Paper Reading

• Objective
  Electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.
  Solve the double-spend problem: We need a way for the payee to know that the previous owners did not sign any earlier transactions. The only way to confirm the absence of a transaction is to be aware of all transactions. The trusted party is aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced, and we need a system for participants to aggree on a single history of te order in which they were received.

目標：
建立一個基于密碼學的證明進而取代之前的信任模型，允許進行交易的雙方擺脫傳統可信任第三方的依賴。
解決雙重支付問題：我們需要讓收款人知道之前的coin持有人是否簽名過更早的交易。確認之前交易是否已經進行的唯一方法是獲知所有交易信息。從前的可信第三方（銀行）可以確認哪一筆交易率先處理。若要完成去中心化，交易需被完全公開，致使我們需要一個所有參與者都承認只有一條交易歷史鏈條存在的系統。

• Transactions with trusted party
  The electric coin is defined as a chain of digital signatures. Each owner ransfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin.A payee can verify the signatures to verify the chain of ownership. The problem of the course is the payee cannot verify that one of the owners did not double-spend the coin. The common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued direcly from the mint are trusted not to be double-spent.

交易：
電子貨幣可以使用數字簽名鏈來定義。 每個coin擁有者可以對從前交易的哈希值+收款者的公鑰進行數字簽名，然后將其加入到簽名鏈的最后。收款者可以驗證這些簽名來驗證coin的歸屬。主要問題還是在于double-spend上面。常見的解決方法是利用可信第三方來檢查double-spending。每個交易后，coin要被mint回收來生成一個新的coin，只有mint生成的coin是可信的而且不會被雙重支付。

• Timestamp Server
  A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.

  
  
  image.png
  
  

  每個時間戳都包含其哈希值中的前一個時間戳，形成一個鏈，每個附加時間戳都會加強它之前的時間戳。

• Proof-of-Work
  Use proof-of-work system to implement a distributed timestamp server on a p2p basis. The PoW involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of 0 bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
  select different a to solve the problem: H(a|x) -> Y. Y is a small set compared to the full hash value set.
  PoW is implemented by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the PoW, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.

  
  
  image.png
  
  

  PoW is 1-CPU-1-vote. The majority decision is represented by the longest chain, which has the greatest PoW effort invested in it.To modify a past block, an attacker would have to redo the PoW of the block and all blocks after it and then catch up with and surpass the work of the honest nodes.

PoW 機制實際上是利用一個暴力搜索問題實現的。由于找到哈希值頭部為部分0的問題只能用窮舉法進行搜索，窮舉的工作量就會被看作是一種證明， 而且需要很多計算能力才可以完成。找到了對應nonce后驗證nonce的正確性只需要執(zhí)行一次哈希。

• Network
  Steps to run the network are as follows:
  (1) New transactions are broadcast to all nodes.
  (2) Each node collects new transactiosn into a block.
  (3) Each node works on finding a difficult PoW for its block.
  (4) When a node finds a PoW, it broadcasts the block to all nodes.
  (5) Nodes accept the block only if all transactions in it are valid and not already spent.
  (6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash