTXO 的集合称为UTXO 集。每个交易代表了 UTXO 集中的一个变化（状态转换）。

The smallest unit of account in bitcoin is the satoshi, which is one hundred millionth of a bitcoin (0.00000001 BTC). A transaction output can have an arbitrary value denominated as a multiple of satoshis, but is discrete and indivisible units of value. An unspent output can only be consumed in its entirety by a transaction.
比特币中的最小账户单位是聪，是比特币的一亿分之一（0.00000001 BTC）。交易输出可以有任意值，以聪为单位，但是是离散和不可分割的价值单位。未花费的输出只能被交易完全消耗。

The exception to the output and input is the coinbase transaction, which is the first transaction in each block. The coinbase transaction creates brand-new bitcoin payable to that miner as a reward for mining. This special coinbase transaction does not consume UTXO, but instead has a special type of input called the “coinbase”.
输出和输入的例外是coinbase交易，它是每个区块中的第一笔交易。coinbase 交易创建全新的比特币，作为挖矿的奖励支付给矿工。这种特殊的 coinbase 交易不消耗 UTXO，而是有一种特殊类型的输入，称为“coinbase”。

Transaction outputs consist of two parts:

• An amount of bitcoin, denominated in satoshis
• A cryptographic puzzle that determines the conditions required to spend the output
  The cryptographic puzzle is also known as a locking script, a witness script, or scriptPubKey.

交易输出由两部分组成：

• 以聪为单位计价的比特币数量
• 确定花费输出所需条件的密码谜题
  密码谜题也称为锁定脚本、见证脚本或 scriptPubKey。

Alice’s outputs:

"vout": [
    {
        "value": 0.01500000,
        "scriptPubKey": "OP_DUP OP_HASH160 ab68025513c3dbd2f7b92a94e0581f5d50f654e7 OP_EQUALVERIFY OP_CHECKSIG"
    },
    {
        "value": 0.08450000,
        "scriptPubKey": "OP_DUP OP_HASH160 7f9b1a7fb68d60c536c2fd8aeaa53a8f3cc025a8 OP_EQUALVERIFY OP_CHECKSIG",
    }
]

Transaction output serialization:

Transaction Inputs 交易输入

Transaction inputs identify wich UTXO will be consumed and provide proof of ownership through an unlocking script. The first part of an input is a pointer to an UTXO by reference to the transaction hash and sequence number. The second part is the unlocking script, which most often is a digital signature and public key proving ownership of the bitcoin. However, not all unlocking scripts contain signatures. The third part is a sequence number, which is used to update the transaction before it is included in a block.
交易输入通过引用交易哈希和序列号来标识将被消耗的 UTXO，并通过解锁脚本提供所有权证明。输入的第一部分是指向 UTXO 的指针，通过引用交易哈希和序列号。第二部分是解锁脚本，通常是数字签名和公钥，证明了比特币的所有权。然而，并不是所有的解锁脚本都包含签名。第三部分是一个序列号，用于在交易被包含在区块之前更新交易。

The input contains four elements:

• A transaction ID, referencing the transaction that contains the UTXO being spent
• An output index (vout), identifying which UTXO from that transaction is referenced (first one is zero)
• A scriptSig, which satisfies the conditions placed on the UTXO, unlocking it for spending
• A sequence number (to be discussed later)

输入包含四个元素：

• 交易 ID，引用包含要花费的 UTXO 的交易
• 输出索引（vout），标识引用的交易中的哪个 UTXO（第一个是零）
• scriptSig，满足 UTXO 上放置的条件，解锁它以便花费
• 序列号（稍后讨论）

Alice’s inputs:

"vin": [
    {
        "txid": "7957a35fe64f80d234d76d83a2a8f1a0d8149a41d81de548f0a65a8a999f6f18",
        "vout": 0,
        "scriptSig": "3045022100884d142d86652a3f47ba4746ec719bbfbd040a570b1deccbb6498c75c4ae24cb02204b9f039ff08df09cbe9f6addac960298cad530a863ea8f53982c09db8f6e3813 [ALL] 0484ecc0d46f1918b30928fa0e4ed99f16a0fb4fde0735e7ade8416ab9fe423cc5412336376789d172787ec3457eee41c04f4938de5cc17b4a10fa336a8d752adf",
        "sequence": 4294967295
    }
]

Transaction input serialization:

Transaction Fees 交易费

TODO…

Constructing a Transaction 构建交易

After scanning the QR code, Alice’s wallet software will first have to find inputs that can pay for the amount requested. For a full-node client, this means scanning the entire blockchain to find all the unspent outputs belonging to Alice. For a lightweight client, this means querying a server that can provide this information using API calls.
扫描二维码后，Alice 的钱包软件首先要找到可以支付请求金额的输入。对于全节点客户端，这意味着扫描整个区块链，找到属于 Alice 的所有未花费输出。对于轻量级客户端，这意味着查询一个可以使用 API 调用提供这些信息的服务器。

A transaction output is created in the form of a script that creates an encumbrance on the value and can only be redeemed by the introduction of a solution to the script. TODO: This solution is a digital signature that proves ownership of the output.
交易输出以创建一个对价值的限制的脚本的形式创建，只有通过引入脚本的解决方案才能赎回。TODO：这个解决方案是一个数字签名，证明了输出的所有权。

This transaction will also include a second output for the change. Alice’s change payment is created by Alice’s wallet as an output in the very same transaction as the payment to Bob.
这笔交易还将包括一个找零输出。Alice 的找零支付由 Alice 的钱包作为输出创建在与支付给 Bob 的交易中。

Finally, Alice’s wallet app will add a small transaction fee for the transaction to be processed by the network. This fee is not explicit, but is implied by the difference between the inputs and outputs. The resulting difference is the transaction fee that is collected by the miner as a fee for validating and including the transaction in a block to be recorded on the blockchain.
最后，Alice 的钱包应用将为交易添加小额交易费输出，以便网络处理交易。这个费用不是显式的，而是通过输入和输出之间的差异表示。产生的差额便叫交易费，由矿工收取作为验证和将交易包含在区块中以记录在区块链上的费用。

Transaction Propagation 交易传播

TODO: Adding the transaction to the ledger.
TODO: 将交易添加到账本。

The bitcoin network is a peer-to-peer network, with each bitcoin client participating by connecting to several other bitcoin clients. The purpose of this network is to propagate transactions and blocks to all participants. Any system that participates in the bitcoin network using the bitcoin protocol is called a bitcoin node. Any bitcoin node that receives a valid transaction it has not seen before will immediately forward it to all its peers, a propagation technique known as flooding. Thus, the transaction rapidly propagates out across the peer-to-peer network, reaching a large percentage of the nodes within a few seconds.
比特币网络是一个点对点网络，每个比特币客户端通过连接到其他几个比特币客户端来参与。这个网络的目的是将交易和区块传播给所有参与者。使用比特币协议参与比特币网络的任何系统都被称为比特币节点。任何接收到之前未见过的有效交易的比特币节点将立即将其转发给所有对等节点，这种传播技术称为泛洪。因此，交易迅速传播到整个点对点网络，几秒钟内就能到达大部分节点。

Transaction Confirmation 交易确认

Bob’s wallet will receive the transaction within a few seconds of Alice sending it, and will immediately identify Alice’s transaction as an incoming payment. Bob’s wallet app can also independently verify that the transaction is well formed, uses previously unspent inputs, and contains sufficient transaction fees to be included in the next block. At this point Bob can assume, with little risk, that the transaction will shortly be included in a block and confirmed.
Bob 的钱包将在 Alice 发送交易后的几秒钟内收到交易，并立即将 Alice 的交易识别为一笔收款。Bob 的钱包应用还可以独立验证交易是否格式正确，使用了之前未花费的输入，并包含足够的交易费用以便被包含在下一个区块中。此时 Bob 可以有些风险地做出假设，交易很快将被包含在一个区块中。

But now Alice’s transaction does not become part of the blockchain until it is verified and included in a block by a process called mining. Mining is the process by which a group of transactions are bundled into a block, which requires an enormous amount of computation to prove, but only a small amount of computation to verify as proven. The mining process serves two purposes in bitcoin:

• Mining nodes validate all transactions by reference to bitcoin’s consensus rules. Therefore, mining provides security for bitcoin transactions by rejecting invalid or malformed transactions.
• Mining creates new bitcoin in each block. The amount of bitcoin created per block is limited and diminishes with time, following a fixed issuance schedule.

但是现在 Alice 的交易直到被验证并被一个过程称为挖矿的过程包含在一个区块中，才成为区块链的一部分。挖矿是将一组交易捆绑到一个区块中的过程，这需要大量的计算来证明，但只需要少量的计算来验证。挖矿过程在比特币中有两个目的：

• 挖矿节点通过参考比特币的共识规则验证所有交易。因此，挖矿通过拒绝无效或格式错误的交易为比特币交易提供安全性。
• 每个区块会通过挖矿创造新的比特币。每个区块中创造的比特币数量是有限的，并随着时间的推移而减少，遵循固定的发行计划。

Mining uses electricity to solve a mathematical problem. A successful miner will collect a reward in the form of new bitcoin and transaction fees. However, the reward will only be collected if the miner has correctly validated all the transactions, to the satisfaction of the rules of consensus.Finding such a solution of the mathematical problem, the so-called proof-of-work(PoW), requires quadrillions of hashing operations per second across the entire bitcoin network. TODO: PoW.
挖矿使用电力来解决一个数学问题。成功的矿工将收集一笔奖励，以新比特币和交易费的形式。然而，只有在矿工正确验证了所有交易，符合共识规则的要求时，才能收取奖励。找到上述数学问题的一个解决方案，即所谓的工作证明(PoW)，需要在整个比特币网络中每秒进行数以万计的哈希运算。TODO: PoW P33。

Transactions are added to the new block, prioritized by the highest-fee transactions first and a few other criteria. Each miner starts the process of mining a new block of transactions as soon as it receives the previous block from the network. He then creates a new block, fills it with transactions, and the fingerprint of the previous block, and starts calculating the Proof-of-Work for the new block. Each miner includes a special transaction in the block called the coinbase transaction, one that pays his own address the block reward plus the sum of transaction fees from all the transactions included in the block.
交易被添加到新区块中，按照最高费用的交易优先和其他几个标准。每个矿工在从网络接收到上一个区块后，就开始挖掘新的交易区块。然后他创建一个新区块，填充交易和上一个区块的指纹，并开始为新区块计算工作证明。每个矿工在区块中包含一个特殊的交易，称为coinbase 交易，这笔交易支付他自己的地址区块奖励加上所有包含在区块中的交易的交易费之和。

All blocks are linked to each other in a chain of blocks (blockchain) all the way back to block #0, known as the genesis block. Over time, as the “height” in blocks increases, so does the computation difficulty for each block and the chain as a whole. By convention, any block with more than six confirmations is considered irrevocable, because it would require an immense amount of computation to invalidate and recalculate six blocks.
所有区块都链接在一起，形成一个区块链，一直回溯到区块 #0，称为创世区块。随着区块高度的增加，每个区块和整个链的计算难度也会增加。按照惯例，任何超过六个确认的区块都被认为是不可撤销的，因为需要大量的计算来使六个区块无效并重新计算。