区块链(Blockchain)是一系列现有成熟技术的有机组合,它对账本进行分布式的有效记录,并且提供完善的脚本以支持不同的业务逻辑。在典型的区块链系统中,数据以区块(block)为单位产生和存储,并按照时间顺序连成链式(chain)数据结构。所有节点共同参与区块链系统的数据验证、存储和维护。新区块的创建通常需得到全网多数(数量取决于不同的共识机制)节点的确认,并向各节点广播实现全网同步,之后不能更改或删除。
Block chains (Blockchain) are organic combinations of a range of existing mature technologies that effectively record accounts in a distributed manner and provide improved scripts to support different business logics. In typical block chain systems, data are generated and stored in blocks (blocks) and linked to chain (chain) data structures in chronological order. All nodes are involved in data validation, storage and maintenance of block chains.
从外部来看,区块链系统应具备如下特征:
Externally, block chain systems should have the following characteristics:
此处的多方仅指记账参与方,不包含使用区块链的客户端。区块链的记账参与方应当由多个利益不完全一致的实体组成,并且在不同的记账周期内,由不同的参与方主导发起记账(轮换方式取决于不同的共识机制),而其他的参与方将对主导方发起的记账信息进行共同验证。
The number of participants here is limited to account participants and does not include the client who uses the block chain. The number of account participants in the block chain should be composed of multiple entities whose interests are not fully aligned, with different participants taking the lead in initiating the bookkeeping (rotation depends on different consensus mechanisms), while other participants will jointly validate account information initiated by the lead party.
区块链系统记录的账本应处于所有参与者被允许访问的状态,为了验证区块链记录的信息的有效性,记账参与者必须有能力访问信息内容和账本历史。但是公开账本指的是可访问性的公开,并不代表信息本身的公开,因此,业界期望将很多隐私保护方面的技术,如零知识证明、同态加密、门限加密等,应用到区块链领域,以解决通过密文操作就能验证信息有效性的问题。
In order to verify the validity of the information recorded in the block chain, account participants must have the ability to access the content of the information and the history of the account. But the public account book refers to accessability and does not represent the disclosure of the information itself, and therefore the industry expects that many privacy protection techniques, such as zero knowledge certification, homogenous encryption, door-limit encryption, etc., will be applied to the block chain area to solve the problem of authenticating the information through secret message operations.
区块链应当是不依赖于单一信任中心的系统,在处理仅涉及链内封闭系统中的数据时,区块链本身能够创造参与者之间的信任。但是在某些情况下,如身份管理等场景,不可避免的会引入外部数据,并且这些数据需要可信第三方的信任背书,此时对于不同类型的数据,其信任应来源于不同的可信第三方,而不是依赖于单一的信任中心。在这种情况下,区块链本身不创造信任,而是作为信任的载体。
Block chains should be systems that are not dependent on a single centre of confidence and that create trust among participants when processing data that relate only to closed systems within the chain. But in some cases, such as identity management, it is inevitable that external data will be introduced and that such data will require the endorsement of trust by a credible third party, when the trust for different types of data is derived from different credible third parties rather than relying on a single centre of trust. In this case, the block chain itself does not create trust, but rather serves as a vehicle of trust.
作为区块链最为显著的特征,不可篡改性是区块链系统的必要条件,而不是充分条件,有很多基于硬件的技术同样可以实现数据一次写入,多次读取且无法篡改,典型的例子如一次性刻录光盘(CD-R)。区块链的不可篡改基于密码学的散列算法,以及多方共同维护的特性,但同时由于这个特性,区块链的不可篡改并不是严格意义上的,称之为难以篡改更为合适。
As the most prominent feature of the block chain, non-frozenness is a sine qua non rather than a sufficient condition for the block chain system, and there are many hardware-based technologies that can also make it possible to write data once, read many times, and cannot be tampered with. Typical examples are CD-ROMs (CD-Rs). The non-frozen transformation of the block chain is based on cryptographic hash algorithms, as well as multiple common maintenance features, but because of this feature, the non-frozenness of the block chain is not strictly so defined as to be more appropriate.
分布式账本技术 DLT (Distributed Ledger Technology)本质上是一种可以在多个网络节点、多个物理地址或者多个组织构成的网络中进行数据分享、同步和复制的去中心化数据存储技术。相较于传统的分布式存储系统,分布式账本技术主要具备两种不同的特征:
Distributed accounts technology DLT (Distributed Ledger Technology) is essentially a decentralised data storage technology that can be shared, synchronized and copied in multiple network nodes, physical addresses or networks made up of multiple organizations. Distributed accounts technology has two main characteristics:
传统分布式存储系统执行受某一中心节点或权威机构控制的数据管理机制,分布式账本往往基于一定的共识规则,采用多方决策、共同维护的方式进行数据的存储、复制等操作。面对互联网数据的爆炸性增长,当前由单一中心组织构建数据管理系统的方式正受到更多的挑战,服务方不得不持续追加投资构建大型数据中心,不仅带来了计算、网络、存储等各种庞大资源池效率的问题,不断推升的系统规模和复杂度也带来了愈加严峻的可靠性问题。然而,分布式账本技术去中心化的数据维护策略恰恰可以有效减少系统臃肿的负担。在某些应用场景,甚至可以有效利用互联网中大量零散节点所沉淀的庞大资源池。
Traditional distributed storage systems implement data management mechanisms controlled by a central node or authoritative body, and distributed books are often based on consensus rules, using multiple decision-making, common maintenance, data storage, reproduction, etc. In the face of the explosive growth of Internet data, the way in which data management systems are currently organized by a single centre is becoming more challenging, and service providers are forced to continuously invest in large data centres, causing problems not only with the efficiency of a vast pool of resources, such as computing, networking, storage, etc., and increasing system size and complexity. However, centralized data maintenance strategies for distributed book technologies can effectively reduce the burden of swollen systems.
传统分布式存储系统将系统内的数据分解成若干片段,然后在分布式系统中进行存储,而分布式账本中任何一方的节点都各自拥有独立的、完整的一份数据存储,各节点之间彼此互不干涉、权限等同,通过相互之间的周期性或事件驱动的共识达成数据存储的最终一致性。经过几十年的发展,传统业务体系中的高度中心化数据管理系统在数据可信、网络安全方面的短板已经日益受到人们的关注。普通用户无法确定自己的数据是否被服务商窃取或篡改,在受到黑客攻击或产生安全泄露时更加显得无能为力,为了应对这些问题,人们不断增加额外的管理机制或技术,这种情况进一步推高了传统业务系统的维护成本、降低了商业行为的运行效率。分布式账本技术可以在根本上大幅改善这一现象,由于各个节点均各自维护了一套完整的数据副本,任意单一节点或少数集群对数据的修改,均无法对全局大多数副本造成影响。换句话说,无论是服务提供商在无授权情况下的蓄意修改,还是网络黑客的恶意攻击,均需要同时影响到分布式账本集群中的大部分节点,才能实现对已有数据的篡改,否则系统中的剩余节点将很快发现并追溯到系统中的恶意行为,这显然大大提升了业务系统中数据的可信度和安全保证。
After decades of development, highly centralized data management systems in traditional business systems have become increasingly concerned about data reliability and network security. Ordinary users are unable to determine whether their data has been stolen or tampered with by service providers and appear more powerless in the face of hacking attacks or security leaks. In order to respond to these problems, additional management mechanisms or technologies are increasing, which further increase the cost of maintaining traditional business systems and reduce the efficiency of business practices by means of inter-regime or event-driven consensus. Distributive accounting techniques can fundamentally improve this phenomenon, since each node has maintained a complete copy of the data, and any change in data by a single node or by a small number of clusters is unlikely to have an impact on most of the Bureau's copies.
这两种特有的系统特征,使得分布式账本技术成为一种非常底层的、对现有业务系统具有强大颠覆性的革命性创新。
These two unique features of the system make distributed booking technology a very low-level revolutionary innovation with a powerful destabilizing effect on existing business systems.
区块链是一个历史可追溯、不可篡改,解决多方互信问题的分布式(去中心化)系统。分布式系统必然面临着一致性问题,而解决一致性问题的过程我们称之为共识。
The block chain is a distributional (de-centralized) system that addresses issues of mutual trust that are historical and inexorable. The distribution system is bound to face problems of consistency, which we call consensus.
分布式系统的共识达成需要依赖可靠的共识算法,共识算法通常解决的是分布式系统中由哪个节点发起提案,以及其他节点如何就这个提案达成一致的问题。我们根据传统分布式系统与区块链系统间的区别,将共识算法分为可信节点间的共识算法与不可信节点间的共识算法。前者已经被深入研究,并且在现在流行的分布式系统中广泛应用,其中 Paxos 和 Raft及其相应变种算法最为著名。对于后者,虽然也早被研究,但直到近年区块链技术发展如火如荼,相关共识算法才得到大量应用。而根据应用场景的不同,后者又分为以 PoW(Proofof Work)和 PoS(Proof of Stake)等算法为代表的适用于公链的共识算法和以PBFT( Practical ByzanTIne Fault Tolerance)及其变种算法为代表的适用于联盟链或私有链的共识算法。
Consensus in distributed systems needs to be based on reliable consensus algorithms. Consensus algorithms typically address the question of which nodes of distributed systems initiate the proposal and how other nodes agree on the proposal. We divide consensus algorithms into consensus algorithms between credible nodes, depending on the differences between traditional distribution systems and block chain systems.
工作量证明 POW 算法是比特币系统采用算法,该算法于 1998 年由 W. Dai 在 B-money的设计中提出。以太坊系统当前同样采用 PoW 算法进行共识,但由于以太坊系统出块更快(约 15 秒),更容易产生区块,为了避免大量节点白白陪跑,以太坊提出了叔(Uncle)块奖励机制。PoS(Proof of Stake)算法最早由 Sunny King 在 2012 年 8 月发布的 PPC(PeerToPeerCoin 点点币)系统中首先实现,而以太坊系统也一直对 PoS 抱有好感,计划后续以 PoS 代替 PoW 作为其共识机制。PoS 及其变种算法可以解决 PoW 算法一直被诟病的浪费算力问题,但其本身尚未经过足够验证。PBFT 算法最早由 Miguel Castro(卡斯特罗)和Barbara Liskov(利斯科夫)在 1999 年的 OSDI99 会议上提出,该算法相较原始拜占庭容错算法具有更高的运行效率。假设系统中共有 N 个节点,那么 PBFT 算法可以容忍系统中存在F 个恶意节点,并且 3F+1 不大于 N。PBFT 共识算法虽然随着系统中节点数增多而可以容忍更多的拜占庭节点,但其共识效率却是以极快的速率下降,这也是我们能看到的应用 PBFT做共识算法的系统中很少有超过 100 个节点的原因。
The workload proves that the Pow algorithm is a bitcoin algorithm that was introduced by W. Dai in 1998 in the design of B-Money. The PPC (PeerToPeerCoin Pointing) system, which was first achieved in August 2012, was first achieved because it was faster (about 15 seconds), made it easier to create blocks, in order to avoid a large number of white and white nodes, to replace Pow with an incentive mechanism. The Proof of Stake algorithm was first introduced by Sunny King in August 2012, but the PPC (PeerTeerCoin Pointing) system was first achieved, and it was initially achieved by the FB Consensus, which was used to replace PAW as a consensus mechanism. PoS and its transformation were used to solve the disabling use of PW algorithms.
无论是 PoW 算法还是 PoS 算法,其核心思想都是通过经济激励来鼓励节点对系统的贡献和付出,通过经济惩罚来阻止节点作恶。公链系统为了鼓励更多节点参与共识,通常会发放代币(token)给对系统运行有贡献的节点。而联盟链或者私链与公链的不同之处在于,联盟链或者私链的参与节点通常希望从链上获得可信数据,这相对于通过记账来获取激励而言有意义得多,所以他们更有义务和责任去维护系统的稳定运行,并且通常参与节点数较少,PBFT 及其变种算法恰好适用于联盟链或者私链的应用场景。
Whether Pow or PS algorithms, the core idea is that nodes are encouraged by economic incentives to contribute to and pay for the system, and that nodes are discouraged by economic sanctions. To encourage more nodes to participate in consensus, public-chain systems usually issue tokens (token) to nodes that contribute to the system’s functioning. And the difference between a union chain or a private chain and a public chain is that the nodes involved in the chain usually want to obtain credible data from the chain, which is much more meaningful than obtaining incentives through bookkeeping, so they have a greater obligation and responsibility to maintain the system’s steady functioning and usually participate in fewer nodes, and PBFT and its variable algorithms apply well to the application of a union chain or a private chain.
什么是智能合约?
智能合约(Smart contract )是一种旨在以信息化方式传播、验证或执行合同的计算机协议。智能合约允许在没有第三方的情况下进行可信交易。这些交易可追踪且不可逆转。其目的是提供优于传统合同方法的安全,并减少与合同相关的其他交易成本。
Smart contract is a computer agreement designed to disseminate, validate or execute the contract in an informative manner. Smart contract allows for credible transactions without a third party. These transactions are traceable and irreversible.
智能合约概念可追溯到 20 世纪 90 年代,由计算机科学家、法学家及密码学家尼克·萨博(Nick Szabo)首次提出。他对智能合约的定义如下:“一个智能合约是一套以数字形式定义的承诺,包括合约参与方可以在上面执行这些承诺的协议。” 尼克·萨博等研究学者,希望能够借助密码学及其他数字安全机制,将传统的合约条款的制定与履行方式,置于计算机技术之下,降低相关成本。然而,由于当时许多技术尚未成熟,缺乏能够支持可编程合约的数字化系统和技术,尼克 萨博关于智能合约的工作理论迟迟没有实现。
The concept of an intelligent contract dates back to the 1990s, first proposed by the computer scientist, jurist and cryptographer Nick· and Nick Szabo. His definition of an intelligent contract is as follows: “ an intelligent contract is a set of commitments defined in digital form, including agreements in which its participants can implement those commitments. & ” Nick & Middot; and other researchers, such as Sabo, hope to be able to use cryptography and other digital security mechanisms to place the development and implementation of traditional contractual provisions under computer technology and reduce the associated costs.
随着区块链技术的出现与成熟,智能合约作为区块链及未来互联网合约的重要研究方向,得以快速发展。基于区块链的智能合约包括事件处理和保存的机制,以及一个完备的状态机,用于接受和处理各种智能合约,数据的状态处理在合约中完成。事件信息传入智能合约后,触发智能合约进行状态机判断。如果自动状态机中某个或某几个动作的触发条件满足,则由状态机根据预设信息选择合约动作的自动执行。因此,智能合约作为一种计算机技术,不仅能够有效地对信息进行处理,而且能够保证合约双方在不必引入第三方权威机构的条件下,强制履行合约,避免了违约行为的出现。
As block chain technology emerges and matures, smart contracts develop rapidly as an important research direction for block chains and future Internet contracts. Smart contracts based on block chains include mechanisms for event processing and preservation, as well as a fully developed state machine for receiving and processing smart contracts, where data processing is done. After event information is passed into smart contracts, smart contracts are triggered by state-of-the-art judgement. If the trigger conditions for one or more actions in an automated state machine are met, the status machine selects contractual actions based on predefined information.
智能合约的优点与风险
随着智能合约在区块链技术中的广泛应用,其优点已被越来越多的研究人员与技术人员认可。总体来讲,智能合约具备以下优点:
With the widespread application of smart contracts in block chain technology, their advantages have been recognized by a growing number of researchers and technicians. In general, smart contracts have the following advantages:
a. 合约制定的高时效性:智能合约在制定中,不必依赖第三方权威机构或中心化代理机构的参与,只需合约各方通过计算机技术手段,将共同约定条款转化为自动化、数字化的约定协议,大大减少了协议制定的中间环节,提高了协议制定的响应效率。
(a) Prescriptive nature of contract-making: smart contracts are designed without relying on the involvement of third-party authorities or centralized agents, and only through computer technology, the parties to the contract translate the terms of the mutual agreement into an automated, digitized contractual agreement, significantly reducing the intermediate link between agreement-making and increasing the efficiency of the response to agreement-making.
b. 合约维护的低成本性:智能合约在实现过程中以计算机程序为载体,一旦部署成功后,由计算机系统按照合约中的约定监督、执行,一旦发生毁约可按照事前约定由程序强制执行。因此,极大降低了人为监督与执行的成本。
b. Low cost of contract maintenance: Smart contracts are carried by computer programs in the process of realization and, once deployed successfully, are supervised and executed by computer systems as agreed in the contract and enforced by procedures as agreed in advance in the event of a breach. As a result, the costs of human supervision and enforcement are significantly reduced.
c. 合约执行的高准确性:智能合约的执行过程中,由于减少了人为参与的行为,因此利益各方均无法干预合约的具体执行,计算机系统能够确保合约正确执行,有效提高了合约的执行准确性。
c. High accuracy in contract implementation: During the implementation of a smart contract, fewer human-involved behaviour prevents all stakeholders from intervening in the actual execution of the contract, and computer systems are able to ensure that the contract is properly executed and effectively improve the accuracy of contract implementation.
虽然智能合约较传统合约具有明显的优点,但对智能合约的深入研究与应用仍在不断探索中,我们不能忽略这种新兴技术潜在的风险。
While smart contracts have clear advantages over traditional ones, the in-depth study and application of smart contracts is still being explored, and we cannot ignore the potential risks of this emerging technology.
2017 年,多重签名的以太坊钱包 Parity 宣布了一个重大漏洞,这个关键漏洞会使多重签名的智能合约无法使用,该漏洞导致了价值超过 1.5 亿美元的以太坊资金被冻结。无独有偶,2018 年 2 月,新加坡国立大学、新加坡耶鲁大学学院和伦敦大学学院的一组研究人员发布了一份报告声称,他们运用分析工具 Maian,分析基于以太坊的近 100 万个智能合约,发现有 34,200 个合约含有安全漏洞,予黑客可趁之机,可窃取以太币或是冻结资产、删除合约。
In 2017, the multi-signature Ether Wallet Parity announced a major gap that would render multi-signature smart contracts unusable and that led to the freezing of funds worth more than $150 million. Uniquely, in February 2018, a team of researchers at the National University of Singapore, Yale University College in Singapore and the University College in London published a report claiming that they used analytical tools, Maian, to analyse nearly 1 million smart contracts based in Ether, and found that 34,200 contracts contained security holes that allowed hackers to steal or freeze funds and delete contracts.
安全风险事件的发生值得我们反思,但不管怎样,业内人士普遍认为,区块链技术及智能合约将成为未来 IT 技术发展的一个重要方向,目前的风险是新技术成熟所必然经历的过程。
The occurrence of security risk events deserves our reflection, but in any event, industry is generally of the view that block chain technology and smart contracts will be an important direction for future IT technological development, and that the current risks are a process inherent in the maturity of new technologies.
智能合约的应用
目前,智能合约作为区块链的一项核心技术,已经在以太坊、Hyperledger Fabric 等影响力较强的区块链项目中,得到广泛应用。
Smart contracts, as a core technology in block chains, are now widely used in more influential block chain projects such as the Etheria, Hyperledger Fabric and others.
a. 以太坊的智能合约应用:以太坊的一个智能合约就是一段可以被以太坊虚拟机执行的代码。以太坊支持强大的图灵完备的脚本语言,允许开发者在上面开发任意应用,这些合约通常可以由高级语言(例如:Solidity、Serpent、LLL 等)编写,并通过编译器转换成字节码(byte code) 存储在区块链上。智能合约一旦部署就无法被修改。用户通过合约完成账户的交易,实现对账户的货币及状态进行管理与操作。
(a) Ether’s smart contract application: A smart contract in Ether is a code that can be executed by Ether’s virtual machine. It supports the powerful Turing script language, allowing developers to develop whatever they want to use it. These contracts can normally be prepared in advanced languages (e.g. Solidity, Serpent, LLL, etc.) and stored in a byte code (byte code) via a compiler. Once deployed, a smart contract cannot be modified. Users complete accounts transactions and manage and operate the currency and status of accounts.
b. Hyperledger Fabric 的智能合约应用:在 Hyperledger Fabric 项目中,智能合约的概念及应用被更广泛的延伸。作为无状态的、事件驱动的、支持图灵完备的自动执行代码,智能合约在 Fabric 中部署在区块链网络中,直接与账本进行交互,处于十分核心的位置。和以太坊相比,Fabric 智能合约和底层账本是分开的,升级智能合约时并不需要迁移账本数据到新智能合约当中,真正实现了逻辑与数据的分离。Fabric的智能合约称为链码(chaincode),分为系统链码和用户链码。系统链码用来实现系统层面的功能,负责 Fabric 节点自身的处理逻辑,包括系统配置、背书、校验等工作。用户链码实现用户的应用功能,提供了基于区块链分布式账本的状态处理逻辑,由应用开发者编写,对上层业务进行支持。用户链码运行在隔离的链码容器中。
b. Hyperledger Fabric's smart contract application: In the Hyperledger Fabric project, the concept and application of the smart contract is extended more widely. As an inactive, event-driven automated execution code that supports Turing's integrity, the smart contract is deployed in Fabric in a network of blocks, interacting directly with the books, and is in a very central position. Compared to Tails, Fabric's smart contract and bottom account book are separate, the upgrading of the smart contract does not require the migration of the account book to the new smart contract and provides a true separation of logic from data. Fabric's smart contract is called the chain code (chaincode), which is divided into system chain codes and user chain codes. The system chain code is used to achieve system-level functions and is responsible for its own processing logic at Fabric points, including system configurations, backbooks, calibrations, etc.
信息安全及密码学技术,是整个信息技术的基石。在区块链中,也大量使用了现代信息安全和密码学的技术成果,主要包括:哈希算法、对称加密、非对称加密、数字签名、数字证书、同态加密、零知识证明等。本章从安全的完整性、机密性、身份认证等维度,简要介绍区块链中安全及密码学技术的应用。
Information security and cryptography are the cornerstones of information technology as a whole. In the block chain, the technical results of modern information security and cryptography have also been used extensively. These include, inter alia, Hashi algorithms, symmetric encryption, asymmetric encryption, digital signatures, digital certificates, homogenous encryption, and proof of zero knowledge. This chapter outlines the application of security and cryptography in the block chain from the dimensions of security integrity, confidentiality, identification, etc.
完整性(防篡改)
区块链采用密码学哈希算法技术,保证区块链账本的完整性不被破坏。哈希(散列)算法能将二进制数据映射为一串较短的字符串,并具有输入敏感特性,一旦输入的二进制数据,发生微小的篡改,经过哈希运算得到的字符串,将发生非常大的变化。此外,优秀哈希算法还具有冲突避免特性,输入不同的二进制数据,得到的哈希结果字符串是不同的。
Block chains use crypto-Hashi algorithm techniques to ensure that the integrity of the block chain books is not compromised. The Hashi (casher) algorithms map binary data into a shorter string and have input-sensitive properties. Once binary data are entered, minor manipulations occur, and the strings obtained through the Hashi algorithms change significantly. Moreover, the excellent Hashi algorithms also have conflict-avoiding properties, with different binary data entered, and the Hashi result string is different.
区块链利用哈希算法的输入敏感和冲突避免特性,在每个区块内,生成包含上一个区块的哈希值,并在区块内生成验证过的交易的 Merkle 根哈希值。一旦整个区块链某些区块被篡改,都无法得到与篡改前相同的哈希值,从而保证区块链被篡改时,能够被迅速识别,最终保证区块链的完整性(防篡改)。
The block chain uses the input sensitivity and conflict avoidance features of the Hashi algorithm to generate, within each block, the Hashi value of the previous block and, within the block, the Merkle Genhashi value of the proven transaction. Once certain blocks of the entire block chain have been tampered with, the same Hashi value cannot be obtained as before the alteration, thus ensuring that, when the block chain is tampered with, it can be quickly identified and ultimately secure the integrity of the block chain (proofing).
机密性
加解密技术从技术构成上,分为两大类:一类是对称加密,一类是非对称加密。对称加密的加解密密钥相同;而非对称加密的加解密密钥不同,一个被称为公钥,一个被称为私钥。公钥加密的数据,只有对应的私钥可以解开,反之亦然。
In terms of technical composition, the decryption technique is divided into two main categories: symmetric encryption and asymmetric encryption. The symmetric encryption decryption key is the same; the non-symmetrical encryption key is different, one is called a public key and one is called a private key. The public key encryption data, only the corresponding private key, can be unlocked, and vice versa.
区块链尤其是联盟链,在全网传输过程中,都需要 TLS(Transport Layer Security)加密通信技术,来保证传输数据的安全性。而 TLS 加密通信,正是非对称加密技术和对称加密技术的完美组合:通信双方利用非对称加密技术,协商生成对称密钥,再由生成的对称密钥作为工作密钥,完成数据的加解密,从而同时利用了非对称加密不需要双方共享密钥、对称加密运算速度快的优点。
Block chains, in particular the Soyuz chain, require the TLS encryption technology to ensure the safety of the transmission of data during the full network transmission process. TLS encryption, which is the perfect combination of asymmetric encryption and symmetric encryption techniques: both parties to the communication use asymmetric encryption techniques to generate symmetric keys, then the resulting symmetric key as the working key, to complete the decryption of the data, taking advantage of the advantage that asymmetric encryption does not require both parties to share keys and symmetric encryption speed.
身份认证
单纯的 TLS 加密通信,仅能保证数据传输过程的机密性和完整性,但无法保障通信对端可信(中间人攻击)。因此,需要引入数字证书机制,验证通信对端身份,进而保证对端公钥的正确性。数字证书一般由权威机构进行签发。通信的一侧持有权威机构根CA(CerTIficaTIon Authority)的公钥,用来验证通信对端证书是否被自己信任(即证书是否由自己颁发),并根据证书内容确认对端身份。在确认对端身份的情况下,取出对端证书中的公钥,完成非对称加密过程。
A simple TLS encrypted communication only guarantees the confidentiality and integrity of the data transmission process, but does not guarantee the credibility of the communication at the end (intermediary attack). Therefore, a digital certificate mechanism needs to be introduced to verify the identity of the communication at the end, thereby ensuring the correctness of the end key. Digital certificates are usually issued by an authoritative authority. On one side of the communication, the public key of the authority's root CA (Certification Authority) is used to verify whether the communication at the end certificate is trusted by itself (i.e. whether the certificate is issued by itself) and the identity of the end is confirmed on the basis of the content of the certificate. In the case of identification at the end, the public key in the peer certificate is removed and an asymmetric encryption process is completed.
此外,区块链中还应用了现代密码学最新的研究成果,包括同态加密、零知识证明等,在区块链分布式账本公开的情况下,最大限度地提供隐私保护能力。这方面的技术,还在不断发展完善中。
In addition, modern cryptography, including homogenous encryption, proof of zero knowledge, should be used in the block chain to maximize the ability to protect privacy in the event that the block chain distribution books are made public.
区块链安全是一个系统工程,系统配置及用户权限、组件安全性、用户界面、网络入侵检测和防攻击能力等,都会影响最终区块链系统的安全性和可靠性。区块链系统在实际构建过程中,应当在满足用户要求的前提下,在安全性、系统构建成本以及易用性等维度,取得一个合理的平衡。
Block chain security is a system engineering project, and system configuration and user privileges, component security, user interfaces, network intrusion detection and attack resistance affect the security and reliability of the ultimate block chain system. Block chain systems should be constructed with a reasonable balance in terms of security, cost of building the system and ease of use, while meeting user requirements.
到此这篇关于区块链的原理和特征介绍的文章就介绍到这了,更多相关区块链原理与特征内容请搜索脚.本.之家以前的文章或继续浏览下面的相关文章,希望大家以后多多支持脚.本.之.家!
So here's the article on the principles and characteristics of the block chain. More details on the principles and features of the block chain can be found in the scripts.
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论