Security of blockchain in transaction

1. Sharing source: DTV
the centralized trading platform covers the whole trading process including account opening, recharge, automatic transfer and transaction withdrawal. That is to say, when we put our digital assets into the address of the trading platform, the trading platform becomes the trustee of our digital assets, and the control of the actual assets is in the hands of the trading platform
different from the centralized trading platform, the decentralized platform does not need to register an account. It only needs to undertake the responsibilities of asset custody, matching transaction and asset clearing, and does not need to provide non trading function, account system, kcy and legal currency exchange functions like the centralized exchange; On the other hand, in the decentralized trading platform, all operations are realized through smart contracts, and this transaction needs to wait for the confirmation of the blockchain before it is successfully completed

based on the above attributes, the decentralized platform avoids the moral hazard of the trading platform and the centralized attack of hackers to a certain extent. However, in this trading mode, the security of assets depends on the users themselves.

2. Security in blockchain comes from some attributes< Mining blocks need to use resources< Br > 2. Each block contains the hash value of the previous block< Br > imagine if the attacker wants to change the chain by changing the transaction five blocks ago. If they tamper with the block, the hash value of the block changes. Then the attacker must change the pointer from the next block to the changed block, and then change the hash value of the next block... This will continue until the end of the chain. This means that the farther the block is behind the chain, the greater the resistance to change. In fact, the attacker has to simulate the hash capability of the whole network up to the front end of the chain. However, when the attacker tries to attack, the chain continues to move forward. If the attacker's hash value is lower than the rest of the chain (< 50%), they will always chase and never proce the longest chain. Therefore, this type of blockchain can resist attacks, where the attacker's hash value is less than 50%< Br > when attackers have 51% hash value, they can rewrite the network history with a list of valid transactions. This is because they can recalculate the hash value of any block sort faster than the rest of the network, so they can ultimately guarantee a longer chain. The main danger of 51% attacks is the possibility of double spending. This simply means that an attacker can buy an item and show that they have paid with any number of confirmations on the blockchain. Once they receive the item, they can reorder the blockchain so that it doesn't include the send transaction and get a refund< Br > even if the attacker has more than 50% hash value, the attacker can only do so much damage. They can't do things like transfer money from the victim's account to their account or print more coins. This is because all transactions are recorded by the account?? Account owners sign, so even if they control the entire network, they cannot forge account signatures.

3.

One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future

of course, blockchain developers can also take some measures

one is to use professional code audit services,

the other is to understand the security coding specifications and take preventive measures

the security of cryptographic algorithm

with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks

of course, in addition to changing the algorithm, there is another way to improve the security:

refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked

security of consensus mechanism

the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc

POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)

in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow

in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction

for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene

security of smart contract

smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc

there are two aspects of the proposed measures:

one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development

the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully

security of digital wallet

there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones

there are four main countermeasures:

one is to ensure the randomness of the private key

The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with

The third is to use cold wallet

The fourth is to back up the private key

4. Because each block contains its own hash value and the hash value of the previous block, changing a hash value will invalidate the rest of the blockchain
if you have problems with blockchain, you are welcome to chat in private~~~~~

5. The analysis of Chongqing jinwowo network is as follows:
each node on the blockchain can verify the integrity and authenticity of the account book to ensure that all transaction information is not tampered with, true and effective
every node on the blockchain keeps copies of all transaction information. When the number of data and participants on the blockchain is very large, the cost of modifying information will be very high. At least 51% of the computing power of the whole network is needed to modify information, and the modification cost may far exceed the expected revenue
when the information of some nodes is maliciously tampered with, other nodes on the blockchain will find the information that has not formed a "consensus" in a short time and maintain and update it.

6. In view of the security characteristics and shortcomings of the existing blockchain technology, we need to build a security system around the physical, data, application system, encryption, risk control and other aspects to improve the security performance of the blockchain system as a whole
1. Physical security
the network and host running the blockchain system should be in a protected environment. According to the regulatory requirements of specific business, the protection measures can be used to protect the physical network and host by means of VPN, firewall, physical isolation, etc
2. Data security
in principle, the data exchange between nodes of the blockchain should not be transmitted in clear text. For example, asymmetric encryption can be used to negotiate key, and symmetric encryption algorithm can be used to encrypt and decrypt data. The data provider should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures
3. Application system security
application system security needs to start from the aspects of identity authentication, authority system, transaction rules, anti fraud strategy, etc.
relevant personnel, transaction nodes and transaction data involved in application operation should be controlled in advance and auditable afterwards. Taking financial blockchain as an example, consensus algorithm with stronger fault tolerance, anti fraud and higher performance can be adopted to avoid joint fraud of some nodes
4. Key security
to encrypt the communication data between the blockchain nodes and the key to encrypt the data stored on the blockchain nodes, the plaintext should not exist on the same node, and the private key should be properly saved by the encryption machine. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account control, communication encryption, data storage encryption, etc., and implement response measures to make the original key invalid. The key should also be managed strictly in the life cycle, and should not be permanently valid. It needs to be replaced after reaching a certain time cycle
5. Risk control mechanism
there should be careful detection measures for the network layer, host operation, data access of application system, transaction frequency and other dimensions of the system. For any suspicious operation, alarm, record and verification should be carried out. If illegal operation is found, loss assessment should be carried out, remedial measures should be taken at the technical and business levels, and security measures should be strengthened, And trace the source of illegal operation to prevent further attacks

Article source: white paper on blockchain technology and application development in China

7.

The investment value of blockchain

1. blockchain is considered to be the most disruptive technological innovation since the invention of the Internet. Blockchain integrates cryptography, economics, game theory, computer science and other disciplines. It has the characteristics of irreversible transaction and data tampering. It has commercial value in many fields. Its application research has expanded to finance, energy, logistics, ecation, culture and social services

2. blockchain technology will create opportunities for the development of cloud computing, big data, Internet of things, artificial intelligence and other new generation information technology, which can comprehensively promote the upgrading of information technology and realize the leapfrog development of information instry

< / OL >

the security of blockchain

< UL >

3. Privacy Protection cryptography ensures that the unauthorized person can access the data, but it cannot be resolved

4. the following business features include trustworthiness: blockchain can provide a natural and feasible distributed ledger platform without the need for additional third-party intermediaries

5. enhance security: blockchain technology is concive to safe and reliable audit management and account clearing, recing the possibility of crime and various risks

8. Todefi platform now has a large amount of consultation. It's a regular platform and recommends regular and safe projects,