# 比特币 —— 点对点电子现金系统

## 5. 网络

1. 新交易广播到所有节点
2. 每个节点都把新交易加入到区块
3. 每个节点都为自己的区块做工作量证明
4. 当一个节点完成了工作量证明后，将此证明广播给所有节点
5. 当所有的交易都在区块里并且没有花费时，此区块将被节点接受
6. 节点通过在链中创建下一个块来表达它们对块的接受，使用接受的块的哈希值作为新块的前一个哈希值

## 11. 计算

• p = 一个诚实的节点找到下一个块的概率
• q = 攻击者找到下一个块的概率
• qz = 攻击者从后面z块追上来的概率

$$\lambda=z\frac{q}{p}$$

#include <math.h>
double AttackerSuccessProbability(double q, int z)
{
double p = 1.0 - q;
double lambda = z * (q / p);
double sum = 1.0;
int i, k;
for (k = 0; k <= z; k++)
{
double poisson = exp(-lambda);
for (i = 1; i <= k; i++)
poisson *= lambda / i;
sum -= poisson * (1 - pow(q / p, z - k));
}
return sum;
}


q=0.1
z=0    P=1.0000000
z=1    P=0.2045873
z=2    P=0.0509779
z=3    P=0.0131722
z=4    P=0.0034552
z=5    P=0.0009137
z=6    P=0.0002428
z=7    P=0.0000647
z=8    P=0.0000173
z=9    P=0.0000046
z=10   P=0.0000012
q=0.3
z=0    P=1.0000000
z=5    P=0.1773523
z=10   P=0.0416605
z=15   P=0.0101008
z=20   P=0.0024804
z=25   P=0.0006132
z=30   P=0.0001522
z=35   P=0.0000379
z=40   P=0.0000095
z=45   P=0.0000024
z=50   P=0.0000006


P < 0.001
q=0.10   z=5
q=0.15   z=8
q=0.20   z=11
q=0.25   z=15
q=0.30   z=24
q=0.35   z=41
q=0.40   z=89
q=0.45   z=340


## 引用

• [1] W. Dai, "b-money," http://www.weidai.com/bmoney.txt, 1998.
• [2] H. Massias, X.S. Avila, and J.-J. Quisquater, "Design of a secure timestamping service with minimal
• trust requirements," In 20th Symposium on Information Theory in the Benelux, May 1999.
• [3] S. Haber, W.S. Stornetta, "How to time-stamp a digital document," In Journal of Cryptology, vol 3, no
• 2, pages 99-111, 1991.
• [4] D. Bayer, S. Haber, W.S. Stornetta, "Improving the efficiency and reliability of digital time-stamping,"
• In Sequences II: Methods in Communication, Security and Computer Science, pages 329-334, 1993.
• [5] S. Haber, W.S. Stornetta, "Secure names for bit-strings," In Proceedings of the 4th ACM Conference
• on Computer and Communications Security, pages 28-35, April 1997.
• [6] A. Back, "Hashcash - a denial of service counter-measure,"
• http://www.hashcash.org/papers/hashcash.pdf, 2002.
• [7] R.C. Merkle, "Protocols for public key cryptosystems," In Proc. 1980 Symposium on Security and
• Privacy, IEEE Computer Society, pages 122-133, April 1980.
• [8] W. Feller, "An introduction to probability theory and its applications," 1957.