Blockchain bank guarantee

1.

One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future

of course, blockchain developers can also take some measures

one is to use professional code audit services,

the other is to understand the security coding specifications and take preventive measures

the security of cryptographic algorithm

with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks

of course, in addition to changing the algorithm, there is another way to improve the security:

refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked

security of consensus mechanism

the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc

POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)

in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow

in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction

for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene

security of smart contract

smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc

there are two aspects of the proposed measures:

one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development

the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully

security of digital wallet

there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones

there are four main countermeasures:

one is to ensure the randomness of the private key

The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with

The third is to use cold wallet

The fourth is to back up the private key

2. Blockchain itself solves the problem of large-scale cooperation between strangers, that is, strangers can cooperate with each other without mutual trust. So how to ensure the trust between strangers to achieve mutual consensus mechanism? The centralized system uses trusted third-party endorsements, such as banks. In the eyes of the common people, banks are reliable and trustworthy institutions. The common people can trust banks to solve real disputes. But how does a decentralized blockchain guarantee trust
in fact, blockchain uses the basic principles of modern cryptography to ensure its security mechanism. The knowledge system involved in the field of cryptography and security is very complicated. Here, I only introce the basic knowledge of cryptography related to blockchain, including hash algorithm, encryption algorithm, information digest and digital signature, zero knowledge proof, quantum cryptography, etc. Through this lesson, you can learn how to ensure the confidentiality, integrity, authentication and non repudiation of the blockchain using cryptography technology
basic course lesson 7 basic knowledge of blockchain security
1. Hash algorithm (hash algorithm)
hash function (hash), also known as hash function. Hash function: hash (original information) = summary information. Hash function can map any length of binary plaintext string to a shorter (generally fixed length) binary string (hash value)
a good hash algorithm has the following four characteristics:
1. One to one correspondence: the same plaintext input and hash algorithm can always get the same summary information output
2. Input sensitivity: even if the plaintext input changes slightly, the newly generated summary information will change greatly, which is greatly different from the original output
3. Easy to verify: plaintext input and hash algorithm are public, anyone can calculate by themselves, and whether the output hash value is correct
4. Irreversibility: if there is only the output hash value, the hash algorithm can never dece the plaintext
5. Conflict avoidance: it is difficult to find two plaintexts with different contents, but their hash values are the same (collision)
for example:
hash (Zhang San lent Li Si 100000 yuan for 6 months) = 123456789012
such a record as 123456789012 is recorded in the account book
it can be seen that hash function has four functions:
simplify information
it is easy to understand, and the information after hashing becomes shorter
identification information
you can use 123456789012 to identify the original information, and summary information is also called the ID of the original information
hidden information
the account book is a record like 123456789012, and the original information is hidden
verification information
if Li Si cheated that Zhang San only lent Li Si 50000 when repaying, both parties can verify the original information with the hash value of 123456789012 recorded before
hash (Zhang San lent Li Si 50000 for 6 months) = 987654321098
987654321098 is completely different from 123456789012, which proves that Li Si lied, Then the information can't be tampered
common hash algorithms include MD4, MD5 and Sha series algorithms, and Sha series algorithms are basically used in mainstream fields. Sha (secure hash algorithm) is not an algorithm, but a group of hash algorithms. At first, it was SHA-1 series, and now the mainstream applications are sha-224, SHA-256, sha-384 and sha-512 algorithms (commonly known as SHA-2). Recently, Sha-3 related algorithms have been proposed, such as keccak-256 used by Ethereum
MD5 is a very classic hash algorithm, but unfortunately, both it and SHA-1 algorithm have been cracked. It is considered by the instry that its security is not enough to be used in business scenarios. Generally, sha2-256 or more secure algorithm is recommended
hash algorithm is widely used in blockchain. For example, in blocks, the latter block will contain the hash value of the previous block, and the content of the later block + the hash value of the previous block will jointly calculate the hash value of the later block, which ensures the continuity and non tamperability of the chain< Encryption and decryption algorithm is the core technology of cryptography, which can be divided into two basic types: symmetric encryption algorithm and asymmetric encryption algorithm. According to whether the key used in the encryption and decryption process is the same or not, the two modes are suitable for different needs, just forming a complementary relationship, and sometimes can be combined to form a hybrid encryption mechanism
symmetric cryptography (also known as common key cryptography) has the advantages of high computational efficiency and high encryption strength; Its disadvantage is that it needs to share the key in advance, which is easy to leak and lose the key. The common algorithms are des, 3DES, AES and so on
asymmetric cryptography (also known as public key cryptography) is different from the encryption and decryption key, and its advantage is that it does not need to share the key in advance; Its disadvantage is that it has low computational efficiency and can only encrypt short content. Common algorithms include RSA, SM2, ElGamal and elliptic curve series. Symmetric encryption algorithm is suitable for the encryption and decryption process of a large number of data; It can't be used in signature scenario: and it often needs to distribute the key in advance. Asymmetric encryption algorithm is generally suitable for signature scenario or key agreement, but it is not suitable for large amount of data encryption and decryption< Third, information digest and digital signature
as the name suggests, information digest is to hash the information content to obtain a unique digest value to replace the original and complete information content. Information digest is the most important use of hash algorithm. Using the anti-collision feature of hash function, information digest can solve the problem that the content has not been tampered
digital signature is similar to signing on paper contract to confirm contract content and prove identity. Digital signature is based on asymmetric encryption, which can be used to prove the integrity of a digital content and confirm the source (or non repudiation)
we have two requirements for digital signature to make it consistent with our expectation for handwritten signature. First, only you can make your own signature, but anyone who sees it can verify its validity; Second, we want the signature to be only related to a specific file and not support other files. These can be achieved by our asymmetric encryption algorithm above
in practice, we usually sign the hash value of information instead of the information itself, which is determined by the efficiency of asymmetric encryption algorithm. Corresponding to the blockchain, it is to sign the hash pointer. In this way, the front is the whole structure, not just the hash pointer itself< Zero knowledge proof means that the verifier can make the verifier believe that a certain conclusion is correct without providing any additional information to the verifier
zero knowledge proof generally meets three conditions:
1. Completeness: authentic proof can make the verifier successfully verify
2. Soundness: false proof can not make the verifier pass the verification
3. Zero knowledge: if you get proof, you can't get any information other than the proof information from the proof process< With more and more attention paid to the research of quantum computing and quantum communication, quantum cryptography will have a huge impact on the information security of cryptography in the future
the core principle of quantum computing is that qubits can be in multiple coherent superposition states at the same time. Theoretically, a large amount of information can be expressed by a small number of qubits and processed at the same time, which greatly improves the computing speed
in this way, a large number of current encryption algorithms are theoretically unreliable and can be cracked, so the encryption algorithm has to be upgraded, otherwise it will be broken by quantum computing
as we all know, quantum computing is still in the theoretical stage, which is far from large-scale commercial use. However, the new generation of encryption algorithms should consider the possibility of this situation.

3. Certainly not, because blockchain itself has no value, just like bitcoin. Some foreign countries recognize it as currency, but China does not recognize bitcoin. In China, the value of bitcoin is zero. Do you think blockchain can loan.

4. Property mortgage requirements:
our bank accepts commercial housing and commercial housing with clear property rights and strong liquidity as collateral
[warm tips] the following conditions must be met:
① the real estate used for mortgage and the loan agency must be located in the same city, and the personal mortgage house purchase loan does not accept the collateral from other places< (2) the real estate with appraisal present value less than or equal to 100000 yuan will not be accepted as collateral
3. The property right certificate has been completed, the property right is clear, it can be listed and circulated, and the mortgage registration can be handled according to law, and there is no adverse liquidation such as property right dispute
④ it has strong liquidity, good property structure, complete water, electricity, environmental protection, transportation, urban construction, property management and other supporting facilities and services, no disputes and problems, and it is not within the scope of demolition planned by the government< (5) if the mortgage is a commercial house, the age of the house shall not exceed 20 years, and the loan / credit period plus the age of the house shall not exceed 40 years in principle; If the mortgage is a commercial house, the age of the house shall not exceed 20 years, and the loan / credit period plus the age of the house shall not exceed 30 years in principle< In principle, commercial houses that have been idle for more than six months will not be accepted as collateral
for details, please contact the personal loan department of local outlets for consultation and confirmation.

5. 1> If you have more wuxingshi, you can make money by natural synthesis of high-grade wuxingshi (the unit price of grade 6 is between 600-700g, which may be different in different areas), consume less energy, and the demand is stable< br />2> If you don't have a lot of Wuxing stones on hand, the new version of mining is OK for the time being. Zhenshan iron mine and Yutong copper mine are in demand for 80-90 forging and punching skills, as well as ingots for advanced equipment forging and enchanting. The price of each ingot is 700-900g. However, a single 90 mining specialization consumes 40 physical strength and proces 2-4 ingots each time, so it consumes a lot of physical strength. Later mining is certainly not as stable as wuxingshi market
it is suggested to find a guild to mine in zhurongshan regularly, but don't forget to leave some physical strength value to reset the .

6. There are risks. Why is the account unfrozen
do you have any illegal operations
if you don't do anything, how can your account be frozen
can blockchain software bring you excess revenue
is it worth $50000
money will not be lost in vain. The money in your hand is real.

7.

We mainly apply blockchain technology to the field of electronic data distributed storage, including contract storage, e-mail storage, file storage, structured data storage, etc

the specific forms of electronic evidence in judicial practice are becoming more and more diversified, and the frequency and amount of electronic data are increasing significantly. Different types of electronic evidence have different forms of formation, but they are easy to die out, easy to tamper with, and highly dependent on technology. Compared with traditional physical evidence, it is more difficult to determine the authenticity, legitimacy, and relevance of electronic evidence through judicial review

in the whole life cycle of the generation, collection, transmission and storage of electronic data, blockchain technology can be used to protect electronic data, prevent tampering, and leave traces of data operation, so as to provide effective means for relevant institutions to review. Using blockchain technology to preserve electronic evidence, the electronic data that needs to be preserved is recorded in the form of transaction, stamped with time stamp, and recorded in the block, so as to complete the process of data preservation and preservation. In the process of data storage, multiple participant nodes witness together and maintain a distributed ledger, which greatly reces the possibility of data loss, tampering and attack. The combination of blockchain and electronic data storage can rece the cost of electronic data storage, facilitate electronic data collection and evidence identification, and improve the litigation efficiency in the field of judicial storage

8. Blockchain has the characteristics of being unforgivable. It can guarantee the authenticity of the contract. Blockchain technology can also be applied to other fields. The blockchain service platform project initiated by Changsha high tech Zone, which has a SMIC blockchain service platform project, is a blockchain + public service mode, and is recruiting enterprises to join the chain. In the future, relevant enterprise affairs and government affairs can cooperate on the chain. It is also one of the key blockchain projects in Hunan Province.

9.

In recent years, financial fraud, accountant audit failure and other risk events occur from time to time in the capital market, which brings legal risk and reputation risk to commercial banks, and has attracted the attention of the leaders of the State Council

on December 18, the "bank letter blockchain service platform" was officially released, which was launched by China Banking Association and China Institute of certified public accountants to actively implement the document requirements of the notice on further standardizing the work of bank letter and reply letter, study and promote the digital construction of letter, and improve the standardization level of letter business

"we hope that the future bank letter blockchain service platform can play a role in preventing and resolving risks, promote the improvement of letter quality and efficiency, strive to build a demonstration digital platform with high security, strong public welfare, convenience and efficiency, and make e contributions to improving the construction of social credit system and strengthening financial services for the real economy." Liu Fushou, chief lawyer of CIRC, said at the press conference

Pan Guangwei, full-time vice president of China Banking Association, said that in the future, China Banking Association will work with relevant institutions to promote the transformation and upgrading of letter business towards the direction of intensive operation and management, electronic path, standardized business process and refined data governance, improve the quality of accounting information and audit, promote the construction of social credit system and help the high-quality development of banking instry

three core advantages

bank letter and reply are the process in which the certified public accountant, after obtaining the authorization of the audited unit, directly sends the confirmation letter to the banking financial institutions, inquires about the authenticity of the audited unit's bank deposit, bank loan, guarantee, financial management and other information, and the bank inquires, checks the relevant information and provides the reply

According to pan Guangwei, letter confirmation is one of the core proceres of independent audit, which is crucial to identify errors and frauds in financial statements. For the whole financial market, letter work is related to the quality and efficiency of audit work, the quality of accounting information and the authenticity of capital market data, which is very important to prevent financial risks

"the bank letter blockchain service platform adheres to the construction concept of authority, fairness and public welfare, follows the principles of marketization, openness and graalness, and graally promotes the transformation and development of bank letter to the direction of intensification, electronization, standardization and refinement, with three core advantages." Pan Guangwei said

one is platform target location. The platform has changed the offline decentralized letter reply mode to online centralized processing, which can complete the whole process of bank letter application, authorization, sending and reply online, speed up the letter processing efficiency, effectively solve various disadvantages of traditional paper letter mode, rece the degree of manual intervention of accounting firms, banks, audited units and other related parties, and enhance risk control, Rece the risk of data error and fraud

Second, in terms of platform security. The platform only retains the information of the letter transmission process, not the letter data information, and pays attention to the information isolation and confidentiality, so as to ensure the data security of banks and offices. The platform has a financial level security protection environment, which can realize 7 * 24-hour system safe operation

The third is the platform technical support. The platform chooses "ICBC Xi chain" as the underlying blockchain technology. ICBC Xi chain not only has significant technical advantages, but also has completely independent intellectual property rights. It has passed the authoritative certification of trusted blockchain of MIIT, and has many mature application projects

100 banks have applied for access

at the press conference, pan Guangwei also said that after confirming that the bank letter platform takes blockchain as the underlying technology, the working group has carried out on-site communication with a number of technology companies with blockchain technology and scene application one by one. After experts' evaluation, the blockchain technology is selected to be independent and controllable, safe and reliable, and the business connection and scene application are improved ICBC technology, which has more advantages in later operation and maintenance, is the project contractor

it is understood that as the underlying blockchain technology, "ICBC Xi chain" participated in the trusted blockchain evaluation of China Academy of information technology in 2019 and 2020, and passed five technical evaluations of function, baas, performance, security and password with 100% passing rate. It is the first blockchain proct in the financial instry to be certified by an official authoritative evaluation institution

"with the strong support of instrial and Commercial Bank of China and instrial and Commercial Bank of China technology, the system development work was officially completed on October 26, and joint debugging and testing work was being carried out with a number of banks and accounting firms. At present, 100 banks and dozens of accounting firms have clearly signed up to apply for access to the platform. We will actively connect with banks and accounting firms to be connected to the platform, and provide solutions and training according to the needs of all parties. " Pan Guangwei said

Zhang Wenwu, vice president of ICBC, said at the press conference that ICBC has always paid attention to the quality of bank letter work, and ICBC technology company has further innovated and improved on the basis of ICBC's original letter e-letter, spared no effort in platform construction, and realized the platform's proction and online on schele“ The signing of the cooperation agreement will be taken as an opportunity for the first batch of banks to actively cooperate with the construction of the platform, promote the interconnection between e-letter and the platform, and fully support the use of the platform through the practice of centralized letter and certificate at the bank end. "

At the press conference, Liu Fushou also said that it is necessary to promote the construction of the letter certification platform in a safe and orderly manner, adhere to the principle of safety, prudence and risk control, adhere to the principle of pilot first and steady progress, and adhere to dynamic adjustment and continuous improvement

10. Solve the problem with blockchain Technology