Blockchain Security Audit | Blockchain Cryptography Security Defense
The article aims to spread basic knowledge on blockchain security, Welcome to follow and discuss with us
Author: Sharon
This week, Lunaray will further exchange with you about the risks and defense strategies related to blockchain cryptography security.
Now that we’ve seen the 3 main attack methods against cryptography security, then what are the main risks to cryptography security?
Blockchain cryptography security analysis:
(1)Private key management method risks
The security of private key management is the premise of blockchain cryptography security. The current mainstream way is to manage it through software and hardware wallets, or to be kept by users themselves.
Once the private key is lost, the user is not only unable to perform any operations on the data, but also unable to use and retrieve the digital assets they own, resulting in irreparable losses.
(2)There are backdoors and loopholes in the engineering practice of cryptographic algorithms
Cryptography has developed to a considerable maturity, and cryptographic algorithms such as ECC and RSA have themselves been mathematically proven to have a high degree of security.
However, due to the complexity of its algorithms, there are backdoors and vulnerabilities in engineering practice. Attackers often use these vulnerabilities to steal the private key.
What should we do about these risks?
(1)Use a variety of storage methods to secure the private key
There are generally three types of secure storage methods for the private key, hardware storage, software storage, and split storage. Choosing the appropriate storage method can effectively strengthen the security of the private key.
1、Hardware storage, the private key is stored in a hardware encryption card or USBKey, the use process generally includes two types:
a)Store the private key in the card, export the private key to the blockchain client software wallet when used, and delete the external private key after use; b)The private key carries on the signature calculation directly in the hardware card, the packaged transaction output, the private key does not leave the hardware device during the whole use process.
Compared with the two methods, the cost of a is lower, and the corresponding functions can be completed by using a USB disk.
The security of b is higher, and the cost of use is higher. The private key execution environment ensures the security of the entire operating environment in the hardware, and the private key cannot be stolen by Trojan viruses.
2、Software storage, which is the most widely used method in the blockchain system at present, is to set the password, use the password and then encrypt the private key to store in the software client.
It is very simple to use and low cost, but the security is very low compared with the hardware.
3、Split storage, this method divides the original private key into 2 to n parts, stores each private key part separately in different areas or users.
And when it is needed to be used, it is synthesized and signed by certain mathematical methods, so as to avoid the leakage of the entire private dynasty, and the leakage of part of the private key will not affect the security of the entire asset.
This method is more secure, but it is more complicated to use. The most typical example is the threshold signature scheme, which is currently commonly used in blockchain systems to protect huge asset transactions.
(2)Use PKI digital certificate management and CA certification
PKI (Public Key Infrastructure) is a standards-compliant technology and specification that uses Public Key encryption technology to provide a secure infrastructure for e-commerce.
Through a third-party trusted organization — the certification center CA (Certicate Authority), the user’s public key and the user’s other identification information (such as name, e-mail, ID number, etc.) are bundled together to verify the identity of the user on the Internet. The digital certificate based on the PKI structure to encrypt the digital information to ensure the confidentiality and integrity of information transmission.
Welcome to communicate with us if you have more good ideas about blockchain cryptography security defense and please stay tuned to Lunaray for more useful information.
