Facebook的Libra 「區塊鏈」究竟是如何運做的？

本文深刻研究了「關於Facebook Libra coin (以及更多)平臺協議」的26頁技術文檔，並對其內容進行了分解說明。同時，咱們對這53位做者表示衷心的欽佩！
如下爲具體分析內容：
（文中英文內容爲「協議」原文，中文翻譯是對「協議」內容的解讀。）

---

摘要

The Libra protocol allows a set of replicas—referred to as
validators—from different authorities to jointly maintain a database
of programmable resources.

換句話說，也就是這個系統須要由一組權威機構以自上而下的方式進行控制。然而，請注意，該數據庫是爲維護「可編程資源」而不只僅是維護數字貨幣的。

These resources are owned by different user accounts authenticated by
public key cryptography and adhere to custom rules specified by the
developers of these resources.

使用諸如「資源」（resources）之類的通用詞彙使我懷疑這裏不只僅是指一種穩定幣。

Transactions are based on predefined and, in future versions,
user-defined smart contracts in a new programming language called
Move. We use Move to define the core mechanisms of the blockchain,
such as the currency and validator membership.

好了，這個有意思了。使用專門的智能契約語言會致使不少問題，好比該語言的功能豐富度，以及延伸到該系統對對抗性契約的健壯性有多強的問題。還有一些關於開發人員友好性以及Libra如何保護智能合約開發人員不受影響的問題都是須要明晰的。

These core mechanisms enable the creation of a unique governance
mechanism that builds on the stability and reputation of existing
institutions in the early days but transitions to a fully open system
over time.

關於開發人員友好性以及Libra如何保護智能合約開發人員不受影響，這還是問題。

1.簡介

This ecosystem will offer a new global currency—the Libra coin—which
will be fully backed with a basket of bank deposits and treasuries
from high-quality central banks.

Libra是一種通用的加密資產協議，第一個資產將是一種穩定幣。

Over time, membership eligibility will shift to become completely open
and based only on the member’s holdings of Libra.

聽起來很像股權證實。顯然，計劃是在五年後開放會員資格，並但願他們當時可以找到股份證實——儘管我預計它們會遇到與Ethereum相同的問題。

The association has published reports outlining … the roadmap for the
shift toward a permissionless system.

我很肯定這將是分佈式網絡首次從許可型轉換爲非許可型。也許整個網絡能夠轉換爲股權證實，但爲了穩定幣/籃子，一些實體必須保持對傳統金融系統的開放。這將是經過Libra協會長期集中控制的重點。

Validators take turns driving the process of accepting transactions.
When a validator acts as a leader, it proposes transactions, both
those directly submitted to it by clients and those indirectly
submitted through other validators, to the other validators. All
validators execute the transactions and form an authenticated data
structure that contains the new ledger history. The validators vote on
the authenticator for this data structure as part of the consensus
protocol.

這聽起來像Practical Byzantine Fault Tolerance(實用拜占庭容錯算法)，這是一個很好理解的發展了20年的算法，儘管他們可能作了一些調整。咱們在白皮書的第5節中瞭解到它被稱爲LibraBFT，它是HotStuff共識協議的變體。

As part of committing a transaction T i at version i, the consensus
protocol outputs a signature on the full state of the database at
version i—including its entire history—to authenticate responses to
queries from clients.

這是值得注意的，主要是由於它意味着新的驗證者應該可以加入網絡並快速同步，而沒必要回溯區塊鏈的整個歷史記錄，前提是它們信任現有的驗證者。
這種賬戶模型是有可能的，由於Facebook不太可能關注隱私，而它確實對智能合約感興趣。

2.邏輯數據模型

The Libra protocol uses an account-based data model to encode the
ledger state.

從數據結構的角度來看，Libra更像Ethereum或Ripple，而不是比特幣。UTXO模型有優勢也有缺點——因爲基於輸出的歷史記錄的簡單性，它具備更好的私密性和更健壯的事務歷史記錄——可是處理複雜的智能合約可能更困難。所以，帳戶模式是有意義的，由於Facebook不太可能關注隱私，儘管聽起來它對智能合同很感興趣。

The Libra protocol does not link accounts to a real-world identity. A
user is free to create multiple accounts by generating multiple
key-pairs. Accounts controlled by the same user have no inherent link
to each other. This scheme follows the example of Bitcoin and Ethereum
in that it provides pseudonymity for users.

這聽起來好得驚人，但我想知道Libra coin是否也是這種狀況。對於那些想要開發一些更能保護隱私的應用程序的開發人員來講，觀察這個系統的開放程度將是一件頗有趣的事情。

Every resource has a type declared by a module. Resource types are
nominal types that consist of the name of the type and the name and
address of the resource’s declaring module.

看起來你能夠生成一個地址，只要每一個資產都有惟一的名稱，該地址就能夠分配任意數量的資產。

Executing a transaction T i produces a new ledger state S i as well as
the execution status code, gas usage, and event list.

好了，如今咱們知道了如何保護系統免受資源耗盡攻擊，大概是利用相似於Ethereum的資源成本系統。

There is no concept of a block of transactions in the ledger history.

有趣。Libra協議中沒有實際的區塊鏈數據結構——塊更像是一個虛擬的邏輯結構，驗證者使用它來協調系統狀態的確認快照。回過頭來看，這一節的第一句話如今有了更多的意義:

All data in the Libra Blockchain is stored in a single versioned
database. A version number is an unsigned 64-bit integer that
corresponds to the number of transactions the system has executed.

我所熟悉的每一個加密資產網絡都以相同的方式在很是高的層次上工做：首先存在一個系統狀態，而後執行一個事務，其實是一個狀態轉換函數，接着新的系統狀態就出現了。

將批量事務放入容器或塊中的目的是爲了對它們進行排序和加時間戳。這對於無許可網絡很是重要，在這種網絡中，數據經過動態多方成員簽名進行身份驗證，驗證者能夠自由地加入和離開網絡。由於Libra運行一個通過許可的系統，因此它可使用一個更有效的協商一致算法，而不須要批處理事務，由於事務歷史記錄被重寫的可能性要小得多。

In the initial version of the Libra protocol, only a limited subset of
Move’s functionality is available to users. While Move is used to
define core system concepts, such as the Libra currency, users are
unable to publish custom modules that declare their own resource
types. This approach allows the Move language and toolchain to
mature—informed by the experience in implementing the core system
components—before being exposed to users. The approach also defers
scalability challenges in transaction execution and data storage that
are inherent to a general-purpose smart contract platform.

這聽起來很是相似於前面提到的「open validator membership（開放驗證者成員資格）」計劃。彷佛Facebook尚未解決任何一個Ethereum多年來一直在努力解決的重大問題。

In order to manage demand for compute capacity, the Libra protocol
charges transaction fees, denominated in Libra coins.

Libra coins其實是協議的原生單位，就像ETH是Ethereum的原生單位。這就引出了另外一個關於Libra匿名性質的問題：你能夠在沒有AML / KYC的狀況下得到幣嗎？若是不能，那麼您彷佛沒法匿名地使用系統的任何功能。查閱Calibra錢包，它將須要AML / KYC。因此我想知道最終是否會有一些進入系統的方式沒有受到嚴格控制。

The system is designed to have low fees during normal operation, when
sufficient capacity is available.

這確實很模糊，並引起了許多問題：什麼是低收費？什麼是正常操做？什麼是足夠的容量？

3.執行交易

Many parts of the core logic of the blockchain are defined using Move,
including the deduction of gas fees. To avoid circularity, the VM
disables the metering of gas during the execution of these core
components.

這聽起來很危險，但該文檔的做者指出，核心組件必須以防護性方式編寫以防止DoS攻擊。

The key feature of Move is the ability to define custom resource types
… the Move type system provides special safety guarantees for
resources. A resource can never be copied, only moved. These
guarantees are enforced statically by the Move VM. This allows us to
represent Libra coins as a resource type in the Move language.

這就澄清了以前的問題：Libra coins是否像ETH或BTC同樣是本地資產。我但願這些幣只是系統啓動時默認的或惟一容許的資源類型，其餘資源將在將來提供。

Move’s stack-based bytecode has fewer instructions than a higher-level
source language would. In addition, each instruction has simple
semantics that can be expressed via an even smaller number of atomic
steps. This reduces the specification footprint of the Libra protocol
and makes it easier to spot implementation mistakes.

這聽起來像是通過深思熟慮的; 但願這意味着他們的腳本語言的安全性將比Ethereum更好。
咱們看到「Libra區塊鏈」 實際上並非區塊鏈。

4.已驗證的數據結構和存儲

The Libra protocol uses a single Merkle tree to provide an
authenticated data structure for the ledger history … specifically,
the ledger history uses the Merkle tree accumulator approach to form
Merkle trees, which also provides efficient append operations.

咱們再一次看到「Libra區塊鏈」實際上並非區塊鏈。這個協議彷佛設計得很是好，可是奇怪的是，當帳戶歷史的數據結構是一組有簽名的帳戶狀態時，它們仍然稱它爲區塊鏈。驗證者正在爲每一個帳戶狀態作出承諾，而且全部歷史賬戶狀態也都在Merkle樹中承諾，但我尚未真正看到造成鏈的任何反向連接數據列表——更不用說造成塊鏈了。

The authenticator of an account is the hash of this serialized
representation. Note that this representation requires recomputing the
authenticator over the full account after any modification to the
account. The cost of this operation is O(n), where n is the length of
the byte representation of the full account.

嗯，若是沒有對給定賬戶存儲的數據量進行限制，這聽起來像是DoS攻擊的開端。

We anticipate that as the system is used, eventually storage growth
associated with accounts may become a problem. Just as gas encourages
responsible use of computation resources, we expect that a similar
rent-based mechanism may be needed for storage. We are assessing a
wide range of approaches for a rent-based mechanism that best suits
the ecosystem.

另外一個未解決的問題。火燒眉毛地想說「租金過高了！」

The voting power must remain honest both during the epoch as well as
for a period of time after the epoch in order to allow clients to
synchronize to the new configuration. A client that is offline for
longer than this period needs to resynchronize using some external
source of truth to acquire a checkpoint that they trust.

哎。目前尚不清楚這個「時間段」有多長，但若是一個epoch不到一天，那麼我猜想指定的「時間段」也是如此。看起來這個共識協議不夠強大，參與者可能會隨意離開並從新加入網絡。

5.拜占庭容錯共識

LibraBFT assumes that a set of 3f + 1 votes is distributed among a set
of validators that may be honest, or Byzantine. LibraBFT remains safe,
preventing attacks such as double spends and forks when at most f
votes are controlled by Byzantine validators.

就像PBFT同樣，這種一致性算法能夠容忍33％的驗證者是不誠實的。HotStuff的修改聽起來很合理：
經過使驗證者簽署塊的狀態（而不只僅是事務序列）來抵制非肯定性錯誤。
一個發出明確超時信號的起搏器，驗證者依賴於這些超時信號的仲裁集來進入下一輪 - 這應該能夠提升活性。
不可預知的領導者選舉機制，以限制針對領導者的DoS攻擊。
聚合簽名以便保存那些簽署了仲裁集證書來爲塊接受投票的身份驗證者。

6.網絡

Each validator in the Libra protocol maintains a full membership view
of the system and connects directly to any validator it needs to
communicate with. A validator that cannot be connected to directly is
assumed to fall within the quota of Byzantine faults tolerated by the
system.

這將須要大量工做才能將系統擴展到數百個驗證者。

1. Libra核心實施內容

---

The security of the Libra Blockchain rests on the correct
implementation of validators, Move programs, and the Move VM.
Addressing these issues in Libra Core is a work in progress.

這部份內容已經基本總結完畢，儘管他們在Rust中編寫了實現，這對性能和安全性來講彷佛是一個良好的開端。

8.表現

We anticipate the initial launch of Libra protocol to support 1,000
payment transactions per second with a 10-second finality time between
a transaction being submitted and committed.

因爲只有100個左右的驗證者，而且它們都相互直接鏈接的，因此10秒的塊時間聽起來是可行的。
最低節點要求：

• 40 Mbps網絡鏈接
• 1個商品CPU
• 16 TB SSD

前面有一些關於保持驗證人從頭執行初始同步的能力，而不是信任來自其餘驗證人簽名狀態的參考文獻。我預計，若是Libra獲得充分使用，那麼執行這樣的同步將很快變得很是不切實際，所以，節點安全模型將高度依賴於信任驗證者。

9.用Move實現Libra生態系統策略

The [Libra coin] reserve is the key mechanism for achieving value
preservation. Through the reserve, each coin is fully backed with a
set of stable and liquid assets. The Libra coin contract allows the
association to mint new coins when demand increases and destroy them
when the demand contracts. The association does not set a monetary
policy. It can only mint and burn coins in response to demand from
authorized resellers. Users do not need to worry about the association
introducing inflation into the system or debasing the currency: For
new coins to be minted, there must be a commensurate fiat deposit in
the reserve.

好的，但如今咱們討論的是網絡外部的事件。如白皮書前面所述，網絡沒法執行使用網絡狀態外部數據輸入的腳本。所以，上述代碼片斷中的「can」和「must」修飾語確定是指網絡並不知道的Libra Association政策或合同義務。

The consensus algorithm relies on the validator-set management Move
module to maintain the current set of validators and manage the
allocation of votes among the validators. Initially, the Libra
Blockchain only grants votes to Founding Members.

假設驗證者對驗證者集的更改進行投票，聽起來這會致使與咱們在股權證實系統中看到的相似問題——遠程攻擊。若是創始成員的密匙的重要閾值受到損害，攻擊者是否能夠從源頭寫入新的帳戶歷史記錄？若是是這樣，其餘節點會接受嗎？目前尚不清楚共識協議是否容許重寫舊狀態仍是僅僅容許追加狀態。

We plan to gradually transition to a proof-of-stake.

若是他們能解決還沒有解決的問題。

未解決的問題

如何進行管理？

咱們能夠看到Libra Association是一個由成員組成的委員會，須要2/3的絕對多數經過才能作出改變的決策。他們是惟一有資格鑄造或銷燬Libra coin的人，但若是有足夠的共識，他們能夠作出任何他們想要的改變。

是否須要AML / KYC？

顯然，協議級別不須要它，但Calibra錢包聲明全部用戶都將經過政府頒發的ID進行驗證。聽起來Calibra錢包將是在一段時間內惟一可用的錢包，因此目前還不清楚開發人員和用戶是否能夠在Libra網絡上運行不遵照與Calibra相同標準的應用程序。
什麼是低收費？什麼是正常操做？什麼是足夠的容量？
CALIBRA錢包FAQ承諾低收費，但這彷佛與在高負載時底層協議的操做相沖突。

Transaction fees will be low-cost and transparent, especially if
you’re sending money internationally. Calibra will cut fees to help
people keep more of their money.

Libra真的會對開發者開放嗎？

根據實現無許可共識的計劃：

The Libra Blockchain will be open to everyone—any consumer, developer,
or business can use the Libra network, build products on top of it,
and add value through their services. Open access ensures low barriers
to entry and innovation and encourages healthy competition that
benefits consumers.

我懷疑開發人員是否可以在這個平臺上運行他們所想像的任何技術上有效的應用程序。我沒有讀到任何讓我相信這個系統會抵制審查制度的內容，但只有時間會告訴咱們答案！

點擊「 Libra Blockchain」可查看原文
掃碼關注京東雲開發者社區，天天都有精彩行業信息哦！

歡迎點擊「京東雲」瞭解更多精彩