*Proof-of-Work
To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof of work system similar to Adam Back's Hashcash [6], rather than newspaper or Usenet posts.
The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.
The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.
To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.
翻译:
要在点对点基础上实现一个分布式时间戳服务,我们需要使用类似于Adam哈希现金的工作量证明系统,而不是像报纸或网站发帖那样。
工作量证明涉及到要寻找一个被哈希运算处理的值,这个哈希值要以一串0开头。平均工作量会随着所需要的0的个数的变化而产生指数级的变化,但是验证的时候只需要进行一次哈希处理。
在时间戳网络中实现工作量证明方式需要在区块中先增加一个临时值,直到计算出满足0个数需求的哈希值区块才能被正式添加。一旦使用CPU算力来满足工作量证明,除非重新计算,否则区块无法别改变。因为后续的区块是链接在前一个区块上的,要想改变某个区块也需要重做它后面链接的所有区块。
工作量证明机制也解决了在大多数人决策时的代表问题。如果大多数决策是基于1 IP 1票的机制,决策就会被任何一个可以分配多IP的人控制。工作量证明机制基于1 CPU 1票的机制。大多数的决定由最长链来代表,最长链投入了最大的工作量。如果大多数的CPU算力被诚实节点控制,诚实链会增长最快并超越竞争链。想要改变已有的区块,攻击者需要重做这个区块和它后续所有区块的工作量,且追上并超越诚实节点的工作量。我们会在后文展示,随着节点的增加,一个较弱攻击者追赶的可能性会以指数级降低。
为了弥补硬件的快速更新和节点间利益的变化,工作量证明的难度由一个动态的均值(每小时产生区块的数量)来确定。如果区块生成太快,难度随之增加。
网友评论