Nine Reasons hold a cautious attitude toward the block chain

From the theoretical point of view, block chain technology seems to be one of the most secure network system。 Nevertheless, recently a group of researchers still found a number of security vulnerabilities which exist。
Block chain (ie, global ledger network) it really safe enough?Supporters of this issue gives an affirmative answer, because it will be a smart transaction or contract to distribute among the general ledger can not be tampered with by all parties involved in a consensus way to prove。
However, a recent paper raises a number of security vulnerabilities exist in the network block chain, block chain may result in low efficiency, hacker attacks and other criminal activities。 The paper (both from Hong Kong Polytechnic University) by the XiaoqiLi, PengJiang and XiapuLuo, courtier (China University of Electronic Science and Technology) and QiaoyanWen (Peking University) jointly issued pointed out, the block chain, which has a series of loopholes deserves attention。 With the block chain are increasingly being introduced into the operating system among enterprises, we naturally have reason to seriously study the potential security responsibilities this emerging technology may bring。 The number of applications to the center of the face of rapid growth, Li and other co-author stressed that "brings the block chain will be more serious risk of loss of privacy。 In fact, the application itself as well as to the center of the communication process between the applications and the Internet are likely to face the risk of intrusion of privacy。
"They also urged a more technical response to this challenge, including" code obfuscation, application and implementation of enhanced reliability calculation。 "The researchers have outlined the following books about risk factors block chain: the block chain efficiency: For new people, the efficiency block chain itself may vary depending on the complexity of the mechanism of consensus and invalid data been a serious drag on。
Lee and other co pointed out that the consensus mechanism used on the Internet would take a lot of computing resources。
For example, the popular consensus mechanism block chain used as a "proof of work (referred to as POW)", researchers called it "a great waste of computing resources."。
They said that at present they are trying to prove work with proof of interest (referred to as POS) be combined to provide a more efficient hybrid consensus mechanism。 In addition, the block chain will produce large amounts of data – including block information, transaction data, contracts byte code, etc. – all this could over time become useless。
"Place them in the ether, there are a lot of smart contract does not contain code or contain exactly the same code, and a considerable part of the contract after the deployment of Intelligent never actually be implemented。
We hope that effective data cleansing and detection mechanisms future appears to improve the efficiency of the block chain system。
"," 51% loophole: "block chain" relies upon a distributed consensus mechanism to establish a relationship of mutual trust。 However, the consensus mechanism inherent vulnerability '51% ', an attacker can take control of the entire block chain。
More precisely, based on the work proved block chain which, if a single miner hash processing capacity of more than 50% of the total capacity of the hash block chain as a whole, 51% of attacks can be launched。 Therefore, in a more limited pool of mineral resources, the block chain system could not be trusted。 "Private Key Security:" When using the block chain scheme, the user's private key by the user – not the third party – the generation and maintenance of identity and security credentials。
For example, when creating a cold storage block chain coin purse in a bit, the user must import their own private key。 In this case, the attacker may be due to lack of randomness signing process while reducing user's private key。
Once the user loses the private key, it becomes possible to restore。
Since the block chain is not dependent on any third party intermediaries centralized, so once the private key is stolen, we will be very difficult to track crime and recover the block chain information after being tampered with。 "criminal activities。 "By some third-party support Bitcoin trading platform, users can buy or sell any products。 Since the entire process is completely anonymous, so it is difficult to track user behavior, let alone to ensure that illegal activity punishable by law。 "Currently, Bitcoin is being used extensively for all kinds of criminal activities, including extortion software, the underground market and money-laundering。 Duplicate payments。 "Despite the consensus mechanism block chain transaction verification can be achieved, but still can not avoid duplication of expenses, or repeatedly use the same encryption currency trading。
An attacker can use two pens intermediate period between the start and confirm the transaction fast attack。
"Trading of privacy。
"Unfortunately, privacy protection block in the chain is not reliable。 Criminal intelligence contract may reveal confidential information, theft and criminal activities in the key record (such as murder, arson, terrorism, etc.) in the real world。
"Smart contract security vulnerabilities。
"As the program runs in the block chain of the intelligent design flaw and contracts may lead to security vulnerabilities。 Influence For example, one study found that among 19,366 copies intelligent Ethernet Square contract, there are 8833 copies by the transaction sequence-dependent, time stamp dependence, exceptions can not be processed and correctness of defects such as the failure to protect。 "Lack of intelligent optimization of contracts:" When a user deployment in intelligent Ethernet Square interact contract, to pay part of 'gas' expenses。
These costs can be settled through the Ethernet credits, which necessarily introduces a 'dead code associated with the pattern of' and 'associated with the pattern cycle', comprises dead code "infinite loop, opaque and expensive computing needs declarations。 "Low Cost Operation:" Square Ethernet based execution time, bandwidth, memory usage and other parameters set to 'gas' Value。
In general, the computing resources is proportional to the value of the gas consumed in the operation, but this system is still difficult to accurately measure the consumption of computing resources of a single operation, and therefore the value of the part of the gas problem on the set。 For example, some gas values IO operation is set too low, so an attacker can perform a large number of such operations in a single transaction, and then launch a denial of service attack on the Square Ethernet system。