Introduction
When Satoshi Nakamoto launched the Bitcoin blockchain in January 2009, they introduced two untested revolutionary concepts to the world. The first was Bitcoin itself—a decentralized peer-to-peer digital currency that maintains value without any asset backing, intrinsic value, or central issuer. While Bitcoin has captured significant public attention as a politically charged central bank-free currency with volatile price movements, the second part of Satoshi's grand experiment is equally important: the concept of a proof-of-work-based blockchain enabling consensus on transaction order.
Bitcoin can be described as a first-to-file system. If someone holds 50 BTC and sends it simultaneously to both A and B, only the transaction confirmed first will be valid. Without an intrinsic method to determine which transaction arrived first, this issue hindered decentralized digital currency development for years. Satoshi's blockchain provided the first reliable decentralized solution. Today, developers are rapidly shifting attention to the second part of Bitcoin's technology—how blockchains can be applied beyond currency.
Frequently mentioned applications include using on-chain digital assets to represent custom currencies and financial instruments (colored coins), ownership of physical devices (smart assets), non-fungible assets like domain names (Namecoin), and more advanced applications such as decentralized exchanges, financial derivatives, peer-to-peer gambling, and on-chain identity and reputation systems. Another important area often discussed is "smart contracts"—systems that automatically transfer digital assets based on predefined arbitrary rules.
For example, a storage contract might state: "A can withdraw up to X coins per day, B can withdraw up to Y coins per day, A and B together can withdraw arbitrarily, and A can revoke B's withdrawal rights." A logical extension of such contracts is decentralized autonomous organizations (DAOs)—long-term smart contracts that hold organizational assets and encode organizational rules.
Ethereum aims to provide a blockchain with a built-in, fully developed Turing-complete programming language. This language allows the creation of contracts to encode arbitrary state transition functions, enabling users to implement the systems mentioned above and many others not yet imagined with just a few lines of code.
Historical Context
The concept of decentralized digital currency, along with alternative applications like property registries, has been proposed decades earlier. Anonymous electronic cash protocols from the 1980s and 1990s were largely based on Chaumian blinding, offering high privacy but relying on centralized intermediaries.
In 1998, Wei Dai's b-money introduced the idea of creating currency through computational problem-solving and decentralized consensus but offered no specific implementation. By 2005, Hal Finney introduced "reusable proofs of work," combining b-money concepts with Adam Back's Hashcash puzzle to create cryptographic currency. However, this remained theoretical due to its reliance on trusted computing.
Decentralized currency requires decentralized consensus because transaction order is critical. Pre-Bitcoin electronic currencies struggled because while research on Byzantine fault-tolerant multi-party consensus existed, these protocols assumed all participants were known, making them vulnerable to sybil attacks.
Satoshi's innovation was combining a simple node-based decentralized consensus protocol with proof-of-work. Nodes earn the right to participate through proof-of-work, packaging transactions into "blocks" every ten minutes to create an ever-growing blockchain. Nodes with more computational power have greater influence, but acquiring more power than the entire network is far harder than creating millions of nodes.
Bitcoin as a State Transition System
Technically, the Bitcoin ledger can be viewed as a state transition system comprising all existing Bitcoin ownership states and a "state transition function." This function takes the current state and a transaction as input, outputting a new state.
In Bitcoin, the "state" is the set of all unspent transaction outputs (UTXOs). Each UTXO has a value and an owner (defined by a 20-byte address, essentially a cryptographic public key). A transaction includes inputs and outputs. Each input references an existing UTXO and provides a cryptographic signature from the private key corresponding to the owner's address. Each output creates a new UTXO added to the state.
The state transition function APPLY(S,TX) -> S' is defined as:
- For each input in the transaction, if the referenced UTXO isn't in the current state or the signature doesn't match, return an error.
- If the total value of input UTXOs is less than the total value of output UTXOs, return an error.
- Return the new state S' with input UTXOs removed and output UTXOs added.
This prevents spending non-existent or others' bitcoins and ensures value conservation.
Mining
In a decentralized system like Bitcoin, achieving consensus requires nodes to package transactions into blocks. The network aims to produce a block every ten minutes. Each block contains a timestamp, nonce, reference to the previous block (hash), and a list of transactions since the last block.
The algorithm to validate a block includes:
- Checking the previous block exists and is valid.
- Verifying the block's timestamp is after the previous block's and not more than two hours in the future.
- Confirming the proof-of-work is valid.
- Applying each transaction in order via the state transition function.
- Returning the new state if all transactions are valid.
The "proof-of-work" requires that the SHA256 hash of the block is less than a dynamically adjusted target value. This makes block creation computationally expensive, preventing sybil attacks. Miners are rewarded with newly created bitcoins and transaction fees.
Merkle Trees
Bitcoin blocks are stored in a multi-level data structure. The block hash is actually the hash of the block header, which includes timestamp, nonce, previous block hash, and the root hash of a Merkle tree storing all transactions.
A Merkle tree is a binary tree where leaf nodes contain underlying data, each intermediate node is the hash of its two children, and the root node represents the tree's top. This structure allows efficient and secure verification of content. Any alteration in a transaction would change the root hash, making the block invalid.
This is crucial for Bitcoin's scalability. Simplified Payment Verification (SPV) allows "light nodes" to download block headers, verify proof-of-work, and only download relevant Merkle branches for their transactions.
Alternative Blockchain Applications
Ideas for applying blockchain technology beyond currency emerged quickly after Bitcoin's success. Proposals included using blockchains for land title registration, but practical systems were lacking until Bitcoin demonstrated decentralized consensus.
Notable examples:
- Namecoin: A decentralized name registration database, allowing users to register human-readable names.
- Colored coins: Protocols to create custom currencies or tokens on the Bitcoin blockchain by "coloring" specific UTXOs.
- Metacoins: New protocols built on top of Bitcoin, using Bitcoin transactions to store meta-coin transactions but with different state transition functions.
However, building on Bitcoin has limitations. Meta-coins cannot leverage Bitcoin's SPV features because they cannot force the blockchain to exclude invalid meta-coin transactions. Thus, light implementations often rely on trusted servers.
Scripting
Bitcoin supports a limited form of "smart contracts" through its scripting language. UTXOs can be owned not just by public keys but by scripts. Spending such UTXOs requires providing data that satisfies the script.
Basic public key ownership is implemented via scripts that verify signatures. More complex scripts enable multi-signature transactions or require solving computational problems. However, Bitcoin's scripting language has limitations:
- Lack of Turing-completeness: No loops, limiting complexity.
- Value-blindness: UTXO scripts cannot finely control withdrawal amounts.
- No state: UTXOs are either spent or unspent, hindering multi-stage contracts.
- Blockchain-blindness: Scripts cannot access blockchain data like nonces or previous hashes.
Ethereum Fundamentals
Ethereum integrates and enhances concepts from scripting, altcoins, and on-chain meta-protocols. It provides a foundational layer with a Turing-complete programming language, allowing anyone to create contracts and decentralized applications with custom ownership rules, transaction methods, and state transition functions.
Ethereum Accounts
Ethereum's state consists of objects called "accounts," each with a 20-byte address. State transitions involve transferring value and information between accounts. Accounts have four components:
- Nonce: Counter ensuring each transaction is processed once.
- Ether balance.
- Contract code (if any).
- Storage (empty by default).
Ether is the internal cryptocurrency, used to pay transaction fees. There are two types of accounts: externally owned accounts (controlled by private keys) and contract accounts (controlled by code).
Messages and Transactions
Ethereum messages are similar to Bitcoin transactions but with key differences:
- Messages can be created by external entities or contracts.
- Messages can contain data.
- If the recipient is a contract account, it can respond, enabling function calls.
A "transaction" in Ethereum is a signed data package storing a message from an external account. Transactions include the recipient, sender's signature, ether balance, data, and STARTGAS and GASPRICE values. Gas limits prevent infinite loops and exponential computational爆炸.
Ethereum State Transition Function
The state transition function APPLY(S,TX) -> S' is defined as:
- Check transaction validity, signatures, and nonce.
- Calculate fees:
fee = STARTGAS * GASPRICE, deduct from sender, increment sender's nonce. - Initialize
GAS = STARTGAS, deduct based on transaction byte length. - Transfer value from sender to recipient. If recipient is a contract, run its code.
- If execution fails, revert state but deduct fees.
- Otherwise, refund remaining gas to sender, pay fees to miner.
Code Execution
Ethereum contract code is written in Ethereum Virtual Machine (EVM) code, a low-level stack-based bytecode. Execution involves a program counter moving through bytes, performing operations. Code can access stack, memory, and storage. Storage is persistent, while stack and memory reset after computation.
Blockchain and Mining
Ethereum's blockchain resembles Bitcoin's but includes block number and difficulty. Block validation checks previous block validity, timestamp, proof-of-work, and processes transactions. The state is stored in a Patricia tree, allowing efficient storage through cryptographic hashing.
Applications
Ethereum supports three application types:
- Financial applications: Sub-currencies, derivatives, hedging contracts, savings wallets, wills, employment contracts.
- Semi-financial applications: Involving money but with non-monetary aspects, like self-enforcing bounties.
- Non-financial applications: Online voting, decentralized governance.
Token Systems
Implementing token systems on Ethereum is straightforward. The core logic involves deducting value from one account and adding to another, with checks for sufficient balance and authorization. Tokens can even pay transaction fees directly by maintaining an ether balance funded through internal currency auctions.
Financial Derivatives and Stable Value Currencies
Financial derivatives are common smart contract applications. The main challenge is external price data. Oracles can provide this data, enabling contracts like hedges against ether price volatility. Decentralized prediction markets can reduce trust needs compared to centralized issuers.
Identity and Reputation Systems
Name registration systems similar to Namecoin can be built on Ethereum, allowing users to register names and data. More complex systems can include ownership transfer and query functions, with potential for reputation and trust networks.
Decentralized File Storage
Decentralized storage systems allow users to rent unused disk space, reducing costs. Contracts can incentivize storage through micropayments and proofs of custody, ensuring data availability without central trust.
Decentralized Autonomous Organizations
DAOs are virtual entities with members or shareholders making decisions by majority vote. They can manage funds through bounties, salaries, or internal currency rewards. Ethereum enables complex governance models, including delegative democracy, where members elect representatives.
Miscellaneous and Concerns
GHOST Protocol Implementation
The Greedy Heaviest Observed Subtree (GHOST) protocol addresses security issues from high stale block rates in fast-confirmation blockchains. By including uncle blocks in consensus calculations, Ethereum improves security and reduces centralization incentives. Miners receive partial rewards for uncle blocks.
Fees
Transaction fees prevent spam. Ethereum uses a gas system where users specify gas limits and prices. Miners include transactions when rewards exceed costs. Floating block limits based on exponential moving averages prevent excessive growth.
Turing-Completeness
EVM is Turing-complete, allowing arbitrary computations including loops. Gas limits prevent denial-of-service attacks by capping execution steps. This is more practical than Turing-incomplete languages, which face similar management challenges.
Currency and Issuance
Ether (ETH) is Ethereum's native currency, with denominations:
- 1: wei
- 10^12: szabo
- 10^15: finney
- 10^18: ether
Ether is issued through a sale, with allocations to early contributors and ongoing miner rewards. Linear issuance reduces wealth concentration over time.
Mining Decentralization
Ethereum's mining algorithm is designed to resist ASIC dominance, promoting GPU mining and broader participation. Mining requires storing the blockchain, discouraging centralized pools.
Scalability
Like Bitcoin, Ethereum faces scalability challenges from full node storage requirements. Techniques like state tree roots and Patricia trees help, but long-term solutions may involve lighter nodes and fraud proofs.
Conclusion
Ethereum provides a versatile platform for decentralized applications through a Turing-complete language. It enables financial contracts, token systems, DAOs, and more, fundamentally enhancing efficiency and adding an economic layer to P2P protocols. Beyond finance, countless non-monetary applications can thrive on Ethereum.
Frequently Asked Questions
What is Ethereum?
Ethereum is a decentralized platform enabling smart contracts and decentralized applications through a built-in Turing-complete programming language. It extends blockchain technology beyond currency to arbitrary state transition functions.
How do smart contracts work on Ethereum?
Smart contracts are self-executing contracts with terms directly written into code. They run on the Ethereum Virtual Machine, automatically executing when conditions are met, without intermediaries.
What is gas in Ethereum?
Gas is the unit measuring computational effort for transactions or contracts. Users pay gas fees to compensate miners for resource usage, preventing spam and infinite loops.
Can Ethereum be used for non-financial applications?
Yes. Ethereum supports identity systems, decentralized storage, voting, governance, and more, leveraging its flexible smart contract capabilities.
How does Ethereum achieve consensus?
Ethereum currently uses proof-of-work, with plans to transition to proof-of-stake. Consensus ensures agreement on transaction order and state across the network.
What are ERC tokens?
ERC standards define rules for creating tokens on Ethereum. For example, ERC-20 enables interchangeable tokens, while ERC-721 supports unique, non-fungible tokens.