On September 5th, the POD conference hosted by Odaily and strategically co-organized by 36Kr Group was held in Beijing. At the security sub-forum of the conference, Kushen CEO Yuan Dawei gave a speech for the first time in China, and the topic he shared was "Blockchain Security Storage Solution".
In the sharing, Yuan Dawei first introduced the importance of blockchain security and the challenges encountered, and gave the standards of blockchain security storage solutions from three dimensions: security, ease of use, and scalability.
The security dimension includes three aspects: underlying architecture design security, system algorithm security, and physical security; the ease-of-use dimension refers to the convenience and ease of use of the product and excellent human-computer interaction; the scalable dimension refers to the product must adapt to changes in customer needs and industries The development trend, and continue to evolve.
The following is the full text of the speech, enjoy:
The following is the full text of the speech, enjoy:
Hello friends.
It has been 9 years since the development of the blockchain. From the initial obscurity to the hottest topic now, we can see through the WeChat applet that there are tens of millions of people chatting about the blockchain on WeChat every day. See this is very hot. What are the obstacles to the entire blockchain industry now?
At present, we have seen two, one is that the policies of various countries are not particularly clear about the blockchain, and the other is that the infrastructure is not perfect, especially the solutions for blockchain security are extremely imperfect. After nine years of development, the scale of the entire blockchain has reached a very large order of magnitude, let's take a look.
As of September 4, 2018, the circulation market value of the blockchain was 237.6 billion U.S. dollars, and at the peak of this year, it reached 835.5 billion U.S. dollars.
Such a large magnitude and such a large circulating market value naturally brought a lot of security incidents. Just like what the previous three guests shared, because this industry is a brand new industry, many areas are not perfect, including some tools and so on, and there are relatively few professional talents. Therefore, in 2013, both MT-GoX and Bitfinex were stolen, and the loss in the first half of this year exceeded 2.7 billion US dollars.
The safe storage of the blockchain, the most important thing is the safe storage and management of this private key. Because the private key determines the absolute ownership of the asset, it must be signed with the private key to complete the following transaction.
Our Kushen specializes in block security solutions. Because in the entire industry, this segment is relatively low-profit, compared with some other peers. So there are relatively few people doing it, and Kushen was the first to do it. According to the statistics of the website, as of the second quarter of this year, there are more than 25 million wallet users worldwide.
After two years of exploration, we believe that this secure storage solution should meet three standards. The first must be absolute security, the second is ease of use, and the third is scalability.
This security is, firstly, the security of the underlying architecture, the second is the security of the system algorithm, and the third is physical security. From these three aspects, the security of the user's private key is ensured.
Kushen created a solution, first of all, cold and hot isolation. We made a hardware device, which is completely offline. There is also an APP used in conjunction with this hardware device. This hardware device mainly completes the creation and signature of transactions. Through the two-dimensional code encrypted communication method, the signed information is sent to the blockchain through the APP. This process can effectively prevent the attacks of network hackers.
There are some differences in Kushen security devices. The first one is that we define the device as a "calculator" rather than a "storage device".
We have two passwords, one is a randomly generated seed password, and the other is a payment password designed by the user. The seed password is encrypted and stored on the hardware device. The payment password is entered every time it is used. When you make a transaction You need to enter the payment password, and this block will generate the private key corresponding to the address. This private key will sign the transaction. After signing, the private key will be destroyed, so it is called "the private key is burned after use", which ensures the security of the private key. Really safe.
The other is that our Kushen equipment supports multi-signature algorithms, allowing multiple devices to have the same address. Whether it is a project party or an investment institution, if there are too many assets, the risk of entrusting them to one person for safekeeping is particularly high. We Multiple devices are allowed to create an address together, and the above assets can only be used after multiple signatures. So this is basically the primary model of the current enterprise-level solutions, similar to the financial approval process we use in traditional industries, very similar to this.
In addition to the corresponding professional equipment, including the corresponding security procedures, the most important thing is the user's security awareness. If the user puts his own assets, including the corresponding seed password and payment password, in the mailbox, it may be lost, so we A lot of work has also been done in user education,
Another thing is that after the user of our device is lost, his assets will not be lost. Just like what I said just now, our device is just a "calculator". If the user keeps his seed password and payment password in mind, he can reset By buying a device, you can get back the lost assets.
Regarding the criteria for ease of use, one is that the operation process is relatively simple, including this display is relatively clear, and the other is the response speed, such as the operation process. Everyone is familiar with QR code payment. Kushen also adopts this solution. The QR code itself The capacity is very small, and we perform another encryption. The encrypted information could have been made public without any privacy content. So this operation process is also relatively simple. The display is that we are the first to make smart devices, which is equivalent to smart operating devices, because the earliest hardware device is a U disk, which needs to be plugged into a computer to use. Ours is a special handheld device, which is similar to a mobile phone. , we all know the blockchain, especially the public key address is very long, it is very easy to misread and not easy to remember, the equipment we made can just see this address clearly, the response speed is very good, and transactions occur through our equipment , which can be found immediately on the blockchain.
This is our P2.5 product, the operation is very simple, the shape is more exquisite and fashionable, we support fingerprint unlocking and handheld password, and can be compatible with most blockchain projects.
The last one, scalability. This is very difficult in the early stage of blockchain security storage solutions, but secure storage is the bottom layer of the entire industry. If this is not done well, the entire industry will be difficult to develop, because there will be a lot of loss and theft. Therefore, the secure storage device will be the entrance to interact with the blockchain world. In addition to helping users keep assets safe, it can also bring corresponding benefits to users.
Let me introduce our company. Our company was established in October 2016. In June 2017, our first-generation product was successfully developed. In September last year, we completed the A-round financing of 10 million US dollars. In March this year, our 2nd and 2.5th generation At the same time, in June this year, we also became the first batch of companies selected as a case in a "Blockchain White Paper" issued by the Ministry of Industry and Information Technology.
