BTC Section 3
Block Structure and Cryptography
- Why is Bitcoin "impossible to tamper with"?
Bitcoin's strength is not just due to its decentralization.
Its essence is,Block Structureとsecret code technologyare closely integrated in the design.
In this section:
- What are blocks made of?
- Why can't I change past transactions?
- Where and how cryptography is used
We will explain this based on the design concept.
1. What is a block?
- Bitcoin's "unit of record"
The Bitcoin ledger is managed in units called "blocks."
One block contains:
- Multiple transactions
- Information about the block itself (block header)
Blocks are generated approximately every 10 minutes.
Linked to past blocks like a chainBy
A blockchain is formed.
2. What's in a Block: What's in a Block Header?
In fact, the core of a block is not the "transaction data" itself,
80-byte block header It is in
Main elements of the block header
| Item | role |
|---|---|
| version | The protocol used |
| Previous block hash | Chaining blocks together |
| Merkle Root | Summary of all transactions in the block |
| Time stamp | Creation time |
| Difficulty Target | PoW conditions |
| Nonce | Values to be mined |
The important thing here is
Always contains the hash of the previous blockThat's the point.
3. Hash Function: Core Technology for Tamper Detection
In Bitcoin SHA-256 A hash function is used.
Characteristics of hash functions
- If the input changes by even one bit, the output changes completely.
- The original data cannot be restored
- The same input always produces the same output
Due to this property,
Rewrite the transaction details
→ The hash changes
→ Block hash changes
→ It will no longer be connected to the next block.
A chain reaction occurs.
Designed to detect tampering immediatelyIt has become.
4. Merkle Tree: A mechanism for summarizing a large number of transactions into one
A block contains thousands of transactions.
Simply lining them up and hashing them is inefficient.
What is used there is Merkle Tree .
What is a Merkle Tree?
- Hash each transaction (leaf)
- Combine two at a time and rehash
- Finally, one Merkle Root Consolidated into
Why is it necessary?
- Transactions within a blockA compact summarycan
- Lightweight nodes (SPV) can verify with minimal data
- Proof of transaction existence can be done quickly
This is for "realistic operation in a distributed network"
Extremely practical design decisions.
5. Digital Signatures: Proving Who Sent the Money
In Bitcoin,
"Was it really the person who carried out this transaction?"
Electronic signatureWe prove this by:
Technology used
- Elliptic curve cryptography (secp256k1)
- Public and private key pair
Key Points
- The private key is never revealed
- A signature is proof that it was created by the person in question and with this content.
- Nodes can be verified with just their public keys
In other words, Bitcoin is
Not trust
Mathematically verifiable proofs
It is established by.
6. Why can't we rewrite the past?
Putting all the above factors together, the reason is clear.
- Each block contains the hash of the previous block
- Hashes are tamper-resistant
- The Merkle route binds the entire transaction.
- Digital signatures prove legitimate ownership
- Many nodes perform the same validation
To rewrite one place,
After that, all blocks must be recreated.
This is what Bitcoin is
This is why it is said to be "virtually impossible to tamper with."
Summary: Block structure is the crystallization of ideas
The Bitcoin block structure is
It's not just a data format.
That is,
- No central administrator
- Anyone can verify
- Replacing trust with mathematics
The idea that
The result of pushing technology to its limits.
In the next section,
Supporting this block structure Proof of Work We will delve into the depths of
Below is BTC Section 3: Block Structure and Cryptography Against
Graduate school level/mathematical supplementary explanation.
It is structured so that it can be published independently as an "addendum" or "technical appendix" to the main blog text.
Technical Addendum: Block Structure and Cryptography (More mathematical/For pasting WP)
1) Assumptions about the hash function (SHA-256)
The hash function used in Bitcoin has a variable input length and a fixed output of 256 bits.
H : {0,1}* → {0,1}^256
The typical properties (intuition + computational complexity) expected from cryptographic hashes are as follows:
- First image difficulty: Given y, it is difficult to find x such that H(x)=y (roughly O(2^256))
- Second protoimage difficulty: It is difficult to find another x' that satisfies H(x)=H(x').
- Collision difficulty: It is difficult to find distinct (x, x') such that H(x)=H(x') (roughly O(2^128) in the birthday bound)
"Double SHA-256" is often used in Bitcoin.
H2(x) = SHA256(SHA256(x))
2) Block hash definition (80 bytes of block header)
The block hash is the double SHA-256 value of the block header.
BlockHash = H2(BlockHeader)
Conceptually, a block header can be represented as the following tuple:
BlockHeader = (version, prev_block_hash, merkle_root, timestamp, target, nonce)
Importantly,prev_block_hash (previous block summary)This creates a "chain".
—3) Merkle Tree
Summarizes the set of transactions in a block Tx1..TxN into a single value (merkle_root) in a tree structure.
First, create a summary (leaf) of each transaction.
Hi = H2(Txi) (※実装上は txid などの形で扱われる)
The internal node then "concatenates the two and hashes them" (|| means concatenate).
H(i,j) = H2( Hi || Hj )
The top one is merkle_root.
Data volume of Merkle proofIf N is the number of leaves, roughly log2(N) hashes will suffice.
必要ハッシュ数 ≈ O(log2 N)
Simply lining up all transactions and hashing them would require O(N) data to prove the existence of a particular Tx, which is disadvantageous for SPV (lightweight) nodes.
—4) Elliptic curve cryptography (secp256k1) and keys
Bitcoin signatures (traditional) are primarily ECDSA-based, using the secp256k1 curve (an elliptic curve over a finite field).
y^2 = x^3 + 7 (mod p)
The private key k is an integer in the range 1..n-1, and the public key K is a scalar multiplication of the generation point G.
秘密鍵: k ∈ [1, n-1]
公開鍵: K = k * G
Here, "*" is a scalar multiplication on an elliptic curve (an operation that involves repeated addition of points).
—5) ECDSA signature generation (r, s)
Let z be the digest of the message to be signed (actually the signature hash created from the transaction).
Choose a random temporary key k' (this is very important: reusing it will leak your private key).
k' ∈ [1, n-1]
R = k' * G = (xR, yR)
r = xR mod n
s = (k')^{-1} * (z + r*k) mod n
署名 = (r, s)
Key point: Even if r and s are made public, the design makes it impossible to recover the private key k due to the difficulty of the discrete logarithm problem.
—6) ECDSA verification (verifying the accuracy using only the public key)
The verifier uses (r, s), the public key K, and z to calculate:
w = s^{-1} mod n
u1 = z * w mod n
u2 = r * w mod n
Q = u1 * G + u2 * K
If the x coordinate of Q matches r, the verification is successful.
検証条件: (xQ mod n) = r
7) Tamper Resistance (Hash Chain Formula)
If even one transaction in block i changes, it will propagate from leaf to Merkle root to block hash.
Tx の改変 → H(Tx) が変化 → merkle_root が変化 → BlockHash_i が変化
The next block will have the previous block's hash embedded in prev_block_hash, breaking its integrity.
prev_block_hash_(i+1) = BlockHash_i (が成立しなくなる)
Therefore, "tampering with the past" means recalculating and recreating future blocks to make them consistent, and because of PoW, the practical cost is extremely high.
—8) Summary in one sentence
- Hash: A "combination" that immediately reveals any tampering
- Merkle: A summary that makes large amounts of Tx provable in "log order"
- Signature: Proving ownership without revealing the private key
- Chaining: Enforcing "historical consistency" by including previous block summaries