How does blockchain prevent data tampering?

　　Blockchain is a new application mode of computer technology, including distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, etc.

　　Different from traditional distributed storage, the uniqueness of blockchain’s distributed storage is mainly reflected in two aspects: first, each node of the blockchain stores complete data in a block chain structure, while traditional distributed storage generally divides data into multiple parts for storage according to certain rules. Second, each node’s storage on the blockchain is independent and equal in status, relying on the consensus mechanism to ensure the consistency of storage, while traditional distributed storage generally synchronizes data to other backup nodes through a central node.

　　No single node can record the ledger data alone, thus avoiding the possibility that a single bookkeeper can be controlled or bribed to keep false accounts. Also, due to the sufficient number of accounting nodes, theoretically speaking, unless all nodes are destroyed, the accounts will not be lost, thereby ensuring the security of the account data.

　　Transaction information stored on the blockchain is public, but the account identity information is highly encrypted, and can only be accessed with the authorization of the data owner, thereby ensuring the security of the data and the privacy of individuals.

　　Blockchain proposes four different consensus mechanisms, which are suitable for different application scenarios and achieve a balance between efficiency and security.

　　Based on these characteristics, this data storage technology can perfectly prevent the possibility of data tampering, and can also be applied to many fields in reality, providing a safer and more reliable guarantee for electronic certification technology in electronic contract signing.

　　How does blockchain ensure data security?

　　In blockchain technology, digital encryption technology is the key, generally using asymmetric encryption algorithms, that is, the encryption password and the decryption password are different.

　　In simple terms, it is that we have exclusive private keys. As long as we protect our private keys and give the public key to the other party, the other party can encrypt the file with the public key to generate ciphertext, and then send the ciphertext to you. We can then decrypt the ciphertext with our private key to obtain plaintext, ensuring that the transmitted content is not seen by others. In this way, the encrypted data is transmitted and completed. At the same time, digital signatures provide us with an additional layer of security, used to prove that the file sent to the other party has not been tampered with during the process.lottery platform and The latest website

　　As a fundamental encryption technology, blockchain encryption technology can effectively ensure data security, change the current situation of easy data leakage and exploitation, and provide comprehensive protection for personal information data. It is also expected to bring the necessary changes to fields such as the Internet of Things, big data, credit supervision, and mobile office. How does blockchain technology enhance the security of internet insurance?

　　Chongqing Jinvwo Network analyzes the security of blockchain technology as follows:

　　1-Blockchain technology is conducive to strengthening the protection of customer information;

　　2-Blockchain technology can further enhance the consumer experience;

　　3-Blockchain technology can reduce information asymmetry risk;

　　4-Blockchain technology can ensure that transaction information is secure, real, and reliable. How should blockchain security issues be resolved?
lottery help，We need you
　　One characteristic of blockchain projects (especially public chains) is that they are open-source. By opening the source code, it enhances the credibility of the project and allows more people to participate. However, the openness of the source code also makes it easier for attackers to attack the blockchain system. In the past two years, there have been multiple hacker attacks, and recently the anonymous cryptocurrency Verge (XVG) was attacked again. The attacker locked in a vulnerability in the XVG code, which allowed malicious miners to add false timestamps to blocks, and then quickly mine new blocks, earning nearly $1.75 million in lottery and How to find it in just a few hours. Although the attack was successfully stopped later, no one can guarantee that attackers will not launch another attack in the future.

　　Of course, blockchain developers can also take some measures

　　The first is to use professional code audit services

　　The second is to understand the security coding specifications to prevent problems before they occur.

　　The security of cryptographic algorithms

　　With the development of quantum computers, there will be significant security threats to the currently used cryptographic systems. Blockchain mainly relies on elliptic curve public key encryption algorithms to generate digital signatures for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, and others cannot withstand quantum attacks in theory, which will pose a significant risk. More and more researchers are beginning to pay attention to cryptographic algorithms that can resist quantum attacks.

　　Of course, in addition to changing the algorithm, there is another way to enhance a certain level of security:

　　Referencing Bitcoin’s approach to handling public key addresses, it reduces the potential risk of public key leakage. As users, especially Bitcoin users, each transaction’s balance is stored using a new address to ensure that the public key of the address storing Bitcoin funds is not leaked.

　　The security of the consensus mechanism

　　The current consensus mechanisms include Proof of Work (PoW), Proof of Stake (PoS), Delegated Proof of Stake (DPoS), and Practical Byzantine Fault Tolerance (PBFT), among others.

　　PoW faces the 51% attack problem. Since PoW depends on computing power, when the attacker has a computing power advantage, the probability of finding a new block will be greater than that of other nodes, at this time, they have the ability to cancel the transactions that have already occurred. It should be noted that even in this case, the attacker can only modify their own transactions and cannot modify other users’ transactions (the attacker does not have other users’ private keys).

　　In PoS, the attacker can only succeed in an attack when holding more than 51% of the Token volume, which is more difficult than 51% computing power in PoW.

　　In PBFT, the system is secure when the number of malicious nodes is less than 1/3 of the total nodes. In general, any consensus mechanism has its established conditions. As an attacker, it is also necessary to consider that once the attack is successful, it will cause the value of the system to be zero, at this time, the attacker, in addition to destruction, does not get other valuable returns.

　　For blockchain project designers, it is necessary to understand the advantages and disadvantages of various consensus mechanisms in order to choose the appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scenario.

　　Security of smart contracts

　　Smart contracts have advantages such as low operation costs and low risk of human intervention, but if there are problems in the design of smart contracts, they may cause significant losses. In June 2016, the largest crowdfunding project on Ethereum, TheDAO, was attacked, and hackers obtained more than 3.5 million ether, which later led to the hard fork of Ethereum into ETH and ETC.

　　The proposed measures include two aspects:

　　First is to conduct a security audit of smart contracts:

　　Second is to follow the principles of safe development of smart contracts.

　　The principles of safe development of smart contracts are: be prepared for possible errors, ensure that the code can correctly handle the bugs and vulnerabilities that occur; be cautious when releasing smart contracts, conduct functional and security testing, and fully consider the boundaries; keep smart contracts simple; pay attention to blockchain threat intelligence and check for updates in a timely manner; understand the characteristics of blockchain, such as being cautious when calling external contracts, etc.

　　Security of digital wallets

　　The main security risks of digital wallets mainly exist in three aspects: first, design defects. At the end of 2014, a report due to a serious random number problem (R value repetition) caused hundreds of digital assets to be lost by users. Second, malicious code is included in the digital wallet. Third, the loss of assets due to the loss or damage of computers or mobile phones.

　　The main countermeasures mainly include four aspects:

　　First is to ensure the randomness of the private key;

　　Second is to perform a hash value check before software installation to ensure that the digital wallet software has not been tampered with;

　　Third is to use cold wallet;

　　Four is to backup the private key. How does Yibaoquan use blockchain technology to protect data security?

　　Yi Baohuan is the first in China to solidify electronic data preservation using blockchain technology and is recognized by judicial authorities as an electronic data preservation and conservation institution. Since 2013, it has been committed to the research and development and innovative application of blockchain technology, innovating the ‘blockchain + judicial + application’ model, creating 4可信 blockchain basic applications and alliance blockchain ‘Preservation Chain Open Platform’.

　　Using technologies such as blockchain, digital signature, timestamp, encryption algorithm, and consensus algorithm, we firmly build the foundation of data security from technical protection, management operation, and application practice, making data preservation and interaction safer.

　　Yi Baohuan connects with many domestic authoritative CA institutions, allowing the platform to directly connect with the CA system, providing ‘trusted digital identity services’ to users. It uses multiple identity authentication methods such as ‘face recognition, mobile phone number, and bank card elements’ to provide digital identity proof for every virtual account ID.

　　At the same time, combining multiple intention authentication methods such as ‘signature password, SMS verification code, and facial recognition’, it ensures that all operations within the system are supported by real identities and are based on real intentions, better avoiding risks such as account ID leakage, data leakage, and information misappropriation, and ensuring that every piece of data information is real and credible.

　　Since its establishment, Yi Baohuan has attached great importance to the management and protection of user data security and privacy. When data is uploaded to the chain, Yi Baohuan uses technologies such as timestamps, encryption algorithms, and consensus algorithms to ensure the integrity and originality of the data; after uploading to the chain, it uses the ‘Preservation Chain’ to solidify the preservation of electronic data from the moment of its creation to various judicial nodes, multi-party backup evidence, ensuring that ordinary electronic data is upgraded to legally recognized electronic evidence, and can be officially verified in authoritative institutions in real time, protecting every piece of data uploaded to the chain, and ensuring that rights and interests are not violated.

　　Based on principles such as security, compliance, and privacy, Yi Baohuan provides users with blockchain electronic data preservation and conservation services that meet legal and regulatory requirements and are secure and trustworthy under the strict supervision of the Ministry of Industry and Information Technology and the Cyberspace Administration. These services can deeply integrate with fields such as electronic contracts, copyright protection, and judicial services, ensuring that every piece of electronic data can be recorded throughout the process, traced throughout the process, verified for all data, and provide credible evidence through the entire chain.

　　In terms of qualification certification, Yi Baohuan has obtained the National Public Security Ministry’s Level 3 Security Protection Certification, ISO27001 Certification, ISO9001 Certification, and has been approved by the National Cyberspace Administration for four information service filings. It is also the only blockchain selected enterprise in the 2018 Ministry of Industry and Information Technology Industrial Internet Pilot Demonstration Project. Blockchain technology and qualifications have been recognized by the state. How can the security of blockchain usage be guaranteedlottery online website，come on baby?

　　Blockchain itself solves the problem of large-scale collaboration between strangers, that is, strangers can collaborate with each other without needing to trust each other. So how can we ensure trust between strangers to achieve consensus mechanisms? Centralized systems rely on the endorsement of trusted third parties, such as banks. Banks are considered reliable and trustworthy institutions by the general public, and people can trust banks to resolve disputes in real life. However, how does a decentralized blockchain ensure trust?

　　In fact, blockchain uses the basic principles of modern cryptography to ensure its security mechanism. The knowledge system involved in cryptography and security is very complex, and here I only introduce the basic cryptography knowledge related to blockchain, including Hash algorithm, encryption algorithm, information summary and digital signature, zero-knowledge proof, quantum cryptography, etc. You can understand how blockchain ensures its confidentiality, integrity, authentication, and non-repudiation through this lesson.

　　Basic Course 7: Blockchain Security Basic Knowledge

　　1. Hash algorithm (Hash algorithm)

　　Hash function (Hash), also known as hash function. Hash function: Hash (original information) = summary information, the hash function can map any length of binary plaintext string to a shorter (usually fixed length) binary string (hash value).

　　A good hash algorithm has the following 4 characteristics:

　　1. One-to-one correspondence: The same plaintext input and hash algorithm always produce the same summary information output.

　　2. Input sensitivity: Even if there is any change in the plaintext input, the new summary information generated will change greatly, and there will be a huge difference from the original output.

　　3. Easy to verify: The plaintext input and the hash algorithm are public, and anyone can calculate it independently, and verify whether the output hash value is correct.

　　4. Non-reversibility: If only the output hash value is available, it is absolutely impossible to deduce the plaintext from the hash algorithm.

　　5. Collision avoidance: It is very difficult to find two different plaintexts with the same hash value (collisions occur).

　　For example:

　　Hash (Zhang San lends Li Si 100,000 yuan, with a loan period of 6 months) = 123456789012

　　The account book records a record like 123456789012.

　　It can be seen that the hash function has 4 functions:

　　Simplify information

　　It is very easy to understand that the information becomes shorter after hashing.

　　Identify information

　　123456789012 can be used to identify the original information, and the summary information is also known as the id of the original information.

　　Conceal information

　　The account book is a record like 123456789012, and the original information is concealed.

　　Verify information

　　If Li Si cheats at the time of repayment by saying that Zhang San only lent Li Si 50,000 yuan, both parties can use the hash value after hashing and the previously recorded hash value 123456789012 to verify the original information

　　Hash (Zhang San lends Li Si 50,000 yuan, with a loan period of 6 months) = 987654321098

　　987654321098 is completely different from 123456789012, which proves that Li Si lied, and successfully ensures the non-tamperability of information.

　　Common hash algorithms include MD4, MD5, SHA series algorithms, and the mainstream fields now use basically all SHA series algorithms. SHA (Secure Hash Algorithm) is not a single algorithm, but a set of hash algorithms. Initially, it was the SHA-1 series, and now the mainstream applications are SHA-224, SHA-256, SHA-384, SHA-512 algorithms (commonly known as SHA-2). Recently, related algorithms such as SHA-3 have also been proposed, such as KECCAK-256 used by Ethereum, which belongs to this kind of algorithm.

　　MD5 is a very classic hash algorithm, but unfortunately, it and the SHA-1 algorithm have both been cracked, and are considered by the industry to be insufficiently secure for commercial applications. It is generally recommended to use at least SHA-256 or more secure algorithms.

　　Hash algorithms are widely used in blockchain, for example, in blocks, the subsequent block will always contain the hash value of the previous block, and the hash value of the subsequent block is calculated together with the content of the subsequent block and the hash value of the previous block, ensuring the continuity and non-tamperability of the chain.

　　Two, Encryption and Decryption Algorithms

　　Encryption and decryption algorithms are the core technology of cryptography, which can be divided into two basic types from the design concept: symmetric encryption algorithms and asymmetric encryption algorithms. They are distinguished by whether the same key is used in the encryption and decryption process. The two modes are suitable for different needs and complement each other perfectly. Sometimes they can also be combined to form a hybrid encryption mechanism.

　　Symmetric encryption algorithms (symmetric cryptography, also known as common-key cryptography, common-key cryptography), the encryption and decryption keys are the same, and their advantage is high computational efficiency and high encryption strength; their disadvantage is that the key needs to be shared in advance, which is easy to lead to the key being leaked or lost. Common algorithms include DES, 3DES, AES, etc.

　　Asymmetric encryption algorithms (asymmetric cryptography, also known as public-key cryptography, public-key cryptography), the encryption and decryption keys are different, and their advantage is that there is no need to share the key in advance; their disadvantage lies in the low computational efficiency, which can only encrypt content of shorter length. Common algorithms include RSA, SM2, ElGamal, and elliptic curve series algorithms, etc. Symmetric encryption algorithms are suitable for the encryption and decryption process of large amounts of data; they cannot be used in signature scenarios, and it is often necessary to distribute the key in advance. Asymmetric encryption algorithms are generally suitable for signature scenarios or key negotiation, but not suitable for the encryption and decryption of large amounts of data.

　　Three, Information Summary and Digital Signature

　　As the name implies, information summary is a hash operation performed on the information content to obtain a unique summary value that replaces the original complete information. Information summary is one of the most important uses of hash algorithms. By utilizing the collision resistance characteristic of hash functions, information summary can solve the problem of whether the content has been tampered with.

　　Digital signatures are similar to signing on paper contracts to confirm the content of the contract and prove identity. Digital signatures are based on asymmetric encryption and can be used to prove the integrity of certain digital content while also confirming the source (or non-repudiation).

　　We have two characteristics for digital signatures that make them consistent with our expectations of handwritten signatures. First, only you can create your own signature, but anyone who sees it can verify its validity; second, we hope that the signature is only related to a specific document and does not support other documents. All of this can be achieved through the asymmetric encryption algorithm we mentioned above to implement digital signatures.

　　In practice, we usually sign the hash value of information rather than the information itself, which is determined by the efficiency of asymmetric encryption algorithms. In the context of blockchain, this corresponds to signing the hash pointer, and if done in this way, the entire structure is signed, not just the hash pointer itself.

　　IV. Zero-Knowledge Proof (Zero-Knowledge Proof)

　　Zero-knowledge proofs refer to the situation where the prover convinces the verifier of the correctness of a certain assertion without providing any additional information to the verifier.

　　Zero-knowledge proofs generally meet three conditions:

　　1. Completeness (Integrity): True proofs can enable the verifier to successfully verify;

　　2. Soundness (Reliability): False proofs cannot pass the verification of the verifier;

　　3. Zero-Knowledge (Zero-Knowledge): If a proof is obtained, no information other than the proof information can be learned from the proof process.

　　V. Quantum Cryptography (Quantum cryptography)

　　With the increasing attention to the research of quantum computing and quantum communication, quantum cryptography is expected to have a significant impact on the information security of cryptography in the future.

　　The core principle of quantum computing is that quantum bits can be in multiple coherent superpositions simultaneously. Theoretically, a small number of quantum bits can represent a large amount of information and process it at the same time, greatly increasing the speed of computation.

　　As a result, a large number of encryption algorithms currently in use are theoretically unreliable and can be cracked. This necessitates the upgrading and replacement of encryption algorithms to prevent them from being broken by quantum computing.

　　It is well known that quantum computing is still at a theoretical stage and is far from large-scale commercial application. However, new-generation encryption algorithms must take into account the possibility of such a situation.

　　The first article is formulated in accordance with the Cybersecurity Law of the People’s Republic of China, the Measures for the Administration of Internet Information Services, and the Notice on Authorizing the National Internet Information Office to Be Responsible for the Management of Internet Information Content, in order to standardize the activities of blockchain information services, safeguard national security and public interests, protect the legitimate rights and interests of citizens, legal persons, and other organizations, and promote the healthy development of blockchain technology and related services. The second article stipulates that those engaging in blockchain information services within the territory of the People’s Republic of China shall abide by these regulations. Where laws and administrative regulations provide otherwise, such provisions shall be followed.

　　The term ‘blockchain information service’ in this regulation refers to information services provided to the public through the internet, applications, and other forms, based on blockchain technology or systems.

　　The term ‘blockchain information service provider’ in this regulation refers to the entity or node that provides blockchain information services to the public, as well as the institutions or organizations that provide technical support to the providers of blockchain information services; the term ‘blockchain information service user’ refers to the organization or individual that uses blockchain information services. Article 3 states that the National Internet Information Office is responsible for the supervision and law enforcement of the national blockchain information service according to its duties. The Internet Information Offices of provinces, autonomous regions, and municipalities directly under the Central Government are responsible for the supervision and law enforcement of blockchain information services within their administrative regions according to their duties. Article 4 encourages industry organizations in the blockchain sector to strengthen self-regulation, establish and improve industry self-regulatory systems and standards, guide blockchain information service providers to establish and improve service specifications, promote the construction of an industry credit evaluation system, urge blockchain information service providers to provide services in accordance with the law and accept social supervision, improve the professional quality of personnel engaged in blockchain information services, and promote the healthy and orderly development of the industry. Article 5 requires blockchain information service providers to implement the responsibility for the security management of information content, establish and improve management systems for user registration, information review, emergency response, and security protection. Article 6 requires blockchain information service providers to have technical conditions that are appropriate for their services, and should have the ability to promptly and respond to the publication, recording, storage, and dissemination of information content prohibited by laws and administrative regulations, and the technical solutions should comply with national relevant standards and specifications. Article 7 requires blockchain information service providers to formulate and publicly disclose management rules and platform conventions, sign service agreements with blockchain information service users, clarify the rights and obligations of both parties, and require them to commit to complying with laws and platform conventions. Article 8 requires blockchain information service providers to authenticate the real identity information of users based on organizational code, ID card number, or mobile phone number in accordance with the provisions of the ‘Cybersecurity Law of the People’s Republic of China’. If users do not undergo real identity information authentication, blockchain information service providers shall not provide them with related services. Article 9 states that blockchain information service providers that develop and launch new products, applications, or functions shall report to the National Internet Information Office and the Internet Information Offices of provinces, autonomous regions, and municipalities directly under the Central Government for security assessment in accordance with relevant regulations. Article 10 prohibits the use of blockchain information services to engage in activities prohibited by laws and administrative regulations, such as endangering national security, disrupting social order, and infringing on the legitimate rights and interests of others, and prohibits the production, reproduction, publication, and dissemination of information content prohibited by laws and administrative regulations through blockchain information services. Article 11 requires blockchain information service providers to fill in the name of the service provider, service category, service form, application field, server address, and other information through the National Internet Information Office blockchain information service filing management system within ten working days from the date of providing services, and complete the filing procedures.

　　If the provider of blockchain information services changes the service items, platform website, and other matters, they shall handle the procedures for the change within five working days from the date of the change.

　　The provider of blockchain information services shall handle the procedures for cancellation and make proper arrangements thirty working days before the termination of service. Article 12: After the national and provincial, autonomous region, and municipal Internet Information Offices receive the filing materials submitted by the filer, if the materials are complete, they shall file the materials within twenty working days, issue a filing number, and publish the filing information to the public through the national Internet Information Office’s blockchain information service filing management system; if the materials are incomplete, they shall not file the materials, notify the filer within twenty working days, and explain the reasons. Article 13: The provider of blockchain information services that has completed the filing shall indicate its filing number in a prominent position on its internet sites, applications, and other services provided to the public. Article 14: The national and provincial, autonomous region, and municipal Internet Information Offices shall conduct regular inspections of the blockchain information service filing information. The provider of blockchain information services shall log in to the blockchain information service filing management system within the specified time to provide relevant information. Article 15: If the blockchain information services provided by the provider have information security risks, they shall be rectified, and they may continue to provide information services only after meeting the relevant provisions of laws, administrative regulations, and national standards and specifications. Article 16: The provider of blockchain information services shall take measures such as warnings, restriction of functions, and account closure against users who violate laws, administrative regulations, and service agreements, take timely measures to deal with illegal information content, prevent the spread of information, keep relevant records, and report to the relevant competent authorities.

　　How to detect the risk level of blockchain smart contracts

　　With the acceleration of Shanghai’s digital transformation, blockchain technology has been deeply applied in many fields such as government affairs, finance, logistics, and judiciary. In the process of application, it not only gives rise to new business forms and business models, but also produces many security issues, making safety supervision particularly important. As one of the important means of supervision, security evaluation has become a hot topic of attention for many blockchain research and development manufacturers and application enterprises. This article discusses our exploration and practice on the compliance security evaluation of blockchain that concerns everyone.

　　1. Blockchain technology evaluation

　　Blockchain technology evaluation is generally divided into functional testing, performance testing, and security evaluation.

　　1. Functional testing

　　Functional testing is the testing of the basic functions supported by the underlying blockchain system, with the purpose of measuring the scope of capabilities of the underlying blockchain system.

　　The blockchain functional testing mainly relies on standards such as GB/T25000.10-2016 ‘System and Software Quality Requirements and Evaluation (SQuaRE) – Part 10: System and Software Quality Models’ and GB/T25000.51-2016 ‘System and Software Quality Requirements and Evaluation (SQuaRE) – Part 51: Quality Requirements and Test Specifications for Ready-to-Use Software Products (RUSP)’, to verify whether the software under test meets the relevant testing standard requirements.

　　The blockchain functional testing specifically includes networking and communication, data storage and transmission, availability of encryption modules, consensus functions and fault tolerance, smart contract functions, system management stability, chain stability, privacy protection, interoperability, account and transaction types, private key management schemes, and audit management modules.

　　2. Performance Testing

　　Performance testing is a type of testing implemented and executed to describe the performance-related characteristics of the test object and evaluate them, which is mostly used in project acceptance assessment to verify whether the established technical indicators have been completed.

　　Blockchain performance testing includes modules such as high concurrency pressure test scenarios, peak impact test scenarios, long-term stable operation test scenarios, and query test scenarios.

　　3. Security Assessment

　　Blockchain security assessment mainly involves security testing and evaluation of account data, cryptographic mechanism, consensus mechanism, smart contracts, etc.

　　The main basis for blockchain security assessment is ‘DB31/T1331-2021 General Security Requirements for Blockchain Technology’. It can also refer to other standards such as ‘JR/T0193-2020 Evaluation Rules for Financial Applications of Blockchain Technology’ and ‘JR/T0184-2020 Security Specification for Distributed Ledger Technology in Finance’, according to actual test requirements.

　　The specific content of blockchain security assessment includes storage, network, computing, consensus mechanism, cryptographic mechanism, timing mechanism, personal information protection, networking mechanism, smart contracts, service and access, etc.

　　II. Blockchain Compliance Security Assessment

　　Blockchain compliance security assessment generally includes three categories: ‘Blockchain Information Service Security Assessment’, ‘Network Security Level Protection Assessment’, and ‘Special Fund Project Acceptance Assessment’.

　　1. Security Assessment of Blockchain Information Services

　　The security assessment of blockchain information services mainly relies on the ‘Regulation for the Administration of Blockchain Information Services’ (hereinafter referred to as the ‘Regulation’) issued by the National Internet Information Office on January 10, 2019, and refers to the national blockchain standard ‘Blockchain Information Service Security Specification (Draft for Comments)’.

　　The ‘Regulation’ aims to clarify the information security management responsibilities of blockchain information service providers, regulate and promote the healthy development of blockchain technology and related services, avoid security risks of blockchain information services, and provide effective legal basis for the provision, use, and management of blockchain information services. Article 9 of the ‘Regulation’ points out: When blockchain information service providers develop and launch new products, new applications, or new functions, they shall report for security assessment to the National Internet Information Office and the Internet Information Offices of provinces, autonomous regions, and municipalities directly under the Central Government in accordance with the relevant provisions.

　　The ‘Blockchain Information Service Security Specification’ is a national standard for constructing and evaluating the security capabilities of blockchain information services, jointly compiled by the Institute of Information Engineering of the Chinese Academy of Sciences, Zhejiang University, the China Electronics Technology Standardization Institute, the Shanghai Information Security Assessment and Certification Center, and other units. The ‘Blockchain Information Service Security Specification’ stipulates the security requirements that blockchain information service providers of consortia chains and private chains should meet, including technical security requirements, security assurance requirements, and corresponding test and evaluation methods. It is applicable for guiding the security assessment and construction of blockchain information services. The framework of security technical requirements and security assurance requirements proposed by the standard is as follows:

　　Figure 1: Security Requirements Model for Blockchain Information Service

　　2. Cyber Security Level Protection Evaluation

　　The main basis for the level protection security evaluation of cyber security includes ‘GB/T22239-2019 Basic Requirements for Cyber Security Level Protection’ and ‘GB/T28448-2019 Requirements for Cyber Security Level Protection Evaluation’.

　　As a new emerging information technology, the application systems constructed by blockchain also belong to the level protection objects and need to carry out level protection evaluation according to regulations. The general requirements for level protection security evaluation are applicable to the assessment of the infrastructure part of blockchain, but there are currently no specific security requirements proposed for blockchain. Therefore, the extended requirements for blockchain security evaluation still need to be further explored and studied.

　　3. Special Fund Project Acceptance Evaluation

　　According to the relevant regulations of the Municipal Economic and Information Technology Commission, security evaluation reports are required to be submitted at the time of project acceptance for informationization special fund projects. The acceptance evaluation of blockchain application projects will be carried out based on the latest local standard of Shanghai, ‘DB31/T1331-2021 General Requirements for Security of Blockchain Technology’.

　　Third, Exploration and Practice of Blockchain Security Evaluation

　　1. Standard Development

　　The Shanghai Evaluation Center actively participates in the development of blockchain standards. The local standard of blockchain technology security general requirements, ‘DB31/T1331-2021 Blockchain Technology Security General Requirements’, which was compiled by the Shanghai Evaluation Center and other units such as Suzhou Tongji Blockchain Research Institute Co., Ltd., Shanghai Qiyin Information Technology Co., Ltd., Shanghai Mohe Network Technology Co., Ltd., and the First Research Institute of Telecommunication Science and Technology, was officially released in December 2021 and officially implemented as of March 1 this year. The national standard of blockchain information service security specification, which was compiled by the Shanghai Evaluation Center, is currently in the stage of soliciting opinions.

　　At the same time, the evaluation center also participated in writing the junior and senior textbooks on blockchain engineering technicians organized by the Ministry of Human Resources and Social Security of the People’s Republic of China, led by Tongji University, responsible for compiling the content of the chapter ‘Testing Blockchain Systems’.

　　2. Project Practice

　　In recent years, the Shanghai Evaluation Center has carried out a large number of blockchain security evaluation practices based on relevant technical standards, including level protection evaluation, information service security assessment, and project security evaluation. In the evaluation practice, the main security issues found are as follows:

　　Table 1: The main security issues of blockchain are as follows

　　Serial Number

　　Evaluation Items

　　Problem Description

　　1

　　Consensus Algorithm

　　The consensus algorithm adopts Kafka or Raft consensus, does not support Byzantine fault tolerance, and does not support tolerating malicious behavior of nodes.

　　2

　　Chain Data

　　Sensitive information uploaded to the chain has not been encrypted, and all data on the chain can be accessed through query interfaces or blockchain browsers.

　　3

　　Password Algorithm

　　The random numbers used in the password algorithm do not meet the requirements of GB/T32915-2016 for randomness.

　　4

　　Node Protection

　　For consortium chains, security protection measures have not been configured for the region where the node server is located.

　　5

　　Communication Transmission

　　No secure information transmission channel is established during the communication between nodes, and between the blockchain and upper-level applications.

　　6

　　Consensus Algorithm

　　The number of system deployment nodes is relatively small, and sometimes it does not even reach the fault-tolerance number required by the consensus algorithm.

　　7

　　Smart Contract

　　The operation of smart contracts has not been monitored, and it is not possible to discover and deal with problems that occur during the operation of smart contracts in a timely manner.

　　8

　　Service and Access

　　Upper-level applications have unauthorized access, over-privileged access, and other access control defects, leading to business chaos and data leakage.

　　9

　　Smart Contract

　　The coding of smart contracts is not standardized, and when smart contracts occur errors, the freezing function of smart contracts is not provided.

　　10

　　Smart Contract

　　The running environment of smart contracts is not isolated from the outside, and there is a risk of external attacks.

　　3. Tool Application

　　When organizing and compiling the ‘DB31/T1331-2021 General Requirements for Security of Blockchain Technology’, the evaluation center has considered the integration needs of level protection evaluation. The ‘infrastructure layer’ security in DB31/T1331 is consistent with the relevant requirements of the security physical environment, secure communication network, security area boundary, secure computing environment, and security management center of level protection, while ‘protocol layer security’ and ‘extension layer security’ more reflect the unique security protection requirements of blockchain.

　　The evaluation center is organizing the writing of blockchain evaluation extension requirements based on the relevant security requirements of DB31/T1331, and the relevant achievements will be applied to the evaluation tool for security level protection of cyber security——Evaluation Expert. At that time, evaluation institutions using the ‘Evaluation Expert’ software can carry out blockchain security evaluations accurately, standardly, and efficiently, discover blockchain security risks, and put forward corresponding improvement suggestions.

　　How to see if the contract is locked in the blockchain browser

　　1. Open the browser and enter the address:.

　　2. Enter the contract address you want to query in the box in the upper right corner, and click ‘GO’ after entering the address.

　　3. Enter the information details page after the contract address.

　　4. We click on the location of the contract name to view the contract details. How to view the contract details of the bsc blockchain

　　You can view it by opening the TokenPocket APP.

　　Click the browser icon below to access the BSC block explorer. Information such as the transaction status, sender, receiver, token contract address, and transaction fee for this transaction will be displayed on the browser page. Binance Smart Chain (BSC) can be described as a blockchain parallel to Binance Chain. Unlike Binance Chain, BSC has smart contract functions and is compatible with the Ethereum Virtual Machine (EVM). The design goal here is to maintain the high throughput of the complete Binance Chain while introducing smart contracts to its ecosystem.