首页 > 快讯 > 正文

比特币闪电网络如何使用

1、

TheBitcoinLightningNetworkScalableO-ChainInstantPaymentsJosephPworkThaddeusDryjarxawsomnet.orgNovember20,2015DRAFTVersion1AbstractThebitcoinprotocolcanencompasstheglobalnancialtransac-tionvolumeinallelectronicpaymentsystemstoday,withoutasinglecustodialthirdpartyholdingfundsorrequiringparticipantstohaveanythingmorethanacomputerusingabroadbandconnection.Adecentralizedsystemisproposedwherebytransactionsaresentoveranetworkofmicropaymentchannelsa.k.a.paymentchannelsortransactionchannelswhosetransferofvalueoccurso-blockchain.IfBitcointransactionscanbesignedwithanewsighashtypethataddressesmalleability,thesetransfersmayoccurbetweenuntrustedpartiesalongthetransferroutebycontractswhich,intheeventofun-cooperativeorhostileparticipants,areenforceableviabroadcastoverthebitcoinblockchainintheeventofuncooperativeorhostilepartici-pants,throughaseriesofdecrementingtimelocks.1TheBitcoinBlockchainScalabilityProblemTheBitcoin[1]blockchainholdsgreatpromisefordistributedledgers,buttheblockchainasapaymentplat,byitself,cannotcovertheworld’scommerceanytimeinthenearfuture.Theblockchainisagossipprotocolwherebyallstatemodicationstotheledgerarebroadcasttoallpartic-ipants.Itisthroughthis\gossipprotocol“thatconsensusofthestate,everyone’sbalances,isagreedupon.Ifeachnodeinthebitcoinnetworkmustknowabouteverysingletransactionthatoccursglobally,thatmay1createasignicantdragontheabilityofthenetworktoencompassallglobalnancialtransactions.Itwouldinsteadbedesirabletoencompassalltransactionsinawaythatdoesn’tsacricethedecentralizationandsecuritythatthenetworkprovides.ThepaymentnetworkVisaachieved47,000peaktransactionspersec-ondtpsonitsnetworkduringthe2013holidays[2],andcurrentlyaverageshundredsofmillionsperday.Currently,Bitcoinsupportslessthan7trans-actionspersecondwitha1megabyteblocklimit.Ifweuseanaverageof300bytesperbitcointransactionandassumedunlimitedblocksizes,anequiva-lentcapacitytopeakVisatransactionvolumeof47,000/tpswouldbenearly8gigabytesperBitcoinblock,everytenminutesonaverage.Continuously,thatwouldbeover400terabytesofdataperyear.Clearly,achievingVisa-likecapacityontheBitcoinnetworkisn’tfea-sibletoday.Nohomecomputerintheworldcanoperatewiththatkindofbandwidthandstorage.IfBitcoinistoreplaceallelectronicpaymentsinthefuture,andnotjustVisa,itwouldresultinoutrightcollapseoftheBit-coinnetwork,oratbest,extremecentralizationofBitcoinnodesandminerstotheonlyoneswhocouldaordit.ThiscentralizationwouldthendefeataspectsofnetworkdecentralizationthatmakeBitcoinsecure,astheabil-ityforentitiestovalidatethechainiswhatallowsBitcointoensureledgeraccuracyandsecurity.Havingfewervalidatorsduetolargerblocksnotonlyimpliesfewerindividualsensuringledgeraccuracy,butalsoresultsinfewerentitiesthatwouldbeabletovalidatetheblockchainaspartoftheminingprocess,whichresultsinencouragingminercentralization.Extremelylargeblocks,forexampleintheabovecaseof8gigabytesevery10minutesonaverage,wouldimplythatonlyafewpartieswouldbeabletodoblockvalidation.Thiscreatesagreatpossibilitythatentitieswillenduptrustingcentralizedparties.Havingprivileged,trustedpartiescreatesasocialtrapwherebythecentralpartywillnotactintheinterestofanindividualprincipal-agentproblem,e.g.rentierismbycharginghigherfeestomitigatetheincentivetoactdishonestly.Inextremecases,thismanifestsasindividualssendingfundstocentralizedtrustedcustodianswhohavefullcustodyofcustomers’funds.Sucharrangements,asarecommontoday,createseverecounterpartyrisk.Aprerequisitetopreventthatkindofcentralizationfromoccurringwouldrequiretheabilityforbitcointobevalidatedbyasingle2consumer-levelcomputeronahomebroadbandconnection.Byensuringthatfullvalidationcanoccurcheaply,Bitcoinnodesandminerswillbeabletopreventextremecentralizationandtrust,whichensuresextremelylowtransactionfees.WhileitispossiblethatMoore’sLawwillcontinueindenitely,andthecomputationalcapacityfornodestocost-eectivelycomputemulti-gigabyteblocksmayexistinthefuture,itisnotacertainty.Toachievemuchhigherthan47,000transactionspersecondusingBitcoinrequiresconductingtransactionsotheBitcoinblockchainitself.Itwouldbeevenbetterifthebitcoinnetworksupportedanear-unlimitednum-beroftransactionspersecondwithextremelylowfeesformicropayments.Manymicropaymentscanbesentsequentiallybetweentwopartiestoen-ableanysizeofpayments.Micropaymentswouldenableunbunding,lesstrustandcommodicationofservices,suchaspaymentsforper-megabyteinternetservice.Tobeabletoachievethesemicropaymentusecases,how-ever,wouldrequireseverelyreducingtheamountoftransactionsthatendupbeingbroadcastontheglobalBitcoinblockchain.Whileitispossibletoscaleatasmalllevel,itisabsolutelynotpossibletohandlealargeamountofmicropaymentsonthenetworkortoencompassallglobaltransactions.Forbitcointosucceed,itrequirescondencethatifitweretobecomeextremelypopular,itscurrentadvantagesstemmingfromdecentralizationwillcontinuetoexist.InorderforpeopletodaytobelievethatBitcoinwillworktomorrow,Bitcoinneedstoresolvetheissueofblocksizecentralizationeects;largeblocksimplicitlycreatetrustedcustodiansandsignicantlyhigherfees.2ANetworkofMicropaymentChannelsCanSolveScalability\Ifatreefallsintheforestandnooneisaroundtohearit,doesitmakeasound“Theabovequotequestionstherelevanceofunobservedevents|ifnobodyhearsthetreefall,whetheritmadeasoundornotisofnoconse-quence.Similarly,intheblockchain,ifonlytwoparticipantscareaboutaneverydayrecurringtransaction,it’snotnecessaryforallothernodesinthe3bitcoinnetworktoknowaboutthattransaction.Itisinsteadpreferabletoonlyhavethebareminimumofinationontheblockchain.Bydefer-ringtellingtheentireworldabouteverytransaction,doingnetsettlementoftheirrelationshipatalaterdateenablesBitcoinuserstoconductmanytransactionswithoutbloatinguptheblockchainorcreatingtrustinacen-tralizedcounterparty.Aneectivelytrustlessstructurecanbeachievedbyusingtimelocksasacomponenttoglobalconsensus.Currentlythesolutiontomicropaymentsandscalabilityistoooadthetransactionstoacustodian,wherebyoneistrustingthirdpartycustodi-anstoholdone’scoinsandtoupdatebalanceswithotherparties.Trustingthirdpartiestoholdallofone’sfundscreatescounterpartyriskandtrans-actioncosts.Instead,usinganetworkofthesemicropaymentchannels,Bitcoincanscaletobillionsoftransactionsperdaywiththecomputationalpoweravailableonamoderndesktopcomputertoday.Sendingmanypaymentsinsideagivenmicropaymentchannelenablesonetosendlargeamountsoffundstoanotherpartyinadecentralizedmanner.Thesechannelsarenotaseparatetrustednetworkontopofbitcoin.Theyarerealbitcointransactions.Micropaymentchannels[3][4]createarelationshipbetweentwopar-tiestoperpetuallyupdatebalances,deferringwhatisbroadcasttotheblockchaininasingletransactionnettingoutthetotalbalancebetweenthosetwoparties.Thispermitsthenancialrelationshipsbetweentwopar-tiestobetrustlesslydeferredtoalaterdate,withoutriskofcounterpartydefault.Micropaymentchannelsuserealbitcointransactions,onlyelectingtodeferthebroadcasttotheblockchaininsuchawaythatbothpartiescanguaranteetheircurrentbalanceontheblockchain;thisisnotatrustedoverlaynetwork|paymentsinmicropaymentchannelsarerealbitcoincom-municatedandexchangedo-chain.1MicropaymentChannelsDoNotRequireTrustLiketheage-oldquestionofwhetherthetreefallinginthewoodsmakesasound,ifallpartiesagreethatthetreefellat245intheafternoon,thenthetreereallydidfallat245intheafternoon.Similarly,ifbothcounterpartiesagreethatthecurrentbalanceinsideachannelis07BTCtoAliceand034BTCtoBob,thenthat’sthetruebalance.However,withoutcryptography,aninterestingproblemiscreatedIfone’scounterpartydisagreesaboutthecurrentbalanceoffundsortimethetreefell,thenitisone’swordagainstanother.Withoutcryptographicsignatures,theblockchainwillnotknowwhoownswhat.Ifthebalanceinthechannelis05BTCtoAliceand05BTCtoBob,andthebalanceafteratransactionis07BTCtoAliceand03BTCtoBob,thenetworkneedstoknowwhichsetofbalancesiscorrect.Blockchaintransactionssolvethisproblembyusingtheblockchainledgerasatimestampingsystem.Atthesametime,itisdesirabletocreateasys-temwhichdoesnotactivelyusethistimestampingsystemunlessabsolutelynecessary,asitcanbecomecostlytothenetwork.Instead,bothpartiescancommittosigningatransactionandnotbroadcastingthistransaction.SoifAliceandBobcommitfundsintoa2-of-2multisignatureaddresswhereitrequiresconsentfrombothpartiestocreatespends,theycanagreeonthecurrentbalancestate.AliceandBobcanagreetocreatearefundfromthat2-of-2transactiontothemselves,05BTCtoeach.Thisrefundisnotbroadcastontheblockchain.Eitherpartymaydoso,buttheymayelecttoinsteadholdontothattransaction,knowingthattheyareabletoredeemfundswhenevertheyfeelcomfortabledoingso.Bydeferringbroadcastofthistransaction,theymayelecttochangethisbalanceatafuturedate.Toupdatethebalance,bothpartiescreateanewspendfromthe2-of-2multisignatureaddress,forexample07toAliceand03toBob.Withoutproperdesign,though,thereisthetimestampingproblemofnotknowingwhichspendiscorrectthenewspendortheoriginalrefund.Therestrictionontimestampinganddates,however,isnotascom-plexasfullorderingofalltransactionsasinthebitcoinblockchain.Inthecaseofmicropaymentchannels,onlytwostatesarerequiredthecurrentcorrectbalance,andanyolddeprecatedbalances.Therewouldonlybeasinglecorrectcurrentbalance,andpossiblymanyoldbalanceswhicharedeprecated.Therefore,itispossibleinbitcointodeviseabitcoinscriptwherebyalloldtransactionsareinvalidated,andonlythenewtransactionisvalid.Invalidationisenforcedbyabitcoinoutputscriptanddependenttrans-actionswhichforcetheotherpartytogivealltheirfundstothechannel5counterparty.Bytakingallfundsasapenaltytogivetotheother,alloldtransactionsaretherebyinvalidated.Thisinvalidationprocesscanexistthroughaprocessofchannelcon-sensuswhereifbothpartiesagreeoncurrentledgerstatesandbuildingnewstates,thentherealbalancegetsupdated.Thebalanceisreectedontheblockchainonlywhenasinglepartydisagrees.Conceptually,thissystemisnotanindependentoverlaynetwork;itismoreadeferralofstateonthecurrentsystem,astheenforcementisstilloccurringontheblockchainitselfalbeitdeferredtofuturedatesandtransactions.2ANetworkofChannelsThus,micropaymentchannelsonlycreatearelationshipbetweentwoparties.Requiringeveryonetocreatechannelswitheveryoneelsedoesnotsolvethescalabilityproblem.Bitcoinscalabilitycanbeachievedusingalargenetworkofmicropaymentchannels.IfwepresumealargenetworkofchannelsontheBitcoinblockchain,andallBitcoinusersareparticipatingonthisgraphbyhavingatleastonechannelopenontheBitcoinblockchain,itispossibletocreateanear-inniteamountoftransactionsinsidethisnetwork.TheonlytransactionsthatarebroadcastedontheBitcoinblockchainprematurelyarewithuncooperativechannelcounterparties.ByencumberingtheBitcointransactionoutputswithahashlockandtimelock,thechannelcounterpartywillbeunabletooutrightstealfundsandBitcoinscanbeexchangedwithoutoutrightcounterpartytheft.Fur-ther,byusingstaggeredtimeouts,it’spossibletosendfundsviamultipleintermediariesinanetworkwithouttheriskofintermediarytheftoffunds.3BidirectionalPaymentChannelsMicropaymentchannelspermitasimpledeferralofatransactionstatetobebroadcastatalatertime.Thecontractsareenforcedbycreatingaresponsibilityforonepartytobroadcasttransactionsbeforeoraftercertaindates.Iftheblockchainisadecentralizedtimestampingsystem,itispossibletouseclocksasacomponentofdecentralizedconsensus[5]todeterminedatavalidity,aswellaspresentstatesasatoorderevents[6].6Bycreatingtimeframeswherecertainstatescanbebroadcastandlaterinvalidated,itispossibletocreatecomplexcontractsusingbitcointransactionscripts.TherehasbeenpriorworkforHub-and-SpokeMicro-paymentChannels[7][8][9]andtrustedpaymentchannelnetworks[10][11]lookingatbuildingahub-and-spokenetworktoday.However,LightningNetwork’sbidirectionalmicropaymentchannelrequiresthemalleabilitysoft-forkdescribedinAppendixAtoenablenear-innitescalabilitywhilemiti-gatingrisksofintermediatenodedefault.Bychainingtogethermultiplemicropaymentchannels,itispossibletocreateanetworkoftransactionpaths.PathscanberoutedusingaBGP-likesystem,andthesendermaydesignateaparticularpathtotherecipient.Theoutputscriptsareencumberedbyahash,whichisgeneratedbytherecipient.Bydisclosingthetothathash,therecipient’scounterpartywillbeabletopullfundsalongtheroute.1TheProblemofBlameinChannelCreationInordertoparticipateinthispaymentnetwork,onemustcreateamicro-paymentchannelwithanotherparticipantonthisnetwork.1CreatinganUnsignedFundingTransactionAninitialchannelFundingTransactioniscreatedwherebyoneorbothchan-nelcounterpartiesfundthesofthistransaction.Bothpartiescreatethesandoutputsforthistransactionbutdonotsignthetransaction.TheoutputforthisFundingTransactionisasingle2-of-2multisigna-turescriptwithbothparticipantsinthischannel,henceforthnamedAliceandBob.BothparticipantsdonotexchangesignaturesfortheFundingTransactionuntiltheyhavecreatedspendsfromthis2-of-2outputrefund-ingtheoriginalamountbacktoitsrespectivefunders.Thepurposeofnotsigningthetransactionallowsforonetospendfromatransactionwhichdoesnotyetexist.IfAliceandBobexchangethesignaturesfromtheFund-ingTransactionwithoutbe。

猜你喜欢
发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论信息