Facebook的Libra “區塊鏈”到底是如何運作的？

本文深入研究了“關於Facebook Libra coin (以及更多)平臺協議”的26頁技術文件，並對其內容進行了分解說明。 同時，我們對這53位作者表示衷心的欽佩！

以下為具體分析內容：

（文中英文內容為“協議”原文，中文翻譯是對“協議”內容的解讀。）

摘要

The Libra protocol allows a set of replicas—referred to as validators—from different authorities to jointly maintain a database of programmable resources.

換句話說，也就是這個系統需要由一組權威機構以自上而下的方式進行控制。然而，請注意，該資料庫是為維護“可程式設計資源”而不僅僅是維護數字貨幣的。

These resources are owned by different user accounts authenticated by public key cryptography and adhere to custom rules specified by the developers of these resources.

使用諸如“資源”（resources）之類的通用詞彙使我懷疑這裡不僅僅是指一種穩定幣。

Transactions are based on predefined and, in future versions, user-defined smart contracts in a new programming language called Move. We use Move to define the core mechanisms of the blockchain, such as the currency and validator membership.

好了，這個有意思了。使用專門的智慧契約語言會導致很多問題，比如該語言的功能豐富度，以及延伸到該系統對對抗性契約的健壯性有多強的問題。還有一些關於開發人員友好性以及Libra如何保護智慧合約開發人員不受影響的問題都是需要明晰的。

These core mechanisms enable the creation of a unique governance mechanism that builds on the stability and reputation of existing institutions in the early days but transitions to a fully open system over time.

關於開發人員友好性以及Libra如何保護智慧合約開發人員不受影響，這仍是問題。

1.簡介

This ecosystem will offer a new global currency—the Libra coin—which will be fully backed with a basket of bank deposits and treasuries from high-quality central banks.

Libra是一種通用的加密資產協議，第一個資產將是一種穩定幣。

Over time, membership eligibility will shift to become completely open and based only on the member’s holdings of Libra.

聽起來很像股權證明。顯然，計劃是在五年後開放會員資格，並希望他們當時能夠找到股份證明——儘管我預計它們會遇到與Ethereum相同的問題。

The association has published reports outlining … the roadmap for the shift toward a permissionless system.

我很確定這將是分散式網路首次從許可型轉換為非許可型。也許整個網路可以轉換為股權證明，但為了穩定幣/籃子，一些實體必須保持對傳統金融系統的開放。這將是透過Libra協會長期集中控制的重點。

Validators take turns driving the process of accepting transactions. When a validator acts as a leader, it proposes transactions, both those directly submitted to it by clients and those indirectly submitted through other validators, to the other validators. All validators execute the transactions and form an authenticated data structure that contains the new ledger history. The validators vote on the authenticator for this data structure as part of the consensus protocol.

這聽起來像Practical Byzantine Fault Tolerance(實用拜占庭容錯演算法)，這是一個很好理解的發展了20年的演算法，儘管他們可能做了一些調整。我們在白皮書的第5節中瞭解到它被稱為LibraBFT，它是HotStuff共識協議的變體。

As part of committing a transaction T i at version i, the consensus protocol outputs a signature on the full state of the database at version i—including its entire history—to authenticate responses to queries from clients.

這是值得注意的，主要是因為它意味著新的驗證者應該能夠加入網路並快速同步，而不必回溯區塊鏈的整個歷史記錄，前提是它們信任現有的驗證者。
這種帳戶模型是有可能的，因為Facebook不太可能關注隱私，而它確實對智慧合約感興趣。

2.邏輯資料模型

The Libra protocol uses an account-based data model to encode the ledger state.

從資料結構的角度來看，Libra更像Ethereum或Ripple，而不是比特幣。UTXO模型有優點也有缺點——由於基於輸出的歷史記錄的簡單性，它具有更好的私密性和更健壯的事務歷史記錄——但是處理複雜的智慧合約可能更困難。因此，賬戶模式是有意義的，因為Facebook不太可能關注隱私，儘管聽起來它對智慧合同很感興趣。

The Libra protocol does not link accounts to a real-world identity. A user is free to create multiple accounts by generating multiple key-pairs. Accounts controlled by the same user have no inherent link to each other. This scheme follows the example of Bitcoin and Ethereum in that it provides pseudonymity for users.

這聽起來好得驚人，但我想知道Libra coin是否也是這種情況。對於那些想要開發一些更能保護隱私的應用程式的開發人員來說，觀察這個系統的開放程度將是一件很有趣的事情。

Every resource has a type declared by a module. Resource types are nominal types that consist of the name of the type and the name and address of the resource’s declaring module.

看起來你可以生成一個地址，只要每個資產都有唯一的名稱，該地址就可以分配任意數量的資產。

Executing a transaction T i produces a new ledger state S i as well as the execution status code, gas usage, and event list.

好了，現在我們知道了如何保護系統免受資源耗盡攻擊，大概是利用類似於Ethereum的資源成本系統。

There is no concept of a block of transactions in the ledger history.

有趣。Libra協議中沒有實際的區塊鏈資料結構——塊更像是一個虛擬的邏輯結構，驗證者使用它來協調系統狀態的確認快照。回過頭來看，這一節的第一句話現在有了更多的意義:

All data in the Libra Blockchain is stored in a single versioned database. A version number is an unsigned 64-bit integer that corresponds to the number of transactions the system has executed.

我所熟悉的每個加密資產網路都以相同的方式在非常高的層次上工作：首先存在一個系統狀態，然後執行一個事務，實際上是一個狀態轉換函式，接著新的系統狀態就出現了。

將批次事務放入容器或塊中的目的是為了對它們進行排序和加時間戳。這對於無許可網路非常重要，在這種網路中，資料透過動態多方成員簽名進行身份驗證，驗證者可以自由地加入和離開網路。因為Libra執行一個經過許可的系統，所以它可以使用一個更有效的協商一致演算法，而不需要批處理事務，因為事務歷史記錄被重寫的可能性要小得多。

In the initial version of the Libra protocol, only a limited subset of Move’s functionality is available to users. While Move is used to define core system concepts, such as the Libra currency, users are unable to publish custom modules that declare their own resource types. This approach allows the Move language and toolchain to mature—informed by the experience in implementing the core system components—before being exposed to users. The approach also defers scalability challenges in transaction execution and data storage that are inherent to a general-purpose smart contract platform.

這聽起來非常類似於前面提到的“open validator membership（開放驗證者成員資格）”計劃。似乎Facebook還沒有解決任何一個Ethereum多年來一直在努力解決的重大問題。

In order to manage demand for compute capacity, the Libra protocol charges transaction fees, denominated in Libra coins.

Libra coins實際上是協議的原生單位，就像ETH是Ethereum的原生單位。這就引出了另一個關於Libra匿名性質的問題：你可以在沒有AML / KYC的情況下獲得幣嗎？如果不能，那麼您似乎無法匿名地使用系統的任何功能。查閱Calibra錢包，它將需要AML / KYC。所以我想知道最終是否會有一些進入系統的方式沒有受到嚴格控制。

The system is designed to have low fees during normal operation, when sufficient capacity is available.

這確實很模糊，並引發了許多問題：什麼是低收費？什麼是正常操作？什麼是足夠的容量？

3.執行交易

Many parts of the core logic of the blockchain are defined using Move, including the deduction of gas fees. To avoid circularity, the VM disables the metering of gas during the execution of these core components.

這聽起來很危險，但該文件的作者指出，核心元件必須以防禦性方式編寫以防止DoS攻擊。

The key feature of Move is the ability to define custom resource types … the Move type system provides special safety guarantees for resources. A resource can never be copied, only moved. These guarantees are enforced statically by the Move VM. This allows us to represent Libra coins as a resource type in the Move language.

這就澄清了之前的問題：Libra coins是否像ETH或BTC一樣是本地資產。我希望這些幣只是系統啟動時預設的或唯一允許的資源型別，其他資源將在未來提供。

Move’s stack-based bytecode has fewer instructions than a higher-level source language would. In addition, each instruction has simple semantics that can be expressed via an even smaller number of atomic steps. This reduces the specification footprint of the Libra protocol and makes it easier to spot implementation mistakes.

這聽起來像是經過深思熟慮的; 希望這意味著他們的指令碼語言的安全性將比Ethereum更好。

我們看到“Libra區塊鏈” 實際上並不是區塊鏈。

4.已驗證的資料結構和儲存

The Libra protocol uses a single Merkle tree to provide an authenticated data structure for the ledger history … specifically, the ledger history uses the Merkle tree accumulator approach to form Merkle trees, which also provides efficient append operations.

我們再一次看到“Libra區塊鏈”實際上並不是區塊鏈。這個協議似乎設計得非常好，但是奇怪的是，當賬戶歷史的資料結構是一組有簽名的賬戶狀態時，它們仍然稱它為區塊鏈。驗證者正在為每個賬戶狀態做出承諾，並且所有歷史帳戶狀態也都在Merkle樹中承諾，但我還沒有真正看到形成鏈的任何反向連結資料列表——更不用說形成塊鏈了。

The authenticator of an account is the hash of this serialized representation.
Note that this representation requires recomputing the authenticator over the full account after any modification to the account. The cost of this operation is O(n), where n is the length of the byte representation of the full account.

嗯，如果沒有對給定帳戶儲存的資料量進行限制，這聽起來像是DoS攻擊的開端。

We anticipate that as the system is used, eventually storage growth associated with accounts may become a problem. Just as gas encourages responsible use of computation resources, we expect that a similar rent-based mechanism may be needed for storage. We are assessing a wide range of approaches for a rent-based mechanism that best suits the ecosystem.

另一個未解決的問題。迫不及待地想說“租金太高了！”

The voting power must remain honest both during the epoch as well as for a period of time after the epoch in order to allow clients to synchronize to the new configuration. A client that is offline for longer than this period needs to resynchronize using some external source of truth to acquire a checkpoint that they trust.

哎。目前尚不清楚這個“時間段”有多長，但如果一個epoch不到一天，那麼我猜測指定的“時間段”也是如此。看起來這個共識協議不夠強大，參與者可能會隨意離開並重新加入網路。

5.拜占庭容錯共識

LibraBFT assumes that a set of 3f + 1 votes is distributed among a set of validators that may be honest, or Byzantine. LibraBFT remains safe, preventing attacks such as double spends and forks when at most f votes are controlled by Byzantine validators.

就像PBFT一樣，這種一致性演算法可以容忍33％的驗證者是不誠實的。HotStuff的修改聽起來很合理：
透過使驗證者簽署塊的狀態（而不僅僅是事務序列）來抵制非確定性錯誤。

一個發出明確超時訊號的起搏器，驗證者依賴於這些超時訊號的仲裁集來進入下一輪 - 這應該可以提高活性。
不可預知的領導者選舉機制，以限制針對領導者的DoS攻擊。
聚合簽名以便儲存那些簽署了仲裁集證照來為塊接受投票的身份驗證者。

6.網路

Each validator in the Libra protocol maintains a full membership view of the system and connects directly to any validator it needs to communicate with. A validator that cannot be connected to directly is assumed to fall within the quota of Byzantine faults tolerated by the system.

這將需要大量工作才能將系統擴充套件到數百個驗證者。

7. Libra核心實施內容

The security of the Libra Blockchain rests on the correct implementation of validators, Move programs, and the Move VM. Addressing these issues in Libra Core is a work in progress.

這部分內容已經基本總結完畢，儘管他們在Rust中編寫了實現，這對效能和安全性來說似乎是一個良好的開端。

8.表現

We anticipate the initial launch of Libra protocol to support 1,000 payment transactions per second with a 10-second finality time between a transaction being submitted and committed.

由於只有100個左右的驗證者，並且它們都相互直接連線的，所以10秒的塊時間聽起來是可行的。

最低節點要求：

• 40 Mbps網路連線

• 1個商品CPU

• 16 TB SSD

前面有一些關於保持驗證人從頭執行初始同步的能力，而不是信任來自其他驗證人簽名狀態的參考文獻。我預計，如果Libra得到充分使用，那麼執行這樣的同步將很快變得非常不切實際，因此，節點安全模型將高度依賴於信任驗證者。

9.用Move實現Libra生態系統策略

The [Libra coin] reserve is the key mechanism for achieving value preservation. Through the reserve, each coin is fully backed with a set of stable and liquid assets. The Libra coin contract allows the association to mint new coins when demand increases and destroy them when the demand contracts. The association does not set a monetary policy. It can only mint and burn coins in response to demand from authorized resellers. Users do not need to worry about the association introducing inflation into the system or debasing the currency: For new coins to be minted, there must be a commensurate fiat deposit in the reserve.

好的，但現在我們討論的是網路外部的事件。如白皮書前面所述，網路無法執行使用網路狀態外部資料輸入的指令碼。因此，上述程式碼片段中的“can”和“must”修飾語肯定是指網路並不知道的Libra Association政策或合同義務。

The consensus algorithm relies on the validator-set management Move module to maintain the current set of validators and manage the allocation of votes among the validators. Initially, the Libra Blockchain only grants votes to Founding Members.

假設驗證者對驗證者集的更改進行投票，聽起來這會導致與我們在股權證明系統中看到的類似問題——遠端攻擊。如果創始成員的密匙的重要閾值受到損害，攻擊者是否可以從源頭寫入新的賬戶歷史記錄？如果是這樣，其他節點會接受嗎？目前尚不清楚共識協議是否允許重寫舊狀態還是僅僅允許追加狀態。

We plan to gradually transition to a proof-of-stake.

如果他們能解決尚未解決的問題。

未解決的問題

如何進行管理？

我們可以看到Libra Association是一個由成員組成的委員會，需要2/3的絕對多數透過才能做出改變的決策。他們是唯一有資格鑄造或銷燬Libra coin的人，但如果有足夠的共識，他們可以做出任何他們想要的改變。

是否需要AML / KYC？

顯然，協議級別不需要它，但Calibra錢包宣告所有使用者都將透過政府頒發的ID進行驗證。聽起來Calibra錢包將是在一段時間內唯一可用的錢包，所以目前還不清楚開發人員和使用者是否可以在Libra網路上執行不遵守與Calibra相同標準的應用程式。
什麼是低收費？什麼是正常操作？什麼是足夠的容量？
CALIBRA錢包FAQ承諾低收費，但這似乎與在高負載時底層協議的操作相沖突。

Transaction fees will be low-cost and transparent, especially if you’re sending money internationally. Calibra will cut fees to help people keep more of their money.

Libra真的會對開發者開放嗎？

根據實現無許可共識的計劃：

The Libra Blockchain will be open to everyone—any consumer, developer, or business can use the Libra network, build products on top of it, and add value through their services. Open access ensures low barriers to entry and innovation and encourages healthy competition that benefits consumers.

我懷疑開發人員是否能夠在這個平臺上執行他們所想像的任何技術上有效的應用程式。我沒有讀到任何讓我相信這個系統會抵制審查制度的內容，但只有時間會告訴我們答案！

歡迎點選“ 京東雲 ”瞭解更多精彩內容

點選“閱讀原文”可檢視文件