# Chia Mining: In-depth and simple talk about P disk

The process of P disk involves a lot of knowledge of cryptography and computer science. I hope that my articles are easy to understand, so I will focus more on explaining What (what is this thing) and Why (why do you want to do this) . As for How (how to achieve), I will try to mention it as little as possible, because this part often involves a large section of code and is not very helpful to non-professionals. I believe you can understand all or most of the knowledge as long as you read it carefully. Basic knowledge of asymmetric encryption When it comes to asymmetric encryption, we must first talk about symmetric encryption. Let's compare the two first:

▼In symmetric encryption, encryption and decryption use the same key (small yellow key). Common algorithms are AES, DES.

▼Different keys are used for encryption and decryption in asymmetric encryption. Data encrypted by the yellow key needs the blue key to decrypt.

Because the keys used for encryption and decryption are different and are asymmetric, it is named asymmetric encryption. There are two keys for asymmetric encryption, a public key and a private key. The data encrypted by the public key can only be decrypted with the private key. The data encrypted by the private key can only be decrypted with the public key. The public key can be disclosed and the private key must Keep it secret. The asymmetric encryption algorithm used by most blockchain projects is elliptic curve encryption (ECC).

Under this algorithm, a unique corresponding public key can be generated through the private key, but the public key cannot deduct the corresponding private key. The emergence of asymmetric encryption makes key management and distribution very simple. For example, I hope everyone can send messages to me, but I don’t want the information to be known by others in the process of transmission. If symmetric encryption is used, since both parties in communication share a key, the process of distributing the key must be kept secret. Otherwise, no matter whether I or the other party leaked the key, the communication between us will be completely secret.

At the same time, the key used for communication between each friend and me must be different. If I and all my friends use the same key, friend A's information may be decrypted by friend B, causing a leak. People like me with many friends have to prepare hundreds of keys, one for each person, which is very troublesome. If you use asymmetric encryption, I just need to disclose the public key to everyone. Anyway, the data they encrypt with the public key must be decrypted with my private key. I just keep the private key secret. The public key does not need to be kept secret. This is why it is called a public key, that is, a public key. Hash algorithm Hash algorithm is a very special kind of algorithm, this kind of algorithm can accept any length of input, whether it is a novel, a movie, or a short sentence, it will come to no end. However, no matter how long your input is, the length of its output is exactly the same.

The SHA256 used by Bitcoin is a hash algorithm. The MD5 value that people often use to check whether the downloaded file is damaged is actually the output of a hash algorithm called MD5. In reality, the hash algorithm we use needs to have many other characteristics: Irreversibility: The output of the hash algorithm cannot be reversed back to the original text. For example, "How are you?" This sentence uses SHA256 to calculate the hash value d0e2a7709b7a8f5969d74c3e917ca0f65e480e1f6d4f1d80abc25cb3f98acfc8. Obviously you can't deduce what my original text is from this pile of gibberish. Confusion: I make minor changes to the input, and the output must change significantly. Still the same example, I changed "How are you?" to "How are you!", just changed a punctuation, the SHA256 hash value becomes bc924ff26008c0930416a8ae1a2eaa6c95392a8c7defc26e42bfd5cba552c964, almost completely changed. Collision resistance The so-called collision is two different inputs with the same hash value. This is inevitable, after all, it turns an input of infinite length into an output of finite length. Anti-collision requirements It is very difficult to find two inputs with the same hash value, and it is almost impossible. Because of these excellent characteristics of the hash algorithm, we can use the hash value as a feature of the original text, also called the information digest. If the information summaries of the two data are the same, we consider the two data to be consistent. Because the hash algorithm is collision resistant, the probability that the hash value of two different data is the same can be ignored. And because of the confusion of the hash value, even if the two data are slightly different, the hash value should be very different. Now that the hash values of the two data are the same, the only reasonable explanation is that only the two data are the same. With asymmetric encryption and hashing algorithms for digital signatures, we can use them to do things together. For example, I have an electronic contract today and I want to prove that I approve it. What should I do? So, I calculated an information digest for this electronic contract using a hash algorithm, then encrypted the information digest with my private key, and sent the encrypted result together with the electronic contract by email. The encrypted result is called digital signature. My public key is public, and everyone knows it is my public key. Everyone wants to prove that I approve this electronic contract. Just use my public key to unlock the digital signature and get the summary of the information inside. Then calculate the information summary of the contract and compare it with the information summary decrypted from the digital signature. If they are consistent, it will show that I agree with the contract. Only I have my private key, and only I can use the private key to encrypt the message digest, that is, only I can perform digital signatures. And the hash value can uniquely represent this electronic contract. If someone tampered with the contract, it would be inconsistent with the information summary when I digitally signed it, and it would be easy to find out. In the field of blockchain, basically where identity authentication is required, there is a shadow of digital signature. Chia's private key is derived. Each wallet address is converted from a public key. If there is a public key, there will be a corresponding private key. For various reasons, we may have a lot of wallet addresses and therefore a lot of private keys. This poses a challenge to the management of private keys. It is very difficult for you to keep so many private keys without losing or leaking them. But don't worry, there is demand and supply. The great gods of the community quickly came up with a brilliant idea: We can design an algorithm to derive several other private keys from one private key. This private key used to derive other private keys, we call it the Master private key (Master private key). A private key derived from a private key can continue to derive more private keys to form a parent-child relationship. ▼A simple derivation example, each child private key can also derive its own child private key, and finally form a private key tree.

In this way, we only need to manage the master private key. Using the derivation algorithm, we can restore the private key tree derived from it at any time. At the same time, you will also find that as long as we have the parent private key, we can indirectly master all the child private keys derived from it, and regenerate the child private keys using the derivation algorithm. There is no need to put the child private keys back. Save the private key. Take the above picture as an example: if you have the master private key, you can have all the private keys. If you only master the child private key 1, you can only master it and the grandchild private keys 1, 2, and 3 below it. Chia's official wallet software manages private keys in this way.

▼The mnemonics created when the Chia wallet is first launched are used to generate this master private key.

The mnemonic phrase generates the Master Private Key, and the Master Private Key derives the Pool Private Key, Farmer Private Key, and one or more Wallet Private Keys. Through these private keys, we can generate corresponding public keys. The wallet private key is well understood. The public key generated by it is finally transformed into a wallet address. You can use it to accept transfers from others. When you want to spend the coins in this address, you also need to use the wallet private key to transact signature. If you generate multiple wallet addresses, you will have multiple wallet private keys. Please remember the public key of the mining pool, the private key of the mining pool, the public key of the farmer, and the private key of the farmer here. We will refer to them again when we talk about the P drive. After doing so much preparation, we can finally start talking about P disk. Every time the P drive starts, several important variables are generated. First, a random master private key is generated, and a local private key can be derived from it. This local private key can also derive a local public key. Finally, the local public key is merged with the Farmer Public Key (Farmer Public Key) to generate Plot Public Key (Plot Public Key) This random master private key is randomly generated in the P disk, and each Plot file uses a different random master private key, which is not the same as the master private key of the Chia wallet software. . Then, the pool public key (Pool Public Key) and the plot public key (Plot Public Key) will be combined and hashed once. The result of the hash is called the plot ID (Plot ID). The P disk is divided into four stages:

1. The forward propagation (Forward Propagation) step will complete the calculation of all F functions (F Function), and store the intermediate results on the disk, accompanied by a large number of read and write operations, this is Why SSD is recommended for temporary directories. In the calculation process of the F function, the plot ID (Plot ID) needs to be used. Therefore, the plot ID (Plot ID) directly determines the content of the Plot file.

2. Back Propagation This step is mainly to eliminate dead entries in the data that have no effect on mining, thereby reducing disk space usage.

3. Compress will convert the data into a specific format and write it into the Plot file.

4. Checkpoint table (Checkpoint Table) to build a checkpoint table

This step is to optimize query efficiency, so that when mining, you can reduce the number of reads to the hard disk, thereby reducing the requirements for hard disk read performance, so that it is truly only capacity. A friend of the Plot file has asked such a question. Since Chia mining searches for data that meets the conditions in the Plot file, why can't miners share the Plot file? From the process of the P disk above, we have made it clear that the content of Plot is related to the Farmer public key and the Pool public key. Different miners obviously have different public keys. . In other words, the Plot files of different miners are completely different.

▼From the code, we can find that metadata is stored in the header of each Plot file.

Metadata has a plot ID (Plot ID) used to distinguish Plot files, and a field called memo. memo can be translated into a memo, which saves some key information when generating the Plot file, this name is really vivid.

▼Memo field contains random master private key, farmer public key (Farmer Public Key), and pool public key (Pool Public Key)

Although Plot files are different among miners, it still cannot explain why miners cannot share Plot files. I won't buy it, and I will tell you the reason directly, because when you generate a block, you need to use the pool private key that matches the Plot file to sign it once. If you use the Polt file of another miner, this file is associated with the public key of the mining pool, and you cannot get the private key of the mining pool. Therefore, you cannot sign, this Plot file is useless to you. .

▼Pool Private Key will be recorded in the block, pay attention to the red box.

▼When generating a block, you need to use the Pool Private Key to sign the puzzle_hash corresponding to the address that receives the block reward.

The data in the entire block are interlocking and dependent on each other. If you miss or modify any part, other data will not be able to correspond, fail the verification, and you will not get rewards. After the above discussion on the generation of P disk, we can easily come to a conclusion: in fact, P disk only needs the farmer public key (Farmer public key) and the pool public key (Pool public key) to complete.

In the elliptic curve encryption (ECC) used by Chia, the public key cannot be derived from the private key, so the public key does not need to be kept secret. In fact, as long as you mine a block, your pool public key will be recorded in the blockchain and made public to the entire network.

Therefore, you can provide these two public keys to anyone without security issues. This also provides the possibility to replace the P disk. You provide the two public keys and the hard disk to the person who replaces the P disk. After the other party completes the P disk, the hard disk will be sent back to you. Because the other party uses your public key information to P disk, and only you have the corresponding private key, only you can use the corresponding Plot file to mine. However, the above is only theory, in theory, it is possible to achieve a safe replacement of P disk. In fact, the substitute P disk market is currently very chaotic, and there are many friends who ask for help when they have problems. I have summarized two typical scams:

1. Defrauding the mnemonic/private key farmer’s public key and the mining pool’s public key to trace the source Derived from the master private key, and the master private key is generated based on the mnemonic. Many generations of P disk people will take advantage of everyone’s lack of relevant knowledge and falsely claim that the P disk must provide certain information to cheat for help. Remember words, and then master the master private key. After the other party has mastered your master private key, they will still help you with the P drive, but they will always be lurking and observe your mining revenue on the blockchain. When you dig enough coins, the other party will transfer your coins all at once. Since the interval between the P disk and the stolen coins varies from a few days to a week or two, it is difficult for you to combine the two Associated, I thought it was a problem with my computer or operation. The other party has earned your P-disk money and swept away your coins, which is nothing short of an empty gloved white wolf. To make matters worse, when you finally wake up, realize that the master private key has been leaked, and regenerate the secure master private key, you are bound to have a new farmer public key and a mining pool public key, a Plot file and these two public keys. The key is closely related, you are likely to re-P drive, and waste a lot of time and energy.

2. Friends who have a little knowledge of the package hard drive know that they cannot provide the private key or mnemonic, but they may not have enough knowledge of the hardware. The way the computer displays the capacity of the hard disk is actually to read the underlying information of the hard disk or the metadata of the file system, and it does not scan the entire hard disk. You can understand it this way. You buy a book in a bookstore and want to know how many pages there are. You can’t count the pages one by one. You only look at the catalog or the last page number. In fact, this is the only feasible way. If you scan the entire hard drive and calculate the capacity, it will take at least a few hours. This effective method of improving efficiency provides opportunities for people with ulterior motives. The person who replaces the P disk will find a small-capacity hard disk that looks similar to your hard disk, tamper with the file system and underlying data, and let the computer recognize it as a large-capacity hard disk, and then repeat the same Plot file with different file names. Many times, you look at a plate full of Plot files. You might say that the hard disk can read the serial number through software, and the sticker on the disk body also has the serial number. This can't be faked. Changing the serial number and resetting the disk has long been an open secret in the industry. The sticker on the disk body, the hot air gun heats and softens the adhesive to peel off or reprint one, it is not too easy. The end result is that you get a hard disk that has been repackaged, and the appearance cannot be found. After all, the appearance of the same series of hard disks has remained unchanged for thousands of years, and the software detection does not reveal any problems. The only difference is that you will find that the computing power is very low, and the other party will find a lot of reasons. After you rule out one by one, almost the final payment of the P disk is also paid, and it will be sooner or later that it is blocked. For scammers, hard drives are so expensive nowadays, if you trade small ones for larger ones, the profit is huge whether you keep them for digging or selling them. The above scams are actually only a small part of the many scams, but the threshold for implementation is very low and they are relatively common. Although there are chaos in the substitute P disk market, I still believe that there will be some honest and professional merchants that provide reliable P disk services. When you have enough knowledge to ensure that you can see through the scam, you can consider using it. Remember, you only need and can only provide the farmer public key and pool public key to the other party. For ordinary people, I still recommend to complete the P disk operation by yourself, so worry-free and safe. Since it is safe to find another person to replace the P disk with multiple machines, it is also possible to buy multiple machines at the same time. Chia's official wallet has designed a very friendly graphical interface in order to take care of novice users, but this also limits our freedom to play. In order to speed up the P drive, many friends install the Chia wallet software on multiple machines and import the mnemonic words to make the P drive. Sometimes they are lazy to record with paper and pen, take pictures directly, and even use WeChat to transmit mnemonics or photo. The mnemonic phrase means the master private key, and the master private key means your control of the encrypted currency. It is very dangerous to place the master private key on multiple machines so hastily and expose it to public communications. In fact, Chia provides a command line tool. We can directly extract the Farmer public key and Pool public key, and then use the command line P disk on other P disk machines. In this way, it is no longer necessary to import the mnemonic words into each P-disk machine, which is safe and convenient.