9.3 绘制公钥
Plot Public Keys
那么,上一节说到的图块公钥是什么?从技术上讲,绘图公钥可以是任何 BLS 公钥。 只要区块中包含正确的签名,完整节点就会允许它。然而,BLS 允许我们将许多公钥组合成一个,这允许本地 N-of-N 签名,而无需完整节点注意到使用了多重签名。在当前版本的 奇亚区块链 中,我们利用它来提高安全性。请注意,这些方案不是共识关键,因此一些农民可能会使用不同的策略来生成他们的公钥。
绘图公钥通常以两种方式之一生成,第一种用于 OG 图块,第二种用于矿池图块。
原文参考
So, what is the plot public key shown in the previous section? The plot public key can technically be any BLS public key. As long as the correct signatures are included in the block, full nodes will allow it. However, BLS allows us to combine many public keys into one, which allows native N-of-N signatures without full nodes noticing that a multi-signature is used. In the current versions of chia-blockchain, we use this to our advantage to increase security. Please note that these schemes are not consensus critical, and therefore some farmers might use different strategies for generating their public keys.
The plot public key is usually generated in one of two ways, the first for OG Plots, and the second for pooled plots.
OG 图块#
- 图块公钥为 2/2 BLS聚合公钥,由农民公钥与本地公钥结合生成。
- 本地公钥是为每个图块创建的完全随机的密钥,并放入该图块中。它们不是任何 BLS 密钥的子项,因此在图块之间完全独立。
- 农夫密钥是农夫机器存储的密钥。
原文参考
OG Plots#
- The plot public key is a 2/2 BLS aggregate public key, which is generated by combining the farmer public key with the local public key.
- The local public key is a totally random key that is created for each plot, and put into the plot. They are not children of any BLS keys, and therefore totally independent between plots.
- The farmer key is a key that the farmer machine stores.
矿池图块#
对于为与图块 NFT 池化协议一起使用而生成的图块,使用额外的“主根”密钥,使聚合密钥为 3-of-3。这第三个密钥可以从其他 2 个密钥的公共信息中推导出来,它确保攻击者不能创建两个新密钥 k1 和 k2,使它们加起来成为原始聚合密钥。
主根私钥定义为:
taproot_sk = BLSKeyGen(sha256(bytes(local_pk + farmer_pk) + bytes(local_pk) + bytes(farmer_pk)))每个块都需要来自绘图密钥的签名。这意味着我们需要组合两个(或三个)签名: 1.来自本地的密钥(由收割机生成) 2.来自农夫密钥(由农夫生成) 3.(可选)来自主根密钥(由农民生成)
农民将所有签名组合起来生成地块签名,对于网络的其余部分,它看起来像一个正常的 1-of-1 BLS 签名。
请注意,要使块有效,需要来自本地密钥和农民密钥的签名。 如果池操作员获得对本地密钥的访问权,则他们无法导出农民密钥。
原文参考
Pooled Plots#
For plots which are generated for use with the Plot NFT pooling protocol, an additional "taproot" secret key is used, making the aggregate key a 3-of-3. This 3rd key can be derived from public information of the other 2 keys, and it ensures that an attacker cannot create two new keys k1 and k2 such that they both add up to the original aggregate key.
The taproot private key is defined as:
taproot_sk = BLSKeyGen(sha256(bytes(local_pk + farmer_pk) + bytes(local_pk) + bytes(farmer_pk)))Each block requires a signature from the plot key. This means that we need to combine two (or three) signatures:
- from the local secret key (generated by the harvester)
- from the farmer secret key (generated by the farmer)
- (optional) from the taproot key (generated by the farmer)
The farmer combines all the signatures to generate the plot signature, which will look like a normal 1-of-1 BLS signature to the rest of the network.
Note that signatures from both the local secret key and the farmer secret key are required for the block to be valid. A pool operator cannot derive the farmer secret key if they gain access to the local secret key.
图块格式#
图块格式取决于使用的是“农场到公钥”还是“耕种到合约地址”。如果耕种到合同地址,则谜语哈希(地址)会直接编码到图块中。否则,矿池公钥将直接编码到图块中。
请注意,这不是确切的图块格式,此处省略了更多细节。
重要的是收割机仅将其本地密钥存储在地块中,但收割机不需要其他密钥。仅凭这把密钥是不够的,因为它必须与农夫的密钥结合使用。因此,破坏收割机不允许攻击者重定向奖励。
原文参考
Plot format#
The plot format depends on whether "farm to public key" or "farm to contract address" is being used. If farming to a contract address, the puzzle hash (address) is directly encoded into the plot. Otherwise, the pool public key is directly encoded into the plot.
Note that this is not the exact plot format, there are a few more details that are left out here.
The important thing is that the harvester is only storing their local key in the plot, but no other keys are required from the harvester. This key alone is not enough to do anything, since it must be combined with the farmer's key. Therefore, compromising the harvester does not allow an attacker to redirect rewards.