本集简介
双语字幕
仅展示文本字幕,不包含中文音频;想边听边看,请使用 Bayt 播客 App。
这意味着如果有五个不同人的五笔输入,这笔交易就需要五个不同的签名。
That means if you have five inputs from five different people, the transaction needs five different signatures.
通过聚合签名,所有这些可以合并为一个。即使每个签名者使用不同的输入并签署交易的不同部分,最终结果仍是一个能证明整笔交易已获授权的签名。
With an aggregate signature, all of those can be bundled into one, Even if each signer is spending a different input and signing a different part of the transaction, the result is one signature that proves the entire transaction was properly authorized.
这就像把一整串审批压缩成一个文件。
It's like zipping a whole list of approvals into one file.
签名虽简洁,但仍可验证地证明每个签名者都授权了他们特定的UTXO。
The signature is compact, but still verifiably proves that each signer authorized their specific UTXO.
你只需验证一个签名,而无需验证十个单独的签名。
Instead of verifying 10 separate signatures, you verify one.
比特币领域的精华尽在Audible。
The best in Bitcoin made Audible.
我是盖伊·斯旺,这里是Bitcoin Audible。
I am Guy Swan, and this is Bitcoin Audible.
大家好,最近怎么样?
What is up, guys?
欢迎回到Bitcoin Audible。
Welcome back to Bitcoin Audible.
我是盖伊·斯旺,今天的客座教授,一个比你认识的任何人都更了解比特币的人。
I am Guy Swan, your professor for today, the guy who has read more about Bitcoin than anybody else you know.
本节目由Ledin赞助播出。
This show is brought to you by Ledin.
我们之前邀请了他们的联合创始人毛里西奥上节目,聊得非常愉快,结束后又继续深谈了很久,后来我们保持联系,最终达成了合作意向。
So we actually had Mauricio, one of their co founders on the show, and we had such an awesome conversation, and we ended up talking for a while after, and then we just kinda stayed in contact and ended up talking about doing a partnership.
实话实说,我只推荐过两种不同的比特币抵押贷款服务。
And in total honesty, I've only ever recommended two different Bitcoin backed lending services.
而我目前正在使用的是Ledin。
And the one that I am using today is Ledin.
如果你听过这个节目一段时间,可能已经听我吐槽过那荒谬的地下室装修经历——比如完成这栋房子的故事,以及我与承包商之间的种种噩梦。
If you've listened to this show for any time, you probably have heard about my ridiculous basement and renovating, like finishing this house tales and the horrors that I've had with the contractor.
在Ledden熬过上次熊市后,他们提供了储备金证明,我欣赏他们的这些做法,最终让我决定:好吧。
Well, after Ledden survived the last bear market and they do their proof of reserves and I love all of that about them, I finally was like, okay.
我要申请一笔抵押贷款。
I'll do a lending loan.
因为我不想直接卖掉那么多比特币来装修房子,毕竟房子不是投资品。
Because I didn't wanna outright sell that much Bitcoin to work on the house because the house is not an investment.
对吧?
Right?
它最多只能勉强保值。
It just barely keeps up with dollars.
但我想用比特币来翻新房子,最终拥有一个真正的工作室。
But I wanted to use my Bitcoin to fix up my house and finally have a real studio.
如今,通过使用Ledden贷款而非出售,我保住了原本需要变卖的三分之二比特币。
Well, today, two thirds of the Bitcoin that I would have had to sell, I get to keep because I used a Ledden loan instead of selling.
虽然这未必是市场每个阶段或符合你个人情况的最佳选择,但你需要把这个工具备在工具箱里——因为Leaden让一切变得如此简单。
This might not be the best decision at every time in the market or based on, you know, your situation, but you need to have this in your toolkit because Leaden makes it so easy.
你甚至不需要按月还款。
You don't have to do monthly payments.
你可以随时还清款项。
You can pay it off whenever you want.
你可以非常容易地重新融资,我指的是这类操作只需点击几下就能完成。
You can refinance very easily, and I'm literally talking like a couple of clicks for this sort of stuff.
如果你能聪明地使用它,这将是一个极其宝贵的工具。
And if you use it intelligently, this could be an insanely valuable tool.
我在描述栏里放了一个链接。
I have a link right down in the description.
我非常喜欢经营这家公司的人和他们所构建的一切。
I really like the guys that run this company and what they have built.
另外,别忘了还有其他几个很棒的资源。
Also, don't forget I've got a couple other great resources.
我们为Get Chroma提供10%的折扣。
We've got a a 10% discount for Get Chroma.
这是关于红光疗法的。
So this is about red light therapy.
我使用他们的蓝光阻挡器,并且非常认真地控制我的荷尔蒙和光线暴露,这带来了巨大的改变。
I use their blue light blockers, and I've gotten really serious about controlling my hormones and light exposure, and it's made a huge difference.
这些人也非常棒,他们有一些出色的产品。
And these guys are really awesome too, and they have some fantastic products.
10%折扣,优惠码Bitcoin Audible。
10% discount, code Bitcoin Audible.
显然,HRF,我们前几天刚和CK聊过。
Obviously, the HRF, we just talked with CK the other day.
那些家伙真是传奇人物,他们有一份超棒的经济自由报告。
Those guys are legends and they have an awesome financial freedom report.
如果你听过一段时间《比特币之声》,就会知道我深度关注的几个项目,它们致力于解决网络、PubKey和Picard的核心问题——PubKey团队构建的技术栈尤其令人着迷,特别是当你正在开发应用程序时。
And if you've listened to Bitcoin Audible for any length of time, you know about a handful of projects that I'm deeply focused on for fixing the major problems of the web and PubKey and Picard, this the stack that they have built over at PubKey is seriously fascinating, especially if you are building apps.
这些资源简直太棒了。
These are seriously awesome resources.
记得保存这些链接。
Save the links.
如果你的书签像我的一样混乱没保存也没关系,随时可以回《比特币之声》节目,在简介里就能找到它们。
And if you don't because your bookmarks are a nightmare like mine, you can always come back to Bitcoin Audible and you'll find them right down in the description.
我也会一直保留购买比特币的渠道。
I'm always gonna have a place to buy Bitcoin too.
所以如果你需要,在节目简介里也能找到相关信息。
So if you're ever looking for that, that should be down there as well.
现在要开始今天的内容了,这篇来自《比特币之声》和Kiara Bickers的文章——如果没记错的话,我之前在节目里读过Kiara的作品。
And now I mentioned the read that we're getting into today, and this one's from, Bitcoin Audible and Kiara Bickers, which I believe I've read something by Kiara before on the show if I'm not mistaken.
这篇技术性更强些,但非常酷,我认为这是个相当重要的进展。
But this one's a little bit more technical, but this is a really cool this is pretty significant development, I think.
我会探讨原因,并深入细节将其与Taproot、闪电网络、CTV等技术进行比较——就像在路线图领域,试图实现比特币所剩无几的待开发功能。
And I kinda talk about, like, why and get a little bit more into the nit and gritty of comparing it to things like Taproot and Lightning and CTV and those sorts of things, like, in the in the realm of a path, like, maps for trying to implement the few things we probably have left to still implement in Bitcoin.
软分叉并不容易,而且我认为我们实际能完成这些事的时间窗口很有限。
Like, soft forks are not easy, and I don't think I think we have kind of a limited timeline for things that can actually get done.
最近节点策略那些愚蠢的过滤变更正说明,现在要达成共识有多困难和充满争议——我们正在探索比特币最后几个待实现的重要功能。
And with recent just stupid filter changes in node policy, I think showing just how controversial and difficult it is to get agreement now, exploring the few things we have left and the most important things that would be desirable to implement into Bitcoin.
这可能是其中之一。
This could be one of them.
既然如此,我就不再赘述,让我们直接进入今天的主题。
So with that, I won't get too far ahead of myself, and we'll go ahead and get into today's read.
标题是《非ECDSA,亦非Schnoor》。
And it's titled Not ECDSA, Not Schnoor.
来认识下Kiara Bickers的大丽花方案。
Meet Dahlias by Kiara Bickers.
认识大丽花方案——一个完全适用于SECP256K1(比特币加密曲线)的聚合签名方案。
Meet Dahlias, a full aggregation signature scheme that works with SECP256K1, Bitcoin's cryptographic curve.
聚合签名并非新事物,早在2000年代初就已存在,但构建一个真正适用于比特币安全模型且使用比特币椭圆曲线的方案从未被证实可行。
Aggregate signatures aren't new, they've been around since the early 2000s, but building one that actually works in Bitcoin's security model with Bitcoin's elliptic curve has never been proven.
开发者曾推测这或许可能实现。
Developers speculated it might be possible.
他们分享了些粗略构想并说道:也许它也能像音乐那样运作,不过是跨交易输入的。
They shared hand wavy sketches and said, Maybe it worked like music too, but across transaction inputs.
这个想法作为开发者间的传说流传多年,近乎可行却从未被确切证实。
The idea lingered for years as developer folklore, close, never provably confirmed.
直到最近Blockstream Research的Jonas Nick和Tim Ruffing与Ledger的Yannick Serran联合发表论文,才将这个密码学幽灵故事转化为具体可验证的成果。
That changed recently when Jonas Nick and Tim Ruffing of Blockstream Research, together with Yannick Serran of Ledger, published a paper that turned this cryptographic ghost story into a concrete, provable result.
DALIAS是首个正式安全构建的完全恒定大小聚合签名方案(CISA),可在比特币原生曲线上运行。
DALIAS is the first formal secure construction of a full constant size aggregate signature scheme, or CISA, that works on Bitcoin's native curve.
不过术语太多,让我们拆解一下。
But that's a lot of words, so let's break that down.
完整聚合:来自不同输入的多重签名被合并为一个,最终生成一个64字节的签名,其大小始终保持不变,无论签名者或输入数量如何变化。
Full aggregation multiple signatures across different inputs are combined into one, and the result is a 64 byte signature whose size stays constant, no matter how many signers or inputs.
跨输入特性:每个签名者可以授权不同的输入,最终所有签名合并为单一签名。
Cross input: Each signer can authorize different inputs and all combine into one signature.
除了比特币已依赖的假设外,它没有引入任何重要的新假设。
It adds no significant new assumptions beyond those already relied on by Bitcoin.
Dalius利用比特币已有的数学基础构建了新的密码学原语,从而解锁了一种全新的签名方式。
Dalius builds a new cryptographic primitive using the same math Bitcoin already relies on, unlocking an entirely new kind of signature.
我们来谈谈曲线和签名。
Let's talk about curves and signatures.
数字签名是比特币证明用户已授权交易的方式。
Digital signatures are how Bitcoin proves that a user has authorized a transaction.
当你花费比特币时,钱包会使用私钥对消息进行签名,网络则通过匹配的公钥验证该签名。
When you go to spend Bitcoin, your wallet uses a private key to sign a message, and the network verifies that signature using the matching public key.
比特币使用SecP256K1曲线。
Bitcoin uses the SecP256K1 curve.
该曲线速度快、效率高,并经过长期实战检验。
It is fast, efficient, and has been battle tested over time.
它支持ECDSA(比特币原始签名算法)和Schnor(2021年通过Taproot引入)等签名方案,这些是目前比特币共识唯一允许的签名方案。
It supports signature schemes like ECDSA, Bitcoin's original signature algorithm, and Schnor (added through Taproot in twenty twenty one), which are currently the only signature schemes permitted by Bitcoin consensus.
传统上,完整签名聚合依赖于比特币曲线(SecP256K1)不支持的数学运算,这使得该技术看似遥不可及。
Traditionally, full signature aggregation relied on mathematical operations not supported by Bitcoin's curve (SecP256K1), which made it seem out of reach.
这些特性通常依赖于其他类型的椭圆曲线。
These features have typically relied on other types of elliptic curves.
例如,BLS Bona Lin Shechem签名使用一种称为配对友好曲线的特殊曲线,它能实现诸如将多个签名(甚至是针对不同消息的签名)合并为一个的高级操作。
For example, BLS Bona Lin Shechem signatures use a special kind of curve called a pairing friendly curve, which enables advanced operations like combining many signatures, even on different messages, into one.
问题在于BLS签名无法在SecP256K1上运行,而Schnorr之所以能自然地从ECDSA升级而来,是因为两者基于同种椭圆曲线。若引入BLS将是一个更大的跨越,且会背离比特币现有的安全模型。
The problem is that BLS signatures do not work on SecP256K1, While Schnorr was a natural upgrade from ECDSA since both rely on the same kind of elliptic curve, adding BLS would be a much bigger leap and a departure from Bitcoin's existing security model.
尽管技术上可行,但这会引入新的密码学假设,并大幅增加协议的复杂性。
Though technically possible, it would introduce new cryptographic assumptions and add significant complexity to the protocol.
支持像BLS12-381这样的配对友好曲线,对比特币而言将是一次重大变革。
Supporting a curve that is pairing friendly, like BLS twelve-three eighty one, would be a major change for Bitcoin.
这就是为什么迄今为止SecP256K1上从未实现过完整签名聚合的部分原因。
This is part of why full signature aggregation has never been done on Sec p two fifty six k one until now.
聚合签名实际能做什么?
What aggregate signatures actually do?
大多数比特币用户都熟悉多重签名。
Most Bitcoin users are familiar with multi signatures.
在多重签名钱包中,多人共同授权对单个UTXO(或特定代币)的支出。
In a multi sig wallet, multiple people jointly authorize the spending of a single UTXO, or some specific coin.
所有人都对相同的输入数据进行签名。
Everyone signs the same input data.
这种设置适用于共享托管钱包等场景。
This setup is useful for things like shared custody wallets.
聚合签名的工作方式则不同。
Aggregate signatures work differently.
它不是多人对同一输入或代币进行签名,而是每个签名者在交易中对不同的UTXO进行授权。
Instead of multiple people signing the same input or coin, each signer authorizes a different UTXO in a transaction.
这些独立的签名随后被压缩成一个紧凑的证明。
These separate signatures are then compressed into one compact proof.
在Dalius中,这意味着比特币SecP256K1曲线上一个64字节的签名就能一次性验证所有输入。
With Dalius, that means a single 64 byte signature on Bitcoin's SecP256K1 curve that verifies all inputs at once.
这意味着如果有来自五个不同人的五个输入,这笔交易就需要五个不同的签名。
That means that if you have five inputs from five different people, the transaction needs five different signatures.
通过聚合签名,所有这些都可以捆绑成一个,即使每个签名者花费的是不同输入并签署交易的不同部分。
With an aggregate signature, all of those can be bundled into one, even if each signer is spending a different input and signing a different part of the transaction.
最终结果是单个签名就能证明整个交易已获得适当授权。
The result is one signature that proves the entire transaction was properly authorized.
这就像把一长串审批清单压缩成一个文件。
It's like zipping a whole list of approvals into one file.
该签名虽紧凑,但仍可验证地证明每个签名者都授权了其特定的UTXO。
The signature is compact but still verifiably proves that each signer authorized their specific UTXO.
你只需验证一个签名,而无需验证10个独立签名。
Instead of verifying 10 separate signatures, you verify one.
这有助于重新调整隐私激励机制。
This helps realign incentives for privacy.
通过将签名开销减少为单个64字节的证明,Dalius降低了在混币中合并输入的成本,使得选择隐私比不选择在经济上更明智。
By reducing the signature overhead to a single 64 byte proof, Dalius lowers the cost of combining inputs in coin joins, making it financially smarter to choose privacy than to go without it.
为什么半聚合方案接近成功。
Why half aggregation got close.
在比特币引入Schnorr签名后不久,开发者探索过半聚合作为压缩多个签名的方法,但它们不是固定大小的。
Shortly after Schnorr signatures were introduced on Bitcoin, developers explored half aggregation as a way to compress multiple signatures, but they were not fixed size.
每个输入都会增加签名的大小,因此交易规模会随着参与者增多而扩大。
Each input contributes to the size of the signature, so the transaction still grows with every participant.
Dahlias通过实现输入与签名者的完全聚合来解决这个问题。
Dahlias fixes this by enabling full aggregation across inputs and signers.
无论涉及多少人或签署什么内容,所有签名都会被压缩为一个恒定大小的64字节证明。
No matter how many people are involved or what they are signing, all of their signatures compress into one constant size 64 byte proof.
Dahlias真正解锁了什么?
What Dahlias actually unlocks?
主要优势在于Dahlias能显著缩小复杂交易的体积。
The main benefit here is that Dahlias are reducing the size of complex transactions.
Dahlias采用两轮交互式签名流程。
Dahlias uses a two round interactive signing process.
这方面与MuSig2类似,但它不是多重签名协议,因为不需要所有参与者共同签署同一消息。
It's similar to MuSig two in that regard, but it isn't a multi signature protocol because it doesn't require all participants to co sign the same message.
相反,它能聚合交易中不同消息上的不同签名。
Instead, it aggregates different signatures on different messages across the transaction.
Dalius的验证速度也比单独检查每个签名更快,某些情况下可达两倍速。
Dalius is also faster to verify than checking each signature individually, up to twice as fast in some cases.
更低的验证成本使人们更容易运行全节点,这有助于长期维护比特币的去中心化特性。
Lower verification costs make it easier for people to run full nodes, which helps preserve Bitcoin's decentralization over time.
重要的是,Dalias具备强大的密码学保证。
Importantly, Dalias comes with strong cryptographic guarantees.
该方案包含形式化的安全证明。
The scheme includes formal security proofs.
早期的签名聚合民间方案缺乏这一特性,有些甚至后来被证明存在安全隐患。
Earlier quote folklore approaches to full signature aggregation lacked this, and some were even later shown to be insecure.
幸运的是,它们并未被过早采用。
Fortunately, they weren't adopted prematurely.
需要重申的是,DALIAS并非多重签名协议。
It's worth repeating, DALIAS is not a multisig protocol.
即便采用相似的密码学构件,从功能角度而言它也无法与MuSig2或Frost相提并论。
It isn't comparable to MuSig2 or Frost from a functional standpoint, even if it shares similar cryptographic building blocks.
它服务于不同目标:提供将多个独立授权编码为单一可验证数据包的新方法。
It serves a different purpose: it offers a new way to encode many independent approvals into one, clean, verifiable package.
未来方向 您可能会想,既然Dahlias如此强大,为何尚未成为BIP标准?
Future directions You might think, if Dahlias is so powerful, why isn't it a BIP?
为何不将其提议纳入比特币共识机制?
Why not propose it for Bitcoin consensus?
Dahlias签名与Schnorr或ECDSA签名形态迥异。
Dahlias signatures don't look like Schnorr or ECDSA signatures.
其验证算法也截然不同。
The verification algorithm is different.
Dahlias验证器不接收单个公钥、消息和签名,而是接收公钥列表、消息列表及单个64字节证明。
Instead of taking a single public key, message and signature, a Dahlias verifier takes lists of public keys and messages and a single 64 byte proof.
这使得Dalius与比特币现行共识规则不兼容——要在底层支持它需要共识变更。
This makes Dalius incompatible with Bitcoin's current consensus rules supporting it at the base layer would require a consensus change.
本文虽未提议这项变更,但做了同等重要的工作。
This paper doesn't propose that change, but it does something equally important.
本文证明了比特币原生曲线上的完整签名聚合方案是可行的。
This paper shows that a full signature aggregation scheme for Bitcoin's native curve is possible.
仅这一点就是重大进步。
That alone is a major step forward.
若要将Dalius纳入比特币,需有人撰写比特币改进提案(BIP),甚至可能需要借助SecP256K1实验室。
To make Dalius part of Bitcoin, someone would need to write a Bitcoin improvement proposal, maybe even using SecP256K1 Lab.
这意味着需要详细规划方案,考虑其对共识机制和实现的影响,并争取社区支持。
That means specifying the scheme in detail, considering its implications for consensus and implementation, and building community support.
本文为这一讨论奠定了密码学基础。
This paper lays the cryptographic foundation for that conversation.
Dahlias论文的真正价值在于其证明:SecP256K1上的完整签名聚合不仅是理论构想。
The real value of the Dahlias paper is what it proves: full signature aggregation on SecP256K1 is not just a thought experiment.
它是具体的。
It's concrete.
它是高效的。
It's efficient.
它是安全的。
It's secure.
多年来,这个构想只存在于开发者传说中。
For years, the idea lived in developer folklore.
如今它已被记录、分析并得到验证。
Now it's written down, analyzed, and proven.
剩下的就是看我们是否愿意将其引入比特币。
All that's left is to bring it to Bitcoin if we want it.
好的。
Alright.
那么这篇文章就到这里,我想强调一下Kiara在文中提到的内容以确保大家理解清楚,因为这是个比较技术性的问题,可能难以准确表述——这与多重签名无关。
So that wraps up the piece, and I just want to hit something that Kiara brought up in the article just to make sure it's clear because this is kind of a more technical thing and it can be difficult to understand or to frame it properly is this is not multi signature.
这与用多把密钥解锁代币无关,也无关乎网络中所有权归属或确定方式的变更。
This has nothing to do with multiple keys unlocking the coins or anything about changing who owns or how ownership is determined in the network.
这只是对签名进行聚合。
This is just aggregating the signatures.
这只是将多个签名合并后,仍能用极少的信息量完成验证。
This is just being able to put the signatures together such that they are they can all still be verified with way, way less information.
因此这不仅适用于某些场景——比如文中提到的CoinJoins,它重新平衡了激励结构,使隐私保护成为成本收益考量而非显性成本:我可以提交我的输入,你可以提交你的,第三方也可以提交他们的,然后我们用一个融合所有人签名的单一签名来签署——但这不意味着需要三方共同解锁。
So this is not only relevant to someone taking like, let's say in the context of CoinJoins in in the article talking about how, like, it it brings back the incentives, the cost incentives to actually make privacy a a cost benefit rather than an explicit cost because I can take my input and you can take yours and, you know, somebody else can take theirs and we can put them together and then sign it with one signature that's the combination of all of our signatures, which doesn't mean that it takes all three of us to unlock it.
我们各自仍完全独立拥有自己的UTXO和输出。
We still each own our completely separate UTXOs and outputs.
它们实际上互不相干。
They actually have nothing to do with each other.
我不需要你的参与来解锁我的代币或类似操作。
I don't need you to participate in order to unlock my coins or anything like that.
这仅仅意味着我们将签名聚合起来以节省链上空间。
It is nothing more than the fact that we have added our signatures together just to save space on the chain.
但这样做也意味着你无法分辨哪个签名(或者说公钥)对应哪个UTXO。
But by doing so, you also don't know which signature or which, you know, public key, so to speak, is attached to which UTXO.
它们是聚合体。
Like, they are aggregate.
区块链仅携带单一签名,证明所有独立部分均已由其各自所有者签署。
The chain only carries the single signature that proves that every end all individual pieces have been signed by their respective owners.
但有趣的是,这实际上只与个人相关,只关乎你自己的钱包。
But what's funny is that this is actually relevant to just an individual person, to just your own wallet.
所以当你在比特币领域待得够久,尤其是遇到高手续费环境时,你就会知道——如果有人用100个不同的UTXO向你支付,发送交易的成本会高得多。
So one of the things that, know, if you're as soon as you're in Bitcoin or you use it long enough or particularly if you ever find yourself in a really high fee environment, you know that it costs a whole heck of a lot more to send a transaction when somebody has paid you a 100 different to a 100 different UTXOs.
比如我公开地址募捐,有人给我1美元,你又给我1美元,这个人给我1美元,那个人给我5美元——这些金额就这样不断累积。
So if I put my address out there for donations and somebody sends me a dollar and then you send me a dollar and then this person sends me a dollar and this person sends me $5 and they just they just start stacking.
对吧?
Right?
我的钱包里就会堆积大量这样的UTXO。
As I just get, like, tons and tons of these UTXOs in my wallet.
比特币的运行机制里没有账户系统。
Well, the way Bitcoin works, there's not an account system.
不存在类似'个人账户'这样的东西,也没有'这是我的余额'这种概念。
There's not, like, one account that's, like, guy's account, and this is my balance.
实际上这些之间毫无关联,除非所有付款都指向同一个地址,这时才能明显看出该地址拥有这些余额。
In fact, none of those have any connection to them at all unless, of course, you're all being they're all being paid to the exact same address, then it's obvious that that one address has those balances.
但链上真实存在的只有这些交易本身。
But the transactions themselves are all that exist on the chain.
当我要动用这些交易资金时,并不是从某个汇总余额中支出——虽然钱包为方便起见会这样显示。
And when I want to spend from those transactions, I'm not spending from some aggregate balance even though my wallet does that for me just as a favor, basically.
实际上我是在动用每一笔已签名并广播的独立交易。
I'm actually spending from each one of those individual transactions that were sent that were signed and broadcast.
所以我喜欢用支票来作类比。
So the the analogy that I like to give is that it's like a check.
如果你写一张支票,上面有明确的金额,而且只能是那个金额。
If you write a check, it's got an explicit amount on it, and it's just that amount.
所以可以把交易想象成:我从这个地址、用这个余额向你的地址发送这笔金额,然后整个交易经过我的签名后,就被永久记录在区块链上,无法更改。
So think about a transaction is I have sent from this address and from this balance to your address this amount, and then that that whole thing and I have signed it, and that whole thing is stuck on the chain, and it's just sitting there.
如果我从100个不同的人那里收到100张不同的支票(也就是100笔交易),比如每个人都给我捐了一点钱,然后我要发起一笔汇总金额的交易。
And so if I get written checks from a 100 different people, a 100 different transactions, you know, donate some small amount to me, and then I'm trying to send out the transaction for the total amount.
假设100个人每人给我1美元,他们每个人都写好支票、签好名、填妥所有细节并完成转账。
Let's say a 100 different people send me $1, and each one of them write their check and they sign it and they write all the details out and they transfer the funds.
那么我要汇出100美元或100,000聪(不管具体金额是多少),唯一的方法就是必须汇总引用这100张支票。
Well, the only way I can send a $100 worth or a 100,000 sats, you know, whatever it is that we're we're going with, I actually have to refer to all 100 of those checks in aggregate.
所以我不能简单地只写一张支票。
So I can't just I can't write one check.
我必须在支付支票或交易中引用并包含这些信息。
I have to reference and put in in my check or in in my transaction that pays out.
我必须把这100张支票的每一张都列出来。
I have to put that that 100 e every single one of those checks.
我必须声明:好的,这是发给我的交易。
I have to say, okay, this is a transaction sent to me.
这是发给我的交易,这是证明我可以解锁的签名,然后我才能开出100美元的支票——这意味着我必须在链上存储100倍的信息量才能完成支付。
This is a transaction sent to me, and and this is the signature to prove that I can unlock this, and then I can write my check for a 100, which means that I have to put a 100 times the amount of information on the chain in order to pay that.
这会产生海量的数据。
And that's a huge amount of data.
而如果有人给我发送100,我的意思是,这正是闪电网络的全部意义所在。
Whereas if somebody had sent me a 100 I mean, this is the whole purpose of Lightning.
对吧?
Right?
如果我通过闪电网络收到100笔这样的付款,那么我仍然只需要为我的通道进行一次结算。
If I got a 100 of those payments over Lightning, well, then I still just only have the one check for my channel.
所以这些都是链下进行的。
So it's it's all off chain.
但根据我是通过100笔不同交易还是单笔交易收到价值100美元的比特币,我的成本可能完全不同。
But I could my cost could be completely different for my $100 worth of Bitcoin depending on whether or not I got sent the got sent it with a 100 different transactions or one transaction.
单笔交易只需支付单笔交易的手续费。
One transaction is going to just cost one transaction's fee.
如果我收到100笔独立的小额交易累计100美元,实际上我将支付100倍的手续费。
If I got sent over a 100 individual ones that add up to a 100, I'm literally going to pay a 100 times the fee.
因此,如果链上交易手续费确实高达1美元——这对于常规交易来说并不罕见。
So if transaction fees are a are are literally a dollar on chain, which is not totally unheard of for a normal transaction.
那么实际转移这100美元将花费我100美元手续费。
It'll literally cost me a $100 to move that $100.
我将不得不为每一个UTXO支付等额手续费,这些UTXO都需要被添加进我的大型聚合交易中,只为了证明这张支票来自另一个地方。
I will I will literally have an equivalent fee for every single one of these UTXOs that I'm having to add into my big aggregate transaction to just prove that this check comes from this other place.
而如果采用类似Dahlias的方案,通过签名聚合机制,不仅可以在CoinJoin等多方参与的场景中合并交易,还能在个人聚合交易中合并自己的交易。
Whereas, if you had something like Dahlias, you had a signature aggregation scheme, sure, you could combine transactions across multiple participants in something like a CoinJoin, but you can also combine your transactions in your own aggregate transaction.
所以如果我需要从100笔前期交易中支付,签名数据量几乎——我认为超过三分之一。
So if I was having to pay from a 100 different previous transactions, the signature the signature amount is almost I think it's more than a third.
我认为这差不多占了交易数据的一半。
I think it's, like, almost half of the transaction data.
一般来说,如果我们只讨论一个UTXO和一个签名,我认为签名数据大约在70字节左右,而你能进行的最小交易大约需要140字节左右,如果我没记错的话。
Generally, if we're just talking about, like, one UTXO and one signature, I think it's some somewhere in the realm of, like, 70 bytes for, like, signature data versus, like, a 140 or something bytes for, like, like, the smallest transaction that you can do, if I'm not mistaken.
大概就在这个范围内。
It it's somewhere in that realm.
当然,这实际上取决于签名类型。
Of course, this does actually depend on the signature type.
比如,你知道的,PKH(支付到公钥哈希)或者其他任何交易类型,以及你是否使用了隔离见证等等。
So it's like, you know, PKH or, whatever whatever your type of, transaction is and whether you're segwit and all this stuff.
这些会稍微改变一些,但影响不大。
That those change just a little bit, but it doesn't really matter.
签名数据是整个交易中最大的部分之一。
The signature data is one of the biggest pieces of the entire transaction.
因此,在涉及100个UTXO或100个地址或你正在花费的先前交易的上下文中,因为你需要引用每一个你得到的检查点,因为没有其他选择。
And so in the context of the 100 UTXOs or the 100 addresses or previous transactions that you're spending from, because you have to reference every single check that you got, because there's nothing else there.
在比特币网络中,你只需引用其他检查点,实际上可以砍掉大约一半的数据。
You just reference other checks in the Bitcoin network, is that you can actually lop off, like, a half half of the data.
因此,与其花费100美元来发送100美元(这意味着完全没价值),实际上如果你有100个UTXO,成本会更接近50美元。
And so rather than spending a $100 to send a $100, which means it's completely worthless, you literally like, if if you had a 100 UTXOs, it would cost more like 50.
你可以聚合所有的签名数据,虽然仍需引用每一笔交易(如UTXO和地址),但不必包含签名,因为你有一个聚合签名能证明你可以为每一个签名,因此只需接受一个签名即可。
Like, you would be able to aggregate all of the signature data, and you still have to reference every single transaction, like the UTXOs and the addresses, but you don't have to include the signature because you have an aggregate signature that proves that you can sign for every single one of them, and thus, it can accept one signature.
基本上,99个签名被移除了。
Basically, 99 signatures get removed.
这极大地改变了一系列不同交易的成本动态,对那些需要聚合操作及协同工作的场景来说是个巨大福音——因为通过与大量试图关闭通道的人聚合交易,你能节省约一半的手续费或交易金额,关键在于你能同时跨用户操作,就像在自己钱包里跨输入操作一样。
And that significantly changes the dynamic of cost for a bunch of different transactions and is a huge like, a huge boon to those sorts of setups and aggregating things and also working in tandem with other people because you can save, you know, half of your transaction fee or the amount that you're doing if you aggregate with a whole bunch of people trying to close channels, and you do it with because you can do it across people at the same time that you can do it across inputs in you just your own wallet.
最棒的是它基于相同的加密曲线,这意味着你无需改变签名的安全假设。
And best of all is that it's on the same cryptographic curve, which means that you're not changing the security assumptions of the signature.
你并未改变对这些作为有效签名的加密原语的信任。
You're not changing the cryptographic the trust in the cryptographic primitive that these are valid signatures.
实际上你并未改变加密技术本身的可靠性,而是改变了验证过程的方式,而非加密技术是否经过验证的本质。
You're not actually altering you're basically altering a process of verifying it rather than the cryptography the the the reliability of the cryptography itself and whether it means it's been verified.
显然,如果当前共识系统需要逐个检查UTXO及其签名,那么当你只有一个签名时,就必须给出完全不同的指令来用这个签名验证大量不同的UTXO。
So you do obviously have to if if the the consensus system right now is check each UTXO and check its signature, well, if you only have one signature, then you obviously have to give it completely different instructions in order to check one signature against a ton of different UTXOs.
因此这是个软分叉,因为这些是核心的、关键性的共识规则。
So it is a soft fork because those are critical, like mission critical consensus rules.
我如何知道这个人已证明他们拥有这个?
How do I know this person has proved that they own this?
但从加密原语的角度看,这比像Taproot这样的变更风险小得多,改动也少得多。
But this is much less of a change and much less risk from the standpoint of cryptographic primitives than something like Taproot.
如果按我的理解方式来说的话。
If kind of in in how I would understand it.
可能甚至比隔离见证(SegWit)影响更大,虽然...我不确定,或许差不多。
And probably even more than SegWit because you're, I don't know, it might be comparable.
呃,不对。
Well, no.
不是。
No.
因为你大致处于同一个领域内。
Because you're you're kind of within the same realm.
这更像是另一套指令,或者说验证签名时的一套操作顺序。
It's kind of a different set of instructions of, like, kind of order of operations for checking signatures.
比如,你不是在创建类似隔离见证(Segwit)的东西。
Like, you're not creating like a Segwit.
隔离见证对比特币来说确实是个重大变革,因为它将签名完全放在不同位置,而且你必须假设所有旧节点都认为——那里没有签名也无所谓。
Segway was actually kinda like a really big change to Bitcoin because it puts signatures in totally different place, and you have to have the assumption of all old nodes that, like, it doesn't matter that there's no signature there.
因此这是个相当重要的结构性改变。
And so that was a pretty significant structural change.
但显然这是个软分叉,这点毋庸置疑。
But and obviously, it's a it's a soft fork, like, there's no there's no way around it.
如果你改变了签名验证方式,就是在改变比特币网络中相当重要的部分。
You're if you're changing how signatures are verified, you're changing something pretty significant to the Bitcoin network.
虽然这可能永远不会实现,但能看到它以更原生方式运作确实很酷——这么说吧,它更符合比特币当前运作方式,需要改变的更少,引入的新未知因素也更少。如果类似方案被添加或软分叉进网络,本质上我们为达成跨输入签名聚合要做的变通(比如通过Taproot和Schnoor等方式)就会少很多。
So this may never even happen, but it's pretty cool to actually see this happen in a much a much more native way, I guess, is the way to put it, is that it's more in line with exactly how Bitcoin works right now, and it's a smaller footprint of what needs to change and a smaller profile in new unknowns if something like this gets added or self forked into the network, then essentially the other the variations of what we're going to have to happen to get cross input signature aggregation in a different way or with Taproot and Schnoor and that sort of thing.
有趣的是,这曾是Taproot的主要卖点之一。
And what's funny is that was one of the big selling points of Taproot.
对我来说关键点在于——我一直希望最终能实现签名聚合。
That was that was one of the things for me is that I wanted to eventually have signature aggregation.
我认为这是重新平衡隐私激励的强大工具,能让人们点击「同意混币」不仅出于隐私需求,更为了节省资金或降低比特币使用手续费。
I thought this was a very a really powerful tool to rebalance the privacy incentives and to make it so that one might click on, yes, coin join my coins, not because they wanted privacy, but because they wanted to save funds, or they they wanted to save fees in using Bitcoin.
这将天然促进交易批量处理和签名聚合——即使没有标准混币服务或Tor网络等配套,不走Wasabi或Samurai那条路,它也能从根本上改变链上分析的本质:就像闪电网络那样,聚合过程都发生在链下,不会留下永久记录。
It will make the natural incentives of batching transactions and batching signatures, which even without some standard coin joining and Tor network and all of this stuff, even without, like, going the whole Wasabi route or the samurai route, it actually does fundamentally change the nature of Chainalysis such that the the historical record, it's a little bit like lightning in that sense, is that the aggregation is happening all off chain, and there is no permanent record.
这个列表里,到底是谁的签名被加到哪里去了?
There's no, like, okay, whose signatures got added where in this list?
这些签名完全在链下被混淆了,所以在区块链上追踪时,这些信息就不再是公开可查的了。
It's like they're they're obfuscated entirely off chain, and so trying to trace it on the blockchain, it that that information is no longer just publicly available.
个人签名以及谁签署了哪个输入,现在只是参与方之间私下协调的。
The individual signatures and who signed which input are now just privately coordinated between the people between the parties involved.
因此这实际上会让像PayJoin这样的隐私机制更完善,因为你甚至无法分辨——现在任意两个UTXO的任何金额交易都可能看起来完全像一次支付合并。
So this would actually make something like PayJoin even better as a privacy mechanism because you don't even know like, now just any two UTXO to any amount of transaction could look exactly like a pay join.
比如现在至少通过支付合并,你知道有两个不同的签名对应两个不同的UTXO,然后发送到几个不同的UTXO。但如果能聚合这些签名,还有另一层好处——现在你甚至无法区分它们是否独立。
Like, you don't even know at least with the pay join now, you know that two different signatures are made to two different UTXOs and then sent to a couple different UTXOs, but there's actually another layer of benefit if you can aggregate those signatures because now you're not even are these even separate?
这是两个不同的参与方吗?
Are these two different parties?
就像,重新拼凑出涉及多少方或发生了什么的能力变得越来越模糊。
Like, what's it the the ability to put the pieces back together as to how many parties were involved or what's going on gets more and more obfuscated.
这有点像Tapscript对脚本所做的,只不过现在是对签名做类似处理。
It's it's a it little bit does to signatures what Tapscript does to the script.
所以对于不了解的人,Taproot有个有趣的特点:除非你确实需要当前路径的Taproot——举个例子说明。
So for those of you who don't know, one of the interesting things about Taproot is that unless you actually need the Taproot that's current path let's let's give an example.
闪电网络有三种不同的路径。
So lightning has three different paths.
当你开通闪电通道并存入一定余额,在进行更新和双向支付时,有三种不同方式可以关闭该通道并获取那些币。
So when you make a Lightning channel and you have like a certain balance in it and you're updating it and you're making Lightning payments payments back and forth, there are three different ways that you can close out that channel that you can get those coins.
其中一种被称为'快乐路径',就是你与通道伙伴达成一致,只需签署一个2/2的多重签名,砰,就完成了。
One of them is referred to as the happy path, and that's when you and your channel partner partner agree and you just sign a two of two multisig and boom, we're done.
它只是发布到链上,你得到你的余额,我得到我的余额。
And it just publishes to the chain, and you get your balance, I get my balance.
然后还有一种情况是你不在线,而我在线,我想拿回我的币。
Then there is the you're not online, but I am online, and I wanna get my coins back.
因此我发布了一个单独的脚本,内置在完全相同的交易中,这样即使没有你的签名,我仍能发布,但我必须等待一周,并且必须发布一条信息,让你能在我作弊时挑战我——如果我没有最新状态的话。
And so I publish a separate script that is built into this exact same transaction that if I don't have your signature, I can still publish, but I have to wait a week, and I have to publish a piece of information that allows you to challenge me if I am cheating, if I don't have the latest state.
因为如果我持有任何旧状态,就必须放弃一条信息,让你能从我这里偷走它。
Because if I have any old state, I had to give up peep give up a piece of information that would let you steal it from me.
所以本质上,我们通道中只有最近的交易才是唯一能安全广播到网络上的,而不会损失我所有的钱。
So, essentially, only the most recent transaction in our channel, I can is the only one that I can broadcast to the network safely without losing every bit of my money.
这意味着如果我试图通过撤销交易或更改应付给你的余额来欺骗你,你有一周时间。
And that means that if I'm trying to cheat you by reversing a transaction that or change what balance is owed to you, you have a week.
你有这个时间锁生效,因为我在未经你明确同意的情况下广播了交易。
You have, like, this this time lock to come in because I broadcast without your explicit consent.
我在没有你签名的情况下这么做了。
I did it without your signature.
你有这个时间窗口。
You have this time span.
可以说,这就是挑战机制。
This is the, this is the challenge, so to speak.
你有这个时间窗口来证明你实际上持有不同的状态,而我试图欺骗你,然后你就能得到我所有的币。
You have this time span in order to come in and prove that you do, in fact, have a different state, and I was trying to cheat you, and then you get all my coins.
所以这完全是交易脚本中的一个独立分支,或者说操作码,用于说明我如何实际花费这个东西。
So that's a separate branch in the transaction altogether or in the script, the the op codes, so to speak, for how I can actually spend this thing.
目前,当你花费时——或者说当前,如果你没有使用Taproot,所有这些脚本基本上都会在链上公开可见。
So currently, when you spend or I guess currently, if if you're not using Taproot, all of this script is basically published and visible on the chain.
因此你可以大致判断出,或者在你支付之后——从支付中就能看出来。
So you can tell in a general sense that or after you after you pay it out to it pay out of it.
首先它是个哈希值,但当我关闭通道时,你会看到其他脚本。
So first, it's a hash, but then when I'm closing the channel, you'll see the other scripts.
这样你就能看到所有不同的路径,然后明白:'这是个闪电通道,我选择了最优路径来关闭它'。
So you can see all these different paths and you know, okay, this was a lightning channel and I chose the happy path to close it out.
然而Taproot的优势在于,你实际上可以把所有这些脚本隐藏在签名本身之后。
However, in Taproot, the benefit of Taproot is that you can actually put all of these scripts behind the signature itself.
如果你走的是最优路径,只需用普通签名发布,甚至没人知道还存在其他可能的分支。
And if you have the happy path, you just publish it with a normal signature, and nobody even knows that there were other possible branches.
所以它隐藏了所有其他脚本、操作码或多签等内容。
So it hides all this other scripting or op codes or multisig or anything.
除非实际使用,否则这些内容都是不可见的。
It's not visible unless it's actually spent with.
因为那时你必须证明这确实是哈希值的一部分,才能确认这笔花费是有效的。
Because then you have to prove that that was in fact part of the hash so that you know it's valid to actually spend.
换句话说,交易指纹背后可能隐藏着无限的内容,而你实际使用的部分只需证明它是该指纹的组成部分。
In other words, there could be an infinite amount of stuff behind the fingerprint of the transaction, and what you actually use just needs to prove that it's part of that fingerprint.
但在指纹之下可能还存在各种其他内容,这些显然不会被指纹透露出来。
But there can be all sorts of other stuff underneath it that obviously the fingerprint doesn't reveal.
就像你可以看我的指纹,我能证明那是我——但在找到我之前,你对我一无所知,直到你能亲眼看到我。
Like, you can you can look at my fingerprint and I can prove that that's me, but you don't know anything about me until you find me, until you can, like, look at me.
我的指纹不会告诉你我有多高。
My fingerprint doesn't tell you how tall I am.
但如果我说我身高六英尺或六英尺一,然后证明这是我的指纹,你就会说,哦,好吧。
But if I say I'm six foot or six foot one tall, and then I prove that this is my fingerprint, then you're like, oh, okay.
嗯,是的,你说得对。
Well, yeah, you're right.
那个指纹显示身高六英尺,因为我现在能看到你并测量你。
That's six that that fingerprint is this tall because I can see you and measure you now.
嗯,脚本也是类似的道理,只是你可以选择性地只透露需要证明的数据。
Well, it's kind of that same way with script except that you can selectively reveal only the data that you need to prove.
比如说,我的脚本里有一堆信息:我的体重、身高、眼睛颜色等等。
So let's say I have, you know, a bunch of different things in the script that say how much I weigh, how tall I am, the color of my eyes, blah blah blah.
我可以只透露身高而不泄露其他信息,然后证明这个身高与指纹相关联。
Well, I could reveal how tall I am without revealing anything else and then prove that that's that height is connected to the fingerprint.
不知道这个类比是不是太复杂了。
I don't know if this analogy is getting too complicated or not.
但这意味着我不需要展示所有内容。
But it just means that I don't need to show I don't need to reveal everything.
我只需要证明这个数据或路径关联的是我的指纹。
All I need to show that is is that I can prove it that it's my fingerprint that is attached to this data or this path.
正因如此,我可以创建包含多重签名的交易。
So because of that, I can have a transaction that has a multisig.
我可以创建带有时间锁回退功能的交易。
I can have a transaction that has like a time lock fallback.
我可以设置一种交易机制,比如这个主多重签名方案,其中我的主密钥始终有效。但如果交易发生后没有任何动作,它就会进入一个时间锁状态等待100天。如果这期间我未出示备用密钥,那么我的七位近亲成员无需我的密钥也能赎回资金。
I can have a transaction that has, like, this this master multisig thing where, like, my my one key is always valid, but if it's if a transaction happens and nothing nothing occurs, it sits in this, like, time lock waiting for, a hundred days and nothing happens, and I don't show a different key, well, then, like, seven of my close family members can all redeem this without me, without needing my key at all.
他们只需等待这100天即可。
They just have to wait this hundred days.
我还可以设置另一条路径:如果我的亲属都未采取行动,那么两年后我的律师就能获得访问权限。
I can have another pass where if none of my family members do anything, well, my lawyer can get access to it after two years.
诸如此类的设置。
Blah blah blah.
我可以为这笔交易设置100种不同的可支出方式,但同时保留基础的双重签名方案——只需你我共同签署,就能像普通钱包一样完全掌控资金。
I could have a 100 different possible ways that this transaction is spendable, but then also just have a basic two of two multisig where me and you sign it together, and as long as we do that, we can just we have full control and we can spend it just like it's a normal wallet.
这样你我签署交易并发布时,外人根本察觉不到另外99种预设方案的存在。
Well, then you and I can sign that transaction and publish it, and nobody has a clue that those 99 other pads are even there.
这为交易结构和解锁指令提供了独特的隐私保护层级。而像聚合签名这类技术,则是用来整合参与方数量并明确各UTXO的签署者。
That grants an interesting degree and layer of privacy for how you construct your transactions and what the instructions are for unlocking them, whereas something like aggregate signatures is a way to aggregate how many participants there are and who's signing for which UTXOs.
就像Taproot让所有脚本看起来都像单一实体。
And so kind of like Taproot makes all scripts look like just one thing.
类似Dahlias或签名聚合的技术则让所有签名呈现为单一签名。
Something like Dahlias or signature aggregation makes all signatures look like one signature.
这两者都是极具价值的优势功能。
And those are two really cool benefits to have.
正如我所说,这正是Taproot的卖点之一,也是吸引我研究的原因——当经济激励设计得当,隐私保护行为的成本低于暴露隐私的操作时。
And this was, again, like I said, one of the selling points for Taproot, one of the things that had me interested in it because I wanted that eventual I I feel like if you get the economic incentives right, where privacy doing something that gets you privacy is cheaper than doing the thing that loses privacy.
只要经济激励机制合理配置,使隐私保护成为更优选择,无论个人是否在意隐私,市场自然会解决这个问题。
If you have the economic incentives properly aligned so that privacy is the better alternative, whether you care about privacy or not, the market will take care of that problem.
只要时间足够长,你最终会默认获得更多隐私。
And you will have more privacy than not by default over a long enough span of time.
如果激励机制一致,你就能得到想要的东西。
If the incentives are aligned, you will get the thing that you're looking for.
这就是为什么我认为签名聚合这个想法很重要,它是一个非常有价值的基础功能,如果能加入区块链会很好。
And that's why I thought that was an important that this idea of signature aggregation is an important and very valuable primitive that if we could get in the chain, that would be good.
但这也并非世界末日。
But it's also it's also not the end of the world.
闪电网络在重新调整这些激励机制方面做得很好,而且闪电网络上没有永久记录所有交易的区块链。
Lightning does a wonderful job of kind of realigning those incentives as well, and there's no permanent blockchain of all the transactions and stuff on Lightning.
有个有趣的方式——说起来很好笑,我刚刚和Super Testnet上了节目,结果我们聊了大量关于闪电网络、隐私的话题,还有他调侃门罗币支持者那些事。
One of the interesting way and this is hilarious because I was just on the show with Super Testnet, which we ended up talking tons about Lightning and privacy and the his him trolling the Monero people and all of that stuff.
所以敬请期待。
So if stay tuned for that.
你得订阅啊。
You gotta subscribe.
不过那个对话可能下周才会发布。
But that that chat will be next week probably.
很难说。
Hard to say.
但很快就会放出,那真是场精彩的对话。
But that will be out soon and it was a such a great conversation.
和Super Testnet叙旧总是很愉快。
Always love catching up with Super Testnet.
那家伙简直像疯了一样不停地开发东西。
And that guy just builds stuff like crazy.
那家伙太狂野了。
That guy's wild.
但最终我们聊了很多关于那个话题。
But we ended up talking a lot about that.
他说的一个特别特别有趣、但人们很少想到的点是:如果有人想查证你是否进行了某笔闪电网络交易之类的,你直接删除交易记录就彻底消失了。
And one of the things that he said that was really really funny that people don't really think about it is that if somebody's trying to figure out, like, did you make this lightning transaction or blah blah blah, like, you can just delete your transaction history and it's just gone.
就像,没有任何人会有备份。
Like, nobody nobody has it.
毕竟这是你自己的交易记录。
Like, it's your transaction history.
而在比特币链上、门罗币或任何区块链上你根本做不到这点,因为那些都是永久记录。
And you just can't do that with Bitcoin on chain or Monero or anything that runs on a blockchain because it's just permanent records.
所以如果有人找到方法把这些信息关联起来,他们就能追溯查阅这些永久记录。
So if somebody figures out some way to tie those things together, they have this permanent record to go back and dig through.
如果他们之后发现了你的公钥或私钥之类的——即使是你以为多年前就已删除的密钥,但实际你忘了钱包有备份,或是你把公钥信息存在了某个地方——现在他们就能回溯串联所有线索,查看你在门罗币或链上的所有交易记录,你可能无意中泄露了这些信息。
And if they then find your public key or your private key or something, even if years later after you thought you deleted them, but there was still you forgot there was a backup of your wallet or or you you kept your public key information somewhere, well, now they can go back and connect all the dots and see all your transactions on Monero or on Chain or whatever it is, you could accidentally leak that information.
但如果你只是删除了闪电网络的交易记录,那就真的无处可查了——没有任何其他来源能找回那些记录。
Whereas if you just deleted your transaction history on Lightning, that knows there's nothing there's no other source to go look for that transaction history.
不过我不想过多主导这个话题,因为那期节目里我们聊到了太多精彩内容。
But I don't wanna lead that conversation too much because we get into so much so much great stuff in that show.
我觉得你们肯定会喜欢那一期的。
I think you guys are really gonna enjoy that one.
要知道,隐私这个概念之所以如此复杂,正是因为它始终是个不断变化的目标。
And, you know, there's just so much about the kind of the concept of privacy because it's a forever moving target.
因此不存在单一的解决方案。
So there's no one solution.
我认为关键在于拥有足够多的核心原语——既能聚合又能分割UTXO所有权,既能聚合签名又能隐藏信息,本质上是通过证明信息而非展示所有信息来签署路径。比如通过Taproot隐藏脚本,聚合签名从而无需为每个UTXO展示单独签名。
And I think just having enough of those core primitives to aggregate and to split up ownership of a UTXO and to aggregate signatures and to, like, hide to basically prove the information rather than needing to show all the information and then sign which path that you took, you know, being able to hide script behind Taproot, being able to aggregate signatures so you don't have to show each individual signature for every UTXO.
再比如CTV这样的方案,脚本内部可以包含将特定数量比特币分配到某个地址的规则。
And then something like CTV where you can have inside the script, part of that script can be the fact that you've allocated certain amount of Bitcoin of this one address.
你可以将一个UTXO分割给100人、1000人甚至百万人。
You can split up a single UTXO into a 100 different people, a thousand different people, a million different people.
当他们在Taproot脚本中'退出'时,只需证明自己是参与者之一,而无需透露该UTXO中其他999人的信息。
And whenever they quote unquote exit from that in a Taproot script, they only ever have to show that they're a part of it, and they don't have to reveal the 999 other people in that UTXO.
这些功能组合使用就能实现。
Like, these kind of handful of things used together.
特别值得注意的是,这些都不是巨大的扩展。
And specifically, they're not huge extensions.
它们并非像Mimblewimble那样高风险,也不是改变网络基础架构的根本性变革。
They're not like super risky, like, fundamental changes to the network.
远不及那些彻底改变交易架构的激进方案。
Not nearly as much as, you know, doing some ridiculous thing like Mimblewimble or dad like, changing the architecture of how transactions work.
这些方法通过信息模糊化,让你只需证明必要内容——在尽可能少暴露信息的前提下,通过密码学证明交易合法发生,所有必要参与者均已确认,而无需透露具体选择路径、参与个体、单独签名,或地址/UTXO内的具体分配情况。
They're just ways to obfuscate to to to narrow down exactly what you need to prove without revealing as much information as well, revealing as little information as possible to just show that the correct thing happened and that you've cryptographically proved that the correct thing happened and that all the requisite owners were there without actually revealing the choices, the alternative paths, the individual people, and the individual signatures, and, you know, who exactly is allocated what inside this this one address or UTXO.
综合来看,这里面的可能性实在太丰富了。
And I think pulling all of that together, there's just so much.
比如,我只是认为我们并不需要那么多额外的东西来实现基于比特币构建我们所需或想要的一切。
Like, I just don't think we need that much more to to to enable us to build all of the things that we need and or would want with Bitcoin.
而且,确实,这意味着第二层和第三层总是会比基础层更复杂。
And, yes, it does mean that, you know, layer two and layer three are always gonna be more complex than the base layer.
显然我们希望限制复杂程度和必须做出的假设,因为越复杂就越容易出问题,故障模式也越多。
And we obviously want to limit the degree of complexity and the assumptions that have to be made because the more more complex it is, the more likely it is to break or the more failure modes there are.
因此在基础层保留少数几个原始功能对降低二三层复杂度非常有价值,同时也能减少必须做出的假设——比如确保某项功能对某人绝对可靠,或明确某项隐私功能的权衡取舍与具体优势。这样就能缩小问题解决范围,不必再担心那种需要两三个组件协作而非链上可验证原始功能实现的边缘情况。
And so kind of having those handful of primitives at the base layer is super valuable in trying to lower the complexity of the layer twos and the layer threes, and also shrinking the assumptions that have to be made in order to know that one thing is guaranteed to this person or the the reliability of this this privacy element has, you know, this set of trade offs or this set of explicit benefit so that you can kind of narrow your view of where you're trying to solve a problem, and you don't kinda have to worry about this edge case anymore of, you know, doing it with two or three pieces rather than doing it with a fundamental primitive that you can prove on chain.
但另一方面,你也不需要在基础层创造这种庞大的复杂性。
And yet, you don't have to create this really like, this massive complexity at the base layer either.
你只需在比特币网络上做出相对简单低风险的改动,就能替代原本需要三个组件交互的复杂系统——这种交互本身就存在故障风险。
You're you're making relatively simple and relatively low risk changes on the Bitcoin network itself in order to simplify things that would take three different pieces interacting together, which means that it could break.
相反,你只需用单一功能以清晰直接的方式实现目标。
Instead, you're replacing them with one thing that simply does that function in a very clear and straightforward way.
就像我在节目里多次说过的:我认为基础层基本不需要再添加什么原始功能就能构建我们想要的一切。
And as I've said a few times on this show, probably numerous times on this show, is I just don't think there's that many primitives left to need at the base layer to basically build anything that we wanna build.
展开剩余字幕(还有 90 条)
要知道,TCP/IP协议本身并不需要很复杂就能支撑整个互联网。
You know, the TCP IP doesn't have to be so complex to make all of the Internet possible.
你不需要为了证明比特币能在TCP/IP上运行就非得加入什么疯狂复杂的东西。
You know, you don't have to prove that you can build you don't have to, like, put in some crazy complex thing in order to know that t c that you can run Bitcoin on top of TCP IP.
你不需要预先知道未来可能想构建什么。
You don't have to know ahead of time that that might be something you want to build.
你只需要TCP/IP做好它的本职工作。
You just need TCP IP to do its job.
在比特币的背景下,你只需要少数几个基本概念来证明和验证所有权。
And in the context of Bitcoin, you only need a handful of primitives about how you prove and verify ownership.
在完成这项任务时,数据效率和隐私效率方面有一些优势,如果你只是增加几个小功能,我认为它能对你上层构建的内容产生数量级的影响。
And there are some benefits to data efficiency and privacy efficiency in accomplishing that task that if you just had a couple of small additions, I think it could have an order of magnitude effect on what you can build higher up.
其中有一个功能长期以来一直存在,基本上自从我谈论Taproot以来,其中之一就是聚合签名,另一个是在比特币层面对UTXO的所有权进行分割。
And one of those one of those has been for a long time basically, since I was talking about Taproot, one of those has been aggregating signatures and the other has been splitting up ownership of the UTXO in on a at a at the Bitcoin layer.
这样只有一个UTXO和一个表面签名,实际上却有100个不同的人拥有它,而且不会明确透露这100个人的身份。
So that there's one UTXO and one apparent signature and actually a 100 different people own it, and there is no explicit revealing of who those 100 people are.
不需要100个不同的签名。
There's not a 100 different signatures.
不是100个签名,也不是100人的多重签名。
It's not a 100 and it's not a 100 person multisig.
它只是一个被分割的UTXO,明确分割了所有权,每个人都可以在链上验证自己那一小部分。
It's just a UTXO that is split up, that has explicitly broken up ownership that each individual person can verify their one little piece of it on chain.
因此在这种背景下,那就是CTV。
And so in this context, that would be CTV.
嗯,CTV加上CSFS,其中一个是验证CTV功能实现方式的基本方法。
Well, CTV plus CSFS, which one of them is basically a way to verify what CTV enables.
但我认为这两个基本功能,天啊,你完全可以用它们构建很多东西。
But I think both of those those primitives, you god, you you could just build so much with those.
你可以用它们构建很多东西,这会彻底改变费用动态,并最终改变我们对比特币交易本质的认知。
You could build so much with those, and it completely changes the dynamics of fees and thinking about it would alter ultimately how we think about what a Bitcoin transaction is.
不过我觉得闪电网络已经做到了这一点。
But I kinda think Lightning has already done that.
对吧?
Right?
当你使用闪电网络时,你会收到发票,我认为这正逐渐成为标准化的通信方式。
Is you're you accept when you're using Lightning, you have an invoice, and I already think that's slowly but surely becoming the standard way of having that communication.
还有像ARC、Fedament、eCache这些二层、三层工具,你该如何使用它们呢?
And even things like ARC and Fedament and eCache and all of these tools that are layer twos and threes and such that there how do you use any of them?
你支付一张闪电网络发票。
You pay a lightning invoice.
闪电网络正成为通用语言,连接所有这些独立事物的纽带,对于Tether和稳定币而言也是如此——你将通过闪电网络支付发票并完成美元结算,这正是我们刚才讨论的Alan Farrington那篇精彩文章所提到的。
Like, lightning is becoming the common language, and it is becoming the connecting tissue between all of these separate things, and it is increasingly becoming the same thing for Tether and Stablecoins, is you're going to be paying lightning invoices and fulfilling dollars, which is what we were just talking about with the the Alan Farrington's fantastic piece.
如果你还没听过或读过他那篇关于稳定币的初步论述,强烈推荐一读。
If you haven't listened to this one yet or read it, his half baked thesis on stablecoins, highly recommend it.
我一直是Farrington的忠实粉丝。
Always a huge fan of Farrington.
他非常擅长解释和描绘图景,并提出了一些我未曾完全考虑过的问题。
He's does such a good job of explaining and painting the picture, and he brought up a couple different things that I hadn't totally considered.
但我内心非常认同他阐述的观点和描绘的景象。
But I I very much share a very similar opinion or similar image in my mind to what he laid out.
所以我建议大家去阅读那篇文章(如果还没看过的话),不过我认为比特币基本上已具备无限扩展和提供未来保障的能力,唯一潜在的存在性问题是需要在十到二十年的时间线上实现量子安全签名。
So I encourage you to check that one out if you haven't, but I I don't think we need much more in Bitcoin for Bitcoin to base basically scale and provide its assurances indefinitely into the future with the one kind of potential existential question of making quantum safe signatures at some ten, twenty year timeline.
无论这个时间线如何,都只是密码学本身的失效日期,我认为这是很自然的。
Whatever the timeline is for that is just the expiration date on the cryptography itself, which I think is just natural.
就像密码学也有保质期一样。
Like, cryptography has an expiration date.
我们过去使用的每一种密码系统最终都被攻破过,因此我们必须不断更新。
Every cryptography every cryptographic system we've used previously has been broken at some point, and so we would have to update it.
所以我认为这个假设是合理的,只需明白这些正是我们需要关注的变化类型和领域范围。
So I think it's safe to make that assumption and just know that those are the sorts of changes and the realm of the things that we should be concerned about.
除此之外,我认为几乎所有其他事项都可以交由更高层级处理。
And otherwise, I think almost everything else can be left to higher layers.
事实上我们可以将基础层的保障性、完整性和自主性扩展到任意所需的规模。
And we can actually extend the assurances and the integrity and the sovereignty of the base layer to as many to as great of a scale as is desired.
只要人们需要,他们就能获得这种保障。
That if people want it, they can get it.
但我们要观察Dalius的进展,因为这确实会改变一些事情。
But we will see what happens with Dalius, because this does kinda change things.
这意味着实施这个方案及其潜在假设或风险,实际上已经更贴近我们的现实处境。
This means that implementing this and the potential assumptions or risks of doing so actually just got a lot closer to home.
这种贴近是以积极的方式实现的。
They got closer to home in a good way.
它更接近我们当前对比特币安全性的认知和理解,而无需引入大量额外假设。
They they got closer to what we see of and how we think about Bitcoin being secure right now without needing to make a ton more assumptions.
这表明问题边界更容易识别,各个临界点也定义得更加清晰。
It it means that the the surface area of problems is easier to identify and more the edges are more clearly defined.
这很可能意味着我们真的可以实现这个目标。
And that may very well be and that may very well mean that we could actually get this.
它正变得更具可能性——尤其是在软分叉和比特币协议修改变得如此困难的当下。
That it it becomes closer to the realm of possibility, especially with how difficult soft forks and changing Bitcoin have has become, these days.
首先要特别感谢Kiara Bickers和《比特币杂志》,虽然我对他们有些意见,但他们的贡献毋庸置疑。
So a shout out to Kiara Bickers and to Bitcoin Magazine, obviously, for always having I'm again, you know, I I have my complaints for Bitcoin Magazine and other things.
我对那里工作的一些人持不同看法,但他们确实是极好的资源。
I have differences opinions of some people who work there, but they are a fantastic resource.
他们发布的内容非常出色。
They publish great stuff.
他们聘请的人能写出精彩的内容。
They hire people to write great stuff.
我经常把他们当作重要资源,比谷歌搜索强百倍——在加密货币新闻领域,99%的搜索结果都比不上《比特币杂志》前100名的内容。
I use them as a resource for so much, and I can't possibly like, they're a 100 times better than if you search something on Google, 99 of the top 100 Bitcoin magazine is better than the search results of every other crypto news and garbage that you're gonna find.
你能从中发现像这样的宝藏。
And you can find great stuff like this.
比如在读到这篇文章前,我甚至不知道Dalius这个人。
Like, I didn't even know about Dalius until I found this article.
所以在此特别致意。
So a shout out.
向值得尊敬的人表达敬意。
A shout out to, you know, respect where respect is due.
在结束前提醒大家:如果想获取比特币的法币价值又不想出售比特币,目前真正靠谱的渠道只有两家。
Now, before we close this out, if you want to get access to the fiat value of your Bitcoin without selling your Bitcoin, there are literally barely really two.
我只信任并实际使用过两家公司办理比特币抵押贷款。
There are two companies that I would trust and have used to get a Bitcoin backed loan.
Ledn.io平台非常出色,我通过他们的贷款完成了地下室改造、录音室建设和整栋房屋的装修。
And ledden.i0 has just an incredible platform and the loan that I took out to finish the basement and to get the studio and this house finished.
我特别高兴选择了这种方式,因为当时比特币价格是4万美元一枚。
I'm so happy that I did it that way because I did it at $40,000 per Bitcoin.
所以如果我当初卖掉比特币来做这件事,而不是贷款的话,现在能收回超过三分之二的比特币。
So if I had sold the Bitcoin to do this rather than taking out the loan, I'm going to get more than two thirds of that Bitcoin back.
这样既能保住比特币,又能拥有装修好的地下室和工作室。
I'm going to have kept it, and I'm gonna have a finished basement and a studio.
虽然这并非适用于所有情况或决策,但特别是当你打算投资或用比特币挖矿时,仔细研究平台和条款,这可能非常适合你,还能省下大量聪。
Now, it's not perfect for every situation or every decision, but especially if you're trying to make an investment or you're spending Bitcoin to mine Bitcoin, look at the platform, look at their terms, it might work perfect for you and save you a ton of sats.
我在描述区放了链接。
I got a link for you right down in the description.
还有Chroma的9折优惠码。
Plus a 10% discount to Chroma.
如果你重视光疗健康、荷尔蒙和能量水平,或是深陷红光疗法研究,chroma.co有很棒的产品,而且他们团队都是比特币爱好者。
If you were serious about your light health and your hormone and energy levels, or you've gone down the red light therapy rabbit hole, Get chroma.co has some fantastic products, and they happen to be awesome Bitcoiners.
优惠码bitcoin audible可享9折。
Discount code bitcoin audible gets you 10% off.
折扣才是王道。
Discounts are where it's at.
省下你的聪。
Save your stats.
别忘了查看人权基金会发布的《财务自由报告》。
And don't forget to check out the Financial Freedom Report by the Human Rights Foundation.
其实上期《自由报告》有个惊人消息:俄罗斯已开始针对比特币挖矿,正在建立全国矿机登记制度。
Actually, one really crazy story in the last Freedom Report, Russia has targeted Bitcoin mining now, and they're doing a national mining equipment registry.
根据现行草案,该法律实际上将授权法院依法没收所有与'未经授权的挖矿'有关的比特币。
And the law, as currently drafted, would actually empower let the courts legally confiscate all of the Bitcoin that is tied to, quote, unauthorized mining.
如果你想了解更多信息,想了解伊朗、香港、多哥的最新动态,以及俄罗斯、土耳其等地的新闻,基本上是关于全球金融压制的新闻报道,还有那些保护你主权的新颖比特币、Noster和加密工具,那就是《金融自由报告》的内容。
If you wanna find out more about it, you wanna hear about what's going on in Iran, Hong Kong, Togo, other news from Russia, Turkey, basically, the world of news around financial repression, and then a lot of the fantastic new Bitcoin, Noster, and encryption tools to protect your sovereignty, that is the Financial Freedom Report.
最后,有几个非常令人兴奋的项目正在解决网络存在的问题,如果你还没看过PubKey,一定要去看看。
And lastly, there are a handful of incredibly exciting projects around fixing what is wrong with the web, and you've got to check out PubKey if you haven't yet.
他们目前的模式,特别是他们协议中的Pikkar部分,是我最关注的三件事之一,看谁能真正解决互联网的主要问题。
Their current model and specifically Pikkar, which is part of their protocol, is in my top three things of what I am keeping a very close eye on for who can actually solve the major problems of the Internet.
如果你还没看过,特别是如果你是一个开发者,想要一种不可阻挡的方式来构建应用,不要错过这个。
And if you haven't checked it out, especially if you're a builder looking to have an unstoppable way to build an app, don't sleep on this one.
在决定如何构建之前,先看看这个。
Check it out before you make a decision of how you're building.
链接和详细信息在节目说明中,当然要订阅这个节目,因为我们还会在其他剧集中深入探讨一些具体细节,并比较各种替代方案。
Link and details are in the show notes, and obviously subscribe to the show because there will be other episodes where we dig into some of the specifics, and we kind of compare the various alternatives.
就像这里,这是我最喜欢这个节目的一部分,也是我深入研究的内容:我们如何解决网络的问题?
Like this this is the place this is part of what I love about this show and the things that I dig into is how are we gonna fix the problems of the web?
比特币如何改变这种动态?
How are how does Bitcoin change the dynamics?
我们如何重新实现点对点?
How do we bring peer to peer back?
我们如何创建,你知道的,联邦?
How do we create, you know, federations?
这类事情。
These sorts of things.
这就是本节目要探讨的内容。
That's what this show is about.
数字主权、货币自由、抗审查性,应有尽有。
Digital sovereignty, monetary freedom, censorship resistance, you name it.
这就是《比特币可听》。
That is Bitcoin Audible.
如果你想了解前沿动态,想深入挖掘背后的历史、哲学和经济学原理,别忘了订阅。
Don't forget to subscribe if you wanna hear about the front lines and you want to dig into history, the philosophy, and the economics behind all of it.
另外,如果你还没在苹果播客或谷歌播客上留下评价,请务必去写一个。
And also, if you haven't left a review on Apple Podcasts or Google Podcasts, definitely do.
这个举动对我们帮助真的很大,我其实对那边获得的评分感到非常自豪。
That's act that actually goes a really long way to helping us out, and I'm actually really proud of my rating over there.
我真心感谢那些花时间帮助这个节目获得更多关注的人。
And I seriously appreciate those who do take the time to, you know, help help this show get more attention.
所以感谢AudioNauts团队和多年来支持这个节目及我的所有人,今天就到这里。
So thank you to the AudioNauts and everybody else who has supported this show and me over the years, and, that'll wrap us up.
谢谢大家。
Thank you, guys.
我是盖伊·斯旺。
I am Guy Swan.
这里是《比特币可听》。
This is Bitcoin Audible.
各位,我们下次见,这就是我的两聪之见。
And until next time, everybody, that is my two sats.
世界本不必如此运作,但不知为何,宇宙对加密技术青睐有加。
It isn't obvious that the world had to work this way, but somehow the universe smiles on encryption.
朱利安·阿桑奇。
Julian Assange.
关于 Bayt 播客
Bayt 提供中文+原文双语音频和字幕,帮助你打破语言障碍,轻松听懂全球优质播客。