Editor's note: Blockchain involves many technologies, from the bottom layer of the Internet to the unknown cryptography, but there are often many people who pay attention to currency prices and few people who study technology. During the bull market, everyone will study hard to speculate in coins. During the bear market, there is nothing to do anyway, so I think we can study harder. As a liberal arts student, I certainly have a lot of questions that science students seem to think are idiotic. As a reporter, it is not difficult for me to find people who understand the industry to explain to me in human terms, and they often do not dislike me face to face.
This is the second issue of Xiaoming's study notes. The last time I studied was the virtual machine ("Xiao Ming's Study Notes | Understand the Blockchain Virtual Machine in One Article""Xiao Ming's Study Notes | Understand the Blockchain Virtual Machine in One Article"
), this study is cross-chain, and what I want to learn later is VRF, open source history and culture, network architecture and blockchain layered system comparison, "If the currency circle is regarded as a country, what is the country's currency going through?" . If you have other interesting questions, please contribute and ask questions.
Thanks to the two entrepreneurs for answering many of my questions. At the same time, I recommend reading a cross-chain report written by Vitalik to R3 in 2016. Although it was a report 2 years ago, I personally feel that many technologies are still not out of the framework of that article. In order to describe some technologies more clearly, this article will also quote many literal original texts.
secondary title
What is cross-chain?
Cross-chain is simply the transfer of information from one chain to another. Since when we talk about blockchain now, tokens are basically what come to mind, so in fact, more tokens as assets are transferred from one chain to another. The easiest thing to understand is to exchange ETH for BTC, which is simply an asset exchange.From the perspective of the Internet, it is a bit like information passing from one intranet to another. this is for. However, each network of the blockchain is a relatively closed system that does not trust each other. Every time something happens, a "vote" (consensus) is required. How can you easily trust things outside the chain? It turns out that all background information on the Internet can be transferred to each other, almost without verification. Lu Xujun believes that due to the obvious asset attributes of the blockchain, its cross-chain is different from traditional Internet information transmission, and the motivation of participants to lie is enhanced.
secondary title
What is the use of cross-chain?The first "most painful" application scenario of cross-chain is the decentralized exchange, which solves the first asset exchange problem just mentioned.
Now many people can use the centralized exchange method to solve the problem. In addition, the current decentralized exchange has poor trading experience, slow speed, and incapable of cross-chain transactions. Novice users don’t like it. It seems that there is nothing to do. However, idealists will say: As an industry that pursues decentralization, a large number of centralized organizations have the greatest voice. Everyone thinks this is too weird, and centralized exchanges are doing a lot of evil.Another application scenario is that the application deployed on the A chain supports the tokens of other chains.
For example, the smart contract on Ethereum wants to pay with Bitcoin. When I heard this scene, my colleague immediately asked, "Why?" His reaction was also correct, because it seemed unnecessary. But some people just want to support Bitcoin or other tokens, hoping to expand the user base. In fact, this problem can also be solved with a centralized exchange.This problem can also be generalized as, different modules of a DAPP may be deployed on different chains, so how does it call modules on other chains, and how do different modules interact with each other? That is, chain A needs to know about chain B to proceed to the next step or execute.
To put it bluntly, this can still be solved in an "off-chain" way, just like an authoritative intermediary, which sounds a lot like an oracle (providing trusted data outside the chain).In the report written by V God to R3 in 2016, five use cases were mentioned, all of which are inseparable from the above three, including:"atomic swap"1. Asset (atomic) transaction (Payment-versus-payment or payment-versus-delivery - in technical circles, this concept is also often called
); 2. Portable assets (Portable assets, assets can be transferred and used back and forth between multiple chains); 3. Cross-chain data oracles (Cross-chain oracles); 4. Asset encumbrance (Asset encumbrance, an asset It is locked on the chain, whether it is unlocked or not depends on the result on another chain) 5. General cross-chain contracts (General cross-chain contracts).
This judgment is based on his "database history" as a guide. He introduced that in the 1980s and 1990s, there used to be a concept called federated distributed database. The vision was: the database suppliers used by the two enterprises were different. The technology hoped that the database would ensure the atomicity of data transactions, which was extremely difficult. But it turned out that it is not needed at all in reality. "Since consistency can be guaranteed through the application layer, why must it be done at the bottom layer? Therefore, we are actually more pragmatic in the overall design."
secondary title
How to cross chain?
In fact, it is impossible for a certain currency to "arrive" on another chain in a real sense. Most of them are just an anchor currency of A chain generated on B chain, and A chain will "lock" the equivalent token.
If we understand it from the perspective of asset exchange, I understand that there are three situations of cross-chain:
The first is that both parties do not know that they are cross-chain, or that both parties cannot "read" each other, such as centralized exchanges.
The second is that one of the chains can read other chains, such as side chains/relay chains, that is, A can read B, and B cannot read A; if a C chain can read all chains, it stands to reason that it can also become a The "on-chain" intermediary, the whole process is "ACB". When a "side chain" links many main chains, it becomes a relay chain.
The process of asset exchange may be that users "recharge" BTC and ETH to this chain, and all tokens can circulate in this network (in fact, each coin has an anchor coin in this cross-chain network, ERC 20 similar to Ethereum), and then "withdraw" respectively. The models of Wanchain and AshchChain are a bit like this. They can interact with many chains, but these chains cannot directly interact with each other. Take the ASCH chain as an example:
When the user "recharges" BTC to the ASCH chain, he needs to first transfer the BTC to the gateway account (that is, an ordinary account on the Bitcoin chain, but the manager is a group of nodes); the cross-chain gateway locks the gateway account after receiving the information And verified, after being verified by most nodes; the gateway will unlock the equivalent digital assets for the user on the ASCH chain, and the user can use BTC on the ASCH chain. BTC and XAS seem to be merchants in two countries. The two parties cannot trust each other and use different currencies, so they cannot trade directly. Therefore, the two parties negotiated a set of rules (equivalent to the cross-chain gateway protocol) and set up a special trading place to process transactions, jointly managed by the country's prestigious businessmen (equivalent to gateway nodes) as representatives. Need to have a sufficient amount of assets as collateral.
The third is that both A and B can read each other, which can theoretically be realized through a unified protocol, but no similar protocol has yet been implemented.
To put it bluntly, "cross-chain" can also be done off-chain; it's just that some people think that on-chain is safer.
Based on Wanchain's point of view, the security here can be broken down into two issues: one is to ensure that the cross-chain information is correct, that is, how to verify the transaction status on the original chain. If it is considered that there is no final state on the blockchain using the POW mechanism (there is always a fork, but the probability gradually decreases with the increase of the confirmation block), the complexity of this problem will be even higher. The second is to ensure the atomicity of the transaction, that is, if a certain link of transaction processing stops, the entire transaction can be cancelled; otherwise, a partial success may lead to double spending.
Next, I will briefly introduce some related technologies that I have learned.
The first is about how to verify the transaction status on the original chain. Now I understand that there are mainly two ways (both mentioned in the original report of V God):The first is that there is a group of individuals or alliances who are responsible for the nodes of the two chains at the same time, or it may be a separate chain, telling B chain what happened on A chain, or telling B the truth of a certain message. For example, Interledger, an open protocol for cross-ledger value transmission developed by Ripple, is not a chain, but a set of gateway protocols. God V called this。
In a notary mechanism, a trusted entity or set of entities that is trusted as a group is used in order to claim to chain X that a given event on chain Y took place, or that a particular claim about chain Y is true. Such entities may be active, listening and automatically acting based on events in some chain, or reactive, issuing signed messages only when asked. The most advanced effort that has taken steps in this direction is the Interledger project developed by Ripple. Interledger, at least in what it describes as “atomic mode”, uses a Byzantine-fault-tolerant consensus algorithm in order to achieve consensus among a set of notaries on whether or not a given event took place,Notary schemes
and then issues a signature that can be used to finalize payments conditional on this consensus. (From the V God report)the other isSidechains/relays
, Different from the notary mode of "others tell B chain what happened on A chain", the relay mode is more "directly" B chain reads A chain by itself. For example, verify the transactions on the A chain by verifying the information such as the block header of the A chain and the Merkle tree, such as the BTC Relay on the Ethereum.
According to public information, the operating mechanism of BTCRelay is as follows: "An external third party, called Relayer, sends a transaction to BTCRelay's smart contract, the content of which is the latest block header of the Bitcoin area (of course, this block header is expected to has not yet been submitted). BTCRelay verifies the validity of the sent block header based on the existing block header information. If the verification is passed, it will be added to the Bitcoin block header chain maintained by BTCRelay."
As a result, in BTCRelay's smart contract, a built-in SPV (Simple Payment Verification) node is implemented, which can be used to verify the validity of Bitcoin transactions. Any user or smart contract on the Ethereum platform can request BTCRelay to verify whether a certain transaction exists on the Bitcoin network. But on the one hand, this can only achieve one-way anchoring (because the Bitcoin scripting language does not support it), on the other hand, it requires a Relayer in the Ethereum network to continuously submit verification information to the contract to earn user fees.
Relays are a more “direct” method for facilitating interoperability, where instead of relying on trusted intermediaries to provide information about one chain to another, the chains effectively take on the task of doing that themselves. The general approach is as follows. Suppose that a smart contract executing on chain B wants to learn that either a particular event took place on chain A, or that some particular object in the state of chain A contained some value at some particular time. Suppose also that chain A is designed similarly to Bitcoin or Ethereum in that it has a notion of “blocks” and “block headers”, where a “block header” is a compact piece of information that “represents” the block (and possibly state data) in some cryptographically authenticated way,In fact, what bothers me more logically about this model is that since the sidechain also needs a third-party relayer to submit information, the role of the relayer is very similar to that of a "notary". The only difference is that the sidechain packs the block header of the main chain.
most likely using Merkle trees. (from V God report)
This use of this so-called “light client verification” technology is ideal for relays because of how fundamentally resource constrained a blockchain is. In fact, it is impossible for a mechanism inside chain A to fully validate chain B and a mechanism inside chain B to fully validate chain A at the same time, for the same simple mathematical reason why two boxes cannot simultaneously contain each other: A would need to re-run the part of B that re-runs A, including the part of A that re-runs B, and so forth. With light client verification, however, a protocol where chain A contains small pieces of chain B and chain B contains small pieces of chain A that are pulled on-demand is entirely feasible. A smart contract on a relay on chain B that wants to verify a particular transaction, event or state information on chain A would, much like a traditional light client, verify a branch of the cryptographic hash tree of chain A, then verify the block header that the root of this branch is inside, and if both checks pass it would accept that the transaction, event or state information is correct (note that because blockchains are fully selfcontained environments and have no natural access to the outside world, the relevant bits of chain A would need to be fed into chain B by a user; however, because the data is in a cryptographic sense "selfverifying", this user that feeds this information in need not be trustedV God believes that it is indeed feasible to use the light client verification technology SPV (Simple Payment Verification, Simple Payment Verificaiton), which can verify the corresponding transactions in the block header (Header) and its Merkle tree (Merkle tree).
). (From the V god report)iBlockKimFirst of all, how to verify the transaction, when it comes to this, it may be necessary to briefly mark what is SPV. There are many popular science articles on the Internet, among which
This author writes more clearly (with deletions):
According to Satoshi Nakamoto's description in the Bitcoin white paper: "The payment can be verified without running the full node. The user only needs to save all the block headers (Block Header). Although the user cannot verify the transaction by himself, if he can verify the transaction from the block If he finds a matching transaction somewhere in the chain, he can know that the network has approved the transaction, and it has multiple confirmations from the network."
The information in a blockchain is packaged in pairs, and finally summarized into a node, that is, the root node (node 0 in the figure). The block header contains the hash value of the root node, including all transactions and greatly reduces The size of the block header. Not only that, when you want to search for a certain transaction, such as 23 in the above picture, you can quickly find it through a few steps, such as 0-2-5-11.
Therefore, when SPV is looking for a transaction, it only needs to download and look for the block header instead of the entire block. The block header is only 80 bytes, 6 blocks per hour, and the size is only 4M per year.
So how to locate the block? Bitcoin provides a function called Bloom filter. Nodes will establish such a filter on the communication link to limit the acceptance of only transactions containing target addresses, thereby filtering out a large amount of irrelevant data. , to reduce unnecessary downloads on the client side. For example, SPV nodes will receive less than 1KB of data about block headers and Merkle paths, and the amount of data is only about one-thousandth of a complete block (currently about 1MB).Then how to package, using BTC as an example, the actual operation steps of the side chain protocol are ():
Learning blockchain from code farmers
Submit a locked transaction: Bitcoin holders send a special transaction on the BTC main chain to lock Bitcoin on the BTC chain.
Waiting for confirmation: Waiting for the locked transaction to be confirmed by more blocks on the BTC chain to prevent the locked transaction from being false.
Unlocked transaction: After the locked transaction is confirmed, the user creates an unlocked transaction (also called a redemption transaction) on the side chain to spend the output of the locked transaction, and provides SPV workload proof (that is, the workload of the block where the unlocked transaction is located) Proof), and import the output of the redemption transaction into its own address on the side chain.
Wait for a competition period: The competition period is also called the modifiable period, and its function is to prevent double spending. And during this period, the unlocked transaction will not be packaged into the block, and the newly transferred bitcoins on the side chain cannot be used yet.
If the unlocking transaction includes an SPV proof of the higher difficulty of the Bitcoin main chain, the previous unlocking transaction will be replaced.
After the competition period is over, the unlocking transaction will be packaged into the block, and the user can use his bitcoin (actually the corresponding token on the side chain).
Similar to BTCRelay, the disadvantage of the relay mode is that the cost is too high. V God also believes that verifying the information on the other party's chain will affect the speed. It is conceivable that if you simply use the "notary mode", you only need to wait for the confirmation on the Bitcoin chain, but if the verification information needs to be uploaded to the side chain, it means that there are many more things waiting for confirmation. Ashchain did not choose to package the blockchain, because Shan Qingfeng believes that packaging the block header on the chain "is relatively expensive and has no versatility. It solves the problem of Bitcoin but cannot solve the problem of Ethereum." Wanchain is also useless. Lv Xujun said that the Voucher consensus model is still in the verification stage: if the submission and verification of Voucher information on the project is on the chain, it will consume high chain resources and limit the throughput; economically, it needs to be more reasonable. The incentive mechanism allows Voucher members to actively participate and passively do evil.
The more well-known cross-chain projects include Cosmos and Polkadot, but neither of them has landed. In Cosmos, different spaces (Zones, independent blockchains) communicate with the "hub" (Hub, which manages many zones) through the IBC (blockchain communication) protocol, and information packages in different spaces are transmitted through the center. In order to ensure that the transmission is correct, a proof (Merkle-proof) needs to be published on the receiver's blockchain. In order to verify this proof, the receiver needs to know the block header of the sender at all times, similar to the mechanism adopted by the side chain.
The blocks of the Polkadot relay chain contain the block header of the parachain, and some confirmation information to avoid double spending. Validators operate relay chain nodes and validate blocks on parachains; there may also be a collator running full nodes of a particular parachain responsible for submitting new blocks.The temporary method used by Wanchain ishash lock
, also known as atomic swap (Atomic Swap), mainly through hash time lock (hash time lock) and secret number (Secret) to allow both parties to complete the transaction, without the need for a third-party notary. In general, this method can be understood as follows:
Suppose Xiaoming wants to transfer 10 ETH to Xiaohong, and Xiaohong wants to transfer 10 wan to Xiaoming;
Xiaoming locks 10 ETH plus a password hash value in a smart contract of Ethereum, and puts in a condition: if Xiaohong provides the password within 10 hours, Xiaohong can get 10 ETH after contract verification, otherwise rollback;
Xiaohong locked 100 wan in a smart contract of Wanchain and put the hash value of the password in it, and put the condition that if Xiaoming provided the password within 5 hours, he could get 100 wan;
Xiaoming saw that Xiaohong also locked the money in wan, so he went to wan with the password and took away 1 million;
Xiaohong also learned the password from the contract on wan, and took 10 ETH from the ETH contract with the password.
We can replace Xiaohong with Wanchain's Storeman, and the user (Xiaoming) only needs to operate in the link of initiating a transaction, releasing the password, and canceling the transaction. For Storeman participating in the cross-chain, Wanchain will provide a dedicated client, and the client will perform unattended automatic operation according to the agreement. This is a relatively mature solution, which is also used by the Lightning Network. It has a high degree of security, but it seems that there are relatively few application scenarios.
If it is simply two users exchanging assets, hash locking is actually a very safe way (but the user experience is not very friendly), and it can be completed only by hash locking. This is not the same as the above two. Hash locking can also be used in combination with the first one. Wanchain is currently doing this; Lightning Network is hash locking + multi-signature.
For the application scenarios of these three different technologies, you can see V God's summary.
Another technology involving cross-chain is called multi-signature technology, and some projects also use distributed private keys. For example, multiple signatures are used in the lightning network. Both parties need to sign the same transaction before the transaction can be confirmed. Many modes of cross-chain will involve a gateway as a "connector". The cross-chain gateway is mainly responsible for reading the account information on the respective public chains, and jointly locks and unlocks the digital assets under an account to be cross-chained. For security, this gateway is often a relay network and multi-signature account jointly maintained by multiple nodes. The signature is completed only after a certain percentage of nodes participate. Ashchain uses multi-signature technology. With the secure multi-party computing + threshold secret key technology used in Wanchain, Storeman must participate in the calculation together to generate the public and private keys that lock the account, and the private key exists only in theory and has never appeared in the network, but is scattered in fragments In the hands of each Storeman, the participating parties must work together again to jointly construct the signature during the transaction, and the fragments are not leaked to each other. In order to ensure availability, only a certain percentage of Storemans are required to participate in the calculation to construct the signature.PS. After reading the article, some children feel that the generation of anchor coins isEOS main network mapping
It’s a bit confusing. I asked MEET.ONE about this point. They said that EOS mapping is similar to taking a snapshot. After the main network goes live, you can use the private key generated by the mapping to log in and retrieve assets on the new main network. Presumably, Block.one developed a mirrored Ethereum smart contract. If users want to map, they need to use EOS tools to generate a key pair, and then call the mapping method on the contract. There is a one-to-one correspondence between the public key address of Ethereum and the public key address of EOS, and the corresponding relationship exists on Ethereum. After the EOS main network launch team downloads these snapshots, the tokens are issued according to the snapshots after the main network is launched.
I am Lu Xiaoming, editor of Odaily. I am exploring the real blockchain. Please add WeChat lohiuming for breaking news and communication. Please note your name, unit, position and reason.
Reference article:
Reference article:(Download the cross-chain technical report provided by Vitalik to R3: Chain Interoperability)
Simple Chinese translation of the report
In-depth analysis of mainstream cross-chain technologies
In-depth understanding of cross-chain technology
Blockchain Interoperability: Cosmos vs Polkadot
Blockchain Interoperability: Cosmos vs Polkadot
Cross-chain combing of side chains and a brief review of OneLedger
The BTC Relay project solves the relay scheme of blockchain cross-chain problems
Detailed explanation of the cross-chain technology Interledger Protocol (ILP) proposed by Ripple
