比特币：一个点对点的电子货币系统

3. 时间戳服务器

3 Timestamp Server
The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post [2-5]. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.

我们提出的方案从时间戳服务器开始。时间戳服务器计算包含多个需要被打时间戳的数据项的区块的哈希值并广泛地发布这个哈希值，就像在报纸或新闻组帖子里 [2-5]。时间戳能证明要得到这个哈希值，显然这些数据当时一定是存在的。每个时间戳的哈希值都纳入了上一个时间戳，形成一条链，后面的时间戳进一步增强前一个时间戳。

4. 工作量证明

4. Proof-of-Work
   To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back’s Hashcash [6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.
   For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block’s hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it.
   
   The proof-of-work also solves the problem of determining representation in majority decision
   making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone
   able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority
   decision is represented by the longest chain, which has the greatest proof-of-work effort invested
   in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the
   fastest and outpace any competing chains. To modify a past block, an attacker would have to
   redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the
   work of the honest nodes. We will show later that the probability of a slower attacker catching up
   diminishes exponentially as subsequent blocks are added.
   To compensate for increasing hardware speed and varying interest in running nodes over time,
   the proof-of-work difficulty is determined by a moving average targeting an average number of
   blocks per hour. If they’re generated too fast, the difficulty increases

为了实现一个基于点对点的时间戳服务器，我们需要使用一个类似 Adam Back 提出的哈希货币 [6] 的工作量证明系统，而不是报纸或新闻组帖子那样。工作量证明采取搜索一个值，使得被哈希时（如使用 SHA-256）得到的哈希值以数个 0 比特开始。平均所需工作量将随所需 0 比 特呈指数级增长而验证却只需执行一次哈希。
对于我们的时间戳网络。我们通过在区块中加入一个随机数，直到使得区块的哈希值满足所需 0 比特的数被找到的方式实现工作量证明。一旦消耗了 CPU 算力使区块满足了工作量证明，那么除非重做这个工作否则就无法更改区块。由于后面的区块是链接在这个区块后面的，改变这个区块将需要重做所有后面的区块。

工作量证明同时解决了在多数决定中确定投票方式的问题。如果多数是按 IP 地址投票来决定，那么它将可能被能分配大量 IP 地址的人破坏。工作量证明本质上是按 CPU 投票。最长的链代表了多数决定，因为有最大的计算工作量证明的算力投入到这条链上。如果多数的 CPU 算力被诚实节点控制，诚实的链就会增长得最快并超过其他的竞争链。要修改过去的某区块，攻击者必须重做这个区块以及其后的所有区块的工作量证明，从而赶上并超过诚实节点的工作。我们后面会证明随着后续的区块被添加一个更慢的攻击者赶上诚实节点的概率将呈指数级递减。
为了抵消硬件运算速度的增加及平衡不同时期运行节点的利益，工作量证明的难度将由移动平均数法来确定每小时生成区块的平均数。如果区块生成得过快，那么生成的难度就会增加。

【关注点】：

• incrementing a nonce 翻译为 增加一个随机数
• ”Adam Back 提出的哈希货币“，看来比特币的POW也是参考了前人的成果的
• “工作量证明的难度将由移动平均数法来确定” 这个如何实现，看看后面有没有说明。