From the “Blockchain Technology Finance Application Evaluation Rules” promulgated by the Central Bank, interpret the evaluation standards of financial blockchain in terms of security and performance.
Original title: “Talking about the blockchain standard in the financial industry, analyzing how the blockchain realizes standardization”
Written by: Wang Xuan, Manager of Testing Department of China Banknote Blockchain Technology Research Institute
On the afternoon of September 22, the X network spectrum salon of AD Primary School sponsored by China Banknote Blockchain Technology Research Institute held the seventh online event- “A Brief Talk on Blockchain Standards in Financial Industry” .
In the past few years, China Banknote has been actively tracking the progress of blockchain standards at home and abroad , and is committed to promoting the formulation of blockchain technology standards in the financial industry. It aims to cooperate with regulatory agencies to promote the construction of blockchain technology standard systems in the financial industry and improve China International voice and rule-making power in this field.
Since 2020, the “Financial Distributed Ledger Technology Security Specification” (JR/T0184-2020) and the “Regulations for Financial Application Evaluation of Blockchain Technology” (JR/T 0193-2020) edited by China Banknote Blockchain Technology Research Institute Released successively. These are also the only two financial blockchain standards issued by the People’s Bank of China .
At this salon, Wang Xuan, manager of the testing department of China Banknote Blockchain Technology Research Institute who participated in the above two standards, gave a keynote speech “On Blockchain Standardization”. He explained the current progress of blockchain standardization in a simple and profound way, and evaluated and analyzed the network spectrum . The following content is organized according to the live broadcast.
Introduction to Blockchain Standardization
In 2016, after several years of development of blockchain, both the application field and the scale are developing rapidly, but at the same time they are also facing these problems, including performance, privacy, security, supervision, and expansion. In this context, the blockchain has begun the process of standardization.
The International Organization for Standardization ISO established the TC307 Distributed Ledger Technical Committee in 2016. In the same year, the domestic blockchain technology and industry development forum was established, and a series of blockchain group standards implementation plans were started.
Therefore, the society widely recognizes that 2016 is the first year of blockchain standardization.
Progress of foreign standardization
In the standardization process, major standardization organizations at home and abroad have actively participated in the work of blockchain standardization.
International Organization for Standardization ISO
An organization that started blockchain standardization earlier. TC307 Distributed Ledger Technical Committee has 11 working groups, which basically cover all aspects of blockchain and distributed ledgers, including basic technology, security, application, governance, and some functional working groups. A total of 11 standards have been published and are under development, of which 2 have been published, namely: “Blockchain and Distributed Ledger Technology-Precautions for the Protection of Privacy and Personal Identity Information” and “Blockchain and Distributed Ledger Technology – Overview and interaction of smart contracts and distributed ledger technology systems in the blockchain.
IEEE Institute of Electrical and Electronics Engineers
This is an American association of electronic technology and information science engineers, and the world’s largest non-profit professional technical society. In 2018, the IEEE Blockchain Project BLK was established. Subsequently, a number of subordinate societies have successively established blockchain-related standard committees. So far, a total of 5 subordinate societies have carried out blockchain-related standardization work , Involving 7 committees, 35 working groups, and 56 standard projects; projects covering blockchain technology, digital currency, financial applications, Internet of Things applications, medical applications, agricultural applications and other fields.
ITU International Telecommunication Union
This is an important specialized agency of the United Nations and an international organization with the longest history among United Nations agencies. In May 2017, the Distributed Ledger Technology Application Focus Group (FG DLT) was established to carry out research on blockchain technology standards. Successfully delivered all 8 technical indicators and technical reports on August 1, 2019, officially completing the mission.
Domestic standardization progress
Domestic blockchain standards can be viewed from three aspects: national standards, group standards and industry standards.
About national standards. my country’s national standard started to work on blockchain standards very early. Currently, three standards are being drafted, namely: “Information Technology Blockchain and Distributed Ledger Technology Reference Architecture”, “Information Technology Blockchain and Distributed Accounting Technology” Application Guidelines for Deposit Certificates, “Information Technology Blockchain and Distributed Accounting Technology Smart Contract Implementation Specification.”
The series of standard plans formulated by the national standard for the blockchain and distributed ledger system cover 22 related standards, involving terminology, technology, application and other aspects. It is believed that results will be achieved in the next few years.
About group standards. The formulation of group standards in my country is more flexible, which enables the rapid advancement of the standardization of emerging technologies such as blockchain. Currently, 32 published blockchain group standards can be queried on the national standards disclosure platform, involving 17 group standard organizations.
Regarding industry standards. In terms of industry standards, the pace of financial blockchain standards is relatively fast. This year, the “Financial Distributed Ledger Technology Security Specification” (JR/T0184-2020) and the “Blockchain Technology Financial Application Evaluation Rules” (JR/T 0193-2020). It can also be seen that the financial industry pays attention to and value the blockchain.
Introduction to Financial Industry Standards
Currently, there are 2 financial blockchain standards. Among them, “Blockchain Technology Finance Application Evaluation Rules” (JR/T 0193-2020) was officially released on July 10 this year .
The standard was proposed and drafted by the Science and Technology Department of the People’s Bank of China , and involved the central bank, financial institutions, research institutions, technology companies and other units participating in the compilation. The content is mainly divided into four aspects : general rules, basic requirements assessment, performance assessment, and safety assessment .
General
In the general rules of the standard, firstly, the evaluation target used is determined: blockchain financial application, and three aspects of evaluation are explained; secondly, the evaluation start conditions are restricted; thirdly, four evaluation methods are proposed, including Check the materials, check the system, interviewers, and test the system; fourth, the problems found in the evaluation are classified according to their severity: they are divided into serious problems, general problems, and suggestive problems; fifth, three judgments are defined result.
The standard uses evaluation rules as the smallest unit to discuss specific content. From the analysis of a single evaluation rule, it will contain 5 fields. The serial number indicates the number of the evaluation rule. The implementation requirements are specific requirements for blockchain financial applications. The evaluation method corresponds to the four evaluation methods in the general rules. The result judgment explains the evaluation The basic steps and expected results of the judgment, applicable objects currently include financial business systems and technological products.
Basic requirements assessment
The second important part of the evaluation rules is the basic requirements evaluation, which mainly starts from the necessary technical elements of the blockchain, and puts forward relevant requirements and evaluation methods. In general, the blockchain hierarchy can be divided into two levels: the interface layer and the platform layer.
Interface layer
The interface layer mainly defines four interface related requirements and evaluation methods from the perspective of external interaction:
- External interface refers to the interface requirements for blockchain to access external data to participate in the consensus process;
- User interface refers to the interface requirements that the blockchain provides to the upper application business layer to call;
- Management interface refers to the interface requirements required for blockchain management and operation and maintenance provided;
- The inter-system interface refers to the interface requirements between different blockchains.
This part involves a total of 18 assessment sub-items.
Platform layer
The platform layer is divided into 9 core functions of the blockchain platform, including a total of 207 evaluation items. To a certain extent, the division refers to some ideas of the current ISO, national standard and other reference frameworks. In terms of specific content, specific requirements are also put forward for the financial industry.
Ledger technology : Ledgers are used to store transaction records and status data between blockchain network participants. This piece of ledger technology covers data storage methods, ledger structure, data traceability, data synchronization, data archiving, data expansion, and data fragmentation. Equal dimensions specify corresponding evaluation rules.
Consensus agreement : mainly refers to the method for each node in the blockchain to agree on the verification, recording and modification of the transaction or state in the blockchain; this part includes the consensus algorithm, consistency, number of nodes, consensus, and fault tolerance threshold , Reliability, scalability and other aspects.
Smart contract : Requirements for consensus executable code in the blockchain; the standard includes evaluation rules for virtual machines, programming languages, compilation, correctness, reliability, business isolation, life cycle management, version control, etc. .
Event distribution : A functional component that implements event notification for the blockchain system; also puts forward requirements for integrity and consistency.
State management : Responsible for tracking the state information in the distributed ledger; query requirements for various blockchain states.
Member management : Responsible for the verification, creation, update, and deletion of member identities in the distributed ledger; user registration, user identification, user authority changes, user role authorization, user account freezing and unfreezing, user cancellation, and user information query in the standard , User transactions to formulate rules in several dimensions.
Key management : It mainly provides the required cryptographic algorithms and corresponding functions for the blockchain; the password management rules in the standard include: key generation, key storage, key update, key use, key destruction and archiving, which basically involve The entire life cycle of the key.
Node communication : mainly refers to the point-to-point communication protocol commonly used in blockchain; corresponding rules are formulated from the aspects of networking, message forwarding, node joining, and node exiting.
Transaction system : Responsible for adding the received transaction data to the blockchain ledger; the standard formulates evaluation rules for the four sub-items of smart contract deployment transactions, smart contract call transactions, native transactions, and transaction atomicity.
Performance evaluation
The evaluation rules mainly include 5 aspects:
First, transaction performance. It is mainly aimed at two relatively high-frequency transaction types: native transactions and smart contract call transactions. The scenarios involve the throughput rate under the minimum hardware and software conditions, the maximum throughput rate, and the performance after abnormal recovery.
Second, query performance. For different query content, scenarios involve compliance with throughput rates and performance after abnormal recovery.
Transaction performance and query performance are also the most intuitive performance manifestation of the blockchain system.
Third, synchronization performance. Mainly for the broadcast rate of the message during synchronization, the redundancy rate of the message and the broadcast delay, there are also three scenarios, namely the synchronization performance when there is no transaction, at full load and after abnormal recovery
Fourth, deployment efficiency. The main reason is the time-consuming deployment of the assessment, and the consideration scenarios include: system construction, system expansion, node upgrades, and node additions and deletions.
Fifth, data growth rate. The main evaluation is the peak value and average value of the data growth rate, which are divided into no transaction scenarios and full load scenarios.
Deployment efficiency and data growth rate are mainly to provide data basis for blockchain financial application operation and maintenance.
security assessment
The fourth part of the standard is the safety assessment part. Due to the particularity of the industry, the financial industry has always regarded security risks as the top priority. This is also the focus of the evaluation rules and standards. This part is basically aligned with the content of the “Financial Distributed Ledger Technology Security Specification” (JR/T0184-2020).
Through the “Financial Distributed Ledger Technology Security Specification” (JR/T0184-2020), the proposed set of blockchain security architecture is analyzed as follows:
Core security: the most important part of the blockchain, and put forward relevant security requirements
In the security architecture, the security of the core modules of the blockchain is divided into four parts: smart contracts, ledger data, consensus protocols, and node communication.
The smart contract part has formulated evaluation requirements and evaluation methods from 9 aspects including consistency, correctness, reliability, business isolation, version control, access control, atomicity, attack prevention, and security verification;
The data part of the ledger puts forward seven requirements and methods for the integrity, confidentiality and consistency of the ledger;
The consensus protocol also proposes to formulate evaluation rules from 12 aspects including consistency, fault tolerance, scalability, and incentive compatibility;
Node communication has also formulated three evaluation rules, including: confidentiality, integrity, and identity verification.
Relevant security modules: put forward requirements for security-related modules and components in the blockchain
Security modules and functions, including identity management, privacy protection and password algorithms.
Identity management proposes corresponding evaluation rules in terms of identity, account, credential, node identification, etc.;
Privacy protection proposes security assessment rules from privacy protection strategies, technology and landscape audits;
Cryptographic algorithms mainly provide corresponding evaluation rules from the basic requirements of the algorithm and the requirements achieved by the algorithm (that is, the ability to achieve integrity, authenticity, confidentiality, etc.).
Basic environment security: put forward the security requirements that the basic environment on which the blockchain depends
The basic environment security is divided into two parts: basic hardware and basic software.
Basic hardware includes basic conditions, physical security, and network security; it mainly involves the security requirements required by the physical equipment and deployment environment used by the blockchain; 17 evaluation rules in 3 categories are proposed.
The basic software proposes 26 evaluation rules from 10 aspects including basic conditions, data storage, time synchronization, and operating system. Mainly for other software or soft conditions that the blockchain depends on.
Regulatory operation and maintenance support: security requirements related to blockchain regulatory operation and maintenance
A total of 18 items in 3 categories are included.
Regulatory support : Requirements for providing technical support for regulatory functions and features. Including: basic requirements, system supervision, information management, event handling, transaction intervention, and contract supervision.
Operation and maintenance requirements : evaluation of the functions required to ensure safe operation.
Governance mechanism : evaluation of governance structure and related management mechanisms.
Network spectrum evaluation analysis
Since the release of the rules, the China Banknote Blockchain Technology Research Institute has been studying the standards while also evaluating and analyzing the current implementation of the evaluation rules and network spectrum in the standards.
1. Ledger technology: Brochain, the underlying chain used by the network spectrum, uses a high-performance storage engine and a logical storage structure such as Merkle Patricia Trie to achieve archiving, capacity expansion and sharding functions through partitioning functions to meet standard requirements.
2. Consensus protocol: The customized bft consensus algorithm is adopted to ensure the certainty and termination of the transaction on the business side by maintaining the block frequency and transaction timeout mechanism, and satisfy no more than f malicious nodes among 3f+1 nodes.
3. Smart contract: Support Solidity language, compatible with official compiler.
4. Node communication: Manage node entry and exit through system contracts, black and white lists and SSL handshake methods to meet node identity verification requirements, and ensure the integrity and confidentiality of communications through MAC, signature verification and data encryption in the message.
5. Event distribution: In addition to custom events, it combines with blockchain middleware to provide contract deployment, contract updates, transaction events, and block events.
6. Key management: meet the requirements of SM2 asymmetric cipher algorithm, SM3 digest algorithm, and SM4 block cipher algorithm of the national secret standard; provide software and hardware encryption machines and SDK solutions to help enterprise-level users carry out key life cycle management and cryptographic operations .
7. Status management: Provides query functions for various blockchain status data, which is convenient for business system access and verification.
8. Member management: Provide identity full life cycle functions through identity contracts and support privacy protection strategies.
9. Transaction system: supports smart contract deployment and invocation, but does not support native transfer transactions such as tokens.
10. Interface management: Provides two layers of node RPC and middleware RESTful with different styles of user interfaces and management interfaces for different scenarios and services.
11. Basic environment security: Pass the evaluation of information system security level protection.
12. Privacy protection: Blockchain and application layer two-layer privacy policy.
13. Supervision support and operation and maintenance: Blockchain and application layer multi-dimensional monitoring and alarm mechanism, perfect operation and maintenance specifications and emergency handling rules.
14. Security governance: A set of security management methods including the construction, implementation, supervision, inspection and update of security mechanisms have been formulated, and node management and intervention can be carried out through the authority of the management party.
This sharing period ends here, so stay tuned for the next sharing period.
Source link: mp.weixin.qq.com
