这次是跟着白皮书贴一点就翻译一点。
Abstract
A decentralised database with minimal trust between nodes would allow for the creation of a global ledger(由许多信任度最小的节点组成的去中心化的数据库将称为一个全球性的账簿). Such a ledger would have many useful applications in finance, trade, supply chain tracking and more(可以用于金融、交易、供应链跟踪等等领域或应用场景). We present Corda, a decentralised global database(一个去中心化的全球性的数据库), and describe in detail how it achieves the goal of providing a platform for decentralised app development. We elaborate on the high level description provided in the paper Corda: An introduction and provide a detailed technical discussion.
1 Introduction
In many industries significant effort is needed to keep organisation specific databases in sync with each other(工业应用场景中很多地方需要用到数据库同步). In the financial sector the effort of keeping different databases synchronised, reconciling them to ensure they actually are synchronised and resolving the ‘breaks’ that occur when they are not represents a significant fraction of the total work a bank actually does! (金融领域方面,数据库同步保证互相之间数据一致性,修复数据“缺口”,这是目前银行最重要的工作)
Why not just use a shared relational database? This would certainly solve a lot of problems using only existing technology, but it would also raise more questions than answers: (为什么不使用一个共享的数据库呢?诚然是好的,不过也有以下的一些问题)
• Who would run this database? Where would we find a sufficient supply of angels to own it?(谁运营这些数据库呢,谁愿意花这么多资源做拥有这个数据库的大好人呢?)
• In which countries would it be hosted? What would stop that country abusing the mountain of sensitive information it would have?(哪个国家来主导呢?怎么防止这个主导的国家滥用里面的敏感数据呢?)
• What if it were hacked?(如果这个共享的数据库被黑了呢?)
• Can you actually scale a relational database to fit the entire financial system?(这个金融系统注定很大的了,你怎么扩容才能满足这个关系型数据库呢?)
• What happens if The Financial System™ needs to go down for maintenance?(如果这个中心化统一的金融系统需要暂停维护咋办?若如是则世界的金融交易都将会停滞)
• What kind of nightmarish IT bureaucracy would guard changes to the database schemas?(哪个IT部门能保证数据库约束的改变还能够让系统正常运行?)
• How would you manage access control? (你怎么管理接入权限呢?)
We can imagine many other questions. A decentralised database attempts to answer them. (如果是中心化的数据库,产生的问题远不止上述提到的那些,而这些问题,都将会被去中心化的数据库所解决)
In this paper we differentiate between a decentralised database and a distributed database(本文要强调去中心化的数据库和分布式数据库的差别). A distributed database like BigTable scales to large datasets and transaction volumes by spreading the data over many computers. However it is assumed that the computers in question are all run by a single homogenous organisation and that the nodes comprising the database all trust each other not to misbehave or leak data(分布式数据库是将数据分布在多个不同的机器上,这些机器跑的都是由同系的组织运营,以确保这些机器之间是互相信任的,不会出现被黑的情况,也不会泄露数据). In a decentralised database, such as the one underpinning Bitcoin, the nodes make much weaker trust assumptions and actively cross-check each other’s work. Such databases trade performance and usability for security and global acceptance. (去中心化数据库例如比特币,节点之间是互相不信任的,并进行互相之间工作的验证,这种去中心化的数据库安全性非常高,并在世界范围内得到承认)
Corda is a decentralised database platform with the following novel features: (Corda作为去中心化数据库平台拥有以下的新特性)
• New transaction types can be defined using JVM bytecode.(新的交易类型由JVM字节码定义)
• Transactions may execute in parallel, on different nodes, without either node being aware of the other’s transactions. (不同的交易可在不同节点上并行执行,并且无需知道其它交易,因为交易结果只由输入和合约代码决定)
• Nodes are arranged in an authenticated peer to peer network. All communication is direct.(节点之间通过授权的P2P网络直接通信)
• There is no block chain(没有区块链!). Transaction races are deconflicted using pluggable notaries(交易的冲突解决由可插入的证人节点完成). A single Corda network may contain multiple notaries that provide their guarantees using a variety of different algorithms. Thus Corda is not tied to any particular consensus algorithm. (Corda网络可能存在多个证人节点来提供多种认证算法,因此Corda没有固定特定的共识算法)
• Data is shared on a need-to-know basis. Nodes provide the dependency graph of a transaction they are sending to another node on demand, but there is no global broadcast of all transactions.(数据以最小需求程度共享,交易数据只在参与方节点之间传输,没有广播到全网)
• Bytecode-to-bytecode transpilation is used to allow complex, multi-step transaction building protocols called flows to be modelled as blocking code. The code is transformed into an asynchronous state machine, with checkpoints written to the node’s backing database when messages are sent and received. A node may potentially have millions of flows active at once and they may last days, across node restarts and even upgrades. Flows expose progress information to node administrators and users and may interact with people as well as other nodes. A Flow library is provided to enable developers to re-use common Flow types such as notarisation, membership broadcast and so on.
• The data model allows for arbitrary object graphs to be stored in the ledger. These graphs are called states and are the atomic unit of data.(任意数据类型都可以保存在Corda账簿终,状态是这些数据的原子单位)
• Nodes are backed by a relational database and data placed in the ledger can be queried using SQL as well as joined with private tables, thanks to slots in the state definitions that are reserved for join keys.(节点的数据库基于关系型数据库,可以做联表查询)
• The platform provides a rich type system for the representation of things like dates, currencies, legal entities and financial entities such as cash, issuance, deals and so on.(平台提供丰富的类型来代表现实中的日期、货币、法律条文、金融工具如现金、发行、交易等等)
• States can declare a relational mapping and can be queried using SQL.(状态可以用SQL语句声明映射)
• Integration with existing systems is considered from the start. The network can support rapid bulk data imports from other database systems without placing load on the network. Events on the ledger are exposed via an embedded JMS compatible message broker.(Corda可以和现有的系统整合,账簿上的事件通过内嵌的JMS兼容的消息队列提供外界查询)
• States can declare scheduled events(状态可以声明定时事件). For example a bond state may declare an automatic transition to an "in default" state if it is not repaid in time
Corda follows a general philosophy of reusing existing proven software systems and infrastructure where possible(尽可能复用现有的经过验证的软件系统). Comparisons with Bitcoin and Ethereum will be provided throughout.
2 Overview
Corda is a platform for the writing of "CorDapps": applications that extend the global database with new capabilities. Such apps define new data types, new inter-node protocol flows and the "smart contracts" that determine allowedchanges. (CorDapp,Corda应用延伸了整个系统的能力,例如定义新的类型或编写新的智能合约)
What is a smart contract? That depends on the model of computation we are talking about. There are two competing computational models used in decentralised databases: the virtual computer model(虚拟计算机模型) and the UTXO model(未花费交易输出). The virtual computer model is used by Ethereum. It models the database as the in-memory state of a global computer with a single thread of execution determined by the block chain. In the UTXO model, as used in Bitcoin, the database is a set of immutable rows keyed by (hash:output index). Transactions define outputs that append new rows and inputs which consume existing rows. The term "smart contract" has a different meaning in each model. A deeper discussion of the tradeoffs and terminology in the different approaches can be found in the Corda introductory paper.
We use the UTXO model and as a result our transactions are structurally similar to Bitcoin transactions: they have inputs, outputs and signatures. Unlike Bitcoin, Corda database rows can contain arbitrary data, not just a value field. Because the data consumed and added by transactions is not necessarily a set of key/value pairs, we don’t talk about rows but rather states. Like Bitcoin, Corda states are associated with bytecode programs that must accept a transaction for it to be valid, but unlike Bitcoin, a transaction must satisfy the programs for both the input and output states at once. Issuance transactions(发行交易) may append new states to the database without consuming any existing states but unlike in Bitcoin these transactions are not special and may be created at any time, by anyone. (Corda用UTXO模型,但是与比特币又有很多区别)
In contrast to both Bitcoin and Ethereum, Corda does not order transactions using a block chain and by implication does not use miners or proof-of-work. Instead each state points to a notary, which is a service that guarantees it will sign a transaction only if all the input states are un-consumed(Corda不使用工作量证明,而使用证人节点服务). A transaction is not allowed to consume states controlled by multiple notaries and thus there is never any need for two-phase commit between notaries. If a combination of states would cross notaries then a special transaction type is used to move them onto a single notary first. See for more information.
The Corda transaction format has various other features which are described in later sections.
3 The peer to peer network(P2P网络)
3.1 Network overview
A Corda network consists of the following components:
• Nodes, communicating using AMQP/1.0 over TLS. Nodes use a relational database for data storage.(节点,通过使用AMQP协议和TLS加密进行通讯,即使用消息队列和https,节点的数据存储使用关系型数据库)
• A permissioning service that automates the process of provisioning TLS certificates.(一个准入服务自动完成提供TLS证书的过程,即加入Corda网络需要获得管理员的批准)
• A network map service that publishes information about nodes on the network.(一个网络映射服务能够发布网络上节点的信息)
• One or more notary services. A notary may itself be distributed over multiple nodes.(一个或多个公证人服务,一个公证人服务可能是分布式地由多个节点组成)
• Zero or more oracle services. An oracle is a well known service that signs transactions if they state a fact and that fact is considered to be true. They may also optionally also provide the facts. This is how the ledger can be connected to the real world, despite being fully deterministic.(没有或有多个先知服务,一个先知是一个为人所知的服务,它可以为它们认为真实的交易签名,它们也可以选择提供事实,这样账簿就能跟真实世界联系起来)
A purely in-memory implementation of the messaging subsystem is provided which can inject simulated latency between nodes and visualise communications between them. This can be useful for debugging, testing and educational purposes.(此外,还设计了一个内置的消息子系统,可以可视化交易,可用于调试、测试、教育)
Oracles and notaries are covered in later sections.
3.2 Identity and the permissioning service
Unlike Bitcoin and Ethereum, Corda is designed for semi-private networks(半私有网络) in which admission requires obtaining an identity signed by a root authority(准入条件是需要一个由根权限管理节点认证的身份). This assumption is pervasive - the flow API provides messaging in terms of identities, with routing and delivery to underlying nodes being handled automatically. There is no global broadcast at any point(任何一点都没有广播).
This ‘identity’ does not have to be a legal or true identity(Corda网络中的身份名称无需是合法真实的名称). In the same way that an email address is a globally unique pseudonym that is ultimately rooted by the top of the DNS hierarchy(道理类似于电子邮件,不管你用的是什么假名,最后都由DNS解析成你的IP来定位目标机器), so too can a Corda network work with arbitrary self-selected usernames(因此Corda里面允许自定义的用户名). The permissioning service can implement any policy it likes as long as the identities it signs are globally unique(网络准入服务可以使用不同的政策,只要其认证的身份名称是全网络唯一的就行). Thus an entirely anonymous Corda network is possible if a suitable IP obfuscation system like Tor is also used.
Whilst simple string identities are likely sufficient for some networks, the financial industry typically requires some level of know your customer checking(金融行业还是有了解客户的需求), and differentiation between different legal entities, branches and desks that may share the same brand name. Corda reuses the standard PKIX(公钥基础设施) infrastructure for connecting public keys to identities and thus names are actually X.500 names. When a single string is sufficient the common name field can be used alone, similar to the web PKI. In more complex deployments the additional structure X.500 provides may be useful to differentiate between entities with the same name(X.500可以区别相同名字的不同实体). For example there are at least five different companies called American Bank and in the past there may have been more than 40 independent banks with that name.
More complex notions of identity that may attest to many time-varying attributes are not handled at this layer of the system: the base identity is always just an X.500 name. Note that even though messaging is always identified, transactions themselves may still contain anonymous public keys. (交易本身可能还包含匿名公钥)
3.3 The network map
Every network requires a network map service, which may itself be composed of multiple cooperating nodes(每个网络都需要一个网络地图服务). This is similar to Tor’s concept of directory authorities. The network map publishes the IP addresses through which every node on the network can be reached, along with the identity certificates of those nodes and the services they provide(网络地图向网络中可到达的节点发布IP地址及其身份证书和提供的服务). On receiving a connection, nodes check that the connecting node is in the network map. (接受一个连接的时候,节点需要检查连接的节点包含在网络地图中)
The network map abstracts the underlying IP addresses of the nodes from more useful business concepts like identities and services. Each participant on the network, called a party, publishes one or more IP addresses in the network map(每个参与者团体在网络地图中公布一个或多个IP地址). Equivalent domain names may be helpful for debugging but are not required. User interfaces and APIs always work in terms of identities(UI和API总是基于身份进行运作) - there is thus no equivalent to Bitcoin’s notion of an address (hashed public key)(比特币的地址是公钥的哈希,是匿名的,与Corda的不同), and user-facing applications rely on auto-completion and search(Corda可以通过自动填充或搜索找到对方地址) rather than QRcodes to identify a logical recipient(比特币则有点类似扫二维码来找到对方的地址).
It is possible to subscribe to network map changes and registering with the map is the first thing a node does at startup(可以订阅网络地图变化,节点在启动的时候应首先向网络映射注册). Nodes may optionally advertise their nearest city for load balancing and network visualisation purposes. (节点可以选择性地发送所在的最近城市,以达到负载均衡和网络可视化的目的)
The map is a document that may be cached and distributed throughout the network(网络地图是一个文件,可以被缓存也可以被分发到整个网络中). The map is therefore not required to be highly available: if the map service becomes unreachable new nodes may not join the network and existing nodes may not change their advertised service set, but otherwise things continue as normal.
3.4 Message delivery
The network is structurally similar to the email network(Corda网络结构上和邮件网络很像). Nodes are expected to be long lived but may depart temporarily due to crashes, connectivity interruptions or maintenance(节点都是长期存活提供服务的,但也有可能由于崩溃、连接中断或维护而短暂离开网络). Messages are written to disk and delivery is retried until the remote node has acknowledged a message, at which point it is expected to have either reliably stored the message or processed it completely(消息会被持久化到磁盘中知道远端节点承认这条消息,即这条消息期望是被可靠地存储了或完整地处理了). Connections between nodes are built and torn down as needed: there is no assumption of constant connectivity. An ideal network would be entirely flat with high quality connectivity between all nodes, but Corda recognises that this is not always compatible with common network setups and thus the message routing component of a node can be separated from the rest and run outside the firewall(Corda认为普通网络设置并不总是兼容,故一个节点的消息路由组件可以与其它组件分离并运行于防火墙以外). Being outside the firewall or in the firewall’s ‘de-militarised zone’ (DMZ) is required to ensure that nodes can connect to anyone on the network, and be connected to in turn(保证节点可以连接到网络中的任意节点上,同时也可以被其它节点连接到). In this way a node can be split into multiple sub-services that do not have duplex connectivity yet can still take part in the network as first class citizens(因此一个节点可以被划分为多个没有重复连接的子服务). Additionally, a single node may have multiple advertised IP addresses. (此外,一个单独的节点也可以拥有多个对外宣传的IP地址)
3.5 Serialization, sessioning, deduplication and signing(序列化、会话、去重、签名)
All messages are encoded using a compact binary format(所有消息通过一种二进制压缩格式进行编码). Each message has a UUID set in an AMQP header which is used as a deduplication key, thus accidentally redelivered messages will be ignored. (每一条消息都由一个UUID在AMQP消息头中,作为一个防止重复的字段,因此偶然的重发消息会被忽略)
Messages may also have an associated organising 64-bit session ID. Note that this is distinct from the AMQP notion of a session(信息中还关联了一个64位的会话ID,这个有别于AMQP的会话概念). Sessions can be long lived and persist across node restarts and network outages. They exist in order to group messages that are part of a flow(这个关联在信息中的会话ID有效时间非常长,并且会被节点持久化,贯穿于节点的重启和断网过程,这个会话ID的作用主要是将消息归类), described in more detail below.
Messages that are successfully processed by a node generate a signed acknowledgement message called a ‘receipt’(被节点成功处理的消息会产生一个签名的认证消息,叫做“收据”). Note that this is distinct from the unsigned acknowledgements that live at the AMQP(区别于存在于AMQP中未被签名的认证) level and which simply flag that a message was successfully downloaded over the wire. A receipt may be generated some time after the message is processed in the case where acknowledgements are being batched to amortise signing overhead, and the receipt identifies the message by the hash of its content. The purpose of the receipts is to give a node undeniable evidence(收据的目的在于为节点的处理结果提供不可否认的证据) that a counterparty received a notification that would stand up later in a dispute mediation process. Corda does not attempt to support deniable messaging. (Corda没有意向支持可撤回的消息系统,就是Corda里面的消息通讯都是不可撤回、不可抵赖的)
4 Flow framework(流框架)
4.1 Overview
It is common in decentralised ledger systems for complex multi-party protocols to be needed(去中心化账簿系统需要复杂的多方协议). The Bitcoin payment channel protocol involves two parties putting money into a multi-signature pot, then iterating with your counterparty a shared transaction that spends that pot, with extra transactions used for the case where one party or the other fails to terminate properly. Such protocols typically involve reliable private message passing, checkpointing to disk, signing of transactions, interaction with the p2p network, reporting progress to the user, maintaining a complex state machine with timeouts and error cases, and possibly interaction with internal systems on either side(这种协议通常包括可靠的私有消息传递、硬盘备份检查点、交易签名、与p2p网络通信、进度报告用户、维护一个包含许多超时和错误检查的复杂状态机、甚至可能需要与内部系统通信). All this can become quite involved(这些实现可能会非常复杂难懂). The implementation of Bitcoin payment channels in the bitcoinj library is approximately 9000 lines of Java, very little of which involves cryptography. (Java版比特币的库里面有大约9000行Java代码,其中只有少部分涉及加密学)
As another example, the core Bitcoin protocol only allows you to append transactions to the ledger. Transmitting other information that might be useful such as a text message, refund address, identity information and so on is not supported(比特币对于传输其它有用的消息是不支持的) and must be handled in some other way - typically by wrapping the raw ledger transaction bytes in a larger message that adds the desired metadata and giving responsibility for broadcasting the embedded transaction to the recipient, as in Bitcoin’s BIP 70.
In Corda transaction data is not globally broadcast. Instead it is transmitted to the relevant parties only when they need to see it. Moreover even quite simple use cases - like sending cash - may involve a multi-step negotiation between counterparties and the involvement of a third party such as a notary. Additional information that isn’t put into the ledger is considered essential(Corda设计中必须支持不在账簿中的但与账簿终的交易有联系的外部信息), as opposed to nice-to-have(并不是可有可无的). Thus unlike traditional block chain systems in which the primary form of communication is global broadcast, in Corda all communication takes the form of small multi-party sub-protocols called flows. (Corda中所有的通信只在相关的多方形成的小团体中,这种通信被称为流)
The flow framework presents a programming model that looks to the developer as if they have the ability to run millions of long lived threads which can survive node restarts, and even node upgrades(流框架提供了一个编程模型,让开发者看起来可以让他们运行数百万长期运行的线程,并存活于节点的重启甚至节点升级中). APIs are provided to send and receive object graphs to and from other identities on the network, embed sub-flows, and report progress to observers(API可以提供和其它节点发送和接受对象图的能力,以嵌入子流和向观察者报告进度). In this way business logic can be expressed at a very high level, with the details of making it reliable and efficient abstracted away. This is achieved with the following components.
Just-in-time state machine compiler.(及时状态机编译器) Code that is written in a blocking manner typically cannot be stopped and transparently restarted later. The first time a flow’s call method is invoked a bytecode-to-bytecode transformation occurs that rewrites the classes into a form that implements a resumable state machine(可恢复的状态机). These state machines are sometimes called fibers or coroutines(纤程,协同程序), and the transformation engine Corda uses (Quasar) is capable of rewriting code arbitrarily deep in the stack on the fly(Corda通过Quasar支持协同程序编程). The developer may thus break his or her logic into multiple methods and classes, use loops, and generally structure their program as if it were executing in a single blocking thread(开发者可以将他们的逻辑分开成多个方法或类,利用循环,将他们的程序结构化成好像在运行单个阻塞的线程,关于协程可以看更多的资料,比如python原生支持协程编写,好处就是无需自己写线程的挂起、恢复等操作,而是通过处理完返回之后立即从挂起的位置继续往下运行). There’s only a small list of things they should not do: sleeping, directly accessing the network APIs, or doing other tasks that might block outside of the framework. (开发者只要不做这些就行了:让线程睡眠、直接访问网络API、其它会阻塞外面框架的任务,这些操作都会使得框架的API被这个协程中途挂起时阻塞,体验不好)
Transparent checkpointing.(透明的检查点) When a flow wishes to wait for a message from another party (or input from a human being) the underlying stack frames are suspended onto the heap, then crawled and serialized into the node’s underlying relational database using an object serialization framework(当一个节点希望等待一个消息的反馈时,进行中的栈帧会被挂起到堆中,并利用对象序列化框架序列化到节点的关系型数据库中). The written objects are prefixed with small schema definitions that allow some measure of portability across changes to the layout of objects, although portability across changes to the stack layout is left for future work. Flows are resumed and suspended on demand(流会根据需要恢复或挂起), meaning it is feasible to have far more flows active at once than would fit in memory. The checkpointing process is atomic with changes to local storage and acknowledgement of network messages. (检查点过程是原子性的)
Identity to IP address mapping.(IP地址与身份映射) Flows are written in terms of identities(流是基于身份来写的). The framework takes care of routing messages to the right IP address for a given identity(框架通过给定的身份将消息路由到正确的IP地址), following movements that may take place whilst the flow is active and handling load balancing for multi-homed parties as appropriate.
Progress reporting.(进度报告) Flows can provide a progress tracker that indicates which step they are up to. Steps can have human-meaningful labels, along with other tagged data like a progress bar. Progress trackers are hierarchical and steps can have sub-trackers for invoked sub-flows.
Flow hospital.(流收容所) Flows can pause if they throw exceptions or explicitly request human assistance(流可以在出现异常或需要人类帮助的时候暂停). A flow that has stopped appears in the flow hospital where the node’s administrator may decide to kill the flow or provide it with a solution(当节点的管理员可能决定杀掉这个流或为这个流提供解决方案的时候,这个流会停止并出现在流收容所). The ability to request manual solutions is useful for cases where the other side isn’t sure why you are contacting them, for example, the specified reason for sending a payment is not recognised, or when the asset used for a payment is not considered acceptable. (这种能够允许加入人工解决方案的能力对于一些特殊情况下是有非常大的作用,例如特殊的原因使得发送支付不被认可的特殊原因有作为支付的资产不再被接受)
Flows are named using reverse DNS notation and several are defined by the base protocol. Note that the framework is not required to implement the wire protocols, it is just a development aid.
4.2 Data visibility and dependency resolution
When a transaction is presented to a node as part of a flow it may need to be checked(交易作为工作流的一部分被传到节点的时候需要被检查). Simply sending you a message saying that I am paying you £1000 is only useful if you are sure I own the money I’m using to pay you(只有足够未被花费的钱存在,则这个付钱的交易才有效). Checking transaction validity is the responsibility of the ResolveTransactions flow(ResolveTransactions工作流的任务就是来检查交易的有效性). This flow performs a breadth-first search(广度优先搜索) over the transaction graph, downloading any missing transactions into local storage and validating them(下载缺失的交易数据到本地存储并校验它们). The search bottoms out at the issuance transactions(这个搜索直到找到发行的交易为止,典型的UTXO模型). A transaction is not considered valid if any of its transitive dependencies are invalid(任何一个过渡中的依赖无效则交易无效).
It is required that a node be able to present the entire dependency graph for a transaction it is asking another node to accept. Thus there is never any confusion about where to find transaction data. Because transactions are always communicated inside a flow, and flows embed the resolution flow, the necessary dependencies are fetched and checked automatically from the correct peer. Transactions propagate around the network lazily and there is no need for distributed hash tables.
Whilst this system is simpler than creating rigid data partitions and clearly provides better privacy than global broadcast, in the absence of additional privacy measures it is nonetheless still difficult to reason about who may get to see transaction data. This uncertainty is mitigated by several factors(对于隐私规则仍然很难确定,不过下面几个因素可能对于这种不确定性有所缓解).
Small-subgraph transactions.(小子图交易) Some uses of the ledger do not involve widely circulated asset states. For example, two institutions that wish to keep their view of a particular deal synchronised but who are making related payments off-ledger may use transactions that never go outside the involved parties. A discussion of on-ledger vs off-ledger cash can be found in a later section. (一些广泛流通的资产交易可能不在账簿上)
Transaction privacy techniques.(交易隐私技术) Corda supports a variety of transaction data hiding techniques(Corda支持一系列交易数据隐藏技术). For example, public keys can be randomised to make it difficult to link transactions to an identity(例如公钥可以随机化,使得交易很难被关联到某个账户上). "Tear-offs"allow some parts of a transaction to be presented without the others(后文提到的一种“撕裂”技术,可以在不提供交易的所有部分数据,仅提供该部分数据的父节点hash即可完成验证,这样也可以达到隐匿完整交易数据的功能). In future versions of the system secure hardware and/or zero knowledge proofs could be used to convince a party of the validity of a transaction without revealing the underlying data(在未来版本的Corda系统中将实现0知识验证交易的有效性).
State re-issuance.(状态重发行) In cases where a state represents an asset that is backed by a particular issuer, and the issuer is trusted to behave atomically even when the ledger isn’t forcing atomicity, the state can simply be ‘exited’ from the ledger and then re-issued(对于某些有现实资产背书的状态资产,发行者可以让这些资产从账簿系统“退出”,然后重发行). Because there are no links between the exit and reissue transactions this shortens the chain(退出和重发行之间没有联系,这样也可以达到资产的隐秘性,并且这么做也可以使得交易链变短,交易链的头部是发行的状态). In practice most issuers of highly liquid assets are already trusted with far more sensitive tasks than reliably issuing pairs of signed data structures, so this approach is unlikely to be an issue.
5 Data model
5.1 Transaction structure
States are the atomic unit of information in Corda. They are never altered: they are either current (‘unspent’) or consumed (‘spent’) and hence no longer valid. Transactions consume zero or more states (inputs) and create zero or more new states (outputs). Because states cannot exist outside of the transactions that created them, any state whether consumed or not can be identified by the identifier of the creating transaction and the index of the state in the outputs list. (状态是Corda中信息的原子单位,状态一旦产生并固定下来,则它们不会再被改变,要不就是当前状态“未消费”,要不就是已经被消费的状态并因此不再有效。交易消耗0个或多个状态作为输入并产生0个或多个状态作为输出。因为状态不可能存在于交易之外,因此任何状态是否已经被消费可以被创建状态的交易和状态在输出中的编号确定下来。)Transactions consist of the following components: (交易的数据结构包含以下的部分)
Input references (输入索引)These are (hash, output index) pairs that point to the states a transaction is consuming. (输入所以是<哈希, 输出序号>对,用来指向需要消耗的交易中的状态)
Output states (输出状态)Each state specifies the notary for the new state, the contract(s) that define its allowed transition functions and finally the data itself.(每一个状态指定认证新状态的公正节点、定义过渡方法的智能合约、状态的数据)
Attachments (附件)Transactions specify an ordered list of zip file hashes. Each zip file may contain code, data, certificates or supporting documentation for the transaction. Contract code has access to the contents of the attachments when checking the transaction for validity.(交易指定一系列的压缩文件的哈希列表,每一个压缩文件包含合约代码、数据、证书或支持的法律文件,合约代码可以在校验交易是否有效的时候访问压缩文件中的内容)
Commands (命令)There may be multiple allowed output states from any given input state. For instance an asset can be moved to a new owner on the ledger, or issued, or exited from the ledger if the asset has been redeemed by the owner and no longer needs to be tracked. A command is essentially a parameter to the contract that specifies more information than is obtainable from examination of the states by themselves (e.g. data from an oracle service). Each command has an associated list of public keys. Like states, commands are object graphs.(命令是合约的的一个参数,每个命令包含一系列的公钥,和状态一样命令也是对象图)
Signatures (签名)The set of required signatures is equal to the union of the commands’ public keys.(交易中所需要的签名和命令中的公钥是一一对应的)
Type (类型)Transactions can either be normal or notary-changing. The validation rules for each are different.(交易可以是正常的或是公正节点变更的,校验的规则不一样)
Timestamp (时间戳)When present, a timestamp defines a time range in which the transaction is considered to have occurrred. This is discussed in more detail below.(时间戳定义了交易出现的一个时间窗口)
Summaries (概述)Textual summaries of what the transaction does, checked by the involved smart contracts. This field is useful for secure signing devices.(用明文描述这个交易的作用)
Signatures are appended to the end of a transaction and transactions are identified by the hash used for signing, so signature malleability is not a problem. There is never a need to identify a transaction including its accompanying signatures by hash(签名会追加到交易的尾部,而交易是通过用于签名的部分的哈希来定位的,即追加的签名不会影响交易的哈希,这有利于签名的延展性,没有必要将附带的签名也随交易一起哈希). Signatures can be both checked and generated in parallel, and they are not directly exposed to contract code. Instead contracts check that the set of public keys specified by a command is appropriate, knowing that the transaction will not be valid unless every key listed in every command has a matching signature(签名可以同时被检查和生成,但不会直接暴露给合约代码,取而代之的是合约代码可以检查命令中的公钥,因为只有当命令中的公钥和签名一一对应,交易才有效). Public key structures are themselves opaque. In this way algorithmic agility is retained: new signature algorithms can be deployed without adjusting the code of the smart contracts themselves. (这还有个好处是签名算法部署可以不用适配智能合约的代码)
5.2 Composite keys(混合钥匙)
The term "public key" in the description above actually refers to a composite key(上面提到的命令里面的公钥其实是一个混合钥匙). Composite keys are trees in which leaves are regular cryptographic public keys with an accompanying algorithm identifiers. Nodes in the tree specify both the weights of each child and a threshold weight that must be met. The validty of a set of signatures can be determined by walking the tree bottom-up, summing the weights of the keys that have a valid signature and comparing against the threshold(混合钥匙是一种树状结构,其中的叶子节点是一个普通的加密公钥和对应的算法标志,树种的非叶子节点指定其各孩子节点的权重以及本节点有效的一个临界权重,根节点的有效性是通过遍历这棵树到叶子节点,将所有权重计算出来并与阈值比较). By using weights and thresholds a variety of conditions can be encoded, including boolean formulas with AND and OR. (这样可以通过编程考虑到很多情况)
Composite keys are useful in multiple scenarios. For example, assets can be placed under the control of a 2-of-2 composite key where one leaf key is owned by a user, and the other by an independent risk analysis system. The risk analysis system refuses to sign if the transaction seems suspicious, like if too much value has been transferred in too short a time window. Another example involves encoding corporate structures into the key, allowing a CFO to sign a large transaction alone but his subordinates are required to work together. Composite keys are also useful for notaries. Each participant in a distributed notary is represented by a leaf, and the threshold is set such that some participants can be offline or refusing to sign yet the signature of the group is still valid. (这里举了几个例子说明混合钥匙的用法,类似于投票,混合钥匙的好处是可以进行复杂的投票,可以适应多种情况)
Whilst there are threshold signature schemes in the literature that allow composite keys and signatures to be produced mathematically, we choose the less space efficient explicit form in order to allow a mixture of keys using different algorithms(允许使用不同算法的密钥,可以同时允许所有的参与者使用不同版本的密钥). In this way old algorithms can be phased out and new algorithms phased in without requiring all participants in a group to upgrade simultaneously.
5.3 Timestamps(时间戳)
Transaction timestamps specify a [start, end] time window within which the transaction is asserted to have occurred. Timestamps are expressed as windows because in a distributed system there is no true time, only a large number ofdesynchronised clocks. This is not only implied by the laws of physics but also by the nature of shared transactions - especially if the signing of a transaction requires multiple human authorisations, the process of constructing a joint
transaction could take hours or even days. (时间戳其实是一段时间,因为世界上不同的地方时钟难以精确地校准到同一个时间点,自然地,对于一个交易的出现时间其实是在一段不太长的时间窗口中,此外,人们交易的过程往往持续数个小时甚至数天,不是在某个瞬间就能完成交易过程的)
It is important to note that the purpose of a transaction timestamp is to communicate the transaction’s position on the timeline to the smart contract code for the enforcement of contractual logic. Whilst such timestamps may also be
used for other purposes, such as regulatory reporting or ordering of events in a user interface, there is no requirement to use them like that and locally observed timestamps may sometimes be preferable even if they will not exactly match the time observed by other parties. Alternatively if a precise point on the timeline is required and it must also be agreed by multiple parties, the midpoint of the time window may be used by convention. Even though this may not precisely align to any particular action (like a keystroke or verbal agreement) it is often useful nonetheless. (时间戳的作用一般有进度报告和有效性校验等,如果需要一个单个的时间戳,也可以将时间窗的中间点作为该时间窗的时间点)
Timestamp windows may be open ended in order to communicate that the transaction occurred before a certain time or after a certain time, but how much before or after is unimportant. This can be used in a similar way to Bitcoin’s nLockTime transaction field, which specifies a happens-after constraint.
Timestamps are checked and enforced by notary services(时间戳由公正服务进行检查). As the participants in a notary service will themselves not have precisely aligned clocks, whether a transaction is considered valid or not at the moment it is submitted to a notary may be unpredictable if submission occurs right on a boundary of the given window. However, from the perspective of all other observers the notary’s signature is decisive: if the signature is present, the transaction is assumed to have occurred within that time. (如果参与者向公正服务提交的交易获得了公正服务的签名,则说明交易是有效的,并且交易发生在有效的时间窗内)
Reference clocks. In order to allow for relatively tight time windows to be used when transactions are fully under the control of a single party, notaries are expected to be synchronised to the atomic clocks at the US Naval Observatory(公正服务需要和美国海洋观察所的原子钟进行时间同步,作为校准时钟). Accurate feeds of this clock can be obtained from GPS satellites. Note that Corda uses the Java timeline which is UTC with leap seconds spread over the last 1000 seconds of the day, thus each day always has exactly 86400 seconds(Corda使用Java的时间线,UTC时间,每天固定86400秒). Care should be taken to ensure that changes in the GPS leap second counter are correctly smeared in order to stay synchronised with Java time. When setting a transaction time window care must be taken to account for network propagation delays between the user and the notary service, and messaging within the notary service. (设定交易有效时间窗的时候需要考虑到用户和公正服务之间的网络延迟,别设置得太紧了)
5.4 Attachments and contract bytecodes(附件和合约字节码)
Transactions may have a number of attachments, identified by the hash of the file(交易可能包含一系列的附件,通过文件的哈希索引). Attachments are stored and transmitted separately to transaction data(附件和交易数据分开存储) and are fetched by the standard resolution flow only when the attachment has not previously been seen before.
Attachments are always zip files and cannot be referred to individually by contract code(附件总是以压缩文件的方式存在,并且不能单独地被合约代码读取). The files within the zips are collapsed together into a single logical file system, with overlapping files being resolved in favour of the first mentioned. Not coincidentally, this is the mechanism used by Java classpaths.
Smart contracts in Corda are defined using JVM bytecode(Corda的智能合约由JVM字节码定义) as specified in "The Java Virtual Machine Specification SE 8 Edition", with some small differences that are described in a later section. A contract is simply a class that implements the Contract interface, which in turn exposes a single function called verify. The verify function is passed a transaction and either throws an exception if the transaction is considered to be invalid, or returns with no result if the transaction is valid. The set of verify functions to use is the union of the contracts specified by each state (which may be expressed as constraints, see §5.9)(一个只能合约最简单的形式是实现Contract接口中的verify方法,verify方法的作用是传入交易进行校验,如果交易无效则抛出异常,交易有效则无返回,verify方法使用的结合是每一个状态,也即约束). Embedding the JVM specification in the Corda specification enables developers to write code in a variety of languages, use well developed toolchains, and to reuse code already authored in Java or other JVM compatible languages. (采用JVM字节码来定义智能合约的好处是可以有多种实现的语言,只要这些语言最终都可以编译成JVM字节码即可)
The Java standards also specify a comprehensive type system for expressing common business data. Time and calendar handling is provided by an implementation of the JSR 310 specification, decimal calculations can be performed either using portable (‘strictfp’) floating point arithmetic or the provided bignum library, and so on. These libraries have been carefully engineered by the business Java community over a period of many years and it makes sense to build on this investment. (Corda使用一系列Java标准基础设施,这些基础设施是经过精心编码并且久经考验的,稳)
The Java standards also specify acomprehensive type system for expressing common business data. Time andcalendar handling is provided by an implementation of the JSR 310specification, decimal calculations can be performed either using portable (‘strictfp’) floating point arithmetic or the provided bignum library, and soon. These libraries have been carefully engineered by the business Javacommunity over a period of many years and it makes sense to build on thisinvestment. (Corda使用一系列Java标准基础设施,这些基础设施是经过精心编码并且久经考验的,稳)
Contract bytecode also defines thestates themselves, which may be arbitrary object graphs(合约字节码同时也定义了它们自身的状态,可以是任意的类图). Because JVM classes are not a convenient form to work with fromnon-JVM platforms the allowed types are restricted and a standardised binary encodingscheme is provided(由于JVM类与非JVM平台结合使用会带来不便性,因此Corda限制了允许使用的类型,并提供了标准的二进制编码约束). States maylabel their properties with a small set of standardised annotations. These canbe useful for controlling how states are serialised to JSON and XML (using JSR367 and JSR 222 respectively), for expressing static validation constraints(JSR 349) and for controlling how states are inserted into relational databases(JSR 338)(Corda限制状态中各属性的类型,必须使用标准类型,即字符串、整形、浮点类型、布尔型等,这样做有很多考虑,最大的好处是将状态序列化成JSON或XML时有很大便利,此外,状态也很容易通过SQL语句插入到关系型数据库中). This feature is discussedlater.
Attachments may also contain data filesthat support the contract code. These may be in the same zip as the bytecodefiles, or in a different zip that must be provided for the transaction to bevalid(附件中还可能带有数据文件来支持合约代码,可能在字节码的同一个压缩文件中,也可能在不同的压缩文件中). Examples of such data files might include currency definitions,timezone data and public holiday calendars. Any public data may be referencedin this way(任何公共的数据都可以以这种形式存储,例如存一些货币定义、时区数据、公共假期日历等).Attachments are intended for data on the ledger that many parties may wish toreuse over and over again. Data files are accessed by contract code using thesame APIs as any file on the classpath would be accessed. The platform imposessome restrictions on what kinds of data can be included in attachments alongwith size limits, to avoid people placing inappropriate files on the globalledger (videos, PowerPoints etc).(平台也作了一些限制,以防参与者存放一些不合适的文件在总账上,例如视频、PPT等)
Note that the creator of a transactiongets to choose which files are attached. Therefore, it is typical that statesplace constraints on the data they’re willing to accept. Attachments providedata but do not authenticate it, so if there’s a risk of someone providing baddata to gain an economic advantage there must be a constraints mechanism toprevent that from happening. This is rooted at the contract constraints encodedin the states themselves: a state can not only name a class that implements theContract interface but also placeconstraints on the zip/jar file that provides it. That constraint can in turnbe used to ensure that the contract checks the authenticity of the data -either by checking the hash of the data directly, or by requiring the data tobe signed by some trusted third party.(不过如果上传附件的坏人提供的是坏数据咋办?合约约束里面还可以定义更多的约束,例如可以设置约束让附件中的数据获得可信的第三方的签名认证)
5.5 Hard forks, specifications and dispute resolution
Decentralisedledger systems often differ in their underlying political ideology as well astheir technical choices(分布式账簿系统的政治意识形态和技术选择常常不同). The Ethereum project originally promised "unstoppableapps" which would implement "code as law". After a prominentsmart contract was hacked, an argument took place over whether what hadoccurred could be described as a hack at all given the lack of any non-codespecification of what the program was meant to do. The disagreement eventuallyled to a split in the community.(以太坊曾宣称“代码就是法律”,但是以太坊曾经遭受了一次黑客攻击合约代码导致大量资产流失,在创始人的号召下进行了硬分叉以挽回损失,这种方式最终导致以太坊社区的分裂)
As Corda contractsare simply zip files, it is easy to include a PDF or other documents describingwhat a contract is meant to actually do(Corda合约都是简单的压缩文件,因此也可以很方便地包含一个描述这个合约实际实现的逻辑的文档). There is no requirement to use this mechanism, and there is norequirement that these documents have any legal weight(包含说明文件这种方式并不是强制的). However in financial use cases it’s expected that they would belegal contracts that take precedence over the software implementations in caseof disagreement.(不过,在金融领域,这种方式能够升级成有法律效力的合约,并能够在产生分歧的时候通过法律解决冲突,区别于以太坊通过创始人号召的方式解决冲突)
It is technicallypossible to write a contract that cannot be upgraded. If such a contractgoverned an asset that existed only on the ledger, like a cryptocurrency, thenthat would provide an approximation of "code as law"(如果编写的合约不能升级来修改,那么这种就成为“代码即法律”了). We leave discussion of the wisdom of this concept to politicalscientists and reddit.
Platform logging(平台日志)There is no direct equivalent in Corda of a blockchain "hard fork", so the only solution to discarding buggy orfraudulent transaction chains would be to mutually agree out of band to discardan entire transaction subgraph(由于Corda没有像区块链那样的硬分叉,所以只能通过舍弃出现缺陷或错误的交易子图来解决错误). As there is no global visibility either this mutual agreementwould not need to encompass all network participants: only those who may havereceived and processed such transactions. The flip side of lacking globalvisibility is that there is no single point that records who exactly has seenwhich transactions. Determining the set of entities that’d have to agree todiscard a subgraph means correlating node activity logs. Corda nodes logsufficient information to ensure this correlation can take place(由于Corda的交易只是在参与方能够传播到,因此舍弃交易子图的时候为了能够使使用到这个交易的其它节点能够感知得到,需要节点的活动日志来支持). The platform defines a flow to assist with this, which can be usedby anyone. A tool is provided that generates an "investigation request"and sends it to a seed node. The flow signals to the node administrator that adecision is required, and sufficient information is transmitted to the node totry and convince the administrator to take part (e.g. a signed court order). Ifthe administrator accepts the request through the node explorer interface, thenext hops in the transaction chain are returned. In this way the tool cansemi-automatically crawl the network to find all parties that would be affectedby a proposed rollback(Corda提供了相关的工具进行半自动化地爬取需要回滚的交易的所有相关交易). The platform does not take a position on what types of transactionrollback are justified and provides only minimal support for implementingrollbacks beyond locating the parties that would have to agree.
Once involvedparties are identified there are at least two strategies for editing the ledger(参与方修复账簿的两个策略). One isto extend the transaction chain with new transactions that simply correct thedatabase to match the intended reality(一个策略是通过参与方的协商,在交易链的尾部继续连接一个新的修正交易,这种策略适用于参与方人数较少,并且是一些比较容易修复的交易数据,且修复后没有坏数据). For this to be possible the smart contract must have been writtento allow arbitrary changes outside its normal business logic when a sufficient thresholdof signatures is present. This strategy is simple and makes the most sense whenthe number of parties involved in a state is small and parties have noincentive to leave bad information in the ledger. For asset states that are theresult of theft or fraud the only party involved in a state may resist attemptsto patch things up in this way, as they may be able to benefit in the realworld from the time lag between the ledger becoming inaccurate and it catchingup with reality. In this case a more complex approach can be used in which theinvolved parties minus the uncooperative party agree to mark the relevantstates as no longer consumed/spent. This is essentially a limited form ofdatabase rollback.(另一种情况更麻烦一些,例如黑客盗窃,它们已经从真实世界中获利了,自然就不会同意第一种策略中的方式通过新的交易来修复出错的数据,这时候需要一种更复杂的方式,就是参与方人数较多,权重较大,减去不合作的参与方例如黑客的权重,之后,仍然有效,则可以标记相关的状态为未花费,以此来挽回部分损失,这种方式进行数据库回滚作用非常有限)
5.6 Identity lookups(身份查询)
In all block chaininspired systems there exists a tension between wanting to know who you aredealing with and not wanting others to know(在所有的区块链启发的系统中都有这样的矛盾,你既想知道交易中对方的身份,但又不想无关人员知道你们的交易). Astandard technique is to use randomised public keys in the shared data, andkeep the knowledge of the identity that key maps to private(一个标准的技术是在共享数据中使用随机化的公钥,并保持这个身份对应的密钥映射是隐秘的). For instance, it is considered good practice to generate a freshkey for every received payment. This technique exploits the fact that verifyingthe integrity of the ledger does not require knowing exactly who took part inthe transactions, only that they followed the agreed upon rules of the system.
Platforms such asBitcoin and Ethereum have relatively ad-hoc mechanisms for linking identitiesand keys(比特币和以太坊都有点对点的方式来联系身份和密钥). Typically it is the user’s responsibility to manually label publickeys in their wallet software using knowledge gleaned from websites, shop signsand so on. Because these mechanisms are ad-hoc and tedious many users don’tbother, which can make it hard to figure out where money went later(这使得消费掉的钱难以被跟踪). It also complicates the deployment of secure signing devices and riskanalysis engines. Bitcoin has BIP 709 which specifies a way of signing a "paymentrequest" using X.509 certificates linked to the web PKI(公共密钥基础设施), giving a cryptographically secured and standardised way of knowingwho you are dealing with. Identities in this system are the same as used in theweb PKI: a domain name, email address or EV (extended validation) organisationname.
Corda takes thisconcept further. States may define fields of type Party, which encapsulates an identity and a public key(Corda中的状态可以定义Party类型,封装了一个身份和一个公钥). When a state isdeserialised from a transaction in its raw form, the identity field of the Party object is null and only thepublic (composite) key is present(当一个状态从交易的原始数据中反序列化的时候,Party属性中的身份信息是null即空的,只有Party的混合公钥存在). If a transaction isdeserialised in conjunction with X.509 certificate chains linking the transientpublic keys to long term identity keys the identity field is set(如果一个交易和一个X.509证书链一起反序列化,则Party属性中的身份信息就会被设置好). In this way a single data representation can be used for both theanonymised case, such as when validating dependencies of a transaction, and theidentified case, such as when trading directly with a counterparty(这样,数据的表示就可以是匿名的(例如校验交易的依赖)或认证的(例如和明确身份信息的对方进行交易)). Trading flows incorporate sub-flows to transmit certificates forthe keys used, which are then stored in the local database. However thetransaction resolution flow does not transmit such data, keeping the transactionsin the chain of custody pseudonymous.
Deterministic key derivation(决定性的密钥生成方法)Corda allows for but does not mandate the useof determinstic key derivation schemes such as BIP 32. The infrastructure doesnot assume any mathematical relationship between public keys because somecryptographic schemes are not compatible with such systems. Thus we take theefficiency hit of always linking transient public keys to longer term keys withX.509 certificates.
5.7 Oracles and tear-offs(先知、校验交易的信息撕裂)
It is sometimesconvenient to reveal a small part of a transaction to a counterparty in a waythat allows them to check the signatures and sign it themselves(有时候对小部分交易允许进行签名检查具有简便性). A typical use case for this is an oracle, defined as anetwork service that is trusted to sign transactions containing statementsabout the world outside the ledger only if the statements are true. (提供这种服务的节点我们称为先知,可以为交易中对外界真实世界的描述的真实性进行签名确认)
Here are someexample statements an oracle might check:(下面是几个先知可能检查的例子)
• The price of a stock at a particular moment was X.(股票在某个时间点的价格)
• An agreed upon interest rate at a particular momentwas Y.(某个时候的利率)
• If a specific organisation has declared bankruptcy.(某个组织宣布破产)
• Weather conditions in a particular place at aparticular time.(某个时间某个地点的天气)
It is worth askingwhy a smart contract cannot simply fetch this information from some internetserver itself: why do we insist on this notion of an oracle. The reason is thatall calculations on the ledger must be deterministic. Everyone must be able tocheck the validity of a transaction and arrive at exactly the same answer, atany time (including years into the future), on any kind of computer(需要先知的原因是账簿上的计算都应该是确定性的,因此我们需要数据是事实,不论是谁,在何时,在何种电脑上,对交易的校验都应该得到相同的答案). If a smart contract could do things like read the system clock orfetch arbitrary web pages then it would be possible for some computers toconclude a transaction was valid, whilst others concluded it was not (e.g. ifthe remote server had gone offline). Solving this problem means all the dataneeded to check the transaction must be in the ledger, which in turn impliesthat we must accept the point of view of some specific observer. That way therecan be no disagreement about what happened.(对于账簿上的事实需要一个没有争议的答案)
One way toimplement oracles would be to have them sign a small data structure which isthen embedded somewhere in a transaction (in a state or command)(先知的作用就是对智能合约中的数据进行签名确认). We take a different approach in which oracles sign the entiretransaction, and data the oracle doesn’t need to see is "torn off"before the transaction is sent(不过为了实现隐私的目的,先知并不能看到整个交易中的数据,可能交易中的数据只有事实数据部分是先知服务能够获取到的,这种情况就叫做“信息撕裂”). This is done by structuring the transaction as a Merkle hash treeso that the hash used for the signing operation is the root(这种方式的实现基于将交易中各部分数据结构化成一棵默克尔树,其跟节点是用来签名的哈希). By presenting a counterparty with the data elements that areneeded along with the Merkle branches linking them to the root hash, as seen inthe diagrams below, that counterparty can sign the entire transaction whilstonly being able to see some of it. Additionally, if the counterparty needs tobe convinced that some third party has already signed the transaction, that isalso straightforward. Typically an oracle will be presented with the Merklebranches for the command or state that contains the data, and the timestampfield, and nothing else(典型地,先知服务职能获取到整个交易数据的默克尔树分枝里面的其中几个叶子节点(如命令或状态中的数据、时间戳),交易数据其它部分的数据就只给出了对应的父节点的哈希,先知服务不用知道所有的叶子节点,只要对已知的叶子节点中的事实数据进行审核,确认无误后通过和其它已知的父节点哈希一起计算,最终也可以得到此交易的根节点哈希,并进行签名). The resulting signature contains flag bits indicating which partsof the structure were presented for signing to avoid a single signaturecovering more than expected.
There are a coupleof reasons to take this more indirect approach. One is to keep a singlesignature checking code path. By ensuring there is only one place in atransaction where signatures may be found, algorithmic agility and parallel/batchverification are easy to implement(保持代码检查路径上签名的唯一性,这样可以实现并行/批量验证,提高代码运行效率). When a signature may be found in any arbitrary location in atransaction’s data structures, and where verification may be controlled by thecontract code itself (as in Bitcoin), it becomes harder to maximise signaturechecking efficiency. As signature checks are often one of the slowest parts ofa block chain system, it is desirable to preserve these capabilities.
Another reason isto provide oracles with a business model. If oracles just signed statements andnothing else then it would be difficult to run an oracle in which there areonly a small number of potential statements, but determining their truth isvery expensive. People could share the signed statements and reuse them in manydifferent transactions, meaning the cost of issuing the initial signatures wouldhave to be very high, perhaps unworkably high. Because oracles sign specifictransactions, not specific statements, an oracle that is charging for its servicescan amortise the cost of determining the truth of a statement over many userswho cannot then share the signature itself (because it covers a one-time-use structureby definition).(先知对事实数据认证的费用可能会非常高,不过,人们可以在重用这个带有认证数据交易的时候可以分摊费)
5.8 Encumbrances(障碍)
Each state in atransaction specifies a contract (boolean function) that is invoked with theentire transaction as input. All contracts must accept in order for thetransaction to be considered valid. Sometimes we would like to composethe behaviours of multiple different contracts. Consider the notion of a"time lock" - a restriction on a state that prevents it beingmodified (i.e. sold) until a certain time(时间锁——令一个状态在被阻止更改,直到超过一个特定的时间点). This isa general piece of logic that could apply to many kinds of assets. Whilst suchlogic could be implemented in a library and then called from every contractthat might want to benefit from it, that requires all contract authors to thinkahead and include the functionality. It would be better if we could mandatethat the time lock logic ran along side the contract that governs the lockedstate.
Consider an assetthat is supposed to remain frozen until a time is reached(考虑一种资产是需要冻结一段时间才能进入流通环节的情况). Encumbrances allow a state to specify another state that must bepresent in any transaction that consumes it(阻碍就是让一个状态被消费之前需要前置状态的出现). For example, a time lock contract can define a state that containsthe time at which the lock expires, and a simple contract that just compares thattime against the transaction timestamp. The asset state can be included in aspend-to-self transaction that doesn’t change the ownership of the asset butdoes include a time lock state in the outputs. Now if the asset state is used,the time lock state must also be used, and that triggers the execution of thetime lock contract.
Encumbered statescan only point to one encumbrance state, but that state can itself point toanother and so on, resulting in a chain of encumbrances all of which must besatisfied.(阻碍还能成链式进行阻碍,这样可以模拟更多实际的情况)
An encumbrancestate must be present in the same transaction as the encumbered state, asstates refer to each other by index alone.
5.9 Contract constraints(合约约束)
The easiest way oftying states to the contract code that defines them is by hash(比较简单方便的情形是将状态和定义状态的合约代码通过哈希联系起来). This works for very simple and stable programs, but morecomplicated contracts may need to be upgraded. In this case it may bepreferable for states to refer to contracts by the identity of the signer. Becausecontracts are stored in zip files, and because a Java Archive (JAR) file isjust a zip with some extra files inside, it is possible to use the standard JARsigning infrastructure to identify the source of contract code(但是更复杂的合约可能需要升级,这样联系状态和合约的哈希值就会过期,更好的办法是通过合约的签名的身份来联系状态和合约,由于Corda的合约代码是JAR包,可以通过标准JAR包签名的基础设施来判断合约代码的来源的身份). Simpleconstraints such as "any contract of this name signed by these keys"allow for some upgrade flexibility, at the cost of increased exposure to roguecontract developers. Requiring combinations of signatures helps reduce the riskof a rogue or hacked developer publishing a bad contract version, at the costof increased difficulty in releasing new versions. State creators may alsospecify third parties they wish to review contract code(状态创建者还可以指定第三方参与者来审阅合约代码). Regardless of which set of tradeoffs is chosen, the framework canaccomodate them.
A contractconstraint may use a composite key of the type described in §5.2. The standardJAR signing protocol allows for multiple signatures from different privatekeys, thus being able to satisfy composite keys. The allowed signing algorithms are SHA256withRSA and SHA256withECDSA. Note that the cryptographic algorithms used forcode signing may not always be the same as those used for transaction signing,as for code signing we place initial focus on being able to re-use theinfrastructure.
5.10 Event scheduling
State classes may request flows to be started at given times. When a state is considered relevant by the vault and the implementing CorDapp is installed and whitelisted by the administrator (e.g. in the config file), the node may react tothe passage of time by starting new interactions with other nodes, people, or internal systems. As financial contracts often have a notion of time in them this feature can be useful for many kinds of state transitions, for example, expiry of an option contract, management of a default event, re-fixing of an interest rate swap and so on.
To request scheduled events, a state may implement the SchedulableState interface and then return a request from the nextScheduledActivity function. The state will be queried when it is committed to the vault and the scheduler will ensure the relevant flow is started at the right time.
6 Common financial constructs
6.1 Assets
A ledger that cannot record theownership of assets is not very useful. We define a set of classes that modelasset-like behaviour and provide some platform contracts to ensureinteroperable notions of cash and obligations.(Corda预先设定了一些跟现实资产行为相似的资产模型)
We define the notion of an OwnableState, implemented as aninterface which any state may conform to(Corda定义了OwnableState的接口,需要表示资产的状态可以实现这个接口). Ownable states are required to have an owner field which is acomposite key (see §5.2)(OwnableState的接口要求状态带有资产拥有者的属性,未一个混合密钥). This is utilised by generic code in the vault (see §8) tomanipulate ownable states.
From OwnableState we derive a FungibleAsset(可互换资产)concept torepresent assets of measurable quantity, in which units are sufficientlysimilar to be represented together in a single ledger state(对于可以拆分的资产的一种表示). Making that concrete, pound notes are a fungible asset: regardlessof whether you represent £10 as a single £10 note or two notes of £5 each thetotal value is the same. Other kinds of fungible asset could be barrels ofBrent Oil (but not all kinds of crude oil worldwide, because oil comes indifferent grades which are not interchangeable), litres of clean water,kilograms of bananas, units of a stock and so on.
When cash is represented on a digitalledger an additional complication can arise: for national "fiat"currencies the ledger merely records an entity that has a liability which maybe redeemed for some other form (physical currency, a wire transfer via someother ledger system, etc). This means that two ledger entries of £1000 may notbe entirely fungible because all the entries really represent is a claim on anissuer, which - if it is not a central bank - may go bankrupt. Even assumingdefaults never happen, the data representing where an asset may be redeemedmust be tracked through the chain of custody, so ‘exiting’ the asset from theledger and thus claiming physical ownership can be done(当资产需要从交易链中“退出”时,需要监管服务追踪资产在整个链中的情况,如果合法则实体资产可以被相应的拥有者提取).
The Corda type system supports theencoding of this complexity. The Amount<T>type defines an integer quantity of some token(代表一个整数数量的货币). This type does notsupport fractional quantities so when used to represent national currencies thequantity must be measured in pennies, with sub-penny amount requiring the useof some other type. The token can be represented by any type. A common tokentype to use is Issued<T>,which defines a token issued by some party(代表发行货币的团体).It encapsulates what the asset is, who issued it, and an opaque reference fieldthat is not parsed by the platform - it is intended to help the issuer keeptrack of e.g. an account number, the location where the asset can be found instorage, etc.(目的是让发行者可以追踪发行的货币和资产被存储的位置)
6.2 Obligations
It is common in finance to be paid with an IOU rather than hard cash (notethat in this section ‘hard cash’ means a balance with the central bank). This
is frequently done to minimise the amount of cash on hand when trading institutions have some degree of trust in each other: if you make a payment to a
counterparty that you know will soon be making a payment back to you as part
of some other deal, then there is an incentive to simply note the fact that you
owe the other institution and then ‘net out’ these obligations at a later time,
either bilaterally or multilaterally. Netting is a process by which a set of gross
obligations is replaced by an economically-equivalent set where eligible offsetting obligations have been elided. The process is conceptually similar to trade
compression, whereby a set of trades between two or more parties are replaced
with an economically similar, but simpler, set. The final output is the amount
of money that needs to actually be transferred.
598
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
