文章暫時(shí)分為兩個(gè)部分：

一：寫這篇文章的目的
二：中英文對(duì)照

一：寫這篇文章的目的

比特幣白皮書是個(gè)經(jīng)典徒扶，翻譯這個(gè)簡(jiǎn)短的文章主要是為了提高一個(gè)臺(tái)階的訓(xùn)練自己的英語篷牌，就像每天跑步中最后一程去沖刺進(jìn)而提高自己的能力一樣撩轰，這個(gè)翻譯對(duì)我的英語學(xué)習(xí)來說算是沖刺，其次脯颜，學(xué)習(xí)區(qū)塊鏈知識(shí)悠汽，或許沒有比這更原滋原味的區(qū)塊鏈學(xué)習(xí)教材了，因?yàn)椴皇且惶焱瓿傻母卓茫視?huì)每天發(fā)布更新舟茶，直到完成，如果您看到文章覺得有錯(cuò)誤的地方歡迎交流指正堵第。

原文鏈接：https://bitcoin.org/bitcoin.pdf

二：中英文對(duì)照

Abstract

A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

摘要：

一個(gè)點(diǎn)對(duì)點(diǎn)的電子現(xiàn)金可以達(dá)到不通過傳統(tǒng)金融機(jī)構(gòu)實(shí)現(xiàn)雙方的在線支付吧凉。數(shù)字簽名解決了一部分問題，但是如果為了避免雙重支付而引進(jìn)一個(gè)第三方信任機(jī)構(gòu)將會(huì)使得大部分收益受損踏志。我們提出了一個(gè)使用點(diǎn)點(diǎn)網(wǎng)絡(luò)來解決雙重支付問題阀捅。這個(gè)經(jīng)過哈希化處理的網(wǎng)絡(luò)時(shí)間戳就進(jìn)入了基于哈希工作量證明的不間斷的鏈针余，這樣就形成了一個(gè)沒有重做工作量證明就不可能改變的記錄饲鄙。最長(zhǎng)的這條鏈不僅擔(dān)任著見證各個(gè)交易發(fā)生先后順序的證明，而且證明他來至于最大的CPU能量礦池圆雁。只要被大量節(jié)點(diǎn)控制的CPU能量不去合作攻擊網(wǎng)絡(luò)忍级，他們生產(chǎn)的鏈就能超過攻擊者的鏈進(jìn)而成為最長(zhǎng)的那條鏈。網(wǎng)絡(luò)本身要求很小的機(jī)構(gòu)伪朽。信息盡最大努力被廣播出轴咱，而且節(jié)點(diǎn)可以隨意的離開或加入網(wǎng)絡(luò)中，接受這個(gè)最長(zhǎng)的鏈以便于作為證明他們離開的時(shí)候發(fā)生什么的證明驱负。

1.Introduction

Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party.
What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.

1.引言

網(wǎng)上交易幾乎完全依賴金融機(jī)構(gòu)提供的第三方信任來完成電子支付嗦玖。雖然對(duì)大多數(shù)交易來說這個(gè)系統(tǒng)運(yùn)行良好，但是這個(gè)信任機(jī)制仍然存在著內(nèi)在的缺陷跃脊。完全不可逆的交易不是不可能的宇挫，因此金融機(jī)構(gòu)不可避免的產(chǎn)于到爭(zhēng)議調(diào)停中。爭(zhēng)議的花費(fèi)增加了交易成本酪术，限制了最小交易的尺度器瘪，切斷了產(chǎn)生小的偶然發(fā)生的交易的可能性翠储，而且這有著巨大花費(fèi)使我們失去了成就一個(gè)不可逆的支付對(duì)于一個(gè)不可逆的交易的能力。由于可以扭轉(zhuǎn)的交易存在的可能橡疼，這樣信任的需求被擴(kuò)大援所。商家必須堤防消費(fèi)，同時(shí)為了避免自己惹上麻煩他們不會(huì)提供比原本需要的更多信息給消費(fèi)者欣除。一定比例的詐騙因?yàn)闊o法避免而被接受住拭。這種不確定性的花費(fèi)和成本可以通過親自使用物理性質(zhì)的貨幣而避免，但是還不存在一種機(jī)制使得去掉受信任的的第三方從而支持電子交易历帚。
我們需要的是一個(gè)基于密碼學(xué)證據(jù)的電子支付系統(tǒng)來取代信任滔岳，來允許任何自愿交易的雙方直接交易而無需第三方的信任機(jī)構(gòu)。從計(jì)算機(jī)的角度來看這種不可逆轉(zhuǎn)的交易用來保護(hù)賣方免受欺詐挽牢，而日常那種第三方擔(dān)保的機(jī)制很容易被用來保護(hù)買方谱煤。 白皮書中我們提出了一種方案來解決雙重問題，它使用了點(diǎn)對(duì)點(diǎn)分布式時(shí)間戳服務(wù)器來生成算力進(jìn)而作為交易發(fā)生先后順序的證明禽拔。只要所有誠(chéng)實(shí)節(jié)點(diǎn)所控制的算力高于所有攻擊者節(jié)點(diǎn)形成的算力那么系統(tǒng)就是安全的刘离。

2.Transactions

We define an electronic coin as a chain of digital signatures. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin. A payee can verify the signatures to verify the chain of ownership.
The problem of course is the payee can't verify that one of the owners did not double- spend the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank.
We need a way for the payee to know that the previous owners did not sign any earlier transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions. In the mint based model, the mint was aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced [1], and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.

transaction.png

2，交易

我們把一系列的數(shù)字簽名定義為電子貨幣睹栖。一個(gè)貨幣持有者通過對(duì)前一個(gè)哈狭蛱瑁化的交易和接收幣的公鑰進(jìn)行數(shù)字簽名來把貨幣發(fā)送給其他人同時(shí)把這些增加到貨幣中。接收者通過確認(rèn)數(shù)字簽名來確認(rèn)擁有者的這條鏈磨淌。

很自然的一個(gè)問題是收款人無法確認(rèn)付款人是否存在雙重支付疲憋。普遍的做法是引入一個(gè)可信任的中心化的權(quán)威機(jī)構(gòu)或者一個(gè)鑄幣廠，他們來確認(rèn)是否交易存在雙重支付梁只。一筆交易之后每一個(gè)貨幣都必須送到鑄幣廠進(jìn)而發(fā)行一個(gè)新幣缚柳，同時(shí)每個(gè)直接從鑄幣廠發(fā)出的新幣才會(huì)被信任沒有產(chǎn)生雙重支付。問題的解決方案變成了所有貨幣系統(tǒng)的命運(yùn)全部依賴于一個(gè)運(yùn)轉(zhuǎn)著鑄幣廠的公司搪锣，每一筆交易不得不通過他們就像一個(gè)銀行秋忙。

我們需要一種方式讓收幣者知道對(duì)這筆錢來說發(fā)幣者沒有簽署任何更早的交易。一個(gè)早期的交易被記錄下來我們就不用擔(dān)心之后雙重支付的嘗試构舟。僅有的確認(rèn)不存在一筆交易的方式是了能夠了解到所有的交易灰追。在鑄幣廠的模型中，鑄幣廠意識(shí)到所有的交易并且知道哪一筆交易最先送達(dá)狗超。為了達(dá)到不需要受信任的機(jī)構(gòu)的系統(tǒng)弹澎，交易必須被廣播出去，我們需要系統(tǒng)參與者對(duì)于接收到的所有交易順序只認(rèn)可唯一的交易歷史努咐。收款人需要知道每一個(gè)當(dāng)下交易的證明苦蒿，大部分的節(jié)點(diǎn)認(rèn)可這筆交易是第一次接收到的。

3.Timestamp Server

The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post [2-5]. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.

Timestamp Server.png

我們計(jì)劃的解決方案開始于時(shí)間戳服務(wù)渗稍。一個(gè)時(shí)間戳是這樣工作的佩迟，它通過獲取一個(gè)已經(jīng)蓋上時(shí)間戳同時(shí)哈贤爬模化的項(xiàng)目的區(qū)塊同時(shí)廣泛的傳播這個(gè)哈希，例如再報(bào)紙和網(wǎng)絡(luò)帖子（2-5）（這一句翻譯說明我沒有理解時(shí)間戳的工作機(jī)制）报强。很明顯為了進(jìn)入哈暇逆ⅲ化，時(shí)間戳證明了在此時(shí)間上這個(gè)數(shù)據(jù)已經(jīng)存在了秉溉。每一個(gè)時(shí)間戳包含了在同一個(gè)鏈上的哈希數(shù)據(jù)中的先前的時(shí)間戳力惯，在這鏈上，每一個(gè)時(shí)間戳進(jìn)一步加強(qiáng)了他前面一個(gè)時(shí)間戳的安全性召嘶。

4.Proof-of-Work

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash [6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA- 256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

For our timestamp network, we implement the proof- of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.

proof-of-work.png

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of- work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.
To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.

4.工作量證明
為了在一個(gè)點(diǎn)對(duì)點(diǎn)的系統(tǒng)中實(shí)施分布式時(shí)間戳服務(wù)夯膀，我們需要使用類似亞當(dāng)帕克在哈希現(xiàn)金做法使用工作量證明系統(tǒng)苍蔬，而不是像報(bào)紙或者網(wǎng)貼那樣。工作量證明包括搜索一個(gè)當(dāng)哈希時(shí)候的值蝴蜓，例如：SHA-26碟绑，這個(gè)哈希以若干個(gè)零字節(jié)開始。通常的工作對(duì)于所需要的大量零字節(jié)是指數(shù)級(jí)的茎匠，而可以通過一個(gè)簡(jiǎn)單的哈希來確認(rèn)格仲。

對(duì)于我們的時(shí)間戳網(wǎng)絡(luò)，我們通過在區(qū)塊中給出一個(gè)臨時(shí)隨機(jī)數(shù)诵冒，直到這個(gè)數(shù)字被發(fā)現(xiàn)并且符合區(qū)塊哈希的零字節(jié)凯肋，這樣就實(shí)現(xiàn)了工作量證明。一旦CPU的努力被消耗滿足了工作量證明汽馋，那么這個(gè)區(qū)塊就不能被改變侮东，如果不重復(fù)做這個(gè)工作的話。之后區(qū)塊之后形成了鏈豹芯，改變區(qū)塊的工作就包括了重做這個(gè)區(qū)塊之后所有的工作悄雅。

工作量證明也解決了大量決定中代表決定的問題。如果大部分是基于一個(gè)IP地址一個(gè)投票權(quán)的話铁蹈，他可以被配置很多IPs的任何人破壞宽闲。工作量證明本質(zhì)上是基于一個(gè)cpu一個(gè)投票權(quán)，大部分的決定取代了最長(zhǎng)的鏈握牧，同時(shí)這個(gè)決定對(duì)應(yīng)著最大的工作量證明投入容诬。如果大部分的cpu算力被誠(chéng)實(shí)的節(jié)點(diǎn)控制，這個(gè)誠(chéng)實(shí)的鏈條將會(huì)生成是最快的同時(shí)超過競(jìng)爭(zhēng)鏈沿腰。對(duì)于修改過去區(qū)塊览徒，攻擊者不得不重做這個(gè)區(qū)塊的工作量證明和他之后所有的快的工作量證明，同時(shí)需要趕上并超過誠(chéng)實(shí)節(jié)點(diǎn)的工作量矫俺。我們將在之后講到慢一拍的攻擊者趕上的可能性逐漸指數(shù)級(jí)別的減少隨著后來的區(qū)塊的增加吱殉。
隨著時(shí)間的流逝掸冤，為了彌補(bǔ)增長(zhǎng)的硬件速度和對(duì)運(yùn)行一個(gè)節(jié)點(diǎn)變化的興趣，工作量證明的困難程度被不斷改變友雳，這個(gè)改變是基于一個(gè)把目標(biāo)定在每小時(shí)變化的區(qū)塊數(shù)量的移動(dòng)平均數(shù)來改變的稿湿。如果他們產(chǎn)生節(jié)點(diǎn)的熟讀太快，困難就會(huì)增加押赊。
5.Network

The steps to run the network are as follows:

1. New transactions are broadcast to all nodes.

2. Each node collects new transactions into a block.

3. Each node works on finding a difficult proof-of-work for its block.

4. When a node finds a proof-of-work, it broadcasts the block to all nodes.

5. Nodes accept the block only if all transactions in it are valid and not already spent.

6. Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proof-of-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.
New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many nodes, they will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.

網(wǎng)絡(luò)：
跑一個(gè)網(wǎng)絡(luò)的步驟如下：
新的交易被廣播到所有的節(jié)點(diǎn)
每一個(gè)節(jié)點(diǎn)收集新的交易進(jìn)入一個(gè)區(qū)塊
每一個(gè)節(jié)點(diǎn)運(yùn)轉(zhuǎn)去找到一個(gè)困難的工作量證明為他們的區(qū)塊
當(dāng)一個(gè)節(jié)點(diǎn)找到一個(gè)工作量證明饺藤，他廣播這個(gè)區(qū)塊給所有的節(jié)點(diǎn)
節(jié)點(diǎn)接受這個(gè)區(qū)塊僅當(dāng)所有的交易是有效的，而不是已經(jīng)花費(fèi)的一筆交易
節(jié)點(diǎn)表達(dá)他們的接受這個(gè)區(qū)塊通過轉(zhuǎn)移他們的工作去找下一個(gè)鏈上的區(qū)塊流礁，使用被接受區(qū)塊的哈希作為替代先前的哈希涕俗。
節(jié)點(diǎn)總是考慮整個(gè)最長(zhǎng)的鏈作為正確的一條鏈并且在這條鏈上進(jìn)行拓展，如果兩個(gè)節(jié)點(diǎn)同時(shí)廣播下一個(gè)區(qū)塊的不同版本神帅。一些節(jié)點(diǎn)會(huì)首先接受到其中一個(gè)另外一些接受到另一個(gè)再姑。這種情況下，這些節(jié)點(diǎn)會(huì)在他們接收到的第一個(gè)節(jié)點(diǎn)上進(jìn)行工作找御，但是會(huì)保存其他的分支元镀，以防他變成更長(zhǎng)的那個(gè)。這個(gè)并列會(huì)被打破霎桅，當(dāng)下一個(gè)工作量證明的工作完成并且其中一個(gè)分支變得更長(zhǎng)的時(shí)候栖疑；其他正在其他分支上工作的節(jié)點(diǎn)也會(huì)轉(zhuǎn)而轉(zhuǎn)換到更長(zhǎng)的一個(gè)鏈上。
新的交易廣播沒有必要到達(dá)所有的節(jié)點(diǎn)滔驶。只要他們到達(dá)大部分節(jié)點(diǎn)就可以了遇革，他們將會(huì)在鏈變長(zhǎng)之前進(jìn)入到區(qū)塊。區(qū)塊廣播也是容忍掉落信息的揭糕。如果一個(gè)節(jié)點(diǎn)沒有接受一個(gè)區(qū)塊萝快，他將請(qǐng)求這個(gè)塊，當(dāng)他接受下一個(gè)區(qū)塊意識(shí)到自己錯(cuò)過了一個(gè)的時(shí)候插佛。

6. Incentive
   By convention, the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there is no central authority to issue them.
   The steady addition of a constant of amount of new coins is analogous to gold miners expending resources to add gold to circulation. In our case, it is CPU time and electricity that is expended.
   The incentive can also be funded with transaction fees. If the output value of a transaction is
   less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered
   circulation, the incentive can transition entirely to transaction fees and be completely inflation
   free.
   The incentive may help encourage nodes to stay honest. If a greedy attacker is able to
   assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
   6.激勵(lì)
   按照慣例杠巡，在區(qū)塊中的第一筆交易是一筆特殊的交易，因?yàn)檫@筆交易是以區(qū)塊創(chuàng)造者以發(fā)行一個(gè)新的硬幣開始雇寇，這種方式激勵(lì)著節(jié)點(diǎn)支持網(wǎng)絡(luò)氢拥，同時(shí)因?yàn)闆]有權(quán)威發(fā)行硬幣，這種方式也提供了一種路徑來初始化進(jìn)入系統(tǒng)的硬幣锨侯。這種穩(wěn)定增加固有數(shù)量硬幣的方案很想淘金者拓展資源來增加整體金子流通數(shù)量嫩海。而在整個(gè)案例中，擴(kuò)展的是cpu的計(jì)算熟讀和電力囚痴。
   這種激勵(lì)也可以以交易費(fèi)用的方式來提供叁怪。如果輸出的價(jià)值小于輸入的價(jià)值，這個(gè)差值就作為交易費(fèi)用被增加到了為打包交易區(qū)塊而存在的激勵(lì)價(jià)值中深滚。一旦預(yù)設(shè)的硬幣數(shù)量進(jìn)入了流通奕谭，這個(gè)激勵(lì)就完全轉(zhuǎn)換成了交易費(fèi)用涣觉，同時(shí)也完全是通貨膨脹費(fèi)用。
   激勵(lì)措施可能有助于幫助激勵(lì)節(jié)點(diǎn)保持誠(chéng)實(shí)血柳。如果一個(gè)貪婪的攻擊者能夠集合比所有誠(chéng)實(shí)節(jié)點(diǎn)更多的算力官册，他將不得不在是使用者這些算力去詐騙已經(jīng)支付的費(fèi)用和使用這些算力來產(chǎn)生更多的新比特幣之間作出艱難抉擇。他會(huì)發(fā)現(xiàn)和誠(chéng)實(shí)節(jié)點(diǎn)一起遵守規(guī)則相比破壞整個(gè)系統(tǒng)讓自己的財(cái)富也失效來說更為有利可圖难捌，這些規(guī)則讓他能有比其他所有人的加起來更多的比特幣膝宁。
   7.Reclaiming Disk Space
   Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash,transactions are hashed in a Merkle Tree [7][2][5], with only the root included in the block's hash.Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored.
   7.內(nèi)存回收
   一旦最近的一個(gè)硬幣的交易被足夠多的塊覆蓋，之前的交易記錄就可以被清空以節(jié)省硬盤空間根吁。為了加快這個(gè)進(jìn)程同時(shí)不破壞塊的哈希员淫，交易在Merkle 樹 [7][2][5]上被哈希化击敌，在這個(gè)Merkle Tree [7][2][5]上只有根結(jié)點(diǎn)包含塊的哈希介返。然后可以通過截?cái)鄻涞姆种У姆椒▉韷嚎s區(qū)塊。內(nèi)部的哈希值不需要存儲(chǔ)