Bitkoin: Sisteme Ya Kofutana Misolo Na Kati Baninga

by Satoshi Nakamoto 2008/10/31

Rezume

Kanisa lolenge ya misolo elektroniki oyo eko leka na entelneti mbala moko na kati ya banginga epai wapi bosenga ya baye babombaka misolo to pe bankeee eyali te. Ba nkoma dizitale eyali na ndambo ya solisio, kasi litomba ya monene ebungisami tango toluki moto ya misato atako ayali moto ya limemia pe ya bokonde pona kolongola libaku yako futa mbala mibale. Tomemeli bino solisio na likamb’oyo lisanga ya opesi nagi napesi yo. Liboke ya makomi nyoso ya mimbongo nyoso tosangisi esika moko na lokola na sheni pona kolakisa mosala oyo esalami, ekomi peleve makasi, pona kobongola yango esengeli obandela mosala nyoso. Sheni ya molai koleka elaki penza ndenge misala esalemaki, pe lisusu ete ewutaki na liziba monene ya CPU ya lotiliki ya odinatele. Soki eteni ya monene ya CPU esimbami ba mazita oyo endimi kanyaka te po na kobongola makomi pe ba sango oyo ekotaki na nzela ya inteleneti, bako sala pe kobimisa sheni ya molai oyo eko leka mbango ya banguna mosika penza. Rezo yango moko esengaka mosala ebele ebele te.
Basango nayango epanzanaka na bompikiliki na yango, pe ba mazita bakoki kobima na rezo pe kozonga ndenge balingi, na bozongi bwa bango, bandimaka pe bazwaka ba sheni ya sango n’a makomi oyo eleki molai lokola yango nde penza basango ya solo solo na tina na nyoso oyo esamaki tango babimaki na rezo.

Ebandeli

Na ebandeli ya mimbongo ya inteneti bateki n’a basombi nyoso batalelaka kaka ba banke neti moto ya katikati pona kofuta na nzela mashini. Sisteme oyo eza n’ango mabe te, kasi makasi n’ango efandi nde na modele n’a esaleli wana ya kala oyo tango mosusu esimbaka te. Na modele wana ba troki oyo ekoki kozonga sima to kobwangana te ezalaka te, po ba banke mosala na yango eza kokataka makambo oyo etali kolekaleka ya misolo na kati ya bato. Kofutaka pona lisungi ya kokataka makambo yango nde ematisaka talo ya mosala ba banke basasaka, soki ozongisi motango ya ba troki oyo esalami pe olongoli mwa ba troki ya mike mike, wana kofuta pona makambo wana ebele ebele tango ndenge ya kosala ba troki oyo babongolaka te pona mosala to lisungi oyo ebongwanaka te. Soki ndenge ya kobandela to ko zongisa ezali, wana tina kondima ekomi lisus makasi. Esengeli ete bateki bakeba na basombi, kotuna bango mwa mituna ebele koleka oyo bakolinga kopesa bango moko. Mwa kanyaka ata ya moke kaka eko salema na yango kaka ndenge pe yako boya yango eza te. Okoki kolongala bambongo ebele ebele yako kfuta soki ofuta na mbongo na maboko (yako kawuka), soki te nzela mosusu yako futa eza te esengeli kaka oleka na ba banke po esalema.

Oyo penza mokili ezo zanga ezali ndenge yako futaka to kolekisaka misoslo na kondima kaka te, kasi na sisteme ya peleve ya kiliptogalafi, wana nde bato mibale oyo bandimi, bakoki kosala troki bango mibale kaka, tina ya banke to moto mosusu ezali te. Ba troki na nzela ya mashini ya odinatele oyo ebongwanaka te eko bomba moteki pe kobatela ye na bato ya kanyaka pe maboko milayi, ndenge yako batela mosombi na oyo babengi mekanizme ya entiercement ekoki pe kotiama. Na mokanda oyo, totalisi bino solusio na likambo yako futaka mbala na mbala na nzela ya lisanga ya baninga opesi nga napesi yo n’a makomi ya tango oyo ebombami malalu pona kolakisa peleve ‘te ba troki nyoso esalemaki na molongo ya esika pe moko na moko na tango na yango. Sisteme oyo eko batelama tango nyoso soki ba oyo babengi mazita ya malamu eko kengela ba CPU ya odinatele na bomoko koleka ba mazita ya bato ya maboko malayi pe kanyaka.

Mombongo (Troki)

Oyo tobengi mabanga to mabende (jeton) ezali singa to sheni ya ba nkoma (signatire) digitale. Moteki moko akoki kotindala mosusu ebende tango ati nkoma digitale na ye na hash ya troki oyo esalemaki liboso na fungola ya wenze ya mosombi, akozwa ba numelo wana abakisi yango na suka na libanga.

Likambo eza awa moto ba futi akoki verifier soki moko ya bateki afuti libanga naye mbala mibale. Solisio pona bato nyoso ezali ko kotisa mokambi moko na katikati, oyo ako kengela pona ko kebisa ko futa mbala na mbala. Na sima ta troki nyoso, libanga ezongi na liziba po libanga mosusu ebima, pe lisusu, tokoki kindemela kaka mabanga oyo ebimi na liziba ‘te ekoki ko salelama mbala mibale te. Likambo ezali awa eza boye, avenir ya sisteme ya misolo oyo nyoso ekomi na maboko ya société oyo ezo kengela, ba troki nyoso elaka epana bango, kaka lokola banke. Esengeli mofutami avala na ndenge yako ‘te mokolo linganga atekaki liboso te.

Pona biso pe makambo tozali kosalala, troki oya liboso, yango nde troki ya motuya penza, toza na tina te pona ba troki ya sima to pe soki moto alukaki ko salela libende to koin na ye mbala mibale. Pona koyeba ‘te troki esalamaki, esengeli koyeba ba troki nyoso oyo asalemaki. Na modele ya kofuta oyo, oko yeba ba troki nyoso pe oyo wapi esalemaki liboso. Po na kosala yango, pe kolongola banke to moto ya kati kati, esengeli kosala ete ba troki nyoso ezala polele polele na miso ya bato nyoso, pe esengeli tozala na sisteme moko epai wapi bato nyoso bako ndima buku ya makomi moko wapi mimbongo nyoso esalamaki pe na molongo na yango. Moto oyo azo zwa esngeli alakisa ‘te na tango troki moko na moko esalamaki, maboke to mazita nyoso endimi ‘te ba resi emonisi été wana nde troki ya liboso.

Servere ya horodatage

Solusio oyo tomemi ebandi na severe ya horodatage (makomi ya mokolo pe tango likambo esalemaki). Servere ya horodatage esalaka boye ezwi bilembo ya etuluku ya makomi ya makambo nyoso oyo elekaki na zando pe epanzi yango bipai na bipai, lokola na lokasa ya sango to inteleneti. Horodate elongolaka tembe ete ba sango ezalaki na tango kaka likambo ekomamaki, boye nde pona kozwa makomi numerike na yango. Horodate nyoso ezalaka n’a horodate 2 Hachage Signature Bénéficiaire 0 Clef privée Bénéficiaire 1 Transaction Clef Publique Bénéficiaire 1 Signe Vérifie Hachage Signature Bénéficiaire 1 Clef privée Bénéficiaire 2 Transaction Clef Publique Bénéficiaire 2 Vérifie Hachage Signature Bénéficiaire 2 Clef privée Bénéficiaire 3 Transaction Clef Publique Bénéficiaire 3 Signe ya liboso na makomi na yango, oyo esalaka sheni, n’a horodate pona ko lendisa ba oyo ya liboso. (Ndenge omoni na bilili oyo ezali likolo).

Peleve ya Mosala

Po servere ya horotage esala mosala ya ko kabola na kati ya bato oyo tobengi pair-a-pair, esengeli tozala na peleve ya mosala lokola ya Adam Back « Hashcash », n’esika ya loakasa ba sango oyo epesami pe epanzami na nzela ya enteleneti. Pona kozwa peleve ya mosala, esengeli koluka litomba pe ko timola yango po soki emonani, lokola SHA 256, wana nde ba nkoma numelike kobanda na motango songo ya ba bit tii na libungutulu. Mosala ya mwa kati kati emataka kolandisama na ba bit ya libungutulu oyo esengeli pe ekoki komonana na ndenge ya kotimola ya yango penza.

Pona rezo na biso ya horotage, topesi nzela na peleve ya mosala na kobakisa bakisa motuya to pe valere ya bokokisi na esika na yango tii tozwa valere ya nkoma n’a motago ya mabungutulu oyo esengeli. Soki bokasi ya CPU ekoki na bosenga peleve ya mosala, bloki oyo ekoki kokotisa lisusu te tii mosala ekobandelama. Po ba bloki oyo ekangama pe elendanaka lokola na sheni, mosala ya kobongola bloki ekosenga ete tobandela ba bloki nyoso ya liboso.

Peleve ya mosala ekataka pe likambo ya mokano etuluku. Soki etuluku efandaki na addresse-IP n’a vote moko, moto nyoso n’a makoki ya tia ba IP ebele akoki ko bungisa to kokotisa kanyaka na kati na yango. Peleve ya mosala eza penza CPU-moko-vote. Mokano ya etuluku to ya majorite etalisamaka na sheni oyo eleki molai, oyo ezwui pe peleve ya mosala yo epikami penza. Soki etuluku to pe ebele ya nguya ya CPU esimbami na mazita oya bosembo, sheni oyo ya bosembo eko kola mbango penza pe ekoleka ba sheni nyoso oyo ezo telemela yango. Pona kobongola bloki ya kala, esengeli monguna abandela peleve ya mosala ya bloki n’a ba bloki nyoso na sima na yango, na sima kolanda, kokanga pe koleka misala nyoso esalema na mazita ya bosemba. Toko lakisa na sima ndenge tokoki kolanda pe kokomisa mosala ya banguna pete tango tobakisi ba bloki ya kolandisama.

Pona kozongisa pe kokolisa biloko ya mosala kobongisa na lombangu penza bosenga ya tango pona kosalela mazita, kokoso ya peleve ya mosala emonanaka mwa mosala oyo ekoleka leka pona kokokisa motango ya ba bloki oyo ezwami na mbala. Soki ebimi na lombango, mikakatano pe emati lisusu koleka.

Rezo (Netiwek)

Bitapi ya kolanda pona rezo esala ezali boye:

  1. Mimbongo (kotaka pe kosomba) nyoso ya sika eleki pe epanzani na mazita nyoso.
  2. Lizita moko na moko esangisi mimbongo nyoso na liboke moko.
  3. Mazita moko na moko elukaka peleve ya mosala oya makasi pona bloki to liboke.
  4. Tango lizita moko ezwi peleve ya mosala, eko kabola yango na mazita nyoso.
  5. Mazita endimaka liboke kaka soki nyoso ezali malamu pe endimami ete esalelami nanu te.
  6. Mazita elakisaka kondima ‘te eleki bloki tango ebakisaka liboke ya sika na kati ya sheni, tango esaleli empreinte numérique ya bloki oyo endimami na empreinte oya liboso.

Ba nœud etalaka ba sheni oya molayi lokola sheni oyo ya tina penza pe esalaka nyoso pona kokolisa yango. Soki mazita mibale epanzi basango ya bloki ya sika na mbala moko, mazita nyoso misusu ekoki koyamba moko to mosusu. Na ndenge wana, ekosalela oyo ekozwa liboso, kasi mingi mingi ekoki kosalela oyo mosusu tango yango ekokoma molayi koleka. Singa eko katana tango pele ya mosala mosusu ebimi pe ekomi molayi koleka ; mazita nyoso oyo esalaki mosala na bitapi misusu ekotaka na oyo eleki molayi.

Kopanza ba sango ya mimbongo nyoso ya sika eza natina ya yako koma na mazita nyoso te. Soki ekomi na mwa ndambo ya mazita, eko bakisama na na bloki moko mwa noki noki. Basango wana epesaka ndingisa na ndambo mwa ndambo ya sango oyo ebungaka na nzela. Soki lizita moko eyambi bloki te, eko senga yango tango ekozua bloki ya sima tango ekomona ‘te ezo zanga bloki moko.

Matabisi

Mingi mingi, troki ya liboso na kati ya bloki ezala na tina mingi po esimba na moto oyo asalaki bloki wana. Yango nde etindaka mazita esimba rezo, na kopesaka nzela yako panza ba sango nyoso po eloko mosusu eza na bokonzi ya kobimisa pe kopanza misolo te.

Kobakisa motango songolo tango na tango ekokani na lolenge ba timoli wolo basalelaka bozwi mya bango po ‘te wolo ebele pe ya kokoka ezala na bisika ya basombi pe bateki oyo tobengi zando to comptoir. Pona biso, eza nde tango ya CPU na lotiliki oyo tosaleli. Matabisi ya litomba ekoki pe kobakisama na talo ya troki.

Soki motango oyo ebimi eleki oyo ekotaki, motango oyo ekotikala ezali talo ya troki oyo ekobakisama lokola matabisi na bloki bipai wapi troki wana esalamaki. Tango motango songolo ya bitkoin ekoti na zando, matabisi ekoki ko bongwana na talo ya troki kasi ekoki kotepatepa soki moke te. Matabis ekoki pe ko sunga ba nœuds etikala na bosembo. Soki moto ya lokoso azali ta makoki ya kosangisa nguya na CPU koleka mazita (nœud) ya bosembo, akopona soki akokosa bato nako zwaka lifuta mya bango, to pe kobimisa mabanga ya sika. Esengeli amona kosala mosala na bosembo pe alima ezali na litomba koleka, soki akofuluka na mabanga koleka mokili mobimba, na esika abebisa sisteme na mosala pe bomengo na ye moko.

Bosenga Ya Etando Ya Diske

Tango troki ya libanga ya suka ebombami na se ya ba bloki ebele, ba troki nyoso oyo esalamaki liboso ekoki kobwakama pona kofungola etando ya diske. Po ‘te esalema pe emprente numerike ya bloki ekatana te, ba troki eko bombama na oyo babengi na lopoto arbre de Merkel[7][2][5], n’a mosisa oyo epikami na empreinte numerike ya bloki. Etuluku ya ba bloki ekofinama na kokataka batape ya nzete na yango. Tina yako bomba ba empreinte oya kati ya nzete ezali te.

Ebandeli ya troki esengeli ezala pene pene ya 80 octets. Soki tomoni ‘te ba bloke ekoki kobima na sima minuti zomi, 80 octets * 6 * 24 * 365 = 4,2 MOctets na mobu moko. Naba odinatele oyo etekamaka mingimingi pe ezalaka 2 GOctets de RAM en 2008, pe mobeko ya Moore eloba ete kofuluka esengeli ezala ya 1, 2 GOctets na mobu moko, kobomba ekozala kwokoso te atako tobombi ebandeli yaba bloke nyoso.

Kolandela Ndenge Yako Kofuta Ya Pete

Eza na ndenge yako landela ndenge kofutama esalemaki atako osaleli mazita nyoso ya rezo te. Oza kaka na posa ya lokasa ya ba entete ya bloki oyo eleki molayi na sheni ya pelve ya mosala, soki otuni mazita ya rezo oko mona nini eleki molayi pe mbala moko ozwi etape ya Merkel oyo ezo sangisa mimbongo nyoso na horodatage. Ekoki ko tala mombongo pona yango moko te, kasi soki osangisi ya nakati ya sheni, oko mona ‘te rezo ndima yango, na sima ya kolandela yango malamu malamu.

Na yango, kolendela nyoso ekozala sembo ka soki mazita ya bosemba nde ezali ko kengela rezo, kasi mwa mbilinga mbilinga eko kota soki reso ebebisami na nguya ya bato ya maboko milai. Soki mazita ekoki ko landela mombongo yango moko, ndenge yako landela pe ko kengela ya pete eko koma pe pete po ‘te lokuta pe kanyaka ya bato ya maboko milai ekota soki nguya na bango eleki makasi. Mayele pona komi batela ezali kondima sisteme ya ngonga to pe kelelo kouta epai na mazita ya rezo soki emoni bloki ya mopaya, soki eko luka kokotisa mimbongo ya lokuta uta na mashini ya mosaleli na yango pona kondimisa lokuta na yango. Ba kompanyi oyo basalaka mimbongo ya mituya minene minene, pene pene, pe mingi mingi balukaka kobakisa mazita ebele ebele pona ko lendisa bokengeli mya bango na bonsomi nyoso.

Combining and Splitting Value

Although it would be possible to handle coins individually, it would be unwieldy to make a separate transaction for every cent in a transfer. To allow value to be split and combined, transactions contain multiple inputs and outputs. Normally there will be either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and at most two outputs: one for the payment, and one returning the change, if any, back to the sender.

It should be noted that fan-out, where a transaction depends on several transactions, and those transactions depend on many more, is not a problem here. There is never the need to extract a complete standalone copy of a transaction's history.

Privacy

The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the "tape", is made public, but without telling who the parties were.

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

Calculations

We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.

The race between the honest chain and an attacker chain can be characterized as a Binomial Random Walk. The success event is the honest chain being extended by one block, increasing its lead by +1, and the failure event is the attacker's chain being extended by one block, reducing the gap by -1.

The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem. Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach breakeven. We can calculate the probability he ever reaches breakeven, or that an attacker ever catches up with the honest chain, as follows[8] :

p= probability an honest node finds the next blockq= probability the attacker finds the next blockqz= probability the attacker will ever catch up from z blocks behindqz={1ifpq(q/p)zifp>q}

Given our assumption that

p>q

, the probability drops exponentially as the number of blocks the attacker has to catch up with increases. With the odds against him, if he doesn't make a lucky lunge forward early on, his chances become vanishingly small as he falls further behind.

We now consider how long the recipient of a new transaction needs to wait before being sufficiently certain the sender can't change the transaction. We assume the sender is an attacker who wants to make the recipient believe he paid him for a while, then switch it to pay back to himself after some time has passed. The receiver will be alerted when that happens, but the sender hopes it will be too late.

The receiver generates a new key pair and gives the public key to the sender shortly before signing. This prevents the sender from preparing a chain of blocks ahead of time by working on it continuously until he is lucky enough to get far enough ahead, then executing the transaction at that moment. Once the transaction is sent, the dishonest sender starts working in secret on a parallel chain containing an alternate version of his transaction.

The recipient waits until the transaction has been added to a block and z blocks have been linked after it. He doesn't know the exact amount of progress the attacker has made, but assuming the honest blocks took the average expected time per block, the attacker's potential progress will be a Poisson distribution with expected value:

λ=zqp

To get the probability the attacker could still catch up now, we multiply the Poisson density for each amount of progress he could have made by the probability he could catch up from that point:

k=0λkeλk!{(q/p)(zk)ifkz1ifk>z}

Rearranging to avoid summing the infinite tail of the distribution...

1k=0zλkeλk!(1(q/p)(zk))

Converting to C code...

#include 
double AttackerSuccessProbability(double q, int z)
{
	double p = 1.0 - q;
	double lambda = z * (q / p);
	double sum = 1.0;
	int i, k;
	for (k = 0; k <= z; k++)
	{
		double poisson = exp(-lambda);
		for (i = 1; i <= k; i++)
			poisson *= lambda / i;
		sum -= poisson * (1 - pow(q / p, z - k));
	}
	return sum;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Running some results, we can see the probability drop off exponentially with z.

q=0.1
z=0    P=1.0000000
z=1    P=0.2045873
z=2    P=0.0509779
z=3    P=0.0131722
z=4    P=0.0034552
z=5    P=0.0009137
z=6    P=0.0002428
z=7    P=0.0000647
z=8    P=0.0000173
z=9    P=0.0000046
z=10   P=0.0000012

q=0.3
z=0    P=1.0000000
z=5    P=0.1773523
z=10   P=0.0416605
z=15   P=0.0101008
z=20   P=0.0024804
z=25   P=0.0006132
z=30   P=0.0001522
z=35   P=0.0000379
z=40   P=0.0000095
z=45   P=0.0000024
z=50   P=0.0000006
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

Solving for P less than 0.1%...

P < 0.001
q=0.10   z=5
q=0.15   z=8
q=0.20   z=11
q=0.25   z=15
q=0.30   z=24
q=0.35   z=41
q=0.40   z=89
q=0.45   z=340
1
2
3
4
5
6
7
8
9

Conclusion

We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism.

References

  1. W. Dai, "b-money,"open in new window http://www.weidai.com/bmoney.txtopen in new window, 1998.
  2. H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal trust requirements,"open in new window In 20th Symposium on Information Theory in the Benelux, May 1999.
  3. S. Haber, W.S. Stornetta, "How to time-stamp a digital document,"open in new window In Journal of Cryptology, vol 3, no 2, pages 99-111, 1991.
  4. D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping,"open in new window In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993.
  5. S. Haber, W.S. Stornetta, "Secure names for bit-strings,"open in new window In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 28-35, April 1997.
  6. A. Back, "Hashcash - a denial of service counter-measure,"open in new window ]http://www.hashcash.org/papers/hashcash.pdfopen in new window, 2002.
  7. R.C. Merkle, "Protocols for public key cryptosystems,"open in new window In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980.
  8. W. Feller, "An introduction to probability theory and its applications,"open in new window 1957.
Translators
Neo Simba

Supporters
@rkirubi