Shulou(Shulou.com)06/01 Report--

This article mainly talks about "is the security of the blockchain good?", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Next, let the editor take you to learn "is the security of the blockchain good?"

Security risk of blockchain

Despite some technical advantages, is blockchain technology not missing in terms of security? Despite the continuous research of technology, there are still many security challenges and risks at the technical and business levels.

1. Consensus Mechanism Challenge

For the consensus algorithm in the block chain, whether it can achieve and ensure the real security needs more stringent proof and time test. The asymmetric encryption algorithm may become more and more fragile with the development of data, cryptography and computing technology, and may have a certain degree of cracking in the future. In addition, whether the private key containing account security on the block chain is easy to steal remains to be further explored.

2. 51% attack

In Bitcoin, if you control the vast majority of computing resources in the node, you can reset the public account book, which is called the 51% attack. The real blockchain network is free and open. Therefore, in theory, the block chain cannot prevent nodes with enough computing resources from doing anything. In reality, it is feasible to launch 51% attack. Of course, having enough numeracy will not quickly destroy the entire system-at least not in a short period of time, but it can lead to system chaos.

3. NS attack

(Nothing at stake) attack problem. For example, in some cases a block can temporarily have two sub-blocks. When this bifurcation occurs, usually two miners find the answer to the workload in a short time, and then spread the addition to the adjacent network, and the other nodes slowly form two versions (sub-blocks) of the block chain. The block chain stipulates that the decision condition in this case is to select the sub-block with the largest total amount of work. For the sake of self-interest, the node can continue to work on two branches at the same time to ensure the acquisition of benefits. Assuming that 99% of node users consider revenue so rationally, even if the attacker holds only 1% of the interest, the branching direction of the blockchain can still be determined. He can make a transaction request, get the asset, and then get the added currency from another branch to his wallet.

4. Business level

With the rapid development of the whole industry, the third party engaged in the whole block chain, such as the developer team or platform, is relatively small, which virtually has a certain risk coefficient, and the wallet loophole in digital currency storage can not be ignored. For example, the Parity multi-signature vulnerability is that developers do not implement a well-designed protocol when writing code, so that hackers can call functions that should not be called and access data that should not be accessed. Web website vulnerabilities, for example, a Coindash Wordpress blog uploaded to Webshell resulted in a loss of 7 million dollars, which is very low-level, simply because the Wordpress version is too old. Fake website phishing, hackers by falsifying websites, pretending to be regular exchanges, digital currency http://www.gendan5.com/digitalcurrency/btc.html someone traded on it, resulting in theft. Business security, for example, the website is hacked, the payment address is replaced with the hacker wallet address, resulting in theft. Virus Trojans, such as Coincheck events in Japan, Bithumb events in South Korea, etc.

Risks caused by lack of code audit

Although it has been eight years since Bitcoin was born, it is still an experimental stage whether blockchain can be safely applied to digital currency. But some distributed ledger developers are in a hurry to deploy untested code on the block chain. A notorious example is the DAO attack. (with regard to the DAO attack, I hope those who do not understand will see Baidu on their own, thank you. After the DAO attack, DAO depreciated by 1/3, which is amazing. DAO attack was once a hot search for articles in the field of blockchain! There are at least two good solutions to this type of security risk:

Mutual oversight: conduct a rigorous peer audit of the code before deployment.

Professional people do professional things: intelligent contract testing is conducted by independent testing institutions.

Using either of these two scenarios will find flaws in DAO, and it will be the same in the future!

Although driven by the influx of capital and talent, the blockchain industry has ushered in rapid development, but as an emerging industry, its frequent warning of security vulnerabilities has caused people to worry about the risk of blockchain.

What are the risks that blockchain faces that need to be addressed?

Yu Kequn, director of the National Information Technology Security Research Center, pointed out that the emergence of blockchain has brought people a lot of expectations for privacy exposure, data disclosure, information tampering, network fraud and other issues. However, there are still many challenges in the security of blockchain.

Yu Kequn said that at present, the blockchain is still in its infancy, and there are many challenges, such as cryptographic algorithm security, protocol security, use security, system security and so on.

Yan Hanbing, director of the Operations Department of the National Internet Emergency response Center, also pointed out that if blockchain is to play an important role in the global economy, the security problems it faces must first be solved.

Yan Hanbing pointed out that the security of blockchain includes many aspects. For example, traditional security issues, including the protection of private keys, including application layer software traditional vulnerabilities and so on. In addition, there are also some loopholes in the new protocol.

The data provided by the decentralized vulnerability platform (DVP) also shows the seriousness of the blockchain security problem. Wu Jiazhi, head of DVP, revealed that in the week since July 24, DVP has received 312 vulnerabilities provided by White Hat, involving 175 project parties. These include intelligent contracts, well-known public chains, exchanges and a series of projects. There are 122 high-risk vulnerabilities, accounting for 39.1% of all vulnerabilities, and 53 medium-risk vulnerabilities, accounting for 17% of all vulnerabilities.

To sum up in one sentence: "blockchain can change the world, but the only way to ensure its success is to be safe."

At this point, I believe you have a deeper understanding of "is the security of the blockchain good?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.