Segregate Witness (bitcoin) #blockchainkyoto

Transcript

1. Segregated Witness (BIP-141,143,144) @egapool #blockchainkyoto 2018/06/21

2. ໨࣍ • SegWitͱ͸ʁ • SegWitͷMotivation • SegWitͷৄղ • ·ͱΊ

3. SegWitͱ͸ʁ ίϯηϯαεϓϩτίϧʹ͍ͭͯ https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki ৽͍͠τϥϯβΫγϣϯॺ໊ͷํࣜ https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki γϦΞϥΠθʔγϣϯϑΥʔϚοτ https://github.com/bitcoin/bips/blob/master/bip-0144.mediawiki w TDSJQU4JHʹઃஔ͍ͯͨ͠ॺ໊ΛXJUOFTTͱ͍͏ผͷྖҬʹҠͯ͠5Y*%ͷܾఆͱॺ ໊Λ੾Γ཭͢
   

   w TDSJQUʹόʔδϣϯ൪߸Λಋೖͯ͠ࠓޙͷ֦ுΛ༰қʹ͢Δ
   w ͜ΕΒʹΑͬͯ͞Βʹ෭࣍తʹ৭ΜͳԸܙʹ͔͋ͣΕΔ
   w ·ͨॺ໊લʹ5Y*%͕֬ఆ͢Δੑ࣭͕ϨΠϠʔٕज़ͷج൫ͱͳ͍ͬͯΔ
   w ೥݄ʹ6"4'ͰσϓϩΠ͞Εͨ

4. SegWitͷMotivation • ϚϦΞϏϦςΟ໰୊΁ͷରࡦ • Txͷॺ໊ࣗମ͕ॺ໊ͷର৅֎ͳͷͰมߋͰ͖Δ໰୊ • TxID͸શମͷϋογϡ • script࣮ߦʹӨڹͳ͍Α͏ʹscript_sigΛมߋ͢ΔͱID͕มΘΔʢTxలੑʣ •

   TxIdͰऔҾΛ؅ཧ͍ͯ͠ΔΑ͏ͳઃܭͷऔҾॴ͕ةͳ͍ • ͨͩ͠େن໛ͳϋοΫ͕ى͜ΔΑ͏ͳੑ࣭ͷ΋ͷͰ͸ͳ͍ O7FSTJPO UYJO@DPVOU UYJOT UYPVU@DPVOU UYPVUT MPDL@UJNF PVUQPJOU TDSJQU@TJH TFRVFODF TDSJQU@QVCLFZ WBMVF ैདྷͷ5Y ॺ໊ൣғ ˢະॺ໊ ࢀߟʣτϥϯβΫγϣϯలੑΛར༻ͨ͠߈ܸʹ͍ͭͯ wide-tr-ideon-bitcoin-transaction2014-00.pdf http://member.wide.ad.jp/tr/wide-tr-ideon-bitcoin-transaction2014-00.pdf

5. SegWitͷMotivation • ඞͣ͠΋ॺ໊ΛૹΒͳ͍Ͱ͢ΉΑ͏ʹͳΔ • ॺ໊Λݟͳ͍SPVΫϥΠΞϯτʹ͸ॺ໊͸ෆཁ • ॺ໊ͳ͠ͰૹΔ͜ͱͰಉ͡ଳҬ෯ͰΑΓଟ͘௨৴Ͱ͖Δ ࢀߟʣ
 Bitcoin Core

   :: Segregated Witness Benefits https://bitcoincore.org/en/2016/01/26/segwit-benefits/

6. SegWitͷৄղ > ৽͍͠ߏ଄ʹ͍ͭͯ marker : 0x00 (0) ɾɾɾθϩݻఆ flag: 0x01

   (1)ɾɾɾݱࡏ͸1ݻఆɻ witnesses: ͢΂ͯͷwitnessσʔλΛγϦΞϥΠζͨ͠΋ͷ ·ͨɺैདྷͷ5SBOTBDUJPO
   *%ʹՃ͑ͯɺ৽ͨʹ8JUOFTT
   *%Λఆٛɻ
   ͭ·Γ̎छྨͷJEΛ΋ͭɻ
   5Y*Eʹ͸ॺ໊͸ؚ·Εͳ͍ʗ85Y*Eʹॺؚ໊͕·ΕΔ NBSLFSˢ ˢqBH ैདྷJOQVUTͷTDSJQU@TJHʹஔ͍͍ͯͨॺ໊ΛXJUOFTTͱ͍͏ྖҬʹઃஔ

7. SegWitͷৄղ > SegWitΛར༻͢Δ৚݅ SegWit͕ΞΫςΟϕʔτ͞Εͯ΋ɺࠓ·ͰͲ͓ΓP2PKH΍P2SHͷTx΋ੜ੒Ͱ͖Δ scriptPubkeyͷܗͰSegWit͔Ͳ͏͔Λ൑அ scriptPubkeyʹ [ 0 <witness program>

   ] ͷܗ 181,) 184) TDSJQU1VCLFZ
   
   
   ެ։伴
   )BTI
   CZUF  XJUOFTT
   ॺ໊
   ެ։伴 TDSJQU4JH
   ۭ TDSJQU1VCLFZ
   
   
   SFEFFNTDSJQU
   )BTI
   CZUF  XJUOFTT
   
   ॺ໊
   
   ެ։伴
   ެ։伴
   
   01@$)&$,.65*4*( TDSJQU4JH
   ۭ ʢPGNVUJTJHͷྫʣ14)ͷTFHXJUόʔδϣϯ 11,)ͷTFHXJUόʔδϣϯ ˞·ͨɺ4FH8JUͰ͸ѹॖ͞Εͨެ։伴Λ࢖͏ඞཁ͕͋Δ

8. SegWitͷৄղ > SegWitΛར༻͢Δ৚݅ ࢀߟ·Ͱʹ11,)Ͱ͢ɻ

9. SegWitͷৄղ > SegWitΛར༻͢Δ৚݅ ࣮ࡍʹSegWitͱͯ͠ੜ੒͞ΕͨTxΛݟͯΈ·͠ΐ͏ʂ 184) IUUQTDIBJOqZFSCJUqZFSKQ5SBOTBDUJPO ⒎FBDBDFGEFB⒎DCGEDCFGEFGCBBF Chain Query: Bitcoin

   API: decodescript http://chainquery.com/bitcoin-api/decodescript CJUDJO
   TDSJQU
   EFDPEFS
   ͷ঺հ
   ্هUYͷXJUOFTTͷͭΊͷTDSJQUΛˣͰEFDPEFͯ͠ΈΔͱPGͷ.VUJ4JHͷ SFEFFNTDSJQUͩͱΘ͔Γ·͢

10. SegWitͷৄղ > ϒϩοΫʹର͢Δίϛοτϝϯτ wtxidͷϚʔΫϧϧʔτΛίΠϯϕʔετϥϯβΫγϣϯʹOP_RETURNͱͯ͠ઃஔ͢Δ ͜ͱͰॺ໊ͷݕূΛίϛοτ IUUQTCUDDPNCDEBBDBBCDFBCGEBFFGBFDBGFDBECGBF XJUOFTT
    ϚʔΫϧ
    ϧʔτ 85Y*E 85Y*E

    ϋογϡ ϋογϡ 85Y*E 85Y*E ˢXJUOFTT ॺ໊ྖҬΛؚΉ5Yϋογϡ஋ 1-byte - OP_RETURN (0x6a) 1-byte - Push the following 36 bytes (0x24) 4-byte - Commitment header (0xaa21a9ed) 32-byte - Commitment hash: Double-SHA256(witness root hash|witness reserved value) TDSJQU@TJH͔Βॺ໊͕ফ͑Δ
    ⊗
    ϒϩοΫϔομʔͷϚʔΫϧϧʔτϋογϡʹ͸
    ॺؚ໊͕·Ε͍ͯͳ͍
    ⊗
    XUYJEͷϧʔτϋογϡΛίΠϯϕʔεʹಥͬࠐΉ
    ˞৽ͨʹϒϩοΫϔομʔʹઐ༻ྖҬΛ
    ɹ௥Ճ͢Δʹ͸ϋʔυϑΥʔΫΛ൐͏ 4FH8JUΞΫςΟϕʔτࡁΈͷϚΠφʔ͕࡞੒ͨ͠ίΠϯϕʔετϥϯβΫγϣϯ
    ใुΞ΢τϓοτʹՃ͑ͯ΋͏ҰͭΞ΢τϓοτ͕͋Δ
    ˣ۩ମྫ ຒΊࠐΉ஋

11. SegWitͷৄղ > ϒϩοΫαΠζ TFHXJUͰ͸ϒϩοΫαΠζͷ্ݶͷܭࢉͷ࢓ํ͕มߋ ඇTFHXJU .#
    
    τʔλϧUYαΠζ TFHXJU .#
    
    ϕʔεαΠζ
    Y
    
    
    τʔλϧαΠζ ϕʔεαΠζ
    
    XJUOFTTͳ͠ͷτʔλϧαΠζ

    τʔλϧαΠζ
    
    XJUOFTTؚΊͨτʔλϧαΠζ ΦʔιυοΫεͳJOQVUͷ181,)ͳUYͰϒϩοΫΛຬͨ͢ͱ໿.#෼ೖΔ ˞TFHXJU͸ॺ໊ͷ৔ॴΛม͍͑ͯΔ͚ͩͳͷͰ5Yࣗମͷ༰ྔ͸΄΅มԽͳ͠ ˞ͪͳΈʹαΠζͱ͍͏ͷ͸
    γϦΞϥΠθʔγϣϯϑΥʔϚοτʹ
    ଇͬͯੜ੒ͨ͠όΠτྻͰܭࢉ

12. SegWitͷৄղ > όʔδϣϯόΠτ TDSJQU1VCLFZ
    
    
    ެ։伴
    )BTI
    CZUF  ˢόʔδϣϯόΠτ w 4FH8JUʹΑͬͯόʔδϣϯόΠτͱ͍͏֓೦Λಋೖ
    

    w ݱࡏ CJUDPJOE ͷόʔδϣϯ͸ݻఆʗ࠷େ·Ͱ૿΍ͤΔ
    w Ұ୴͜ͷ࢓૊Λ͍Εͨ͜ͱͰࠓޙόʔδϣϯόΠτΛมߋ͢ΔܗͰͷιϑτ΢Σ ΞɾΞοϓσʔτ͕༰қʹͳΔ
    w ະ஌ͷόʔδϣϯ ݱࡏͰ͸Ҏ֎ͷ͢΂ͯ ͕͋ͬͨ৔߹ɺϊʔυ͸ͦͷ5YΛ BOZPOFDBOTQFOEͳ5Yͱͯ͠ѻ͏
    w ͜Ε͸ޙํޓ׵ੑޓ׵ੑΛ؆୯ʹอͭͨΊ

13. SegWitͷৄղ(BIP144) > Tx఻ୡϧʔϧ QFFSؒͰ4FH8JUରԠ5YΛ఻ୡ͢ΔͨΊͷ৽͍͠ϑΥʔϚοτ͕CJQͰఆΊΒΕͨ ਤͷϑΥʔϚοτʹैͬͯ5YσʔλΛγϦΞϥΠζͯ͠ωοτϫʔΫʹ఻ୡ͠·͢
    OPO4FH8JUϊʔυ͕ޡղ͠ͳ͍Α͏ͳߏ੒ͳ͍ͬͯ·͢
    NBSLFSͷՕॴ͸΋ͱ΋ͱJOQVUT@DPVOU͕͋ͬͨ৔ॴͳͷͰɺݻఆͷNBSLFSΛஔ͘͜ ͱͰOPO4FH8JUϊʔυ͸͜ΕΛJOQVU͕ͷ5Yͱղऍͯ͠εϧʔ͠·͢ɻ O7FSTJPO NBSLFS

    qBH UYJO@DPVOU UYJOT UYPVU@DPVOU UYPVUT XJUOFTTFT MPDL@UJNF marker : 0x00 (0) ɾɾɾθϩݻఆ flag: 0x01 (1)ɾɾɾݱࡏ͸1ݻఆɻ witnesses: ͢΂ͯͷwitnessσʔλΛγϦΞϥΠζͨ͠΋ͷ O7FSTJPO UYJO@DPVOU UYJOT UYPVU@DPVOU UYPVUT MPDL@UJNF 4FH8JU /PO4FH8JU

14. SegWitͷৄղ(BIP143) > segwit version 0ͷtxॺ໊ݕূϧʔϧ #*1ʹΑͬͯॺ໊ʹ༻͍ΔτϥϯβΫγϣϯϋογϡͷಋग़ํ๏͕มߋ ৭ʑ͋Γ·͕͢ཁ఺Λநग़͢Δͱ w ೖྗ஋Λϋογϡͯ͠தؒදݱΛͭ͘ΓɺͦΕΛ༻͍ͯॺ໊͢Δ
    w

    ͜ΕʹΑΓޙड़͢Δ࣍ϋογϡ໰୊͕ղܾ͞ΕΔ
    w JOQVUͰ࢖༻͢Δ#5$ͷ਺ྔ΋ॺ໊ͷର৅ͱͳΔ
    w ͜ΕʹΑΓΦϑϥΠϯ΢ΥϨοτͰ΋ॺ໊ݕূ͕༰қͱͳΔ
    w ͜Ε͕ͳ͍ͱΦϯϥΠϯ͔Β௚લͷ5YΛऔಘͯ͠਺ྔΛ֬ೝ͠ͳ͍ͱ͍͚ͳ͍

15. SegWitͷৄղ(BIP143) > Quadratic Hashing Problemͷղܾ τϥϯβΫγϣϯͷॺ໊ʹ͸࣍ϋογϡ໰୊͕͋Δ
    JOQVU͕૿͑Δͱॺ໊ݕূ͕࣌ؒJOVQUͷ਺ͷ৐ʹൺྫͯ͠૿͑Δ
    ݕূ͕࣌ؒ૿͑ΔͱϒϩοΫ఻ൖ଎౓͕Լ͕ΓηΩϡϦςΟϦεΫ͕૿͢ • Bitcoin

    Core :: Segregated Witness Benefits https://bitcoincore.org/en/2016/01/26/segwit-benefits/ • segregated witness - Which kinds of transactions show quadratic signature-hashing scaling? - Bitcoin Stack Exchange https://bitcoin.stackexchange.com/questions/54264/which-kinds-of-transactions-show-quadratic- signature-hashing-scaling/54265 • The Megatransaction: Why Does It Take 25 Seconds? – Rusty Russell's Coding Blog http://rusty.ozlabs.org/?p=522 େྔJOQVUΛؚΉ5Y͕ଟ͍ϒϩοΫ͸ݕূʹඵ΋͔͔ͬͨ͜ͱ͕աڈʹใࠂ͞Ε͍ͯΔ

16. SegWitͷৄղ(BIP143) > Quadratic Hashing Problemͷղܾ  5Y಺ͷશJOQVU͔ΒTDSJUQ4JH ॺ໊ͱެ։伴ʣΛ֎͢
     ͷঢ়ଶͷ5Yͷίϐʔ

    5Y$PQZ Λੜ੒
     5Y$PQZʹରͯ͠ॺ໊ݕূ͢ΔJOQVUʹQVCMJDL,FZΛຒΊࠐΉ
     Λ%PVCM4)"ͨ͠ϋογϡ஋ʹରͯ͠ॺ໊ݕূ͢Δʢॺ໊஋ɺެ։伴ɺϋογϡ஋Ͱʣ
     5Y಺ͷ͢΂ͯJOQVUʹରͯ͠ʙΛ܁Γฦ͢ " ϋογϡ࣌ؒ͸ର৅ͷσʔλ༰ྔʹઢܗґଘ
    # ϋογϡճ਺͸JOQVUͷݸ਺ʹઢܗґଘ JOQVUͷ৔߹ɾɾɾݕূճ਺ճ
    Y
    ݕূ࣌ؒJOQVU௕෼ɹʹɹ JOQVUͷ৔߹ɾɾɾݕূճ਺ճ
    Y
    ݕূ࣌ؒJOQVU௕෼ɹʹɹ ඇ4FH8JUͰͷෳ਺JOQVU͕͋ΔτϥϯβΫγϣϯʹ͓͚Δॺ໊ݕূͷྲྀΕ ࢀߟʣOP_CHECKSIG - Bitcoin Wiki https://en.bitcoin.it/wiki/OP_CHECKSIG ͜ͷݕূͷ໰୊఺

17. ·ͱΊ w 5Y*%ͷܾఆͱॺ໊Λ੾Γ཭͢͜ͱͰϚϦΞϏϦςΟ໰୊Λղܾ
    w ৽͍͠ϑΥʔϚοτͷॺ໊ͷίϛοτ৔ॴΛίΠϯϕʔετϥϯβΫγϣϯͷPVUQVUʹ
    w TDSJQUʹόʔδϣϯ൪߸Λಋೖͯ͠ࠓޙͷ֦ுΛ༰қʹ͢Δ
    w ৽͍͠σʔλྖҬΛ༻͍Δ͜ͱͰCMPDLͷ༰ྔ੍ݶΛಥഁ
    w

    5Yॺ໊ํ๏Λมߋͨ͜͠ͱͰ࣍ϋογϡ໰୊΍ίʔϧυ΢ΥϨοτͷݕূ໰୊Λղܾ
    w ιϑτϑΥʔΫͷͨΊɺΞΫςΟϕʔτ͍ͯ͠ͳ͍ϊʔυ͕ޡ࡞ಈΛى͜͞ͳ͍Α͏ʹσʔλ ྖҬͷ࢖͍ํʹ޻෉͕ͳ͞Ε͍ͯΔ
    w ඇ4FH8JUͷ΢ΥϨοτ͸4FH8JUτϥϯβΫγϣϯͷҙຯΛ἞ΈऔΕͳ͍ͷͰ஫ҙ͕ඞཁ

18. ͋Γ͕ͱ͏͍͟͝·ͨ͠