mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-11-23 00:28:14 +00:00
197 lines
17 KiB
Plaintext
197 lines
17 KiB
Plaintext
[[ch7]]
|
|
== Chapter 7 - The Blockchain
|
|
|
|
*DRAFT - DO NOT SUBMIT ISSUES OR PULL REQUESTS YET PLEASE - CONSTANT CHANGES HAPPENING*
|
|
|
|
[[blockchain]]
|
|
=== The Blockchain
|
|
|
|
The blockchain data structure is an ordered linked list of blocks of transactions. The blockchain can be stored as a flat file, or in a simple database. The bitcoin core client stores the blockchain metadata using Google's LevelDB database.
|
|
|
|
Each block within the blockchain is identified by a hash, generated using the SHA256 cryptographic hash algorithm on the header of the block. Each block also references a previous block, known as the _parent_ block, through the "previous block hash" field in the block header. In other words, each block contains the hash of its parent inside its own header. The sequence of hashes linking each block to its parent, creates a chain going back all the way to the first block ever created, known as the _genesis block_. A block can have multiple children, each of which refers to it as its parent and contains the same hash in the "previous block hash" field. However, since a block only hash one single "previous block hash", that means each block can only have one parent. {one of which will win out while the others die...}
|
|
|
|
The hash of the parent is also part of the data (the block header) that creates the hash of the child, making the ancestry of each block an immutable part of its identity. The chain of hashes guarantees that a block cannot be modified retrospectively without forcing the re-computation of all following blocks (children), because a retrospective change in any block would change its hash, thereby changing the reference in any children whose hash also changes, and so on. As new blocks are added to the chain, they strengthen the immutability of the ledger by effectively incorporating all previous blocks by reference in their cryptographic hash.
|
|
|
|
=== Structure of a Block
|
|
|
|
A block is a container data structure that aggregates transactions for inclusion in the public ledger, the blockchain. The block is made of a header, containing metadata, followed by a long list of transactions that make up the bulk of it's size. The block header is 80 bytes, whereas the average transaction is at least 250 bytes and the average block contains more than 500 transactions. A complete block, with all transactions, is therefore 1000 times larger than the block header.
|
|
|
|
[[block_structure]]
|
|
.The structure of a block
|
|
[options="header"]
|
|
|=======
|
|
|Size| Field | Description
|
|
| 4 bytes | Block Size | The size of the block, in bytes, following this field
|
|
| 80 bytes | Block Header | Several fields form the block header (see below)
|
|
| 1-9 bytes (VarInt) | Transaction Counter | How many transactions follow
|
|
| Variable | Transactions | The transactions recorded in this block
|
|
|=======
|
|
|
|
[[block_header]]
|
|
=== Block Header
|
|
|
|
The block header consists of three sets of block metadata. First, there is a reference to a previous block hash, which connects this block to the previous block in the blockchain. We will examine this in more detail in <<blockchain>>. The second set of metadata, namely the difficulty, timestamp and nonce, relate to the mining competition, as detailed in <<mining>>. The third piece of metadata is the Merkle Tree root, a data structure used to efficiently summarize all the transactions in the block.
|
|
|
|
[[block_structure]]
|
|
.The structure of the block header
|
|
[options="header"]
|
|
|=======
|
|
|Size| Field | Description
|
|
| 4 bytes | Version | A version number to track software/protocol upgrades
|
|
| 32 bytes | Previous Block Hash | A reference to the hash of the previous (parent) block in the chain
|
|
| 32 bytes | Merkle Root | A hash of the root of the Merkle-Tree of this block's transactions
|
|
| 4 bytes | Timestamp | The approximate creation time of this block (seconds from Unix Epoch)
|
|
| 4 bytes | Difficulty Target | The proof-of-work algorithm difficulty target for this block
|
|
| 4 bytes | Nonce | A counter used for the proof-of-work algorithm
|
|
|=======
|
|
|
|
The Nonce, Difficulty Target and Timestamp are used in the mining process and will be discussed in more detail in <<mining>>.
|
|
|
|
[[block_hash]]
|
|
=== Block Identifiers - Block Header Hash and Block Height
|
|
|
|
The primary identifier of a block is its cryptographic hash, a digital fingerprint, made by hashing the block header twice through the SHA256 algorithm. The resulting 32-byte hash, is called the _block hash_, but is more accurately the _block *header* hash_, as only the block header is used to compute it. For example, the block hash of the first bitcoin block ever created is +000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f+. The block hash identifies a block uniquely and unambiguously and can be independently derived by any node by simply hashing the block header.
|
|
|
|
Note that the block hash is not actually included inside the block's data structure, neither when the block is transmitted on the network, nor when it is stored on a node's persistence storage as part of the blockchain. Instead, the block's hash is computed by each node as the block is received from the network. On full nodes, the block hash may be stored in a separate database table as part of the block's metadata, to facilitate indexing and faster retrieval of block from disk.
|
|
|
|
A second way to identify a block is by its position in the blockchain, called the _block height_. The first block ever created is at block height 0 (zero), and is the same block that was referenced by the block hash +000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f+ {above - CHECK TO SEE IF ABOVE OR BELOW}. A block can thus be identified two ways, either by referencing the block hash, or by referencing the block height. Each subsequent block added "on top" of that first block is one position "higher" in the blockchain, like boxes stacked one on top of the other. The block height on January 1st 2014 was approximately 278,000, meaning there were 278,000 blocks stacked on top of the first block created in January 2009.
|
|
|
|
Unlike the block hash, the block height is not a unique identifier. While a single block will always have a specific and invariant block height, the reverse is not true - the block height does not always identify a single block. Two or more blocks may have the same block height, competing for the same position in the blockchain. This scenario is discussed in detail in the section on <<forks>>. The block height is also not a part of the block's data structure, it is not stored within the block. Each node dynamically identifies a block's position (height) in the blockchain when it is received from the bitcoin network. The block height may also be stored as metadata in an indexed database table for faster retrieval.
|
|
|
|
[TIP]
|
|
====
|
|
A block's _block hash_ always identifies a single block uniquely. A block also always has a specific _block height_. However, it is not always the case that a specific block height can identify a single block, rather more than one blocks can compete for a single position in the blockchain.
|
|
====
|
|
|
|
=== The Genesis Block
|
|
|
|
The first block in the blockchain is called the _genesis block_ and was created in 2009. It is the "common ancestor" of all the blocks in the blockchain, meaning that if you start at any block and follow the chain backwards in time you will eventually arrive at the _genesis block_.
|
|
|
|
Every node always starts with a blockchain of at least one block because the genesis block is statically encoded within the bitcoin client software, such that it cannot be altered. Every node always "knows" the genesis block's hash and structure, the fixed time it was created and even the single transaction within. Thus, every node has the starting point for the blockchain, a secure "root" from which to build a trusted blockchain.
|
|
|
|
See the statically encoded genesis block inside the Bitcoin Core client, in chainparams.cpp, line 123:
|
|
https://github.com/bitcoin/bitcoin/blob/master/src/chainparams.cpp#L123
|
|
|
|
The genesis block has the identifier hash +000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f+. You can search for that block hash in any block explorer website, such as blockchain.info, and you will find a page describing the contents of this block, with a URL containing that hash:
|
|
|
|
https://blockchain.info/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f
|
|
|
|
https://blockexplorer.com/block/000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f
|
|
|
|
Using the Bitcoin Core reference client on the command-line:
|
|
|
|
----
|
|
$ bitcoind getblock 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f
|
|
{
|
|
"hash" : "000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f",
|
|
"confirmations" : 308321,
|
|
"size" : 285,
|
|
"height" : 0,
|
|
"version" : 1,
|
|
"merkleroot" : "4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b",
|
|
"tx" : [
|
|
"4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b"
|
|
],
|
|
"time" : 1231006505,
|
|
"nonce" : 2083236893,
|
|
"bits" : "1d00ffff",
|
|
"difficulty" : 1.00000000,
|
|
"nextblockhash" : "00000000839a8e6886ab5951d76f411475428afc90947ee320161bbf18eb6048"
|
|
}
|
|
----
|
|
|
|
The genesis block contains a hidden message within it. The coinbase transaction input contains the text "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks". This message provides proof of the earliest date this block was created, by referencing the headline of the british newspaper _The Times_. It also serves as a tongue-in-cheek reminder of the importance of an independent monetary system, with bitcoin's launch occurring at the same time as an unprecedented worldwide monetary crisis. The message was embedded in the first block by Satoshi Nakamoto, bitcoin's creator.
|
|
|
|
=== Linking Blocks in the Blockchain
|
|
|
|
Bitcoin nodes maintain a local copy of the blockchain, starting at the genesis block. The local copy of the blockchain is constantly updated as new blocks are found and used to extend the chain. As a node receives incoming blocks from the network, it will validate these blocks and then link them to the existing blockchain. To establish a link, a node will examine the incoming block header and look for the "previous block hash".
|
|
|
|
Let's assume for example that a node has 277,314 blocks in the local copy of the blockchain. The last block the node knows about is block 277314, with a block header hash of +00000000000000027e7ba6fe7bad39faf3b5a83daed765f05f7d1b71a1632249+.
|
|
|
|
The bitcoin node then receives a new block from the network, which it parses as follows:
|
|
----
|
|
{
|
|
"size" : 43560,
|
|
"version" : 2,
|
|
"previousblockhash" :
|
|
"00000000000000027e7ba6fe7bad39faf3b5a83daed765f05f7d1b71a1632249",
|
|
"merkleroot" :
|
|
"5e049f4030e0ab2debb92378f53c0a6e09548aea083f3ab25e1d94ea1155e29d",
|
|
"time" : 1388185038,
|
|
"difficulty" : 1180923195.25802612,
|
|
"nonce" : 4215469401,
|
|
"tx" : [
|
|
"257e7497fb8bc68421eb2c7b699dbab234831600e7352f0d9e6522c7cf3f6c77",
|
|
|
|
[... many more transactions omitted ...]
|
|
|
|
"05cfd38f6ae6aa83674cc99e4d75a1458c165b7ab84725eda41d018a09176634"
|
|
]
|
|
}
|
|
----
|
|
|
|
Looking at this new block, the node finds the "previousblockhash" field, which contains the hash of its parent block. It is a hash known to the node, that of the last block on the chain at height 277314. Therefore, this new block is a child of the last block on the chain and extends the existing blockchain. The node adds this new block to the end of the chain, making the blockchain longer with a new height of 277,315.
|
|
|
|
[[chain_of_blocks]]
|
|
.Blocks linked in a chain, by reference to the previous block header hash
|
|
image::images/ChainOfBlocks.png["chain_of_blocks"]
|
|
|
|
[[merkle_trees]]
|
|
=== Merkle Trees
|
|
|
|
Each block in the bitcoin blockchain contains a summary of all the transactions in the block, using a _Merkle Tree_.
|
|
|
|
A _Merkle Tree_, also known as a _Binary Hash Tree_ is a data structure used for efficiently summarizing and verifying the integrity of large sets of data. Merkle Trees are binary trees containing cryptographic hashes. The term "tree" is used in computer science to describe a branching data structure, but these trees are usually displayed upside down with the "root" at the top and the "leaves" at the bottom of a diagram, as you will see in the examples that follow.
|
|
|
|
Merkle trees are used in bitcoin to summarize all the transactions in a block, producing an overall digital fingerprint of the entire set of transactions, which can be used to prove that a transaction is included in the set. A merkle tree is constructed by recursively hashing pairs of nodes until there is only one hash, called the _root_, or _merkle root_. The cryptographic hash algorithm used in bitcoin's merkle trees is SHA256 applied twice, also known as double-SHA256.
|
|
|
|
When N data elements are hashed and summarized in a Merkle Tree, you can check to see if any one data element is included in the tree with at most +2*log~2~(N)+ calculations, making this a very efficient data structure.
|
|
|
|
The merkle tree is constructed bottom-up. In the example below, we start with four transactions A, B, C and D, which form the _leaves_ of the Merkle Tree, shown in the diagram at the bottom. The transactions are not stored in the merkle tree, rather their data is hashed and the resulting hash is stored in each leaf node as H~A~, H~B~, H~C~ and H~D~:
|
|
|
|
+H~A~ = SHA256(SHA256(Transaction A))+
|
|
|
|
Consecutive pairs of leaf nodes are then summarized in a parent node, by concatenating the two hashes and hashing them together. For example, to construct the parent node H~AB~, the two 32-byte hashes of the children are concatenated to create a 64-byte string. That string is then double-hashed to produce the parent node's hash:
|
|
|
|
+H~AB~ = SHA256(SHA256(H~A~ + H~B~))+
|
|
|
|
The process continues until there is only one node at the top, the node known as the Merkle Root. That 32-byte hash is stored in the block header and summarizes all the data in all four transactions.
|
|
|
|
[[simple_merkle]]
|
|
.Calculating the nodes in a Merkle Tree
|
|
image::images/MerkleTree.png["merkle_tree"]
|
|
|
|
Since the merkle tree is a binary tree, it needs an even number of leaf nodes. If there is an odd number of transactions to summarize, the last transaction hash is duplicated to create an even number of leaf nodes, also known as a _balanced tree_. This is shown in the example below, where transaction C is duplicated:
|
|
|
|
[[merkle_tree_odd]]
|
|
.An even number of data elements, by duplicating one data element
|
|
image::images/MerkleTreeOdd.png["merkle_tree_odd"]
|
|
|
|
The same method for constructing a tree from four transactions can be generalized to construct trees of any size. In bitcoin it is common to have several hundred to more than a thousand transactions in a single block, which are summarized in exactly the same way producing just 32-bytes of data from a single merkle root. In the diagram below, you will see a tree built from 16 transactions. Note that while the root looks bigger than the leaf nodes in the diagram, it is the exact same size, just 32 bytes. Whether there is one transaction or a hundred thousand transactions in the block, the merkle root always summarizes them into 32 bytes:
|
|
|
|
[[merkle_tree_large]]
|
|
.A Merkle Tree summarizing many data elements
|
|
image::images/MerkleTreeLarge.png["merkle_tree_large"]
|
|
|
|
To prove that a specific transaction is included in a block, a node need only produce +log~2~(N)+ 32-byte hashes, constituting an _authentication path_ or _merkle path_ connecting the specific transaction to the root of the tree. This is especially important as the number of transactions increases, because the base-2 logarithm of the number of transactions increases much more slowly. This allows bitcoin nodes to efficiently produce paths of ten or twelve hashes (320-384 bytes) which can provide proof of a single transaction out of more than a thousand transactions in a megabyte sized block. In the example below, a node can prove that a transaction K is included in the block by producing a merkle path that is only four 32-byte hashes long (128 bytes total). The path consists of the four hashes H~L~, H~IJ~, H~MNOP~ and H~ABCDEFGH~. With those four hashes provided as an authentication path, any node can prove that H~K~ is included in the merkle root by computing four additional pair-wise hashes H~KL~, H~IJKL~ and H~IJKLMNOP~ that lead to the merkle root.
|
|
|
|
[[merkle_tree_path]]
|
|
.A Merkle Path used to prove inclusion of a data element
|
|
image::images/MerkleTreePathToK.png["merkle_tree_path"]
|
|
|
|
The efficiency of merkle trees becomes obvious as the scale increases. For example, proving that a transaction is part of a block requires:
|
|
|
|
[[block_structure]]
|
|
.Merkle Tree Efficiency
|
|
[options="header"]
|
|
|=======
|
|
|Number of Transactions| Approx. Size of Block | Path Size (Hashes) | Path Size (Bytes)
|
|
| 16 transactions | 4 kilobytes | 4 hashes | 128 bytes
|
|
| 512 transactions | 128 kilobytes | 9 hashes | 288 bytes
|
|
| 2048 transactions | 512 kilobytes | 11 hashes | 352 bytes
|
|
| 65,535 transactions | 16 megabytes | 16 hashes | 512 bytes
|
|
|=======
|
|
|
|
As you can see from the table above, while the block size increases rapidly, from 4KB with 16 transactions to a block size of 16 MB to fit 65,535 transactions, the merkle path required to prove the inclusion of a transaction increases much more slowly, from 128 bytes to only 512 bytes. With merkle trees, a node can download just the block headers (80 bytes per block) and still be able to identify a transaction's inclusion in a block by retrieving a small merkle path from a full node, without storing or transmitting the vast majority of the blockchain which may be several gigabytes in size. Nodes which do not maintain a full blockchain, called Simple Payment Verification or SPV nodes use merkle paths to verify transactions without downloading full blocks. s
|
|
|