Elaine FreeBuf 


We are on the verge of new change , The Internet is going through a phase of decentralization . After 20 Scientific research in 2000 , New advances have been made in cryptography and decentralized computing networks , Bring technologies like blockchain (blockchain) Cutting edge technology like that , And these technologies may potentially have the power to change the way society works from the bottom .

5 month 26 Japan , The U.S. Department of Defense announced a deal with the developer of encrypted communications ITAMCO Sign the contract , Jointly develop innovative blockchain based applications for the US military —— a “ Security , Non intrusive messaging 、 trading platform ”. allegedly , This cooperation program can provide the US military with safer communication between headquarters and ground forces 、 The intelligence transmission between the Commissioner and the Pentagon provides a safe and reliable channel and ensures non-invasive .

The term blockchain , It's no stranger to most readers , But the characteristics behind blockchain Technology 、 value 、 The role of applications in the field of security 、 Current technology limitations , But we may not be completely familiar with . In this context , This article will lead you to take a detailed look at the security advantages and limitations of blockchain .

One 、 Blockchain value : Help solve trust problems

First , What is blockchain ? People have heard the term more or less , Know that blockchain is a distributed shared encrypted database . As you all know , Blockchain is a distributed shared encrypted database . The Ministry of industry and information technology of China is 2016 It was defined as a kind of distributed data storage in 、 Point to point transmission 、 Consensus mechanism 、 Encryption algorithm and other computer technology in the Internet era of innovative application mode . In the course of the actual transaction , The process of using blockchain includes the connection of nodes 、 The basic steps of trading and bookkeeping .



1.1 The development of blockchain Technology

Blockchain technology itself originated in 2008 It was put forward in , Nakamoto put forward the concept of bitcoin and the technical methods behind it at a cryptography exploration and sharing meeting . The underlying technology of bitcoin is the prototype of blockchain technology and its idea . The blockchain behind bitcoin , It's designed to be decentralized 、 No trusted currency platform . Anyone who doesn't know each other can join the general ledger , Through point-to-point bookkeeping 、 The data transfer 、 Certification or contract , Without the help of any intermediary, we can reach a credit consensus . This general ledger includes all the past transactions 、 Historical data and other relevant information , All information is distributed and transparent , And in the form of cryptographic protocol to ensure that it can not be illegally tampered with .

stay 2010 year , Bitcoin set up the exchange , And gradually more and more people understand . to 2011 Year begins , The trend of globalization is becoming more and more intense , The number of institutions investing in and researching blockchain technology is also increasing rapidly , Blockchain technology has been continuously supplemented and improved from the primary level of realization . This gives the bitcoin currency system rapid growth opportunities , But at the beginning of its design, the relatively simple monetary operation system also got some challenges : Loss of file access , Leakage of server password 、 Money stolen 、 Anonymous currency is difficult to trace, regulatory loopholes let people find the defects of the monetary system . These deficiencies even affect people's trust in bitcoin and its monetary value , But also as an opportunity , More people are paying more attention to the underlying blockchain Technology .

thus , stay 2015-2016 In 2000, blockchain technology passed the stage of staying in theory and research , Go to application . Many traditional financial institutions 、 Startups and other organizations use the technology in practical applications , Such as transaction settlement 、 The Internet of things 、 Digital asset management 、 Equity trading 、 notarization 、 Supply chain and other fields . With the development of the industry , Various countries and local organizations have also strengthened the research and supervision on the potential of blockchain .

Up to now , This kind of distributed ledger technology, which was first hidden in the bottom layer of bitcoin, is gradually coming into the public eye , And even become an academic and even industrial “ hotspot ” topic of conversation , More and more attention has been paid to its essential characteristics which may be more valuable than digital currency itself .

In general , The value of blockchain lies in its security —— It can solve the problem of trust .

1.2 The consensus mechanism of blockchain


Milestone map of consensus mechanism development

Since the Internet connected computers and people all over the world , Trust problems are all caused by third-party enterprises 、 banking institution 、 Government departments and other large-scale intermediary to solve . People authenticate themselves on the Internet 、 bank transfer 、 Consumer transactions , It's all based on trust in these large intermediaries . Large scale intermediary in the operation platform , While providing services , Take a portion of the commission from a large number of transactions as a source of profit ,“ Snowball ” And then it gets bigger and bigger , People's trust in it goes with “ Network effect ” Keep growing .

On the contrary , What blockchain proposes is a so-called “ Machine trust ” or “ Democratic trust ”. In the peer-to-peer network of the blockchain community , There is no role like administrator to centralize control over people's transactions , Instead, we use consensus mechanism to verify people's trading behavior , And the value information is directly transmitted in the network . In other words, in a network of mutual distrust , The solution proposed in the blockchain is to maximize the interests of each node , Automatically follow certain rules to verify the authenticity of transaction records , Then the real transaction after judgment is recorded in the blockchain .

at present , Now there are four common consensus mechanisms , They are workload proof algorithm (PoW)、 Proof of interest algorithm (PoS)、 Share authorization certificate (DPoS) as well as Pool Validation pool .

The consensus algorithm used in bitcoin, which is usually familiar to everyone, is Workload proof algorithm (PoW), Nodes in the network need to calculate a certain amount of work to get the numerical solution of random hash , In order to obtain the right of accounting through node competition ( dig ). The stronger the computing power of general nodes, the easier it is to get accounting rights and corresponding rewards . But this consensus mechanism has some limitations , It is also criticized for consuming computer examples and resources .

Later on PoW It's improved on the basis of PoS—— Proof mechanism of rights and interests , Proof of all rights and interests of bookkeeping users for digital assets in the blockchain is required . Relatively speaking , The more digital assets you have , The faster you can find random numbers . Because the more people have assets , The less you want to lose your assets .

Two 、 Blockchain security advantages

Now *** It can destroy the entire network 、 Tampering with data or inducing careless users into security traps . They steal identity information , And through the centralized database of *** And other security threats caused by single point of failure . But the mode of data storage and data sharing in blockchain Technology , It's a very different approach from the current information security . Both bitcoin and Ethereum use the same cryptography technology to secure transactions , But now it can also be used as a security precaution *** And security threats .

The advantages of blockchain in information security mainly lie in the following three aspects :

1. Using high redundant database to ensure the data integrity of information

2. Use the relevant principles of cryptography for data verification , Guaranteed not to be tampered with

3. In terms of rights management , Multiple private key rules are used for access control

Using the security advantages of blockchain, we can develop multiple security applications . The existing security application scenarios are PKI, Certification, etc , Here, two simple examples can be used to illustrate .

from MIT Developed CertCoin It may be the first application based on blockchain PKI. PKI Is a common form of public key cryptography that can be used to protect mail , Message application , Websites and other forms of communication . However, due to the majority of PKI Interfaces need to rely on centralized , Trusted third party certification bodies (CA) To issue 、 Revoke 、 And save key pairs for each participant ,*** By using the identity of the user to enter the encrypted communication to obtain information . and CertCoin Removed the centralized authority , Using blockchain as distributed ledger to distribute public key , Can effectively reduce *** The risk of a single point of invasion .


Public and political communication Factom Flow diagram

And in the field of certification , There are also many examples , Such as public and political communication Factom System . It is based on blockchain to build chain structure of storage , Decompose authentication into proof of existence 、 Process proof and auditable proof . For any digital asset authentication process , You can follow these three steps to achieve data record security and monitoring compliance .

3、 ... and 、 Blockchain security limitations

However , The blockchain has been studied continuously 、 application , There are still some security limitations , This leads to many challenges in both the technical and business layers . These challenges may be the difficulties when blockchain is more widely promoted and applied , It may also become a breakthrough point of blockchain technology in the future .


Blockchain security limitations

3.1 The challenge to the consensus mechanism

For the consensus algorithm in blockchain technology, a variety of consensus mechanisms have been proposed , The most common is PoW、PoS System . But whether these consensus mechanisms can achieve and guarantee real security , Need more rigorous proof and time test .

The asymmetric encryption algorithm used in the blockchain may change with the development of mathematics 、 With the development of cryptography and computing technology, it becomes more and more fragile . Take the computing power of today's supercomputers as an example , Producing bitcoin SHA256 A hash collision of the hash algorithm takes about 2^48 year , But with the development of new computing technologies such as quantum computers in the future , In the future, asymmetric encryption algorithm may be cracked . secondly , Under the mechanism of bitcoin , The private key is stored in the user's local terminal , If the user's private key is stolen , It will still cause serious losses to users' funds . Whether the private key of blockchain technology is easy to steal remains to be further explored and solved .

3.2 51%***

In bitcoin , If one person controls most of the computing resources in the node , He can control the whole bit network and modify the public Ledger as he wishes . This is known as 51%***, It has always been one of the most criticized designs in the bitcoin system .

Even if it's a theoretical assumption , such 51%*** It will be very interesting . Because the real blockchain network is free and open , So no administrator on the blockchain network can prevent having enough computing resources ( It actually takes a lot of resources ) You can't do anything . If so *** It happened. , The credit of this digital currency may be lost , The value of money will fall rapidly .

Have the whole network 51% Power people can do these things :

1. They can prevent transactions from happening without verification , Make the deal ineffective , Potentially preventing people from trading money .

2. While they are in control of the network, you may want to change the parties to the deal ( There is a double cost problem ), And it may prevent others from finding new blocks .

Bitcoin and other cryptocurrencies are based on blockchain systems , So it can also be called distributed ledger . These digital records are created in every transaction , Stored on the cryptocurrency network , Any user on the network node can browse the records , This means that no one can spend money twice , If you can counterfeit money to pay , That would quickly destroy trust in the value of that currency .

Because the blockchain contains a series of blocks , Block contains a large number of transaction data stored in a given period of time ( For bitcoin , About every 10 Every minute produces a new block ). Once the block is discovered , or “ dig ” success , Can no longer change , Because fake versions of distributed ledgers can be quickly identified and rejected by Internet users . However , By controlling most of the computing power on the network (>51%),*** The user can be involved in the process of recording the new block . They can stop other miners from mining , In theory, monopolize the generation of new blocks and obtain results ( For bitcoin , The reward would be 12.5 A new bitcoin , The quantity will decrease with time , It's going to come down to 0). They can prevent other users from trading . They can trade , And then cancel the deal , Show that you still have the money you just paid . This loophole , It's called double spending , It's the most urgent cryptocurrency barrier for blockchain . A network system that can allow double costs will quickly lose the trust of users . But even in 51%*** in ,*** It's still very difficult for developers to change the transaction information that has happened on the block . because *** The transaction before the start is tightly bound with the previous block , The older the transaction information, the more impossible it is to modify it .

Having enough computing power can lead to chaos in the system ( All of these things are not allowed ), But it's not going to destroy the block network system quickly —— At least not in a short time . They can't reverse the historical trade that happened before , We can't create new assets out of thin air ( Unless it's normal mining ), Or steal digital assets from other users' wallets .

In reality , launch 51%*** It is feasible , Especially with the rise of mining pools . Even though *** The potential threat to those who do not , We should also consider the existence of this kind of security threat to the blockchain system and find solutions .

3.3  N@S*** 

in the light of PoW Consensus algorithms are vulnerable to 51%*** The problem of , Some researchers are right PoW The consensus algorithm has been improved , Now there are based on PoS Consensus blockchain system . To some extent, it has been able to face 51%*** problem , But while solving the old problems , It also introduces the N@S (Nothing at stake)*** problem .

Although each block has only one parent block , But in some cases, a block can temporarily have two sub blocks . When this bifurcation occurs , Generally, both miners found the solution to the workload in a short time , Then propagate the added data to the adjacent network , The other nodes gradually form two versions ( sub-block ) Blockchain . The blockchain States , In this case, the judgment condition is to select the sub block with the largest total workload .

In the best interests of oneself , The node can continue to work on two branches at the same time , To secure the gain of interest . hypothesis 99% If the node users of are so rational to consider the benefits , Even if *** Those who master only 1% The rights and interests of can still determine the branch direction of blockchain . He can make a trade request , Acquire assets , Then take the add money from another branch and add it to your wallet .

Now, some Chinese researchers have put forward suggestions to improve the consensus algorithm , By constructing a system that depends on both high computing power and high memory PoW Consensus algorithm can achieve 51 %*** Problem solving , However, a more secure and effective consensus mechanism needs to be further studied and designed .

Four 、 Conclusion image.png

The spirit of technology has come out of the bottle , But we don't know when it's really coming .

——Don Tapscott

Advantages and limitations , Just like the double blades of a sword , We are looking forward to the update and improvement of blockchain technology , Hope the idea really falls into reality —— Build a decentralized, trusted network . With the rapid development of the Internet and information technology in today's era , Blockchain technology has brought us new possibilities, but also new security challenges , How to tap and improve the advantages of new technology and constantly break the security limitations , Maybe it's something to think about in the next stage .

5、 ... and 、 Reference material

1. https://venturebeat.com/2017/01/22/blockchains-brilliant-approach-to-cybersecurity/

2. https://www.cryptocoinsnews.com/4-lines-defence-51-attack/

3. https://www.deepdotweb.com/2017/01/10/new-proof-work-mechanism-can-shield-bitcoin-blockchain-51-attack/

4. https://cointelegraph.com/news/us-defence-research-agency-to-integrate-blockchain-based-crypto-chat-platform

* The author of this article :Elaine, Reprint please indicate FreeBuf.COM