337 total views
To a certain extent, the driving force behind our active promotion of the traditional Internet to Web 3.0 is essentially the eternal pursuit of security.
First of all, the decentralized system and structure design was to ensure the overall security of the system from the beginning. After the Internet has experienced the era of pursuing performance, it has begun to pay more and more attention to the encryption and protection of information and data, from the emergence of more secure programming languages, and then more Secure privacy computing technologies are preparing for network security, user security, data security, and development security.
The awakening of indigenous people in the digital world, the vacuum of security
People began to consider security as early as when the Internet was initially popularized. To this day, how to protect privacy and security has penetrated into different circles of society . The reason is that, on the one hand, the global flow of Web2.0 Internet information and user data exchanged by configuration are not safe and secure. A large amount of personal privacy and assets are transformed into data and flow into the Internet, which exists in the network in a transparent manner. The safety is extremely low.
On the other hand, technology giants control and monopolize the increasingly important data resources and complete control of various infrastructures in the era of big data. The real data producers have become resources under the centralized network structure. In particular, driven by technologies such as 5G, AI, and the Internet of Things, data growth has shown increasing powers. Under the trend of big data benefits, user privacy or network data is arbitrarily trafficked and abused, asset thefts occur frequently, and privacy and self-esteem have been repeatedly abused. No bottom line trampling.
The risks and accidents caused by a series of hidden diseases, coupled with the awakening of the individual sovereignty consciousness of the aborigines of the Internet, have caused people to have a great sense of distrust and lack of security in the face of the current Internet . It also gave birth to the upgrade of privacy encryption technology for the decentralized system network in the Web3.0 era. As a kind of “middleware” with features such as encryption, trust, peer-to-peer, and difficult to tamper with, it can record, protect, and verify massive amounts of data. Changing data rights and interests can hedge the risks of the centralization forces to the security of individual interests and offset people’s fear of black box insecurity.
At this year’s Web3 conference, “privacy protection” and “secure computing” were the most frequently mentioned topics by the guests. So how do we seek security in Web 3.0?
Development languages that increasingly pursue security attributes
In the decentralized network, developers believe that code is the rule of law, but from the perspective of substantive justice, the correctness of this value orientation lies in whether it can withstand risk attacks, which was forced to fork when The Dao project was attacked It can be clearly reflected in the case. The writing of the Code is a particularly important part of establishing the immutable law.
The importance of this infrastructure reserve has prompted the continuous evolution of programming languages. “The Rust language that emerged in 2010 represents a new starting point in the history of programming language development: from the C language programming paradigm to the enhancement of C++ expressiveness, and now Rust represents a general-purpose language, reflecting the current requirements of the era of security + performance.” The author Zhang Handong concluded.
Frankly speaking, the development of language has a long history, but it has not been taken seriously. Many people have mentioned it under the guise of “a language has a good understanding”. But in fact, “programming language” is the same as “tools”, “frames” or “development methods”. It is the basic tool of modern Internet application ecology and its position is very important.
Fortunately, in the past ten years, programming languages have been constantly colliding and evolving. During this period, a series of interesting things occurred. The use of C++ for reasonable reasons such as speed, control, and predictability ushered in a bright moment in the industry. However, the problem is constantly exposed in the use of C++ . Modern C++ is still not a language that is completely memory safe and has no data competition. C++ does not have tools that can wrap unsafe code with safe abstractions, and use C or C++ to build safe components. Will be extremely difficult.
After that, Rust emerged as a system programming language that emphasized safety, concurrency, and efficiency . Rust has a simple kernel with a simple type system, strong practicality, meta-programming capabilities, and cross-platform universal capabilities. The most important thing is to make up for the C++ language. In line with the security required by the times , for example, in 2016, Ethereum devcon suffered the most serious ddos attack. When it was attacked, the Rust-based Parity client overcame the attack and supported the stability of the Ethereum network.
Evolving security solutions
In addition to the evolution of the underlying language, people continue to pursue more secure and secure solutions on top of this, but they need to maintain normal information resource exchange, so secure computing has become one of the most important technologies.
Secure computing (Privacy Computing) refers to a type of information technology that realizes data analysis and calculation under the premise of protecting the data itself from external leakage. It provides a way to open up information islands between different entities, and encrypts computing to protect each level Data processing ensures data privacy while maximizing the application and value of data.
Dr. Dawn Song (Song Xiaodong), an academician of the American Computer Association and cryptography expert, comprehensively interpreted secure computing in the topic sharing of “Zero-Knowledge Proof and Enhancement of Secure Computing”: “Secure computing can realize the calculation without leaking effective information. That is to say, the data will not be reused under the condition of authorization during calculation. At present, from a technical perspective, “private computing” refers to the use of system security technologies and cryptography such as trusted execution environment, secure multi-party computing, homomorphic encryption, zero-knowledge proof, etc. Technology, while ensuring the security and privacy of the original data, realizes the calculation and analysis of the data.”
She pointed out that data in the future will become the biggest nugget for Web 3.0 . The prerequisite for whether data can become a new type of asset is based on a complete secure computing environment. The true meaning of data security lies in satisfying the security premise of protecting the core and important data of users, and maximizing the use of data as a token or asset. Everyone has self-data sovereignty and at the same time obtains value from it. Once a balance is found between secure computing and data flow, data will gain an interactive value split from silos to interconnection, which can achieve a multiple-level growth over the existing data economy.
Explore more first-line privacy computing layout makers
How to understand the security brought by private computing in a more popular way? At the meeting, in addition to esoteric technical interpretations, more of them from the forefront of private computing also expressed their different views on private computing.
The Phala Network project aims to become a privacy protection infrastructure for Web3.0. It is developed based on Substrate and implements confidential smart contracts through the TEE blockchain architecture, which can provide privacy computing services for the Polkadot ecosystem. The TEE architecture hardware security computing solution adopted by the project does not mean that it is just hardware. By combining the advantages of TEE with the advantages of blockchain, it allows users to safely run programs on any TEE device without TEE equipment, which is equivalent to providing a distributed privacy cloud service. In addition, the method of randomly distributing tasks to the largest mining machine pool using the blockchain is used to improve some of the security shortcomings of TEE and solve such as attacks and physical vulnerabilities. Moreover, ORAM, the protected access mode on top of TEE, proposes to protect the access mode of encrypted data, so that the party accessing the data cannot obtain more information directly from the access mode, and ultimately achieve the effect of protecting privacy or changing.
Starks Network uses zero-knowledge proof privacy technology. Chief scientist Zhang Xiao introduced that the zero-knowledge proof technology on the blockchain is more suitable for proof of computational integrity, that is, the running calculation can be identity information, supply chain finance, or medical data analysis. When the entire calculation is completed, the proof is This calculation process is correct, that is to say, if the proof of calculation completeness is done, it will bring a kind of data analysis and calculation paradigm conversion calculation completeness. The proof process of zero-knowledge proof has two steps, one is to generate proof, and the other is to verify your proof. But this process is very complicated. Starks Network provides a new solution: a concept of zero-knowledge proof virtual machine is proposed, and smart contracts and calculations are compiled on a virtual machine to become an assembly language that the virtual machine can run. In this way, application developers no longer need to master the relevant knowledge of zero-knowledge proof, only need to write its algorithm, and then do a compilation and conversion, and then use the zero-knowledge proof virtual machine to provide services. The current project has zero-knowledge As a form of parachain, proof is used for zero-knowledge proof verification for other parachains.
Back to the essence, privacy protection returns the data and its value to the individuals that generated the data, grants the general public the right to hold guns in the real world, and finds outlets and welcomes them in different fields such as storage applications, the Internet, smart cities, and data distribution. A “value revolution” of security. It is believed that with the continuous innovation of zero-knowledge proof, multi-party computing technology + blockchain, and the popular education of market missionaries, the security of the long-term Web3.0 open network will eventually shine into reality.