Defects of blockchain
One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development
the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with The third is to use cold wallet The fourth is to back up the private keyblockchain technology is a new distributed infrastructure and computing paradigm, which can realize the sharing, replication and authorization of distributed ledger. It has the characteristics of multi-point consensus and is difficult to tamper with it solves the problem of how to achieve inter institutional trust transactions in the commercial network, connects all parties involved in financial services, and brings challenges of breaking the data island and improving the data quality. It has the potential advantages of security and recing transaction costs. Enhancing the ability of risk control has a broad application prospect in the financial field< the blockchain instry is ushering in a new trend in the market, and there are some bottlenecks in the development of the blockchain instry only by breaking through these bottlenecks can we usher in the spring of blockchain. Bring better development
Finally, the development of blockchain technology will bring some network security problems we should pay attention to and solve the problems of information security and network security. Blockchain technology is not inherently secure. Any software system inevitably has defects and vulnerabilities, and will face attacks from the network. Poorly designed and poorly managed blockchain systems can be vulnerable to attacks. In the application of the financial instry, data is an asset, so we should have a comprehensive understanding of the security of the blockchain, first of all, put the security design and self-control in the first place to avoid bitcoin theft1. POW workload proof, which is familiar with mining, calculates a random number that meets the rules through and or operation, that is, obtains the bookkeeping right, sends out the data that needs to be recorded in this round, and stores it together with other nodes in the whole network after verification
advantages: complete decentralization, free access of nodes
disadvantages: bitcoin has attracted most of the computing power in the world, and other blockchain applications using POW consensus mechanism are difficult to obtain the same computing power to ensure their own security; Mining causes a lot of waste of resources; The period of reaching consensus is long, which is not suitable for commercial application.
2. Proof of rights and interests of POS, a mechanism of upgrading consensus of pow; According to the token proportion and time of each node; It can rece the difficulty of mining in equal proportion, so as to speed up the speed of finding random numbers< Advantages: to a certain extent, it shortens the time to reach a consensus
disadvantages: mining is still needed, which does not solve the pain point of commercial application in essence
3. Dpos share authorization certification mechanism is similar to the voting of the board of directors, in which the coin holders cast a certain number of nodes to verify and account on their behalf
advantages: greatly rece the number of participating verification and accounting nodes, which can achieve second level consensus verification
disadvantages: the whole consensus mechanism still depends on token, and many commercial applications do not need token to exist
4. Pool verification pool, which is based on traditional distributed consistency technology and data verification mechanism; It is a consensus mechanism widely used in the instry chain at present.
advantages: it can work without token, and realizes second level consensus verification on the basis of mature distributed consistency algorithms (pasox and raft)
disadvantages: the degree of decentralization is not as good as that of bictin; The multi center business model is more suitable for multi-party participation
it has great advantages in using consensus mechanism to ensure data consistency (the consensus mechanism is first proposed by ripple, and the network transaction synchronization mechanism with data correctness priority. In the consensus network, no matter how the software code changes, if you can't reach a consensus, you can't enter the network, let alone fork)
- - - - - - - -
PS: a little black, although the consensus mechanism can absolutely ensure that there will be no hard bifurcation at any time. However, the disadvantage of this mechanism is obvious, that is, it is much longer than the current bitcoin network to reach a consensus with other nodes. In extreme cases, the consequences of disconnection in ripple consensus mechanism network are also very terrible
it is possible that one day after the power failure in your home, the whole system will no longer be able to reach a consensus with other rippled nodes (in fact, the consensus mechanism requires more than 80% of the nodes to acknowledge your data before your submission will be accepted by other nodes, otherwise it will be rejected by exclusive nodes), Even you can only empty all your 500 GB data and resynchronize to connect to other ripple nodes
so at present, the existing rippled end is not suitable for civil use (if it is commercial, the impact is relatively small. For example, RL's own rippled node is hosted in Amazon cloud data center. If it has no response for a long time, it can make high claims, and there is almost no break in that place except for large disasters). This is one of the aspects RL has always wanted to improve.
from the above, blockchain belongs to software development
maybe you didn't ask clearly!
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring great security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can only attack successfully when they hold more than 51% of the token, which is more difficult than 51% of the computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring great losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contracts, and the other is to follow the principles of smart contract security development
the security development principles of smart contract are: be prepared for possible errors to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
the second is to verify the hash value before software installation to ensure that the digital wallet software has not been tampered with
the third is to use cold wallets
the fourth is to back up the private key.
this problem is actually very simple
your graphics card is OK! But the vertical synchronization of the graphics card is not off, so the FPS is very low. You can turn off the vertical synchronization in the properties of the graphics card
it must be this problem
the properties of the graphics card can be found by right clicking on the desktop, and then properties - Settings - Advanced<
vertical synchronization is off
in the 3D settings of the graphics card
The first step: to register a local company in Australia, you only need to prepare the following information:
1. Provide the information of the director
2. Provide the certificate of no criminal record of the director
3. Provide the name of the Australian company, which ends with pty.ltd. or pty.limited
it takes about two weeks for the registration of the Australian company to be completed, and the next step is to apply for the license
