本文深刻研究了「關於Facebook Libra coin (以及更多)平臺協議」的26頁技術文檔,並對其內容進行了分解說明。
The Libra protocol allows a set of replicas—referred to as validators—from different authorities to jointly maintain a database of programmable resources.編程
These resources are owned by different user accounts authenticated by public key cryptography and adhere to custom rules specified by the developers of these resources.網絡
Transactions are based on predefined and, in future versions, user-defined smart contracts in a new programming language called Move. We use Move to define the core mechanisms of the blockchain, such as the currency and validator membership.app
These core mechanisms enable the creation of a unique governance mechanism that builds on the stability and reputation of existing institutions in the early days but transitions to a fully open system over time.分佈式
This ecosystem will offer a new global currency—the Libra coin—which will be fully backed with a basket of bank deposits and treasuries from high-quality central banks.
Over time, membership eligibility will shift to become completely open and based only on the member’s holdings of Libra.
The association has published reports outlining … the roadmap for the shift toward a permissionless system.
Validators take turns driving the process of accepting transactions. When a validator acts as a leader, it proposes transactions, both those directly submitted to it by clients and those indirectly submitted through other validators, to the other validators. All validators execute the transactions and form an authenticated data structure that contains the new ledger history. The validators vote on the authenticator for this data structure as part of the consensus protocol.
這聽起來像Practical Byzantine Fault Tolerance(實用拜占庭容錯算法),這是一個很好理解的發展了20年的算法,儘管他們可能作了一些調整。咱們在白皮書的第5節中瞭解到它被稱爲LibraBFT,它是HotStuff共識協議的變體。
As part of committing a transaction T i at version i, the consensus protocol outputs a signature on the full state of the database at version i—including its entire history—to authenticate responses to queries from clients.
The Libra protocol uses an account-based data model to encode the ledger state.
The Libra protocol does not link accounts to a real-world identity. A user is free to create multiple accounts by generating multiple key-pairs. Accounts controlled by the same user have no inherent link to each other. This scheme follows the example of Bitcoin and Ethereum in that it provides pseudonymity for users.
這聽起來好得驚人,但我想知道Libra coin是否也是這種狀況。對於那些想要開發一些更能保護隱私的應用程序的開發人員來講,觀察這個系統的開放程度將是一件頗有趣的事情。
Every resource has a type declared by a module. Resource types are nominal types that consist of the name of the type and the name and address of the resource’s declaring module.
Executing a transaction T i produces a new ledger state S i as well as the execution status code, gas usage, and event list.
There is no concept of a block of transactions in the ledger history.
All data in the Libra Blockchain is stored in a single versioned database. A version number is an unsigned 64-bit integer that corresponds to the number of transactions the system has executed.
In the initial version of the Libra protocol, only a limited subset of Move’s functionality is available to users. While Move is used to define core system concepts, such as the Libra currency, users are unable to publish custom modules that declare their own resource types. This approach allows the Move language and toolchain to mature—informed by the experience in implementing the core system components—before being exposed to users. The approach also defers scalability challenges in transaction execution and data storage that are inherent to a general-purpose smart contract platform.
這聽起來很是相似於前面提到的「open validator membership(開放驗證者成員資格)」計劃。彷佛Facebook尚未解決任何一個Ethereum多年來一直在努力解決的重大問題。
In order to manage demand for compute capacity, the Libra protocol charges transaction fees, denominated in Libra coins.
Libra coins其實是協議的原生單位,就像ETH是Ethereum的原生單位。這就引出了另外一個關於Libra匿名性質的問題:你能夠在沒有AML / KYC的狀況下得到幣嗎?若是不能,那麼您彷佛沒法匿名地使用系統的任何功能。查閱Calibra錢包,它將須要AML / KYC。因此我想知道最終是否會有一些進入系統的方式沒有受到嚴格控制。
The system is designed to have low fees during normal operation, when sufficient capacity is available.
Many parts of the core logic of the blockchain are defined using Move, including the deduction of gas fees. To avoid circularity, the VM disables the metering of gas during the execution of these core components.
The key feature of Move is the ability to define custom resource types … the Move type system provides special safety guarantees for resources. A resource can never be copied, only moved. These guarantees are enforced statically by the Move VM. This allows us to represent Libra coins as a resource type in the Move language.
這就澄清了以前的問題:Libra coins是否像ETH或BTC同樣是本地資產。我但願這些幣只是系統啓動時默認的或惟一容許的資源類型,其餘資源將在將來提供。
Move’s stack-based bytecode has fewer instructions than a higher-level source language would. In addition, each instruction has simple semantics that can be expressed via an even smaller number of atomic steps. This reduces the specification footprint of the Libra protocol and makes it easier to spot implementation mistakes.
這聽起來像是通過深思熟慮的; 但願這意味着他們的腳本語言的安全性將比Ethereum更好。
咱們看到「Libra區塊鏈」 實際上並非區塊鏈。
The Libra protocol uses a single Merkle tree to provide an authenticated data structure for the ledger history … specifically, the ledger history uses the Merkle tree accumulator approach to form Merkle trees, which also provides efficient append operations.
The authenticator of an account is the hash of this serialized representation.
Note that this representation requires recomputing the authenticator over the full account after any modification to the account. The cost of this operation is O(n), where n is the length of the byte representation of the full account.
We anticipate that as the system is used, eventually storage growth associated with accounts may become a problem. Just as gas encourages responsible use of computation resources, we expect that a similar rent-based mechanism may be needed for storage. We are assessing a wide range of approaches for a rent-based mechanism that best suits the ecosystem.
The voting power must remain honest both during the epoch as well as for a period of time after the epoch in order to allow clients to synchronize to the new configuration. A client that is offline for longer than this period needs to resynchronize using some external source of truth to acquire a checkpoint that they trust.
LibraBFT assumes that a set of 3f + 1 votes is distributed among a set of validators that may be honest, or Byzantine. LibraBFT remains safe, preventing attacks such as double spends and forks when at most f votes are controlled by Byzantine validators.
一個發出明確超時信號的起搏器,驗證者依賴於這些超時信號的仲裁集來進入下一輪 - 這應該能夠提升活性。
Each validator in the Libra protocol maintains a full membership view of the system and connects directly to any validator it needs to communicate with. A validator that cannot be connected to directly is assumed to fall within the quota of Byzantine faults tolerated by the system.
The security of the Libra Blockchain rests on the correct implementation of validators, Move programs, and the Move VM. Addressing these issues in Libra Core is a work in progress.
We anticipate the initial launch of Libra protocol to support 1,000 payment transactions per second with a 10-second finality time between a transaction being submitted and committed.
40 Mbps網絡鏈接
The [Libra coin] reserve is the key mechanism for achieving value preservation. Through the reserve, each coin is fully backed with a set of stable and liquid assets. The Libra coin contract allows the association to mint new coins when demand increases and destroy them when the demand contracts. The association does not set a monetary policy. It can only mint and burn coins in response to demand from authorized resellers. Users do not need to worry about the association introducing inflation into the system or debasing the currency: For new coins to be minted, there must be a commensurate fiat deposit in the reserve.
好的,但如今咱們討論的是網絡外部的事件。如白皮書前面所述,網絡沒法執行使用網絡狀態外部數據輸入的腳本。所以,上述代碼片斷中的「can」和「must」修飾語確定是指網絡並不知道的Libra Association政策或合同義務。
The consensus algorithm relies on the validator-set management Move module to maintain the current set of validators and manage the allocation of votes among the validators. Initially, the Libra Blockchain only grants votes to Founding Members.
We plan to gradually transition to a proof-of-stake.
咱們能夠看到Libra Association是一個由成員組成的委員會,須要2/3的絕對多數經過才能作出改變的決策。他們是惟一有資格鑄造或銷燬Libra coin的人,但若是有足夠的共識,他們能夠作出任何他們想要的改變。
是否須要AML / KYC?
Transaction fees will be low-cost and transparent, especially if you’re sending money internationally. Calibra will cut fees to help people keep more of their money.
The Libra Blockchain will be open to everyone—any consumer, developer, or business can use the Libra network, build products on top of it, and add value through their services. Open access ensures low barriers to entry and innovation and encourages healthy competition that benefits consumers.
