区块链的安全性如何保证,区块链的安全性,在技术层面来讲

区块链的安全性是一个非常重要的话题，为了保证区块链的安全，技术上需要采用一些关键技术。本文将介绍三个关键技术，分别是密码学、共识机制和安全监控。

密码学是一种用于保护数据安全的技术，它可以用来保护数据的完整性、机密性和可信性。它的核心原理是使用密钥对称加密和非对称加密的技术，对数据进行加密处理，从而使得数据无法被破解或篡改。区块链系统中，密码学的应用可以保护网络中的数据安全，保护用户的隐私和财产安全。

共识机制是区块链系统中最重要的一环，它的目的是确保数据的一致性和安全性。共识机制通常采用分布式节点的方式，使用工作量证明机制，将网络中的信息进行验证和确认，从而确保数据的完整性和可靠性。此外，共识机制还可以防止恶意攻击，确保网络的安全性。

安全监控是一种技术，它可以对网络中的数据进行实时监控和分析，以发现潜在的安全威胁。通常，安全监控系统会对网络中的数据进行实时监控，如果发现异常情况，会立即采取措施，以确保网络的安全性。在区块链系统中，安全监控可以及时发现潜在的安全漏洞，及时采取措施，以确保网络的安全性。

总而言之，密码学、共识机制和安全监控是确保区块链安全性的三大关键技术，它们可以有效的保护网络中的数据安全，确保用户的隐私和财产安全。

『一』How does blockchain technology ensure data security?

Private key~

『二』Blockchain security Rules

The security rules of blockchain, the first rule:
Storage is everything
The ownership and security of a person’s property fundamentally depends on the storage method and definition of the property right. In the Internet world, massive user data is stored on the platform's servers. Therefore, the ownership of this data is still a mystery. Just like who owns your and my social IDs, it is difficult to determine, but user data assets have pushed up The market value of the platform, but as a user, does not enjoy the market value dividend. The blockchain world has led to changes in storage media and methods, allowing the ownership of assets to be delivered to individuals.
Extended information
The risks faced by the blockchain system are not only attacks from external entities, but also attacks from internal participants, as well as component failures, such as software failures. Therefore, before implementation, it is necessary to develop a risk model and identify special security requirements to ensure an accurate grasp of risks and response plans.
1. Security features unique to blockchain technology
● (1) Security of written data
Under the action of the consensus mechanism, only when most nodes (or multiple key nodes) in the entire network When everyone agrees that the record is correct at the same time, the authenticity of the record can be recognized by the entire network, and the record data is allowed to be written into the block.
● (2) Security of reading data
Blockchain does not have inherent security restrictions on information reading, but it can control information reading to a certain extent, such as encrypting certain elements on the blockchain, The key is then handed over to the relevant participants. At the same time, the complex consensus protocol ensures that everyone in the system sees the same ledger, which is an important means to prevent double payments.
● (3) Distributed Denial of Service (DDOS)
Attack Resistance Blockchain’s distributed architecture gives it point-to-point, multi-redundant characteristics, and there is no single point of failure, so it is more resistant to denial of service attacks. The method is much more flexible than a centralized system. Even if one node fails, other nodes are not affected, and users connected to the failed node cannot connect to the system unless there is a mechanism to support them to connect to other nodes.
2. Security challenges and response strategies faced by blockchain technology
● (1) The network is open and undefended
For public chain networks, all data is transmitted on the public network, and all nodes joining the network You can connect to other nodes and accept connections from other nodes without any obstacles. There is no authentication or other protection at the network layer. The response to this type of risk is to require greater privacy and carefully control network connections. For industries with higher security, such as the financial industry, it is advisable to use dedicated lines to access the blockchain network, authenticate the accessed connections, exclude unauthorized node access to avoid data leakage, and pass the protocol stack level firewall Security protection to prevent network attacks.
● (2) Privacy
The transaction data on the public chain is visible to the entire network, and the public can track these transactions. Anyone can draw conclusions about something by observing the blockchain, which is not conducive to the legal privacy protection of individuals or institutions. The response strategies for this type of risk are:
First, the certification agency acts as an agent for users to conduct transactions on the blockchain, and user information and personal behaviors do not enter the blockchain.
Second, instead of using a network-wide broadcast method, the transmission of transaction data is limited to nodes that are conducting relevant transactions.
Third, access to user data is controlled by permissions, so only visitors holding the key can decrypt and access the data.
Fourth, use privacy protection algorithms such as "zero-knowledge proof" to avoid privacy exposure.
● (3) Computing power
Blockchain solutions using proof-of-work are faced with the problem of 51% computing power attack. With the gradual concentration of computing power, it is objectively possible that organizations that control more than 50% of the computing power will emerge. Without improvement, it cannot be ruled out that it will gradually evolve into the law of the jungle where the jungle is the law of the jungle. The response strategy for this type of risk is to use a combination of algorithms and realistic constraints, such as joint management and control using asset mortgages, legal and regulatory means, etc.

『三』How does blockchain improve security and data sharing

In view of the security features and shortcomings of existing blockchain technology, it is necessary to focus on physics, data, and applications. Build a security system in terms of systems, encryption, and risk control to improve the overall security performance of the blockchain system.
1. Physical security
The network and hosts running the blockchain system should be in a protected environment. The protection measures vary according to the regulatory requirements of the specific business. They can be not limited to VPN private networks, firewalls, physical Isolation and other methods are used to protect physical networks and hosts.
2. Data security
Data exchange between nodes in the blockchain should not be transmitted in plain text in principle. For example, asymmetric encryption negotiation keys can be used, and symmetric encryption algorithms can be used to encrypt data. and decryption. Data providers should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures.
3. Application system security
The security of the application system needs to start from the aspects of identity authentication, permission system, transaction rules, anti-fraud strategy
and other aspects. The relevant personnel involved in the operation of the application, transaction nodes, Transaction data should be controlled beforehand and auditable afterward. Taking the financial blockchain as an example, a consensus algorithm with stronger fault tolerance, fraud resistance and higher performance can be used to avoid joint fraud by some nodes.
4. Key security
The keys used to encrypt communication data between blockchain nodes and to encrypt data stored on blockchain nodes should not exist in plain text on the same node and should be passed through The encryption machine keeps the private key securely. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account numberControl, communication encryption, data storage encryption, etc., and implement response measures to invalidate the original key. Keys should also undergo strict life cycle management and should not be permanently valid and need to be replaced after a certain period of time.
5. Risk control mechanism
There should be careful detection measures for the network layer of the system, host operation, data access of the application system, transaction frequency and other dimensions, and alarms should be issued for any suspicious operations. , record, and verify. If illegal operations are discovered, damage assessment should be conducted, remediation should be carried out at the technical and business levels, security measures should be strengthened, and the source of the illegal operations should be traced to prevent further attacks.

Article source: China Blockchain Technology and Application Development White Paper

『四』 How is blockchain safe

In blockchain Security comes from a few properties.
1. Mining blocks requires the use of resources.
2. Each block contains the hash value of the previous block.
Imagine if an attacker wanted to change the chain by changing a transaction 5 blocks ago. If they tamper with the block, the hash of the block changes. The attacker then has to change the pointer from the next block to the changed block and then change the hash of the next block... This will continue until the end of the chain. This means that the further back the block is in the chain, the greater the resistance to change. In effect, the attacker would have to simulate the hashing power of the entire network, all the way to the front of the chain. However, when the attacker attempts to attack, the chain continues to move forward. If the attacker's hashrate is lower than the rest of the chain (<50%), then they will always catch up and never produce the longest chain. Therefore, this type of blockchain is resistant to attacks where the attacker has less than 50% of the hashrate.
When an attacker has 51% of the hashes, they can rewrite network history with a list of valid transactions. This is because they can recalculate the hash of any block order faster than the rest of the network, so they can ultimately guarantee longer chains. The main danger of a 51% attack is the possibility of double spending. What this simply means is that an attacker can purchase an item and show that they have paid for it with any number of confirmations on the blockchain. Once they receive the item, they can reorder the blockchain so that it does not include the sending transaction and thus receive a refund.
Even if the attacker has >50% hashrate, the attacker can only do so much damage. They can't do things like transfer money from the victim's account to theirs or print more coins. This is because all transactions are signed by the account owner, so even if they control the entire network, they cannot forge account signatures.

『Wu』What are the main data security measures of the supply chain blockchain?

The main data security measures include identity authentication, access control, data encryption, data backup, etc.

『Lu』 How to ensure safe use of blockchain

One of the characteristics of blockchain projects (especially public chains) is open source. PassOpen source code improves the credibility of the project and allows more people to participate. But the openness of source code also makes it easier for attackers to attack the blockchain system. There have been many hacker attacks in the past two years. Recently, the anonymous currency Verge (XVG) has been attacked again. The attacker has locked a vulnerability in the XVG code, which allows malicious miners to add false times to blocks. After stamping, new blocks were quickly mined, and nearly US$1.75 million worth of digital currency was obtained in just a few hours. Although the attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future.

Of course, blockchain developers can also take some measures

The first is to use professional code audit services,

The second is to understand safe coding standards, Nip problems in the bud.

Security of cryptographic algorithms

The development of quantum computers will bring major security threats to the cryptographic systems currently in use. Blockchain mainly relies on the elliptic curve public key encryption algorithm to generate digital signatures for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. cannot withstand quantum attacks in theory, and there will be greater risks. More and more Researchers are beginning to focus on cryptographic algorithms that are resistant to quantum attacks.

Of course, in addition to changing the algorithm, there is another way to improve security:

Refer to Bitcoin’s handling of public key addresses to reduce the risk of public key leaks. Potential risks. As a user, especially a Bitcoin user, the balance after each transaction is stored in a new address to ensure that the public key of the address where Bitcoin funds are stored is not leaked.

Security of the consensus mechanism

The current consensus mechanisms include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (PoS). Proof of Stake (DPoS), Practical Byzantine Fault Tolerance (PBFT), etc.

PoW faces 51% attack problem. Since PoW relies on computing power, when an attacker has a computing power advantage, the probability of finding a new block will be greater than that of other nodes. At this time, it has the ability to undo transactions that have already occurred. It should be noted that even in this case, the attacker can only modify his own transactions and not the transactions of other users (the attacker does not have the private keys of other users).

In PoS, an attacker can only successfully attack when he holds more than 51% of the token amount, which is more difficult than 51% of the computing power in PoW.

In PBFT, the system is safe when the number of malicious nodes is less than 1/3 of the total nodes. In general, any consensus mechanism has its conditions for establishment. As an attacker, you also need toWhat should be considered is that once the attack is successful, the value of the system will be reduced to zero. At this time, the attacker will not get any other valuable rewards except destruction.

For designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to choose an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scenario.

Security of smart contracts

Smart contracts have the advantages of low operating costs and low risks of human intervention. However, if there are problems with the design of smart contracts, it may cause greater consequences. loss. In June 2016, The DAO, Ethereum's most crowdfunded project, was attacked. Hackers obtained more than 3.5 million Ethereum coins, which later caused Ethereum to fork into ETH and ETC.

The measures proposed in this regard have two aspects:

The first is to conduct security audits of smart contracts,

The second is to follow the principles of safe development of smart contracts.

The security development principles of smart contracts include: be prepared for possible errors and ensure that the code can correctly handle bugs and vulnerabilities; release smart contracts with caution, do functional testing and security testing, and fully consider boundaries; keep smart contracts concise; pay attention to blockchain threat intelligence and check for updates in a timely manner; be clear about the characteristics of the blockchain, such as calling external contracts with caution.

Security of digital wallets

Digital wallets mainly have three security risks: First, design flaws. At the end of 2014, a serious random number problem (duplication of R values) caused users to lose hundreds of digital assets in a certain lottery. Second, digital wallets contain malicious code. Third, lost assets caused by loss or damage of computers and mobile phones.

There are four main countermeasures:

The first is to ensure the randomness of the private key;

The second is to verify the hash value before installing the software , ensure that the digital wallet software has not been tampered with;

The third is to use a cold wallet;

The fourth is to back up the private key.

『撒』How to ensure the security of using blockchain

Blockchain itself solves the problem of large-scale collaboration between strangers, that is, strangers do not need to trust each other. can collaborate with each other. So how to ensure trust between strangers to achieve each other's consensus mechanism? The centralized system uses credible third-party endorsements, such as banks. Banks are regarded as reliable and trustworthy institutions by ordinary people. People can trust banks and let banks resolve real-life disputes. But how does a decentralized blockchain ensure trust?
In fact, blockchain uses the basic principles of modern cryptography to ensure its security mechanism. The knowledge system involved in the field of cryptography and security is very complicated. I will only introduce the basic knowledge of cryptography related to blockchain, including Hash algorithm, encryption algorithm, information digest and digital signature, zero-knowledge proof, quantum cryptography, etc. You can come through this lessonUnderstand how the blockchain using cryptography technology can ensure its confidentiality, integrity, authentication and non-repudiation.
Lesson 7 of the basic course: Basic knowledge of blockchain security
1. Hash algorithm (Hash algorithm)
Hash function (Hash), also known as hash function. Hash function: Hash (original information) = digest information. The hash function can map a binary plaintext string of any length into a shorter (usually fixed-length) binary string (Hash value).
A good hash algorithm has the following 4 characteristics:
1. One-to-one correspondence: The same plaintext input and hash algorithm can always get the same summary information output.
2. Input sensitivity: Even if there is any slight change in the plain text input, the newly generated summary information will change greatly, which is hugely different from the original output.
3. Easy to verify: both the plaintext input and the hash algorithm are public, and anyone can calculate by themselves whether the output hash value is correct.
4. Irreversible: If there is only the output hash value, it is absolutely impossible to deduce the plaintext from the hash algorithm.
5. Conflict avoidance: It is difficult to find two plaintexts with different contents, but their hash values ​​are consistent (collision occurs).
Example:
Hash (Zhang San lent Li Si 100,000, with a loan period of 6 months) = 123456789012
A record of 123456789012 is recorded in the ledger.
It can be seen that the hash function has 4 functions:
Simplifying information
It is easy to understand, and the hashed information becomes shorter.
Identification information
You can use 123456789012 to identify the original information, and the summary information is also called the id of the original information.
Concealed information
The ledger contains a record such as 123456789012, and the original information is concealed.
Verification information
If Li Si deceives when repaying the loan, Zhang San only lent Li Si 50,000, both parties can use the hash value and the previously recorded hash value 123456789012 to verify the original information
Hash (Zhang San lent Li Si 50,000, with a loan period of 6 months) = 987654321098
987654321098 is completely different from 123456789012, which proves that Li Si lied, successfully ensuring that the information cannot be tampered with .
Common Hash algorithms include MD4, MD5, and SHA series algorithms. Nowadays, the SHA series algorithms are basically used in mainstream fields. SHA (Secure Hash Algorithm) is not an algorithm, but a set of hash algorithms. Initially it was the SHA-1 series, but now the mainstream applications are SHA-224, SHA-256, SHA-384, and SHA-512 algorithms (commonly known as SHA-2), SHA-3 related algorithms have also been proposed recently, such as KECCAK-256 used by Ethereum, which belongs to this algorithm.
MD5 is a very classic Hash algorithm, but unfortunately both it and the SHA-1 algorithm have been cracked, and are considered by the industry to be not secure enough to be used in commercial scenarios. It is generally recommended to use at least SHA2-256 or higher. Safe algorithm.
Hash algorithms are widely used in blockchains. For example, in a block, the next block will contain the hash value of the previous block, and the content of the next block + the hash value of the previous block The hash values ​​are used together to calculate the hash value of the next block, ensuring the continuity and non-tamperability of the chain.
2. Encryption and Decryption Algorithms
Encryption and decryption algorithms are the core technology of cryptography. They can be divided into two basic types in terms of design concepts: symmetric encryption algorithms and asymmetric encryption algorithms. They are distinguished according to whether the keys used in the encryption and decryption processes are the same. The two modes are suitable for different needs and form a complementary relationship. Sometimes they can also be used in combination to form a hybrid encryption mechanism.
Symmetric encryption algorithm (symmetric cryptography, also known as common-key cryptography) uses the same encryption and decryption keys. Its advantages are high computational efficiency and high encryption strength; its disadvantage is that it needs to be advanced in advance. Shared key, easy to leak and lose the key. Common algorithms include DES, 3DES, AES, etc.
Asymmetric encryption algorithm (asymmetric cryptography, also known as public-key cryptography) is different from the encryption and decryption keys. Its advantage is that it does not need to share the key in advance; its disadvantage is that the calculation efficiency is low. Only short content can be encrypted. Common algorithms include RSA, SM2, ElGamal and elliptic curve series algorithms. Symmetric encryption algorithm is suitable for the encryption and decryption process of large amounts of data; it cannot be used in signature scenarios: and the key often needs to be distributed in advance. Asymmetric encryption algorithms are generally suitable for signature scenarios or key negotiation, but are not suitable for encryption and decryption of large amounts of data.
3. Information Digest and Digital Signature
As the name suggests, information digest is to perform a Hash operation on the information content to obtain a unique summary value to replace the original complete information content. Information summary is the most important use of the Hash algorithm. Utilizing the anti-collision characteristics of the Hash function, information summary can solve the problem that the content has not been tampered with.
Digital signatures are similar to signing on paper contracts to confirm contract content and prove identity. Digital signatures are based on asymmetric encryption and can be used to prove the integrity of a certain digital content and at the same time confirm the source (or non-repudiation) .
We have two property requirements for digital signatures that make them consistent with what we expect from handwritten signatures. First, only you can make your own signature, but anyone who seesAnyone can verify its validity; second, we want the signature to be related only to a specific file and not to other files. These can all be used to achieve digital signatures through our asymmetric encryption algorithm above.
In practice, we generally sign the hash value of the information rather than the information itself. This is determined by the efficiency of the asymmetric encryption algorithm. Corresponding to the blockchain, the hash pointer is signed. If this method is used, the previous one is the entire structure, not just the hash pointer itself.
4. Zero Knowledge proof
Zero knowledge proof means that the prover makes the verifier believe that a certain assertion is correct without providing any additional information to the verifier.
Zero-knowledge proofs generally meet three conditions:
1. Completeness: a true proof can allow the verifier to successfully verify;
2. Reliability (Soundness): a false proof It is impossible for the verifier to pass the verification;
3. Zero-Knowledge: If it is proved, no information other than the proof information can be learned from the proof process.
5. Quantum cryptography
As the research on quantum computing and quantum communication receives more and more attention, quantum cryptography will have a huge impact on cryptographic information security in the future.
The core principle of quantum computing is to use qubits to be in multiple coherent superposition states at the same time. In theory, a large amount of information can be expressed through a small number of qubits and processed at the same time, greatly increasing the calculation speed.
In this case, a large number of current encryption algorithms are theoretically unreliable and can be cracked, which makes the encryption algorithms have to be upgraded, otherwise they will be broken by quantum computing.
As we all know, quantum computing is still in the theoretical stage and is still far away from large-scale commercial use. However, the new generation of encryption algorithms must take into account the possibility of this situation.

『8』 How does the blockchain ensure the security of data in the network?

How does the blockchain ensure the security of data in the network:
In the blockchain Among the technologies, digital encryption technology is the key. Generally, the asymmetric encryption algorithm is used, that is, the password for encryption and the password for unlocking are different. To put it simply, we have an exclusive private key. As long as we protect our private key and give the public key to the other party, the other party will use the public key to encrypt the file to generate ciphertext, and then pass the ciphertext to you, and we will use the private key. Decrypting the plain text can ensure that the transmission content is not seen by others. In this way, the encrypted data transmission is completed!
At the same time, there is also a digital signature that adds an extra layer of protection for us to prove that the document has not been tampered with during the process of sending it to the other party. It can be seen that the encryption technology of blockchain canIt can effectively solve the security issues in the process of data circulation and sharing, which can be said to have great potential. Chaos