On the technical security of domestic digital collections

Editor’s note

Overseas NFTs have been widely concerned and discussed by the market since they became popular in 2021. However, the product logic of NFTs in overseas markets is not exactly the same as domestic digital collections. As a new application of blockchain, how to technically ensure the security of digital collections is a problem that many players are very concerned about. This article is the opinion sharing of Yuan Liwei, a senior technical expert of AntChain, at the seminar of “Digital Collections & Cold Thinking under the Heat of NFT” at Laika Think Tank.

In the field of the Internet, the issue of security is an eternal topic. Even a very mature Windows operating system still needs constant security patches. In my opinion, the essence of security is the continuous evolution of both offensive and defensive. The so-called Tao is one foot high and the devil is ten feet high. The offensive and defensive sides are actually a relationship of strength and weakness. There is no absolute security, and there is no absolute insecurity.

AntChain has always attached great importance to security issues. Whether it is the security of smart contracts, the adoption of new programming paradigms and the basic requirements for consortium chains, we are always looking for stronger guarantees of security.

The first point is about smart contracts. WhaleTrack is developed based on smart contracts. There will be some accumulation in the industry regarding the security of smart contracts. As we all know, there are some companies at home and abroad that can audit smart contracts. They will audit dozens of common vulnerabilities from the earliest blockchain to the present, the most basic ones are integer overflow or reentrancy issues, and so on.

While referring to these vulnerabilities, AntChain’s smart contracts also have a dedicated internal security team to conduct security audits of smart contracts. This team will check all contracts before the product goes live. At least in the audit report of the internal team of Ant Chain, the product will be launched only if there are no security vulnerabilities.

The second point is about linear semantics. Today, everyone in China is talking about digital collections. How can we better ensure their security? In addition to working hard on smart contract auditing, AntChain can also have a stronger guarantee. We have borrowed a new programming paradigm “Move”.

What is “Move”? If you pay attention to this industry, you should know that in 2018, Facebook’s Zuckerberg proposed the Libra plan, in which the white paper of the Libra chain first mentioned a smart contract programming language “Move”. What does the linear semantics represented by “Move” mean? It sounds technical, but the concepts are not difficult to understand and can be illustrated with a simple example.

For example, Alipay makes a balance transfer between A and B, A decreases by 100 yuan, and B increases by 100 yuan. If A transfers money to B, online reconciliation is required. Sometimes it happens that B may not add it, or add it wrongly (for example, it is added twice) – B added A’s 100 yuan transfer, the first time it was added successfully, and the interface returned to A did not receive any payment. When it arrives, the system calls it again, causing B to add 200 yuan. This kind of problem is very common in the early trading system, and it needs to be solved by reconciliation. Later, as various basic components and transaction mechanisms became more and more perfect, these common problems became fewer, but reconciliation was still required in essence.

And “Move” is to provide a new programming paradigm. Take the transfer of 100 yuan from A to B as an example. Under the semantics of “Move”, the 100 yuan is not a decrease in A or an increase in B, but the 100 yuan “Move” from A to B, so it is defined as a semantic called special “move”, which ensures that A The 100 yuan is either “moved” to B or not moved, so as to avoid the situation that A minus 100 yuan, B does not add or B adds 100 yuan twice. When we designed the whale scout, we borrowed this linear semantics, so the digital collection on the ant chain does not follow the traditional logic of addition and subtraction, but the semantics of “Move”. This ensures that the product will not “disappear” or “increase” due to some special circumstances. This feature is the point that we are currently doing relatively strong in security.

The third point is about the alliance chain. Compared with the public chain, the security of the alliance chain is more guaranteed. The public chain has the characteristics of adding and accessing at will, and anyone who finds a loophole in it can attack it. If a public chain can live for many years and no major loopholes are discovered by hackers in the end, it means that its code security factor is very good. In the consortium chain, network access requires authentication, for example, authentication based on CA certificates. There is no way to join the network without the certificates of our authorized nodes. From this perspective, it is equivalent to blocking many potential hackers, and it has no chance to enter the network at all.

To sum up, the alliance chain is actually a big firewall, but this layer cannot use it as a final guarantee. The final guarantee is that the smart contract itself must be secure. At the same time, the linear semantics mentioned above are used to ensure the security of assets. If it is something non-asset logic, it also needs the audit of smart contracts to ensure it.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/on-the-technical-security-of-domestic-digital-collections/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-07-11 10:17
Next 2022-07-11 10:18

Related articles