According to incomplete statistics on the market, 2011 – 2018, block chain of security incidents caused by the amount of losses of up to 31 billion dollars. It is worth noting that, from the start in 2017 block chain security incident loss amount presents an exponential rise trend, since only 2018 years of development it has reached 19 billion, the security issue has become the key block chain development. In addition to security issues, has not yet reached a unified consensus block cipher algorithm, chain signature standard, the underlying technology framework, industry application, evaluation and certification aspects of industry, interactive and operational deficiencies, fragmented development seriously.
11 28, CO sponsored by the daily planet Odaily and 36Kr group 2018 P.O.D New BlockTrend new potential summit held in Beijing. At the meeting, a new form of research center of the daily planet Odaily senior analyst Li Xueting, the Ministry of Finance Internet Security Technology Key Laboratory Director Wu Zhen, deputy director of the Liu Yan Chinese Minsheng investment group, Chinese CCID Electronic Information Industry Development Research Institute of the global public chain technology assessment to senior vice president Li Yao Pu Songtao, Cobo launched a roundtable discussion on “the construction of” block chain technology standard.
The table is mainly discussed:
The main risk points of 1. block chain security, the reason of risk;
2. block chain technology standard dimension, quantity index;
3. in China made block chain evaluation;
4. block chain storage scheme, how to determine the safety index, establish security index system;
5. development of the third party verification mechanism;
The construction of 6. block chain standards still need to improve the problem.
The following is the record of roundtable discussions:
(host) Li Xueting: Hello I’m Odaily the daily planet analyst Li Xueting, this is a roundtable discussion of the host, I will first introduce the background of our discussions, we know that the block chain in supply chain management, cross-border payment and copyright management in distributed trust management has a good application prospect, but in safe storage digital asset management still exists many problems.
Today is a great honour to be invited to several guests, together with us to explore this topic building block chain technology standard, thank you again for a few guests, then we have to ask in the form of.
The first question is about the blockchain some security incidents, we have statistics to block chain safety data for 2017 years is 15, 2018 years is 75, the growth rate is about 373% a percentage of that, from the data point of view is very alarming.
I consult director Wu, at present some risk points of block chain security mainly in what areas, what is the point of risk?
Wu Zhen: block chain as a special information system, including information systems have risk points, for example P2P network attack and so on, at the same time block chain security also has its own characteristics.
I feel it is mainly manifested in three aspects: the first is the cryptographic algorithm, section two is the consensus mechanism, the three is a smart contract. Password algorithm is the algorithm of choice is the key of whole life cycle management, security risk is relatively large. Consensus is the core area of the cross chain technology, but many consensus mechanism whether logic or realize there are more hidden. Intelligent contract, have a large number of open-source APP application, has been the hardest hit by hackers.
Overall, block chain risk of both logic, there is also the risk of implementation, a lot of code quality is not high, there are many attacks appeared in the implementation level.
Li Xueting (host): Director Wu from the cryptographic algorithm, intelligent consensus mechanism, contracts and other technical aspects of the problem. I would like to ask you from the general public Po, chain from the perspective of the current risk level analysis about business mainly include what?
Pu Songtao: you have mentioned the 2018 security incidents in 2017 more than a lot, not only because of inherent safety risk, it may be because the market is more active and a higher degree of concern and security issues caused by hackers.
From the user, the project in terms of different levels have different levels, about security problems can be divided into three categories, the stability problem, the problem of loss of digital currency and intelligent contract loopholes. After two more important issues, this has happened with the public chain subjected to attack recently, including a public chain there is a long time without a problem. Like the wallet lost, is different from the traditional problem in the field of the internet. About smart contracts, the first half of this year, I have to exchange 360 related friends, found more problems.
Li Xueting (host): the total loss of the Po purse, I would like to ask Mr. Li, you can probably share this point from the wallet wallet what risk?
Li Yao: I very much agree with former two, we observe the market found that the main loss or loss from digital assets, we will first define digital assets, from the beginning of 1990s, human science and technology to virtual and digital two direction, more digital form, including not only the digital currency. We mentioned the digital IP, virtual products (such as commercial, qq COINS) and information flow to digital assets.
From the wallet industry, in the blockchain world, key assets, key generation, distribution, storage, update and even to destruction will appear on major issues. For example, the user simply destroyed, removed, but in the BIP32 protocol, the hacker through your private key and the main sub key, you can directly get your master key, and then transfer all of your assets. So the key management is very important, this is also an important reason we do wallet company, to help users protect assets.
At the same time, we also found that in addition to the security problem, because unlike the standard construction and perfect the traditional Internet Co, block chain industry many standards are not formed, many start-up companies caused a large waste of resources can not be effectively unified, resulting in accidents often happen. So the first is to key management, the second is to go to this thing.
Li Xueting (host): just three from the technical and business aspects to analyze the security risks, such as the 51% attack, probably with these smart contracts, Internet security risks like. I would like to ask the director Liu, there is some risk is the blockchain unique?
Liu Yan: block chain itself is a technology, just mentioned a lot of technical vulnerabilities caused by the investors and the parties involved in the loss, to solve these problems to work not only at the technical level. We can not ignore the problems in corporate governance, such as relevant information disclosure.
In the traditional financial industry, when investors to participate in a project, there is a contractual relationship, use of the performance of the responsibilities of both parties, funds are very clear, there are financial intermediaries responsible for matters related to the corresponding. The block chain development today, 2018 is a white paper published 10 years, block chain is with our life will fusion, combined with our traditional legal system and rules, inevitable process, should also have the governance mechanism is more reasonable and more perfect integration, in order to ensure the protection of the party and investors the vital interests involved. Although the initial block chain production is completely out to the center of the mechanism design, the actual business process of integration, in the business scene, the mechanism of the traditional existence still has great significance. I personally think that security issues are not only technical issues .
Li Xueting (host): Director Liu said the traditional mechanism, standard, a lot of people (including many people within the industry) are not very familiar with the blockchain technical standard, the technical standards have some dimensions or quantifiable indicators, please give us a look at the popularity of director wu.
Wu Zhen: talking about the technical standard, the first is feasible, also is necessary.
From the aspect of the feasibility, the current development of block chain technology in the early, a lot of things in the exploration stage, so now some standards are set too strict if will have certain restrictions on the industry.
From the necessity, why, in communications industry as an example, its standards improve, including ITU and so on. Because of the lack of a business can cover the entire communications industry, the need for inter enterprise mutual cooperation, mutual understanding, and became the industry standard for. Assuming an enterprise’s ability is very strong, such as apple, can be self-contained, everything can be adjusted freely in the enterprise, it can not standard.
The corresponding block chain, the first block chain need some definition and framework of reference standards, so we can reach a consensus; second there should be regulatory standards, because the supervision industry and external interface, but as for how to use it is regulatory supervision; third safety standards, including safety requirements and overall evaluation standard. We know that security is not possible in 100%, but the reference significance to promote industry safety standards.
Li Xueting (host): if some definitions and standards can reach a consensus, for the sound development of the industry can play a guiding role. Miss director mentioned evaluation, from the aspects of the blockchain evaluation is concerned, at present our country what progress?
Pu Songtao: in answer to your question before I then director Wu said simple to talk about. I think we do not focus on industry organization or national standard, more attention is the fact that the standard. A few years ago when we study in the cloud computing we are discussing a new technology, to discuss what is Docker? HUAWEI believes that Docker is the standard, now the fact is this. Back to the block chain industry, what is the standard of tokens? The token is the standard of ERC-20. If the development to a certain extent, influence, will become the de facto standard. We see a lot of the underlying architecture is bitcoin standards do.
As for evaluation, now the block chain area, there are about four types of standards: password related, technical architecture, application and evaluation. The evaluation is the main piece of various organizations to set standards to make the rating, there are many domestic institutions to do the evaluation, each agency has its own set of standards, but the industry in the absence of a unified standard system, it is such a situation.
Li Xueting (host): each has a standard system, will not produce fragmentation, thus hinder the industry’s common development?
Pu Songtao: I don’t think. A product came out, the evaluation agency for evaluation of the products through their own standards, and issued the corresponding certificate, the impact of the industry will not.
Li Xueting: (host) for the evaluation of director Liu have added content?
Liu Yan: to promote the industry development needs assessment on across large threshold. There are many challenges, such as the technology itself is not mature problem. Determination of an industry technology is mature, need to produce the industry technical standards are acceptable for most applications, the implementation of standards in the industry and the need to end to landing, the standard implementation of the leading enterprises. At present, has not reached the mature stage.
The integration to a mature technology and industry, and promote the realization of landing in the scene, all in the scene. The development of technology and standards are complementary process is very dynamic, one needs to find the application scenarios for the blockchain, find the breakthrough point for the end of industrial production, on the other hand also needs to form certain technical standards in the implementation process. Need some technical standard to judge a project is not block chain project, while ensuring that we in the chain of digital asset security, guarantee chain operation process to enhance the efficiency of.
Li Xueting (host): Director Liu said the chain of digital assets, I would like to ask the General Lee, a digital asset storage scheme, this scheme is how to determine the number of safety indicators to establish safety index system?
Li Yao: just 3 said I agree to the standard. We observed the technical appraisal industry is very preliminary, need an industry standard for start-ups, such industry regulation and enterprise behavior are of great help.
I also want to talk in the industry is not standard, such as mnemonic words appear in different format, the standard platform of a variety of forms, some with English letters, some Chinese characters said, should be unified and standardized. Another example of why the industry data will be stolen, I share a case, to the center of the platform vulnerabilities DVP previously detected, there are more than 600 open source exchange use loopholes have been abandoned, the vulnerability could allow an attacker to bypass the original exchange restrictions, illegal modification of information, or delete data exchange in unauthorized situation under the. Is not a good choice based protocol standard, which is very scary for users.
What is a good standard dimension? In our view, this standard can be achieved in a consensus mechanism of safety standards, safety standards, the algorithm of network security standards, application level security standards and contract safety standards of the six levels of unity, to promote the industry, it is also our hope to promote the standard of Cobo wallet.
(host) Li Xueting: Well, we are all from the perspective of the industry standard construction, I would like to ask the director Wu standard construction has what progress?
Wu Zhen: we have in the development of block chain reference architecture project and national standards, is now in the process of drafting, the blockchain terminology, reference architecture, function module, role definition. Our national Internet Emergency Center also led the establishment of a safety technical requirements for block chain platform standard, now also completed the draft, is to solicit opinions. We also led a blockchain copyright international standards work in ITU.
In general, there is a framework of standards, but the blockchain application standard is still in the early stage, is not mature, temporarily is not particularly urgent.
(host) Li Xueting: Well, just mentioned according to the evaluation, I understand that this standard in the evaluation index system, also need third party verification mechanism, the total of Pu third party verification institutions development view?
Pu Songtao: in fact, any development of the industry in addition to the industry itself to provide technical products all need third party responsible, including investment and financing services, all these need. The block chain is concerned, it is necessary for third party intervention. At least I know, under the Ministry of scientific research units, actually provide some service in terms of technology assessment.
Li Xueting (host): guests are introduced at block chain industry standard construction progress, I would like to ask you, in which there is no standard block chain construction there are some problems in present there is no way to conquer, or still need to improve?
Wu Zhen: in the market formed in accordance with the actual situation of the standard comparison with life. For example, we all know the TCP/IP protocol, appear relatively early, although the problems but quickly occupied the market. The formation of non market standards because of the lack of support to be shelved. In fact, standard setting up to say what the problem does not exist, the problem is to formulate standards can reach a consensus, whether landing.
Liu Yan: I personally think that the technical standards and technology development itself between the need to reach a dynamic balance. The blockchain technology is still in its early stages, its development also needs from various dimensions continuously to enhance its basic function. Block chain is not a single technology, design, encryption algorithm, consensus mechanism, incentive mechanism design of all the underlying technology, and scientists in many fields for a breakthrough in the development of technology will promote.
If the standard coverage was too broad, may restrict the technology development. We hope that the technical standard can prevent some major risks such as data on the application of the scene or some sensitive data, some similar to the sandbox supervision measures, not only in the middle to control serious vulnerability, also in line with the characteristics of present technology development, a relatively healthy impetus to technology development.
Pu Songtao: I agree with the two speeches, I think there are two questions worth discussing. The first problem is that the necessity of technical standards, the entire block chain industry is very active, premature standard has influence; the second problem is that after the standard setting is effective, how to let you accept your standards? Especially as I am in charge of the public on the chain, each chain has its own model, agreement made out, each public chain team will not be recognized is the problem.
Whether the standard of necessity, formulate technical standards to promote. I think there is a direction worthy of study:
1. what is now the shortage, we must develop the standard. I think the most important thing is the term, this is the most basic and underlying. The reference architecture is also necessary, more for the new start-up team, this is necessary.
2. development space. Each assessment agencies, teams and organizations have their own evaluation system, this standard can have a free space for the development, based on the evaluation of the sandbox is possible.
3. migration. Many of them are the traditional block chain industry and some technology in the traditional industry is a national standard. As far as I know, should be in the secret algorithm 19, the electronic signature is about 20, these standards can not move to block the chain to. Around the password application system is relatively perfect, the security of the code about 10 about the national standard, including the password application interface about 20 national standards, how to transfer these blocks of industry chain.
The 4. is worth exploring. Also mentioned as the blockchain industry application of relevant standards, including the various industry organizations proposed are not standard, really in the future are likely to form in the industry standard, a standard, gb.
Li Yao: simple said I feel. The chain is the chain alliance, private chain, public and private chain chain chain alliance, generally do not involve distributed nodes, corporate governance is not so easy to formulate standards of community governance. The standard of public chain complex, the chain itself is also evolving, constantly breakthrough, such as bitcoin lightning agreement, the future may achieve millisecond arrival, and Ethernet protocol lightning workshop will greatly improve the efficiency of payment. At the same time for the blockchain consensus mechanism is also evolving from POW to POS and DPOS, when the public chain technology and the standard of perfect unity, then thrust reversers to chain and private chain alliance, it would be better to try, from the business side, will be more efficient.
Li Xueting (host): 4 guests from different angles on the block chain construction technology standards are some prospects, indeed blockchain standardization can open up the application channel and prevent the risk of application, the application of the floor block chain has a positive effect. But now because of the block chain in the early development of premature, strictly develop some standards may limit the technology. The construction of technical standards is not easy, is slowly advancing. We look forward to building block chain technology standards to promote joint efforts in the group level and the industry level down, so as to promote the sustainable development of the industry.
Thank you very much four wonderful explanation today, due to the time we Roundtable here first, thank you again for four guests.