一种给比特币升级的方法——使用FSH扩展区块在比特币区块链上部署新特性

使用FSH扩展区块在比特币区块链上测试和部署新特性

——Bitcoin Unlimite开发者安得鲁·斯通演讲文字录中英文对照

第章引言

这篇文章2017年比特币的未来大会上的一个演讲，讲的是如何让比特币区块链拥有更丰富的特性，比如在比特币上部署以太坊的主打的智能合约之类的。

视频播放链接：https://www.youtube.com/watch?v=NhqvFDeLUfI&feature=youtu.be

本文记录的是演讲的字幕，然后翻译成中文，这里保留中英文。

在进入正题之前，我还要说明下如何利用本文。如果你只阅读这篇文章，我觉得收益不大，最合适的做法是先阅读这篇文章，然后打开上面的视频播放链接，再看下视频，随时准备不能理解的地方暂停播放找到本文对应的问题，去理解。

反正这文章有点难，太过于前卫，各位就当是满足下各自的好奇心吧。

第1章Andrew Stone - FSHblocks: A method to trial and deploy features into the Bitcoin blockchain一个在比特币区块链上测试和部署新特性的方法——FSH区块。

(开头讲了一个他名字的段子，省略)

I want to talk about adifferent extension of block.

我想谈一种不同的扩展区块。

bitcoin has a seriousproblem, which is how to upgrade its network. either u r a segwitter, a bigblocker, this problem has been in your face for the last two years. In order toconvince people, u have to convince people this code works. how can u do this?

比特币有一个严重问题，就是如何升级网络。无论你是隔离见证支持者，还是大区块党，这都是一个面临了两年的问题。要升级，你就得说服别人这套代码是可行的。你要怎么做到这点呢？

you could have asandbox, like a testnet, altcoin, layer 2 network or hard/soft fork. There arealso people who believes that it’s unnecessary to upgrade bitcoin at all.

你可以通过沙盒比如测试网、竞争币、第二层网络或者硬/软分叉升级网络。还有些人认为完全没有必要升级比特币网络。

here i put a piece ofradio shack on which all the items were 90’s and have been upgraded.(放了一张旧报纸，表明旧物品升级是必须的)

我在屏幕上放了一张报刊《RadioShack》的广告，上面所有的东西都是90年代的并且都已经升级。

the promise of bitcoinbeyond gold is that it is a technology that is upgraded and it has a limitedsupply.

比特币比黄金更有前景的原因是它可以升级并且供应量有限。

接下来对比几种扩容方案：

Here is the problem ofcurrent approaches.

这是现有升级方案存在的问题：

1，the problem withsandbox is that its user cases are artificially limited.

nothing at stake. noone can steal money from you. it means no one will even try to hack the code.no black/white hat attention. if u r a security researcher, you found a bug ontestnet, that is not a same thing with finding a bug on bitcoin’s main network.

1.沙盒的问题是，使用场景是人为的和有限的。有什么东西处于危险之中。没有人可以盗走你的钱。这意味着没有人会入侵你的代码。不会引起白帽或黑帽黑客的注意。如果你是一名安全研究员，你在测试网上找到漏洞，跟你在比特币主网上找到漏洞不是一回事。

2，problem with testingaltcoin:

举个例子说明为什么单纯用竞争币做测试是不行的,这种做法实际上是又创造了一个竞争对手。

使用竞争币测试存在的问题：

we could test a lot ofthings on altcoins. so why we not ask vitalik to shut off ethereum since he hasproven it works? why not turn it off and bring it to bitcoin. So the problem isthat you created a competitor. who cares? i am not a bitcoin maximalist and wecan just transfer to new cryptocurrencies everyday.

我们可以在竞争币上测试很多东西。既然vitalik已经证明以太坊是可行的，为什么我们不让vitalik停掉以太坊呢？为什么不停掉以太坊并迁移到比特币上呢？问题就在于我们创造了一个竞争者。你可以还会说，谁在乎？我又不是比特币最高纲领派，我们可以每天都转移到新的加密货币上。

i am not an economistbut currency stability is really important, you really don’t want to changeyour currency every decade. It's like rolling dice and early adopters have moreadvantages.another problem is that it’s not real implementation, you have tomove it onto bitcoin.

我不是一个经济学家，但是货币的稳定性是非常重要的。你不会希望每十年就要换一种币。这就像是在摇骰子并且早期使用者会拥有更多的优势。另外一个问题是，这不是真正的实现，你必须迁移到比特币上。

Problem with hard andsoft forks, some people believe upgrading bitcoin is upgrading an airplane inflight. it’s like upgrading an airplane in flight and all the passengers arelike members of worldwide wrestling federation. and they attack each other whilethe upgrading is happening. this is what we are happening today.

3.硬分叉和软分叉的问题是，有些人认为升级比特币网络就像升级正在飞行中的飞机。不，不是这样，是飞机正在飞行，而所有乘客都像世界摔跤联盟的成员一样相互攻击，这时候进行升级。这就是我们今天所面临的问题。

4, the biggest problemwith layer two is that everything that works on layer two will be betterworking on an upgraded layer one with the same layer two features.

4.第二层最大的问题是，在第二层运行的所有东西都可以在升级后的第一层上更好地运行，且拥有与第二层一样的功能。

开始讲到FSH：(5:57)

extension blocks is nota new idea, i just want to make sure everyone knows that.

扩展区块不是一个新概念。我只是想确保所有人都知道这一点。

here is how it works.here is a bitcoin block, and some where in there you cram a hash right ofanother block, and through some additional protocol layer or completelyseparate protocol, you passing the information in the block. but the Achille’shill is that in order to have extension blocks, you must have miners all agreeto start mining that.

这是它的运作原理。这里有一个比特币区块，你在这里塞入另一个区块的哈希值，通过额外的协议层或者完全独立的协议，传递这个区块的信息。这里的缺陷是，要想拥有扩展区块，你必须要让所有的矿工同意去挖扩展区块。

what i want to talkabout today is an idea i called FSH extension blocks. the idea is we can trialextension blocks on a reduced security model, basically a federated model.without changing a line of code, we can move that block to either a soft orhard fork if the block gains economic use, if it’s not full of bugs.

The advantage doesn’tcreate a competing altcoin. it has permissionless deployment in trial,(7:10)You are using real money, seamlesstransaction to soft and hard fork.

我在这里想要说构想叫做FSH扩展区块。这个构想是我们可以在一种降低安全性的模式即联邦模式上试验扩展区块。如果区块获得经济效应，不是充满漏洞等等这些情况的话，我们不用改动任意一行代码就可以完成硬分叉或是软分叉。这么做的好处是不会创造出一个具有竞争力的竞争币。它无许可就能试验部署。你使用真正的钱，实现软硬分叉的无缝交易。

actually in my talkingwith some altcoin startup companies, they actually prefer this idea over aseparately mined system. For a company doing a separate blockchain, thequestion is do they really have to maintain hashpower. and if the publicmaintains hashpwer, there’s a certain loss of control.

实际上，在我和一些竞争币初创公司的交谈中，他们实际上喜欢这个设想胜过独立的挖矿系统。对于想要独立运行区块链的公司来说，他们的问题是他们真的必须持有算力吗。如果公众持有算力，就会失去一定的控制。

（译者注：下面是正式讲使用FSH扩展区块的方式来升级比特币的方法，因为是关键内容，各位可以定位到视频第8分钟开始，对应着阅读，我也把视频的PPT截图到这里（另注：我联系安得鲁要PPT，这哥们就是不理我））

Here is a phase one:federated signed extension block.

这是第一阶段：联邦签名的扩展区块

you create a bitcointransaction, and create two addresses, one is ingress address, one is a holdingaddress. they are both multi-sig addresses that are signed by people who areunderwriting this proposed feature. and obviously these people would be companiesor publicly named individuals. so here the trust model is you are trustingthese people, u believe the majority of signers are honest.

你创建一笔比特币交易，创建两个地址，一个是ingress地址，一个是持有地址。他们都是由担保人签名的多重签名的地址。显然这些人可能是公司或公开任命的个体。因此，这个信任模式是，你必须信任这些人，你相信大部分的签名者都是诚实的。

his is indicating asort of utxo, and individual might pay to an ingress address, and then a singletransaction is made which contains an input, incoming funds, and something icall a continuity address. A continuityaddress is basically an output from the previous FSH transaction. what thatsimply does is order the blocks.

这里显示了一种UTXO,个人要给一个ingress地址支付，于是创建了一笔包含输入、转入资金和连续性地址的交易。连续性地址本质上是上一笔FSH交易的输入。它所做的只是给区块排序。

and then on the outputside, you have an outgoing payment. people are withdrawing money from theextension block system. and if your incoming funds are greater than outgoing,then u might want to make payments to this holding address. and then your continuityaddress would go to the next block, and finally the extension block pointer.

然后在输出方面，你会有一个支出的付款。人们从扩展区块系统中提现。如果你的收入大于支出，那么你可能会想把钱打到持有地址。你的连续性地址会转到下一个区块。最后是扩展区块pointer。

The continuity addresscreates a chain of blocks. if the signer creates a FSH transaction, but forsome reason it is not committed to the blockchain for some reason, such as lowfees. and then u create another blockchain and now both of them get committedto that blockchain. you suddenly have aproblem where the FSH block is inconsistent with the blockchain, but bycreating a continuity address that gets spend on each new transaction, youensure that only one of the two transactions can be spent on the blockchain.

连续性地址创建了一条区块链。如果签名者创建了一笔FSH交易，但是出于某些原因比如手续费太低没有提交到区块链，然后你创建了另一个区块，并且二者都被提交到了区块链上。你会突然发现一个问题，FSH区块和区块链是不一致的，但是通过创建一个获得每笔新交易输入的连续性地址，保证了链上的两笔交易只能花费一笔。

in previous extensionprotocols, there was an issue that transaction is not atomic. e.g. theextension block address has to be the last transaction in a block, but we can’tcontrol that.because we are doing it in a permissionless way. so we don’tnecessarily have the control of any miners. so by having the ingress addressseparate and pays to a holding address, we know that in a single transactionthat contains the utxo inputs and all the spends, and the extension blockpointer is sort of having atomically creates an extension block which must beconsistent with the money flows in bitcoin in your bitcoin side.

(12:57)

之前的扩展协议中存在一个问题，交易不是原子的。比如说，扩展区块地址必须是区块里的最后一笔交易，但是我们无法控制这点。因为我们采用的是一种无需许可的方式。我们不必要控制矿工。通过分离出ingress地址并向持有地址支付，我们知道通过单笔包含了UTXO输入、所有花费和扩展区块pointer的交易，类似于创建了一个扩展区块，这个区块必须与比特币网络上你这边的比特币资金流一致。

here is some use cases.let me start with an example. i recently have some solar installed on my roof.in US, u get the renewable energy credit.

so if you’re a dirtycompany and you burn coal then you have to buy these credits from people whoproduce solar. so how do they track these renewable energy credits? they have adial that goes around in circles. and I guess someone is going to come into myhouse and look at the dial once. and then every quarter I'm going to take aphotograph of the dial. And I can't Photoshop that photograph or anythingright. okay so so this could be a blockchain application right.

这里是一些使用场景。让我们举个例子。我最近在我家里屋顶装了一个太阳能。在美国，有可再生能源的信用额度。如果你是一家不环保的公司，烧的是煤，你必须从那些生产太阳能的人手里购买这些信用额度。那么，他们是如何追踪这些可再生能源信用额度的呢？他们有一个跑圈的刻度表。我猜有人想到我家看看这个刻度表。每次走了四分之一我就会拍一张刻度表的照片。我不能P图之类的。所以，这是可能是区块链的一个应用。

o let's imagine thatthis device store these renewable energy credits on a blockchain. so if we usethe public blockchain the problem is like the ethereum ICO happens andtransactions are blocked for three days. How is this gonna work? I think weheard about yours and they were recently really worried about Bitcoin fees. butswitching to the litecoin is just increasing the block size by a factor of fourso if litecoin overtakes Bitcoin they could be in the same situation in a fewyears.(当然莱特币是不可能超越比特币的)again you need to solve that problem.

所以，让我们想象一下，这个设备把这些可再生能源额度记录在区块链上。如果我们使用公链，问题是以太坊推出ICO，交易就堵了三天。这怎么行得通？我想我们都听过Yours，他们最近真的很担心比特币手续费，但是切换到莱特币只是增加了四倍的区块大小，所以如果莱特币取代比特币，他们可能会在几年后处于相同的处境。（当然莱特币是不可能超越比特币的）你需要解决这个问题。

(15:08)开始讲到无限大区块

I think Doctor Wright’ssolution is have absolutely unlimited blocked. I would love that， but this is away that maybe we can kind of shard the Bitcoin network into these app coinsbecause I think some people find unlimited blocksunpalatable. so while there'sno block space competition you also don't have to rely on miners. here it meansu don't have to generate your own mining capacity you can just use the Bitcoinmining system.so it's a public blockchain though so there's a fewer billingdisputes(15:40的PPT上有方案优点列表)

我认为赖特博士（CSW）的解决方案是拥有绝对无限大的区块，我很喜欢这点，但是这是一种方法，我们可以把比特币网络分成这些竞争币，因为有些人难以接受无限大的区块。所以，没有区块大小的竞争，你也不用依赖于矿工。这意味着，你不用自己挖矿，你可以只使用比特币挖矿系统。所以，虽然它是公链，但是手续费纠纷会变少。(15:40的PPT上有方案优点列表)

so it's a publicblockchain though, so there's a fewer billing disputes.

所以，虽然它是公链，但是手续费纠纷会变少。

Here are users’sadvantages:

这是用户的优势：

If you had a privatechain, the issuer could just rewrite the blocks. he could just rewind theblockchain, sign a hundred additional blocks and you have a new longest chainright. But by committing extension blocks to the public blockchain, there willbe no history rewrite. you also have Bitcoin moving in and out of yourextension block so that you could easily trade these renewable energy creditsfor Bitcoin.

如果你有一条私链，发行者可以重写区块，可以逆转区块链，签名另外100个区块，这样你拥有一条新的最长链。但是把扩展区块提交到公链，就没法重写。你还是可以把比特币从扩展区块中移入或移出，这样你可以使用比特币交易这些可再生能源信用额度。

(还有两个优点)Although Ihaven't done the math for scaling but I do believe like dr. wright that Bitcoinon chain could scale for all the economic activity in the world eventually, butcould it scale for every single app coin that every single person creates forany silly use? I don’t really know about that.

so one advantage ofthese extension blocks is that they are domain-specific. and finally a hugeunsolved problem is always happens with your bank statements and E-statementsis that you get an e statement and when you click on it it brings you to thebank site and they show you your statement. But there's no guarantee theyhaven’t changed that statement. they might already rewrote the last five yearsof statements. so you can easily turn a blockchain into sort of an e-statementsystem.

（还有两个优点）虽然我没有做过关于扩容的数学计算，但是我真的认同赖特博士的观点，比特币最终可以实现链上扩容，处理所有的经济活动。但是，它可以扩容到接纳每一个人任意创建的每一个竞争币吗？我真的不知道。所以，这些扩展区块的一个好处是，他们是特定领域的。最后，比如你的银行结单或者电子账单总是存在一个无法解决的巨大问题，那就是你得到一份账单，你点开的时候会跳转到银行网站页面，显示出你的账单。但是，他们可不会保证他们没有改过账单。他们可能已经改写了过去五年的账单。所以，你可以把区块链转换成一个电子账单系统。

Phase two: soft fork

第二阶段：软分叉

the next step is tomove this system into a soft fork. The way that segwit soft fork works is thisanyone can spend idea. although anyone can spend the transaction, the minersenforce the only spends that are consistent with the segwitted extension block.so let me observe that I can turn this multi-sig transaction into an anyone canspend transaction simply by publishing the private keys, then all of a suddenanyone can spend this, and the miners have to enforce it. so we have a protocolhere or social set of steps:

下来，在这套系统上进行软分叉。隔离见证软分叉的运行方式是任何人都可以花费idea。尽管所有人都可以创建支出交易，矿工只执行与隔离见证扩展区块相一致的支出交易。所以让我注意到，我可以把这个多重签名交易变成一笔所有人都可以通过发布私钥花费的交易。然后。突然之间，所有人都可以花费这笔交易，而矿工必须执行。所以，我们这里有一个协议或者说是一些步骤：

第一步：to make this workfirst of all miners agree on a fork activation block. they could use any formof voting protocol .

第一步：首先，所有的矿工都同意激活分叉。他们可以使用任意形式的投票协议。

第二步：and step two minerswill begin enforcement. they would do a soft fork. And what they are enforcing?

第二步：矿工开始实施。他们会进行软分叉。他们会实施什么呢？

FSH ingress address isonly spent as the input to these FSH transactions that contain a pointer to theFSH blocks. the holding is only spent as input as well and then the ingress andthe holding is consistent with the contents of the extension block.

FSH ingress地址只是这些包含FSH区块pointer的FSH交易的输入。持有地址也只是输入，这里ingress 和持有地址要与扩展区块上的内容保持一致。

第三步：step three. this issomething actually goes beyond the security model for segwit. signers beforethey publish private keys could actually test the network to see whether it'sactually enforcing the soft fork. they could post some invalid spends, some badblocks and inconsistent items to see if the network actually rejects those. ifit doesn't then you know we are still assuming that those signers are sort ofthe benevolent dictators of the extension block, so presumably that money isnot lost.

第三步：这实际上超出了隔离见证的安全模式。签名者在发布自己的私钥之前应该测试网络，看网络是否真的执行了软分叉。他们可以发布一些无效交易，一些坏区块，以及一些相斥的东西看看网络是否会拒绝接受。如果没有，我们仍然假设这些签名者是扩展区块仁慈的独裁者，所以应该钱没有丢失。

第四步：

finally when they'resatisfied that the network is properly enforcing the soft fork，signers simplypublish theprivate keys so then the miners can produce their own extensionblocks.So it's quite simple. As you can see we move from a federated model to asoft fork without changing a single line of code.

第四步：最后，当他们确信网络已经完成软分叉，签名者可以发布私钥，这样矿工可以生产他们自己的扩展区块。这很简单。你可以看到，我们在没有改动任意一行代码的情况下，在联邦模式上进行了软分叉。

Phasethree：hard fork(21:00)

第三阶段：硬分叉（21:00）

so step three ishard fork. In this case whether you could do a hard fork doesn’t depend on thecontents of your extension block. FSH block must be blockchain capable: BitcoinV2 block. in other words, it can be mined. it has proof-of-work.

那么第三步就是硬分叉。考虑硬分叉的时候，你是否可以进行硬分叉取决于你的扩展区块的内容。FSH区块必须可以连成一条链：比特币V2区块。换句话说，它可以被挖。它有工作量证明。

then miners choose aV1(new) block height. they stop mining VI blocks,(original blocks) and startmining FSH blocks. so the old block chain is essentially abandoned, and theextension block becomes the new blockchain. And of course your extension blockshould accept legacy Bitcoin transactions and all this stuff. So your extensionblock need to be fully featured.

然后矿工选择V1（新的）区块高度。他们停止挖V1区块（主链的区块），并开始挖矿FSH区块。基本上旧的区块链会被抛弃，扩展区块构成新链。当然，你的扩展区块应该接受主链的比特币交易及所有这些东西。所以，你的扩展区块需要功能完整。

You could also do asoft-hard fork?

So basically whatyou would do in this case is you just enforce in the software, you create avalid

Bitcoin block, butit doesn't contain any transactions other than ones that move money into yourextension block. I don’t know if you guys are similar with the soft-hard forkconcept. The idea is to use a soft fork toforce everyone into a hard fork.

还以进行软硬分叉？

这种总情况，你只需要执行软件，创建一个有效的比特币区块，但是它并不包含任何交易，除了那些转钱到你的扩展区块的交易。我不知道你们是否熟悉软硬分叉的概念。这个设想是使用软分叉强制所有人进行硬分叉。

bitcoin unlimitedextension block(22:58)

BU扩展区块

now that we candeploy an extension block, what should we do?

演讲前半段结束，接下来我们讨论一下应该创建什么样的扩展区块。这一部分我还没

有完成，只是个人想法。扩展区块里应该包含这些内容：

identifier&version

Block height

TX commitment

UTXO commitment

time

Difficulty

pay to nextblock(for example, at Coinbase you could designate some of the fees that yougot

in the current blockand offer it to the subsequent block)

2 nonces

识别码&版本

区块高度

交易commitment

UTXO commitment

时间

难度

向下一个区块支付（例如，你可以在Coinbase上指定你在当前区块上获得的费用，并将它提供给下一个区块。）

2个随机数

BU extension blockhash pointers

we might as wellreconsider what hashing algorithm we're using for a lot of stuff.

BU扩展区块散列指针

Cryptographicpointers use blake2 256

address use blake2160

see zcash forreasons

加密的pointers使用blake2 256

地址使用blake 216

原因请看zcash（屏幕上贴了一个网址）

BUextension block mining(挖矿方面的改变)详情见25：55处的PPT

here is a problem.If you are simultaneously mining an extension block and also periodicallycommitting to a bitcoin block, what incentives does the committer have tocommit the latest block in your extension chain? why doesn’t he just commit theunmined prior block?

这里有一个问题。如果你同时在挖矿扩展区块，还定期提交到比特币区块，是什么激励提交者要把最新的区块提交到你的扩展区块链？为什么他不直接提交到之前未被挖的区块？

这个问题就好像：

theend of Bitcoin where there's no more Bitcoin fees, so the question is if youhad unlimited blocks，why would anyone extend the Bitcoin blockchain? whywouldn't they just take

all ofthe transactions in the prior block and all the ones in the mempool and createa new block with those？and

then the next guyinstead of building on top of that he just takes all of the transactions inthat block and all the new ones in the mempool and creates another block. so you have the same problem which is theextension block signers might ignore mined extension blocks and just use thenext block on the Bitcoin blockchain skipping all the others.

比特币的终点是没有比特币手续费。所以问题是，如果你有无限大的区块，为什么没有人扩展比特币区块链？为什么他们不直接创建一个新区块把上一个区块以及矿池里的所有交易打包进去？下一个人不用在顶部搭建，只需要用这个区块里的所有交易，矿池里的所有交易，又创建一个区块。所有你会遇到同样的问题，扩展区块的签名者可能忽略了挖出来的扩展区块，只是用比特币区块链的下一个区块跳过其他所有人。

sowhat I'm going to do is create an economic incentive mechanism to encouragepeople to include the latest block on the chain. To do that I want to create afee pool in the blocks and the ability to pay some transaction fees forward toanother block. a fee pool is the idea that instead of taking all of the TX feesfor yourself you would put the value in a pool and then every block that'smined gets a fraction of that pool.比如1：1000.

所以我要做的是，创建一个经济激励机制，鼓励人们纳入链上的最新的区块。为了实现这点，我想在区块里创建一个费用池并能够支付一些交易手续费给另一个区块。费用池是这样设想的，不是自己拿走所有的交易手续费，而是放一些在池里，然后挖出的区块都可以得到池里一定比例的费用，例如1:0000。

BU extension block fees

BU扩展区块手续费

So what we would dohere is change the way that fees are paid. and use a decay function todetermine how much of the fee is paid to the miner of a particular block andhow much is paid into the pool. so what I have there is about 10 minutes andthen you can see we never want to pay a 100% of the fee to the miner to avoidthis fake fees situation, so 90% if you mined the block right away and thenthat comes down to zero in ten minutes. If you're able to to mine a block veryquickly after the transaction was created, then you reap most of the fees. butif you are not, then the fees goes to the fee pool. It is not that bad.

所以我们在这里要说的是，改变手续费的支付方式，使用衰减函数算出一个特定区块支付给矿工的手续费是多少，支付给矿池的手续费是多少。我们共有10分钟的时间，你知道我们决不想支付100%的手续费给矿工，来避免这种虚假的手续费情况，所以，如果你立刻挖到区块，支付90%，以此类推十分钟后这个数字降至为零。如果你在交易创建的时候可以非常快速地挖到一个区块，那么你就可以获得大部分的矿工费。但是如果不能，那么手续费就要付给费用池。这不是那么糟糕。

If your hash power is10% you're going to get that back eventually, but what happens is you don't geta bonus for mining rapidly. The idea of mining transaction fees I believe is toencourage miners to commit transactions to blocks rapidly. And what it alsodoes is it would mean that miners who are mining the blocks in between Bitcoinblocks can gain the fees up here, so then they can pay off this much to thenext block, and in the end by producing more blocks you actually hit the thefee curve higher than you would if you created blocks every ten minutes. So bycreating more blocks you’re actually able to give more money to the miner who'smining the FSH transaction block that’s connected to the bitcoin blocks. Youmight say that a miner could cheat and change his block time to maximize feepayout.

如果你的算力是10%，你最终会拿回这些手续费，但是这样的话，你就不能因为快速挖矿而获得奖励。我认为交易手续费的设想是为了鼓励矿工快速把交易打包到区块上。它还有一个作用是，在比特币区块之间挖块的矿工可以获得上面提到的手续费，这样他们可以给下一个区块支付这么多手续费，最后通过生产更多区块，你实际上获得比每十分钟挖矿更高的手续费。实际上，你可以给打包FSH交易到比特币区块的矿工一些钱，你可能会说，矿工可能会欺骗，并更改区块时间，把手续费最大化。

But that's actuallyfine. Because if you did that you would have to leave transactions that occurafter your block time unmined, so there's an incentive to move your block timebackwards to include more transactions in your block. I think I haven't workedout the game theory but it seems pretty clear that this is not going to affectthe system tremendously.

但是，这实际上没关系。因为你如果这么做的话，你必须放弃那些在你的区块时间之后创建的交易，所以这是一项激励措施，把你的区块时间往后移，使你能够打包到更多交易到你的区块。我还没有想明白这里的博弈论，但是很显然这不会对系统产生很大的影响。

BU Extension BlockTransactions(34:00)

BU 扩展区块交易(34:00)

so let's talk aboutwhat a transaction would look like. The first thing that I just talked about ishow the fee would be relative to how soon a block was able to put thetransaction in the block. Because of that we definitely need a time when the transaction was created, or when it firstbecomes valid. So we know Bitcoin today has this idea of end time where you cancreate a transaction which won't be valid until a certain number of blocks havepassed, or a certain time so we can combine these two concepts and call itvalid at time.

那么，让我们说说一笔交易是什么样的。我刚才先谈到了手续费与交易打包到区块的速度有何关联。因此，当交易创建或者有效的时候，我们必须需要一定的时间。我们知道，比特币有一个概念，即你创建一笔交易，在通过一定数量的区块或某一段时间后，交易才会生效，这样我们可以把这两个概念结合起来，称之为定时有效。

这里需要注意的一点是：one thing toconsider is to forget about the scripting system. I'm not saying removescripting entirely because we still have the main chain blocks. But most of thetransactions don't really use the scripting system so we can actually save a bunchof bytes by creating a simple multi-sig transaction format where you justspecify the number of signatures needed to sign and then the set of addresses.Finally this is an interesting concept which I think we can possibly apply toBitcoin today. An outpoint contains a transaction ID and an index. If atransaction ID is 32 bytes, and we replace that with instead the block heightof the UTXO and then the transaction ID and the index.

这里需要注意的一点是忘掉脚本系统。我不是说完全移掉脚本，因为我们仍然有主链区块。但是大多数交易并不是真的在使用交易系统，因此我们实际上可以通过创建一个简单的多重签名交易格式省下大量字节，这种签名格式你只需指定需要签名的签名数量以及地址集。最后，这是一个非常有趣的概念，我认为我们可以把它应用于今天的比特币。一个Outpoint包含交易ID和一个index。如果交易ID是32字节，我们把这替换成UTXO的区块高度、交易ID和index。

Then instead of 32bytes you end up with maybe 12 bytes, so that actually saves a lot of space.And it has an

additional featurewhich is that it solves the fraud proof problem because the transaction isspecifically indicating exactly where it is located in the blockchain, so youdon't have to search through the entire blockchain for the prior transaction.Now the big disadvantage though is that you can’t talk about these transactionsthen until they're committed to the blockchain. This might create some issuesfor the layer 2 people, but again this is an extension block right meant forsome specific implementations. And then perhaps you could also have allowed astandard outpoint so that the inputs would look like outputs. I like the P2SHformat so you just create an output in the new hash and you include that hash.The advantage is that instead of carrying a whole bunch of addresses throughthe UTXO you just have one 32 byte hash so it makes your UTXO a little bitsmaller.

最后所占空间也许会变成12字节，而不是32字节，这省下很多空间。它还有一个额外的功能，那就是解决伪造证据的问题，因为交易具体指明了它在区块链上的位置，因此你不必搜索整个区块链上的交易。现在，最大的问题是，在交易提交到区块链上之前，你无法讨论这些交易。这也许会给第二层的人造成一些麻烦，但是这是一个适用于某些特定实现的扩展区块。也许，你也允许一个标准的outpoint，因此输入会看起来像是输出。我喜欢P2SH格式，你可以创建一个输出的哈希值，并纳入这个哈希值。这样做的好处是，不用带UTXO里的一大串地址，而是只带一串32字节的哈希值，这样可以使你的UTXO变得更小一点。

And then how would yousign these transactions？Let's play a little trick with the signing. the firstthing is that this TXO triple here, so you could imagine a really like directedblockchain reorg maybe an attack which would try and replace who try and reminea transaction, and replace one with one with a different height, so what you’dwant to do is sign all this and then you also want to include the transactionhash as well in the signature.

那么你如何签名这些交易呢？让我们玩个签名的小把戏。首先，这是TXOtriple，你可以想象一下，定向的区块链重组可能是一项尝试重新打包交易的攻击，在一个不同的高度用一笔交易取代另一笔交易。所以，所以你会想在所有这些上签名，你还会想在签名里加入交易哈希值。

算了，让我换一句表达吧。之所以把这个称之为“trick”是因为youcould kind of submarine data inside of a transaction by including it in what'ssigned, but not include it in the transaction itself. The first use for thatwas to include the value of the prior input in the signature. The reason whyyou would want to do that is so that a light wallet, like a hardware walletcould sign a transaction with these values and it doesn’t have to check theblockchain to make sure that the previous input values are real because if theywere incorrect and the signature would fail.

算了，让我换一句表达吧。之所以把这个称之为“小把戏”是因为你可以把交易里的submarine数据放入已经签名的内容里，而不是放到交易本身里面。首先要做的是在签名里放入上一笔输入。这么做的原因是，轻钱包例如硬件钱包就可以使用这些值签名一笔交易，不必到区块链上查看以保证之前的输入值是真实的，因为如果他们是错误的，签名就会失败。

so we'll do that fortwo things. we’ll add both the transaction hash and the input value, and thenyou sign that hash, and the transaction hash would just be the hash of outputsand the inputs. This signing and hashing scheme would solve transaction malleabilityand the quadratic signature hash problem.

所以，我们会对两样东西这进行这项操作。我们会添加交易哈希值和输入值，然后你对它们进行签名，交易哈希值就是输入和输出的哈希值。这个签名和哈希计划将解决交易延展性和二次签名哈希的问题。

Transaction Advantages:(40:22)

交易优点

I did a little bit ofcalculating. If you use some of those tricks I was talking about, then if youcreate a standard transaction with one input, two outputs you get 157 bytes,the current Bitcoin uses 226 bytes.

我进行了简单的计算。如果你使用了我刚才谈到的技巧，创建一个拥有1个输入两个输出的标准交易，需要157个字节，现在的比特币交易是226个字节。

In Bitcoin today whatif you use this trick instead of storing the out point as transaction ID andindex. What if you actually in all cases where you could possibly store it tothe database, you stored it and sent it to each other as block index transactionID. I think you would save this exact same amount and the sort of a detrimentwould be you don’t have to look up these transactions in the blockchain, butyou have the blockchain because you're a full node.

在今天的比特币，如果你使用这个技巧而不是存储outpoint作为交易ID和index会怎么样。如果你实际上在所有的情况下都可以将其存储到数据库，把它作为区块index交易ID进行存储及互相发送会怎么样。我认为，你会节省相同数量的空间，而对你的损害可能是你不必在区块链上查看这些交易，但因为你是全节点，你有区块链。

so I think that couldsave us a lot of space in the blockchain. Of course our problem is not the sizeof the blockchain. although some people like to argue that because as Dr.Wright was saying hard drives are so cheap these days.

我认为这可以节省很多链上空间。当然，我们的问题不是区块链的大小。但有些人喜欢争论这一点，因为赖特博士曾说现在硬件已经非常便宜。

Source code:(42:00)

源代码

I've written a lot ofthis and I have you know these extension blocks being created and in reg testand test nets and things like that. but I did it in Python because I want tojust create a reference implementation that's simple

to read. That I haven'tdone is done the p2p protocol layer.

我已经写了很多有关这方面的代码，你知道我有创建好的扩展区块、reg测试和测试网之类的东西。但是，我是用Python语言写的，因为我想创建一个简单易读的参考实现。我还没有完成的是p2p协议层。

提问环节：

问：有关你的fee pool的议案，Iactually did a few calculations myself with more simplified version of that.And my conclusion was that the security lowered from 51% to

38.2%. I’m just curiousif you did any calculations regarding how secure that fee pool system is?

问：关于你提出的费用池，实际上我自己使用简化版的方案计算了一下。我得到的结果是，安全性从51%降到了38.2%。我很好奇你是否计算过费用池系统的安全性？

演讲人：你为什么会认为这个feepool会降低安全性？why would you think that the people would lower the security？

演讲人：你为什么会认为费用池的安全性会降低？为什么你会认为人们会降低安全性？

提问者的回答：因为你刚刚在演讲中提到一个bigminer可以连续挖很多blocks，a big miner that mines a few blocks in a row， then he canpublish a chain that he's dealt mines while orders of mining the main chain.

提问者的回答：因为你刚刚在演讲中提到，大矿工可以连续挖出很多区块，连续不断挖出区块的大矿工可以发布一条链，同时在主链上挖矿

演讲人：I haven’t likeconsidered that. it would seem to me intuitively that since the large miner isgiving fees away to future miners, it would actually be worse for him to dothat not better. I would like to see your your reasoning on that.

演讲人：我没有考虑过这点。这在我看来是很直观的，因为大矿工把费用给了未来的矿工，他这么做的话实际上有弊无利。我想要听听你对此的论证。

问题：能不能详细讲一下1个input，2个outputs怎么会是157bytes.

演讲者：比特币的设计就是你在交易时会出现1个input,2个output.and so Bitcoin uses 226 bytes to do that approximately. 但是如果你使用TXO triple asyour inputs you're saving a lot of bytes.

提问者：能不能详细讲一下1个输入，2个输出怎么会是157个字节？

演讲者：比特币的设计就是交易时会出现1个输入，2个输出。因此比特币大约要使用226个字节的空间。但是如果你使用TXOtriple 做为输入，你就会省下很多空间。

第3章结束语

本文是由行走的翻译C听下了字幕，很牛逼的英语水平了，才能听下这玩意。由梁桂莲翻译，我负责校核。

谢谢阅读，希望对各位有帮助。

（如果你想学习比特币和区块链知识，欢迎加入我的小密圈）