Security of Ethereum Wallet
There is an essential difference between Ethereum and bitcoin. What is the difference? Bitcoin defines a set of currency system, while Ethereum focuses on building a main chain (which can be understood as a road) to allow a large number of blockchain applications to run on this road
from this point of view, Ethereum's application scenarios are more extensive, which is why we say that Ethereum marks a simple monetary system in the era of blockchain
1.0, and a transformation to other instries and application scenarios in the era of blockchain 2.0
however, there is no perfect thing in the world. Although Ethereum has expanded the application scope of blockchain in all walks of life and improved the speed of transaction processing, it also has some disputes and doubts
first, the solution to the lack of scalability of Ethereum: slicing technology and lightning network
the bottom design of Ethereum, the biggest problem is that Ethereum has only one chain and no side chain, which means that all programs have to run on this chain equally, consuming resources and causing system congestion. Just like last year's very popular Ethereum game "encryption cat", when this game was very popular, it once caused Ethereum network paralysis
to improve the processing capacity, Ethereum proposes two ways: shard and lightning network. Let's introce these two technologies respectively
(1) fragmentation technology
vitalik buterin, founder of Ethereum, believes that the reason why mainstream blockchain networks such as bitcoin process transactions very slowly is that every miner has to process every transaction in the whole network, which is actually very inefficient. The idea of fragmentation technology is: a transaction does not need to be processed by all nodes in the whole network, as long as some nodes (miners) in the network are allowed to process it. Therefore, Ethereum network is divided into many pieces. At the same time, each piece can handle different transactions. In this way, the network performance will be greatly improved
however, the slicing technology is also controversial. As we all know, the important idea of blockchain technology is decentralization. Only when the whole network witnesses (processes) the same transaction can it have the highest authority. The Ethereum slicing technology is similar to the group witness, not all nodes witness together. In this way, it will lose the absolute "decentralization" attribute, and can only achieve the purpose of high performance by sacrificing certain characteristics of decentralization
(2) lightning network
lightning network uses the way of transaction under the chain. What does that mean? It means: when the participants of lightning network transfer money to each other, they do not need to confirm the transaction through the main chain of Ethereum, but create a payment channel between the participants and complete it under the chain
however, lightning network is not separated from the main chain. Before establishing a payment channel, you need to use the assets on the main chain as collateral to generate a balance proof, which indicates that you can transfer the corresponding balance. In the case that both parties of the transaction hold the balance certificate, both parties can make unlimited number of transfers under the chain through the payment channel
only when the off chain transaction is completed and the assets need to be transferred back to the chain, the balance change information of the main chain account will be registered on the Ethereum main chain, and no matter how many transactions occur ring this period, there will be no record on the main chain
another real benefit of lightning network is that it can save the cost of miners for you. At present, when we trade on the main chain of Ethereum, we need to consume gas and pay for miners. Once we move the transaction to the lower chain, we can save this part of the cost
Of course, lightning network is not perfect. When using the lightning network, the assets on the main chain should be used as collateral; And this part of assets as collateral can not be used before the user completes the transaction under the chain. This also determines that lightning trading is only suitable for small transactionsthe above is the problem of insufficient scalability of Ethereum, as well as the two main solutions: fragmentation technology and lightning network
Second, there are loopholes in Ethereum's smart contract and the infamous Dao event
Ethereum's smart contract is very powerful, but there are loopholes in any code. The biggest controversy of Ethereum's smart contract lies in the so-called loopholes, that is, security issues. According to relevant research, 34200 (about 3%) of the nearly 1 million smart contracts based on Ethereum contain security vulnerabilities, which will allow hackers to steal eth, freeze assets or delete contracts, such as the infamous Dao incident
(1) what does Dao meanbefore introcing the Dao event, let's first introce what Dao is. Dao is the abbreviation of decentralized
autonomous organization, which can be understood as decentralized autonomous organization. From the perspective of Ethereum, Dao is a kind of contract or a combination of contracts on the blockchain, which is used to replace the government's review and complex intermediate proceres, so as to achieve an efficient and decentralized trust system. Therefore, Dao is not a specific organization, that is to say, there can be many Dao, all kinds of Dao
(2) the infamous Dao event
however, when we talk about Dao now, we basically refer to the Dao event, that is, the infamous hacker attack event we just mentioned. As we know, the English word "the" refers to "the Dao event". The Dao event
refers to "the Dao event", because we just said that Dao is not a specific organization, there can be many Dao, all kinds of Dao
in 2016, slock.it, a German company focusing on "smart locks", launched the Dao project on Ethereum in order to realize decentralized physical exchange (such as apartments and ships). Since April 30, 2016, the financing window has been open for 28 days
unexpectedly, this Dao project is very popular. It raised more than US $100 million in just half a month. By the end of the whole financing period, it raised a total of US $150 million. Therefore, it has become the largest crowdfunding project in history. However, it didn't last long. In June, hackers took advantage of the loopholes in the smart contract to successfully transfer more than 3.6 million Ethernet coins and put them into a Dao sub organization, which has the same structure as the Dao. At that time, the price of Ethernet currency fell directly from more than $20 to less than $13
this event shows that there are loopholes in smart contracts, and once the loopholes are exploited by hackers, the consequences will be very serious. This is why many people criticize Ethereum and say that its smart contract is not smart
to solve this problem, many foreign companies begin to provide code audit services in order to solve the vulnerability problem of smart contract. From a technical point of view, some teams are currently testing smart contracts. Most of these teams are led by professors from Harvard, Stanford and Yale, and some of them have obtained investment from leading institutions
in addition to the problems of insufficient expansibility and loopholes in smart contracts, the controversy over Ethereum lies in the POS consensus mechanism it pursues, that is, the proof of equity mechanism. Under the proof of equity mechanism, if anyone holds more money and holds it for a longer time, he will get more "rights" (interests) and have the opportunity to get bookkeeping power, Bookkeeping can also be rewarded. In this way, it is easy to create the oligarchic advantage of "the stronger the stronger"
Another problem is the chaos of ICO. ICO is a common way to raise funds for blockchain projects, which we can understand as pre-sale. The outbreak of ICO projects on Ethereum has caused illegal activities such as fund allocation and money fraud under the banner of ICO, which has caused security risks to social and financial stabilityOne of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development
the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with The third is to use cold wallet The fourth is to back up the private keyledger wallet is a hardware wallet with general ease of use and high security
ledger, a manufacturer of bitcoin hardware wallet, is one of the leading companies in the field of digital currency security, which can provide reliable hardware for consumers and enterprises. Ledger is a bitcoin hardware wallet based on smart card, which provides the highest level of protection with advanced technology, as well as usability and controllability. Ledger hardware wallet is a multi-functional wallet. It is a hardware device that can store private key safely. When viewing wallet and sending transaction, hardware wallet needs to cooperate with software wallet to use. At the same time, it supports secure storage of bitcoin, Ethereum and platform token, zcash, etc. Its project is already open source on GitHub. Based on its hardware devices, you can use either the software wallet developed by ledger or the software wallet developed by other teams, that is, you can use ledger with Ethereum web wallet myetherwallet or parity wallet
2. Trezor
trezor is easy to use and safe, so it belongs to hardware wallet
trezor is a high-tech data encryption memory. The proct is proced in Czech Republic. This brand is recognized in the instry as the earliest, most cautious and most secure encrypted memory, and has been verified by global digital currency players as a reliable brand with excellent company record and rich software support. Trezor's security model is based on the principle of zero trust. The principle of zero trust is a security system that assumes that any part of it may be attacked successfully
3. Opendime
opendime is a hardware wallet with general usability and high security
opendime, a manufacturer of bitcoin hardware wallets, is one of the "leading technology" companies in the field of digital currency security. It is affiliated to coinkite, a bitcoin enterprise in Canada, which provides services for bitcoin and lightcoin wallets, as well as payment terminals. Legal currencies supported include US dollar, RMB, euro, Canadian dollar, British pound, Polish zloty, Russian ruble, Australian dollar, Japanese yen, Brazilian currency, Swedish krona, etc. Opendime is a hardware wallet, its private key is generated inside the device, and will not be known by anyone, not even you! Opendime multilingual user interface: Chinese, Japanese, English, Portuguese, French, German, French bring convenience to you
4. Kushen wallet
Kushen wallet is easy to use and safe, and belongs to mobile phone and hardware wallet
the English name of Kushen wallet is coldlar. Kushen wallet belongs to Beijing Kushen Information Technology Co., Ltd. It is a technology company focusing on providing secure storage solutions for encrypted assets. Kushen company is deeply engaged in blockchain security technology, providing various forms of personal wallet procts such as hardware wallet, mobile app wallet, cloud wallet and multi signature wallet, as well as professional enterprise wallet procts. The hardware wallet adopts the "hot and cold separation" architecture, and uses various data encryption transmission methods such as QR code, Bluetooth, NFC, etc. to make the private key never touch the network, completely eliminate the risk of private key being stolen by network hackers, and realize the safe storage of a variety of encrypted assets
5. Bitgo
bitgo is a computer wallet with average ease of use and medium security
bitgo is a high security multi signature wallet, which protects your bitcoin from being stolen and lost. You keep your wallet on your own; Bitgo cannot spend or freeze money. Multiple bitgo wallets are also easy to use and provide advanced security features such as consumption restrictions and multi-user access
6. Keepkey
keepkey is a hardware wallet with high ease of use and medium security
keepkey is a hardware wallet to protect your digital assets such as bitcoin and Ethereum from hackers and thieves. Keepkey wallet supports multi currency hardware wallet, which is currently acquired by shapeshift. Keepkey adopts a unique recovery mechanism, which makes it more secure to use. This mechanism allows users to recover in 12 words. Additional security means that users do not need to store private keys on the device. They can recover their private keys and transactions and then erase the records on the device. This is currently the safest way to store bitcoin
7. Wookong
wookong is a hardware wallet with high ease of use and high security
wookong is a professional encryption digital asset escrow solution (Patent No.: zl201710884108.5) which combines high-strength cryptography algorithm and high-level financial security hardware solution. It has higher security than multi signature wallet and cold wallet. Main customers: financial institutions, exchanges and teams with higher security requirements than ordinary hardware cold wallets and multi signature wallets
8. Coinbase
coinbase is easy to use, medium security, and belongs to mobile phone and computer wallet
coinbase wallets, coinbase wallets come from Toshi wallets, and coinbase wallets are redefining the encrypted wallets that users expect. It's not just a tool for accessing cryptocurrency, you can see it as a foothold for exploring distributed networks. With coinbase wallet, you can: manage Eth and all your ecr-20 currencies (BTC, BCH and LTC will soon be supported); Receive airdrop and ICO currency; Purchase and store cryptocurrency (non replaceable currency, but can be used in the game or traded in the market); Can carry on the currency transaction without the service charge with any person in any place; Buying and selling currency through mass exchange or agent; It can access any third-party dapps to realize the functions of borrowing or lending to earn cryptocurrency by others in the blockchain through verification, service execution or task completion
9. Imtoken
imtoken is easy to use, medium security and belongs to mobile wallet
as a professional digital asset wallet, imtoken wallet is safe and easy to use; Support multi chain and multi currency management and exchange, so that blockchain technology can be better integrated into your life. Imtoken's vision is to make economic incentives consistent, privacy inviolable and value flow freely
imtoken has recently obtained a round a investment of IDG capital of US $10 million. He bin, founder and CEO of imtoken, said that this round of financing will support the development of imtoken's overseas market and the reserve of more technical talents
10. Atoken
atoken is easy to use, medium security and belongs to mobile wallet
atoken mobile digital currency wallet is light and safe, and supports 19 Currencies & Cross Chain swap. It aims to provide more convenient, more secure and more currency multi-dimensional services for the majority of digital currency users, and to build a leader in digital asset storage app.
ask where to eat crabs in Bacheng, any citizen can point out a way. We learned that there are four crab markets and one food street in Bacheng, which is a relatively concentrated place to eat crabs
the crab boat garden in Bacheng is located on Hubin Road by Yangcheng Lake. From Kunshan to Bacheng, just go west along Ma'anshan road and turn right to Hubin Road. Take the highway diners from the exit of the highway Bacheng, along the North West Road has been West to the end, turn right about 1 km road can reach crab Fang Yuan
Xiefang garden is located in the northeast of Yangcheng Lake, beside Xiangshi road. Diners can get off from the exit of Yangcheng Hubei (Bacheng North) of the ring expressway and turn left about 800 meters out of the toll station. The spring and autumn water city crab boat garden has invested about 16 million yuan to build water city catering center, aquatic wholesale market, fishing center and other facilities<
yujiadenghuo catering base is located in Yangcheng Hunan Province, which can be reached from the west to the end along Ma'anshan road. The diners at the exit of Baicheng expressway can walk westward along Chengbei West Road, turn left into Gucheng Road, and then turn into Ma'anshan road to see the lights of fishermen. Fishermen's Lantern investment is 38 million yuan (including 4.2 million yuan for environmental protection), with 46000 square meters of parking space, 2300 meters of catering ship wharf, nearly 100 catering ships, and more than 50% of green coverage
the second market for hairy crabs is also called Bacheng Lake market. You can go north along Weicheng Road, turn to Linhu Road, and go west to Bacheng primary school. The diners who take the expressway take the North West Road to the west, find the Weicheng road and drive north. The second hairy crab trading market has invested 8.5 million yuan in building 139 trading boat docks and 34 catering boats
the food street in Bacheng is mainly operated by the storefronts on both sides of Bajie road and Dayu road. Kunshan diners drive north along Hubin Road and you can see a street full of crab boats. After getting off the expressway, go west to the north of the city and find Hubin Road to find the market. Gourmet street has attracted 89 million yuan of private capital to build 167 business houses, covering a total area of 45500 square meters
of course, if you don't eat crabs in these crab boat intensive crab markets, the old streets in Bacheng town are also a good choice. After eating crab, take a walk in the old street, you can not only eat, but also experience the unique customs of Jiangnan Water Town
some farmhouses and ecological farms scattered in every corner of Baicheng also have authentic hairy crabs. Choose a restaurant you like and try the local farmhouse food. It has a different flavor
recommendation of crab eating restaurant:
a'si crab village in Bacheng, the first sign of crab eating in Yangcheng Lake. The crab village is actually a three story pavilion built by two large barges fixed on the lake. Although it is built on the ship, it is like walking on the ground. The front three floors are all private rooms for eating and seeing the scenery. Behind the crab village are open-air dining places and whole rows of net cages for keeping hairy crabs and fresh Yangcheng Lake aquatic procts. Guests can fish and burn whatever they want< Yangcheng Lake Yangcheng Lake Town: eating crabs on the island, the scenery here is unique
Yangcheng Lake town has two peninsulas, the main island and the lotus island. The annual output of hairy crabs is half of the total output of Yangcheng Lake District. The biggest feature of eating crabs in Yangchenghu town may be that the scenery is better. It's a bit of a paradise to take a motorboat tour of the lake
self driving route: Shanghai Nanjing Expressway Zhengyi hub (the intersection of Shanghai Nanjing Expressway and Suzhou Ring Expressway, turn right) - Suzhou Shanghai Expressway around the city (all the way north) - Shipai hub Yangcheng Hubei exit
3. Yangcheng Lake Weiting Town: eating crabs in food street
Weiting, located in the East Lake of Yangcheng Lake, accounts for one third of the lake area. Walking in the streets of Weiting Town, you can see the "symbol" of hairy crabs everywhere. With a construction area of 56000 square meters, the first phase of the international crab city is the largest specialized market for hairy crabs trading in East China, integrating on-site trading of hairy crabs and domestic and overseas procts, wholesale storage, tourism and catering, and local specialty shopping malls. It is only 20 meters away from the lake, and there is a Weiting hairy crab market with dozens of local crab boats
self driving route: Shanghai - Huning Expressway - entrance and exit of Yangcheng Lake Service Area - Weiting town
the private key must be well protected and should not be known to anyone except yourself
wallet is very important. If you want to use it, you should fully understand the choice.
the security is very high. small shell cold wallet is a professional provider of secure storage solutions for blockchain digital assets, and the positioning of small shell cold wallet proct is "all cold digital asset storage"
extended data
in the process of using, small shell cold wallets can always be in a non networked state, and the storage environment is completely isolated from the physical network. Of course, the paper or notebook used to record the private key also belongs to the category of cold wallet. When the user is using the cold wallet, the outside world can't access the location of the private key through the network, so it can avoid the accidents caused by hacker attack or trojan virus
small shell cold wallet is less likely to be attacked by hackers, which is why many regulatory agencies require trading platforms to save users' encrypted assets offline. There are many kinds of cold wallets (hardware wallets) commonly used by us in the market, and the most commonly used one should be the small shell cold wallets. The small shell cold wallets adopt the cold and hot end separation technology, the hot end two-dimensional code encryption communication transmission, and the non electromagnetic wave signal transmission, which can effectively prevent the data from being stolen