Blockchain user account password
One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development
the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with The third is to use cold wallet The fourth is to back up the private keyfor example, if you are a woman, every time your boyfriend says something to you or promises to buy something for you, you immediately record it and send it to you and all his friends, classmates, colleagues, as well as various groups and circles of friends, so that he can no longer deny it. This is called blockchain
the core advantage of blockchain technology is decentralization, which can realize point-to-point transaction, coordination and cooperation based on decentralized credit in a distributed system without mutual trust by means of data encryption, time stamp, distributed consensus and economic incentive, so as to solve the high cost, low cost and low cost of centralized institutions Low efficiency and data storage insecurity provide solutions
the application fields of blockchain include digital currency, token, finance, anti-counterfeiting traceability, privacy protection, supply chain, entertainment, etc. with the popularity of blockchain and bitcoin, many related top domain names have been registered, which has a great impact on the domain name instry.
ordinary investors and users can use wallets to achieve what needs
What do you think of when you think of wallet
1. Hot wallet, cold wallet, observation wallet—— Realize the most basic function of a wallet: storage
2. DAPP entry of different public chains—— The entrances of the coin holders to the dapps of the public chains
3. Flash cash, direct trading in the exchange and cash out—— The transaction and Realization of digital assets
4. Pay attention to the market information to understand the currency price
Yes, some blockchain wallets have been implemented. It makes people feel like "a small purse, a big world". The actions that users want to complete in the blockchain world can be basically solved in their wallets
take the tokenpocket wallet that I often use as an example< How to understand hot wallet, cold wallet and observation wallet
Hot Wallet: Online wallet, online wallet. It is convenient to withdraw money. You can also check the wallet assets, balance and transaction records at any time
cold Wallet: it's an offline wallet. Since it's offline and not connected to the Internet, how can I realize it when I need to transfer money or withdraw money? Just watch your wallet
observe Wallet: a wallet that observes the assets of a cold wallet and assists in withdrawing the cold wallet's assets< Second, TP SDK integrates Tron
the latest version of TP SDK now supports Tron, that is to say, when the independent DAPP on the wave field public chain is connected to the tokenpocket SDK, it can realize the operation of Tron authorization login, data signature, token transfer, transaction signature, etc
in this way, the development of Tron independent DAPP is greatly accelerated
Third, asset collection function
we usually have such a phenomenon: everyone has multiple accounts, and these accounts have the same token. If you want to collect the same asset on these different accounts, you need the asset collection function
there is a problem: if the passwords of all your accounts are the same, you can authorize them once. If the passwords are different, you need to authorize each time
note: please do not close or exit the collection interface before the completion of the collection operation to prevent errors
Fourth, experience the colorful DAPP on each public chain
in the TP interface, select the Tron category to enter the Tron DAPP page. Play all kinds of DAPP, or enter other public chains, such as EOS, Jingtong, etc
there are more functions in the wallet, waiting for further exploration.
asymmetric encryption algorithm is a function that converts the original plaintext file or data into a series of unreadable ciphertext codes by using an encryption key. The encryption process is irreversible. Only holding the corresponding decryption key can the encrypted information be decrypted into readable plaintext. Encryption enables private data to be transmitted through the public network under the condition of low risk, and protects the data from being stolen and read by the third party
the core advantage of blockchain technology is decentralization, which can realize point-to-point transaction, coordination and cooperation based on decentralized credit in a distributed system without mutual trust by means of data encryption, time stamp, distributed consensus and economic incentive, so as to solve the high cost and low cost of centralized institutions Low efficiency and data storage insecurity provide solutions
the application fields of blockchain include digital currency, token, finance, anti-counterfeiting traceability, privacy protection, supply chain, entertainment, etc. with the popularity of blockchain and bitcoin, many related top domain names have been registered, which has a great impact on the domain name instry.
jump out of the verification interface, click the return button in the upper left corner, and then upgrade to the latest version to refresh the node. Or uninstall again and restore the account with mnemonics Refresh node] in free communication, the + sign in the upper right corner, "node detection & quot;
As an emerging technology, blockchain has attracted more and more attention. It is a new application of traditional technology in the Internet era, including distributed data storage technology, consensus mechanism and cryptography. With the establishment of various blockchain research alliances, more and more funds and personnel support related research. Hash algorithm, zero knowledge proof, ring signature and other cryptographic algorithms used in blockchain:
hash algorithm
as the basic technology of blockchain, the essence of hash function is to map a set of data of any length (limited) to a set of defined length data stream. If this function satisfies the following conditions:
(1) the calculation of hash value for any group of data is very simple
(2) it is difficult to find two different data with the same hash value
hash functions satisfying the above two properties are also called encrypted hash functions. In case of no contradiction, hash functions usually refer to encrypted hash functions. For the hash function, finding such that is called a collision. The current popular hash functions are MD5, SHA1, Sha2, Sha3
bitcoin uses sha256, and most blockchain systems use sha256 algorithm. So here's sha256< Step 1: additional filling bits. The length of the message is congruent with that of 448 mod512 (length = 448 mod512). The number of bits to be filled ranges from 1 to 512. The highest bit of the filled bit string is 1, and the rest bits are 0
Step2: additional length value. The bit length of the initial message (before filling) represented by 64 bit is appended to the result of step 1 (the low byte takes precedence)
Step3: initialize cache. A 256 bit cache is used to store the intermediate and final results of the hash function
Step 4: process 512 bit (16 word) packet sequence. The algorithm uses six basic logic functions and consists of 64 steps of iterative operation. Each step takes the 256 bit cache value as the input, and then updates the cache content. Each step uses a 32-bit constant KT and a 32-bit wt. Where WT is the packet after the packet, t = 1,2,..., 16
step5: after all 512 bit packets are processed, the output of the last packet of sha256 algorithm is 256 bit packet< In 2001, Rivest, Shamir and TauMan proposed ring signature for the first time. It is a simplified group signature, only ring members have no manager, and it does not need the cooperation between ring members. In the ring signature scheme, the signer first selects a temporary signer set, which includes signers. Then the signer can generate the signature independently by using his private key and the public key of others in the signature set without the help of others. Members of the signer collection may not know that they are included in it
ring signature scheme consists of the following parts:
(1) key generation. A key pair (public key PKI, private key ski) is generated for each member of the ring
(2) signature. The signer uses his private key and the public keys of any n ring members (including himself) to generate the signature a for the message M
(3) signature verification. According to the ring signature and message M, the verifier verifies whether the signature is signed by the member in the ring. If it is valid, it will be received, otherwise it will be discarded
ring signature satisfies the following properties:
(1) unconditional anonymity: the attacker can not determine which member of the ring generated the signature, even if the private key of the ring member is obtained, the probability is not more than 1 / n
(2) Correctness: the signature must be verifiable by all others
(3) unforgeability: other members of the ring can't forge the real signer's signature, and even if an external attacker obtains a valid ring signature, he can't forge a signature for message M
(1) anonymity. The verifier can verify that the signature is signed by a member of the group, but can't know which member it is, so that the signer can be anonymous< (2) traceability. In group signature, the existence of group administrator ensures the traceability of signature. The group administrator can revoke the signature and expose the real signer. The ring signature itself cannot reveal the signer unless the signer wants to expose or add additional information to the signature. A verifiable ring signature scheme is proposed. In this scheme, the real signer wants the verifier to know his identity. At this time, the real signer can confirm his identity by disclosing his secret information< (3) management system. Group signature is managed by group administrator, ring signature does not need to be managed, signer can only select a set of possible signers, obtain its public key, and then publish the set, all members are equalthe Xueshuo innovation blockchain Technology Workstation of Lianqiao ecation online is the only approved "blockchain Technology Specialty" pilot workstation of "smart learning workshop 2020 Xueshuo innovation workstation" launched by the school planning, construction and development center of the Ministry of ecation of China. Based on providing diversified growth paths for students, the professional station promotes the reform of the training mode of the combination of professional degree research, proction, learning and research, and constructs the applied and compound talent training system< br />
unchanged for a certain period of time