Ethereum blockchain security

1.

what is Ethereum:

Ethereum is an innovation based on the application of technologies and concepts in bitcoin to computers. Ethereum itself imitates a lot of bitcoin technology to maintain the computer platform. blockchain technology is one of them
Ethereum platform can safely run any program users want

advantages of Ethereum over other competitive currencies before Ethereum appeared, some digital currencies imitated bitcoin. However, these projects have their own shortcomings, they can only support one or several specific applications at the same time< However, the reason why Ethereum can surpass the limitations of these projects in the past is because of the core idea of Ethereum

what Ethereum wants to implement is a blockchain protocol with built-in programming language. Since it supports programming language, in theory, any blockchain application can be defined with this language, and then run on Ethereum's blockchain protocol as an application

The design of Ethereum is very flexible and adaptable

Ethereum target sets the advantages of blockchain technology, in order to add the advantages of blockchain, such as decentralization, openness and security, to almost all computing fields

blockchain applications of Ethereum

Ethereum has many blockchain applications, such as digital applications of gold and stocks, financial derivatives applications, DNS and digital authentication, etc

Ethereum has achieved more than 100 blockchain applications by many start-ups

Ethereum has also been closely watched by some financial institutions, banking consortia (such as R3), as well as large companies like Samsung, Deloitte, RWE and IBM. As a result, a number of blockchain applications such as simplified and automated financial transactions, merchant loyalty index tracking, and gift cards designed to achieve decentralization of electronic transactions have emerged

the relationship between Ethereum and blockchain:

Ethereum is a programmable blockchain

Ethereum does not give users a series of preset operations (such as bitcoin transaction), but allows users to create complex operations according to their own wishes

in this way, Ethereum can be used as a platform for various types of decentralized blockchain applications, including but not limited to cryptocurrency

like other blockchains, Ethereum also has a peer-to-peer network protocol. Ethereum blockchain database is maintained and updated by many nodes connected to the network. Each network node runs the Ethereum simulator and executes the same instructions. Therefore, people sometimes call Ethereum "world computer"

2. Ethereum blockchain has exposed three major problems, and its founder vitalik buterin has been unable to interpret them for a long time. The first is the low performance and TPS of Ethereum blockchain as a whole; The second is that resources are not isolated. The event of cryptokitties virtual cat once occupied 20% of the traffic of the whole Ethereum, which directly caused Ethereum network users unable to carry out timely transactions, which is the biggest pain point of resources not isolated; The third problem lies in the embodiment of Ethereum's governance structure. As a decentralized distributed ledger, the founder team of Ethereum has dominated its network development in the past. The over centralized governance mode has led to the bifurcation of eth, etc and ETF in Ethereum, and the Ethereum community is now in a state of fragmented governance. In the view of Ma Haobo, founder and CEO of "aelf", all kinds of disadvantages of Ethereum are unacceptable. Therefore, the positioning of "aelf" is born for the next generation of decentralized underlying computing platform of Ethereum, which focuses on solving the problems of insufficient performance, non isolation of resources and governance structure of Ethereum.

3.

One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future

of course, blockchain developers can also take some measures

one is to use professional code audit services,

the other is to understand the security coding specifications and take preventive measures

the security of cryptographic algorithm

with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks

of course, in addition to changing the algorithm, there is another way to improve the security:

refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked

security of consensus mechanism

the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc

POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)

in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow

in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction

for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene

security of smart contract

smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc

there are two aspects of the proposed measures:

one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development

the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully

security of digital wallet

there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones

there are four main countermeasures:

one is to ensure the randomness of the private key

The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with

The third is to use cold wallet

The fourth is to back up the private key

4. Blockchain itself solves the problem of large-scale cooperation between strangers, that is, strangers can cooperate with each other without mutual trust. So how to ensure the trust between strangers to achieve mutual consensus mechanism? The centralized system uses trusted third-party endorsements, such as banks. In the eyes of the common people, banks are reliable and trustworthy institutions. The common people can trust banks to solve real disputes. But how does a decentralized blockchain guarantee trust
in fact, blockchain uses the basic principles of modern cryptography to ensure its security mechanism. The knowledge system involved in the field of cryptography and security is very complicated. Here, I only introce the basic knowledge of cryptography related to blockchain, including hash algorithm, encryption algorithm, information digest and digital signature, zero knowledge proof, quantum cryptography, etc. Through this lesson, you can learn how to ensure the confidentiality, integrity, authentication and non repudiation of the blockchain using cryptography technology
basic course lesson 7 basic knowledge of blockchain security
1. Hash algorithm (hash algorithm)
hash function (hash), also known as hash function. Hash function: hash (original information) = summary information. Hash function can map any length of binary plaintext string to a shorter (generally fixed length) binary string (hash value)
a good hash algorithm has the following four characteristics:
1. One to one correspondence: the same plaintext input and hash algorithm can always get the same summary information output
2. Input sensitivity: even if the plaintext input changes slightly, the newly generated summary information will change greatly, which is greatly different from the original output
3. Easy to verify: plaintext input and hash algorithm are public, anyone can calculate by themselves, and whether the output hash value is correct
4. Irreversibility: if there is only the output hash value, the hash algorithm can never dece the plaintext
5. Conflict avoidance: it is difficult to find two plaintexts with different contents, but their hash values are the same (collision)
for example:
hash (Zhang San lent Li Si 100000 yuan for 6 months) = 123456789012
such a record as 123456789012 is recorded in the account book
it can be seen that hash function has four functions:
simplify information
it is easy to understand, and the information after hashing becomes shorter
identification information
you can use 123456789012 to identify the original information, and summary information is also called the ID of the original information
hidden information
the account book is a record like 123456789012, and the original information is hidden
verification information
if Li Si cheated that Zhang San only lent Li Si 50000 when repaying, both parties can verify the original information with the hash value of 123456789012 recorded before
hash (Zhang San lent Li Si 50000 for 6 months) = 987654321098
987654321098 is completely different from 123456789012, which proves that Li Si lied, Then the information can't be tampered
common hash algorithms include MD4, MD5 and Sha series algorithms, and Sha series algorithms are basically used in mainstream fields. Sha (secure hash algorithm) is not an algorithm, but a group of hash algorithms. At first, it was SHA-1 series, and now the mainstream applications are sha-224, SHA-256, sha-384 and sha-512 algorithms (commonly known as SHA-2). Recently, Sha-3 related algorithms have been proposed, such as keccak-256 used by Ethereum
MD5 is a very classic hash algorithm, but unfortunately, both it and SHA-1 algorithm have been cracked. It is considered by the instry that its security is not enough to be used in business scenarios. Generally, sha2-256 or more secure algorithm is recommended
hash algorithm is widely used in blockchain. For example, in blocks, the latter block will contain the hash value of the previous block, and the content of the later block + the hash value of the previous block will jointly calculate the hash value of the later block, which ensures the continuity and non tamperability of the chain< Encryption and decryption algorithm is the core technology of cryptography, which can be divided into two basic types: symmetric encryption algorithm and asymmetric encryption algorithm. According to whether the key used in the encryption and decryption process is the same or not, the two modes are suitable for different needs, just forming a complementary relationship, and sometimes can be combined to form a hybrid encryption mechanism
symmetric cryptography (also known as common key cryptography) has the advantages of high computational efficiency and high encryption strength; Its disadvantage is that it needs to share the key in advance, which is easy to leak and lose the key. The common algorithms are des, 3DES, AES and so on
asymmetric cryptography (also known as public key cryptography) is different from the encryption and decryption key, and its advantage is that it does not need to share the key in advance; Its disadvantage is that it has low computational efficiency and can only encrypt short content. Common algorithms include RSA, SM2, ElGamal and elliptic curve series. Symmetric encryption algorithm is suitable for the encryption and decryption process of a large number of data; It can't be used in signature scenario: and it often needs to distribute the key in advance. Asymmetric encryption algorithm is generally suitable for signature scenario or key agreement, but it is not suitable for large amount of data encryption and decryption< Third, information digest and digital signature
as the name suggests, information digest is to hash the information content to obtain a unique digest value to replace the original and complete information content. Information digest is the most important use of hash algorithm. Using the anti-collision feature of hash function, information digest can solve the problem that the content has not been tampered
digital signature is similar to signing on paper contract to confirm contract content and prove identity. Digital signature is based on asymmetric encryption, which can be used to prove the integrity of a digital content and confirm the source (or non repudiation)
we have two requirements for digital signature to make it consistent with our expectation for handwritten signature. First, only you can make your own signature, but anyone who sees it can verify its validity; Second, we want the signature to be only related to a specific file and not support other files. These can be achieved by our asymmetric encryption algorithm above
in practice, we usually sign the hash value of information instead of the information itself, which is determined by the efficiency of asymmetric encryption algorithm. Corresponding to the blockchain, it is to sign the hash pointer. In this way, the front is the whole structure, not just the hash pointer itself< Zero knowledge proof means that the verifier can make the verifier believe that a certain conclusion is correct without providing any additional information to the verifier
zero knowledge proof generally meets three conditions:
1. Completeness: authentic proof can make the verifier successfully verify
2. Soundness: false proof can not make the verifier pass the verification
3. Zero knowledge: if you get proof, you can't get any information other than the proof information from the proof process< With more and more attention paid to the research of quantum computing and quantum communication, quantum cryptography will have a huge impact on the information security of cryptography in the future
the core principle of quantum computing is that qubits can be in multiple coherent superposition states at the same time. Theoretically, a large amount of information can be expressed by a small number of qubits and processed at the same time, which greatly improves the computing speed
in this way, a large number of current encryption algorithms are theoretically unreliable and can be cracked, so the encryption algorithm has to be upgraded, otherwise it will be broken by quantum computing
as we all know, quantum computing is still in the theoretical stage, which is far from large-scale commercial use. However, the new generation of encryption algorithms should consider the possibility of this situation.

5. Here we need to mention that the basic system structure of blockchain includes the following
① network routing ② cryptographic algorithm ③ script system ③ consensus mechanism
the security problem of blockchain is mainly the script system completed by script system, which is an abstract concept and an extremely important function in blockchain technology, The reason why a valuable network can be formed depends on the script system, which is driven like an engine and continuously sends and receives data. The so-called script refers to the program of some systems in the rule reconfirmation system, and the rules are fixed. For example, in the bitcoin system, only bitcoin can be sent and received, The system allows users to edit the program rules by themselves, and then they can deploy them to the blockchain ledger. In this way, the functions of the whole blockchain system can be expanded. For example, Ethereum realizes the function of smart contract through this set of custom script system, Then specific scenario applications or real life cases, such as order logistics information and supply chain information.

6. One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring great security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can only attack successfully when they hold more than 51% of the token, which is more difficult than 51% of the computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring great losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contracts, and the other is to follow the principles of smart contract security development
the security development principles of smart contract are: be prepared for possible errors to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
the second is to verify the hash value before software installation to ensure that the digital wallet software has not been tampered with
the third is to use cold wallets
the fourth is to back up the private key.

7. There are patches
this problem is actually very simple
your graphics card is OK! But the vertical synchronization of the graphics card is not off, so the FPS is very low. You can turn off the vertical synchronization in the properties of the graphics card
it must be this problem
the properties of the graphics card can be found by right clicking on the desktop, and then properties - Settings - Advanced<

vertical synchronization is off
in the 3D settings of the graphics card

8. You have a wrong understanding of some basic definitions of futures.
stock index futures can be short. Futures can be bought before selling, or sold before buying.
when you think that the price of CSI 300 index futures will fall, you can sell first, wait for the market to fall, and then buy and close out, The specific trading process is as follows:
Future bullish (buy up) = buy open --- sell close
Future bearish (buy down) = sell open --- buy close
if you are not clear, please contact me

9. Security risks include three points:
loss of private key
error implementation
the protocol was attacked
at this stage, it can only be prevented, and it is unrealistic to completely solve it. After all, blockchain is just a newborn baby. Bitcoin and Ethereum are often attacked. Recently, decent, a relatively active blockchain content publishing platform, will encounter the same technical problems.

10. Ethereum is also a proct of blockchain 2.0, which is an open intelligent contract complete solution. Bitcoin is the most important application of blockchain 1.0, which completes currency and payment transactions well. But when we need to record and transfer more complex asset types, we need the third step - a more powerful scripting system - to finally achieve Turing completeness (the ability to run any currency, protocol or blockchain). Ethereum is a blockchain based project, which aims to provide a Turing complete scripting language and Turing complete platform

blockchain 1.0 mainly refers to bitcoin. Blockchain 2.0 extends to all assets, while blockchain 3.0 goes beyond currency, finance, even commerce, and all areas of our lives, including politics, social relations, ecation, medical care, etc. According to the prediction and conception of people in the instry, the era of blockchain 3.0 will be realized in the next five years. At that time, blockchain will be recognized and accepted by all the public like the Internet, thus completely subverting our lives

McKinsey has submitted a technical report on blockchain to the Federal Insurance Advisory Committee of the United States. The report calls 2009-2016 the "Dark Age" and believes that all blockchain solutions ring this period are based on bitcoin, and the new era of blockchain will begin in 2016. At that time, the application of blockchain will become unprecedented. Applying an original sentence in McKinsey report: Based on the current development speed of blockchain, we believe that blockchain solutions may realize their full potential in the next five years.