A hashing algorithm in bitcoin implementation
It can be said that the entire implementation of Bitcoin is based on the existing and even many years of computer science in the field of technology or concepts of integration, hashing algorithm in the Bitcoin application is almost all aspects, mainly including SHA256 and RIPEMD160, Bitcoin combines the application of these two hashing algorithms into two functions: hash256 (d) =sha256 (sha256 (d)) and hash160 (d) =ripemd160 (sha256 (d)), where D is the byte array to be hashed, Both generate 256-bit (32-byte) and 160-bit (20-byte) 16 binary values, respectively. HASH256 is primarily used to generate tokens, such as block IDs, transaction IDs, and so on, while hash160 is primarily used to generate Bitcoin addresses.
It is worth mentioning that why are both functions doing two hashes? The answer to HASH160 's comparison is that ripemd160 can make the resulting address shorter, but a ripemd160 hash can be a security breach, so use sha256 as a security hardening As for hash256, the reason for using the two-time sha256 hashing algorithm is derived from the SHA1 algorithm, because a SHA1 hash is at risk of being attacked by a birthday attack (birthday attack), so when using the SHA1 operation an effective way is to do two SHA1 hashes, The sha256 itself does not have a birthday attack vulnerability, but the defensive use of the two-time sha256 hash is borrowed from SHA1.
Merck Tree
For example, the bitcoin light node, such as SPV, which only holds the chunk header information and has no transaction information, is how to verify which chunk the transaction exists in--the Merck tree. (Image from mastering bitcoin)
The basic principle of the Merck tree is to make a hash of the leaf node 22 pairing (if the leaf node is odd, then the last leaf is copied) to generate the parent node, and iterate the process to eventually generate a unique root node, Merkle root. If you want to verify that a leaf node exists in the Merck tree, you only need to pass in a node to the root node path Merkle path, while the SPV bitcoin node simply saves the root node. For example, if you want to verify whether K trading is in the block, we only need to pass the path HL, HIJ, Hmnop and HABCDEFGH.
Elliptic curve function ec (Elliptic Curve)
Bitcoin uses public-key cryptography to protect personal privacy, and the choice of elliptic curve functions to achieve, why the synthesis of EC is not very clear, but at least I think it is safe enough and efficient enough. In the implementation of Bitcoin, EC plays a role in three aspects, key pair generation, private key signature and signature verification.
The mathematical expression of elliptic curve is y2=x3+ax+b, the elliptic curve has two important characteristics, 1. Any non-perpendicular line intersects the curve at two o'clock, and the line must intersect the curve at 3rd; 2. The tangent of any non-perpendicular curve must intersect the curve at another point. According to these two characteristics, the point Q and P are the points on the curve, get the following definition, add operation: After Q and P line and curve intersect in 3rd R ', then Q+p=r, where R is the R ' point for the symmetric point of the x-axis; the same should be said to move the line so that Q and P points are constantly approaching and then to a point D, then the line tangent to the curve, according to feature 2, with the curve in a little R ', it is not difficult to draw D+d=r, where R is R ' point for the Multiply operation: Make q=ap, suppose A=3 is:
Q = 3PQ = P + 2P
In this way, the multiply operation is decomposed into two plus operations, i.e. intersection plus and tangent plus. Ellipse graph (image from mastering Bitcoin):
Now look at the Elliptic curve feature in the Bitcoin protocol, the version of the curve used in Bitcoin is a=0,b=7, that is, y2=x3+7, and in order to ensure that the function value is within a finite interval, the results are modeled in the actual EC application in order to obtain only the range of results, for example, the modulus is 7,8 MoD 7 = 1, the value of x MoD 7 is limited to 0 to 6. The EC in the Bitcoin protocol has the following parameter settings:
Modulus p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF fffffffe fffffc2f base point g= 79be667e F9dcbbac 55a06295 ce870b0 7 029BFCDB 2dce28d9 59f2815b 16f81798 483ada77 26a3c465 5da4fbfc 0e1108a8 fd17b448 A6855419 9c47d08f fb10d4b8 ordinal n = FFFFFF FF FFFFFFFF FFFFFFFF fffffffe BAAEDCE6 af48a03b bfd25e8c D0364141
These parameters are set through a lot of research, complex and subtle, these are huge values, making the inverse operation impossible, simply say P is the value of the curve, N is the maximum private key value We can obtain, that is, the private key must be less than the N value, according to, the process of calculating the public key is the multiplication of the G-point. The value of the G-point and N is based on that the slope of the straight line intersecting the elliptic curve is infinitely closer to the vertical when the value of the private key is infinitely close to N.
It's time to see how elliptic curves play a role in bitcoin three applications.
1. Key pair Generation
As mentioned above, public key = Private key XG, is the number of times the G-point is accumulated private key value, here is a small problem is that the above graph shows the continuous interval of the point distribution, but when the mold, we need to use a specific formula to achieve the purpose, set Q and P for the curve two points, then two points added to the curve R point is:
D = (qy-py)/(QX-PX)
Rx = D2-PX-QX
Ry = d (px-rx)-Py
At two points coincident at the tangent of a point Q the calculation formula of the intersection R becomes:
D = (3qx2 + a)/2Qy
Rx = D2-2QX
Ry = d (qx-rx)-Qy
As mentioned above, the process of multiplication is to divide the operation into numerous tangent and cross-line operations, which are calculated using the above two formulas respectively.
2. Signing data with the private key
For privacy protection, the transaction uses the private key signature instead of the private key to verify the attribution of a unspent, and to put aside the Bitcoin usage environment, then the signature operation is to use the private key da to encrypt a piece of data Z, as follows:
(1). Select a number k range greater than 0 less than n (the ordinal above, that is, the upper bound of the private key)
(2). Calculate point P (x, y) =k*g
(3). Calculate r=x mod N, if the R segment is 0, return to the first step to re-select
(4). Calculate s= (z+r*da)/k mod N, if the s segment is 0, return to the first step to recalculate
(5). Generated digital signature signature (r,s)
3. Digital signature Verification
The chain operation of Bitcoin transactions is the process of continuous private key signature and public key verification, with the above signature, the verification process is as follows (make the public key is DP):
(1). Verify that the R and s segments are before 0 and n
(2). Calculate W=S-1 mod n
(3). Calculate U1=Z*W mod n
(4). Calculate U2=R*W mod n
(5). Calculate p (x, y) =U1*G+U2*DP
(6). Verify R==X mod n, if the equation is not true, then the validation fails
As to why the validation process is valid, you can refer to this, simply by expanding the public key DP to Da*g, and then bringing the U1 and U2 definitions separately into the seek.
The arithmetic and mathematics behind the Bitcoin