《精通比特币》英文版批注导读•第2章比特币工作原理

ScalersTalk 成长会 2018 年火热招募中，目前报名人数已经突破 1100 人，参见《持续行动，为三年后的自己，扎心地做点事——ScalersTalk 成长会 2018 年会员资格开放申请》。

《精通比特币（第2版）》英文版批注导读•第2章比特币工作原理

今天我们进入《精通比特币》第二章，比特币工作原理。这一章内容比较长，请做好心理准备。本章原文地址

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch02.asciidoc

2.比特币工作原理

How Bitcoin Works

Transactions, Blocks, Mining, and the Blockchain

The bitcoin system, unlike traditional banking and payment systems, is based on decentralized trust. Instead of a central trusted authority, in bitcoin, trust is achieved as an emergent property from the interactions of different participants in the bitcoin system. In this chapter, we will examine bitcoin from a high level by tracking a single transaction through the bitcoin system and watch as it becomes “trusted” and accepted by the bitcoin mechanism of distributed consensus and is finally recorded on the blockchain, the distributed ledger of all transactions. Subsequent chapters will delve into the technology behind transactions, the network, and mining.

第二章讲的是比特币的工作原理。比特币中，信任是在不同参与者的互动中涌现出来的。注意，“涌现（emergence）”，在复杂系统领域里是一个常用的概念，代表从一个维度生成了更高一个维度的属性。比如，我们经常说蚂蚁具备集体智能，其实就是一种涌现。每个蚂蚁，按照既定的规则行事，遵守自己的职责，从而在整体上涌现出了一种智能；大脑的神经元也有类似的道理，每一个神经元，传导自己的电刺激信号，于是我们的大脑整体上看上去就涌现出了智能。在比特币中不同参与者进行交易，于是实现了信任的目的。

Bitcoin Overview

In the overview diagram shown in Bitcoin Overview, we see that the bitcoin system consists of users with wallets containing keys, transactions that are propagated across the network, and miners who produce (through competitive computation) the consensus blockchain, which is the authoritative ledger of all transactions.

这里再复习一下比特币网络的主要部分，包含密钥的用户钱包，全网传播的交易信息，通过竞争计算制造共识的矿工，从而在区块链上维护所有交易的账本。

Each example in this chapter is based on an actual transaction made on the bitcoin network, simulating the interactions between the users (Joe, Alice, Bob, and Gopesh) by sending funds from one wallet to another. While tracking a transaction through the bitcoin network to the blockchain, we will use a blockchain explorer site to visualize each step. A blockchain explorer is a web application that operates as a bitcoin search engine, in that it allows you to search for addresses, transactions, and blocks and see the relationships and flows between them.

Figure 1. Bitcoin overview

Popular blockchain explorers include:

BlockCypher Explorer
blockchain.info
BitPay Insight

Each of these has a search function that can take a bitcoin address, transaction hash, block number, or block hash and retrieve corresponding information from the bitcoin network. With each transaction or block example, we will provide a URL so you can look it up yourself and study it in detail.

在第一章当中，作者介绍了几个使用比特币的场景，这些都是真实交易，可以采用区块链浏览器，看到每一步的具体情况。通过上述浏览器，你可以根据地址查到每笔交易的情况，可以直观地感受到比特币公开账本是什么含义。不过虽然比特币的每一个交易是可以查询的，但是每个地址到底对应到是谁？其实你未必是清楚的。

Buying a Cup of Coffee

Alice, introduced in the previous chapter, is a new user who has just acquired her first bitcoin. In [getting_first_bitcoin], Alice met with her friend Joe to exchange some cash for bitcoin. The transaction created by Joe funded Alice’s wallet with 0.10 BTC. Now Alice will make her first retail transaction, buying a cup of coffee at Bob’s coffee shop in Palo Alto, California.

Bob’s Cafe recently started accepting bitcoin payments by adding a bitcoin option to its point-of-sale system. The prices at Bob’s Cafe are listed in the local currency (US dollars), but at the register, customers have the option of paying in either dollars or bitcoin. Alice places her order for a cup of coffee and Bob enters it into the register, as he does for all transactions. The point-of-sale system automatically converts the total price from US dollars to bitcoin at the prevailing market rate and displays the price in both currencies:

Bob says, “That’s one-dollar-fifty, or fifteen millibits.”

这里以比特币买咖啡作为例子。不过以原文中0.015比特币为例的话，一杯咖啡的价格，按照2018年3月11日下午6点钟的兑换价格来说，大概需要800多元。

Bob’s point-of-sale system will also automatically create a special QR code containing a payment request (see Payment request QR code).

Unlike a QR code that simply contains a destination bitcoin address, a payment request is a QR-encoded URL that contains a destination address, a payment amount, and a generic description such as “Bob’s Cafe.” This allows a bitcoin wallet application to prefill the information used to send the payment while showing a human-readable description to the user. You can scan the QR code with a bitcoin wallet application to see what Alice would see.

Figure 2. Payment request QR code

Tip Try to scan this with your wallet to see the address and amount but DO NOT SEND MONEY.

比特币的支付，其实和我们现在生活中的手机支付很像，通过二维码就可以完成转账，在二维码中包含以下信息（但是注意千万不要给这个地址转账，一旦转过去，钱就回不来了）：

The payment request QR code encodes the following URL, defined in BIP-21

Alice uses her smartphone to scan the barcode on display. Her smartphone shows a payment of 0.0150 BTC to Bob’s Cafe and she selects Send to authorize the payment. Within a few seconds (about the same amount of time as a credit card authorization), Bob sees the transaction on the register, completing the transaction.

In the following sections, we will examine this transaction in more detail. We’ll see how Alice’s wallet constructed it, how it was propagated across the network, how it was verified, and finally, how Bob can spend that amount in subsequent transactions.

Note: The bitcoin network can transact in fractional values, e.g., from millibitcoin (1/1000th of a bitcoin) down to 1/100,000,000th of a bitcoin, which is known as a satoshi. Throughout this book, we’ll use the term “bitcoin” to refer to any quantity of bitcoin currency, from the smallest unit (1 satoshi) to the total number (21,000,000) of all bitcoin that will ever be mined.

这里需要注意，比特币的最小单位是1亿分之一（也被称作一聪），最大的额度就是2100万比特币，因为这是能够发行的比特币总额。转账完成之后，就可以根据以下地址查看这笔交易了。

You can examine Alice’s transaction to Bob’s Cafe on the blockchain using a block explorer site (View Alice’s transaction on blockchain.info):

Example 1. View Alice’s transaction on blockchain.info

https://blockchain.info/tx/0627052b6f28912f2703066a912ea577f2ce4da4caa5a5fbd8a57286c345c2f2

Bitcoin Transactions

In simple terms, a transaction tells the network that the owner of some bitcoin value has authorized the transfer of that value to another owner. The new owner can now spend the bitcoin by creating another transaction that authorizes the transfer to another owner, and so on, in a chain of ownership.

大家是否还记得电子现金系统有一个特点，就是需要防止双花。在纸币现金的物理世界，花掉一张现金以后，就不再拥有了；但是在电子世界，钱本质是一串01字符串，非常方便复制。花钱的人可以保存已经花掉的数据，然后再拿去花，这就是所谓的“双花”；为了防止这个问题出现，就需要有个机制，确保花掉钱的人，即使手里有这串数据也是无效的，让已经花掉的钱的人，没有办法再花，同时又要确保收到这笔钱的人，可以真正把它花出去。

在传统意义上我们需要有一个中心化机构，来维护网络中的每一笔钱的状态。当我要花钱的时候，当我要收钱的时候，都要去问这样一个集中机构：这笔钱到底是不是属于他的，到底有没有被花过。比特币，就是通过设计，把这个问题由中心化，转换为去中心化。这样就不需要有一个集中式的节点，来完成这项工作。于是可以避免所谓“单点崩溃”的问题，或者这个中心节点不被信任的问题。但是这也会迎来一个新的问题，如果你没有一个集中式的节点来担任这个任务，那么你就需要网络中的每一个人，每个人手里都维护这样一个数据，这就是为什么比特币的每一笔交易需要全网广播的重要原因。

下面就开始讲交易的具体细节。

Transaction Inputs and Outputs

Transactions are like lines in a double-entry bookkeeping ledger. Each transaction contains one or more “inputs,” which are like debits against a bitcoin account. On the other side of the transaction, there are one or more “outputs,” which are like credits added to a bitcoin account. The inputs and outputs (debits and credits) do not necessarily add up to the same amount. Instead, outputs add up to slightly less than inputs and the difference represents an implied transaction fee, which is a small payment collected by the miner who includes the transaction in the ledger. A bitcoin transaction is shown as a bookkeeping ledger entry in Transaction as double-entry bookkeeping.

比特币采用借贷复式记账的方法，保存每一笔交易。记得我以前学习会计学的时候，就经常被不同科目下应该是记借方还是贷方搞得头疼。在每一笔交易里有输入，也有输出，而且输出通常会小于输入的数值。这个差值代表的是交易费用，交易费用交给矿工。

The transaction also contains proof of ownership for each amount of bitcoin (inputs) whose value is being spent, in the form of a digital signature from the owner, which can be independently validated by anyone. In bitcoin terms, “spending” is signing a transaction that transfers value from a previous transaction over to a new owner identified by a bitcoin address.

在比特币中，一笔钱是通过数字签名的方式，来证明归属的。如果这笔钱是你的，你就用自己的私钥对这笔钱进行签名，这个签名谁都可以根据公开信息独自验证。于是花钱就是将一笔交易进行签名，这笔交易的信息包含“我把某笔钱，转给另外一个人”。继续往下思考，那么你如果花了一笔钱，这笔钱又是从哪里来的呢？一般情况下会有另外一个人，把这笔钱转给你，这个信息也要放在一笔交易当中。于是顺着这个思路，你就可以发现，比特币中的交易是可以形成网络的，一笔钱总是可以找到上家，层层关联。

Figure 3. Transaction as double-entry bookkeeping

Transaction Chains

Alice’s payment to Bob’s Cafe uses a previous transaction’s output as its input. In the previous chapter, Alice received bitcoin from her friend Joe in return for cash. That transaction created a bitcoin value locked by Alice’s key. Her new transaction to Bob’s Cafe references the previous transaction as an input and creates new outputs to pay for the cup of coffee and receive change. The transactions form a chain, where the inputs from the latest transaction correspond to outputs from previous transactions. Alice’s key provides the signature that unlocks those previous transaction outputs, thereby proving to the bitcoin network that she owns the funds. She attaches the payment for coffee to Bob’s address, thereby “encumbering” that output with the requirement that Bob produces a signature in order to spend that amount. This represents a transfer of value between Alice and Bob. This chain of transactions, from Joe to Alice to Bob, is illustrated in A chain of transactions, where the output of one transaction is the input of the next transaction.

下面这张图就展示了交易的前后关联关系。第一个人Joe的钱，作为输出，给第二个人Alice；Alice再把钱给第三个人Bob，那么第二个人给第三人的信息，就记录第二个人的“输入”中，表明钱是来自第一个人。以此类推，你就会发现每一笔钱，都能追溯到一个来源和一个目的地；如果这笔钱还没有花出去，就会被标记“未花”。

Figure 4. A chain of transactions, where the output of one transaction is the input of the next transaction

Making Change

Many bitcoin transactions will include outputs that reference both an address of the new owner and an address of the current owner, called the change address. This is because transaction inputs, like currency notes, cannot be divided. If you purchase a $5 US dollar item in a store but use a $20 US dollar bill to pay for the item, you expect to receive $15 US dollars in change. The same concept applies to bitcoin transaction inputs. If you purchased an item that costs 5 bitcoin but only had a 20 bitcoin input to use, you would send one output of 5 bitcoin to the store owner and one output of 15 bitcoin back to yourself as change (less any applicable transaction fee). Importantly, the change address does not have to be the same address as that of the input and for privacy reasons is often a new address from the owner’s wallet.

在比特币的交易输出中，包括两个地址，一个是转账目标对象的地址，一个是接收零钱的地址。转账目标对象就是你把钱给谁，这里就是他的地址；接受零钱的地址，就是你自己的地址，用于接收零钱。为什么要接收零钱？是因为输入的交易有时候不可以拆分，别人给你的钱和你要花的钱数目不一样，于是你在零钱地址上，接收找回的零钱。当然找零钱的接收地址可以和用户的输入的地址不一样，这样可以保护隐私。

Different wallets may use different strategies when aggregating inputs to make a payment requested by the user. They might aggregate many small inputs, or use one that is equal to or larger than the desired payment. Unless the wallet can aggregate inputs in such a way to exactly match the desired payment plus transaction fees, the wallet will need to generate some change. This is very similar to how people handle cash. If you always use the largest bill in your pocket, you will end up with a pocket full of loose change. If you only use the loose change, you’ll always have only big bills. People subconsciously find a balance between these two extremes, and bitcoin wallet developers strive to program this balance.

正因为我们收到的钱是很多不同数额组成的，于是不同的钱包，会有不同的策略来花这些钱。当你要花钱的时候，有的先从大的输入开始花，有的先把小的输入凑在一起花。像你的钱包里同时有零钱和整钞，选择先花整钞的话，钱包里就会剩下很多零钱；如果你选择先花零钱的话，兜里就剩下一堆大额的整钞。

In summary, transactions move value from transaction inputs to transaction outputs. An input is a reference to a previous transaction’s output, showing where the value is coming from. A transaction output directs a specific value to a new owner’s bitcoin address and can include a change output back to the original owner. Outputs from one transaction can be used as inputs in a new transaction, thus creating a chain of ownership as the value is moved from owner to owner (see A chain of transactions, where the output of one transaction is the input of the next transaction).

最后做个总结，交易就是将代表货币的数值从一个交易的输入，移动到一个交易的输出。输入需要引用这笔交易的前一笔交易的输出，这样就可以显示钱从哪里来。交易的输出需要指出这笔钱到了哪一个新比特币账户上，同时，还有一个接受零钱的地址。这样一来，一笔笔的交易就可以通过输入和输出相互串联起来，于是就形成了一个钱的所有权的转移过程。

Common Transaction Forms

The most common form of transaction is a simple payment from one address to another, which often includes some “change” returned to the original owner. This type of transaction has one input and two outputs and is shown in Most common transaction.

Figure 5. Most common transaction

最常见的一种普通交易形式就是，一笔输入对应一笔输出，再加上一个找零的输出。

Another common form of transaction is one that aggregates several inputs into a single output (see Transaction aggregating funds). This represents the real-world equivalent of exchanging a pile of coins and currency notes for a single larger note. Transactions like these are sometimes generated by wallet applications to clean up lots of smaller amounts that were received as change for payments.

Figure 6. Transaction aggregating funds

另外一种是整合交易，其实就是化零为整。有点像我们把一堆零钱换成更大面额的纸币。有时候钱包会自己生成这样的交易用来将小数额的钱币转成一个整的大额。

Finally, another transaction form that is seen often on the bitcoin ledger is a transaction that distributes one input to multiple outputs representing multiple recipients (see Transaction distributing funds). This type of transaction is sometimes used by commercial entities to distribute funds, such as when processing payroll payments to multiple employees.

Figure 7. Transaction distributing funds

最后一种情况，有点像发工资，就是把一大笔输入资金，分别发到多个输出地址上，这种类型的交易通常会在商业机构同时处理多笔开支的时候使用。

Constructing a Transaction

Alice’s wallet application contains all the logic for selecting appropriate inputs and outputs to build a transaction to Alice’s specification. Alice only needs to specify a destination and an amount, and the rest happens in the wallet application without her seeing the details. Importantly, a wallet application can construct transactions even if it is completely offline. Like writing a check at home and later sending it to the bank in an envelope, the transaction does not need to be constructed and signed while connected to the bitcoin network.

当我们要开始交易的时候，我们需要指定收钱的地址以及转账的数额，接下来钱包会代替我们做剩下的工作，不过这里有一点值得注意的：在离线不联网的时候，交易也是可以完成的，就像我们以前写支票一样。

Getting the Right Inputs

Alice’s wallet application will first have to find inputs that can pay the amount she wants to send to Bob. Most wallets keep track of all the available outputs belonging to addresses in the wallet. Therefore, Alice’s wallet would contain a copy of the transaction output from Joe’s transaction, which was created in exchange for cash (see [getting_first_bitcoin]). A bitcoin wallet application that runs as a full-node client actually contains a copy of every unspent output from every transaction in the blockchain. This allows a wallet to construct transaction inputs as well as quickly verify incoming transactions as having correct inputs. However, because a full-node client takes up a lot of disk space, most user wallets run “lightweight” clients that track only the user’s own unspent outputs.

那你要转一笔钱的时候，首先要验证这笔钱是不是没有问题。如果钱包保存了所有节点的信息，那么他其实知道比特币所有区块里面每一笔没有花出去的钱的状态，这样只需要查询一下，就可以很快知道这笔钱有没有问题。

If the wallet application does not maintain a copy of unspent transaction outputs, it can query the bitcoin network to retrieve this information using a variety of APIs available by different providers or by asking a full-node using an application programming interface (API) call. Look up all the unspent outputs for Alice’s bitcoin address shows an API request, constructed as an HTTP GET command to a specific URL. This URL will return all the unspent transaction outputs for an address, giving any application the information it needs to construct transaction inputs for spending. We use the simple command-line HTTP client cURL to retrieve the response.

但是如果钱包存储了所有比特币节点的信息，数据量比较大，所以对于那些轻量级的钱包，只要向比特币网络发出请求，就可以获得更详细的信息。

Example 2. Look up all the unspent outputs for Alice’s bitcoin address

The response in Look up all the unspent outputs for Alice’s bitcoin address shows one unspent output (one that has not been yet) under the ownership of Alice’s address 1Cdid9KFAaatwczBwBttQcwXYCpvK8h7FK. The response includes the reference to the transaction in which this unspent output is contained (the payment from Joe) and its value in satoshis, at 10 million, equivalent to 0.10 bitcoin. With this information, Alice’s wallet application can construct a transaction to transfer that value to new owner addresses.

这里给出了一个网络请求得到的回复消息示例，里面说明了还没有花出去的那一笔钱来自于哪里。在第1章作者举了例子，Alice的钱是来自从Joe的购买。因为正好这笔交易的钱够花，所以不需要翻箱倒柜去把一批更小的钱凑在一起，不过因为要花的钱和钱包里的数额不一样，这两种情况都涉及到找零钱的问题。

As you can see, Alice’s wallet contains enough bitcoin in a single unspent output to pay for the cup of coffee. Had this not been the case, Alice’s wallet application might have to “rummage” through a pile of smaller unspent outputs, like picking coins from a purse until it could find enough to pay for the coffee. In both cases, there might be a need to get some change back, which we will see in the next section, as the wallet application creates the transaction outputs (payments).

Creating the Outputs

A transaction output is created in the form of a script that creates an encumbrance on the value and can only be redeemed by the introduction of a solution to the script. In simpler terms, Alice’s transaction output will contain a script that says something like, “This output is payable to whoever can present a signature from the key corresponding to Bob’s public address.” Because only Bob has the wallet with the keys corresponding to that address, only Bob’s wallet can present such a signature to redeem this output. Alice will therefore “encumber” the output value with a demand for a signature from Bob.

比特币的交易通过脚本创建，脚本规定了这笔钱可以由谁领取。当Alice要把钱转给Bob的时候，脚本上就会写明这笔钱只可以转给Bob，谁能出示可以证明Bob的私钥签名对应的地址，钱就归谁。

This transaction will also include a second output, because Alice’s funds are in the form of a 0.10 BTC output, too much money for the 0.015 BTC cup of coffee. Alice will need 0.085 BTC in change. Alice’s change payment is created by Alice’s wallet as an output in the very same transaction as the payment to Bob. Essentially, Alice’s wallet breaks her funds into two payments: one to Bob and one back to herself. She can then use (spend) the change output in a subsequent transaction.

交易还会包括第二个输出，就是零钱。找回的零钱，在下一笔交易中可以继续使用。

Finally, for the transaction to be processed by the network in a timely fashion, Alice’s wallet application will add a small fee. This is not explicit in the transaction; it is implied by the difference between inputs and outputs. If instead of taking 0.085 in change, Alice creates only 0.0845 as the second output, there will be 0.0005 BTC (half a millibitcoin) left over. The input’s 0.10 BTC is not fully spent with the two outputs, because they will add up to less than 0.10. The resulting difference is the transaction fee that is collected by the miner as a fee for validating and including the transaction in a block to be recorded on the blockchain.

但是输入和输出的额度加起来不完全相等，这个差额就是手续费，手续费由矿工收取，矿工要把这些交易打包到一个区块中。

The resulting transaction can be seen using a blockchain explorer web application, as shown in Alice’s transaction to Bob’s Cafe.

Figure 8. Alice’s transaction to Bob’s Cafe

Adding the Transaction to the Ledger

The transaction created by Alice’s wallet application is 258 bytes long and contains everything necessary to confirm ownership of the funds and assign new owners. Now, the transaction must be transmitted to the bitcoin network where it will become part of the blockchain. In the next section we will see how a transaction becomes part of a new block and how the block is “mined.” Finally, we will see how the new block, once added to the blockchain, is increasingly trusted by the network as more blocks are added.

这笔交易完成之后，形成的数据大小是258个字节，它们包括了关于“钱的所有权转移”的全部数据。掌握这些数据，你就知道这笔钱是由谁，在什么时候，转移给了谁。下一节将会介绍着这笔交易将如何被打包进区块。

Transmitting the transaction

Because the transaction contains all the information necessary to process, it does not matter how or where it is transmitted to the bitcoin network. The bitcoin network is a peer-to-peer network, with each bitcoin client participating by connecting to several other bitcoin clients. The purpose of the bitcoin network is to propagate transactions and blocks to all participants.

由于这笔交易包括了所有必要的信息，所以，无论以什么方式传播到比特币网络，其实都没有关系，反正比特币是要把所有的交易广播给所有的人。

How it propagates

Any system, such as a server, desktop application, or wallet, that participates in the bitcoin network by “speaking” the bitcoin protocol is called a bitcoin node. Alice’s wallet application can send the new transaction to any bitcoin node it is connected to over any type of connection: wired, WiFi, mobile, etc. Her bitcoin wallet does not have to be connected to Bob’s bitcoin wallet directly and she does not have to use the internet connection offered by the cafe, though both those options are possible, too. Any bitcoin node that receives a valid transaction it has not seen before will immediately forward it to all other nodes to which it is connected, a propagation technique known as flooding. Thus, the transaction rapidly propagates out across the peer-to-peer network, reaching a large percentage of the nodes within a few seconds.

在比特币中交易如何传播呢？如果有一个比特币网络节点收到了一个他从来没有遇到过的交易，就立即把这个交易转发给与其建立连接的节点，这个技术也被称为泛洪。这样一来，交易的比特币网络中传播速度很快，一个交易可能在几秒钟之内就可以遍布全网。所以当Alice把钱转给Bob的时候，两个人并不需要直接连接，只要各自连接到比特币在网络当中，就能很快收到交易信息了；甚至不需要连网，也可以完成交易。

Bob’s view

If Bob’s bitcoin wallet application is directly connected to Alice’s wallet application, Bob’s wallet application might be the first node to receive the transaction. However, even if Alice’s wallet sends the transaction through other nodes, it will reach Bob’s wallet within a few seconds. Bob’s wallet will immediately identify Alice’s transaction as an incoming payment because it contains outputs redeemable by Bob’s keys. Bob’s wallet application can also independently verify that the transaction is well formed, uses previously unspent inputs, and contains sufficient transaction fees to be included in the next block. At this point Bob can assume, with little risk, that the transaction will shortly be included in a block and confirmed.

站在双方的角度，他会看到什么场景呢？如果Bob是直接和Alice连在一起的，他就是第一个收到交易信息的人。但是，即使不是第一个收到交易消息的人没有关系，因为Alice的这笔钱，只能由Bob来领取。此时只要数据通过验证，即可以大概率确认这笔交易是可靠的。

Tip: A common misconception about bitcoin transactions is that they must be “confirmed” by waiting 10 minutes for a new block, or up to 60 minutes for a full six confirmations. Although confirmations ensure the transaction has been accepted by the whole network, such a delay is unnecessary for small-value items such as a cup of coffee. A merchant may accept a valid small-value transaction with no confirmations, with no more risk than a credit card payment made without an ID or a signature, as merchants routinely accept today.

这里需要注意的是，虽然我们说要等到交易被纳入新的区块中，并且有六个确认之后，才能相信交易靠谱，但是对于小额支付，其实完全可以不用等待，这个风险并不会比信用卡在没有签名时进行支付的风险大。

Bitcoin Mining

Alice’s transaction is now propagated on the bitcoin network. It does not become part of the blockchain until it is verified and included in a block by a process called mining. See [mining] for a detailed explanation.

这里讲的是比特币的挖矿的过程。比特币的信任是建立在计算之上的。这种计算的特点是，如果你要证明是对的，那么需要有很大的工作量，但是如果你想要验证证明是否正确，只需要非常少的计算量。

这有点像在生活中，果我们想体悟到一个道理，往往要经历非常多的挫折；如果我们听一个道理，感觉很有道理，是非常容易的事情。在生活中你会看到很多人经常说，为什么道理我都懂，但是却过不好这一生，因为听一个道理就会感觉自己懂，这叫容易验证，但是要能体悟这个道理，是要经过大量计算的。

The bitcoin system of trust is based on computation. Transactions are bundled into blocks, which require an enormous amount of computation to prove, but only a small amount of computation to verify as proven. The mining process serves two purposes in bitcoin:

Mining nodes validate all transactions by reference to bitcoin’s consensus rules. Therefore, mining provides security for bitcoin transactions by rejecting invalid or malformed transactions.
Mining creates new bitcoin in each block, almost like a central bank printing new money. The amount of bitcoin created per block is limited and diminishes with time, following a fixed issuance schedule.

挖矿做两件事情，第一件是验证一个区块内所有交易符合规则，把所有不合规的交易拒绝掉；第二件事情就是创造新比特币，就像中央银行发行新货币一样，不过比特币发行的速度会随着时间而降低。

Mining achieves a fine balance between cost and reward. Mining uses electricity to solve a mathematical problem. A successful miner will collect a reward in the form of new bitcoin and transaction fees. However, the reward will only be collected if the miner has correctly validated all the transactions, to the satisfaction of the rules of consensus. This delicate balance provides security for bitcoin without a central authority.

A good way to describe mining is like a giant competitive game of sudoku that resets every time someone finds a solution and whose difficulty automatically adjusts so that it takes approximately 10 minutes to find a solution. Imagine a giant sudoku puzzle, several thousand rows and columns in size. If I show you a completed puzzle you can verify it quite quickly. However, if the puzzle has a few squares filled and the rest are empty, it takes a lot of work to solve! The difficulty of the sudoku can be adjusted by changing its size (more or fewer rows and columns), but it can still be verified quite easily even if it is very large. The “puzzle” used in bitcoin is based on a cryptographic hash and exhibits similar characteristics: it is asymmetrically hard to solve but easy to verify, and its difficulty can be adjusted.

关于挖矿这部分，我们在《比特币白皮书解析》中有过讨论，这里做一个复习。比特币通过调整你挖矿的参数来平衡挖矿的代价以及回报。作者用了一个数独的游戏来代表它的复杂性。比特币的挖矿可以借助我们生活经验来理解，在中学考试中，老师出的题目，整体应该难度适中。如果太难了，平均分太低不行，属于教学事故，如果太容易，平均分太高也不行，算是明显放水。所以要合适地选择难度，让不同的学生可以区分度。而且每一年的高考试题也要随着学生的平均水平而不断调整，20年前的高考难度和现在的高考难度肯定会不一样，因为学生整体水平也不同了。

In [user-stories], we introduced Jing, an entrepreneur in Shanghai. Jing runs a mining farm, which is a business that runs thousands of specialized mining computers, competing for the reward. Every 10 minutes or so, Jing’s mining computers compete against thousands of similar systems in a global race to find a solution to a block of transactions. Finding such a solution, the so-called Proof-of-Work (PoW), requires quadrillions of hashing operations per second across the entire bitcoin network. The algorithm for Proof-of-Work involves repeatedly hashing the header of the block and a random number with the SHA256 cryptographic algorithm until a solution matching a predetermined pattern emerges. The first miner to find such a solution wins the round of competition and publishes that block into the blockchain.

Jing started mining in 2010 using a very fast desktop computer to find a suitable Proof-of-Work for new blocks. As more miners started joining the bitcoin network, the difficulty of the problem increased rapidly. Soon, Jing and other miners upgraded to more specialized hardware, such as high-end dedicated graphical processing units (GPUs) cards such as those used in gaming desktops or consoles. At the time of this writing, the difficulty is so high that it is profitable only to mine with application-specific integrated circuits (ASIC), essentially hundreds of mining algorithms printed in hardware, running in parallel on a single silicon chip. Jing’s company also participates in a mining pool, which much like a lottery pool allows several participants to share their efforts and rewards. Jing’s company now runs a warehouse containing thousands of ASIC miners to mine for bitcoin 24 hours a day. The company pays its electricity costs by selling the bitcoin it is able to generate from mining, creating some income from the profits.

比特币挖矿，是一场算力的军备竞赛。第一个解出难题的人，将获得这个比特币，并且将结果公诸于众。随着竞赛的不断升级，挖矿的硬件也不断升级，比特币生产的速度变快以后，算法会增加难度，确保平衡，消耗的电能也更多。这里作者举了一个专门从事挖矿生意的例子，挖出比特币在支付矿机电费后，可以带来一些利润。

Mining Transactions in Blocks

New transactions are constantly flowing into the network from user wallets and other applications. As these are seen by the bitcoin network nodes, they get added to a temporary pool of unverified transactions maintained by each node. As miners construct a new block, they add unverified transactions from this pool to the new block and then attempt to prove the validity of that new block, with the mining algorithm (Proof-of-Work). The process of mining is explained in detail in [mining].

新交易持续输入到比特币网络当中，形成一个交易池。当矿工要开始挖矿的时候，就从交易池当中选出交易，并且根据工作量证明的挖矿算法，开始干活。

Transactions are added to the new block, prioritized by the highest-fee transactions first and a few other criteria. Each miner starts the process of mining a new block of transactions as soon as he receives the previous block from the network, knowing he has lost that previous round of competition. He immediately creates a new block, fills it with transactions and the fingerprint of the previous block, and starts calculating the Proof-of-Work for the new block. Each miner includes a special transaction in his block, one that pays his own bitcoin address the block reward (currently 12.5 newly created bitcoin) plus the sum of transaction fees from all the transactions included in the block. If he finds a solution that makes that block valid, he “wins” this reward because his successful block is added to the global blockchain and the reward transaction he included becomes spendable. Jing, who participates in a mining pool, has set up his software to create new blocks that assign the reward to a pool address. From there, a share of the reward is distributed to Jing and other miners in proportion to the amount of work they contributed in the last round.

交易加入新的区块中，根据交易费用高的优先以及其他原则。每个矿工努力挖矿，一旦收到了新的区块，就意味当前挖矿失败，马上开始新的一轮挖矿竞赛。而一旦挖矿成功，这个成功的区块就会加入到主链上。

Alice’s transaction was picked up by the network and included in the pool of unverified transactions. Once validated by the mining software it was included in a new block, called a candidate block, generated by Jing’s mining pool. All the miners participating in that mining pool immediately start computing Proof-of-Work for the candidate block. Approximately five minutes after the transaction was first transmitted by Alice’s wallet, one of Jing’s ASIC miners found a solution for the candidate block and announced it to the network. Once other miners validated the winning block they started the race to generate the next block.

Jing’s winning block became part of the blockchain as block #277316, containing 419 transactions, including Alice’s transaction. The block containing Alice’s transaction is counted as one “confirmation” of that transaction.

Approximately 19 minutes later, a new block, #277317, is mined by another miner. Because this new block is built on top of block #277316 that contained Alice’s transaction, it added even more computation to the blockchain, thereby strengthening the trust in those transactions. Each block mined on top of the one containing the transaction counts as an additional confirmation for Alice’s transaction. As the blocks pile on top of each other, it becomes exponentially harder to reverse the transaction, thereby making it more and more trusted by the network.

在本文的例子里，Alice和Bob的交易被纳入至编号277316区块，这个区块挖出以后，比特币网络的矿工开始挖277317区块。

In the diagram in Alice’s transaction included in block #277316, we can see block #277316, which contains Alice’s transaction. Below it are 277,316 blocks (including block #0), linked to each other in a chain of blocks (blockchain) all the way back to block #0, known as the genesis block. Over time, as the “height” in blocks increases, so does the computation difficulty for each block and the chain as a whole. The blocks mined after the one that contains Alice’s transaction act as further assurance, as they pile on more computation in a longer and longer chain. By convention, any block with more than six confirmations is considered irrevocable, because it would require an immense amount of computation to invalidate and recalculate six blocks. We will examine the process of mining and the way it builds trust in more detail in [mining].

区块链的高度不断积累，当一个区块后面又累加了六个区块的时候，要更改这个区块的概率就已经很小了，已经算是可以信任的了。

Figure 9. Alice’s transaction included in block #277316

Spending the Transaction

Now that Alice’s transaction has been embedded in the blockchain as part of a block, it is part of the distributed ledger of bitcoin and visible to all bitcoin applications. Each bitcoin client can independently verify the transaction as valid and spendable. Full-node clients can track the source of the funds from the moment the bitcoin were first generated in a block, incrementally from transaction to transaction, until they reach Bob’s address. Lightweight clients can do what is called a simplified payment verification (see [spv_nodes]) by confirming that the transaction is in the blockchain and has several blocks mined after it, thus providing assurance that the miners accepted it as valid.

注意当一笔交易纳入区块并挂到主链上以后，就成为了分布式的账簿的一部分，于是所有人都可以查到了。Bob收到钱以后，就可以拿来花了。Bob可以直接花这笔钱，也可以和他从其他渠道收到了比特币，凑在一起花。而这样就回到了我们本章开篇Alice花钱时候的流程了。

Bob can now spend the output from this and other transactions. For example, Bob can pay a contractor or supplier by transferring value from Alice’s coffee cup payment to these new owners. Most likely, Bob’s bitcoin software will aggregate many small payments into a larger payment, perhaps concentrating all the day’s bitcoin revenue into a single transaction. This would aggregate the various payments into a single output (and a single address). For a diagram of an aggregating transaction, see Transaction aggregating funds.

As Bob spends the payments received from Alice and other customers, he extends the chain of transactions. Let’s assume that Bob pays his web designer Gopesh in Bangalore for a new website page. Now the chain of transactions will look like Alice’s transaction as part of a transaction chain from Joe to Gopesh.

Figure 10. Alice’s transaction as part of a transaction chain from Joe to Gopes

In this chapter, we saw how transactions build a chain that moves value from owner to owner. We also tracked Alice’s transaction, from the moment it was created in her wallet, through the bitcoin network and to the miners who recorded it on the blockchain. In the rest of this book, we will examine the specific technologies behind wallets, addresses, signatures, transactions, the network, and finally mining.

本章梳理了交易与链的关系，以及钱是如何在用户之间转移的。并且以Alice的一笔交易为例，追踪了交易的创建、网络传播以及挖矿的过程。下一节交传讨论钱包、地址、签名网络以及挖矿的细节。

欢迎大家关注我的新微信公众号，“刻意学习区块链”，我会把我所有关于区块链和比特币学习解析的文章，汇总在上面便于检索，这是ScalersTalk成长持续论的一个分叉。搜索“刻意学习区块链”或者长按扫二维码关注。