1. IPFS点滴资讯首页
  2. 技术分享

算力挖矿的存储币 — Sia白皮书(中英对照版)

去中心化存储 —— Sia白皮书中英对照版)

David Vorick and Luke Champine
Nebulous Inc.
(Dated: November 29, 2014)

Abstract: The authors introduce Sia, a platform for decentralized storage.Sia enables the formation of storage contracts between peers.Contracts are agreements between a storage provider and their client, defining what data will be stored and at what price.They require the storage provider to prove, at regular intervals, that they are still storing their client’s data.Contracts are stored in a blockchain, making them publicly auditable.In this respect, Sia can be viewed as a Bitcoin derivative that includes support for such contracts.Sia will initially be implemented as an altcoin, and later financially connected to Bitcoin via a two-way peg.

摘要:作者介绍了去中心化存储平台Sia。 Sia能够在对等节点之间形成存储合约。 合约是存储提供商与其客户之间的协议,定义将以何种价格存储数据。 他们要求存储提供商定期证明他们仍在存储客户的数据。

合约存储在区块链中,使其公开可审计。 在这方面,Sia可以被视为比特币衍生品,新增的功能包括对这些合约的支持。 Sia最初将作为Altcoin(这里的Altcoin是指参考BTC的实现)实施,后来通过双向挂钩与比特币进行了交易上的连接。

1. 简介 (Introduction)

Sia is a decentralized cloud storage platform that intends to compete with existing storage solutions, at both the P2P and enterprise level.Instead of renting storage from a centralized provider, peers on Sia rent storage from each other.Sia itself stores only the storage contracts formed between parties, defining the terms of their arrangement.A blockchain, similar to Bitcoin[1,12] , is used for this purpose.

By forming a contract, a storage provider (also known as a host) agrees to store a client’s data, and to periodically submit proof of their continued storage until the contract expires. The host is compensated for every proof they submit, and penalized for missing a proof.Since these proofs are publicly verifiable (and are publicly available in the blockchain), network consensus can be used to automatically enforce storage contracts.Importantly, this means that clients do not need to personally verify storage proofs; they can simply upload their file and let the network do the rest.

We acknowledge that storing data on a single untrusted host guarantees little in the way of availability, bandwidth, or general quality of service.Instead, we recommend storing data redundantly across multiple hosts.In particular, the use of erasure codes can enable high availability without excessive redundancy.

Sia will initially be implemented as a blockchain-based altcoin.Future support for a two-way peg with Bitcoin is planned, as discussed in “Enabling Blockchain Innovations with Pegged Sidechains”[5].The Sia protocol largely resembles Bitcoin except for the changes noted below.

Sia是一个去中心化的云存储平台,倾向于在P2P和企业级领域与现有存储解决方案进行竞争。 Sia 不是从集中供应商处租用存储,而是从彼此租用存储。 Sia本身只存储各方之间形成的存储合同,定义其安排条款。用于此目的区块链与比特币[1,12]类似。



Sia最初将实施为基于区块链的Altcoin。未来计划支持与比特币进行双向挂钩,详见“使用侧链促进区块链创新”[5]。 Sia协议在很大程度上与比特币相似,除了下面所述的变化。

2. 总体结构 (General Structure)

Sia’s primary departure from Bitcoin lies in its transactions.Bitcoin uses a scripting system to enable a range of transaction types, such as pay-to-public-key-hash and pay-to-script-hash.Sia opts instead to use an M–of–N multi-signature scheme for all transactions, eschewing the scripting system entirely.This reduces complexity and attack surface.

Sia also extends transactions to enable the creation and enforcement of storage contracts.Three extensions are used to accomplish this: contracts, proofs, and contract updates.Contracts declare the intention of a host to store a file with a certain size and hash.They define the regularity with which a host must submit storage proofs.Once established, contracts can be modified later via contract updates.The specifics of these transaction types are defined in sections 4 and 5.

Sia从比特币的主要出发点在于它的交易。 比特币使用脚本系统来启用一系列交易类型,例如pay-to-public-key-hash和pay-to-script-hash。 Sia选择在所有交易中使用M-N多重签名方案,完全避开了脚本系统。 这减少了复杂性和攻击可能性。

Sia还扩大交易范围,以创建和执行仓储合约。 有三个扩展用于完成这项工作:合约,证明和合约更新。 合约声明主机的存储空间以存储具有特定大小和散列的文件。 它们定义了主机必须提交存储证据的规则。 一旦建立,合约可以稍后通过合约更新进行修改。 这些交易类型的细节在第4节和第5节中定义。

3. 交易 (Transactions)

算力挖矿的存储币 — Sia白皮书(中英对照版)


算力挖矿的存储币 — Sia白皮书(中英对照版)

3.1 输入输出(Inputs and Outputs)

An output comprises a volume of coins.Each output has an associated identifier, which is derived from the transaction that the output appeared in.The ID of output i in transaction t is defined as:

H(t || “output” || i)

where H is a cryptographic hashing function, and “output” is a string literal.The block reward and miner fees have special output IDs, given by:

H(H(Block Header) || “blockreward”)

Every input must come from a prior output, so an input is simply an output ID.

Inputs and outputs are also paired with a set of spend conditions.Inputs contain the spend conditions themselves, while outputs contain their Merkle root hash [2].

输出包括一定量的加密币。 每个输出都有一个关联的标识符,它是从输出中出现的交易派生而来的。输出i 在交易t中的标识定义为:

H(t ||“output”|| i)

其中H是密码哈希函数,“output”是字符串文字。 块奖励和矿工费用有特殊的输出ID,由下式给出:

H(H(Block Header)||“blockreward”)


输入和输出也与一组支出条件配对。 输入包含消费条件本身,而输出包含它们的Merkle根散列[2]。

3.2 支出条件(Spend Conditions)

Spend conditions are properties that must be met before coins are “unlocked” and can be spent.The spend conditions include a time lock and a set of public keys, and the number of signatures required.An output cannot be spent until the time lock has expired and enough of the specified keys have added their signature.

The spend conditions are hashed into a Merkle tree, using the time lock, the number of signatures required, and the public keys as leaves.The root hash of this tree is used as the address to which the coins are sent.In order to spend the coins, the spend conditions corresponding to the address hash must be provided.The use of a Merkle tree allows parties to selectively reveal information in the spend conditions.For example, the time lock can be revealed without revealing the number of public keys or the number of signatures required.

It should be noted that the time lock and number of signatures have low entropy, making their hashes vulnerable to brute-forcing.This could be resolved by adding a random nonce to these fields, increasing their entropy at the cost of space efficiency.


支出条件被散列到Merkle树中,使用时间锁定,所需签名的数量以及公钥作为叶子。该树的根散列用作加密币发送的地址。为了消费加密币,必须提供与地址散列对应的花费条件。 Merkle树的使用允许各方在消费条件中选择性地揭示信息。例如,可以揭示时间锁而不揭示公钥的数量或所需签名的数量。


3.3 签名(Signatures)

Each input in a transaction must be signed. The cryptographicsignature itself is paired with an input ID,a time lock, and a set of flags indicating which partsof the transaction have been signed. The input ID indicateswhich input the signature is being applied to.The time lock specifies when the signature becomesvalid. Any subset of fields in the transaction can besigned, with the exception of the signature itself (asthis would be impossible). There is also a flag to indicatethat the whole transaction should be signed,except for the signatures. This allows for more nuancedtransaction schemes.

The actual data being signed, then, is a concatenationof the time lock, input ID, flags, and everyflagged field. Every such signature in the transactionmust be valid for the transaction to be accepted.

交易中的每个输入都必须签名。 密码签名本身与一个输入ID,一个时间锁和一组指示交易的哪些部分已被签名的标志配对。 输入ID指示正在应用签名的输入。 时间锁定指定签名何时生效。 交易中的任何字段子集都可以签名,但签名本身除外(因为这是不可能的)。 还有一个标志,表示整个交易除了签名都应该签名。 这允许更多的交易方案。

然后,正在签名的实际数据是时间锁定,输入ID,标志和每个标记字段的串联。 交易中的每一个这样的签名都必须有效,以便交易被接受。

4. 文件合约(File Contracts)

A file contract is an agreement between a storageprovider and their client. At the core of a file contract is the file’s Merkle root hash. To construct this hash,the file is split into segments of constant size andhashed into a Merkle tree. The root hash, along withthe total size of the file, can be used to verify storageproofs.

File contracts also specify a duration, challenge frequency,and payout parameters, including the rewardfor a valid proof, the reward for an invalid or missingproof, and the maximum number of proofs that canbe missed. The challenge frequency specifies how oftena storage proof must be submitted, and createsdiscrete challenge windows during which a host mustsubmit storage proofs (one proof per window). Submittinga valid proof during the challenge windowtriggers an automatic payment to the “valid proof”address (presumably the host). If, at the end of thechallenge window, no valid proof has been submitted,coins are instead sent to the “missed proof” address(likely an unspendable address in order to disincentivizeDoS attacks; see section 7.1). Contracts definea maximum number of proofs that can be missed;if this number is exceeded, the contract becomes invalid.

If the contract is still valid at the end of the contractduration, it successfully terminates and any remainingcoins are sent to the valid proof address.Conversely, if the contract funds are exhausted beforethe duration elapses, or if the maximum numberof missed proofs is exceeded, the contract unsuccessfullyterminates and any remaining coins are sent tothe missed proof address.

Completing or missing a proof results in a newtransaction output belonging to the recipient specifiedin the contract. The output ID of a proof dependson the contract ID, defined as:


where i is the index of the contract within the transaction.The output ID of the proof can then be determinedfrom:

H(contract ID||outcome||Wi)

Where Wiis the window index, i.e. the number ofwindows that have elapsed since the contract wasformed. The outcome is a string literal: either “validproof”and “missedproof”, corresponding to the validityof the proof.

The output ID of a contract termination is definedas:

H(contract ID||outcome)

Where outcome has the potential values “successfultermination”and “unsucessfultermination”, correspondingto the termination status of the contract.

File contracts are also created with a list of “editconditions,” analogous to the spend conditions of atransaction. If the edit conditions are fulfilled, thecontract may be modified. Any of the values can bemodified, including the contract funds, file hash, andoutput addresses. As these modifications can affectthe validity of subsequent storage proofs, contract editsmust specify a future challenge window at whichthey will become effective.

Theoretically, peers could create “micro-edit channels”to facilitate frequent edits; see discussion ofmicropayment channels, section 7.3.





H(transaction || “contract” || i)


H(contract ID || outcome || Wi)

其中Wi是窗口索引,即自合约形成以来经过的窗口数。outcome是一个字符串文字:无论是“valid-proof” 还是“missedproof”,都与证明的有效性相对应。


H(contract ID ||outcome)




5. 存储证明(Proof of Storage)

Storage proof transactions are periodically submittedin order to fulfill file contracts. Each storage prooftargets a specific file contract. A storage proof doesnot need to have any inputs or outputs; only a contractID and the proof data are required.

定期提交存储证明交易以履行文件合约。 每个存储证明都针对特定的文件合约。 存储证明不需要任何输入或输出; 只需要一个合约ID和证明数据。

5.1 算法(Algorithm)

Hosts prove their storage by providing a segment ofthe original file and a list of hashes from the file’sMerkle tree. This information is sufficient to provethat the segment came from the original file. Becauseproofs are submitted to the blockchain, anyone canverify their validity or invalidity. Each storage proofuses a randomly selected segment. The random seedfor challenge window Wiis given by:

H(contract ID||H(Bi−1))

where Bi−1 is the block immediately prior to the beginningof Wi.

If the host is consistently able to demonstrate possessionof a random segment, then they are very likelystoring the whole file. A host storing only 50% of thefile will be unable to complete approximately 50% ofthe proofs.

主机通过从文件的Merkle树中提供一段原始文件的碎片和一系列哈希来共同拼接成原来的merkle树来证明它们提供了有效的p存储。 这些信息足以证明该段来自原始文件。 由于证明提交给区块链,任何人都可以验证其有效性或无效性。 每个存储证明使用随机选择的段。 挑战窗口 Wi 的随机种子由下式给出:

H(contract ID || H( Bi-1 ))

其中 Bi–1 是紧接在 Wi 开始之前的块。

如果主机始终能够证明拥有一个随机段,那么他们很可能会存储整个文件。 只存储50%文件的主机将无法完成大约50%的证明。

5.2 阻止扣留攻击(Block Withholding Attacks)

The random number generator is subject to manipulationvia block withholding attacks, in which theattacker withholds blocks until they find one thatwill produce a favorable random number. However,the attacker has only one chance to manipulate therandom number for a particular challenge. Furthermore,withholding a block to manipulate the randomnumber will cost the attacker the block reward.

If an attacker is able to mine 50% of the blocks,then 50% of the challenges can be manipulated. Nevertheless,the remaining 50% are still random, so theattacker will still fail some storage proofs. Specifically,they will fail half as many as they would without thewithholding attack.

To protect against such attacks, clients can specifya high challenge frequency and large penalties formissing proofs. These precautions should be sufficientto deter any financially-motivated attacker that controlsless than 50% of the network’s hashing power.Regardless, clients are advised to plan around potentialByzantine attacks, which may not be financiallymotivated.




5.3 关闭窗口攻击(Closed Window Attacks)

Hosts can only complete a storage proof if their prooftransaction makes it into the blockchain. Minerscould maliciously exclude storage proofs from blocks,depriving themselves of transaction fees but forcinga penalty on hosts. Alternatively, miners could extorthosts by requiring large fees to include storageproofs, knowing that they are more important thanthe average transaction. This is termed a closed windowattack, because the malicious miner has artificially“closed the window.”

The defense for this is to use a large window size.Hosts can reasonably assume that some percentage ofminers will include their proofs in return for a transactionfee. Because hosts consent to all file contracts,they are free to reject any contract that they feelleaves them vulnerable to closed window attacks.

如果证明交易进入区块链,主机只能完成存储证明。 矿工可能会恶意排除大量存储证据,剥夺交易费用,但会对主机施加惩罚。 另外,矿工可以通过要求大笔费用来包含存储证据来侵占主机,因为他们知道它比平均交易更重要。 这被称为封闭的窗户攻击,因为恶意矿工人为地“关闭了窗户”。

防御措施是使用大窗口大小。 主机可以合理地假设,有一定比例的矿工将包括他们的证明以换取交易费用。 由于主机同意所有文件合约,他们可以自由拒绝任何他们认为容易受到封闭窗口攻击的合约。

6. 任意交易数据(Arbitrary Transaction Data)

Each transaction has an arbitrary data field whichcan be used for any type of information. Nodes will berequired to store the arbitrary data if it is signed byany signature in the transaction. Nodes will initiallyaccept up to 64 KB of arbitrary data per block.

This arbitrary data provides hosts and clients witha decentralized way to organize themselves. It canbe used to advertise available space or files seeking ahost, or to create a decentralized file tracker.

Arbitrary data could also be used to implementother types of soft forks. This would be done by creatingan “anyone-can-spend” output but with restrictionsspecified in the arbitrary data. Miners that understandthe restrictions can block any transactionthat spends the output without satisfying the necessarystipulations. Naive nodes will stay synchronizedwithout needing to be able to parse the arbitrarydata.

每笔交易都有一个任意数据字段,可用于任何类型的信息。 如果任意数据由交易中的任何签名签名,节点将被要求存储任意数据。 节点最初将接受每块最多64 KB的任意数据。

这种随意的数据为主机和客户提供了一种分散的方式来组织自己。 它可用于宣传可用空间或寻找主机的文件,或创建分散的文件跟踪器。

任意数据也可以用来实现其他类型的软分叉。 这可以通过创建“任何人都可以花费”的输出来完成,但是在任意数据中指定了限制。 理解这些限制的矿工可以阻止在不满足必要条件的情况下花费输出的任何交易。 单纯功能的节点将保持同步,而不需要能够解析任意数据。

7. 存储生态系统 (Storage Ecosystem)

Sia relies on an ecosystem that facilitates decentralizedstorage. Storage providers can use the arbitrarydata field to announce themselves to the network.This can be done using standardized template thatclients will be able to read. Clients can use these announcementsto create a database of potential hosts,and form contracts with only those they trust.

Sia依赖于一个促进分散存储的生态系统。 存储提供商可以使用任意数据字段向网络宣布他们自己。 这可以使用标准化的模板完成,客户可以阅读。 客户可以使用这些公告创建潜在主机的数据库,并仅与他们信任的人签订合同。

7.1 主机保护 (Host Protections)

A contract requires consent from both the storageprovider and their client, allowing the provider to rejectunfavorable terms or unwanted (e.g. illegal) files.The provider may also refuse to sign a contract untilthe entire file has been uploaded to them.

Contract terms give storage providers some flexibility.They can advertise themselves as minimally reliable, offering a low price and a agreeing to minimalpenalties for losing files; or they can advertisethemselves as highly reliable, offering a higher priceand agreeing to harsher penalties for losing files. Anefficient market will optimize storage strategies.

Hosts are vulnerable to denial of service attacks,which could prevent them from submitting storageproofs or transferring files. It is the responsibility ofthe host to protect themselves from such attacks.

合约需要存储提供商及其客户的同意,允许提供商拒绝不利条款或不需要的(例如非法)文件。 提供者也可能拒绝签署合约,直到整个文件上传给他们。

合约条款为存储提供商提供了一些灵活性。 他们可以宣传自己为最低限度可靠,价格低廉,并同意对丢失文件采取最低限度的处罚; 或者他们可以宣传自己是高度可靠的,提供更高的价格并同意对丢失文件进行更严厉的处罚。 有效的市场将优化存储策略。

主机容易受到拒绝服务攻击,这可能会阻止他们提交存储证明或传输文件。 主机有责任保护自己免受此类攻击。

7.2 客户端保护 (Client Protections)

Clients can use erasure codes, such as regeneratingcodes [4], to safeguard against hosts going offline.These codes typically operate by splitting a file inton pieces, such that the file can be recovered fromany subset of m unique pieces. (The values of n andm vary based on the specific erasure code and redundancyfactor.) Each piece is then encrypted andstored across many hosts. This allows a client to attainhigh file availability even if the average networkreliability is low. As an extreme example, if only 10out of 100 pieces are needed to recover the file, thenthe client is actually relying on the 10 most reliablehosts, rather than the average reliability. Availabilitycan be further improved by rehosting file pieceswhose hosts have gone offline. Other metrics benefitfrom this strategy as well; the client can reduce latencyby downloading from the closest 10 hosts, orincrease download speed by downloading from the 10fastest hosts. These downloads can be run in parallelto maximize available bandwidth.


7.3 正常运行时间奖励 (Uptime Incentives)

The storage proofs contain no mechanism to enforceconstant uptime. There are also no provisions thatrequire hosts to transfer files to clients upon request.One might expect, then, to see hosts holding theirclients’ files hostage and demanding exorbitant feesto download them. However, this attack is mitigatedthrough the use of erasure codes, as described in section7.2. The strategy gives clients the freedom toignore uncooperative hosts and work only with thosethat are cooperative. As a result, power shifts fromthe host to the client, and the “download fee” becomesan “upload incentive.”

In this scenario, clients offer a reward for being senta file, and hosts must compete to provide the bestquality of service. Clients may request a file at anytime, which incentivizes hosts to maximize uptime inorder to collect as many rewards as possible. Clientscan also incentivize greater throughput and lower latencyvia proportionally larger rewards. Clients couldeven perform random “checkups” that reward hostssimply for being online, even if they do not wish todownload anything. However, we reiterate that uptimeincentives are not part of the Sia protocol; theyare entirely dependent on client behavior.

Payment for downloads is expected to be offeredthrough preexisting micropayment channels [11]. Micropaymentchannels allow clients to make many consecutivesmall payments with minimal latency andblockchain bloat. Hosts could transfer a small segmentof the file and wait to receive a micropaymentbefore proceeding. The use of many consecutive paymentsallows each party to minimize the risk of beingcheated. Micropayments are small enough and fastenough that payments could be made every few secondswithout having any major effect on throughput.




7.4 基本声誉系统 (Basic Reputation System)

Clients need a reliable method for picking qualityhosts. Analyzing their history is insufficient, becausethe history could be spoofed. A host could repeatedlyform contracts with itself, agreeing to store large“fake” files, such as a file containing only zeros. Itwould be trivial to perform storage proofs on suchdata without actually storing anything.

To mitigate this Sybil attack, clients can requirethat hosts that announce themselves in the arbitrarydata section also include a large volume of time lockedcoins. If 10 coins are time locked 14 days into thefuture, then the host can be said to have created alock valued at 140 coin-days. By favoring hosts thathave created high-value locks, clients can mitigate therisk of Sybil attacks, as valuable locks are not trivialto create.Each client can choose their own equation for pickinghosts, and can use a large number of factors, in5cluding price, lock value, volume of storage being offered,and the penalties hosts are willing to pay forlosing files. More complex systems, such as those thatuse human review or other metrics, could be implementedout-of-band in a more centralized setting.


为了防止女巫攻击,客户可以要求在任意数据部分宣布自己的主机也包含大量时间锁定加密币。如果10 个加密币在未来14天内被锁定时间,则主人可以说已经创建了一个价值为140 个币日的锁。通过支持创建高价值锁的主机,客户可以降低女巫攻击的风险,因为有价值的锁并非微不足道。


8. Sia基金 (Siafunds)

Sia is a product of Nebulous Incorporated. Nebulousis a for-profit company, and Sia is intended to becomea primary source of income for the company.Currency premining is not a stable source of income,as it requires creating a new currency and tetheringthe company’s revenue to the currency’s increasingvalue. When the company needs to spend money, itmust trade away portions of its source of income. Additionally,premining means that one entity has controlover a large volume of the currency, and thereforepotentially large and disruptive control over the market.

Instead, Nebulous intends to generate revenue fromSia in a manner proportional to the value added bySia, as determined by the value of the contracts setup between clients and hosts. This is accomplishedby imposing a fee on all contracts. When a contractis created, 3.9% of the contract fund is removed anddistributed to the holders of siafunds. Nebulous Inc.will initially hold approx. 88% of the siafunds, and theearly crowd-fund backers of Sia will hold the rest.

Siafunds can be sent to other addresses, in the sameway that siacoins can be sent to other addresses. Theycannot, however, be used to fund contracts or minerfees. When siafunds are transferred to a new address,an additional unspent output is created, containingall of the siacoins that have been earned by the siafundssince their previous transfer. These siacoins aresent to the same address as the siafunds.

Sia是Nebulous Incorporated的产品。 Nebulous是一家盈利性公司,Sia旨在成为公司的主要收入来源。货币预挖并不是一个稳定的收入来源,因为它需要创造一种新货币并将公司的收入与该货币的增值联系起来。当公司需要花钱的时候,它必须交换部分收入来源。另外,预分险意味着一个实体控制了大量货币,因此可能对市场产生巨大的破坏性控制。

相反,Nebulous打算按照与Sia增加的价值成比例的方式从Sia获得收入,这取决于客户和主机之间的合同价值。这是通过对所有合同征收费用来实现的。合同成立后,合同基金的3.9%将被清除并分配给合资基金的持有人。 Nebulous公司最初将持有约。 88%的Siafunds和Sia的早期众筹基金支持者将持有其余的股份。


9. Sia的经济学设计 (Economics of Sia)

The primary currency of Sia is the siacoin. Thesupply of siacoins will increase permanently, andall fresh supply will be given to miners as a blocksubisdy. The first block will have 300,000 coinsminted. This number will decrease by 1 coin perblock, until a minimum of 30,000 coins per block isreached. Following a target of 10 minutes betweenblocks, the annual growth in supply is:

算力挖矿的存储币 — Sia白皮书(中英对照版)

There are inefficiencies within the Sia incentivescheme. The primary goal of Sia is to provide ablockchain that enforces storage contracts. The miningreward, however, is only indirectly linked to thetotal value of contracts being created.

The siacoin, especially initially, is likely to havehigh volatility. Hosts can be adversely affected if thevalue of the currency shifts mid-contract. As a result,we expect to see hosts increasing the price oflong-term contracts as a hedge against volatility. Additionally,hosts can advertise their prices in a morestable currency (like USD) and convert to siacoin immediatelybefore finalizing a contract. Eventually, theuse of two-way pegs with other crypto-assets will givehosts additional means to insulate themselves fromvolatility.

Sia的主要货币是siacoin。 siacoins的供应将永久增加,所有新鲜的供应将作为一个块补贴给予矿工。第一个区块将有30万个siacoin产生。这个数字每块会减少1个siacoin,直到达到每块至少30,000个siacoin。在各区块之间达到10分钟的目标之后,供应年增长率为:

算力挖矿的存储币 — Sia白皮书(中英对照版)

Sia奖励计划内效率低下。 Sia的主要目标是提供强化存储合同的区块链。但是,最低报酬与所创建合约的总价值间接相关。


10. 总结 (Conclusion)

Sia is a variant on the Bitcoin protocol that enablesdecentralized file storage via cryptographic contracts.These contracts can be used to enforce storage agreementsbetween clients and hosts. After agreeing tostore a file, a host must regularly submit storageproofs to the network. The host will automaticallybe compensated for storing the file regardless of thebehavior of the client.

Importantly, contracts do not require hosts totransfer files back to their client when requested. Instead,an out-of-band ecosystem must be created toreward hosts for uploading. Clients and hosts mustalso find a way to coordinate; one mechanism wouldbe the arbitrary data field in the blockchain.  Various precautions have been enumerated which mitigateSybil attacks and the unreliability of hosts.

Siafunds are used as a mechanism of generatingrevenue for Nebulous Inc., the company responsiblefor the release and maintenance of Sia. By using Siafunds instead of premining, Nebulous more directlycorrelates revenue to actual use of the network, andis largely unaffected by market games that maliciousentities may play with the network currency. Minersmay also derive a part of their block subsidy fromsiafunds, with similar benefits. Long term, we hopeto add support for two-way-pegs with various currencies,which would enable consumers to insulate themselvesfrom the instability of a single currency.

We believe Sia will provide a fertile platform fordecentralized cloud storage in trustless environments.



Siafunds被用作为负责释放和维护Sia的公司Nebulous Inc.创造收入的机制。通过使用Sia-funds而不是预先分配,Nebulous更直接地将收入与网络的实际使用相关联,并且基本上不受恶意实体可能使用网络货币玩的市场游戏的影响。矿工也可以从siafunds获得部分区块补贴,具有类似的收益。长期来看,我们希望增加对各种货币双向挂钩的支持,这将使消费者能够隔离单一货币的不稳定性。




[1]Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System.

[2]R.C. Merkle, Protocols for public key cryptosystems, In Proc. 1980 Symposium on Security and Privacy,IEEE Computer Society, pages 122-133, April 1980.

[3]Hovav Shacham, Brent Waters, Compact Proofs of Retrievability, Proc. of Asiacrypt 2008, vol. 5350, Dec
2008, pp. 90-107.

[4]K. V. Rashmi, Nihar B. Shah, and P. Vijay Kumar, Optimal Exact-Regenerating Codes for Distributed
Storage at the MSR and MBR Points via a Product-Matrix Construction.

[5]Adam Back, Matt Corallo, Luke Dashjr, Mark Friedenbach, Gregory Maxwell, Andrew Miller, Andrew Peolstra, Jorge Timon, Pieter Wuille, Enabling Blockchain Innovations with Pegged Sidechains.

[6]Andrew Poelstra, A Treatise on Altcoins.

[7]Gavin Andresen, O(1) Block Propagation, https://gist.github.com/gavinandresen/e20c3b5a1d4b97f79ac2

[8]Gregory Maxwell, Deterministic Wallets, https://bitcointalk.org/index.php?topic=19137.0

[9]etotheipi, Ultimate blockchain compression w/ trust-free lite nodes, https://bitcointalk.org/index.php?topic=88208.0

[10]Gregory Maxwell, Proof of Storage to make distributed resource consumption costly. https://bitcointalk.org/index.php?topic=310323.0

[11]Mike Hearn, Rapidly-adjusted (micro)payments to a pre-determined party, https://en.bitcoin.it/wiki/Contracts# Example 7: Rapidly-adjusted .28micro.29payments to a pre-
determined party

[12]Bitcoin Developer Guide, https://bitcoin.org/en/developer-guide



算力挖矿的存储币 — Sia白皮书(中英对照版)

算力挖矿的存储币 — Sia白皮书(中英对照版)


算力挖矿的存储币 — Sia白皮书(中英对照版)


算力挖矿的存储币 — Sia白皮书(中英对照版)



算力挖矿的存储币 — Sia白皮书(中英对照版)





算力挖矿的存储币 — Sia白皮书(中英对照版)

算力挖矿的存储币 — Sia白皮书(中英对照版)



电子邮件地址不会被公开。 必填项已用*标注


  • tonyhzj
    tonyhzj 2018年10月9日 08:56


  • tonyhzj
    tonyhzj 2018年10月9日 08:57


    • Eric
      Eric 回复 tonyhzj 2018年10月15日 13:20


QR code