我們考慮如下場景，一個攻擊者嘗試生成另一條比誠實鏈增長更快的替代鏈。就算完成了這一步，系統也不會向隨意的更改開放，比如無中生有創造價值，或者讓攻擊者拿到不屬於自己的錢。節點是不會接受一個非法交易作為支付的，誠實節點也永遠不會接受包含這些交易的區塊。攻擊者只能嘗試去改變自己交易中的一個，來取回剛剛已經花出去的錢。

The race between the honest chain and an attacker chain can be characterized as a Binomial Random Walk.  The success event is the honest chain being extended by one block, increasing its lead by +1, and the failure event is the attacker's chain being extended by one block, reducing the gap by -1. 

誠實鏈與攻擊者鏈之間的競爭可以表徵為一個二項隨機過程。成功事件是誠實鏈被延長了一個區塊，領先+1，失敗事件是攻擊者鏈被延長了一個區塊，差距-1。

The probability of an attacker catching up from a given deficit is analogous to a Gambler's Ruin problem.  Suppose a gambler with unlimited credit starts at a deficit and plays potentially an infinite number of trials to try to reach 

攻擊者趕上一個給定虧損額（差距）的概率，類似一個賭徒破產問題。假設一個有著無限餘額的賭徒，從一定虧損額開始，可能進行無限次試驗，以達到盈虧平衡。我們可以計算他達到盈虧平衡，或者說攻擊者追趕上誠實鏈的概率，如下：

p = probability an honest node finds the next block

誠實節點（率先）發現下一個區塊的概率

q = probability the attacker finds the next block

攻擊者（率先）發現下一個區塊的概率

qz = probability the attacker will ever catch up from z blocks behind 

攻擊者從落後z個區塊的差距追趕上來的概率

Given our assumption that p > q, the probability drops exponentially as the number of blocks the attacker has to catch up with increases.  With the odds against him, if he doesn't make a lucky lunge forward early on, his chances become vanishingly small as he falls further behind. 

假設p > q，當攻擊者需要追趕上的區塊數量差距增長時，成功概率以指數方式下降。按攻擊者的賠率，如果他沒有率先完成一次幸運的衝搶，那麼當他進一步落後的時候，機會將變得渺茫。

注：probability（概率）和odds（機率）是兩個不同的數學概念。具體定義就不詳述了，這裡舉個簡單易懂的例子：不透明袋子裡共有12顆球，其中紅球3顆，剩下的是其他顏色。那麼摸一顆紅球出來的probability是3/12，通常按百分數表示為25%。

odds有兩種表述形式，odds in favor和odds against。odds in favor描述“期望事件會發生”的比率，即所謂的勝率；odds against描述“期望事件不會發生”的比率，即賭博中常說的賠率。仍然是上面的例子，odds in favor摸紅球是3/9，通常按比例表示為1:3；odds against摸紅球是9/3，通常按比例表示為3:1。

另外，lunge一詞在球類運動和動物世界中比較常見，意思是突然衝上去，往往帶有進攻意圖，或者要搶奪某種東西。作者接著race、odds這些雙關語境，把攻擊者追趕生成區塊比喻為搶球。

We now consider how long the recipient of a new transaction needs to wait before being sufficiently certain the sender can't change the transaction.  We assume the sender is an attacker who wants to make the recipient believe he paid him for a while, then switch it to pay back to himself after some time has passed.  The receiver will be alerted when that happens, but the sender hopes it will be too late. 

我們現在來考慮一筆新的交易發生後，接收方需要等多久，才能足夠確定傳送方無法篡改交易。我們假設傳送方是一個攻擊者，他想要讓接收方相信他已經暫時完成支付，然後過一段時間將交易轉變為向自己支付。傳送方那樣做時接收方將會收到警告，但是傳送方寄希望於這一切為時已晚。

The receiver generates a new key pair and gives the public key to the sender shortly before signing.  This prevents the sender from preparing a chain of blocks ahead of time by working on it continuously until he is lucky enough to get far enough ahead, then executing the transaction at that moment.  Once the transaction is sent, the dishonest sender starts working in secret on a parallel chain containing an alternate version of his transaction. 

接收方生成新的金鑰對，並在簽名之前將公鑰交給傳送方。這樣避免了傳送方提前準備好一條區塊鏈，不斷的在其上延長區塊，直到他足夠僥倖的超前足夠遠，然後在時機成熟時執行交易。一旦交易發出，不誠實的傳送者開始祕密的在一條並行的鏈上進行運算，這條鏈包含了他的交易的另一（篡改）版本。

注：常聽流行音樂的一定對alternate version不陌生。這個“另版”的範圍很大，有時同樣的歌曲會有多個版本，比如album version專輯版、cover翻唱版、remake重製版、clean乾淨版、explicit髒話版、instrumental伴奏版、acoustic演奏版、unplugged不插電版、live現場版、parody模仿版等等。

The recipient waits until the transaction has been added to a block and z blocks have been linked after it.  He doesn't know the exact amount of progress the attacker has made, but assuming the honest blocks took the average expected time per block, the attacker's potential progress will be a Poisson distribution with expected value: 

接收方會一直等到交易記錄被追加到區塊裡，並且已有z個區塊連結在其後。他並不知道攻擊者已經取得的確切進展，但是假設誠實區塊每產生一個將花費平均期望時間，那麼攻擊者可能取得的進展將是一個泊松分佈，其期望值：

To get the probability the attacker could still catch up now, we multiply the Poisson density for each amount of progress he could have made by the probability he could catch up from that point:

現在為了得到攻擊者仍然可能追趕上的概率，我們將攻擊者每取得一定進展的泊松概率密度，乘以他從那一點開始能夠追趕上的概率：

Rearranging to avoid summing the infinite tail of the distribution...

為了避免對分佈的無窮長尾求和，化簡為以下形式：

Converting to C code... 

轉化為C語言程式碼：

Running some results, we can see the probability drop off exponentially with z. 

執行得出結果，可以看出隨著z的增加，概率以指數形式下降。

Solving for P less than 0.1%... 

解出P少於0.1%的情況。