Blockchain secure storage

1.

One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future

of course, blockchain developers can also take some measures

one is to use professional code audit services,

the other is to understand the security coding specifications and take preventive measures

the security of cryptographic algorithm

with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks

of course, in addition to changing the algorithm, there is another way to improve the security:

refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked

security of consensus mechanism

the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc

POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)

in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow

in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction

for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene

security of smart contract

smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc

there are two aspects of the proposed measures:

one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development

the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully

security of digital wallet

there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones

there are four main countermeasures:

one is to ensure the randomness of the private key

The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with

The third is to use cold wallet

The fourth is to back up the private key

2. const SHA256 = require(crypto-js/SHA256);< br />class Block{
constructor(index,timestamp,data,previousHash='&# 39;)< br />{
this.index=index;< br />this.timestamp=timestamp;< br />this.data=data;< br />this.previousHash=previousHash;< br />$this.hash=this.calculateHash();< br />}

calculateHash(){
return SHA256(this,index+this.previousHash+this.timestamp+JSON.stringify(this.data)).tostring();< br />}
}
class Blockchain{
constructor(){
this.chain=[this.createGenesisBlock()];<
}
/ / create a generated information block
creategenesis block() {
return new block (0, & quot; 01/01/2019",& quot; Genesis block", 0);
/ / the date is the user's data. In fact, it is the hash value obtained by adding several values together. Here, the information is encrypted and the picture is encrypted. Then the data is still stored in the database, but all the data are hash values. To get this data, you must know the hash value of the previous data block. Then, if the hacker needs to crack all the nodes, the hash value is decrypted, Then all the blocks from the first node to the last node can be decrypted to get the real data. So the security of data stored in the blockchain depends on whether the data is encrypted. If the plaintext is not encrypted, then it is not a blockchain
}
/ / get the last block
getlatesblock() {
return this.chain [this.chain. Length-1]
}
/ / create block
addblock (newblock) {
newblock. Previoushash = this. Getlatesblock(). Hash< br />newBlock.hash=newBlock.calculateHash();< br />this.chain.push(newBlock);< br />}
}

3. When it comes to the nature of blockchain, several key words are familiar. For example, decentralization, distrust, consensus mechanism, asymmetric encryption, distributed accounting, tamper proof, absolute transparency, openness and so on. At the same time, some teaching posts also list the structure of blockchain, such as data layer, network layer, consensus layer, incentive layer, contract layer and application layer
however, it's easy for people with an eye to see why there is no security layer? In fact, several key features of blockchain have already solved the security problem. First, the blockchain uses asymmetric encryption technology. In fact, encryption and decryption are different keys, namely public key and private key. In short, the public key is open to the public, while the private key is absolutely confidential
secondly, distributed bookkeeping is a way for blockchain to store data. It can also be understood as distributed storage, which is consistent with the concept of decentralization. In the form of ledger, there is no central ledger in the network, and the ledger is stored in each node. Each node is not only independent, but also can act as the central node. Therefore, the central node will not be attacked, leading to the loss of core books or data, and the whole network will not be paralyzed
moreover, tamper proof is the basic feature of blockchain. As long as the chain can not be modified, and can not be deleted. If it needs to be changed, based on the principle of transparency and openness, the whole network and all nodes need to be informed. Therefore, under the democratic mechanism, the possibility of tampering with data at will is very low. Therefore, blockchain technology is applied in various instries, such as finance, payment, traceability, games, etc., such as the network "universe", Tencent's "come together to catch the demon", and Zhongan Huanyu blockchain "Dr dragon hunt" are the safe and high-quality procts under the blockchain technology.

4. In view of the security characteristics and shortcomings of the existing blockchain technology, we need to build a security system around the physical, data, application system, encryption, risk control and other aspects to improve the security performance of the blockchain system as a whole
1. Physical security
the network and host running the blockchain system should be in a protected environment. According to the regulatory requirements of specific business, the protection measures can be used to protect the physical network and host by means of VPN, firewall, physical isolation, etc
2. Data security
in principle, the data exchange between nodes of the blockchain should not be transmitted in clear text. For example, asymmetric encryption can be used to negotiate key, and symmetric encryption algorithm can be used to encrypt and decrypt data. The data provider should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures
3. Application system security
application system security needs to start from the aspects of identity authentication, authority system, transaction rules, anti fraud strategy, etc.
relevant personnel, transaction nodes and transaction data involved in application operation should be controlled in advance and auditable afterwards. Taking financial blockchain as an example, consensus algorithm with stronger fault tolerance, anti fraud and higher performance can be adopted to avoid joint fraud of some nodes
4. Key security
to encrypt the communication data between the blockchain nodes and the key to encrypt the data stored on the blockchain nodes, the plaintext should not exist on the same node, and the private key should be properly saved by the encryption machine. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account control, communication encryption, data storage encryption, etc., and implement response measures to make the original key invalid. The key should also be managed strictly in the life cycle, and should not be permanently valid. It needs to be replaced after reaching a certain time cycle
5. Risk control mechanism
there should be careful detection measures for the network layer, host operation, data access of application system, transaction frequency and other dimensions of the system. For any suspicious operation, alarm, record and verification should be carried out. If illegal operation is found, loss assessment should be carried out, remedial measures should be taken at the technical and business levels, and security measures should be strengthened, And trace the source of illegal operation to prevent further attacks

Article source: white paper on blockchain technology and application development in China

5. The relationship between blockchain and big data storage is as follows:
first, data security: blockchain makes data flow "at ease"
with its trustworthiness, security and non tamperability, blockchain liberates more data. A typical case is used to illustrate how blockchain promotes the generation of big data for gene sequencing. Blockchain sequencing can use the private key to limit access rights, so as to avoid the legal restrictions on indivial access to gene data, and use distributed computing resources to complete the sequencing service at low cost. The security of blockchain makes sequencing an instrialized solution, realizing global scale sequencing, thus promoting the massive growth of data< Second, data open sharing: blockchain guarantees data privacy
the government has a large number of high-density and high-value data, such as medical data, population data, etc. The opening of government data is the general trend, which will have an inestimable impetus to the development of the whole economy and society. However, the main difficulty and challenge of data opening is how to open data while protecting personal privacy. Data desensitization technology based on blockchain can ensure data privacy and provide a solution for data opening under privacy protection. Data desensitization technology mainly uses hash processing and other encryption algorithms. For example, enigma based on blockchain technology can protect the privacy of data and eliminate information security problems in data sharing by computing data without accessing the original data. For example, employees of a company can safely open the path to access their salary information and jointly calculate the average salary within the group. Each participant can know his or her relative position in the group, but he or she knows nothing about the salaries of other members< The schematic diagram of data hash desensitization processing
3. Data storage: blockchain is a kind of database storage technology that can not be tampered with, full history, strong endorsement
blockchain technology, through all nodes in the network participate in the calculation together, and verify the authenticity of their information to achieve the consensus of the whole network, it can be said that blockchain technology is a specific database technology. So far, our big data is still in a very basic stage. The data based on the consensus of the whole network and the reliable blockchain data are tamperable and historical, which makes the quality of the data gain unprecedented strong trust endorsement, and also makes the development of the database enter a new era< Data analysis: blockchain ensures data security
data analysis is the core of realizing data value. In data analysis, how to effectively protect personal privacy and prevent core data leakage has become the primary consideration. For example, with the application of fingerprint data analysis and the popularization of genetic data detection and analysis, more and more people worry that once personal health data is leaked, it may lead to serious consequences. Blockchain technology can prevent this kind of situation through multi signature private key, encryption technology and secure multi-party computing technology. When the data is hashed and placed on the blockchain, the use of digital signature technology can enable those authorized people to access the data. The private key not only ensures the privacy of data, but also can be shared with authorized research institutions. The data is stored on the decentralized blockchain and analyzed without accessing the original data. It can not only protect the privacy of the data, but also provide it to the global scientific research institutions and doctors for sharing. As the basic health database of all mankind, it will bring great convenience to solve the sudden and difficult diseases in the future
v. data circulation: blockchain protects the rights and interests related to data
for valuable data assets of indivials or institutions, blockchain can be used to register them. Transaction records are recognized, transparent and traceable throughout the network, making clear the source, ownership, use right and circulation path of big data assets, which is of great value to data asset transaction
on the one hand, blockchain can break the threat of intermediary ing data, which is concive to the establishment of a trusted data asset trading environment. Data is a very special commodity, which is essentially different from ordinary commodities. It is mainly characterized by unclear ownership and "being owned after seeing and ing", which also determines that the traditional commodity intermediary transaction method can not meet the needs of data sharing, exchange and transaction. Because the intermediary center has the conditions and the ability to and save all the flowing data, it is extremely unfair to the data procers. This threat can not be eliminated only by commitment, and the existence of this threat has become a huge obstacle to the flow of data. Based on the decentralized blockchain, it can break the threat of ing data in the intermediary center and protect the legitimate rights and interests of data owners
on the other hand, blockchain provides a traceable path, which can effectively solve the problem of data right confirmation. Through multiple nodes participating in the calculation in the network, blockchain can participate in the calculation and recording of data together, and verify the effectiveness of their information. It can not only carry out information anti-counterfeiting, but also provide a traceable path. The transaction information of each block is strung together to form a complete detailed list of transactions. The context of each transaction is very clear and transparent. In addition, when people have doubts about the "value" of a block, they can easily trace back the historical transaction records, and then judge whether the value is correct, and identify whether the value has been tampered or recorded incorrectly
with the protection of blockchain, big data will naturally become more active
the tokens of crowdfunding projects on coin Ying China platform are all developed based on blockchain technology, and relevant information will be recorded on the blockchain.

6. One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring great security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can only attack successfully when they hold more than 51% of the token, which is more difficult than 51% of the computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring great losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contracts, and the other is to follow the principles of smart contract security development
the security development principles of smart contract are: be prepared for possible errors to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
the second is to verify the hash value before software installation to ensure that the digital wallet software has not been tampered with
the third is to use cold wallets
the fourth is to back up the private key.

7. There are patches
this problem is actually very simple
your graphics card is OK! But the vertical synchronization of the graphics card is not off, so the FPS is very low. You can turn off the vertical synchronization in the properties of the graphics card
it must be this problem
the properties of the graphics card can be found by right clicking on the desktop, and then properties - Settings - Advanced<

vertical synchronization is off
in the 3D settings of the graphics card

8. This scoring trading platform has servers, wallets,
blockchain,
and the price is not expensive. Hundreds or thousands of yuan are OK

9. It can be said that it is very unsafe. The technology related to blockchain wallet has lost its original technical meaning in China. Now it has been reced to a means of money. Therefore, we must be very vigilant in this aspect. Anyway, I personally don't believe it.