Security of digital currency wallet system
Yin Zhentao, deputy director of the law and Finance Research Office of the Financial Research Institute of the Chinese Academy of Social Sciences, said that digital currency faces two risks. The first is the technical level. Digital currency relies on blockchain technology and a system, which will make it suffer from security impact, such as hacker attacks on computer systems. We have seen many practical problems in this process
Zhao Zhanzhan, a special researcher of intellectual property research center of China University of political science and law, believes that digital currency has anonymity, quickness and irrevocability. In addition, bitcoin and other digital currencies have high circulation in the world, so many criminals use digital currency as a new money laundering channel. Moreover, there are many different ways to realize money laundering through digital currency. Generally speaking, the probability of new money laundering being found and investigated is lower than before. Many countries have no effective means and technology to combat money laundering through digital currency. These factors lead to criminals prefer this way of money laundering
digital currency is a kind of unregulated and digital currency, which is usually issued and managed by developers and accepted and used by members of specific virtual communities. The European Banking authority defines virtual currency as a digital representation of value, which is not issued by the central bank or authorities, nor linked with legal currency. However, because it is accepted by the public, it can be used as a means of payment, or it can be transferred, stored or traded in electronic form
according to the notice on preventing the financing risk of token issuance, there is no approved digital currency trading platform in China. According to China's digital currency regulatory framework, investors have the freedom to participate in digital currency transactions at their own risk
warm tips: the above information is for reference only. Before investing, it is recommended that you first understand the risks existing in the project, and understand the investors, investment institutions, chain activity and other information of the project, rather than blindly investing or mistakenly entering the capital market. Investment is risky, so we should be cautious when entering the market
response time: December 11, 2020. Please refer to the official website of Ping An Bank for the latest business changes
[Ping An Bank I know] want to know more? Come and see "Ping An Bank I know" ~
https://b.pingan.com.cn/paim/iknow/index.html
American Stock Research Society points out: different styles of strategies have different requirements for back testing, such as multi factor stock selection or trend strategy. The following points should be noted:
1. Distinguish the data in the sample from the data out of the sample, which is very similar to machine learning. The data in the sample is used for training, and the data out of the sample is used for verification the purpose of this is to avoid the over fitting trap
2. Income distribution: look at the income distribution of all transactions after your back test, and see whether your income source is a few times of large income or a few times of small income if it comes from a large return, your return will fluctuate greatly, and the firm offer will often fail to achieve your effect
3 if you have a parameter that is too sensitive to adjust, it will have a great impact on the revenue, and the situation of your real offer and the simulated offer are also likely to be different
strictly speaking, this kind of strategy avoids some common pitfalls, and it is relatively easy to achieve back testing and real offer
JD quantitative has recently launched some technical indicators of tongdaxin, which are not bad. You can go and have a look, and you should learn a lot< br />
1. Security risk of running environment
the core file of encrypted digital currency Wallet - private key / mnemonics is stored on the terminal device, whether it is PC or mobile terminal, if the terminal device appears unsafe phenomenon, it has a very high security risk for private key / mnemonics
at the beginning of design, a secure digital wallet can avoid the possibility of private key / mnemonics being stolen e to the running environment. The security problems of the running environment on the terminal mainly include virus software, operating system vulnerabilities and hardware vulnerabilities
2. The security risk of network transmission
the security of network transmission is more reflected in the ability to resist man in the middle attack. Man in the middle attack means that the attacker creates independent contact with both ends of the communication and exchanges the data they receive, so that both ends of the communication think that they are talking directly with each other through a private connection, but in fact the whole conversation is completely controlled by the attacker
although most digital wallet applications use the HTTPS protocol to communicate with the server, the man in the middle attack method is to get the content of the HTTPS protocol by installing a digital certificate in the user terminal
a secure digital wallet needs to be able to scan the legality of all the digital certificates in the terminal, check the proxy settings in the network transmission process, and ensure the security of the basic network communication environment
in the development of digital wallet, whether to use two-way verification for communication verification at the network transmission level is also an important criterion to measure the security of a digital wallet application
3. The security risk of file storage mode
for the private key / mnemonics of digital wallet, the storage mode of terminal device also needs to be paid attention to in the security design. The access right of private key / mnemonic file directory, the form of private key / mnemonic file storage and the design of encryption algorithm all need to be strictly designed
when we analyze the security of several mainstream digital wallets, we find that even the well-known digital wallets are random in the storage of private key / mnemonic words. There are both plaintext storage and encrypted storage, but the decryption key is fixed in the code, which can not play any role in security defense
4. The security risk of the application itself
the security risk of the application itself mainly focuses on the security defense of the application installation package itself
whether the application installation package has the ability of anti tampering is a very core technical ability. In addition, memory security, anti debugging ability, life cycle management of private key / mnemonics, security of debugging log and security of development process also need to be enhanced
5. Security risk of data backup
if the mobile application can be backed up, it can use the machine with more powerful computing performance to brutally crack the private key / mnemonics. For example, if android:allowBackup Property is set to allow backup, then the backup mechanism of the system can be used to back up the application data files, and the private key / mnemonics of the encrypted digital currency will be backed up to the external media, which breaks the security boundary design of the operating system from another direction
for the majority of users, the security of digital wallet also means the security of wealth, so we must be careful when choosing digital wallet.
With the advent of digital currency, the encryption algorithm of currency is becoming more and more important. What are the types of passwords
classical cipher types mainly include transposition cipher and rearrangement of alphabetic order messages. For example, "Hello world" becomes "ehlol owrdl"
Diffie Hellman and RSA algorithms have been widely used except for the first public example of high quality public key algorithms. Other asymmetric key algorithms include Cramer schup cryptosystem, ElGamal encryption and various elliptic curve techniquessome well-known cryptosystems include RSA encryption, Schnorr Signature, El Gamal encryption, PGP and so on. More complex password systems include e-cash system, signcryption system, etc. Now more cryptosystems include interactive proof systems, such as zero knowledge proof, which is used for secret sharing
for a long time, information collection and law enforcement agencies have been interested in cryptography. The importance of secret communication is self-evident. Because cryptography promotes privacy protection, it also attracts great interest of cryptography supporters. Therefore, there is a history of controversial legal issues around cryptography, especially since the emergence of cheap computers makes it possible to widely use high-quality cryptography
nowadays, cryptocurrency transactions are semi anonymous, which makes them very suitable for a series of illegal activities, such as money laundering and tax evasion. However, the proponents of cryptocurrency often attach great importance to the anonymity of digital currency and think that it can protect the privacy of users. Some cryptocurrencies are more private than others
Cryptocurrency is a new type of digital asset, which is based on the network distributed on a large number of computers. This decentralized structure enables them to exist outside the control of the government and central authorities. The term "cryptocurrency" also comes from the encryption technology used to protect the networkblockchain is an organization method to ensure the integrity of digital currency transaction data, and it is an important part of many cryptocurrencies. Many experts believe that blockchain and related technologies will subvert many instries, including finance and law. Cryptocurrencies have been criticized for many reasons, including their use for illegal activities, exchange rate fluctuations and the vulnerability of the infrastructure that underpins them. However, digital currency is also praised for its portability, divisibility, anti inflation and transparency