A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network.The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

1. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.

一个真正的点对点的电子货币应该是允许其中一方不经过任何第三方金融机构，直接在线支付给另外一方。

electronic cash：电子货币

2. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.

数字签名提供了部分的解决方案，但是为了防止双重支付（双花），仍旧需要一个可信的第三方，可是如果采取这种方案，电子货币最大的优势就丧失了。

trust：信任，信赖；trusted：被信任的

3. We propose a solution to the double-spending problem using a peer-to-peer network.

针对双重支付问题，我们提出了一种点对点的网络的解决方案。

4. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work.

该网络通过将交易哈希进一条持续增长的基于哈希的工作量证明链，来给交易打上时间戳，从而形成一条除非重做工作量证明否则就无法改变的记录。

timestamps：时间戳 redoing the proof-of-work：重做工作量证明

5. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power.

最长的链不仅可作为见证序列事件的证据，而且是它来源于最大CPU算力池的证据。

serve：招待，供应；为…服务；对…有用；可作…用

6. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers.

只要大部分的CPU算力被被一些不打算联合去攻击网络的节点控制，，那么这些节点就能生成最长的链并且超过攻击者。

cooperate：合作，协力，配合；generate：产生，引发，生成；outpace：超过，赶超......速度

attackers：进攻者，攻击者

7. The network itself requires minimal structure.

这个点对点网络本身需要一个极简的架构

minimal：最低的，最小限度的；

8. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

在点对点网络里面，信息将最大限度地被传播，并且节点可以随意离开或加入网络，只需接受最长的工作量证明链作为他们离开时事件发生的证据。
basis：基础，部分，主要成分；at will：随意，任意；

1、Introduction-简介

1、简介

Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model.
Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party.

1. Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments.

互联网上的贸易已经变得完全依靠可信的第三方金融机构来处理电子支付。

commerce：贸易，商业，商务；exclusively：唯一地，专有的；process：加工，审核，处理rely：依靠，rely on ； have come to：已经；

2. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model.

尽管对于大部分交易这种系统运行的足够好了，但是它依旧存在基于信任模型这个与生俱来的缺点。

inherent：固有的；内在的；与生俱来的，遗传的；

3. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes.

由于金融机构无法避免调节争端，因此完全不可撤销的交易是不存在的。

reversible：可逆的；可撤消的；可反转的；mediate：调解；斡旋；居中；dispute：辩论；争吵；意见不同

4. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible services.

仲裁成本增加了交易成本，因此限制日常交易额度从而切断日常小额交易，由于支持不可撤销支付的能力的丧失，因此进行不可撤销的服务支付时，需要更大的成本。

the cost of mediation：仲裁成本；cut off：切断，中断；small casual transactions：日常小额交易；

5. With the possibility of reversal, the need for trust spreads.

由于交易存在被撤销的可能性，因此对于信任的需求将更加广泛。

reversal：逆转

6. Merchants must be wary of their customers, hassling them for more information than they would otherwise need.

商人们必须更加警惕他们的客户，向客户询问更多他们本不需要的信息。

Merchant：商人，批发商；be wary of：提防，当心；hassle：与......争辩

7. A certain percentage of fraud is accepted as unavoidable.

一定比例的欺诈被认为是无法避免的。

fraud：欺骗；骗子；诡计； unavoidable

8. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party.

虽然这些成本和支付的不确定性可以通过使用物理货币当面支付被避免，但是不存在不引入一个可信任方而能在通信通道上进行支付的机制。

in person：亲自；currency：货币，通货；mechanism：机制；原理，途径；进程；机械装置；技巧

What is needed is an electronic payment system based on cryptographic proof instead of trust,allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.

1. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.

因此我们需要的是一个基于密码验证的而不是信任的电子支付系统，该系统允许任何有交易意愿的双方可以不经过可信的第三方直接交易。

cryptographic：密码的；cryptographic proof：密码验证；

2. Transactions that are computationally impractical to reverse would protect sellers
from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.

交易在计算上的不可逆转性将保护卖家不被欺骗，常规托管机制也应该能很容易地被实现来保护买家的权益。

computationally：计算地；impractical：不切实际的，不现实的；不能实行的；escrow：暂由第三者保存的契据；暂交第三方保管的保证金（或款项）；暂由第三方保管

3. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.

为解决双重支付问题，本文提出了一种使用点对点的分布式邮箱服务来生成计算证明，这个计算证明是基于时间序列发生的交易。
distributed：分布式的；generate：生成；chronological：按发生时间顺序排列的；按时间计算的；按先后顺序的

4. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.

只要诚实节点控制的CPU算力大于任何合作的攻击节点，那么这个系统就是安全的。

collectively：集体地，共同地

2、Transactions-交易

2、交易

We define an electronic coin as a chain of digital signatures. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin. A payee can verify the signatures to verify the chain of ownership.

1. We define an electronic coin as a chain of digital signatures.

我们定义一条链上的数字签名就是一个电子货币。

2. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin.

通过对上一次交易和下一个货币拥有者的公钥的哈希值进行数字签名，并且将这些签名添加到货币的最后，每一个货币的拥有者通过这种方式将货币转移给下一个拥有者。

【分析】

本段的重点：Each owner transfers the coin to the next

by + doing是做整个句子的状语从句，那么我们来分析状语从句的结构。

状语从句中： digitally signing ......and adding......是并列关系，by digitally signing......,by adding.......

by digitally signing a hash of the previous transaction and the public key of the next owner and adding these to the end of the coin.

3. A payee can verify the signatures to verify the chain of ownership.

每一个收款方都可以通过验证数字签名来验证该链的拥有者。

payee：领款人，收款人

The problem of course is the payee can't verify that one of the owners did not double-spend
the coin. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank.

1. The problem of course is the payee can't verify that one of the owners did not double-spend the coin.

这个过程中唯一的问题是收款人无法确认任何一个收款者有没有对电子货币进行双重支付。

course：科目；课程；过程；进程；道路；路线，航向；一道菜

2. A common solution is to introduce a trusted central authority, or mint, that checks every transaction for double spending.

通常的解决办法是通过引入一个可信的中央权威机构或者造币厂来验证每笔交易是否进行了双重支付。

authority ：n. 权威；权力；当局； mint：薄荷；[金融] 造币厂，巨款

3. After each transaction, the coin must be returned to the mint to issue a new coin, and only coins issued directly from the mint are trusted not to be double-spent.

在每笔交易之后，这枚货币必须被返回造币厂用来发行一个新的货币，并且只有从造币厂直接发行的货币才能保证没有被双重支付。

4. The problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank.

这种解决方案的问题在于，整个货币体系的命运依赖于运营造币厂的公司，因为每笔交易都需要经过他们，就像银行一样。

the fate of .......：......的命运；entire：整个，全部的；

We need a way for the payee to know that the previous owners did not sign any earlier
transactions. For our purposes, the earliest transaction is the one that counts, so we don't care about later attempts to double-spend. The only way to confirm the absence of a transaction is to be aware of all transactions. In the mint based model, the mint was aware of all transactions and decided which arrived first. To accomplish this without a trusted party, transactions must be publicly announced [1], and we need a system for participants to agree on a single history of the order in which they were received. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.

1. We need a way for the payee to know that the previous owners did not sign any earlier
transactions.

我们需要一种能让领款人知道前一个拥有者没有对更早期的交易签名的方法。

2. For our purposes, the earliest transaction is the one that counts, so we don't care
about later attempts to double-spend.

对我们来说，最早的交易是唯一的，因此我们不关心本次交易之后的双重支付尝试。

3. The only way to confirm the absence of a transaction is to be aware of all transactions.

唯一能确认一笔交易不存在的方法是知晓之前所有的交易。

4. In the mint based model, the mint was aware of all transactions and decided which arrived first.

在基于造币厂的模型里面，造币厂是清楚所有交易的，并且能决定哪一笔交易首先到达。

5. To accomplish this without a trusted party, transactions must be publicly announced , and we need a system for participants to agree on a single history of the order in which they were received.

为了在没有可信方的前提下实现这种模型，所有的交易必须公开发布，并且我们需要一个能让所有参与者对交易收到顺序的单一历史达成共识的系统。

participant：参与者

6. The payee needs proof that at the time of each transaction, the majority of nodes agreed it was the first received.

收款人在每笔交易时，都需要多数节点认同此交易是最先收到的证据。

3、Timestamp Server-时间戳服务器

3、时间戳服务器

The solution we propose begins with a timestamp server. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post . The timestamp proves that the data must have existed at the
time, obviously, in order to get into the hash. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.

1. The solution we propose begins with a timestamp server.

我们提出的解决方案从一个时间戳服务器开始。

2. A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post .

一个时间戳服务器的工作方式是，先通过求一组需要被打上时间戳的记录的哈希值，然后广泛地发布这些哈希值，就像在报纸或者新闻组里面一样。

Usenet：世界新闻组网络

3. The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash.

显然，时间戳为了求出这些数据的哈希值，时间戳就能证明这些数据在当时一定是存在的。

4. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.

在每一个时间戳的哈希里面，包含了前一个时间戳，进而形成了一条链，随着每一个额外的时间戳的增加都加强了它之前的时间戳。

reinforcing：加强；additional：额外地，附加地

4、Proof-of-Work-工作量证明

4、工作量证明

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash , rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

1. To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash , rather than newspaper or Usenet posts.

为了实现一个基于点对点网络的分布式时间戳服务，我们需要一个类似Adam Back提出的哈希货币的工作量证明系统，而不是像报纸或新闻小组那样。

implement：实施，执行，实现；Adam Back：人名；Hashcash：哈希货币；

2. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits.

工作量证明包含求一个数字，这个数字使得在求哈希时，例如用SHA-256算法，得到的哈希值是以一系列的0开始的。

3. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

随着所需0比特的个数的增加，平均所需的工作量是呈指数增加的，然后验证工作量只需执行一次哈希。

exponential：指数的；execute：实行，执行，处死

For our timestamp network, we implement the proof-of-work by incrementing a nonce in the
block until a value is found that gives the block's hash the required zero bits. Once the CPU
effort has been expended to make it satisfy the proof-of-work, the block cannot be changed
without redoing the work. As later blocks are chained after it, the work to change the block
would include redoing all the blocks after it

1. For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits.

对于我们的时间戳网络，实现工作量证明的方式是，通过在区块中增加一个随机数，直到使区块的哈希值满足所需的0比特的数被找到。

【分析】该句的主语是we implement the proof-of-work，实现工作量证明。

by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits.

by引导状语从句。通过什么样的方式来实现工作量证明。

implement：实施，执行；实现，使生效；

2. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work.

一旦消耗了CPU算力实现了工作量证明，那么除非重做工作否则无法改变区块。

3. As later blocks are chained after it, the work to change the block would include redoing all the blocks after it .

由于后面的区块是链在这个区块后面的，要改变当前区块的也必须重做它之后的所有区块。

The proof-of-work also solves the problem of determining representation in majority decision
making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.

1. The proof-of-work also solves the problem of determining representation in majority decision making.

工作量证明也解决了在大多数需要决策的时候决定代表的方式。

2. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs.

如果大多数是基于一个IP地址代表一票的方式，那么有人能分配大量的IP地址，这种方式就有可能被推翻。

subvert：颠覆，推翻； allocate：分配；

3. Proof-of-work is essentially one-CPU-one-vote.

工作量证明本质上是一个CPU一票制。

essentially ：本质上

4. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it.

最长的链代表了多数的决定，因为有最大的计算工作量证明的精力投入到这条链上。

invest：投资；覆盖；耗费；授予；包围；

5. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.

如果大部分CPU算力被诚实的节点控制，那么诚实的链就是增长的最快，并且超过其他竞争的链。

outpace：超过；

6. To modify a past block, an attacker would have to redo the proof-of-work of the block and all blocks after it and then catch up with and surpass the work of the honest nodes.

为了更改某个过去的区块，攻击者不得不重做这个区块的工作量证明以及其后所有的区块，从而赶上并超过诚实节点。

modify：修改，修饰，更改；catch up with：追上，赶上，追捕，处罚；surpass：超过，胜过，优于。

7. We will show later that the probability of a slower attacker catching up diminishes exponentially as subsequent blocks are added.

稍后我们将证明，随着后续区块的增加，一个缓慢的攻击者赶上诚实节点的概率将呈指数级下降。

probability：可能性，机率；diminishes ：减少，缩小；exponentially：以指数方式的；subsequent：随后的。

【分析】：该句的核心是：We will show later that the probability diminishes exponentially

To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour. If they're generated too fast, the difficulty increases.

1. To compensate for increasing hardware speed and varying interest in running nodes over time, the proof-of-work difficulty is determined by a moving average targeting an average number of blocks per hour.

为了抵消硬件运算速度的增加及平衡不同时期运行节点的利益，工作量证明的难度将由移动平均数法来确定每小时生成区块的平均数。

compensate：补偿，赔偿，抵消；

2. If they're generated too fast, the difficulty increases.

如果区块生成的速度过快，那么难度将增加。

5、Network-网络

5、网络

The steps to run the network are as follows:
1) New transactions are broadcast to all nodes.
2) Each node collects new transactions into a block.
3) Each node works on finding a difficult proof-of-work for its block.
4) When a node finds a proof-of-work, it broadcasts the block to all nodes.
5) Nodes accept the block only if all transactions in it are valid and not already spent.
6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proofof-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.

New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many nodes, they will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.

The steps to run the network are as follows:

网络运行的步骤如下：

1) New transactions are broadcast to all nodes.

新的交易被广播给所有的节点。

2) Each node collects new transactions into a block.

每个节点将新的交易收集到一个区块。

3) Each node works on finding a difficult proof-of-work for its block.

每个节点为这个区块寻找工作量证明。

4) When a node finds a proof-of-work, it broadcasts the block to all nodes.

当其中一个节点找到了工作量证明，那么它向所有节点广播这个区块。

5) Nodes accept the block only if all transactions in it are valid and not already spent.

只有当这个区块的交易是有效的，并且没有被支付的时候，其他的节点才会接受这个区块。

valid：有效的，有根据的，合法的，正当的；

6) Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

其他节点接受这个节点的方式是，这个区块的哈希值作为上一个哈希值在链中创建下一个区块。

1. Nodes always consider the longest chain to be the correct one and will keep working on extending it.

节点总是认为最长的链是正确的，并将持续延长它。

2. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first.

如果两个节点同时广播了下一个区块的不同版本，那么一些节点可能接收了其中一个，而其他节点接收到另外一个。

simultaneously：同时地；

3. In that case, they work on the first one they received, but save the other branch in case it becomes longer.

在这种情况下，节点基于他们接收到的第一个区块工作，但是同时保存另外一个分支以防它变成更长的链。

4. The tie will be broken when the next proof-of-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.

当下一个工作量证明被发现并且一个分支变得更长，这种关系就会被打破；在另一个分支上工作的节点将切换到更长的链上来。

tie：领带，鞋带，领结；绳子，金属丝；关系，纽带；束缚；系梁；平局；不分胜负；（英）淘汰赛（尤指足球）；延音线

New transaction broadcasts do not necessarily need to reach all nodes. As long as they reach many nodes, they will get into a block before long. Block broadcasts are also tolerant of dropped messages. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.

1. New transaction broadcasts do not necessarily need to reach all nodes.

新的交易广播时不是必须要广播给所有的节点。

2. As long as they reach many nodes, they will get into a block before long.

只要到达一些节点，不久这些新的交易就会进入一个区块。

before long：不久

3. Block broadcasts are also tolerant of dropped messages.

区块广播时容忍消息丢失的。

tolerant：宽容的，容忍的，有耐药力的； dropped：丢失；

4. If a node does not receive a block, it will request it when it receives the next block and realizes it missed one.

如果一个节点没有接收到某个区块，那么在他接收下一个区块的时候，将会发现他丢失了一个区块，并且同时再次去请求这个区块。

6、Incentive-激励

Incentive ：动机，刺激

6、激励

By convention, the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there is no central authority to issue them. The steady addition of a constant of amount of new coins is analogous to gold miners expending resources to add gold to circulation. In our case, it is CPU time and electricity that is expended.

1. By convention, the first transaction in a block is a special transaction that starts a new coin owned by the creator of the block.

按照惯例，区块中的第一笔交易是区块创建者（创世区块）开启一枚属于他的新货币的特殊交易。

by convention：按照惯例；

2. This adds an incentive for nodes to support the network, and provides a way to initially distribute coins into circulation, since there is no central authority to issue them.

这就为支持网络的节点提供了一种激励的方式，并且提供了一种分发货币流通的方式，因为这里没有中央机构来发行货币。

initially：最初，首先，开头；circulation：流通，传播，循环；distribute：分配，散步；

3. The steady addition of a constant of amount of new coins is analogous to gold miners expending resources to add gold to circulation.

新货币按固定量稳定地增加就像金矿矿工消耗资源并增加黄金到流通领域一样。
steady：稳定的，不变的，沉着的；constant：adj-不变的，恒定的，n-常数；analogous：类似的；

4. In our case, it is CPU time and electricity that is expended.

对我们而言，新货币的缠身消耗的是CPU和电力。

The incentive can also be funded with transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.

1. The incentive can also be funded with transaction fees.

激励也可以由交易费充当。

2. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction.

如果一笔交易输出的价值比它输入的价值少，那么不同之处就是一笔交易费被作为包括这笔交易的区块的激励。

3. Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.

一旦一笔预先确定的货币进入了流通域，激励将完成变为只含有交易费。

predetermined：预先确定的；transition：n-过渡，转变；

The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

1. The incentive may help encourage nodes to stay honest.

激励将估计节点保持诚实。

2. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins.

如果一个贪婪的攻击者可以聚集更多的CPU算力，比全部诚实节点加起来都多，那么这个贪婪的攻击者将面临的选择是，使用这些CPU算力通过骗回已付款的方式去欺骗人们还是使用它生成新的货币。

greedy：贪婪的；assemble：集合，聚集，装配，收集； defraud：欺骗

3. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

他应该通过规则，找到一个更有利可图的方式去继续游戏。他会发现，与破坏系统和他财产的有效性比起来，遵守规则会获得比其他人都多的新货币。

ought：应当，应该； profitable：有利可图的，赚钱的，有益的；

7、Reclaiming Disk Space -回收磁盘空间

reclaim：开拓；回收再利用；改造某人，使某人悔改

7、回收磁盘空间

Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree, with only the root included in the block's hash. Old blocks can then be compacted by stubbing off branches of the tree. The interior hashes do not need to be stored.

1. Once the latest transaction in a coin is buried under enough blocks, the spent transactions before it can be discarded to save disk space.

一旦某个货币的最新交易被最够多的区块覆盖，那么为了节省磁盘空间，之前的支付交易就可以被丢弃。

bury：埋葬，隐藏；

2. To facilitate this without breaking the block's hash, transactions are hashed in a Merkle Tree, with only the root included in the block's hash.

为了便于丢弃之前的交易操作的进行而又不破坏区块的哈希，交易将被哈希进默克尔树，只有根节点被纳入到区块的哈希值。

facilitate：促进，帮助；

3. Old blocks can then be compacted by stubbing off branches of the tree.

老区块可以减除分支的方式进行压缩。

4. The interior hashes do not need to be stored.

树枝内部的哈希不需要被保存。

interior：内部，里面

A block header with no transactions would be about 80 bytes. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory.

1. A block header with no transactions would be about 80 bytes.

每个不包含交易的去块头大约是80个字节。

2. If we suppose blocks are generated every 10 minutes, 80 bytes * 6 * 24 * 365 = 4.2MB per year.

如果我们假设每 10 分钟生成一个区块，每年生成 80 bytes * 6 * 24 * 365 = 4.2 MB

3. With computer systems typically selling with 2GB of RAM as of 2008, and Moore's Law predicting current growth of 1.2GB per year, storage should not be a problem even if the block headers must be kept in memory.

2008 年在售的典型计算机有 2 GB 内存，并且摩尔定律预测目前每年内存增加 1.2 GB，所以就算区块头一定要存在内存里，存储也不是问题。

8、Simplified Payment Verification-简化的支付验证

Simplified：简化的；Verification ：验证

8、简化的支付验证

It is possible to verify payments without running a full network node. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he's convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it's timestamped in. He can't check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.

1. It is possible to verify payments without running a full network node.

不运行一个完整的网络节点也是可以进行支付验证的。

2. A user only needs to keep a copy of the block headers of the longest proof-of-work chain, which he can get by querying network nodes until he's convinced he has the longest chain, and obtain the Merkle branch linking the transaction to the block it's timestamped in.

一个用户只需要拥有最长链的工作量证明的区块头的副本，他可以通过向网络中的其他节点询问直到他人为他拥有了最长的链，并获取链接交易到给交易打时间戳区块的默克尔分支。
query：询问

3. He can't check the transaction for himself, but by linking it to a place in the chain, he can see that a network node has accepted it, and blocks added after it further confirm the network has accepted it.

虽然它自己不能验证这个交易，但是但如果交易已经链接到到链中的某个位置，就说明一个网络节点已经接受了此交易，而其后追加的区块进一步确认网络已经接受了它。

As such, the verification is reliable as long as honest nodes control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network. One strategy to protect against this would be to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to
confirm the inconsistency. Businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification.

1. As such, the verification is reliable as long as honest nodes control the network, but is more vulnerable if the network is overpowered by an attacker.

因此，只要诚实节点控制了网络，这种验证方式就是可靠的，但是如果网络被攻击者控制，这种验证方式就比较脆弱。

vulnerable：易受攻击的，易受伤害的；

2. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network.

虽然网络节点可以自己验证交易，但是只要攻击者继续控制网络，这种简化验证方式就可能被攻击者的伪造交易欺骗。

3. One strategy to protect against this would be to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to
confirm the inconsistency.

一种对策是接受其他网络节点发现一个无效区块时发出的警告，提醒用户软件下载整个区块和被警告的交易来检查一致性。

4. Businesses that receive frequent payments will probably still want to run their own nodes for more independent security and quicker verification.

为了更加独立的安全性以及更快的支付确认，收款频繁的公司可能仍需运行他们自己的节点。

9、Combining and Splitting Value-合并和分割交易额

9、合并和分割交易额

Although it would be possible to handle coins individually, it would be unwieldy to make a separate transaction for every cent in a transfer. To allow value to be split and combined, transactions contain multiple inputs and outputs. Normally there will be either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and at most two outputs: one for the payment, and one returning the change, if any, back to the sender.

1. Although it would be possible to handle coins individually, it would be unwieldy to make a separate transaction for every cent in a transfer.

尽管单独处理每个货币是可行的，但将一次转账按每一分拆成多次交易是很难处理的。

individually：单独地； unwieldy：笨拙的，笨重的，不灵便的，难处理的；

2. To allow value to be split and combined, transactions contain multiple inputs and outputs.

为了允许交易额被分割和合并，交易必须包含多个输入和输出。

3. Normally there will be either a single input from a larger previous transaction or multiple inputs combining smaller amounts, and at most two outputs: one for the payment, and one returning the change, if any, back to the sender.

通常要么是一个来自之前交大的交易的单独的输入要么是许多小的输入的组合：：一个作为支付，另一个作为找零，如果有的话，退还给支付发送方。

normally ：正常地，通常地，一般地；either...or...：要么……要么；

It should be noted that fan-out, where a transaction depends on several transactions, and those transactions depend on many more, is not a problem here. There is never the need to extract a complete standalone copy of a transaction's history.

1. It should be noted that fan-out, where a transaction depends on several transactions, and those transactions depend on many more, is not a problem here.

注意这里的扇出，即一笔交易依赖数笔交易，这数笔交易又依赖更多的交易，在这里是不存在问题的。

2. There is never the need to extract a complete standalone copy of a transaction's history.

永远不会需要获取一笔交易历史的完整独立副本

10、Privacy -隐私

10、隐私

The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the "tape", is made public, but without telling who the parties were.

1. The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party.

传统的银行模型通过限制参与方和可信任第三方对信息的访问来达到一定级别的隐私。

2. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous.

交易必须要公开发布就不能使用这个方法，但隐私仍可在其他地方通过阻断信息流的方式来保护：那就是保持公钥匿名。
preclude：排除，妨碍，阻止；

3. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone.

公众能看到有人正在发送一定量货币给其他人，但是不能将交易关联到某个人。

4. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the "tape", is made public, but without telling who the parties were.

这和证券交易所发布的信息级别类似，每笔交易的时间和交易量，即行情是公开的，但是不会显示交易双方是谁。
?

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

1. As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner.

作为额外的防火墙，对每笔交易使用新密钥对可以防止他们被关联到一个共同的拥有者。

firewall：防火墙；

2. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner.

由于多输入值交易存在，有些关联仍不可避免，因为多输入值交易必然暴露其多个输入是属于同一个拥有者的。

3. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

风险就在于如果一个密钥的拥有者被暴露，关联性将暴露其他属于同一个拥有者的交易。
reveal：显示；透露；揭露；泄露

11、Calculations -计算

11、计算

We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.

1. We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain.

我们考虑一个攻击者试图生成一条比诚实链更快的替代链的情况。
scenario：方案，情节，剧本，设想；alternate：交替的，轮流的，间隔的；

2. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker.

即使这种情况能实现，也不会使系统变得任意可修改，例如凭空创造货币或拿走不属于他的钱。

arbitrary：任意的，无端的，专治的；thin air：凭空，子虚乌有，稀薄的空气；

3. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them.

节点不会接受一个无效的交易作为支付，并且诚实节点永远不会接受一个包含无效交易的区块。

4. An attacker can only try to change one of his own transactions to take back money he recently spent.

攻击者只可能改变他自己的某笔交易来拿回他不久前已经支出的钱。

The race between the honest chain and an attacker chain can be characterized as a Binomial Random Walk. The success event is the honest chain being extended by one block, increasing its lead by +1, and the failure event is the attacker's chain being extended by one block, reducing the gap by -1.

1. The race between the honest chain and an attacker chain can be characterized as a Binomial Random Walk.

诚实链与攻击者链之间的竞争可描述为二项随机漫步。

【随机漫步】：

1900年，法国数学家路易斯·巴舍利耶(Louis Bachelier)首次提出了金融资产价格服从对数正态分布的假设，并假设股票价格服从布朗运动（物理学中分子微粒所做的一种无休止的无序运动），这成为随机漫步理论和有效市场假说（Efficient Markets Hypothesis）共同的源头。

1965年，芝加哥大学经济学教授尤金·法玛（Eugene Fama）正式提出有效市场假说：“假说的前提是股票价格总是正确的，因此，市场走势是随机的，没有人能预测市场未来的方向。价格正确的前提是，制定价格的人，一定是理性的，并且掌握充分的信息。”

随机漫步理论(Random Walk)也称随机游走，是指股票价格的变动是随机且不可预测的。通常这种随机性被认为暗示着股票市场是非理性的，然而恰恰相反，股价的随机变化表明了市场是正常运作或者说是有效的。

因此，二项随机漫步，也就是指随机漫步是两个方向，要么是诚实链条领先，要么是攻击链条领先，形成的一种概率模型。

1. The success event is the honest chain being extended by one block, increasing its lead by +1, and the failure event is the attacker's chain being extended by one block, reducing the gap by -1.

成功事件是诚实节点被延长一个区块，两条链的差距加 1，失败事件是攻击者的链延长一个区块，两条链的差距减1。

The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem.

一个攻击者从赤字的状态赶上诚实者的概率就类似赌徒破产理论。

deficit：赤字，不足额； analogous：类似的；

【赌徒破产理论】：对于一个赌徒，当他赢了时，他把赌注押在固定的资金上，但当他输了时，他不会减少赌注，即使他有一个积极的结果，最终也不会避免地会破产。

Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach breakeven.

设想一个拥有无限信用的赌徒从一定亏损开始，进行可能无限次的赌博试图达到盈亏平衡。
breakeven：保本，不赚不赔； unlimited：无限的；

We can calculate the probability he ever reaches breakeven, or that an attacker ever catches up with the honest chain, as follows :

我们可以计算他达到盈亏平衡，即一个攻击者赶上诚实链的概率，如下：

p = probability an honest node finds the next block

p = 一个诚实节点找到下一个区块的概率；

q = probability the attacker finds the next block

q = 一个攻击者找到下一个区块的概率；

qz = probability the attacker will ever catch up from z blocks behind

qz =攻击者从落后 z 个区块赶上诚实链的概率

Given our assumption that p > q, the probability drops exponentially as the number of blocks the attacker has to catch up with increases.

我们假设 p > q，概率将随着攻击者需要赶上的区块数增加而呈指数下降。

With the odds against him, if he doesn't make a lucky lunge forward early on, his chances become vanishingly small as he falls further behind.

由于形势对他不利，如果他没有在早期幸运地快速赶上，他落得越远赶上的机会就越渺茫。
vanishingly：难以察觉地；消遁似地；趋于零地

We now consider how long the recipient of a new transaction needs to wait before being sufficiently certain the sender can't change the transaction.

我们现在考虑一个新交易的收款人要等多久才能确保付款人不能再改变这个交易。

recipient：n. 容器，接受者；容纳者 adj. 容易接受的；容纳的

We assume the sender is an attacker who wants to make the recipient believe he paid him for a while, then switch it to pay back to himself after some time has passed.

我们假设付款人是想让收款人相信他暂时已经付款，然后在一段时间后改变成支付回他自己。

The receiver will be alerted when that happens, but the sender hopes it will be too late.

这时收款人会收到警告，但付款人希望警告已为时已晚。

The receiver generates a new key pair and gives the public key to the sender shortly before signing.

收款人生成一个新密钥对并将公钥给付款人，这样付款人就无法提前对交易签名。

This prevents the sender from preparing a chain of blocks ahead of time by working on it continuously until he is lucky enough to get far enough ahead, then executing the transaction at that moment.

这能防止付款人通过持续工作直到他足够幸运获得大幅领先的方式预先准备一条区块链，然后执行交易。

Once the transaction is sent, the dishonest sender starts working in secret on a parallel chain containing an alternate version of his transaction.

一旦交易被发出，不诚实的付款人就开始秘密地在一条包含了他的替换版交易的平行链上工作。

The recipient waits until the transaction has been added to a block and z blocks have been linked after it.

收款人等到交易被加到区块中且其后追加了 z 个区块。

He doesn't know the exact amount of progress the attacker has made, but assuming the honest blocks took the average expected time per block, the attacker's potential progress will be a Poisson distribution with expected value:

他不知道攻击者确切的进度，但是假设诚实的区块按期望的平均时间生成，攻击者可能的进度将是一个泊松分布，其期望值为：
?

【泊松分布】：泊松分布适合于描述单位时间（或空间）内随机事件发生的次数。如某一服务设施在一定时间内到达的人数，电话交换机接到呼叫的次数，汽车站台的候客人数，机器出现的故障数，自然灾害发生的次数，一块产品上的缺陷数，显微镜下单位分区内的细菌分布数等等。

To get the probability the attacker could still catch up now, we multiply the Poisson density for each amount of progress he could have made by the probability he could catch up from that point:

为计算攻击者现在仍然能赶上的概率，我们给每个他可能达到的进度的泊松密度乘以他在那个进度能赶上诚实链的概率：
?

Rearranging to avoid summing the infinite tail of the distribution...

变换以避免对分布的无限尾部求和...
?

Converting to C code...

C语言代码

#include <math.h>
double AttackerSuccessProbability(double q, int z)
{
double p = 1.0 - q;
double lambda = z * (q / p);
double sum = 1.0;
int i, k;
for (k = 0; k <= z; k++)
{
double poisson = exp(-lambda);
for (i = 1; i <= k; i++)
poisson *= lambda / i;
sum -= poisson * (1 - pow(q / p, z - k));
}
return sum;
}

Running some results, we can see the probability drop off exponentially with z.
运行得到一些结果结果，我们可以看到概率随 z 呈指数下降。

q=0.1
z=0 P=1.0000000
z=1 P=0.2045873
z=2 P=0.0509779
z=3 P=0.0131722
z=4 P=0.0034552
z=5 P=0.0009137
z=6 P=0.0002428
z=7 P=0.0000647
z=8 P=0.0000173
z=9 P=0.0000046
z=10 P=0.0000012

q=0.3
z=0 P=1.0000000
z=5 P=0.1773523
z=10 P=0.0416605
z=15 P=0.0101008
z=20 P=0.0024804
z=25 P=0.0006132
z=30 P=0.0001522
z=35 P=0.0000379
z=40 P=0.0000095
z=45 P=0.0000024
z=50 P=0.0000006

Solving for P less than 0.1%...

P 小于 0.1% 的解...

P < 0.001
q=0.10 z=5
q=0.15 z=8
q=0.20 z=11
q=0.25 z=15
q=0.30 z=24
q=0.35 z=41
q=0.40 z=89
q=0.45 z=340

12、Conclusion -结论

12、结论

We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism.

1. We have proposed a system for electronic transactions without relying on trust.

我们提出了一种不依赖信任的电子交易系统。

2. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending.

我们从通用的数字签名货币体系开始，这体系提供了强有力的所有权控制，但由于缺乏防止双重支付的方法而显得不完善。

3. To solve this, we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power.

为解决这个问题，我们提出一种使用工作量证明来记录公共交易历史的点对点网络，只要诚实节点控制了多数的 CPU 算力，对于对攻击者，交易历史将很快变得在计算上不可更改。

4. The network is robust in its unstructured simplicity.

这种网络因其结构简洁性而健壮。

5. Nodes work all at once with little coordination.

节点只需很少的协调就能同时工作。

6. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis.

它们不需要被认证，因为信息不会被发送到某个特殊的位置，而是尽最大的努力被广泛传播。

7. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone.

节点可以随时离开和重新加入网络，只需接受最长的工作量证明链作为它们离开时发生事件的证据。

8. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them.

节点使用 CPU 算力来投票，通过致力于延长有效区块来表达对其接受，通过拒绝在无效区块上工作来表达对其抵制。

9. Any needed rules and incentives can be enforced with this consensus mechanism.

任何需要的规则和激励都可通过这个共识机制来加强。
mechanism：机制；原理，途径；进程；机械装置；技巧
?