以太坊原始碼分析(41）hashimoto原始碼分析

Hashimoto :I/O bound proof of work

Abstract: Using a cryptographic hash function not as a proofofwork by itself, but

rather as a generator of pointers to a shared data set, allows for an I/O bound

proof of work. This method of proof of work is difficult to optimize via ASIC

design, and difficult to outsource to nodes without the full data set. The name is

based on the three operations which comprise the algorithm: hash, shift, and

modulo.

摘要：使用密碼雜湊函式本身並不作為工作的證明，

而是作為指向共享資料集的指標生成器，允許I / O繫結

工作證明。 這種工作證明方法很難通過ASIC設計來優化，並且在沒有完整資料集的情況下很難外包給節點。 這個名字是基於構成演算法的三個操作：雜湊，移位和

模。

The need for proofs which are difficult to outsource and optimize

工作量證明難以外包和優化的需求

A common challenge in cryptocurrency development is maintaining decentralization ofthe

network. The use ofproofofwork to achieve decentralized consensus has been most notably

demonstrated by Bitcoin, which uses partial collisions with zero ofsha256, similar to hashcash. As

Bitcoin’s popularity has grown, dedicated hardware (currently application specific integrated circuits, or

ASICs) has been produced to rapidly iterate the hash­based proofofwork function. Newer projects

similar to Bitcoin often use different algorithms for proofofwork, and often with the goal ofASIC

resistance. For algorithms such as Bitcoin’s, the improvement factor ofASICs means that commodity

computer hardware can no longer be effectively used, potentially limiting adoption.

加密貨幣發展的一項挑戰就是如何維持去中心化的網路結構。 正如比特幣採用sha256雜湊謎題的工作量證明方式來達到去中心化的一致性。 隨著比特幣的流行，專用硬體(目前的專用積體電路，或者是ASICs)已經被用來快速的執行基於hash方式的工作量證明函式。類似比特幣的新專案通常使用不同的工作量證明演算法，而且通常都有抵抗ASICs的目標。對於諸如比特幣之類的演算法，ASIC的對於效能的提升意味著普通的商業計算機硬體不再有效使用，可能會被限制採用。

Proofofwork can also be “outsourced”, or performed by a dedicated machine (a “miner”)

without knowledge ofwhat is being verified. This is often the case in Bitcoin’s “mining pools”. It is also

beneficial for a proofofwork algorithm to be difficult to outsource, in order to promote decentralization

and encourage all nodes participating in the proofofwork process to also verify transactions. With these

goals in mind, we present Hashimoto, an I/O bound proofofwork algorithm we believe to be resistant to

both ASIC design and outsourcing.

工作量證明同樣能夠被外包出去，或者使用專用的機器(礦機)來執行工作量證明，而這些機器對於驗證的內容並不清楚。比特幣的“礦池”通常就是這種情況。如果工作量證明演算法很難外包，以促進去中心化

並鼓勵參與證明過程的所有節點也驗證交易。為了達到這個目標，我們設計了hashimoti, 一個基於I/O 頻寬的工作量證明演算法，我們認為這個演算法可以抵抗ASICs，同時也難以外包。

Initial attempts at "ASIC resistance" involved changing Bitcoin's sha256 algorithm for a different,

more memory intensive algorithm, Percival's "scrypt" password based key derivation function1. Many

implementations set the scrypt arguments to low memory requirements, defeating much ofthe purpose of

the key derivation algorithm. While changing to a new algorithm, coupled with the relative obscurity of the

various scrypt­based cryptocurrencies allowed for a delay, scrypt optimized ASICs are now available.

Similar attempts at variations or multiple heterogeneous hash functions can at best only delay ASIC

implementations.

“ASIC抗性”的初始嘗試包括改變比特幣的sha256演算法，用不同的，更多的記憶體密集型演算法，Percival's "scrypt" password based key derivation function。許多實現都將指令碼引數設定為低記憶體要求，這大大破壞了金鑰派生演算法的目的。在改用新演算法的同時，再加上各種以scrypt為基礎的加密貨幣的相對朦朧可能導致延遲，而且scrypt優化的ASIC現在已經上市。類似的變化嘗試或多個異構雜湊函式最多隻能延遲ASIC實現。

Leveraging shared data sets to create I/O bound proofs

利用共享資料集建立I / O限制證明

    "A supercomputer is a device for turning compute-bound problems into I/O-bound problems."

    -Ken Batcher

    “超級計算機是將計算受限問題轉化為I / O約束問題的一種裝置。”

    Ken Batcher

Instead, an algorithm will have little room to be sped up by new hardware if it acts in a way that commodity computer systems are already optimized for.

相反，如果一種演算法以商品計算機系統已經優化的方式執行，那麼演算法將沒有多少空間可以被新硬體加速。

Since I/O bounds are what decades ofcomputing research has gone towards solving, it's unlikely that the relatively small motivation ofmining a few coins would be able to advance the state ofthe art in cache hierarchies. In the case that advances are made, they will be likely to impact the entire industry of computer hardware.

由於I / O界限是幾十年來計算研究已經解決的問題，挖掘一些加密貨幣的相對較小的動機將不可能提高快取層次結構的藝術水平。 在取得進展的情況下，可能會影響整個計算機硬體產業。

Fortuitously, all nodes participating in current implementations ofcryptocurrency have a large set of mutually agreed upon data; indeed this “blockchain” is the foundation ofthe currency. Using this large data set can both limit the advantage ofspecialized hardware, and require working nodes to have the entire data set.

幸運的是，參與當前加密貨幣實施的所有節點都有大量相互同意的資料;實際上，“區塊鏈”是貨幣的基礎。 使用這個大資料集既可以限制專用硬體的優點，又可以讓工作節點擁有整個資料集。

Hashimoto is based offBitcoin’s proofofwork2. In Bitcoin’s case, as in Hashimoto, a successful

proofsatisfies the following inequality:

Hashimoto是基於比特幣的工作量證明。 在比特幣的情況下，和Hashimoto一樣，一個成功的證明滿足以下不等式：

    hash_output < target

For bitcoin, the hash_output is determined by

在比特幣中， hash_output是由下面決定的。

    hash_output = sha256(prev_hash, merkle_root, nonce)

where prev_hash is the previous block’s hash and cannot be changed. The merkle_root is based on the transactions included in the block, and will be different for each individual node. The nonce is rapidly incremented as hash_outputs are calculated and do not satisfy the inequality. Thus the bottleneck of the proofis the sha256 function, and increasing the speed ofsha256 or parallelizing it is something ASICs can do very effectively.

prev_hash是前一個區塊的hash值，而且不能更改。merkle_root是基於區塊中的交易生成的，並且對於每個單獨的節點將是不同的。我們通過修改nonce的值來讓上面的不等式成立。這樣整個工作量證明的瓶頸在於sha256方法，而且通過ASIC可以極大增加sha256的計算速度，或者並行的執行它。

Hashimoto uses this hash output as a starting point, which is used to generated inputs for a second hash function. We call the original hash hash_output_A, and the final result of the prooffinal_output.

Hashimoto使用這個hash_output作為一個起點，用來生成第二個hash函式的輸入。我們稱原始的hash為hash_output_A, 最終的結果為 prooffinal_output.

Hash_output_A can be used to select many transactions from the shared blockchain, which are then used as inputs to the second hash. Instead of organizing transactions into blocks, for this purpose it is simpler to organize all transactions sequentially. For example, the 47th transaction of the 815th block might be termed transaction 141,918. We will use 64 transactions, though higher and lower numbers could work, with different access properties. We define the following functions:

hash_output_a可用於從共享區塊鏈中選擇多個事務，然後將其用作第二個雜湊的輸入。 而不是組織交易成塊，為此目的是順序組織所有交易更簡單。 例如，第815個區塊的第47個交易可能被稱為交易141,918。 我們將使用64個交易，儘管更高和更低的數字可以工作，具有不同的訪問屬性。 我們定義以下功能：

- nonce 64­bits. A new nonce is created for each attempt.

- get_txid(T) return the txid (a hash ofa transaction) of transaction number T from block B.

- block_height the current height ofthe block chain, which increases at each new block

- nonce 64­bits. 每次嘗試會生成一個新的nonce值.

- get_txid(T) 從block B中通過交易序號來獲取交易id

- block_height 當前的區塊高度

Hashimoto chooses transactions by doing the following:

Hashimoto 通過下面的演算法來挑選交易：

    hash_output_A = sha256(prev_hash, merkle_root, nonce)

    for i = 0 to 63 do

        shifted_A = hash_output_A >> i

        transaction = shifted_A mod total_transactions

        txid[i] = get_txid(transaction) << i

    end for

    txid_mix = txid[0] ⊕ txid[1] … ⊕ txid[63]

    final_output = txid_mix ⊕ (nonce << 192)

The target is then compared with final_output, and smaller values are accepted as proofs.