Ethereum:A Next-Generation Smart Contract and Decentralized Application Platform

以太坊：下一代智能合約和去中心化應(yīng)用平臺

（一）、對比特幣及現(xiàn)有概念的介紹（Introduction to Bitcoin and Existing Concepts）

Satoshi Nakamoto’s development of Bitcoin in 2009 has often been hailed as a radical development in money and currency, being the first example of a digital asset which simultaneously has no backing or “intrinsic value” and no centralized issuer or controller. However, another - arguably more important - part of the Bitcoin experiment is the underlying blockchain technology as a tool of distributed consensus, and attention is rapidly starting to shift to this other aspect of Bitcoin. Commonly cited alternative applications of blockchain technology include using on-blockchain digital assets to represent custom currencies and financial instruments (“colored coins”), the ownership of an underlying physical device (“smart property”), non-fungible assets such as domain names (“Namecoin”), as well as more complex applications involving having digital assets being directly controlled by a piece of code implementing arbitrary rules (“smart contracts”) or even blockchain-based “decentralized autonomous organizations” (DAOs). What Ethereum intends to provide is a blockchain with a built-in fully fledged Turing-complete programming language that can be used to create “contracts” that can be used to encode arbitrary state transition functions, allowing users to create any of the systems described above, as well as many others that we have not yet imagined, simply by writing up the logic in a few lines of code.

2009年中本聰開發(fā)出比特幣，經(jīng)常被人們譽(yù)為貨幣的激進(jìn)式發(fā)展，因為比特幣是第一個同時沒有支持和“內(nèi)在價值”，也沒有集中發(fā)行人或控制者的數(shù)字資產(chǎn)。然而，比特幣實驗的另一部分 —— 可以說是更加重要的部分——是作為分布式共識工具的底層區(qū)塊鏈技術(shù)，關(guān)注正在迅速轉(zhuǎn)移到比特幣的其他方面。通常被引用的區(qū)塊鏈技術(shù)的替代應(yīng)用包括：使用區(qū)塊鏈數(shù)字資產(chǎn)來表示自定義貨幣和金融工具（“彩色硬幣”），基礎(chǔ)物理設(shè)備（“智能財產(chǎn)”）的所有權(quán)，不可替代資產(chǎn)（如域名幣“Namecoin”）以及更復(fù)雜的應(yīng)用程序，其中涉及通過實施任意規(guī)則的一段代碼（“智能合約”）甚至基于區(qū)塊鏈的“分布式自治組織”（DAO）直接控制數(shù)字資產(chǎn)。以太坊計劃提供的區(qū)塊鏈?zhǔn)且环N內(nèi)置的完全成熟的圖靈完備的編程語言，可用于創(chuàng)建編碼任意狀態(tài)轉(zhuǎn)換功能的“合同”，允許用戶創(chuàng)建上述任何系統(tǒng)，還有其他許多我們還沒有想象到的，僅僅通過在幾行代碼中編寫邏輯就可以實現(xiàn)。

1、歷史（History）

The concept of decentralized digital currency, as well as alternative applications like property registries, has been around for decades. The anonymous e-cash protocols of the 1980s and the 1990s, mostly reliant on a cryptographic primitive known as Chaumian blinding, provided a currency with a high degree of privacy, but the protocols largely failed to gain traction because of their reliance on a centralized intermediary. In 1998, Wei Dai’s b-money became the first proposal to introduce the idea of creating money through solving computational puzzles as well as decentralized consensus, but the proposal was scant on details as to how decentralized consensus could actually be implemented. In 2005, Hal Finney introduced a concept of “reusable proofs of work”, a system which uses ideas from b-money together with Adam Back’s computationally difficult Hashcash puzzles to create a concept for a cryptocurrency, but once again fell short of the ideal by relying on trusted computing as a backend. In 2009, a decentralized currency was for the first time implemented in practice by Satoshi Nakamoto, combining established primitives for managing ownership through public key cryptography with a consensus algorithm for keeping track of who owns coins, known as “proof of work”.

分布式數(shù)字貨幣的概念以及財產(chǎn)登記等替代應(yīng)用已經(jīng)存在數(shù)十年了。二十世紀(jì)八十年代和九十年代的匿名電子現(xiàn)金協(xié)議，主要依賴于一種被稱為Chaumian blinding的密碼原語，它提供了一種高度隱私的貨幣，但由于其過于依賴一種集中式中介而未能被廣泛接受。 1998年， Wei Dai 的B-money成為第一個提出通過解決數(shù)學(xué)難題和分布式共識來創(chuàng)造貨幣的提案，但是該提案沒有提供關(guān)于如何實現(xiàn)分布式共識的細(xì)節(jié)。 2005年，Hal Finney引入了一種“可重復(fù)使用的工作量證明”的概念，該系統(tǒng)使用B-money的想法和Adam Back計算困難的哈?，F(xiàn)金難題創(chuàng)造了一個加密貨幣概念，但由于需要依賴可信的后端計算而再一次沒有實現(xiàn)。 2009年，中本聰首次實施了分布式貨幣，通過公鑰密碼體制來管理所有權(quán)與共識算法追蹤誰擁有貨幣相結(jié)合，這一算法稱為“工作l量證明”。

The mechanism behind proof of work was a breakthrough in the space because it simultaneously solved two problems. First, it provided a simple and moderately effective consensus algorithm, allowing nodes in the network to collectively agree on a set of canonical updates to the state of the Bitcoin ledger. Second, it provided a mechanism for allowing free entry into the consensus process, solving the political problem of deciding who gets to influence the consensus, while simultaneously preventing sybil attacks. It does this by substituting a formal barrier to participation, such as the requirement to be registered as a unique entity on a particular list, with an economic barrier - the weight of a single node in the consensus voting process is directly proportional to the computing power that the node brings. Since then, an alternative approach has been proposed called proof of stake, calculating the weight of a node as being proportional to its currency holdings and not computational resources; the discussion of the relative merits of the two approaches is beyond the scope of this paper but it should be noted that both approaches can be used to serve as the backbone of a cryptocurrency.

工作量證明背后的機(jī)制是這一領(lǐng)域的的突破，因為它同時解決了兩個問題。首先，它提供了一個簡單而適度有效的共識算法，允許網(wǎng)絡(luò)中的節(jié)點(diǎn)共同商定對比特幣賬本狀態(tài)的一組規(guī)范更新。其次，它提供了允許自由進(jìn)入共識流程的機(jī)制，解決了由誰來影響共識的政治問題，同時防止sybil攻擊。它通過用經(jīng)濟(jì)壁壘來取代正式的參與壁壘，正式的參與壁壘如要求在特定列表上登記為獨(dú)特的實體，而經(jīng)濟(jì)障礙則是 - 共識投票過程中單個節(jié)點(diǎn)的權(quán)重與該節(jié)點(diǎn)帶來的計算能力成正比。此后，有人提出了一種替代方法，稱為股權(quán)證明，它計算一個節(jié)點(diǎn)的權(quán)重的方式是與其貨幣持有量成正比，而不是計算資源;對這兩種方法相對優(yōu)點(diǎn)的討論超出了本文的范圍，但應(yīng)該指出，這兩種方法都可以用作加密貨幣的核心支撐。

2、作為狀態(tài)轉(zhuǎn)換系統(tǒng)的比特幣（Bitcoin As A State Transition System）

From a technical standpoint, the ledger of a cryptocurrency such as Bitcoin can be thought of as a state transition system, where there is a “state” consisting of the ownership status of all existing bitcoins and a “state transition function” that takes a state and a transaction and outputs a new state which is the result. In a standard banking system, for example, the state is a balance sheet, a transaction is a request to move $X from A to B, and the state transition function reduces the value in A’s account by $X and increases the value in B’s account by $X. If A’s account has less than $X in the first place, the state transition function returns an error. Hence, one can formally define:

從技術(shù)的角度來看，像比特幣這樣的加密貨幣賬本可以被認(rèn)為是一種狀態(tài)轉(zhuǎn)換系統(tǒng)，其中存在一個由所有現(xiàn)有比特幣的所有權(quán)狀態(tài)組成的“狀態(tài)”和一個狀態(tài)轉(zhuǎn)換功能，它輸入一個狀態(tài)和一個交易，輸出一個新狀態(tài)作為結(jié)果。 例如，在標(biāo)準(zhǔn)的銀行系統(tǒng)中，狀態(tài)是資產(chǎn)負(fù)債表，交易是將￥X從A移動到B的請求，狀態(tài)轉(zhuǎn)換功能將A的賬戶中的值減少￥X，并增加B帳戶的值￥X。 如果A的賬戶首先少于￥X，則狀態(tài)轉(zhuǎn)換函數(shù)返回一個錯誤。 因此，人們可以正式定義：

APPLY(S,TX) -> S' or ERROR

In the banking system defined above:

在銀行系統(tǒng)定義如上（下）:

APPLY({ Alice: $50, Bob: $50 },"send $20 from Alice to Bob") = { Alice: $30, Bob: $70 }

But:

但是：

APPLY({ Alice: $50, Bob: $50 },"send $70 from Alice to Bob") = ERROR

The “state” in Bitcoin is the collection of all coins (technically, “unspent transaction outputs” or UTXO) that have been minted and not yet spent, with each UTXO having a denomination and an owner (defined by a 20-byte address which is essentially a cryptographic public key[1]). A transaction contains one or more inputs, with each input containing a reference to an existing UTXO and a cryptographic signature produced by the private key associated with the owner’s address, and one or more outputs, with each output containing a new UTXO to be added to the state.

比特幣中的“狀態(tài)”是已經(jīng)產(chǎn)生和尚未用完的所有貨幣（技術(shù)上說是“未使用的交易輸出”或UTXO）的集合，每個UTXO有一個面額和一個擁有者（由20字節(jié)地址定義） 本質(zhì)上是一個密碼公鑰（譯者注：實際與密碼公鑰還是有很大差別的，嚴(yán)格說，也該是公鑰的兩次hash））。 交易包含一個或多個輸入，每個輸入包含對現(xiàn)有UTXO的引用和由與所有者地址關(guān)聯(lián)的私鑰生成的加密簽名，以及一個或多個輸出，每個輸出包含要添加新UTXO到狀態(tài)中去。

The state transition function APPLY(S,TX) -> S’ can be defined roughly as follows:
For each input in TX:
If the referenced UTXO is not in S, return an error.
If the provided signature does not match the of the UTXO, return an error.
If the sum of the denominations of all input UTXO is less than the sum of the denominations of all output UTXO, return an error.
Return S’ with all input UTXO removed and all output UTXO added.

狀態(tài)轉(zhuǎn)換函數(shù) APPLY(S,TX) -> S’ 可以粗略的定義如下：
對每個TX的輸入
如果引用的UTXO不在S里面，返回錯誤
如果提供的簽名不能被UTXO驗證相符，返回錯誤
如果所有輸入的UTXO的面額小于輸出的UTXO的面額，返回錯誤
返回S’，同時移除所有的輸入UTXO，增加輸出的UTXO。

The first half of the first step prevents transaction senders from spending coins that do not exist, the second half of the first step prevents transaction senders from spending other people’s coins, and the second step enforces conservation of value. In order to use this for payment, the protocol is as follows. Suppose Alice wants to send 11.7 BTC to Bob. First, Alice will look for a set of available UTXO that she owns that totals up to at least 11.7 BTC. Realistically, Alice will not be able to get exactly 11.7 BTC; say that the smallest she can get is 6+4+2=12. She then creates a transaction with those three inputs and two outputs. The first output will be 11.7 BTC with Bob’s address as its owner, and the second output will be the remaining 0.3 BTC “change”, with the owner being Alice herself.

第一步的前半部分阻止交易發(fā)送人花費(fèi)不存在的比特幣，第一步的第二部分阻止交易送人花費(fèi)其他人的比特幣，同時第二步執(zhí)行價值守恒。 為了使用這個付款，協(xié)議如下。 假設(shè)Alice想要將11.7 BTC發(fā)送給Bob。 首先，Alice將尋找一套她擁有的可用UTXO，總計至少為11.7 BTC。 實際上，Alice將無法準(zhǔn)確獲得11.7 BTC; 就說她能得到的接近的組合是6 + 4 + 2 = 12。 然后，她用這三個輸入和兩個輸出創(chuàng)建一個交易。 第一個輸出11.7 BTC到Bob所有的的地址，第二個輸出將是余下的0.3 BTC“找零”，其擁有者是Alice本人。

3、挖礦（Mining）

If we had access to a trustworthy centralized service, this system would be trivial to implement; it could simply be coded exactly as described, using a centralized server’s hard drive to keep track of the state. However, with Bitcoin we are trying to build a decentralized currency system, so we will need to combine the state transaction system with a consensus system in order to ensure that everyone agrees on the order of transactions. Bitcoin’s decentralized consensus process requires nodes in the network to continuously attempt to produce packages of transactions called “blocks”. The network is intended to produce roughly one block every ten minutes, with each block containing a timestamp, a nonce, a reference to (ie. hash of) the previous block and a list of all of the transactions that have taken place since the previous block. Over time, this creates a persistent, ever-growing, “blockchain” that constantly updates to represent the latest state of the Bitcoin ledger.

如果我們能夠獲得值得信賴的集中式服務(wù)，這個系統(tǒng)將很容易實施; 它可以完全按照描述進(jìn)行編碼，使用中央服務(wù)器的硬盤來跟蹤狀態(tài)。 但是，對于比特幣，我們正在試圖建立一個分布式的貨幣體系，所以我們需要將狀態(tài)交易體系與共識體系結(jié)合起來，以確保每個人都對交易順序達(dá)成一致。 比特幣的分布式共識流程要求網(wǎng)絡(luò)中的節(jié)點(diǎn)不斷嘗試生成稱為“塊”的交易包。 網(wǎng)絡(luò)每10分鐘產(chǎn)生一個塊，每個塊包含一個時間戳，一個隨機(jī)數(shù)，一個前一個塊的引用（即散列）和一個自上一次塊產(chǎn)生以來發(fā)生的所有交易的列表。 隨著時間的推移，這會創(chuàng)建一個持續(xù)、不斷增長的“區(qū)塊鏈”，它的不斷更新是為了代表最新的比特幣賬本的狀態(tài)。

The algorithm for checking if a block is valid, expressed in this paradigm, is as follows:
Check if the previous block referenced by the block exists and is valid.
Check that the timestamp of the block is greater than that of the previous block[2] and less than 2 hours into the future
Check that the proof of work on the block is valid.
Let S[0] be the state at the end of the previous block.
Suppose TX is the block’s transaction list with n transactions. For all i in 0…n-1, set S[i+1] = APPLY(S[i],TX[i]) If any application returns an error, exit and return false.
Return true, and register S[n] as the state at the end of block.

用來表達(dá)這種模式的，檢查一個區(qū)塊是否合法的算法，如下所示：
檢查被當(dāng)期區(qū)塊引用的前一個區(qū)塊是否存在和合法。
檢查當(dāng)前區(qū)塊的時間戳大于前一個區(qū)塊，同時小于未來2小時（譯注：應(yīng)該就是按照當(dāng)前區(qū)塊加入的時間計算是否小于2小時）
檢查當(dāng)前區(qū)塊上的工作量證明是否正確
讓S[0]作為前一個區(qū)塊的末尾的狀態(tài)。
假設(shè) TX 是區(qū)塊中 n 個交易的交易列表，因為所有的 i 都在 0…n-1 中, 讓 S[i+1] = APPLY(S[i],TX[i]) ，如果程序返回錯誤，則退出并返回失敗。
如果返回正確，納悶注冊 S[n] 作為當(dāng)前區(qū)塊末尾的狀態(tài)。

Essentially, each transaction in the block must provide a valid state transition from what was the canonical state before the transaction was executed to some new state. Note that the state is not encoded in the block in any way; it is purely an abstraction to be remembered by the validating node and can only be (securely) computed for any block by starting from the genesis state and sequentially applying every transaction in every block. Additionally, note that the order in which the miner includes transactions into the block matters; if there are two transactions A and B in a block such that B spends a UTXO created by A, then the block will be valid if A comes before B but not otherwise.

本質(zhì)上，塊中的每個交易必須提供從事務(wù)執(zhí)行前的規(guī)范狀態(tài)到新狀態(tài)的有效狀態(tài)轉(zhuǎn)換。 請注意，狀態(tài)不以任何方式編碼在塊中; 狀態(tài)僅僅是一個被驗證節(jié)點(diǎn)記住的抽象概念，任何區(qū)塊的狀態(tài)，都可以從創(chuàng)始狀態(tài)開始，按次序加入每個塊中的每一筆交易后，被（安全地）計算出來。 此外，請注意礦工處理將交易包含進(jìn)區(qū)塊的順序; 如果塊中有兩個交易A和B，B花費(fèi)由A創(chuàng)建的UTXO，如果A在B之前，則該塊將是有效的，否則不是。

The one validity condition present in the above list that is not found in other systems is the requirement for “proof of work”. The precise condition is that the double-SHA256 hash of every block, treated as a 256-bit number, must be less than a dynamically adjusted target, which as of the time of this writing is approximately 2187. The purpose of this is to make block creation computationally “hard”, thereby preventing sybil attackers from remaking the entire blockchain in their favor. Because SHA256 is designed to be a completely unpredictable pseudorandom function, the only way to create a valid block is simply trial and error, repeatedly incrementing the nonce and seeing if the new hash matches.

在上述列表中出現(xiàn)的，在其他系統(tǒng)沒有發(fā)現(xiàn)的有效性條件，是對“工作證明”的要求。 確切的條件是，每個區(qū)塊的雙-SHA256散列值（被視為256位數(shù)）必須小于一個動態(tài)調(diào)整的目標(biāo)，截至本文寫作時約為2^187。這樣做的目的是為了讓創(chuàng)建區(qū)塊變得“困難”，從而防止sybil攻擊者為了私利而重建整個區(qū)塊鏈。 因為SHA256被設(shè)計為一個完全不可預(yù)知的偽隨機(jī)函數(shù)，所以創(chuàng)建一個有效區(qū)塊的唯一方法是簡單的反復(fù)嘗試，不斷增加隨機(jī)數(shù)的值并查看新的哈希值是否匹配。

At the current target of ~2¹⁸⁷, the network must make an average of ~2⁶⁹ tries before a valid block is found; in general, the target is recalibrated by the network every 2016 blocks so that on average a new block is produced by some node in the network every ten minutes. In order to compensate miners for this computational work, the miner of every block is entitled to include a transaction giving themselves 12.5 BTC out of nowhere. Additionally, if any transaction has a higher total denomination in its inputs than in its outputs, the difference also goes to the miner as a “transaction fee”. Incidentally, this is also the only mechanism by which BTC are issued; the genesis state contained no coins at all.

如果當(dāng)前的目標(biāo)值是在2¹⁸⁷之下，網(wǎng)絡(luò)發(fā)現(xiàn)有效塊之前必須平均進(jìn)行2⁶⁹次嘗試; 一般而言，網(wǎng)絡(luò)每產(chǎn)生2016個區(qū)塊后會重新校準(zhǔn)目標(biāo)值，以保證平均每10分鐘由網(wǎng)絡(luò)中的某個節(jié)點(diǎn)產(chǎn)生一個新區(qū)塊。 為了補(bǔ)償?shù)V工們的計算工作，每個發(fā)現(xiàn)區(qū)塊的礦工有權(quán)包含一筆給自己12.5比特幣（不要問哪里來的）的交易進(jìn)區(qū)塊（譯注：這就是所謂的每個區(qū)塊里面的第一個交易，coinbase交易，最開始獎勵是25個比特幣，每4年減半，以太坊白皮書推出時已經(jīng)第一次減半）。 此外，如果任何交易在其輸入總額高于其輸出，則差額也作為“交易費(fèi)”交給礦工。 順便說一句，這也是BTC發(fā)行的唯一機(jī)制; 創(chuàng)始狀態(tài)根本沒有比特幣。

In order to better understand the purpose of mining, let us examine what happens in the event of a malicious attacker. Since Bitcoin’s underlying cryptography is known to be secure, the attacker will target the one part of the Bitcoin system that is not protected by cryptography directly: the order of transactions. The attacker’s strategy is simple:
Send 100 BTC to a merchant in exchange for some product (preferably a rapid-delivery digital good).
Wait for the delivery of the product.
Produce another transaction sending the same 100 BTC to himself.
Try to convince the network that his transaction to himself was the one that came first.

為了更好地理解挖礦的的目的，讓我們來看看在發(fā)生惡意攻擊時會發(fā)生什么。 由于比特幣的基礎(chǔ)密碼學(xué)是安全的，因此攻擊者將瞄準(zhǔn)比特幣系統(tǒng)中不受密碼學(xué)直接保護(hù)的部分：交易順序。 攻擊者的策略很簡單：
發(fā)送比特幣給一個商戶，交互一些產(chǎn)品（更青睞快速發(fā)貨的數(shù)字產(chǎn)品）。
等待商品發(fā)貨。
創(chuàng)建另一個交易，將剛才的100比特幣發(fā)送給自己。
試圖讓網(wǎng)絡(luò)相信，那筆發(fā)送給自己的交易是第一個交易。

Once step (1) has taken place, after a few minutes some miner will include the transaction in a block, say block number 270000. After about one hour, five more blocks will have been added to the chain after that block, with each of those blocks indirectly pointing to the transaction and thus “confirming” it. At this point, the merchant will accept the payment as finalized and deliver the product; since we are assuming this is a digital good, delivery is instant. Now, the attacker creates another transaction sending the 100 BTC to himself. If the attacker simply releases it into the wild, the transaction will not be processed; miners will attempt to run APPLY(S,TX) and notice that TXconsumes a UTXO which is no longer in the state. So instead, the attacker creates a “fork” of the blockchain, starting by mining another version of block 270000 pointing to the same block 269999 as a parent but with the new transaction in place of the old one. Because the block data is different, this requires redoing the proof of work. Furthermore, the attacker’s new version of block 270000 has a different hash, so the original blocks 270001 to 270005 do not “point” to it; thus, the original chain and the attacker’s new chain are completely separate. The rule is that in a fork the longest blockchain is taken to be the truth, and so legitimate miners will work on the 270005 chain while the attacker alone is working on the 270000 chain. In order for the attacker to make his blockchain the longest, he would need to have more computational power than the rest of the network combined in order to catch up (hence, “51% attack”).

一旦步驟（1）發(fā)生，幾分鐘后某些礦工將把交易包括在一個區(qū)塊中，例如區(qū)塊編號270000。大約一個小時后，在該區(qū)塊之后將再添加五個區(qū)塊，每個區(qū)塊都間接地指向那筆交易并如此進(jìn)行“確認(rèn)”。此時，商家將接受付款并最終交付產(chǎn)品;因為我們假設(shè)這是一個數(shù)字商品，交貨是即時的。現(xiàn)在，攻擊者創(chuàng)建了另一個發(fā)送100比特幣的交易。如果攻擊者只是簡單地將交易釋放到外面，這個交易將不會被處理;礦工將嘗試運(yùn)行APPLY（S，TX），并注意到TX會消耗一個不在狀態(tài)的UTXO。因此，攻擊者創(chuàng)建區(qū)塊鏈的“分支”，首先挖掘另一個版本的區(qū)塊270000，指向與父區(qū)塊相同的區(qū)塊269999，但其中新的交易取代舊的交易。由于區(qū)塊數(shù)據(jù)不同，這需要重做工作證明。此外，攻擊者的新版區(qū)塊270000具有不同的散列，因此原始塊270001至270005不會“指向”它;因此，原始鏈和攻擊者的新鏈完全分開。規(guī)則是，在一個分支中，最長的區(qū)塊鏈被認(rèn)為是事實，所以合法的礦工將在270005鏈上工作，而攻擊者只能在270000鏈上工作。攻擊者為了使自己的區(qū)塊鏈最長，他需要比網(wǎng)絡(luò)其余部分具有更多的計算能力才能趕上（因此，也叫“51％攻擊”）。

4、默克爾樹（Merkle Trees）

Left: it suffices to present only a small number of nodes in a Merkle tree to give a proof of the validity of a branch.

左邊：在默克爾樹中，僅用少量節(jié)點(diǎn)就足以證明一個分支的有效性

Right: any attempt to change any part of the Merkle tree will eventually lead to an inconsistency somewhere up the chain.

右邊：任何試圖對默克爾樹任何部分的改變，都將導(dǎo)致鏈上某處的不一致。

An important scalability feature of Bitcoin is that the block is stored in a multi-level data structure. The “hash” of a block is actually only the hash of the block header, a roughly 200-byte piece of data that contains the timestamp, nonce, previous block hash and the root hash of a data structure called the Merkle tree storing all transactions in the block. A Merkle tree is a type of binary tree, composed of a set of nodes with a large number of leaf nodes at the bottom of the tree containing the underlying data, a set of intermediate nodes where each node is the hash of its two children, and finally a single root node, also formed from the hash of its two children, representing the “top” of the tree. The purpose of the Merkle tree is to allow the data in a block to be delivered piecemeal: a node can download only the header of a block from one source, the small part of the tree relevant to them from another source, and still be assured that all of the data is correct. The reason why this works is that hashes propagate upward: if a malicious user attempts to swap in a fake transaction into the bottom of a Merkle tree, this change will cause a change in the node above, and then a change in the node above that, finally changing the root of the tree and therefore the hash of the block, causing the protocol to register it as a completely different block (almost certainly with an invalid proof of work).

比特幣的一個重要的可擴(kuò)展性特征是，區(qū)塊存儲在多層級數(shù)據(jù)結(jié)構(gòu)中。區(qū)塊的“散列”實際上只是塊頭的散列，一個大致200字節(jié)的數(shù)據(jù)塊，包含時間戳，隨機(jī)數(shù)，先前區(qū)塊散列和稱為Merkle樹的數(shù)據(jù)結(jié)構(gòu)的根散列，這個Merkle樹中存儲了所有交易。 Merkle樹是一種二叉樹，由一組節(jié)點(diǎn)組成，其中包含底層數(shù)據(jù)的樹的底部有大量的葉節(jié)點(diǎn)，一組中間節(jié)點(diǎn)，其中每個節(jié)點(diǎn)是其兩個子節(jié)點(diǎn)的散列，最后是一個單一的根節(jié)點(diǎn)，也是由它的兩個子節(jié)點(diǎn)的散列形成的，代表樹的“頂部”。 Merkle樹的目的是允許塊中的數(shù)據(jù)零散傳遞：一個節(jié)點(diǎn)可以只從一個源下載塊的頭部，從另一個源下載與此相關(guān)的樹的小部分，并且依然可以確信所有數(shù)據(jù)都是正確的。之所以這樣做，是因為哈希會向上傳播：如果惡意用戶試圖將虛假交易替換到Merkle樹的底部，則此更改將導(dǎo)致其上的節(jié)點(diǎn)發(fā)生更改，然后改變的是這個節(jié)點(diǎn)上面的節(jié)點(diǎn)，最后改變樹的根，因此改變區(qū)塊的散列值，導(dǎo)致協(xié)議將它標(biāo)示為完全不同的塊（幾乎肯定帶有無效的工作量證明）。

The Merkle tree protocol is arguably essential to long-term sustainability. A “full node” in the Bitcoin network, one that stores and processes the entirety of every block, takes up about 15 GB of disk space in the Bitcoin network as of April 2014, and is growing by over a gigabyte per month. Currently, this is viable for some desktop computers and not phones, and later on in the future only businesses and hobbyists will be able to participate. A protocol known as “simplified payment verification” (SPV) allows for another class of nodes to exist, called “l(fā)ight nodes”, which download the block headers, verify the proof of work on the block headers, and then download only the “branches” associated with transactions that are relevant to them. This allows light nodes to determine with a strong guarantee of security what the status of any Bitcoin transaction, and their current balance, is while downloading only a very small portion of the entire blockchain.

Merkle樹協(xié)議，對于長期可持續(xù)性來說可能是必不可少的。 比特幣網(wǎng)絡(luò)中的一個“完整節(jié)點(diǎn)”，一個用于存儲和處理所有區(qū)塊整體的網(wǎng)絡(luò)，截至2014年4月，占用大約15 GB的磁盤空間，并且每月增長超過千兆字節(jié)。 目前，這對于一些臺式計算機(jī)是可行的，但是手機(jī)不行，并且以后只有企業(yè)和愛好者才能參與。 被稱為“簡化支付驗證”（SPV）的協(xié)議允許存在另一類節(jié)點(diǎn)，稱為“輕節(jié)點(diǎn)”，其下載區(qū)塊頭部，驗證區(qū)塊頭部的工作量證明，然后僅下載與他們的交易相關(guān)聯(lián)的“分支”。 這使得輕型節(jié)點(diǎn)只需下載整個區(qū)塊鏈很小的部分，就可以安全的確定任一比特幣交易狀態(tài)和他們的賬戶余額安全。

5、其他區(qū)塊鏈應(yīng)用（Alternative Blockchain Applications）

The idea of taking the underlying blockchain idea and applying it to other concepts also has a long history. In 2005, Nick Szabo came out with the concept of “secure property titles with owner authority”, a document describing how “new advances in replicated database technology” will allow for a blockchain-based system for storing a registry of who owns what land, creating an elaborate framework including concepts such as homesteading, adverse possession and Georgian land tax. However, there was unfortunately no effective replicated database system available at the time, and so the protocol was never implemented in practice. After 2009, however, once Bitcoin’s decentralized consensus was developed a number of alternative applications rapidly began to emerge.

將底層區(qū)塊鏈想法應(yīng)用于其他領(lǐng)域的想法早就出現(xiàn)了。 2005年，Nick Szabo提出了“標(biāo)示所有權(quán)的安全產(chǎn)權(quán)”概念，一個文件描述了“復(fù)制數(shù)據(jù)庫技術(shù)的新進(jìn)展”將會如何允許基于區(qū)塊鏈的系統(tǒng)，用來存儲誰擁有哪塊土地的注冊， 并創(chuàng)建一個精心設(shè)計的框架，包括諸如家園式，逆權(quán)管理和格魯吉亞地稅等概念。 但是，不幸的是，當(dāng)時沒有有效的復(fù)制數(shù)據(jù)庫系統(tǒng)，因此該協(xié)議在實踐中從未得到實施。 然而，2009年之后，當(dāng)比特幣的分布式共識被開發(fā)出來后，很多其他的應(yīng)用迅速涌現(xiàn)。

Namecoin - created in 2010, Namecoin is best described as a decentralized name registration database. In decentralized protocols like Tor, Bitcoin and BitMessage, there needs to be some way of identifying accounts so that other people can interact with them, but in all existing solutions the only kind of identifier available is a pseudorandom hash like 1LW79wp5ZBqaHW1jL5TCiBCrhQYtHagUWy. Ideally, one would like to be able to have an account with a name like “george”. However, the problem is that if one person can create an account named “george” then someone else can use the same process to register “george” for themselves as well and impersonate them. The only solution is a first-to-file paradigm, where the first registerer succeeds and the second fails - a problem perfectly suited for the Bitcoin consensus protocol. Namecoin is the oldest, and most successful, implementation of a name registration system using such an idea.

Namecoin - 2010年創(chuàng)建，Namecoin最好描述為分布式名稱注冊數(shù)據(jù)庫。 在像Tor，Bitcoin和BitMessage這樣的分布式協(xié)議中，需要有一些識別帳戶的方法，以便其他人可以與它們交互，但是在所有現(xiàn)有的解決方案中，唯一可用的標(biāo)識符是偽隨機(jī)哈希，如1LW79wp5ZBqaHW1jL5TCiBCrhQYtHagUWy。 理想情況下，人們希望能夠擁有像“喬治”這樣的名字。 但問題是，如果一個人可以創(chuàng)建一個名為“喬治”的賬戶，那么其他人可以使用相同的過程為自己注冊“喬治”，并假冒它們。 唯一的解決方案是采用first-to-file模式，第一個注冊成功，第二個失敗 - 這是一個完全適合比特幣共識協(xié)議的問題。 使用這種想法實現(xiàn)名稱注冊系統(tǒng)，Namecoin是最早、也是最成功的一個。

Colored coins - the purpose of colored coins is to serve as a protocol to allow people to create their own digital currencies - or, in the important trivial case of a currency with one unit, digital tokens, on the Bitcoin blockchain. In the colored coins protocol, one “issues” a new currency by publicly assigning a color to a specific Bitcoin UTXO, and the protocol recursively defines the color of other UTXO to be the same as the color of the inputs that the transaction creating them spent (some special rules apply in the case of mixed-color inputs). This allows users to maintain wallets containing only UTXO of a specific color and send them around much like regular bitcoins, backtracking through the blockchain to determine the color of any UTXO that they receive.

彩色幣（Colored coins） - Colored coins的目的是作為一種協(xié)議，允許人們在比特幣區(qū)塊鏈上創(chuàng)建自己的數(shù)字貨幣 - 或者，一個重要瑣碎情況下的貨幣單位，數(shù)字代幣等。 在彩色幣協(xié)議中，通過公開地為特定的比特幣UTXO分配一種顏色來“發(fā)布”新幣種，并且該協(xié)議遞歸地將其他UTXO的顏色定義為，與創(chuàng)建該交易花費(fèi)的輸入（UTXO）的顏色相同 （一些特殊的規(guī)則適用于混合顏色輸入的情況）。 這允許用戶維護(hù)僅包含特定顏色的UTXO的錢包，并像常規(guī)比特幣一樣使用它們，通過區(qū)塊鏈回溯可以確定它們接收的任何UTXO的顏色。

Metacoins - the idea behind a metacoin is to have a protocol that lives on top of Bitcoin, using Bitcoin transactions to store metacoin transactions but having a different state transition function, APPLY’. Because the metacoin protocol cannot prevent invalid metacoin transactions from appearing in the Bitcoin blockchain, a rule is added that if APPLY’(S,TX)returns an error, the protocol defaults to APPLY’(S,TX) = S. This provides an easy mechanism for creating an arbitrary cryptocurrency protocol, potentially with advanced features that cannot be implemented inside of Bitcoin itself, but with a very low development cost since the complexities of mining and networking are already handled by the Bitcoin protocol. Metacoins have been used to implement some classes of financial contracts, name registration and decentralized exchange.

元幣（Metacoins） - metacoin背后的想法是擁有一個生活在比特幣之上的協(xié)議，使用比特幣交易來存儲metacoin交易，但具有不同的狀態(tài)轉(zhuǎn)換函數(shù) APPLY’。 由于元幣協(xié)議不能防止無效的元幣交易出現(xiàn)在比特幣區(qū)塊鏈中，所以添加一條規(guī)則，即如果APPLY’（S，TX）返回錯誤，則協(xié)議默認(rèn)為APPLY’（S，TX）= S。 由于挖礦和網(wǎng)絡(luò)的復(fù)雜性已經(jīng)由比特幣協(xié)議處理，所以創(chuàng)建任意加密貨幣協(xié)議的機(jī)制非常簡單，可能無法在比特幣內(nèi)部實現(xiàn)高級功能，但其開發(fā)成本非常低。 Metacoins已被用于實施一些類別的金融合同，名稱注冊和分布式交換。

Thus, in general, there are two approaches toward building a consensus protocol: building an independent network, and building a protocol on top of Bitcoin. The former approach, while reasonably successful in the case of applications like Namecoin, is difficult to implement; each individual implementation needs to bootstrap an independent blockchain, as well as building and testing all of the necessary state transition and networking code. Additionally, we predict that the set of applications for decentralized consensus technology will follow a power law distribution where the vast majority of applications would be too small to warrant their own blockchain, and we note that there exist large classes of decentralized applications, particularly decentralized autonomous organizations, that need to interact with each other.

因此，總的來說，有兩種方法可以建立一個共識協(xié)議：建立一個獨(dú)立的網(wǎng)絡(luò)，或者在比特幣之上構(gòu)建一個協(xié)議。 前一種方法雖然在像Namecoin這樣的應(yīng)用程序中相當(dāng)成功，但很難實現(xiàn)，因為每個單獨(dú)的應(yīng)用都需要創(chuàng)建一個獨(dú)立的區(qū)塊鏈，以及構(gòu)建和測試所有必要的狀態(tài)轉(zhuǎn)換和網(wǎng)絡(luò)代碼。 此外，我們預(yù)測分布式共識技術(shù)的應(yīng)用程序集將遵循冪律分布，絕大多數(shù)應(yīng)用太小而不能保證自己區(qū)塊鏈的安全，并且我們注意到存在大量的分布式應(yīng)用程序，特別是分布式自治組織，需要相互交流。

The Bitcoin-based approach, on the other hand, has the flaw that it does not inherit the simplified payment verification features of Bitcoin. SPV works for Bitcoin because it can use blockchain depth as a proxy for validity; at some point, once the ancestors of a transaction go far enough back, it is safe to say that they were legitimately part of the state. Blockchain-based meta-protocols, on the other hand, cannot force the blockchain not to include transactions that are not valid within the context of their own protocols. Hence, a fully secure SPV meta-protocol implementation would need to backward scan all the way to the beginning of the Bitcoin blockchain to determine whether or not certain transactions are valid. Currently, all “l(fā)ight” implementations of Bitcoin-based meta-protocols rely on a trusted server to provide the data, arguably a highly suboptimal result especially when one of the primary purposes of a cryptocurrency is to eliminate the need for trust.

另一方面，基于比特幣的方法存在缺陷，因為它繼承不了比特幣的簡化支付驗證（SPV）功能。 SPV適用于比特幣，因為它可以使用區(qū)塊鏈深度作為有效性的代理; 在某種程度上，一旦交易的祖先足夠回歸，可以肯定地說它們是狀態(tài)的合法組成部分。 另一方面，基于區(qū)塊鏈的元協(xié)議，不能強(qiáng)制比特幣區(qū)塊鏈不要包含元協(xié)議環(huán)境中無效的交易。 因此，完全安全的SPV元協(xié)議實現(xiàn)需要一直向后掃描到比特幣區(qū)塊鏈的開頭，以確定某些交易是否有效。 目前，基于比特幣的元協(xié)議的所有“輕量級”實現(xiàn)依賴于可信服務(wù)器來提供數(shù)據(jù)，可以說這是一個非常不妙的結(jié)果，尤其是因為加密貨幣的主要目的之一，就是要消除對信任的需求。

6、腳本（Scripting）

Even without any extensions, the Bitcoin protocol actually does facilitate a weak version of a concept of “smart contracts”. UTXO in Bitcoin can be owned not just by a public key, but also by a more complicated script expressed in a simple stack-based programming language. In this paradigm, a transaction spending that UTXO must provide data that satisfies the script. Indeed, even the basic public key ownership mechanism is implemented via a script: the script takes an elliptic curve signature as input, verifies it against the transaction and the address that owns the UTXO, and returns 1 if the verification is successful and 0 otherwise. Other, more complicated, scripts exist for various additional use cases. For example, one can construct a script that requires signatures from two out of a given three private keys to validate (“multisig”), a setup useful for corporate accounts, secure savings accounts and some merchant escrow situations. Scripts can also be used to pay bounties for solutions to computational problems, and one can even construct a script that says something like “this Bitcoin UTXO is yours if you can provide an SPV proof that you sent a Dogecoin transaction of this denomination to me”, essentially allowing decentralized cross-cryptocurrency exchange.

即使沒有任何擴(kuò)展，比特幣協(xié)議實際上也實現(xiàn)了“智能合約”概念的弱化版本。比特幣中的UTXO不僅可以被公鑰擁有，還可以被更復(fù)雜的腳本來擁有，這一腳本以簡單的基于堆棧的編程語言來表達(dá)。在這個模式中，花費(fèi)UTXO的交易必須提供滿足腳本的數(shù)據(jù)。事實上，即使是基本的公鑰所有權(quán)機(jī)制也是通過腳本實現(xiàn)的：腳本以橢圓曲線簽名為輸入，根據(jù)交易和擁有UTXO的地址驗證它，如果驗證成功則返回1，否則返回0。其他更復(fù)雜的腳本存在于各種其他用例中。例如，可以構(gòu)建一個腳本，該腳本需要來自給定三個私鑰中的兩個的簽名才能驗證（多重簽名“multisig”），這一設(shè)置對于公司帳戶，安全儲蓄帳戶和一些商業(yè)托管情況很有用。腳本也可以用來支付解決計算問題的獎勵，甚至你可以構(gòu)建這樣的腳本：“如果您可以提供SPV證據(jù)證明您已向此發(fā)送此幣值的狗幣（Dogecoin），則此比特幣UTXO即屬于您” ，本質(zhì)上，比特幣系統(tǒng)允許分布式的跨加密貨幣間的兌換。

However, the scripting language as implemented in Bitcoin has several important limitations:

然而，比特幣實現(xiàn)的腳本語言存在幾處重要的限制：

Lack of Turing-completeness - that is to say, while there is a large subset of computation that the Bitcoin scripting language supports, it does not nearly support everything. The main category that is missing is loops. This is done to avoid infinite loops during transaction verification; theoretically it is a surmountable obstacle for script programmers, since any loop can be simulated by simply repeating the underlying code many times with an if statement, but it does lead to scripts that are very space-inefficient. For example, implementing an alternative elliptic curve signature algorithm would likely require 256 repeated multiplication rounds all individually included in the code.

缺乏圖靈完備性 - 也就是說，盡管比特幣腳本語言支持大量計算，但它并不是支持所有計算。 缺少的主要類別是循環(huán)（loops）。 這樣做是為了避免交易驗證期間的無限循環(huán); 從理論上說，這是一個腳本程序員可以克服的障礙，因為任何循環(huán)都可以簡單地用 if 語句多次重復(fù)底層代碼來模擬，但它確實會導(dǎo)致腳本在空間利用上的低效。 例如，實施替代橢圓曲線簽名算法可能需要256次重復(fù)的乘法循環(huán)，每一次循環(huán)都需單獨(dú)包含在代碼中。

Value-blindness - there is no way for a UTXO script to provide fine-grained control over the amount that can be withdrawn. For example, one powerful use case of an oracle contract would be a hedging contract, where A and B put in $1000 worth of BTC and after 30 days the script sends $1000 worth of BTC to A and the rest to B. This would require an oracle to determine the value of 1 BTC in USD, but even then it is a massive improvement in terms of trust and infrastructure requirement over the fully centralized solutions that are available now. However, because UTXO are all-or-nothing, the only way to achieve this is through the very inefficient hack of having many UTXO of varying denominations (eg. one UTXO of 2k for every k up to 30) and having O pick which UTXO to send to A and which to B.

價值盲 - UTXO腳本無法對可撤銷的金額進(jìn)行精細(xì)化控制。 例如，預(yù)言合同的一個強(qiáng)大的用例就是套期保值合同，A和B投入1000美元的BTC，30天后腳本向A發(fā)送價值1000美元的BTC，其余的則發(fā)給B。 這就需要預(yù)言確定1 BTC價值多少美元，但即使如此，它對信任和基礎(chǔ)設(shè)施要求方面的重大改進(jìn)已經(jīng)超過了現(xiàn)在可用的完全集中式解決方案。 然而，由于UTXO全是或全無，實現(xiàn)這一目標(biāo)的唯一方法，是通過非常低效地分解許多不同面額的UTXO（例如，一個每達(dá)到30 的2k的UTXO），并選擇哪個UTXO 發(fā)送給A和哪個給B。

Lack of state - UTXO can either be spent or unspent; there is no opportunity for multi-stage contracts or scripts which keep any other internal state beyond that. This makes it hard to make multi-stage options contracts, decentralized exchange offers or two-stage cryptographic commitment protocols (necessary for secure computational bounties). It also means that UTXO can only be used to build simple, one-off contracts and not more complex “stateful” contracts such as decentralized organizations, and makes meta-protocols difficult to implement. Binary state combined with value-blindness also mean that another important application, withdrawal limits, is impossible.

缺乏狀態(tài) - UTXO只有用完和沒有用兩種狀態(tài); 多階段合同或腳本沒有機(jī)會保持任何其他內(nèi)部狀態(tài)。 這使得很難制定多階段期權(quán)合約，分布式交易提議或兩階段密碼承諾協(xié)議（安全計算獎勵所必需的）。 這也意味著UTXO只能用于構(gòu)建簡單的一次性合同，而不能構(gòu)建像分布式組織那樣更復(fù)雜的“有狀態(tài)”合同，并且使元協(xié)議難以實施。 二元狀態(tài)與價值盲相結(jié)合還意味著另一個重要的應(yīng)用——取款限制——不可能實現(xiàn)。

Blockchain-blindness - UTXO are blind to blockchain data such as the nonce, the timestamp and previous block hash. This severely limits applications in gambling, and several other categories, by depriving the scripting language of a potentially valuable source of randomness.

區(qū)塊鏈盲 - UTXO對區(qū)塊鏈數(shù)據(jù)（例如隨機(jī)數(shù)，時間戳和前一個區(qū)塊哈希）視而不見。 這剝奪了腳本語言來源于隨機(jī)性的潛在價值，嚴(yán)重限制了賭博和其他幾個類別的應(yīng)用。

Thus, we see three approaches to building advanced applications on top of cryptocurrency: building a new blockchain, using scripting on top of Bitcoin, and building a meta-protocol on top of Bitcoin. Building a new blockchain allows for unlimited freedom in building a feature set, but at the cost of development time, bootstrapping effort and security. Using scripting is easy to implement and standardize, but is very limited in its capabilities, and meta-protocols, while easy, suffer from faults in scalability. With Ethereum, we intend to build an alternative framework that provides even larger gains in ease of development as well as even stronger light client properties, while at the same time allowing applications to share an economic environment and blockchain security.

綜上，我們了解到在加密貨幣之上構(gòu)建高級應(yīng)用程序的三種方法：構(gòu)建新的區(qū)塊鏈，在比特幣之上使用腳本，在比特幣之上構(gòu)建元協(xié)議。 構(gòu)建新的區(qū)塊鏈，可以在構(gòu)建功能集時實現(xiàn)無限制的自由，但成本是開發(fā)時間，培育努力和安全保障。 使用腳本很容易實現(xiàn)和標(biāo)準(zhǔn)化，但其功能非常有限，而元協(xié)議雖然很容易，但在可伸縮性方面遇到問題。 通過以太坊，我們打算構(gòu)建一個替代框架，在易于開發(fā)的同時提供更大的收益，以及更強(qiáng)大的輕客戶端屬性，同時允許應(yīng)用程序共享經(jīng)濟(jì)環(huán)境和區(qū)塊鏈安全。

（二）、以太坊（Ethereum）

The intent of Ethereum is to create an alternative protocol for building decentralized applications, providing a different set of tradeoffs that we believe will be very useful for a large class of decentralized applications, with particular emphasis on situations where rapid development time, security for small and rarely used applications, and the ability of different applications to very efficiently interact, are important. Ethereum does this by building what is essentially the ultimate abstract foundational layer: a blockchain with a built-in Turing-complete programming language, allowing anyone to write smart contracts and decentralized applications where they can create their own arbitrary rules for ownership, transaction formats and state transition functions. A bare-bones version of Namecoin can be written in two lines of code, and other protocols like currencies and reputation systems can be built in under twenty. Smart contracts, cryptographic “boxes” that contain value and only unlock it if certain conditions are met, can also be built on top of the platform, with vastly more power than that offered by Bitcoin scripting because of the added powers of Turing-completeness, value-awareness, blockchain-awareness and state.

以太坊的目的是為構(gòu)建分散式應(yīng)用程序創(chuàng)建一個替代協(xié)議，提供一套不同的折衷方案，我們認(rèn)為這對于大量分布式應(yīng)用程序非常有用，特別強(qiáng)調(diào)快速開發(fā)時間，小型很少使用的應(yīng)用程序，以及不同應(yīng)用程序的高效互動能力都很重要。以太坊通過構(gòu)建本質(zhì)上最終的抽象基礎(chǔ)層來實現(xiàn)這一點(diǎn)：一種內(nèi)置圖靈完整編程語言的區(qū)塊鏈，允許任何人編寫智能合約和分布式應(yīng)用程序，在這些應(yīng)用程序中他們可以為所有權(quán)，交易格式和狀態(tài)轉(zhuǎn)換函數(shù)制定自己的規(guī)則。 Namecoin的一個簡單版本可以用兩行代碼編寫，其他協(xié)議，如貨幣和信譽(yù)系統(tǒng)可以在20行以內(nèi)建立。因為擁有比比特幣腳本所提供的功能強(qiáng)大得多的圖靈完備性，價值知曉，區(qū)塊鏈知曉和狀態(tài)，所以智能合約，包含價值并且只有在滿足特定條件時才解鎖的密碼“箱子”，都可以建立在平臺之上。

1、以太坊賬戶（Ethereum Accounts）

In Ethereum, the state is made up of objects called “accounts”, with each account having a 20-byte address and state transitions being direct transfers of value and information between accounts. An Ethereum account contains four fields:

在以太坊中，狀態(tài)由稱為“帳戶”的對象組成，每個帳戶都有一個20字節(jié)的地址，狀態(tài)轉(zhuǎn)換是賬戶之間的價值和信息的直接轉(zhuǎn)移。 以太坊賬戶包含四個字段：

• The nonce, a counter used to make sure each transaction can only be processed once.
• The account’s current ether balance.
• The account’s contract code, if present.
• The account’s storage (empty by default).

• 隨機(jī)數(shù)，用于確定每筆交易只能被處理一次的計算器
• 賬戶當(dāng)前的以太幣余額
• 賬戶的合約代碼，如果有的話
• 賬戶的存儲（默認(rèn)為空）

“Ether” is the main internal crypto-fuel of Ethereum, and is used to pay transaction fees. In general, there are two types of accounts: externally owned accounts, controlled by private keys, and contract accounts, controlled by their contract code. An externally owned account has no code, and one can send messages from an externally owned account by creating and signing a transaction; in a contract account, every time the contract account receives a message its code activates, allowing it to read and write to internal storage and send other messages or create contracts in turn.

“以太”是以太坊的主要內(nèi)部加密燃料，用于支付交易費(fèi)用。 一般來說，有兩種類型的賬戶：外部所有的賬戶，由私鑰控制；合同賬戶由合同代碼控制。 外部所有的賬戶沒有代碼，人們從外部所有賬戶發(fā)送消息，以創(chuàng)建和簽署交易; 在合同賬戶中，合約賬戶每次收到消息后，代碼激活，將允許對內(nèi)部存儲進(jìn)行讀寫和發(fā)送其他消息或者依次創(chuàng)建合約。

Note that “contracts” in Ethereum should not be seen as something that should be “fulfilled” or “complied with”; rather, they are more like “autonomous agents” that live inside of the Ethereum execution environment, always executing a specific piece of code when “poked” by a message or transaction, and having direct control over their own ether balance and their own key/value store to keep track of persistent variables.

請注意，以太坊中的“合約”不應(yīng)被視為應(yīng)該被“履行”或“遵守”的事物; 相反，他們更像是居住在以太坊執(zhí)行環(huán)境中的“自主代理人”，當(dāng)被消息或交易“捅一下”時，總是執(zhí)行特定的代碼段，并直接控制自己的以太余額和自己的密鑰/ 值存儲，保持對持久變量的跟蹤。

2、消息與交易（Messages and Transactions）

The term “transaction” is used in Ethereum to refer to the signed data package that stores a message to be sent from an externally owned account. Transactions contain:

“交易”術(shù)語在以太坊中是指被外部所有賬戶發(fā)送的存有消息的經(jīng)過簽署的數(shù)據(jù)包。交易包含：

• The recipient of the message
• A signature identifying the sender
• The amount of ether to transfer from the sender to the recipient
• An optional data field
• A STARTGAS value, representing the maximum number of computational steps the transaction execution is allowed to take
• A GASPRICE value, representing the fee the sender pays per computational step

• 消息接受人
• 能證明發(fā)送者身份的簽名
• 一定數(shù)量的從發(fā)送者轉(zhuǎn)移至接受者的以太幣
• 一個可選的數(shù)據(jù)字段
• STARTGAS值，代表交易被執(zhí)行時可以運(yùn)行的最大計算步驟數(shù)
• GASPRICE值，代表發(fā)送者為每個計算步驟支付的費(fèi)用

The first three are standard fields expected in any cryptocurrency. The data field has no function by default, but the virtual machine has an opcode using which a contract can access the data; as an example use case, if a contract is functioning as an on-blockchain domain registration service, then it may wish to interpret the data being passed to it as containing two “fields”, the first field being a domain to register and the second field being the IP address to register it to. The contract would read these values from the message data and appropriately place them in storage.

前三個是任何加密貨幣中預(yù)期的標(biāo)準(zhǔn)字段。 數(shù)據(jù)字段默認(rèn)沒有功能，但虛擬機(jī)具有合同可以訪問數(shù)據(jù)的操作碼; 作為示例用例，如果合同作為區(qū)塊鏈上的域名注冊服務(wù)運(yùn)行，那么它可能希望將傳遞給它的數(shù)據(jù)解釋為包含兩個“字段”，第一個字段是要注冊的域名，第二個字段是域名的IP地址。 合同將從消息數(shù)據(jù)中讀取這些值并將其妥善放置在存儲中。

The STARTGAS and GASPRICE fields are crucial for Ethereum’s anti-denial of service model. In order to prevent accidental or hostile infinite loops or other computational wastage in code, each transaction is required to set a limit to how many computational steps of code execution it can use. The fundamental unit of computation is “gas”; usually, a computational step costs 1 gas, but some operations cost higher amounts of gas because they are more computationally expensive, or increase the amount of data that must be stored as part of the state. There is also a fee of 5 gas for every byte in the transaction data. The intent of the fee system is to require an attacker to pay proportionately for every resource that they consume, including computation, bandwidth and storage; hence, any transaction that leads to the network consuming a greater amount of any of these resources must have a gas fee roughly proportional to the increment.

對于以太坊的反拒絕服務(wù)模式，STARTGAS和GASPRICE字段至關(guān)重要。 為了防止代碼中的意外或惡意的無限循環(huán)，或其他計算浪費(fèi)，每個事務(wù)都需要設(shè)置它可以使用多少的代碼執(zhí)行步驟數(shù)。 計算的基本單位是“gas”。 通常，一個計算步驟花費(fèi)1個gas，但是一些操作耗費(fèi)更高的gas，因為它們在計算上更昂貴，或者增加了作為狀態(tài)的一部分的必須存儲的數(shù)據(jù)量。 交易數(shù)據(jù)中的每個字節(jié)也要收費(fèi)5個gas。 收費(fèi)系統(tǒng)的目的是要求攻擊者按比例支付他們消費(fèi)的每一種資源，包括計算量，帶寬和存儲量; 因此，任何導(dǎo)致網(wǎng)絡(luò)消耗更多資源的交易必須具有與增量大致成比例的gas。

3、消息（Messages）

Contracts have the ability to send “messages” to other contracts. Messages are virtual objects that are never serialized and exist only in the Ethereum execution environment. A message contains:

• The sender of the message (implicit)
• The recipient of the message
• The amount of ether to transfer alongside the message
• An optional data field
• A STARTGAS value

合約具有向其他合約發(fā)送“消息”的能力。消息是從沒有被序列化的，只存在于以太坊執(zhí)行環(huán)境的虛擬對象。消息包含：

• 消息發(fā)送者（固有的）
• 消息接受者
• 與消息一起被轉(zhuǎn)移的以太幣的數(shù)量
• 可選的數(shù)據(jù)字段
• STARTGAS值

Essentially, a message is like a transaction, except it is produced by a contract and not an external actor. A message is produced when a contract currently executing code executes the CALLopcode, which produces and executes a message. Like a transaction, a message leads to the recipient account running its code. Thus, contracts can have relationships with other contracts in exactly the same way that external actors can.

從本質(zhì)上講，消息就像一個交易，除了它是由合同產(chǎn)生的而不是由外部參與者產(chǎn)生的之外。 當(dāng)一個正在運(yùn)行代碼的協(xié)議執(zhí)行CALLopcode時，將會產(chǎn)生和執(zhí)行一條消息。 就像一個交易，一條消息導(dǎo)致接收人賬戶運(yùn)行其代碼。 因此，合約可以擁有與其他合約的關(guān)系，這與外部參與者之間的方式完全相同。

Note that the gas allowance assigned by a transaction or contract applies to the total gas consumed by that transaction and all sub-executions. For example, if an external actor A sends a transaction to B with 1000 gas, and B consumes 600 gas before sending a message to C, and the internal execution of C consumes 300 gas before returning, then B can spend another 100 gas before running out of gas.

請注意，交易或合同分配的gas限額適用于該交易和所有子執(zhí)行消耗的總gas。 例如，如果外部參與者A向B發(fā)送帶有1000個gas的事交易，B在向C發(fā)送消息之前消耗了600個gas，并且C的內(nèi)部執(zhí)行在返回之前消耗300個gas，則B在用光gas之前，只可以花費(fèi)另外100個gas。

4、以太坊狀態(tài)轉(zhuǎn)換函數(shù)（Ethereum State Transition Function）

The Ethereum state transition function, APPLY(S,TX) -> S’ can be defined as follows:

• Check if the transaction is well-formed (ie. has the right number of values), the signature is valid, and the nonce matches the nonce in the sender’s account. If not, return an error.
• Calculate the transaction fee as STARTGAS * GASPRICE, and determine the sending address from the signature. Subtract the fee from the sender’s account balance and increment the sender’s nonce. If there is not enough balance to spend, return an error.
• Initialize GAS = STARTGAS, and take off a certain quantity of gas per byte to pay for the bytes in the transaction.
• Transfer the transaction value from the sender’s account to the receiving account. If the receiving account does not yet exist, create it. If the receiving account is a contract, run the contract’s code either to completion or until the execution runs out of gas.
• If the value transfer failed because the sender did not have enough money, or the code execution ran out of gas, revert all state changes except the payment of the fees, and add the fees to the miner’s account.
• Otherwise, refund the fees for all remaining gas to the sender, and send the fees paid for gas consumed to the miner.

以太坊狀態(tài)轉(zhuǎn)換函數(shù) APPLY(S,TX) -> S’ 定義如下：

• 檢查交易是否被構(gòu)建完好（例如，有正確的值），簽名是否正確，隨機(jī)數(shù)是否與發(fā)送者賬戶的隨機(jī)數(shù)匹配。如果不是，返回錯誤。
• 通過 STARTGAS * GASPRICE計算出交易費(fèi)用，確定發(fā)生地址來自于簽名，從發(fā)送者賬戶減去費(fèi)用，同時增加發(fā)送者的隨機(jī)數(shù)。如果沒有足夠的余額，返回錯誤。
• 初始化 GAS = STARTGAS，在交易中支付確定每字節(jié)數(shù)量的gas。
• 從發(fā)送者賬戶轉(zhuǎn)移交易數(shù)額至接受者的賬戶。如果接受者的賬戶不存在，創(chuàng)建一個。如果接受者賬戶是一個合約，運(yùn)行合約代碼要么完成，要么用光了所有的gas。
• 如果是因為發(fā)送者沒有足夠的錢而導(dǎo)致轉(zhuǎn)移失敗，或者是代碼運(yùn)行用光了gas，除了支付的費(fèi)用外，恢復(fù)所有狀態(tài)的更改，并將費(fèi)用支付給礦工的賬戶
• 相反的情況，將剩余的費(fèi)用找零給發(fā)送者，支付消耗的費(fèi)用給礦工。

For example, suppose that the contract’s code is:

例如，假定合約代碼如下：

if !self.storage[calldataload(0)]:
    self.storage[calldataload(0)] = calldataload(32)

Note that in reality the contract code is written in the low-level EVM code; this example is written in Serpent, one of our high-level languages, for clarity, and can be compiled down to EVM code. Suppose that the contract’s storage starts off empty, and a transaction is sent with 10 ether value, 2000 gas, 0.001 ether gasprice, and 64 bytes of data, with bytes 0-31 representing the number 2and bytes 32-63 representing the string CHARLIE. The process for the state transition function in this case is as follows:

• Check that the transaction is valid and well formed.
• Check that the transaction sender has at least 2000 * 0.001 = 2 ether. If it is, then subtract 2 ether from the sender’s account.
• Initialize gas = 2000; assuming the transaction is 170 bytes long and the byte-fee is 5, subtract 850 so that there is 1150 gas left.
• Subtract 10 more ether from the sender’s account, and add it to the contract’s account.
• Run the code. In this case, this is simple: it checks if the contract’s storage at index 2 is used, notices that it is not, and so it sets the storage at index 2 to the value CHARLIE. Suppose this takes 187 gas, so the remaining amount of gas is 1150 - 187 = 963
• Add 963 * 0.0001 = 0.963 ether back to the sender’s account, and return the resulting state.

請注意，實際上，合約代碼是用低級EVM代碼編寫的; 為了清晰起見，本示例使用Serpent（我們的高級語言之一）編寫，并且可以編譯為EVM代碼。 假設(shè)，合約的存儲從空開始，交易是發(fā)送：10個以太幣，2000gas，0.001 gasprice 和 64字節(jié)，其中字節(jié)0-31代表數(shù)字2，字節(jié)32-63代表字符串CHARLIE。 在這種情況下狀態(tài)轉(zhuǎn)換函數(shù)進(jìn)行如下處理：

• 檢查交易是否有效并組織完好
• 檢查交易發(fā)送者至少擁有2000 * 0.001 = 2 個以太幣，并從其賬戶上扣減2個以太幣
• 初始化 gas = 2000，假定交易是170字節(jié)，每字節(jié)5gas，減去850gas，剩下 1150 gas
• 從發(fā)送者賬戶減去10個以太幣，將其增加到合約賬戶
• 運(yùn)行代碼。在這個案例中，非常簡單：檢查合約賬戶的存儲索引 2 是否被使用，提示沒有，則將存儲索引2的數(shù)據(jù)設(shè)置為 CHARLIE 。假設(shè)這花費(fèi)了187gas，余下的就是 1150 - 187 = 963 gas
• 返還 963 * 0.0001 = 0.963 以太幣到發(fā)送者賬戶，同時返回結(jié)果狀態(tài)。

If there was no contract at the receiving end of the transaction, then the total transaction fee would simply be equal to the provided GASPRICE multiplied by the length of the transaction in bytes, and the data sent alongside the transaction would be irrelevant.

如果在交易接收端沒有合約，那么總的交易費(fèi)用將等于所提供的GASPRICE乘以交易的長度（以字節(jié)為單位），與交易一起發(fā)送的數(shù)據(jù)無關(guān)。

Note that messages work equivalently to transactions in terms of reverts: if a message execution runs out of gas, then that message’s execution, and all other executions triggered by that execution, revert, but parent executions do not need to revert. This means that it is “safe” for a contract to call another contract, as if A calls B with G gas then A’s execution is guaranteed to lose at most G gas. Finally, note that there is an opcode, CREATE, that creates a contract; its execution mechanics are generally similar to CALL, with the exception that the output of the execution determines the code of a newly created contract.

請注意，消息在回滾方面與交易相同：如果消息執(zhí)行耗盡gas，那么該消息的執(zhí)行以及該執(zhí)行觸發(fā)的所有其他執(zhí)行都會回滾，但父執(zhí)行不需要回滾。 這意味著合約調(diào)用另一份合約是“安全的”，就好像A用G gas調(diào)用B，那么可以確保A的執(zhí)行最多會損失G gas。 最后，請注意，有一個操作碼CREATE，它創(chuàng)建合約; 其執(zhí)行機(jī)制通常與CALL類似，例外是執(zhí)行的輸出決定了新創(chuàng)建的合約代碼。

5、代碼執(zhí)行（Code Execution）

The code in Ethereum contracts is written in a low-level, stack-based bytecode language, referred to as “Ethereum virtual machine code” or “EVM code”. The code consists of a series of bytes, where each byte represents an operation. In general, code execution is an infinite loop that consists of repeatedly carrying out the operation at the current program counter (which begins at zero) and then incrementing the program counter by one, until the end of the code is reached or an error or STOP or RETURN instruction is detected. The operations have access to three types of space in which to store data:

• The stack, a last-in-first-out container to which values can be pushed and popped
• Memory, an infinitely expandable byte array
• The contract’s long-term storage, a key/value store. Unlike stack and memory, which reset after computation ends, storage persists for the long term.

以太坊合約中的代碼采用低級，基于堆棧的字節(jié)碼語言編寫，被稱為“以太坊虛擬機(jī)代碼”或“EVM代碼”。 該代碼由一系列字節(jié)組成，其中每個字節(jié)表示一個操作。 一般來說，代碼執(zhí)行是一個無限循環(huán)，它包括在當(dāng)前程序計數(shù)器（從零開始）重復(fù)執(zhí)行操作，然后將程序計數(shù)器遞增1，直到代碼結(jié)束或錯誤或STOP 或RETURN指令被檢測到。 這些操作可以訪問三種類型的數(shù)據(jù)存儲空間：

• 堆棧，數(shù)據(jù)壓入彈出的后進(jìn)先出的容器
• 內(nèi)存，一個無限擴(kuò)展的字節(jié)數(shù)組
• 合約的長期存儲，一個鍵/值存儲，與堆棧和內(nèi)存會在計算結(jié)束后重置不同，這一存儲將會長期保持

The code can also access the value, sender and data of the incoming message, as well as block header data, and the code can also return a byte array of data as an output.

代碼還可以訪問傳入消息的值，發(fā)送者和數(shù)據(jù)以及塊頭數(shù)據(jù)，代碼也可以返回一個字節(jié)數(shù)組作為輸出。

The formal execution model of EVM code is surprisingly simple. While the Ethereum virtual machine is running, its full computational state can be defined by the tuple (block_state, transaction, message, code, memory, stack, pc, gas), where block_state is the global state containing all accounts and includes balances and storage. At the start of every round of execution, the current instruction is found by taking the pcth byte of code (or 0 if pc >= len(code)), and each instruction has its own definition in terms of how it affects the tuple. For example, ADD pops two items off the stack and pushes their sum, reduces gas by 1 and increments pc by 1, and SSTORE pops the top two items off the stack and inserts the second item into the contract’s storage at the index specified by the first item. Although there are many ways to optimize Ethereum virtual machine execution via just-in-time compilation, a basic implementation of Ethereum can be done in a few hundred lines of code.

EVM代碼的正式執(zhí)行模型非常簡單。 當(dāng)以太坊虛擬機(jī)正在運(yùn)行時，它的完整計算狀態(tài)可以由元組（block_state，transaction，message，code，memory，stack，pc，gas）定義，其中block_state是包含所有帳戶的全局狀態(tài)，并包含余額和存儲。 在每一輪執(zhí)行開始時，當(dāng)前指令可以通過獲取代碼的pc th（譯者注：類似4th，5th 等）字節(jié)來找到（如果pc> = len（code），則為0），并且每條指令都有其自己的定義，以表明它如何影響元組。 例如，ADD從堆疊中彈出兩個物品并推送其總和，將gas減少1，并將pc遞增1，SSTORE將頂部兩項品從堆棧中彈出，并將第二項插入到合約存儲器中作為索引的第一項。 雖然有很多方法可以通過即時編譯來優(yōu)化以太坊虛擬機(jī)的執(zhí)行，但以太坊的基本實現(xiàn)可以通過幾百行代碼完成。

6、區(qū)塊鏈和挖礦（Blockchain and Mining）

The Ethereum blockchain is in many ways similar to the Bitcoin blockchain, although it does have some differences. The main difference between Ethereum and Bitcoin with regard to the blockchain architecture is that, unlike Bitcoin, Ethereum blocks contain a copy of both the transaction list and the most recent state. Aside from that, two other values, the block number and the difficulty, are also stored in the block. The basic block validation algorithm in Ethereum is as follows:

• 1. Check if the previous block referenced exists and is valid.
• 2. Check that the timestamp of the block is greater than that of the referenced previous block and less than 15 minutes into the future
• 3. Check that the block number, difficulty, transaction root, uncle root and gas limit (various low-level Ethereum-specific concepts) are valid
• 4. Check that the proof of work on the block is valid.
• 5. Let S[0] be the state at the end of the previous block.
• 6. Let TX be the block’s transaction list, with n transactions. For all i in 0…n-1, set S[i+1] = APPLY(S[i],TX[i]). If any applications returns an error, or if the total gas consumed in the block up until this point exceeds the GASLIMIT, return an error.
• 7. Let S_FINAL be S[n], but adding the block reward paid to the miner.
• 8. Check if the Merkle tree root of the state S_FINAL is equal to the final state root provided in the block header. If it is, the block is valid; otherwise, it is not valid.

以太坊區(qū)塊鏈在很多方面與比特幣區(qū)塊鏈相似，但它確實有一些區(qū)別。 以太坊和比特幣在區(qū)塊鏈架構(gòu)方面的主要區(qū)別在于，與比特幣不同，以太坊區(qū)塊包含交易列表和最新狀態(tài)的副本。 除此之外，區(qū)塊塊中還存儲了其他兩個值，區(qū)塊號和難度。 以太坊中的基礎(chǔ)的區(qū)塊驗證算法如下:

1. 檢查被引用的前一區(qū)塊是否存在并有效
2. 檢查時間戳是否大于被引用的前一區(qū)塊并且小于未來15分鐘
3. 檢查區(qū)塊號，難度，交易根，叔根和gas限制（各種各樣底層的以太坊特有概念）是否有效。
4. 檢查當(dāng)前區(qū)塊的工作量證明是否有效。
5. 讓 S[0] 作為前一區(qū)塊末尾的狀態(tài)
6. 讓 TX 作為區(qū)塊的交易列表，包含了 n 個交易。為所有在 0…n-1的 i 進(jìn)行操作, 讓 S[i+1] = APPLY(S[i],TX[i])。如果任何應(yīng)用返回錯誤，或者 gas 消耗超過了 GASLINIT 的限制，返回錯誤。
7. 讓S_FINAL 成為 S[n]，但要增加支付給礦工的區(qū)塊獎勵。
8. 檢查 S_FINAL 中默克爾樹根是否等于區(qū)塊頭部的最終狀態(tài)根。如果相等則區(qū)塊是有效的，否則區(qū)塊無效。

The approach may seem highly inefficient at first glance, because it needs to store the entire state with each block, but in reality efficiency should be comparable to that of Bitcoin. The reason is that the state is stored in the tree structure, and after every block only a small part of the tree needs to be changed. Thus, in general, between two adjacent blocks the vast majority of the tree should be the same, and therefore the data can be stored once and referenced twice using pointers (ie. hashes of subtrees). A special kind of tree known as a “Patricia tree” is used to accomplish this, including a modification to the Merkle tree concept that allows for nodes to be inserted and deleted, and not just changed, efficiently. Additionally, because all of the state information is part of the last block, there is no need to store the entire blockchain history - a strategy which, if it could be applied to Bitcoin, can be calculated to provide 5-20x savings in space.

這種方法乍一看似乎效率很低，因為它需要在每個塊中存儲整個狀態(tài)，但實際上效率應(yīng)該與比特幣相當(dāng)。 原因是狀態(tài)存儲在樹狀結(jié)構(gòu)中，并且在每個塊之后只需要改變樹的一小部分。 因此，通常在兩個相鄰塊之間，絕大多數(shù)樹應(yīng)該是相同的，因此數(shù)據(jù)可以被存儲一次并且使用指針（即子樹的散列）被引用兩次。 一種稱為“Patricia樹”的特殊樹被用來實現(xiàn)這一點(diǎn)，包括對Merkle樹概念的修改，允許節(jié)點(diǎn)被插入和刪除，而不僅僅是改變，非常高效。 此外，由于所有狀態(tài)信息都是最后一個區(qū)塊的一部分，因此不需要存儲整個區(qū)塊鏈歷史記錄 - 這一策略如果應(yīng)用于比特幣，可以節(jié)省出節(jié)省5-20倍的空間。

A commonly asked question is “where” contract code is executed, in terms of physical hardware. This has a simple answer: the process of executing contract code is part of the definition of the state transition function, which is part of the block validation algorithm, so if a transaction is added into block B the code execution spawned by that transaction will be executed by all nodes, now and in the future, that download and validate block B.

對于物理硬件來說，一個常見問題是“在哪里”執(zhí)行合約代碼。一個簡單的答案：執(zhí)行合同代碼的過程是狀態(tài)轉(zhuǎn)換函數(shù)的定義的一部分，函數(shù)是區(qū)塊驗證算法的一部分，所以如果將一個交易添加到區(qū)塊B中，則該交易導(dǎo)致的代碼執(zhí)行將是：所有節(jié)點(diǎn)，現(xiàn)在和將來，都會下載和驗證區(qū)塊B。

（三）、應(yīng)用（Applications）

In general, there are three types of applications on top of Ethereum. The first category is financial applications, providing users with more powerful ways of managing and entering into contracts using their money. This includes sub-currencies, financial derivatives, hedging contracts, savings wallets, wills, and ultimately even some classes of full-scale employment contracts. The second category is semi-financial applications, where money is involved but there is also a heavy non-monetary side to what is being done; a perfect example is self-enforcing bounties for solutions to computational problems. Finally, there are applications such as online voting and decentralized governance that are not financial at all.

總的來說，在以太坊之上有三種類型的應(yīng)用程序。 第一類是金融應(yīng)用程序，它為用戶提供更強(qiáng)大的管理方式，讓用戶使用它們的資金簽訂合同。 這包括子貨幣，金融衍生品，套期保值合約，儲蓄錢包，遺囑以及最終甚至是一些類別的全面雇傭合同。 第二類是半金融應(yīng)用，涉及金錢，但也有非常重要的非貨幣方面的工作。一個完美的例子就是為計算問題的解決自我實施獎勵。 最后，還有諸如在線投票和分布式治理等應(yīng)用程序，這些應(yīng)用程序一點(diǎn)兒也沒有財務(wù)屬性。

1、代幣系統(tǒng)（Token Systems）

On-blockchain token systems have many applications ranging from sub-currencies representing assets such as USD or gold to company stocks, individual tokens representing smart property, secure unforgeable coupons, and even token systems with no ties to conventional value at all, used as point systems for incentivization. Token systems are surprisingly easy to implement in Ethereum. The key point to understand is that all a currency, or token system, fundamentally is a database with one operation: subtract X units from A and give X units to B, with the proviso that (1) A had at least X units before the transaction and (2) the transaction is approved by A. All that it takes to implement a token system is to implement this logic into a contract.

區(qū)塊鏈上的代幣系統(tǒng)有許多應(yīng)用，從代表資產(chǎn)（如美元或黃金）的子貨幣到公司股票，還有代表智能財產(chǎn)的單個代幣，安全不可偽造的優(yōu)惠券，甚至還有與常規(guī)價值完全不相干的代幣，它被用做點(diǎn)激勵系統(tǒng)。 代幣系統(tǒng)在以太坊中實現(xiàn)起來非常簡單。 要理解的關(guān)鍵點(diǎn)是，所有貨幣或代幣系統(tǒng)基本上都是一個數(shù)據(jù)庫，只有一個操作：從A中減去X個單位并將X個單位給予B，但條件是（1）在交易前，A至少有X個單位和（2）交易由A批準(zhǔn)。實現(xiàn)代幣系統(tǒng)所需的一切就是將該邏輯在合約中實施。

The basic code for implementing a token system in Serpent looks as follows:

用Serpent編寫的實現(xiàn)代幣系統(tǒng)的基本代碼如下：

def send(to, value):
    if self.storage[msg.sender] >= value:
        self.storage[msg.sender] = self.storage[msg.sender] - value
        self.storage[to] = self.storage[to] + value

This is essentially a literal implementation of the “banking system” state transition function described further above in this document. A few extra lines of code need to be added to provide for the initial step of distributing the currency units in the first place and a few other edge cases, and ideally a function would be added to let other contracts query for the balance of an address. But that’s all there is to it. Theoretically, Ethereum-based token systems acting as sub-currencies can potentially include another important feature that on-chain Bitcoin-based meta-currencies lack: the ability to pay transaction fees directly in that currency. The way this would be implemented is that the contract would maintain an ether balance with which it would refund ether used to pay fees to the sender, and it would refill this balance by collecting the internal currency units that it takes in fees and reselling them in a constant running auction. Users would thus need to “activate” their accounts with ether, but once the ether is there it would be reusable because the contract would refund it each time.

這實質(zhì)上是對上文中進(jìn)一步描述的“銀行系統(tǒng)”狀態(tài)轉(zhuǎn)換函數(shù)的字面實現(xiàn)。需要添加一些額外的代碼行，以便首先提供分配貨幣單位的第一步以及其他一些邊緣情況；理想情況下，會添加一個函數(shù)以便讓其他合同來查詢地址的余額。但，這就是它的全部。從理論上講，以太坊為基礎(chǔ)的代幣系統(tǒng)充當(dāng)次級貨幣可能會包含，鏈?zhǔn)降囊曰诒忍貛旁獛潘狈Φ?，另一個重要特征：能夠直接以該貨幣支付交易費(fèi)用。這樣做的方式是，合同將維護(hù)一個以太幣賬戶，這樣就可以用給發(fā)送人的以太幣退款來支付交易費(fèi)用，合約將通過收集被作為交易費(fèi)的內(nèi)部貨幣單位，并在一個不斷運(yùn)行的拍賣中再次賣掉，以實現(xiàn)為該賬戶注資。用戶因此需要使用以太幣來“激活”他們的賬戶，但是一旦以太會在那里就可以重用，因為合約每次都會退還。

2、金融衍生品和價值穩(wěn)定的貨幣（Financial derivatives and Stable-Value Currencies）

Financial derivatives are the most common application of a “smart contract”, and one of the simplest to implement in code. The main challenge in implementing financial contracts is that the majority of them require reference to an external price ticker; for example, a very desirable application is a smart contract that hedges against the volatility of ether (or another cryptocurrency) with respect to the US dollar, but doing this requires the contract to know what the value of ETH/USD is. The simplest way to do this is through a “data feed” contract maintained by a specific party (eg. NASDAQ) designed so that that party has the ability to update the contract as needed, and providing an interface that allows other contracts to send a message to that contract and get back a response that provides the price.

金融衍生工具是“智能合約”中最常見的應(yīng)用，也是最簡單的代碼實現(xiàn)之一。 實施金融合同的主要挑戰(zhàn)是，其中大部分要求參考外部價格報價器; 例如，一個非常理想的應(yīng)用程序是一種智能合約，可以抵御以太幣（或另一種加密貨幣）相對于美元的波動性，但這樣做需要合約知道ETH / USD的價值。 最簡單的方法是通過由特定方（例如納斯達(dá)克）維護(hù)的“數(shù)據(jù)反饋”合同，以便該方有權(quán)根據(jù)需要更新合同，并提供一個接口，以允許其他合同向那個合同發(fā)送消息并取回提供價格的響應(yīng)。

Given that critical ingredient, the hedging contract would look as follows:

• Wait for party A to input 1000 ether.
• Wait for party B to input 1000 ether.
• Record the USD value of 1000 ether, calculated by querying the data feed contract, in storage, say this is $x.
• After 30 days, allow A or B to “reactivate” the contract in order to send $x worth of ether (calculated by querying the data feed contract again to get the new price) to A and the rest to B.

給定關(guān)鍵元素，對沖合約看起來如下：

• 等待 A 方 輸入1000 以太幣
• 等待 B 方輸入1000以太幣
• 記錄1000 以太幣價值多少美元，這通過詢問數(shù)據(jù)反饋合約后計算獲得，保存，假如是 $x
• 30天后，允許A或者B再次激活合約，發(fā)送價值$x 的以太幣給A，具體的以太幣的數(shù)值當(dāng)然也是在詢問數(shù)據(jù)反饋合約后計算獲得，余下的以太幣發(fā)送給B

Such a contract would have significant potential in crypto-commerce. One of the main problems cited about cryptocurrency is the fact that it’s volatile; although many users and merchants may want the security and convenience of dealing with cryptographic assets, they may not wish to face that prospect of losing 23% of the value of their funds in a single day. Up until now, the most commonly proposed solution has been issuer-backed assets; the idea is that an issuer creates a sub-currency in which they have the right to issue and revoke units, and provide one unit of the currency to anyone who provides them (offline) with one unit of a specified underlying asset (eg. gold, USD). The issuer then promises to provide one unit of the underlying asset to anyone who sends back one unit of the crypto-asset. This mechanism allows any non-cryptographic asset to be “uplifted” into a cryptographic asset, provided that the issuer can be trusted.

這樣的合同在密碼商務(wù)中將具有巨大的潛力。 引用加密貨幣的主要問題之一是不穩(wěn)定; 盡管許多用戶和商家可能希望使用加密資產(chǎn)的安全性和便利性，但他們可能不希望一天內(nèi)損失其資金價值23％的前景。 到目前為止，最常見的解決方案是發(fā)行人背書資產(chǎn); 這個想法是，發(fā)行人創(chuàng)建了一個子貨幣，他們有權(quán)發(fā)行和撤回貨幣單位，并將任何一個單位的貨幣提供給那些給他們（離線）提供一個單位特定基礎(chǔ)資產(chǎn)（例如，黃金 ， 美元）的人。 然后，發(fā)行人承諾向發(fā)回一個單位加密資產(chǎn)的任何人返還一個基礎(chǔ)資產(chǎn)單位。 該機(jī)制允許任何非密碼資產(chǎn)被“提升”為密碼資產(chǎn)，前提是發(fā)行人可以被信任。

In practice, however, issuers are not always trustworthy, and in some cases the banking infrastructure is too weak, or too hostile, for such services to exist. Financial derivatives provide an alternative. Here, instead of a single issuer providing the funds to back up an asset, a decentralized market of speculators, betting that the price of a cryptographic reference asset (eg. ETH) will go up, plays that role. Unlike issuers, speculators have no option to default on their side of the bargain because the hedging contract holds their funds in escrow. Note that this approach is not fully decentralized, because a trusted source is still needed to provide the price ticker, although arguably even still this is a massive improvement in terms of reducing infrastructure requirements (unlike being an issuer, issuing a price feed requires no licenses and can likely be categorized as free speech) and reducing the potential for fraud.

然而，在實踐中，發(fā)行人并不總是值得信賴的，而且在某些情況下，銀行業(yè)基礎(chǔ)設(shè)施太脆弱，或者銀行不夠誠信，所以這樣的服務(wù)不能存在。金融衍生產(chǎn)品提供了另一種選擇。在這里，不是單一發(fā)行人提供資金來支撐一種資產(chǎn)，而是一個分布式的投機(jī)者市場，他們認(rèn)為加密資產(chǎn)（例如ETH）的價格會上漲，而扮演了投機(jī)者這個角色。 與發(fā)行人不同，投機(jī)者沒有討價還價的余地，因為對沖合約持有他們的資金托管。 請注意，這種方法并不是完全分布式的，因為仍然需要一個可信賴的來源來提供報價，盡管可以說即使如此，這也仍然是一個在降低基礎(chǔ)設(shè)施要求（與發(fā)行商不同，發(fā)布價格反饋不需要許可證，并可能被歸類為言論自由）和減少欺詐的可能性方面的巨大進(jìn)步。

3、身份和信譽(yù)系統(tǒng)（Identity and Reputation Systems）

The earliest alternative cryptocurrency of all, Namecoin, attempted to use a Bitcoin-like blockchain to provide a name registration system, where users can register their names in a public database alongside other data. The major cited use case is for a DNS system, mapping domain names like “bitcoin.org” (or, in Namecoin’s case, “bitcoin.bit”) to an IP address. Other use cases include email authentication and potentially more advanced reputation systems. Here is the basic contract to provide a Namecoin-like name registration system on Ethereum:

最早的替代加密貨幣，Namecoin試圖使用類似比特幣的區(qū)塊鏈來提供名稱注冊系統(tǒng)，用戶可以在公共數(shù)據(jù)庫中將他們的名稱與其他數(shù)據(jù)一起注冊。 主要引用的用例是DNS系統(tǒng)，將域名（比如“bitcoin.org”）（或者在Namecoin的例子中是“bitcoin.bit”）映射到IP地址。 其他用例包括電子郵件認(rèn)證和潛在的更高級的信譽(yù)系統(tǒng)。 以下是在以太坊提供類似Namecoin的名稱注冊系統(tǒng)的基本合約：

def register(name, value):
    if !self.storage[name]:
        self.storage[name] = value

The contract is very simple; all it is is a database inside the Ethereum network that can be added to, but not modified or removed from. Anyone can register a name with some value, and that registration then sticks forever. A more sophisticated name registration contract will also have a “function clause” allowing other contracts to query it, as well as a mechanism for the “owner” (ie. the first registerer) of a name to change the data or transfer ownership. One can even add reputation and web-of-trust functionality on top.

合約非常簡單; 所有這一切都是以太坊網(wǎng)絡(luò)內(nèi)的一個數(shù)據(jù)庫，可以添加到但不能修改或刪除。 任何人都可以注冊一個具有一定價值的名稱，然后該注冊將永久保存。 一個更復(fù)雜的名稱注冊合同也會有一個“函數(shù)條款”，允許其他合同進(jìn)行查詢，以及一個為“所有者”而設(shè)的機(jī)制（即，第一注冊者），所有者可以更改數(shù)據(jù)或轉(zhuǎn)讓所有權(quán)。 人們甚至可以在上面添加信譽(yù)和網(wǎng)絡(luò)信任功能。

4、分布式文件存儲（Decentralized File Storage）

Over the past few years, there have emerged a number of popular online file storage startups, the most prominent being Dropbox, seeking to allow users to upload a backup of their hard drive and have the service store the backup and allow the user to access it in exchange for a monthly fee. However, at this point the file storage market is at times relatively inefficient; a cursory look at various existing solutions shows that, particularly at the “uncanny valley” 20-200 GB level at which neither free quotas nor enterprise-level discounts kick in, monthly prices for mainstream file storage costs are such that you are paying for more than the cost of the entire hard drive in a single month. Ethereum contracts can allow for the development of a decentralized file storage ecosystem, where individual users can earn small quantities of money by renting out their own hard drives and unused space can be used to further drive down the costs of file storage.

在過去幾年中，已經(jīng)出現(xiàn)了一些流行的在線文件存儲初創(chuàng)公司，其中最著名的是Dropbox，它試圖允許用戶上傳他們硬盤的備份，提供保存?zhèn)浞莺陀脩粼L問這些數(shù)據(jù)服務(wù)，他們?yōu)榇耸杖≡沦M(fèi)。 但是，目前文件存儲市場有時相對低效， 粗略看一下現(xiàn)有的各種解決方案，特別是在20-200 GB的“恐怖谷”水平上，既沒有免費(fèi)額度也沒有企業(yè)級的折扣，你支付的主流文件存儲成本的每月價格，要高于單月整個硬盤的成本。 以太坊合同可以允許開發(fā)分布式文件存儲生態(tài)系統(tǒng)，個人用戶可以通過出租自己的硬盤來賺取少量的資金，未使用的空間可以用來進(jìn)一步降低文件存儲成本。

The key underpinning piece of such a device would be what we have termed the “decentralized Dropbox contract”. This contract works as follows. First, one splits the desired data up into blocks, encrypting each block for privacy, and builds a Merkle tree out of it. One then makes a contract with the rule that, every N blocks, the contract would pick a random index in the Merkle tree (using the previous block hash, accessible from contract code, as a source of randomness), and give X ether to the first entity to supply a transaction with a simplified payment verification-like proof of ownership of the block at that particular index in the tree. When a user wants to re-download their file, they can use a micropayment channel protocol (eg. pay 1 szabo per 32 kilobytes) to recover the file; the most fee-efficient approach is for the payer not to publish the transaction until the end, instead replacing the transaction with a slightly more lucrative one with the same nonce after every 32 kilobytes.

這種裝置的關(guān)鍵部件我們稱之為“分布式Dropbox合同”。該合同的如此工作。首先，將所需數(shù)據(jù)分成塊，對每個塊進(jìn)行隱私加密，然后構(gòu)建默克爾樹。然后用以下規(guī)則形成合約：每N個塊，合約將在Merkle樹中選擇一個隨機(jī)索引（可從合同代碼訪問，使用之前的區(qū)塊散列作為隨機(jī)源），并將 X 以太幣賦予第一個實體，為該交易提供一個簡化的支付驗證（SPV） - 就像在樹中特定索引處的塊的所有權(quán)證明。當(dāng)用戶想要重新下載他們的文件時，他們可以使用微支付通道協(xié)議（例如，支付每32千字節(jié)1個szabo）來恢復(fù)文件;最節(jié)省費(fèi)用的方法是付款人不到最后不要發(fā)布交易，而是，在每32千字節(jié)之后，用一個更劃算的帶有同樣隨機(jī)數(shù)的交易取代原來的那個。

An important feature of the protocol is that, although it may seem like one is trusting many random nodes not to decide to forget the file, one can reduce that risk down to near-zero by splitting the file into many pieces via secret sharing, and watching the contracts to see each piece is still in some node’s possession. If a contract is still paying out money, that provides a cryptographic proof that someone out there is still storing the file.

該協(xié)議的一個重要特點(diǎn)是，雖然看起來像一個人相信許多不會丟失文件的隨機(jī)節(jié)點(diǎn)，但可以通過秘密共享將文件分割成許多塊，從而將風(fēng)險降低到接近于零，并通過監(jiān)看合約來了解每個碎片仍然在某個節(jié)點(diǎn)中。 如果合約仍在支付金錢，那么它提供了一個某人仍在存儲該文件的密碼學(xué)證據(jù)。

5、分布式自治組織（Decentralized Autonomous Organizations）

The general concept of a “decentralized autonomous organization” is that of a virtual entity that has a certain set of members or shareholders which, perhaps with a 67% majority, have the right to spend the entity’s funds and modify its code. The members would collectively decide on how the organization should allocate its funds. Methods for allocating a DAO’s funds could range from bounties, salaries to even more exotic mechanisms such as an internal currency to reward work. This essentially replicates the legal trappings of a traditional company or nonprofit but using only cryptographic blockchain technology for enforcement. So far much of the talk around DAOs has been around the “capitalist” model of a “decentralized autonomous corporation” (DAC) with dividend-receiving shareholders and tradable shares; an alternative, perhaps described as a “decentralized autonomous community”, would have all members have an equal share in the decision making and require 67% of existing members to agree to add or remove a member. The requirement that one person can only have one membership would then need to be enforced collectively by the group.

“分布式自治組織”的一般概念是擁有一定數(shù)量的成員或股東的虛擬實體，這些成員或股東可能擁有67％的多數(shù)股東權(quán)利，有權(quán)花費(fèi)實體的資金和修改代碼。成員將共同決定組織如何分配資金。分配DAO資金的方法可以，從賞金，工資，到更多如用內(nèi)部貨幣以獎勵工作這樣的外來機(jī)制。這基本上復(fù)制了傳統(tǒng)公司或非營利組織的法律外觀，但僅使用加密區(qū)塊鏈技術(shù)來執(zhí)行。到目前為止，關(guān)于DAO的大部分討論都圍繞著“分布式自治公司”（DAC）的“資本主義”模式，其中包含接受分紅的股東和可交易股票;另一種可能被稱為“分布式自治社區(qū)”的替代方案，所有成員在決策中擁有平等的份額，增加或開除一名成員，需要得到67％現(xiàn)有成員的同意。一個人只能擁有一個會員資格的要求，將需要該團(tuán)體共同強(qiáng)制執(zhí)行。

A general outline for how to code a DAO is as follows. The simplest design is simply a piece of self-modifying code that changes if two thirds of members agree on a change. Although code is theoretically immutable, one can easily get around this and have de-facto mutability by having chunks of the code in separate contracts, and having the address of which contracts to call stored in the modifiable storage. In a simple implementation of such a DAO contract, there would be three transaction types, distinguished by the data provided in the transaction:

• [0,i,K,V] to register a proposal with index i to change the address at storage index K to value V
• [0,i] to register a vote in favor of proposal i
• [2,i] to finalize proposal i if enough votes have been made

如何編寫DAO的一般概要如下。 最簡單的設(shè)計只是一個自我修改的代碼，如果三分之二的成員同意修改就會發(fā)生變化。 盡管代碼在理論上是不可變的，但人們可以很容易地解決這個問題，通過在單獨(dú)的合同中包含大部分代碼，并調(diào)用那些合同的地址存儲在可修改的存儲中，從而具有事實上的可變性。 在這種DAO合同的簡單實現(xiàn)中，有三種交易類型，通過交易中提供的數(shù)據(jù)進(jìn)行區(qū)分：

• 注冊一個提議，用索引 i 來修改存儲索引 K 到 V 的地址
• 注冊一個贊成建議 i 的投票
• 如果足夠的投票已經(jīng)做出，敲定建議 i

The contract would then have clauses for each of these. It would maintain a record of all open storage changes, along with a list of who voted for them. It would also have a list of all members. When any storage change gets to two thirds of members voting for it, a finalizing transaction could execute the change. A more sophisticated skeleton would also have built-in voting ability for features like sending a transaction, adding members and removing members, and may even provide for Liquid Democracy-style vote delegation (ie. anyone can assign someone to vote for them, and assignment is transitive so if A assigns B and B assigns C then C determines A’s vote). This design would allow the DAO to grow organically as a decentralized community, allowing people to eventually delegate the task of filtering out who is a member to specialists, although unlike in the “current system” specialists can easily pop in and out of existence over time as individual community members change their alignments.

合同的每一項都有條款。它將保存所有開放存儲更改的記錄以及誰投票給他們的清單。它也會有一個所有成員的名單。當(dāng)任何存儲變更得到三分之二的成員投票支持時，敲定的交易來執(zhí)行變更。一個更復(fù)雜的框架可能也會具有內(nèi)置投票功能，例如發(fā)送交易，增加成員和刪除成員等功能，甚至可以提供流動民主風(fēng)格的投票授權(quán)（即任何人都可以指定某人投票給他們，因此如果A指定B投票，B指定C，則C決定A的投票）。這種設(shè)計可以使DAO作為一個分布式的社區(qū)有機(jī)地發(fā)展起來，允許人們最終將挑選合適人選的任務(wù)委派給專家，但與“現(xiàn)有系統(tǒng)”不同，隨著時間的推移，當(dāng)個別社區(qū)成員改變他們的陣營時，專家很容易的加入或退出。

An alternative model is for a decentralized corporation, where any account can have zero or more shares, and two thirds of the shares are required to make a decision. A complete skeleton would involve asset management functionality, the ability to make an offer to buy or sell shares, and the ability to accept offers (preferably with an order-matching mechanism inside the contract). Delegation would also exist Liquid Democracy-style, generalizing the concept of a “board of directors”.

另一種模式是分布式公司，任何賬戶可以有零或更多的股份，作出決定需要三分之二的股份支持。 一個完整的框架將涉及資產(chǎn)管理功能，提出購買或出售股份的能力，以及接受要約的能力（最好是在合同中使用訂單匹配機(jī)制）。授權(quán)也存在流式民主風(fēng)格，也就產(chǎn)生了“董事會”的概念。

6、未來的應(yīng)用（Further Applications）

1. Savings wallets. Suppose that Alice wants to keep her funds safe, but is worried that she will lose or someone will hack her private key. She puts ether into a contract with Bob, a bank, as follows:

• Alice alone can withdraw a maximum of 1% of the funds per day.

• Bob alone can withdraw a maximum of 1% of the funds per day, but Alice has the ability to make a transaction with her key shutting off this ability.

• Alice and Bob together can withdraw anything.

Normally, 1% per day is enough for Alice, and if Alice wants to withdraw more she can contact Bob for help. If Alice’s key gets hacked, she runs to Bob to move the funds to a new contract. If she loses her key, Bob will get the funds out eventually. If Bob turns out to be malicious, then she can turn off his ability to withdraw.

1. 儲蓄錢包。假設(shè)Alice想安全的保管她的資金，但是卻擔(dān)心自己弄丟了私鑰或者有人非法侵入獲得她的私鑰。她把以太幣放在一個與Bob的合約里，一家銀行，操作如下：

• Alice每天可以獨(dú)自取款最多1%
• Bob每天可以獨(dú)自取款最多1%，但是Alice有權(quán)用她的鑰匙發(fā)起一個交易關(guān)閉Bob的這個權(quán)利
• Alice和Bob一起可以提取任意額度的資金

通常情況下，Alice每天1％就足夠了，如果Alice想要提取更多的資金，她可以聯(lián)系鮑勃尋求幫助。 如果Alice的密鑰遭到黑客攻擊，她會去找Bob將資金轉(zhuǎn)移到新的合約。 如果Alice失去了她的密鑰，Bob將最終取出所有資金。 如果事實證明Bob是惡意的，那么她可以關(guān)閉他的取款資格。

2. Crop insurance. One can easily make a financial derivatives contract but using a data feed of the weather instead of any price index. If a farmer in Iowa purchases a derivative that pays out inversely based on the precipitation in Iowa, then if there is a drought, the farmer will automatically receive money and if there is enough rain the farmer will be happy because their crops would do well. This can be expanded to natural disaster insurance generally.

2. 作物保險。 人們可以很容易地使用天氣的數(shù)據(jù)反饋而不是任何價格指數(shù)來制定金融衍生品合約。 如果愛荷華州的農(nóng)民購買與愛荷華州降水量相反支付的衍生合約，那么如果出現(xiàn)干旱，農(nóng)民將自動獲得收入，如果雨水充足，農(nóng)民就會因為收成良好而開心。 這一般可以擴(kuò)展到自然災(zāi)害保險。

3. A decentralized data feed. For financial contracts for difference, it may actually be possible to decentralize the data feed via a protocol called “SchellingCoin”. SchellingCoin basically works as follows: N parties all put into the system the value of a given datum (eg. the ETH/USD price), the values are sorted, and everyone between the 25th and 75th percentile gets one token as a reward. Everyone has the incentive to provide the answer that everyone else will provide, and the only value that a large number of players can realistically agree on is the obvious default: the truth. This creates a decentralized protocol that can theoretically provide any number of values, including the ETH/USD price, the temperature in Berlin or even the result of a particular hard computation.

3. 分布式數(shù)據(jù)反饋。 對于不同的金融合約，實際上可能通過一個名為“SchellingCoin”的協(xié)議進(jìn)行分布式數(shù)據(jù)反饋。 SchellingCoin的基本工作原理如下：N方都將給定數(shù)據(jù)（例如ETH / USD價格）的值輸入到系統(tǒng)中，對值進(jìn)行排序，并且在第25和75百分位之間的每個人都獲得一個代幣獎勵。 每個人都有動力提供其他人將提供的答案，而大量玩家可以切實達(dá)成一致的唯一價值就是明顯的默認(rèn)值：事實。 這創(chuàng)建了一個分布式的協(xié)議，理論上可以提供任意數(shù)量的值，包括ETH / USD價格，柏林溫度或甚至特定的硬計算結(jié)果。

4. Smart multisignature escrow. Bitcoin allows multisignature transaction contracts where, for example, three out of a given five keys can spend the funds. Ethereum allows for more granularity; for example, four out of five can spend everything, three out of five can spend up to 10% per day, and two out of five can spend up to 0.5% per day. Additionally, Ethereum multisig is asynchronous - two parties can register their signatures on the blockchain at different times and the last signature will automatically send the transaction.

4. 智能多重簽名托管。 比特幣允許多重簽名交易合約，例如，給定五個密鑰中的三個可以花費(fèi)資金。 以太坊允許更多的粒度; 例如，五分之四的人可以消費(fèi)任意數(shù)額，五分之三的人每天最高可花費(fèi)10％，五分之二的人每天最高可花費(fèi)0.5％。 此外，以太坊多重簽名是異步的 - 雙方可以在不同時間在區(qū)塊鏈上注冊其簽名，最后一個簽名將自動發(fā)送交易。

5. Cloud computing. The EVM technology can also be used to create a verifiable computing environment, allowing users to ask others to carry out computations and then optionally ask for proofs that computations at certain randomly selected checkpoints were done correctly. This allows for the creation of a cloud computing market where any user can participate with their desktop, laptop or specialized server, and spot-checking together with security deposits can be used to ensure that the system is trustworthy (ie. nodes cannot profitably cheat). Although such a system may not be suitable for all tasks; tasks that require a high level of inter-process communication, for example, cannot easily be done on a large cloud of nodes. Other tasks, however, are much easier to parallelize; projects like SETI@home, folding@home and genetic algorithms can easily be implemented on top of such a platform.

5. 云計算。 EVM技術(shù)也可用于創(chuàng)建可驗證的計算環(huán)境，這允許用戶請求其他人進(jìn)行計算，然后可選擇的要求提供證據(jù)，這些證據(jù)來自正確完成的隨機(jī)選擇的檢查點(diǎn)。 這允許創(chuàng)建一個云計算市場，任何用戶都可以通過他們的臺式機(jī)，筆記本電腦或?qū)Ｓ梅?wù)器參與其中，現(xiàn)場檢查和安全保證金可以確保系統(tǒng)是可信的（即節(jié)點(diǎn)不能因欺騙而獲利）。 雖然這樣的系統(tǒng)可能不適合所有的任務(wù)， 例如，需要高級別進(jìn)程間通信的任務(wù)不能在大型節(jié)點(diǎn)云上輕松完成。 但是，其他任務(wù)更容易并行化; 諸如SETI @ home，folding @ home和遺傳算法等項目可以很容易地在這樣的平臺之上實現(xiàn)。

6. Peer-to-peer gambling. Any number of peer-to-peer gambling protocols, such as Frank Stajano and Richard Clayton’s Cyberdice, can be implemented on the Ethereum blockchain. The simplest gambling protocol is actually simply a contract for difference on the next block hash, and more advanced protocols can be built up from there, creating gambling services with near-zero fees that have no ability to cheat.

6. 點(diǎn)對點(diǎn)賭博。 任何數(shù)量的點(diǎn)對點(diǎn)賭博協(xié)議，例如Frank Stajano和Richard Clayton的Cyberdice，都可以在以太坊區(qū)塊鏈上實施。 事實上最簡單的賭博協(xié)議只是下一個塊哈希差異的合約，并且可以從那里建立更高級的協(xié)議，以幾乎為零的費(fèi)用創(chuàng)建賭博服務(wù)，而且這些服務(wù)無法作弊。

7. Prediction markets. Provided an oracle or SchellingCoin, prediction markets are also easy to implement, and prediction markets together with SchellingCoin may prove to be the first mainstream application of futarchy as a governance protocol for decentralized organizations.

7. 預(yù)測市場。 提供一個預(yù)言或SchellingCoin，預(yù)測市場也很容易實現(xiàn)，有SchellingCoin的預(yù)測市場可能被證明是第一個分布式組織的組織管理協(xié)議的“futarchy”主流應(yīng)用。

8. On-chain decentralized marketplaces, using the identity and reputation system as a base.

8. 鏈上分布式市場，以身份與信譽(yù)系統(tǒng)為基礎(chǔ)

（四）、雜項和相關(guān)（Miscellanea And Concerns）

1、改進(jìn)版“幽靈”協(xié)議實現(xiàn)（Modified GHOST Implementation）

The “Greedy Heaviest Observed Subtree” (GHOST) protocol is an innovation first introduced by Yonatan Sompolinsky and Aviv Zohar in December 2013. The motivation behind GHOST is that blockchains with fast confirmation times currently suffer from reduced security due to a high stale rate - because blocks take a certain time to propagate through the network, if miner A mines a block and then miner B happens to mine another block before miner A’s block propagates to B, miner B’s block will end up wasted and will not contribute to network security. Furthermore, there is a centralization issue: if miner A is a mining pool with 30% hashpower and B has 10% hashpower, A will have a risk of producing a stale block 70% of the time (since the other 30% of the time A produced the last block and so will get mining data immediately) whereas B will have a risk of producing a stale block 90% of the time. Thus, if the block interval is short enough for the stale rate to be high, A will be substantially more efficient simply by virtue of its size. With these two effects combined, blockchains which produce blocks quickly are very likely to lead to one mining pool having a large enough percentage of the network hashpower to have de facto control over the mining process.

“Greedy Heaviest Observed Subtree”（GHOST）幽靈協(xié)議是Yonatan Sompolinsky和Aviv Zohar于2013年12月首次提出的一項創(chuàng)新。提出GHOST協(xié)議的背后的動機(jī)是，由于高作廢率，目前快速確認(rèn)的區(qū)塊鏈?zhǔn)芾塾诮档偷陌踩?- 因為塊的網(wǎng)絡(luò)傳播需要一定的時間，如果礦工A挖出一個區(qū)塊，然后礦工B在礦工A的區(qū)塊傳播到B之前碰巧挖掘另一個區(qū)塊，那么礦工B的區(qū)塊將最終浪費(fèi)并且不會有助于網(wǎng)絡(luò)安全。此外，還有一個集中化問題：如果礦工A是一個擁有30％算力的采礦池，而B擁有10％算力，那么A將有70％的時間產(chǎn)生作廢塊的風(fēng)險（因為另外30％的時間A產(chǎn)生了最后一個塊，因此將立即獲取挖掘數(shù)據(jù)），而B將有90％的時間產(chǎn)生作廢塊的風(fēng)險。因此，如果區(qū)塊產(chǎn)生的間隔足夠短以使作廢率較高，則僅憑借其大小的優(yōu)勢，A將顯著的更加的高效。通過將這兩種效應(yīng)相結(jié)合，快速生成區(qū)塊的區(qū)塊鏈將很可能導(dǎo)致一個采礦池具有足夠百分比的網(wǎng)絡(luò)算力，以實際控制采礦過程。

As described by Sompolinsky and Zohar, GHOST solves the first issue of network security loss by including stale blocks in the calculation of which chain is the “l(fā)ongest”; that is to say, not just the parent and further ancestors of a block, but also the stale descendants of the block’s ancestor (in Ethereum jargon, “uncles”) are added to the calculation of which block has the largest total proof of work backing it. To solve the second issue of centralization bias, we go beyond the protocol described by Sompolinsky and Zohar, and also provide block rewards to stales: a stale block receives 87.5% of its base reward, and the nephew that includes the stale block receives the remaining 12.5%. Transaction fees, however, are not awarded to uncles.

正如Sompolinsky和Zohar所描述的那樣，GHOST通過在計算哪個鏈?zhǔn)恰白铋L”時包含作廢塊來解決網(wǎng)絡(luò)安全損失的第一個問題; 也就是說，在計算哪個區(qū)塊鏈具有最大的工作量證明時，所包含的區(qū)塊，不僅僅是一個區(qū)塊的父區(qū)塊和進(jìn)一步的祖先區(qū)塊，而且也包括作廢區(qū)塊后代的祖先區(qū)塊（在以太坊術(shù)語中稱為“叔區(qū)塊”）。 為了解決第二個——中心化偏見問題，我們超越了Sompolinsky和Zohar所描述的協(xié)議，為作廢區(qū)塊提供獎勵：一個作廢區(qū)塊可以獲得基本獎勵的87.5％，包含該作廢區(qū)塊的侄區(qū)塊獲得剩余的12.5％。 但是，交易費(fèi)用不會獎給叔區(qū)塊。

Ethereum implements a simplified version of GHOST which only goes down seven levels. Specifically, it is defined as follows:

• A block must specify a parent, and it must specify 0 or more uncles
• An uncle included in block B must have the following properties:
• • It must be a direct child of the kth generation ancestor of B, where 2 <= k <= 7.
• • It cannot be an ancestor of B
• • An uncle must be a valid block header, but does not need to be a previously verified or even valid block
• • An uncle must be different from all uncles included in previous blocks and all other uncles included in the same block (non-double-inclusion)
• For every uncle U in block B, the miner of B gets an additional 3.125% added to its coinbase reward and the miner of U gets 93.75% of a standard coinbase reward.

以太坊實現(xiàn)了一個只向下7層的簡化版的GHOST。確切地說，它被定義成如下所述：

• 一個區(qū)塊必須指定一個父區(qū)塊，0或者多個叔區(qū)塊
• 一個被包含在B區(qū)塊的叔區(qū)塊必須擁有如下屬性:
• • 它必須是B區(qū)塊的第k代祖先區(qū)塊的直接子區(qū)塊， 2 <= k <= 7。
• • 它不能是B區(qū)塊的祖先區(qū)塊
• • 叔區(qū)塊必須是區(qū)塊頭有效的，但不必是先前驗證的或者有效的區(qū)塊
• • 叔區(qū)塊必須與所有的被包含在以前區(qū)塊的叔區(qū)塊不同，并且所有其他叔區(qū)塊被包含在同一個區(qū)塊中（非雙重包含）
• 對每一個包含在B區(qū)塊的叔區(qū)塊U而言，挖掘出B區(qū)塊的礦工獲得額外的3.125%幣基獎勵，挖掘出U區(qū)塊的礦工獲得93.75%的標(biāo)準(zhǔn)的幣基獎勵

This limited version of GHOST, with uncles includable only up to 7 generations, was used for two reasons. First, unlimited GHOST would include too many complications into the calculation of which uncles for a given block are valid. Second, unlimited GHOST with compensation as used in Ethereum removes the incentive for a miner to mine on the main chain and not the chain of a public attacker.

這個限制性的GHOST版本，只有7代可使用，原因有兩個。 首先，無限制的GHOST會在計算給定塊的哪些叔區(qū)塊合法時包含太多復(fù)雜因素。 其次，在以太坊中使用的無限制GHOST的補(bǔ)償消除了激勵礦工在主鏈挖礦，而不是成為主鏈的公共攻擊者。

2、費(fèi)用（Fees）

Because every transaction published into the blockchain imposes on the network the cost of needing to download and verify it, there is a need for some regulatory mechanism, typically involving transaction fees, to prevent abuse. The default approach, used in Bitcoin, is to have purely voluntary fees, relying on miners to act as the gatekeepers and set dynamic minimums. This approach has been received very favorably in the Bitcoin community particularly because it is “market-based”, allowing supply and demand between miners and transaction senders determine the price. The problem with this line of reasoning is, however, that transaction processing is not a market; although it is intuitively attractive to construe transaction processing as a service that the miner is offering to the sender, in reality every transaction that a miner includes will need to be processed by every node in the network, so the vast majority of the cost of transaction processing is borne by third parties and not the miner that is making the decision of whether or not to include it. Hence, tragedy-of-the-commons problems are very likely to occur.

由于發(fā)布到區(qū)塊鏈中的每個交易都會向網(wǎng)絡(luò)施加需要下載和驗證的成本，因此需要一些管理機(jī)制（通常涉及交易費(fèi)用）來防止濫用。在比特幣中使用的默認(rèn)方法是純粹自愿收費(fèi)，依靠礦工作為守門人并設(shè)置動態(tài)最小值。這種方法在比特幣社區(qū)中非常受歡迎，特別是因為它是“基于市場”的，允許通過礦工和交易發(fā)送者之間的供求來決定價格。然而，這種推理的問題在于，交易處理并非一個市場;盡管將交易處理作為礦工提供給發(fā)送方的服務(wù)進(jìn)行交易處理具有直觀的吸引力，但實際上，礦工包括的每一筆交易都需要由網(wǎng)絡(luò)中的每個節(jié)點(diǎn)來處理，因此絕大多數(shù)處理交易的成本由第三方承擔(dān)，而不是由作出是否將其納入?yún)^(qū)塊的決定的礦工承擔(dān)。因此，很可能會發(fā)生公地悲劇問題。

However, as it turns out this flaw in the market-based mechanism, when given a particular inaccurate simplifying assumption, magically cancels itself out. The argument is as follows. Suppose that:

• A transaction leads to k operations, offering the reward kR to any miner that includes it where R is set by the sender and k and R are (roughly) visible to the miner beforehand.
• An operation has a processing cost of C to any node (ie. all nodes have equal efficiency)
• There are N mining nodes, each with exactly equal processing power (ie. 1/N of total)
• No non-mining full nodes exist.

然而，當(dāng)給出一個特別不準(zhǔn)確的簡化假設(shè)時，這個基于市場的機(jī)制中證明了的缺陷，神奇地自行消除了。 論證如下。 假設(shè)：

• 一個交易導(dǎo)致 k 個操作，提供 kR 獎勵給任何收錄交易的礦工，此處R是交易發(fā)送者設(shè)置的，同時k和R（大體上）事先對于礦工是可預(yù)見的。
• 對于任何節(jié)點(diǎn)來說，一步操作的處理成本是C（假設(shè)所有的節(jié)點(diǎn)具有相同的效率）
• 這里有N個擁有相同處理能力的挖礦節(jié)點(diǎn)，（例如，單個節(jié)點(diǎn)就是 1/N）
• 不存在不挖礦的全節(jié)點(diǎn)

A miner would be willing to process a transaction if the expected reward is greater than the cost. Thus, the expected reward is kR/N since the miner has a 1/N chance of processing the next block, and the processing cost for the miner is simply kC. Hence, miners will include transactions where kR/N > kC, or R > NC. Note that R is the per-operation fee provided by the sender, and is thus a lower bound on the benefit that the sender derives from the transaction, and NC is the cost to the entire network together of processing an operation. Hence, miners have the incentive to include only those transactions for which the total utilitarian benefit exceeds the cost.

如果期望的回報大于成本，礦工會愿意處理交易。 因此，期望的回報是kR / N，因為礦工有1 / N處理下一個塊的機(jī)會，并且礦工的處理成本僅為kC。 因此，礦工將在區(qū)塊中包含 kR / N> kC或R> NC的交易。 請注意，R是交易發(fā)送人提供的每次的操作費(fèi)用，因此是交易發(fā)送人（譯注：可能此處為筆誤，應(yīng)該為礦工）從交易中獲得的收益的下限，NC是整個網(wǎng)絡(luò)一起處理操作的成本。 因此，礦工只有動機(jī)去包含收益超過成本的那些交易。

However, there are several important deviations from those assumptions in reality:

• (1)The miner does pay a higher cost to process the transaction than the other verifying nodes, since the extra verification time delays block propagation and thus increases the chance the block will become a stale.
• (2)There do exist nonmining full nodes.
• (3)The mining power distribution may end up radically inegalitarian in practice.
• (4)Speculators, political enemies and crazies whose utility function includes causing harm to the network do exist, and they can cleverly set up contracts where their cost is much lower than the cost paid by other verifying nodes.

然而，在現(xiàn)實世界，這些假設(shè)還存在幾處重要的偏差：

• (1) 因為額外的驗證時間延遲了塊的傳播，從而增加了區(qū)塊成為廢區(qū)塊的可能性，所以礦工在處理交易上所耗費(fèi)的成本比其他驗證節(jié)點(diǎn)的高。
• (2)存在不挖礦的全節(jié)點(diǎn)。
• (3)實際上，挖礦算力分布可能最終極度不平衡。
• (4)以破壞網(wǎng)絡(luò)為己任的投機(jī)者，政治敵人和瘋子確實存在，并且他們可以巧妙地設(shè)置合約，使得他們的成本遠(yuǎn)低于其他驗證節(jié)點(diǎn)。

(1) provides a tendency for the miner to include fewer transactions, and (2) increases NC; hence, these two effects at least partially cancel each other out.How? (3) and (4) are the major issue; to solve them we simply institute a floating cap: no block can have more operations than BLK_LIMIT_FACTOR times the long-term exponential moving average. Specifically:

（1）使得礦工包含更少的交易成為趨勢，（2）增加NC; 因此，這兩種效應(yīng)至少部分相互抵消了。如何?（3）和（4）是主要問題; 為了解決它們，我們只需設(shè)置一個浮動上限：任何塊都不能有超過BLK_LIMIT_FACTOR 倍數(shù)的長期指數(shù)移動平均值的操作數(shù)。 具體地：

blk.oplimit = floor((blk.parent.oplimit * (EMAFACTOR - 1) + floor(parent.opcount * BLK_LIMIT_FACTOR)) / EMA_FACTOR)

BLK_LIMIT_FACTOR and EMA_FACTOR are constants that will be set to 65536 and 1.5 for the time being, but will likely be changed after further analysis.

BLK_LIMIT_FACTOR和EMA_FACTOR是暫時設(shè)置為65536和1.5的常量，但在進(jìn)一步分析后可能會更改。

There is another factor disincentivizing large block sizes in Bitcoin: blocks that are large will take longer to propagate, and thus have a higher probability of becoming stales. In Ethereum, highly gas-consuming blocks can also take longer to propagate both because they are physically larger and because they take longer to process the transaction state transitions to validate. This delay disincentive is a significant consideration in Bitcoin, but less so in Ethereum because of the GHOST protocol; hence, relying on regulated block limits provides a more stable baseline.

還有另一個因素阻礙大區(qū)塊在比特幣中存在：大區(qū)塊需要更長的時間才能傳播，因此有更高的可能性成為廢區(qū)塊。 在以太坊中，消耗gas較高的區(qū)塊也可能需要較長的時間才能傳播，因為它們物理上較大，并且處理事務(wù)狀態(tài)轉(zhuǎn)換需要較長的時間才能生效。 這種延遲抑制是比特幣的重要考慮因素，但由于GHOST協(xié)議的存在，在Ethereum中這并不那么重要; 因此，依靠規(guī)定的區(qū)塊限值可以提供更穩(wěn)定的基線。

3、計算和圖靈完備（Computation And Turing-Completeness）

An important note is that the Ethereum virtual machine is Turing-complete; this means that EVM code can encode any computation that can be conceivably carried out, including infinite loops. EVM code allows looping in two ways. First, there is a JUMP instruction that allows the program to jump back to a previous spot in the code, and a JUMPI instruction to do conditional jumping, allowing for statements like while x < 27: x = x * 2. Second, contracts can call other contracts, potentially allowing for looping through recursion. This naturally leads to a problem: can malicious users essentially shut miners and full nodes down by forcing them to enter into an infinite loop? The issue arises because of a problem in computer science known as the halting problem: there is no way to tell, in the general case, whether or not a given program will ever halt.

一個重要的提醒是以太坊虛擬機(jī)是圖靈完備的; 這意味著EVM代碼可以編碼任何可以實現(xiàn)的計算，包括無限循環(huán)。 EVM代碼允許以兩種方式循環(huán)。 第一種，有一個允許程序跳回到代碼中的前一個點(diǎn)的JUMP指令，以及一個執(zhí)行條件跳轉(zhuǎn)的JUMPI指令，允許像x <27：x = x * 2這樣的語句。第二種，合約可以調(diào)用其他合約，可能允許通過遞歸循環(huán)。 這自然會導(dǎo)致一個問題：惡意用戶能否通過迫使他們進(jìn)入無限循環(huán)來關(guān)閉礦池和完整節(jié)點(diǎn)？ 出現(xiàn)這個問題是因為計算機(jī)科學(xué)中存在一個問題，稱為停止問題：在一般情況下，無法說明給定的程序是否會停止。

As described in the state transition section, our solution works by requiring a transaction to set a maximum number of computational steps that it is allowed to take, and if execution takes longer computation is reverted but fees are still paid. Messages work in the same way. To show the motivation behind our solution, consider the following examples:

正如狀態(tài)轉(zhuǎn)換部分所述，我們的解決方案的運(yùn)行是通過要求交易設(shè)置允許采用的最大計算步驟數(shù)，如果執(zhí)行時間更長，那么計算將會反轉(zhuǎn)，但費(fèi)用仍需仍會支付。 消息以相同的方式工作。 為了展示我們解決方案背后的動機(jī)，請考慮以下示例：

An attacker creates a contract which runs an infinite loop, and then sends a transaction activating that loop to the miner. The miner will process the transaction, running the infinite loop, and wait for it to run out of gas. Even though the execution runs out of gas and stops halfway through, the transaction is still valid and the miner still claims the fee from the attacker for each computational step.

攻擊者創(chuàng)建一個運(yùn)行無限循環(huán)的合同，然后發(fā)送一個激活該循環(huán)的交易給礦工。 礦工將處理交易，運(yùn)行無限循環(huán)，并等待它耗盡gas。 即使運(yùn)行耗盡了gas，在運(yùn)行到一半時停止了，交易仍然有效，并且礦工仍然可以要求攻擊者為每個計算步驟支付費(fèi)用。

An attacker creates a very long infinite loop with the intent of forcing the miner to keep computing for such a long time that by the time computation finishes a few more blocks will have come out and it will not be possible for the miner to include the transaction to claim the fee. However, the attacker will be required to submit a value for STARTGAS limiting the number of computational steps that execution can take, so the miner will know ahead of time that the computation will take an excessively large number of steps.

攻擊者創(chuàng)建了一個非常長的無限循環(huán)，其目的是迫使礦工持續(xù)計算這么長時間，所以當(dāng)計算完成時，會有更多的區(qū)塊產(chǎn)生出來，因此對于礦工（譯注：負(fù)責(zé)計算非常長無限循環(huán)的礦工）來說包含交易索取費(fèi)用將不再可能。 然而，攻擊者將被要求提交一個STARTGAS的值，以限制可以執(zhí)行的計算步驟的數(shù)量，所以礦工會提前知道計算過程需要極其大量的步驟。

An attacker sees a contract with code of some form like send(A,contract.storage[A]); contract.storage[A] = 0, and sends a transaction with just enough gas to run the first step but not the second (ie. making a withdrawal but not letting the balance go down). The contract author does not need to worry about protecting against such attacks, because if execution stops halfway through the changes get reverted.

攻擊者通過某種形式的代碼來查看合約，如send（A，contract.storage [A]）; contract.storage [A] = 0，并發(fā)送一個只有足夠的gas來運(yùn)行第一步但不是第二步的交易（即提款但不讓余額下降）。 合約制定者不需要擔(dān)心防范這種攻擊，因為如果執(zhí)行中途停止，更改將被恢復(fù)。

A financial contract works by taking the median of nine proprietary data feeds in order to minimize risk. An attacker takes over one of the data feeds, which is designed to be modifiable via the variable-address-call mechanism described in the section on DAOs, and converts it to run an infinite loop, thereby attempting to force any attempts to claim funds from the financial contract to run out of gas. However, the financial contract can set a gas limit on the message to prevent this problem.

金融合約通過采用九個專有數(shù)據(jù)反饋的中間值來降低風(fēng)險。 攻擊者接管其中一個數(shù)據(jù)反饋，該數(shù)據(jù)反饋旨在通過DAO部分中描述的可變地址呼叫機(jī)制進(jìn)行修改，并將其轉(zhuǎn)換為運(yùn)行無限循環(huán)，從而強(qiáng)制任何嘗試從金融合約索取利益的努力因耗盡gas而中止。 但是，金融合約可以設(shè)置消息的gas限制以防止此問題發(fā)生。

The alternative to Turing-completeness is Turing-incompleteness, where JUMP and JUMPI do not exist and only one copy of each contract is allowed to exist in the call stack at any given time. With this system, the fee system described and the uncertainties around the effectiveness of our solution might not be necessary, as the cost of executing a contract would be bounded above by its size. Additionally, Turing-incompleteness is not even that big a limitation; out of all the contract examples we have conceived internally, so far only one required a loop, and even that loop could be removed by making 26 repetitions of a one-line piece of code. Given the serious implications of Turing-completeness, and the limited benefit, why not simply have a Turing-incomplete language? In reality, however, Turing-incompleteness is far from a neat solution to the problem. To see why, consider the following contracts:

圖靈完備性的替代是圖靈不完備性，其中JUMP和JUMPI不存在，并且在任何給定時間只允許在調(diào)用堆棧中存在每個合約的一個副本。 在這個系統(tǒng)中，所描述的費(fèi)用體系和我們解決方案效力的不確定性不再是必須，因為執(zhí)行合同的成本將受到其規(guī)模的限制。 另外，圖靈不完備性甚至也不是那么大的限制; 在我們內(nèi)部構(gòu)想的所有合約示例中，到目前為止，只有一個需要循環(huán)，即使那樣也可以通過重復(fù)26行單行代碼來消除該循環(huán)。 考慮到圖靈完備性的嚴(yán)重影響以及有限的收益，為什么不簡單地使用圖靈不完備的語言呢？ 然而，事實上，圖靈不完備性并不能很好地解決這個問題。 要明白為什么，請考慮以下合約：

C0: call(C1); call(C1);
C1: call(C2); call(C2);
C2: call(C3); call(C3);
...
C49: call(C50); call(C50);
C50: (run one step of a program and record the change in storage)

Now, send a transaction to A. Thus, in 51 transactions, we have a contract that takes up 250computational steps. Miners could try to detect such logic bombs ahead of time by maintaining a value alongside each contract specifying the maximum number of computational steps that it can take, and calculating this for contracts calling other contracts recursively, but that would require miners to forbid contracts that create other contracts (since the creation and execution of all 26 contracts above could easily be rolled into a single contract). Another problematic point is that the address field of a message is a variable, so in general it may not even be possible to tell which other contracts a given contract will call ahead of time. Hence, all in all, we have a surprising conclusion: Turing-completeness is surprisingly easy to manage, and the lack of Turing-completeness is equally surprisingly difficult to manage unless the exact same controls are in place - but in that case why not just let the protocol be Turing-complete?

現(xiàn)在，向A發(fā)送一筆交易。因此，在51筆交易中，我們有一份包含250個計算步驟的合約。礦工們可以嘗試提前檢測這種邏輯炸彈，方法是為每個合約保留一個值，限定其可以采取的最大計算步驟數(shù)，然后對遞歸調(diào)用其他合同的合同進(jìn)行計算，但這要求礦工禁止合約創(chuàng)建其他合約（因為上述所有26份合約的創(chuàng)建和執(zhí)行可以很容易地合并成一份合約）。另一個問題是，消息的地址字段是一個變量，所以一般情況下甚至不可能知道給定合約將提前調(diào)用哪些其他合約。因此，總而言之，我們得出了一個令人驚訝的結(jié)論：圖靈完備性出奇地容易管理；除非有相同的控制措施，缺乏圖靈完備性同樣令人驚訝地難以管理 - 但在這種情況下，為什么不讓協(xié)議成為圖靈完備的呢？

4、貨幣和發(fā)行（Currency And Issuance）

The Ethereum network includes its own built-in currency, ether, which serves the dual purpose of providing a primary liquidity layer to allow for efficient exchange between various types of digital assets and, more importantly, of providing a mechanism for paying transaction fees. For convenience and to avoid future argument (see the current mBTC/uBTC/satoshi debate in Bitcoin), the denominations will be pre-labelled:

以太坊網(wǎng)絡(luò)包括自己的內(nèi)置貨幣，ether，它服務(wù)于如下雙重目的，提供主要流動性層，以實現(xiàn)各種數(shù)字資產(chǎn)之間的有效交換，更重要的是，提供支付交易費(fèi)用的機(jī)制。 為了方便和避免未來的爭論（參見比特幣當(dāng)前的mBTC / uBTC / satoshi辯論），這些面值將被預(yù)先標(biāo)記：

1: wei
10^12: szabo
10^15: finney
10^18: ether

This should be taken as an expanded version of the concept of “dollars” and “cents” or “BTC” and “satoshi”. In the near future, we expect “ether” to be used for ordinary transactions, “finney” for microtransactions and “szabo” and “wei” for technical discussions around fees and protocol implementation; the remaining denominations may become useful later and should not be included in clients at this point.

這應(yīng)該被視為“美元”和“美分”或“BTC”和“satoshi”概念的擴(kuò)展版本。 在不久的將來，我們期望“ether”用于普通交易，“finney”用于微交易，“szabo”和“wei”用于費(fèi)用和協(xié)議實施的技術(shù)討論; 其余的面值可能會稍后變得有用，此時不應(yīng)包含在客戶端中。

The issuance model will be as follows:
Ether will be released in a currency sale at the price of 1000-2000 ether per BTC, a mechanism intended to fund the Ethereum organization and pay for development that has been used with success by other platforms such as Mastercoin and NXT. Earlier buyers will benefit from larger discounts. The BTC received from the sale will be used entirely to pay salaries and bounties to developers and invested into various for-profit and non-profit projects in the Ethereum and cryptocurrency ecosystem.

發(fā)行模型將會是如下這樣：
以太網(wǎng)將以 1000-2000ether/BTC 的價格進(jìn)行貨幣銷售，這一機(jī)制旨在為以太坊組織提供資金，并支付開發(fā)者報酬，這一方式已被其他平臺（如Mastercoin和NXT）成功使用。 較早的買家將受益于較大的折扣。 從銷售中獲得的BTC將完全用于向開發(fā)者支付薪水和獎金，并投資于以太坊和加密貨幣生態(tài)系統(tǒng)中的各種營利和非盈利項目。

• 0.099x the total amount sold (60102216 ETH) will be allocated to the organization to compensate early contributors and pay ETH-denominated expenses before the genesis block.
• 0.099x the total amount sold will be maintained as a long-term reserve.
• 0.26x the total amount sold will be allocated to miners per year forever after that point.

• 已售出總金額（60102216 ETH）的0.099x將分配給組織，以補(bǔ)償早期貢獻(xiàn)者，用以太幣計價的方式支付在創(chuàng)世塊誕生前的花費(fèi)。
• 已售總額的0.099將作為長期儲備而保持。
• 已售總額的0.26將每年被礦工挖出。
  

Long-Term Supply Growth Rate (percent) 長期供應(yīng)增長率（百分比）

Despite the linear currency issuance, just like with Bitcoin over time the supply growth rate nevertheless tends to zero

除了線性的發(fā)行方式外，與比特幣一樣，隨著時間的推移貨幣供應(yīng)的增長率將無限接近0

The two main choices in the above model are (1) the existence and size of an endowment pool, and (2) the existence of a permanently growing linear supply, as opposed to a capped supply as in Bitcoin. The justification of the endowment pool is as follows. If the endowment pool did not exist, and the linear issuance reduced to 0.217x to provide the same inflation rate, then the total quantity of ether would be 16.5% less and so each unit would be 19.8% more valuable. Hence, in the equilibrium 19.8% more ether would be purchased in the sale, so each unit would once again be exactly as valuable as before. The organization would also then have 1.198x as much BTC, which can be considered to be split into two slices: the original BTC, and the additional 0.198x. Hence, this situation is exactly equivalent to the endowment, but with one important difference: the organization holds purely BTC, and so is not incentivized to support the value of the ether unit.

上述模型中的兩個主要選擇是（1）稟賦（譯注：初始擁有的資源，詳見知乎）池的存在和規(guī)模，以及（2）存在一個永久增長的線性供給，而不是像比特幣那樣的總量限制供給。 稟賦池存在的理由如下。 如果稟賦池不存在，線性發(fā)行量將減少到0.217x以提供相同的通貨膨脹率，那么ether的總量將減少16.5％，因此每個單位的價值將增加19.8％。 因此，在平衡銷售中，19.8%的ether將會被購買，所以每個單位將再次與以前一樣有價值。 組織還將擁有與BTC等值的1.198x以太幣，這可以被認(rèn)為分為兩部分：最初的BTC和額外的0.198x。 因此，這種情況與稟賦完全相同，但有一個重要區(qū)別：組織持有的是純粹的BTC，因此并不支持以太幣單位的價值。

The permanent linear supply growth model reduces the risk of what some see as excessive wealth concentration in Bitcoin, and gives individuals living in present and future eras a fair chance to acquire currency units, while at the same time retaining a strong incentive to obtain and hold ether because the “supply growth rate” as a percentage still tends to zero over time. We also theorize that because coins are always lost over time due to carelessness, death, etc, and coin loss can be modeled as a percentage of the total supply per year, that the total currency supply in circulation will in fact eventually stabilize at a value equal to the annual issuance divided by the loss rate (eg. at a loss rate of 1%, once the supply reaches 26X then 0.26X will be mined and 0.26X lost every year, creating an equilibrium).

永久性線性供給增長模型降低了一些人認(rèn)為比特幣中財富過度集中的風(fēng)險，并且使得生活在當(dāng)前和未來時代的個人有一個獲得貨幣的公平機(jī)會，同時保留強(qiáng)烈的獲取和持有動機(jī)，因為隨著時間的推移，“供應(yīng)增長率”百分比將趨近于零。 我們還可以從理論上證明，因為粗心大意，死亡等原因，以太幣總是會隨時間而減少，而以太幣的流失可以模擬為每年總供給的百分比，因此流通中的貨幣總量實際上最終會穩(wěn)定在一個數(shù)值，等于年發(fā)行額除以損失率（例如損失率為1％，一旦供應(yīng)量達(dá)到26X，那么將開采0.26X，每年損失0.26X，創(chuàng)造均衡）。

Note that in the future, it is likely that Ethereum will switch to a proof-of-stake model for security, reducing the issuance requirement to somewhere between zero and 0.05X per year. In the event that the Ethereum organization loses funding or for any other reason disappears, we leave open a “social contract”: anyone has the right to create a future candidate version of Ethereum, with the only condition being that the quantity of ether must be at most equal to 60102216 * (1.198 + 0.26 * n) where n is the number of years after the genesis block. Creators are free to crowd-sell or otherwise assign some or all of the difference between the PoS-driven supply expansion and the maximum allowable supply expansion to pay for development. Candidate upgrades that do not comply with the social contract may justifiably be forked into compliant versions.

請注意，在未來，以太坊很可能會轉(zhuǎn)而采用權(quán)益證明模式來確保安全性，將發(fā)行要求降低至每年0至0.05X之間。 如果以太坊組織失去資金或出于任何其他原因而消失，我們將開放一個“社會契約”：任何人都有權(quán)創(chuàng)建一個未來候選版本的以太坊，唯一的條件是以太幣的數(shù)量必須是 最多等于60102216 *（1.198 + 0.26 * n），其中n是創(chuàng)始塊產(chǎn)生后的年數(shù)。 創(chuàng)建者可以自由地通過眾籌或以其他方式分配PoS驅(qū)動的供應(yīng)擴(kuò)展和最大允許供應(yīng)擴(kuò)展之間的部分或全部差異，以支付開發(fā)費(fèi)用。 不符合社區(qū)合約的候選版本的升級可能被合理地分叉為兼容版本。

5、挖礦中心化（Mining Centralization）

The Bitcoin mining algorithm works by having miners compute SHA256 on slightly modified versions of the block header millions of times over and over again, until eventually one node comes up with a version whose hash is less than the target (currently around 2192). However, this mining algorithm is vulnerable to two forms of centralization. First, the mining ecosystem has come to be dominated by ASICs (application-specific integrated circuits), computer chips designed for, and therefore thousands of times more efficient at, the specific task of Bitcoin mining. This means that Bitcoin mining is no longer a highly decentralized and egalitarian pursuit, requiring millions of dollars of capital to effectively participate in. Second, most Bitcoin miners do not actually perform block validation locally; instead, they rely on a centralized mining pool to provide the block headers. This problem is arguably worse: as of the time of this writing, the top three mining pools indirectly control roughly 50% of processing power in the Bitcoin network, although this is mitigated by the fact that miners can switch to other mining pools if a pool or coalition attempts a 51% attack.

比特幣挖掘算法的工作原理是，讓礦工們一次又一次地對塊頭進(jìn)行修改過的版本進(jìn)行SHA256計算，直到一個節(jié)點(diǎn)產(chǎn)生一個散列值小于目標(biāo)的值（當(dāng)前大約在2^192）。但是，這種挖掘算法容易受到兩種形式的集中管理的傷害。第一種，挖礦生態(tài)系統(tǒng)已經(jīng)被ASIC（專用集成電路），計算機(jī)芯片所主宰，這些芯片被設(shè)計用于比特幣挖礦的特定任務(wù)，因此效率高出數(shù)千倍。這意味著比特幣挖掘不再是一種高度分散的和平等的追求，需要數(shù)百萬美元的資金才能有效參與。第二種，大多數(shù)比特幣礦工實際上并未在本地進(jìn)行塊驗證;相反，他們依靠中央采礦池來提供塊頭。這個問題可以說是更糟的：截至撰寫本文時，前三位的礦池共同間接控制了比特幣網(wǎng)絡(luò)中大約50％的處理能力，雖然在有礦池或聯(lián)盟試圖發(fā)起51%攻擊時，礦工們可以轉(zhuǎn)移到其他礦池，來減輕這個問題。

The current intent at Ethereum is to use a mining algorithm where miners are required to fetch random data from the state, compute some randomly selected transactions from the last N blocks in the blockchain, and return the hash of the result. This has two important benefits. First, Ethereum contracts can include any kind of computation, so an Ethereum ASIC would essentially be an ASIC for general computation - ie. a better CPU. Second, mining requires access to the entire blockchain, forcing miners to store the entire blockchain and at least be capable of verifying every transaction. This removes the need for centralized mining pools; although mining pools can still serve the legitimate role of evening out the randomness of reward distribution, this function can be served equally well by peer-to-peer pools with no central control.

以太坊目前的意圖是使用挖掘算法，礦工需要從狀態(tài)中提取隨機(jī)數(shù)據(jù)，計算區(qū)塊鏈中最后N個塊的一些隨機(jī)選擇的交易，并返回結(jié)果的散列值。 這有兩個重要的好處。 首先，以太坊合約可以包括任何種類的計算，因此以太坊ASIC本質(zhì)上只能當(dāng)成一般計算的ASIC -例如， 一個更好的CPU。 其次，采礦需要訪問整個區(qū)塊鏈，迫使礦工存儲整個區(qū)塊鏈，并至少能夠驗證每筆交易。 這消除了對集中式礦池的需求; 雖然礦池仍然可以起到平衡獎勵分配隨機(jī)性的合法作用，但這種功能可以通過沒有中央控制的對等池進(jìn)行同樣的服務(wù)。

This model is untested, and there may be difficulties along the way in avoiding certain clever optimizations when using contract execution as a mining algorithm. However, one notably interesting feature of this algorithm is that it allows anyone to “poison the well”, by introducing a large number of contracts into the blockchain specifically designed to stymie certain ASICs. The economic incentives exist for ASIC manufacturers to use such a trick to attack each other. Thus, the solution that we are developing is ultimately an adaptive economic human solution rather than purely a technical one.

該模型未經(jīng)測試，在使用合約執(zhí)行作為挖掘算法時，避免某些巧妙的優(yōu)化方法可能會遇到困難。 然而，這種算法的一個值得注意的特點(diǎn)是，它允許任何人通過將大量合約引入專門設(shè)計用于阻礙特定ASIC的運(yùn)行，這好比“井里下毒”。由于經(jīng)濟(jì)激勵措施存在，ASIC制造商會使用這種技巧來進(jìn)行互相攻擊。 因此，我們正在開發(fā)的解決方案最終是一種，適應(yīng)的經(jīng)濟(jì)人，而非純粹的技術(shù)解決方案。

6、Scalability 可擴(kuò)展性

One common concern about Ethereum is the issue of scalability. Like Bitcoin, Ethereum suffers from the flaw that every transaction needs to be processed by every node in the network. With Bitcoin, the size of the current blockchain rests at about 15 GB, growing by about 1 MB per hour. If the Bitcoin network were to process Visa’s 2000 transactions per second, it would grow by 1 MB per three seconds (1 GB per hour, 8 TB per year). Ethereum is likely to suffer a similar growth pattern, worsened by the fact that there will be many applications on top of the Ethereum blockchain instead of just a currency as is the case with Bitcoin, but ameliorated by the fact that Ethereum full nodes need to store just the state instead of the entire blockchain history.

關(guān)于以太坊的一個常見問題是可擴(kuò)展性問題。 和比特幣一樣，以太坊也面臨著每個交易需要由網(wǎng)絡(luò)中的每個節(jié)點(diǎn)處理的缺陷。 使用比特幣，目前區(qū)塊鏈的規(guī)模約為15 GB，每小時增長約1 MB。 如果比特幣網(wǎng)絡(luò)每秒處理Visa 2000次交易，則每三秒鐘增長1MB（每小時1GB，每年8TB）。 以太坊可能會遭受類似的增長模式，事實上更糟糕的是，在以太坊區(qū)塊鏈上將會有許多應(yīng)用程序，而不僅僅是像比特幣一樣的貨幣，但是由于事實上的改進(jìn)，以太坊全節(jié)點(diǎn)需要存儲的只是狀態(tài)而不是整個區(qū)塊鏈歷史。

The problem with such a large blockchain size is centralization risk. If the blockchain size increases to, say, 100 TB, then the likely scenario would be that only a very small number of large businesses would run full nodes, with all regular users using light SPV nodes. In such a situation, there arises the potential concern that the full nodes could band together and all agree to cheat in some profitable fashion (eg. change the block reward, give themselves BTC). Light nodes would have no way of detecting this immediately. Of course, at least one honest full node would likely exist, and after a few hours information about the fraud would trickle out through channels like Reddit, but at that point it would be too late: it would be up to the ordinary users to organize an effort to blacklist the given blocks, a massive and likely infeasible coordination problem on a similar scale as that of pulling off a successful 51% attack. In the case of Bitcoin, this is currently a problem, but there exists a blockchain modification suggested by Peter Todd which will alleviate this issue.

如此大的區(qū)塊鏈的問題是集中化風(fēng)險。如果區(qū)塊鏈大小增加到100TB，那么可能的情況是只有極少數(shù)的大型企業(yè)會運(yùn)行全節(jié)點(diǎn)，所有普通用戶都使用輕型SPV節(jié)點(diǎn)。在這種情況下，可能會出現(xiàn)這樣的擔(dān)憂：全部節(jié)點(diǎn)可以連接在一起，并且都同意以某種有利的方式作弊（例如，改變塊獎勵，給自己BTC）。輕節(jié)點(diǎn)將無法立即檢測到這一點(diǎn)。當(dāng)然，至少有一個誠實的完整節(jié)點(diǎn)可能存在，幾個小時后，關(guān)于欺詐的信息將通過像Reddit這樣的渠道流淌出來，但那時就太遲了：要由普通用戶組織起來努力將給定的區(qū)塊列入黑名單，這是一個巨大而且不可行的協(xié)調(diào)問題，在類似的規(guī)模上，這相當(dāng)于成功抵御51％攻擊。就比特幣而言，目前這是一個問題，但是彼得托德提出的區(qū)塊鏈修改建議會緩解這個問題。

In the near term, Ethereum will use two additional strategies to cope with this problem. First, because of the blockchain-based mining algorithms, at least every miner will be forced to be a full node, creating a lower bound on the number of full nodes. Second and more importantly, however, we will include an intermediate state tree root in the blockchain after processing each transaction. Even if block validation is centralized, as long as one honest verifying node exists, the centralization problem can be circumvented via a verification protocol. If a miner publishes an invalid block, that block must either be badly formatted, or the state S[n] is incorrect. Since S[0] is known to be correct, there must be some first state S[i] that is incorrect where S[i-1] is correct. The verifying node would provide the index i, along with a “proof of invalidity” consisting of the subset of Patricia tree nodes needing to process APPLY(S[i-1],TX[i]) -> S[i]. Nodes would be able to use those nodes to run that part of the computation, and see that the S[i] generated does not match the S[i] provided.

在短期內(nèi)，以太坊將采用另外兩種策略來解決這個問題。首先，由于基于區(qū)塊鏈的挖掘算法，至少每個礦工將被迫成為一個完整的節(jié)點(diǎn)，從而在全節(jié)點(diǎn)的數(shù)量上形成了一個下限。其次，更重要的是，在處理每個交易之后，我們將在區(qū)塊鏈中包含一個中間狀態(tài)樹根。即使塊驗證是集中式的，只要存在一個誠實的驗證節(jié)點(diǎn)，集中問題就可以通過驗證協(xié)議規(guī)避。如果一個礦工發(fā)布了一個無效塊，那么該塊必須格式化得很差，或者狀態(tài)S [n]不正確。由于已知S [0]是正確的，所以在S [i-1]正確的情況下，必定有一些第一狀態(tài)S [i]不正確。驗證節(jié)點(diǎn)將提供索引 i 以及由需要處理APPLY（S [i-1]，TX [i]） - > S [i]的Patricia樹節(jié)點(diǎn)的子集組成的“無效證明”。節(jié)點(diǎn)將能夠使用這些節(jié)點(diǎn)來運(yùn)行該部分計算，并且看到生成的S [i]與提供的S [i]不匹配。

Another, more sophisticated, attack would involve the malicious miners publishing incomplete blocks, so the full information does not even exist to determine whether or not blocks are valid. The solution to this is a challenge-response protocol: verification nodes issue “challenges” in the form of target transaction indices, and upon receiving a node a light node treats the block as untrusted until another node, whether the miner or another verifier, provides a subset of Patricia nodes as a proof of validity.

另一個更復(fù)雜的攻擊將涉及惡意的礦工發(fā)布不完整的塊，因此甚至不存在全部信息來確定塊是否有效。 對此的解決方案是 質(zhì)疑-響應(yīng) 協(xié)議：驗證節(jié)點(diǎn)以目標(biāo)交易索引的形式發(fā)出“質(zhì)疑”，接收到信息的節(jié)點(diǎn)，輕節(jié)點(diǎn)將該塊視為不可信，直到另一節(jié)點(diǎn)（無論是礦工還是另一驗證者）提供Patricia 節(jié)點(diǎn)的一個子集作為有效性的證明。

（五）、結(jié)論（Conclusion）

The Ethereum protocol was originally conceived as an upgraded version of a cryptocurrency, providing advanced features such as on-blockchain escrow, withdrawal limits, financial contracts, gambling markets and the like via a highly generalized programming language. The Ethereum protocol would not “support” any of the applications directly, but the existence of a Turing-complete programming language means that arbitrary contracts can theoretically be created for any transaction type or application. What is more interesting about Ethereum, however, is that the Ethereum protocol moves far beyond just currency. Protocols around decentralized file storage, decentralized computation and decentralized prediction markets, among dozens of other such concepts, have the potential to substantially increase the efficiency of the computational industry, and provide a massive boost to other peer-to-peer protocols by adding for the first time an economic layer. Finally, there is also a substantial array of applications that have nothing to do with money at all.

以太坊協(xié)議最初被設(shè)想為加密貨幣的升級版本，通過高度通用的編程語言提供高級功能，如區(qū)塊鏈托管，取款限制，金融合約，賭博市場等。以太坊協(xié)議不會直接“支持”任何應(yīng)用程序，但是圖靈完備的編程語言的存在意味著可以在理論上為任何交易類型或應(yīng)用程序創(chuàng)建任意合約。然而，以太坊更有趣的是以太坊協(xié)議遠(yuǎn)遠(yuǎn)超出了貨幣。有關(guān)分布式文件存儲，分布式計算和分布式預(yù)測市場的協(xié)議，以及其他幾十種這樣的概念，都有可能極大提高計算行業(yè)的效率，并首次通過添加經(jīng)濟(jì)層為其他P2P協(xié)議提供有力的支撐。最后，還有大量與金錢無關(guān)的應(yīng)用程序。

The concept of an arbitrary state transition function as implemented by the Ethereum protocol provides for a platform with unique potential; rather than being a closed-ended, single-purpose protocol intended for a specific array of applications in data storage, gambling or finance, Ethereum is open-ended by design, and we believe that it is extremely well-suited to serving as a foundational layer for a very large number of both financial and non-financial protocols in the years to come.

由以太坊協(xié)議實施的任意狀態(tài)轉(zhuǎn)換功能的概念提供了一個具有獨(dú)特潛力的平臺; 而不是一個封閉式的單一用途協(xié)議，專門用于數(shù)據(jù)存儲，賭博或金融領(lǐng)域的特定應(yīng)用。以太坊在設(shè)計上是開放式的，在今后幾年中，我們相信它非常適合作為大量的財務(wù)和非財務(wù)協(xié)議的基礎(chǔ)協(xié)議。文章來源地址http://www.zghlxwxcb.cn/news/detail-779443.html

（六）、注釋（Notes）

1. A sophisticated reader may notice that in fact a Bitcoin address is the hash of the elliptic curve public key, and not the public key itself. However, it is in fact perfectly legitimate cryptographic terminology to refer to the pubkey hash as a public key itself. This is because Bitcoin’s cryptography can be considered to be a custom digital signature algorithm, where the public key consists of the hash of the ECC pubkey, the signature consists of the ECC pubkey concatenated with the ECC signature, and the verification algorithm involves checking the ECC pubkey in the signature against the ECC pubkey hash provided as a public key and then verifying the ECC signature against the ECC pubkey.

1. 一個有經(jīng)驗的讀者可能會注意到，實際上比特幣地址是橢圓曲線公鑰的散列值，而不是公鑰本身。 然而，事實上，將公鑰散列作為公鑰本身就是完全合法的加密術(shù)語。 這是因為比特幣的密碼學(xué)可以被認(rèn)為是一種自定義的數(shù)字簽名算法，其中公鑰由ECC公鑰的散列組成，簽名由與ECC簽名串聯(lián)的ECC公鑰組成，并且驗證算法涉及檢查ECC 簽名中的公鑰與作為公鑰提供的ECC 公鑰哈希簽名，然后根據(jù)ECC pubkey驗證ECC簽名。

2. Technically, the median of the 11 previous blocks.

2. 從技術(shù)上來看，前11個區(qū)塊的中位數(shù)

3. Internally, 2 and “CHARLIE” are both numbers, with the latter being in big-endian base 256 representation. Numbers can be at least 0 and at most 2256-1.

3. 在內(nèi)部，2和“CHARLIE”都是數(shù)字，后一個有巨大的base256編碼格式。 數(shù)字從0到2^256-1不等。

到了這里，關(guān)于以太坊白皮書（中英對照版）的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！