区块链（Blockchain）在初始以及字面上的定义为一串采用密码学方法产生的关连数据块，前后相连牵一发动全身，且储存在多个分散节点中，它的历史数据几乎不可能被篡改，也由于此特性的缘故，最为人所知也是第一个知名的应用就是比特币（Bitcoin）交易帐本，但在谈加密货币（Cryptocurrency）之前我们仍应先从区块链本身来了解，尤其区块链发展至今，在智能合约的概念与技术上有了长足的进步，已能发展出多样化的应用，自2009年至今区块链的演进如下图1所示，目前区块链较为活跃的国家则有：美国、日本、中国、俄罗斯、以色列、爱沙尼亚、丹麦、瑞典、韩国、荷兰、芬兰、加拿大、英国、澳大利亚。

区块链中每一个区块中记录着好几笔资讯，例如，在比特币区块链的每一个区块所包含的资讯包括：区块的容量大小（Block Size）、区块头（Block Header） 、该区块包含的交易数量(Transaction Counter)，以及每一笔被包含在这个区块中的交易资讯（Transactions），如图2所示。

每一个区块的Block Header里的Version值是规范此区块的软体版本；有一组Previous Block Hash值（256 Bits），这是将前一个区块的Block Header进行Hash Function而得到的值，这可让每一个区块与前一个区块数据产生无形的连结（区块链），并确保区块序列及历史纪录的正确性。Merkle root 是此区块所包含所有交易的Hash值运算后之Hash值（256 Bits），此机制可简化网路下载交易数据并做安全正确验证。Time Stamp是从”1970-01-01 T00:00 UTC”至”现在”的秒数。Difficulty是衡量在给定目标下找到Hash值的难度，每2016区块后更新一次Difficulty值。Nonce为一随机数，更动此值来为区块重新计算Hash值，直到找到包含所需数量的Leading Zero的Hash值，所需的零位数由Difficulty决定。所得到的Hash必须是小于当前Difficulty的值，因此必须有一定数量的前导零位以便小于该值。由于这种迭代计算需要时间和资源，因此我们称此类计算能力的资源为算力，拥有的算力越大在机率上可能越快找到此解答，但实际上却无法预测哪个运算节点能最快找到，也因此此种方式具备了所需的随机性，在后面章节我们将解释使用此种机制的区块链如何能避免被单一团体所掌控或攻击。

1. 区块链为什么值得信任？

在此我们先介绍区块链的原理，解释它为什么值得人们的信任，为什么建立于其上的交易帐本如比特币，在这么多年后仍未有任一骇客能攻破或篡改其上任何一笔数据。
如图3所示，区块链的数据块是前后相关连的，假设骇客窜改了历史数据中的区块T，则T之后的所有区块皆需重新计算且一并篡改才能符合规则。这边重新计算是指由于区块之间皆经密码学保护，若要让区块T+1与区块T之间能通过验证，则骇客需要重新算出符合解，即使仅算一个区块也需要相当大的计算能力，更遑论要重新计算之后的所有区块。

且由于所有数据块保存在众多节点中，仅修改少数节点上的数据块同样是起不了作用。

2. 可能的攻击手段与所需代价

那么若骇客想要修改当前正在生成的区块，有无可能？

尝试1. 骇客想伪造某一笔交易数据内容

然而由于每一笔交易数据皆受到签证以密码学方式保护，除了签证的所有者以外是无法伪造的。且即使是签证的所有者，也仅能对自己的交易做追加更新，无法修改已写入区块链的数据，其他使用者对此交易则无任何修改能力。

尝试2.骇客修改了当前区块的数据内容，并打算写入区块链中
我们在尝试1中解释了骇客无法伪造其他人的交易数据，这里指的修改是例如骇客花了一笔钱订购了某样商品后，紧接着在其所控制的节点上当作这笔钱还没被交易掉并将这笔钱转走，亦即将这笔钱花费了两次，这种攻击手法称为Double Spending。

Double Spending并非不可能，在解释这种攻击之前我们需要先简单介绍一种共识机制如目前最常见到的POW（Proof-of-work），意即算力证明。在本文开头我们已介绍了算力的概念，而在网路环境上，节点或是IP都是可能伪造盗用的，骇客可以使用少数几台伺服器伪装为自己拥有一万个节点，当区块链表决谁有权力写入当前区块时，得到较大获选机率，然而常用的POW机制可以有效遏止此种手法，因其要求每一个节点证明自己是确实拥有相当等级的算力，骇客尽管能将一台伺服器伪装成一万个节点，然而其算力总和仍仅有一台伺服器，以比特币网路拥有六千个节点来估算，骇客需要拥有相当于2500个节点的算力才有50%机率拿到当前的区块写入权，且由于交易通常要求至少六个验证，仅拿到一次写入权并不够，骇客必须要能拿到六次写入权才能完成此种攻击，代价过大且若拥有此等算力，实际上加入比特币网路的「好人方」能直接拿到相当大的奖励金额，加入「好人方」的行为则俗称为挖矿。

3. 什么是挖矿／矿工?

比特币或是以太币网路是由六千个左右的节点所组成，这些节点分散在世界各地难以被单一组织所控管，因此区块链网路可被视为最佳分布式数据库，这些节点不断验证所有交易数据，并保存所有交易记录，其背后的动机则因为可获得相当不错的经济奖励，足以支付其硬体成本与电力开销。
在上面我们介绍了POW共识机制，其原理是依据当前区块的数据来产生下一个数学难题，所有的节点尝试去解题的行为则称为挖矿，在六千个节点中第一个解出来的幸运者则获得下一个区块的写入权以及奖励。上面我们提到若骇客拥有能够拿到六次写入权的算力，则依据笔者撰文时的时价来计算，可获得75枚比特币相当249万台币的合法奖励，也因此顶尖的算力拥有者都加入矿工行列，这又让其防护更加牢固，因其他想尝试攻击的骇客很难追上这样的算力总和。

4. 共识机制

共识机制可说是区块链的核心构成之一，但区块链为什么需要共识机制？
在现行的银行体系中，存户之间的交易可透过查帐来验证不会有疑虑，这是中心化的运作模式，所有人相信银行这个中央体系不会做假帐，值得信赖。但在区块链上并没有这样的中心化角色，它本身便是去中心化的帐本，以比特币或以太坊这样的大型区块链来说，里头有六七千个节点，每个节点对于当下该记什么帐有不同的顺序选择，那么该以哪个节点的版本为准？且其中甚至可能混杂有恶意节点的假帐本，如何避开假帐本，同时获得多数节点的认同与记录，这个方法与过程就是共识机制。

底下将简单介绍几种常见的共识机制，并分析他们的优缺点：
4.1. POW （Proof-of-work）算力证明
上面已先介绍过POW可有效阻止恶意攻击，其原理是由各节点以算力解题的方式来竞争当前区块的写入权，最快解得答案者将答案与他自己选择好的交易内容（也就是当前区块内容）发布给其它节点验证，若其它节点验证区块内容正确且同意他是最早解题者，则加入此链并将此区块内容储存起来，并以此区块内容作为依据开始解下个题目。

POW的优点有：
（1）为最安全的公有链共识机制
（2）机制较简单容易实行
（3）相对公平的挖矿机制（也就是加密货币的产生与分配）
POW的缺点为：
（1 ）消耗大量能源，算力是以能源消耗为代价制造出来的
（2）区块的确认时间较难缩短
（3）可能产生分叉，需要等待多个确认才能完成交易
（4）基于（3） ，理论上我们可说POW没有最终性，因为永远可能出现更长链来取代当前帐本，但实际上六个确认后其机率已趋近于0

4.2. POS （Proof-of-stake）权益证明
白话来说，POS即拥有越多加密货币（权益）的锻工越容易拿到当前区块的写入权（挖到矿）。它与POW不同，不需要消耗大量的算力，因为没有算力竞争的需求。原始版本的POS在创世初期就已产生出所有的货币，意即新的区块并不会诞生新的货币，因此执行节点验证者不称为矿工，改称锻工，但他们仍然可拿到交易手续费作为奖励。后来版本的POS则亦有出现区块挖矿奖励的设计，尤其若要将POS应用在公有链上的话。　
而POS具体而言如何选出当前区块的写入者？若总是选择权益最高者，则拥有最多货币的成员将永远独占写入权，因此通常实行底下两种方法：
(1)乱数化的选择方法：
产生随机乱数，并以乱数搭配特定公式来选出写入者，唯权益高者仍有较大机率被选中。
(2)依据货币年龄的选择方法：
此方法被用于改善大者恒大的情况，具体可参考Peercoin的做法，持有的货币超过30天后可加入写入权竞争，将每批货币的数量乘以持有天数加总起来，可得到一个数字，此数字越大则有越高的机率被选为写入者，且一旦获得写入权则此批货币的币龄将被归零，需再持有30天才能重新加入计算。唯上述所提的数字有上限值，币龄超过90天将无法进一步提高机率，持有大量的货币也可能达到机率最大值。这个方法可有效改善集中化的情形，也大幅增加了攻击的难度。[8]

POS的优点有：
(1)不须竞争算力，因此低耗能
(2)竞争写入权的成员必定拥有货币，因此相较于破坏，他们宁可选择守护系统，以避免币值蒸发
(3)相较于POW，同样规模的硬体预算，可保护更多的链上资产
POS的缺点为：
(1)拥有权益的成员未必希望参与记帐
(2)拿到写入权的坏人若想改写出另一条假链，仅需花费很小的算力，这可能导致double spending攻击成功
(3)做坏事的代价很低，没有惩罚机制
(4)基于上述（2）和（3），实行POS需要搭配其它机制来改善此种情况，也因此比起POW较为复杂

4.3. DPOS（Delegated-proof-of -stake）权益授权证明
在上面提到了POS的缺点之一为拥有权益的成员未必希望参与记帐，而DPOS便可以解决这个问题，类似于民主的代议制度，它先通过权益证明选出记帐参与者（验证节点），再透过运作机制让这些验证节点竞争区块写入权。同时由于验证节点数量大幅缩减的缘故，可快速达成共识。
目前提出DPOS共识机制的有Bitshares以及Ethereum，Ethereum为了解决上述POS共识中做坏事代价很低的缺点，提出的做法为要求有意参与验证节点者缴纳保证金（加密货币）才能参加，而如果验证节点违反规则参与了作假或攻击，甚至仅只是做了系统认为「无效」的事，则保证金将会被没收，这个共识机制则称为Casper，Ethereum宣称在未来某个适当的时机点将采用Casper作为共识算法。
Casper并不是单纯的DPOS，实际上还参考了PBFT的机制来做改良。单纯的DPOS和POS一样，会有分叉存在，无法有最终性，而Casper透过改良机制使区块的最终性获得保障，如果真的发生攻击使得两个同样高度的区块都被最终确认的话，则存在至少三分之一的验证节点违反了规则，这些节点的保证金将被没收，价值可能高达数千万美金，而由于这些加密货币从市场上消失的缘故，将导致货币的价格上升，这可能取代以往启用紧急硬分叉来修正攻击的手段。[9]

OS除了具备POS的优点以外，还有：
(1)缩小参与验证节点的数量，大幅提高共识速度
POS的缺点为：
(1)必须依赖加密货币，然而现今联盟链中许多情况并不存在加密货币
(2)撇除Casper的话，多数DPOS仍无法有区块最终性

4.4. PBFT（Practical-byzantine-fault-tolerance）实用拜占庭容错算法
上面介绍的几种共识机制皆较适合用于公有链，而PBFT则是一种较适合用于联盟链的共识机制。PBFT以数学证明模型来验证其取得共识的速度与容错能力，在其容错范围内时可得证系统无法被分叉，上述的POW或是POS在制度上皆能阻止骇客伪造大量有效益的验证节点，然而原生PBFT并无此能力，但若使用在联盟链，则由于联盟链的成员与节点原本就受到筛选与验证，自然地解决了此一问题。

PBFT的优点有：
(1)系统在容错范围内无法被分叉
(2)系统在容错范围内可容忍任何类型的错误
(3)验证与共识速度极快
(4)不须竞争算力，因此低耗能
(5)基于前述点（1），区块具备最终性
PBFT的缺点为：
(1)若超过1／3的验证节点故障时，则系统无法继续运作
(2)无防范骇客伪造大量验证节点的能力

5. 匿名性和隐私性

在比特币（Bitcoin）和以太坊（Ethereum）这样的公有链上，每个用户都是匿名的，难以被追踪或与真实身分关连，也因此非法活动常选择比特币作为交易媒介，而各国政府对于区块链是无法掌控、技术上也禁止不了，因此所采取的因应措施则从法定货币的进／出入点来管制，加密货币的交易有赖于交易所来进行，而在交易所内若要将加密货币与法定货币做兑换则须透过交易所合作的银行，因此各国政府目前是从合作银行来监控金流的流向，每一笔入金必须证明是合法所得，以此来防止洗钱等行为，大额领出也同样遭到监控，但有些刻意躲避监控的交易所则会不断更换合作银行，这些合作银行通常位于海外未有邦交的小国，以此躲避追踪。
虽然用户皆为匿名，然而在公有链上，每个用户的交易与余额却是完全透明，可被任何人查询，包含创世以来的历史交易皆然，对此很多大户则是开设多个电子帐户来分散交易与余额保管，只要有把握能管理好多组加密签证金钥，区块链并无限制每人可开设帐户的上限。
而当银行业考量使用区块链技术来保存交易数据时，上述的匿名性与隐私性则成为一个课题，因为银行需要的是可以管控的匿名与隐私，亦即用户可让同意对象验证自己的真实身分，非同意对象无法查询自己的历史交易或余额，可以办到这一点的区块链则为联盟链，或称私有链。

6. 什么是联盟链／私有链？

联盟链／私有链的特征为仅有获得同意的节点可加入成为验证节点，也就是说所有的验证节点通常都是联盟里的成员，彼此知道真实身分，并共同维护一个区块链。相对于公有链来说这样的区块链就显得不太分散式、不那么去中心化，这里指的并非是数量上的不同，而是因为联盟链是由联盟集体控管的，包括成员的加入需要经过审核、整体运作模式可被定义改变等。
若这是一个银行业组成的联盟链，则一般存户通常并不关心银行背后使用的是传统数据库或是区块链，但他们仍然可以感受到带来的好处，例如以往电汇至海外银行通常需要2～7天的时间，使用区块链后却只需要几十秒。
此外，联盟链的节点数相较于公有链在数量上少得多，通常仅有数十至数百个，以上述的POW共识机制来说在安全上会有隐忧，因此需要额外的安全防护制度与措施如权限控管，将在下一节介绍。

7. 联盟区块链监管技术

如上所述，由于企业对于交易处理速度、隐私数据的保护、甚至商业应用（例如金融交易等）的合规要求等需求相当重视，因此越来越多企业倾向以联盟链的设计理念来堆叠其上的应用服务。当然，要堆叠出各式各样的多元服务，除了底层的联盟链基础环境外，还必须因应企业需求在区块链架构、或是连结区块链的中介层发展众多关键技术，其中包含最被广泛探讨的技术发展议题之一－监管。在此议题下，又可进一步细分为针对区块链系统安全性的监控管理技术，包含权限控管与协定层舞弊侦测技术；以及与区块链交易安全相关的技术，包含实名认证、隐私数据加密、链上数据监管与异常交易侦测等技术。

7.1.权限控管
联盟区块链的节点数相较于公有链的六千个节点来说是非常少的，可能只有十几个，因此可说并无数量上的安全防护机制，常见的POW共识演算法以全网算力来保护区块链，要发动有效攻击需要全网算力的一半以上，然而在联盟区块链中若不限制参与者，则有心发动攻击者要达到此条件并不困难，因此需要一个机制来控管参与者，并对参与者所能行使的行为做一个规范，这就是权限控管的概念。
在权限控管机制中，可针对区块链中常见的五种操作以及四种节点角色来规划，让管理者可依据不同的架构需求来设定角色，并针对不同目的的节点给予相对应的权限。这样就能有效保护区块链免于攻击，依据需求甚至可设定为区块数据不外流的架构模式。
区块链中常见的五种操作如下图4：

图4 区块链中常见的五种操作

依照这些操作再划分为四种节点和相关权限，如下图5：

图5 四种节点和相关权限

-联盟链系统建立初期，Administrator节点会建立相关权限。
-当节点A连接此联盟链时，节点A会向其他节点请求权限资讯，并且节点A将会依照此权限来运作。
-权限相关资讯必须由Administrator节点所签证，避免其他不具权限的节点发送权限资讯。
-在联盟链系统运行过程中，Administrator节点可以在任意时间改变权限。而此权限资讯将会传输到整个联盟链网路中，类似交易或区块讯息传输至整个网路。
-如果一个节点想要进行某个操作，除了此节点本身必须持有该权限之外，网路中其他节点也必须认可此节点确实拥有该权限。
-如果一个节点没有相对应的权限，但是它透过某种非法的修改，得以执行某个操作。

情境1：
(1)假设一个participant节点试图改变自己的节点权限，并且此权限讯息传输到联盟链网路中。
(2)其他节点将会拒绝此讯息，因为此讯息的发送者并没有此权限。
情境2：
(1)假设一个validator节点试图发布smart contract并认证此交易区块，且此区块讯息传输到联盟链网路中。
(2)其他节点将会拒绝此区块，因为此区块的发送者并没有此权限。

有了权限控管机制之后，我们可针对不同目的的节点给予相对应的权限，这和从网路层来做硬性限制是截然不同的，例如我们可设定任意节点皆可连线进入区块链并发出交易请求（手机轻量节点），然而未经授权的任意节点皆无法做认证（挖矿），这从基本上就阻断了51%攻击。对于要求做到数据不外流的联盟链，则可设定为不在白名单上的节点无法连线，这么一来其余的操作皆不可行，联盟链中的区块数据也能安全的守护。

7.2协定层舞弊侦测

区块链系统对于每个节点所扮演的角色、每种资讯的传递与验证都有明确的定义，但这不代表在看似一切合法的表象中，不存在有系统漏洞。为避免信赖节点遭到骇客入侵而做出违反公平性的操作行为，破坏企业／使用者对区块链系统的信任，必须发展协定层的舞弊侦测技术。在机制设计上，首先需要由区块链所有的节点共同搜集所观测到的区块链活动数据，再传送至特定伺服器进行数据的整合与深层分析，当发现有异常活动或攻击可能时，能即早发出系统警讯通知相关维护人员进行确认与处理，在骇客尝试的初期阶段便做出反应。
所谓的协定层，主要涵盖了数据传输、加密签名、数据储存、共识机制等技术，因此在舞弊的侦测设计便可由上述技术切入，发展对应的预防机制，例如在数据传输层面进行监控，计算分析每个节点的封包发送量并建立模型，当有节点出现高频率的封包量时，可合理怀疑是由骇客侵入所制造的阻断服务攻击；或是从共识机制出发设计舞弊预防策略，举例来说，若该联盟区块链所采用的共识演算法为POW，而POW共识机制在每个验证节点的算力相同的假设前提下，每个验证节点赢得区块写入权的机率理当趋近于随机分布，因此若有某个节点屡屡拿到区块链写入权，则代表该区块链系统已失衡，需要有适当技术与管理层面介入处理。

7.3实名认证

比特币、以太坊等以公有链为出发点的区块链大多为匿名制，但有越来越多的业者开始致力于发展实名认证的私有链／联盟链，以推动更多元之创新应用。特别是金融相关应用，更需要实名认证的技术来确保行为人／单位的可追溯性，此点可从2016年金管会公布的「金融科技发展策略白皮书」中，最为基础的便是建构整合安全的网路身份识别中心来得到验证。在实务的做法上可以在使用者／企业申请区块链帐号时，透过第三方认证单位（政府户政单位、自然人凭证系统、TWCA等）确认使用者／企业身份，将通过实名认证程序的用户凭证存入区块链，并藉由智能合约以及区块链的安全与信任机制管理用户凭证，提供API服务予应用端介接，作为应用服务「实名」认证使用。若要扩展到「实人」认证，则可结合生物辨识（例如人脸、声纹、指纹）等身分识别技术来进一步确认，甚至在申请区块链帐号／交易时，可再搭配要求申请者输入特殊语音内容／动作来证明申请者之身分与真实性。

7.4.隐私数据保护

区块链在最初的设计中，是以公开透明的角度为出发点，每个节点都可以存取所有的数据。但在联盟链中，特别是金融相关的需求，无法像公有区块链一般让所有节点都看到所有的交易数据，因此对于数据的隐私保护是无可避免的。而隐私数据的保护技术，主要可以分为两个层面来设计，首先为隔离层面，例如由国际各大银行区块链联盟R3所发展的区块链平台Corda，便设计可透过权限隔离的方式来达到隐私数据的保护，其做法概要来说，即各个节点之间的数据传输并非是向所有节点传递，只有交易的相关节点才能收到对应的数据，此外，Corda亦导入了公证人的角色（节点）来记录区块交易数据，亦即只有交易的公证人以及相关对象能够看到原始数据。另外则为加密层面，意即透过如PKI（Public Key Infrastructure，公钥基础设施）、多重签章等技术对交易／智能合约等内容进行加密，让仅有拥有密钥的交易相关对象可解密以保护数据的隐私性。
在加密的技术中，近几年区块链技术人员也尝试采用零知识证明（ZKPs, Zero Knowledge Proofs）技术来达到隐私数据的保护，概念上它允许证明者（Prover）与验证者（Verifier）可以取得一论述（例如谜题的解答）是真实／正确的共识，但却不需透露除了论述是真实的以外的任何讯息。上述的说明看起来很玄，举一个简单例子来让大家更理解零知识证明的概念，假设验证者需要确认证明者所提出的一份数独解答是否正确，则证明者可将解答以81个小纸片，每个小纸片都写了一个数字，依解答排列后将纸片背面朝上（让验证者看不到数字）。验证者要确认解答是否正确时，可依据数独的解题规则一次检查一行／一列是否符合1到9各出现一次的事实，在每次检查时，证明者会将该行／列的9张小纸片打乱／洗牌后再拿给验证者，检查是否1到9皆有出现。反覆进行此作业，则验证者可证明解答是对的，但却无从得知真正解答的样貌。透过此技术，可将交易参与者的身份与交易内容进行加密，在不公开交易相关数据的情况下维护区块链的安全。

7.5链上数据监控

除了上述介绍监控区块链系统运作公正性的技术外，对于区块链上所产生各种交易数据的监控以保障交易合法性与安全性，同样也是监管单位、服务营运商、甚至使用者重视的议题。在链上数据的监控技术上，支援视觉化的介面以呈现平台整体即时交易的负载状态是最基本的功能，以太坊、Hyperledger、Corda等区块链平台皆提供了视觉化的介面（Dashboard）来监视区块链上的交易现况、网络状态等资讯；此外，即时交易数据的合规性确认亦是技术上因应服务需求可强化之处，这部分可藉由智能合约中引入法律规则（例如金融交易需确认交易双方是否有通过身份／资产／所有权的认证、每人／每个企业在一日的交易上限等），或是使用者／企业自订可疑事件，来确保交易符合契约规则与法律规范，同时能在异常事件发生时发出警示通知，提供区块链服务除基础建设之监控外，应用服务面层级之运作与安全保障。

7.6异常交易侦测

交易数据的异常侦测，可简单分为规则模式（Rule-based）与数据驱动（Data Driven）模式两大类。规则模式包含上一小节提到的法规面规范，或是透过经验法则所定义出的规则，进行即时交易的异常侦测；数据驱动模式则是透过人工智能、智能运算、机器学习等方式对交易的大数据进行分析，线下（Offline）自动搜寻可能的异常交易样态（Pattern），在此数据驱动模式之下，还能进一步以侦测对象的差异性将技术分为个人化的异常交易侦测与群众式的异常交易侦测。个人化的异常交易侦测着重在理解个人的交易行为，包含交易对象的范围、交易的数位资产类型与数量、交易的频率等习性，建立个人化的行为模型以侦测异常的交易事件；群众式的异常交易侦测技术则是追求从错综复杂的多帐号、多交易的长时间累积数据中，分析交易间的关联与脉络，挖掘出类似洗钱、诈欺等可能异常的交易样态。而所侦测到的个人／群​​众式异常样态，可反馈给链上数据监控系统（例如可疑的帐号ID、交易的时间点、甚至是交易的地点等），以Offline-to-online的方式提供舞弊／洗钱／诈骗等复杂异常交易之侦测模组，提高区块链上交易风险控管的有效性。

8. 为什么要用区块链？

与传统数据库相比，区块链的处理速度是慢很多的，那么除了上面提到的值得信任与不可窜改性以外，区块链还有什么优点呢？为何要选择使用区块链？
区块链还有一个优势是智能合约的成形，将在下一节介绍，在此我们先说明一个重要观念，实务上并非所有的情境都适合使用区块链，或可以说以目前的处理速度与复杂度而言，大部分的应用都还不适合，但还好Bitcoin与Ethereum已提出闪电网路与分片处理等技术，在未来可望能大幅提高每秒交易次数，但即使如此由于区块生成时间的先天限制，仍与传统数据库的即时性与处理速度相距甚远，所以有些应用仍旧是使用传统数据库较有优势的，在此不做技术性的深入探讨，以实际举例来说明，例如线上即时策略游戏，若将玩家数据储存于传统数据库则所有其它玩家的行动所参照到的数据都会是非常即时的，但若储存在区块链，则有可能发生赖以做出判断的数据依据，是较旧的数据，因最新数据尚未同步至整个区块链，也尚未写入区块，若要等待同步时间确认时间，则游戏体验将会非常差，所以对于「即时性」需求非常高的应用类型就不适合，但两者是可相辅相成的，例如每隔一段时间就将传统数据库的数据同步至区块链上做保存，以确保玩家数据永远不会因为任何意外而消失，甚至直到游戏公司倒闭后仍会继续存在。
相反的例子则是如世界性的电子钱包系统，就非常适合使用区块链，首先它确保了钱包内的有价物是有凭有据的，且无任何实体单位能掌控或拿走它，透过此电子钱包所进行的交易无法造假或涂改，对交易双方而言都同样的有保障，且无论交易对象身在世界何处，都能迅速完成。
然而还有一个重点必须阐明，才能真正理解为什么要使用区块链，那就是智能合约的价值。

9. 什么是智能合约（Smart Contract）？

在解释智能合约之前先举个例子，我和麦可打赌一百元今天12点整美元兑台币为多少，我赌小于等于30.91，麦可赌大于30.91，则我们有三种方式来完成赌注：
( 1)我和麦可为此签订合约，依据合约输的一方要付钱给赢的一方，但万一输的一方届时不愿意付，则赢方可能要花时间花钱去打官司，只为了一百元似乎不值得。
(2)我和麦克彼此信任，若双方是好朋友这可能是个不错的方式，但若是陌生人呢？在电子论坛的留言板常见各种下注，但实际上都是无法兑现的。
(3)找一个中立的第三者，我们先各自交一百元给他，但这个中立的第三者有私吞两百元的可能。

以上是常见的情况，交易双方是陌生人无法互相信任，而智能合约可以实现中立第三者的角色，且决不会私吞，完全依据合约订定的程式码来执行，当智能合约成立时向双方收取一百元，等12点整一到自动查询央行的汇兑率，并将两百元汇到赢家的帐户中。
可知智能合约兼具安全、快速、和便宜等特性，且小至1元的打赌，大至千万或上亿元的买卖，都能被安全执行。
而智能合约不只是一个可以自动执行的程式，它自己就是一个参与者，可以接受和储存讯息以及有价物，也可以发送讯息和有价物，并总是按照事先的规则执行操作。

9.1充满无限想像的智能合约

虚拟货币系统将交易纪录在区块链的去中心化数据结构之中。虚拟货币始祖比特币支援基本的脚本语言（Script）以自动化处理交易数据。以太坊则更进一步地提供图灵完备（Turing Complete）的程式语言，能够将全世界的所有合约以程式方法重新撰写，因此开启人们对于智能合约的无限想像，目前有数以百计的智能合约正自动地执行于以太坊区块链网路上。
智能合约由电脑程式语言编写而成，能够自动执行在去中心化的区块链网路节点之中，负责处理与转移具有实际价值的数位资产。以太坊提供一种名为Solidity的程式语言，专门用来撰写智能合约，让开发者可以撰写如：电子投票、拍卖、电子商务、小额付款等智能合约，甚至可以开发一个全部由程式码组成的无人公司。除正确执行的基本需求之外，如何安全地实作智能合约更是成败的关键。

9.2价值五千万美金的程式漏洞

在2016年6月，The DAO是全世界第一个以智能合约组成的无人公司，同时也是史上募资金额最高（约1亿5千万美元）的群众募资公司，然而由于智能合约原始码存在数个资安漏洞，才刚开始运作即遭到骇客攻击，盗走价值约5千万美金的虚拟货币ETH。此事件成为开启智能合约资安研究的契机，许多资安专家纷纷投入发展智能合约的资安工具。比起人工验证方法，形式化验证（Formal Verification）更可以涵盖所有的测试案例，且自动化执行提升测试效率，目前研究显示The DAO的资安漏洞可以被正确地检验出来[2]。另一方面，由智能合约专家研发的Zeppelin程式框架（Framework），则是提供基本的无漏洞的智能合约函式库（Library），让开发者有迹可循的开发出无资安漏洞的智能合约[3]。

9.3开发智能合约超轻松

只要简单两步骤就可以马上开发智能合约，首先，安装MetaMask[10]，这是一个Chrome的套件，所以你要先安装Chrome，再安装MetaMask，装完之后Chrome右上角就会有只可爱的狐狸跑出来，如图7所示，开好帐号之后就可以进入下一步。
接着使用Google Chrome浏览器开启Ethereum基金会提供的网页版Solidity编辑器[11]，此编辑器可将开发的程式码编译成EVM （Ethereum Virtual Machine）看得懂的bytecode。这边使用Solidity开发文件[12]中的第一个范例来示范，只要依照图8的操作步骤，就可以轻易的部署智能合约至区块链进行测试。

在Browser-solidity按下Create之后，会自动透过MetaMask发送交易讯息，此时会跳出如图9最左边的确认视窗，按下Accept就会将创建此智能合约的交易发送出去，接着等交易被收到区块之后即完成。

回到Browser-solidity，看到多出两个合约定义的function可以使用如下图10，constant function可以直接呼叫，不需要发出交易，其他的function一样会透过MetaMask发出交易。

10. 异质区块链介接

随着区块链技术越来越受到关注，更多数位货币与区块链平台也不断被发展出来，这些新的平台技术，除了修正与强化早期区块链平台（如比特币）的不足外，特别在联盟链中，更容易出现专为某种应用服务需求所设计的区块链平台。当各种金融服务、物联网服务、医疗服务等资源建立在不同的区块链，甚至同类型的服务（例如金融服务）因不同业者／组织／地域性／国家而建立在不同的区块链，为了避免每个区块链闭锁性的运作造成了创新应用的发展阻碍与限制，连结异质区块链并能协同运作便成为了区块链技术发展一重要议题。
过往谈到异质区块链的介接，大多是环绕在比特币之上（这是由于比特币经历过最长久的市场考验，即使存在一些缺点与限制，但其仍是最去中心化、最公平的区块链），例如Blockstream所发展的元素链、ConsenSys的BTC Relay等侧链（Sidechain）技术都是以比特币为出发点。元素链提供了一种交互协议，透过双向锚定（Two-way Peg）技术让新的链（侧链）可以跟原始的链（主链）连接起来，并允许数位货币可以在两者之间相互转移，而不让币的价值与总量受到影响；BTC Relay则是透过以太坊的智能合约，将以太坊与比特币的区块链透过一种安全去中心化的方式连结起来，让以太坊的用户能用比特币来进行交易。
而针对不同区块链之间的价值交换的需求，Ripple公司基于对金融产业市场的了解，发现金融单位倾向建置自己的区块链环境发展自有服务，因此提出了互联帐本协议（Interledger Protocol, ILP），希望透过第三方「连接器」或「验证器」来达到货币的自由传递，在此机制下，两边的记帐系统皆不需信任「连接器」，因为在ILP中已定义了加密机制，并且为两边的记帐系统创建管理信托资金，以达到交易双方在对资金达到共识时便能直接进行资金转换，这与现有金融体系的处理方式是相当类似的。除了上述几项较常见的异质区块链介接技术外，Polkadot、Bletchley、Factom也都是基于不同的角色分工／信任转移等观点所设计的技术解决方案。

11. 小额交易与打赏

在有区块链之前，即时性的小额交易是难以实现的，例如听一首音乐或看一篇文章0.1元，光是转帐的费用就高出不知多少倍，所以往往变成需要先储值例如三百元的点数，但若从头到尾就只听了一首歌，剩余的点数多半也拿不回来了。
而在区块链兴起后，连打赏这样的事情都变为可能，甚至已成为使用区块链先驱者们的一股风气。打赏指的是，在看完某样创作例如文章、音乐、影片、生放送表演后，不只是想对作者按个赞，还想实质给予鼓励时，所给予的任意金额奖励，小至即便只是0.001元这样的数字，区块链都能迅速的达成任务。

12. 创作记录

创作历程之举证是著作权当中的核心关键，底下列举几个目前的实际应用：
Blockai —美国，此服务透过影像比对技术建立创作与著作权人之关联，纪录于区块链中，虽无法定证据效力但可做为有力证据使用。

Verisart—美国，透过提供创作工具更进一步纪录创作历程细节，除了创作内容外更可包含如创作时间、地点等资讯，透过行动装置与区块链结合，使其不受地点与时间提供服务[5 ]。
Ascribe—德国，可分享与追踪创作交易状况，并提供如真实性验证、发行数量管制等服务，基本服务与Blockai相同[6]。
Law4tw—台湾，透过网页上传单一档案，产生档案指纹码以及纳入区块链，声明单一档案当下存在状态（收费服务，单一文件$399） [7]。

13. 区块链特性总结

在上面我们已解释了区块链的诸多特性，兹整理如下：
(1)数据无法被篡改，因此值得信任
(2)本质为分布式数据库，难以被单一实体垄断掌控
(3)数据安全、透明、可永久记录
(4)可担任公正的第三方
(5)区块链由参与成员共同维护、记录分布式数据库，参与成员可即时追踪和掌握有价物的移转及交易纪录
在了解区块链的本质后，不难理解为何它被誉为Internet问世以来最具影响力的发明，在近未来也许将出现一波金融革命，并改变我们常用的交易行为，甚至改变整个世界的运作方式。

Blockchain is initially and literally defined as a series of related data blocks generated using cryptographic methods, connected back and forth, and stored in multiple distributed nodes. It is almost impossible to tamper with historical data. Due to this characteristic, the most well-known and first well-known application is the Bitcoin transaction ledger. However, before talking about cryptocurrency (Cryptocurrency), we should still start with To understand the blockchain itself, especially since the development of blockchain, great progress has been made in the concept and technology of smart contracts, and it has been able to develop diversified applications. The evolution of blockchain since 2009 is shown in Figure 1 below. According to the report, the countries where blockchain is currently more active include: the United States, Japan, China, Russia, Israel, Estonia, Denmark, Sweden, South Korea, the Netherlands, Finland, Canada, the United Kingdom, and Australia.

Each block in the blockchain records several pieces of information. For example, the information contained in each block of the Bitcoin blockchain includes: Block Size , block header (Block Header), the number of transactions contained in the block (Transaction Counter), and each transaction information (Transactions) included in this block, as shown in Figure 2.

The Version value in the Block Header of each block is the software version that regulates this block; there is a set of Previous Block Hash values ​​(256 Bits), which is the hash of the Block Header of the previous block. Function, which allows each block to have an invisible link (blockchain) with the data of the previous block, and ensures the accuracy of the block sequence and historical records. Merkle root is the hash value (256 Bits) calculated from the hash values ​​of all transactions included in this block. This mechanism can simplify downloading transaction data over the Internet and ensure safe and correct verification. Time Stamp is the number of seconds from "1970-01-01 T00:00 UTC" to "now". Difficulty is a measure of the difficulty of finding a Hash value under a given target. The Difficulty value is updated every 2016 blocks. Nonce is a random number. Change this value to recalculate the Hash value for the block until you find the Hash value that contains the required number of Leading Zeros. The required number of zeros is determined by Difficulty. The resulting Hash must be less than the current Difficulty value, so there must be a certain number of leading zero bits in order to be less than that value. Since this kind of iterative calculation requires time and resources, we call the resource of this kind of computing power computing power. The greater the computing power you have, the more likely it is that you canThe faster we can find this answer, but in fact it is impossible to predict which computing node can find it fastest, so this method has the required randomness. In the following chapters, we will explain how a blockchain using this mechanism can avoid Dominated or attacked by a single group.

1. Why is the blockchain trustworthy?

Here we first introduce the principles of blockchain, explain why it deserves people’s trust, and why the transaction ledger built on it, such as Bitcoin, has not been able to be broken or tampered by any hacker after so many years. any data on it.
As shown in Figure 3, the data blocks of the blockchain are related to each other. If a hacker tampered with block T in the historical data, all blocks after T need to be recalculated and tampered with. To comply with the rules. Recalculation here means that since the blocks are all cryptographically protected, if block T+1 and block T can pass the verification, the hacker needs to recalculate the consistent solution, even if only one block is counted. It also requires considerable computing power, not to mention recalculating all subsequent blocks.

And since all data blocks are stored in many nodes, modifying only the data blocks on a few nodes will also have no effect.

2. Possible attack methods and required costs

So if a hacker wants to modify the block currently being generated, is it possible?

Try 1. Hackers want to forge the content of a certain transaction data

However, since each transaction data is cryptographically protected by the visa, no one except the owner of the visa can Can't be faked. And even the owner of the visa can only make additional updates to his own transactions and cannot modify the data written to the blockchain. Other users have no ability to modify this transaction.

Attempt 2. The hacker modified the data content of the current block and intended to write it into the blockchain
We explained in Attempt 1 that hackers cannot forge other people’s transaction data. The modification here refers to, for example, after a hacker spends a sum of money to order a certain product, and then transfers the money as if it has not been traded on the node under his control, that is, the money is transferred. Money is spent twice, this attack technique is called Double Spending.

Double Spending is not impossible. Before explaining this attack, we need to briefly introduce a consensus mechanism such as the most common POW (Proof-of-work), which means proof of computing power. We have introduced the concept of computing power at the beginning of this article. In the network environment, nodes or IPs can be forged and stolen. Hackers can use a few servers to pretend that they have 10,000 nodes. When the area When the blockchain votes on who has the right to write the current block, it has a greater chance of being selected. However, the commonly used POW mechanism can effectively prevent this method, because it requires each node to prove that it indeed has a considerable level of computing power. Hacking Although customers can disguise one server as 10,000 nodes, the total computing power is still only one server. The Bitcoin network has 6,000 nodes.Estimating based on nodes, a hacker needs to have the computing power equivalent to 2,500 nodes to have a 50% chance of obtaining the current block writing right. And since transactions usually require at least six verifications, only obtaining the writing right once will not Not enough. Hackers must obtain six write rights to complete such an attack. The cost is too high and if they have such computing power, in fact, the "good guys" who join the Bitcoin network can directly obtain a considerable amount of money. The reward amount, the act of joining the "good guys" is commonly known as mining.

3. What is mining/mining?

The Bitcoin or Ethereum network is composed of about 6,000 nodes. These nodes are scattered around the world and are difficult to be controlled by a single organization. Therefore, The blockchain network can be regarded as the best distributed database. These nodes continuously verify all transaction data and save all transaction records. The motivation behind this is that it can obtain quite good economic rewards, which is enough to cover its hardware costs and Electricity expenses.
Above we introduced the POW consensus mechanism. Its principle is to generate the next mathematical problem based on the data of the current block. The behavior of all nodes trying to solve the problem is called mining. Among the six thousand nodes The first lucky person to solve it will get the right to write the next block and the reward. We mentioned above that if a hacker has the computing power to obtain six write rights, based on the current price at the time of writing, he can obtain a legal reward of 75 Bitcoins equivalent to NT$2.49 million. Therefore, top computing All power holders join the ranks of miners, which makes its protection stronger, because it is difficult for other hackers who want to try to attack to catch up with such a total computing power.

4. Consensus mechanism

The consensus mechanism can be said to be one of the core components of the blockchain, but why does the blockchain need a consensus mechanism?
In the current banking system, transactions between depositors can be verified through audits without any doubts. This is a centralized operating model. Everyone believes that the central system of the bank will not make false accounts. It is worthwhile trust. But there is no such centralized role in the blockchain. It itself is a decentralized ledger. For a large blockchain like Bitcoin or Ethereum, there are six to seven thousand nodes, each of which Nodes have different order choices for what accounts should be recorded at the moment, so which node version should prevail? And there may even be fake ledgers mixed with malicious nodes. How to avoid fake ledgers and obtain the approval and records of the majority of nodes at the same time. This method and process is the consensus mechanism.

The following will briefly introduce several common consensus mechanisms and analyze their advantages and disadvantages:
4.1. POW (Proof-of-work) computing power proof
The above has been It has been introduced that POW can effectively prevent malicious attacks. The principle is that each node uses computing power to solve problems to compete for the right to write the current block. The person who solves the answer fastest will combine the answer with the transaction content of his own choice (also (that is, the content of the current block) is published to other nodes for verification. If other nodes verify that the content of the block is correct and agree that he is the earliest solver, they will join this chain and store the content of this block, and use this to distinguishUse the content of the block as a basis to start solving the next question.

The advantages of POW are:
(1) It is the most secure public chain consensus mechanism
(2) The mechanism is relatively simple and easy to implement
(3) Relatively fair Mining mechanism (that is, the generation and distribution of cryptocurrency)
The disadvantages of POW are:
(1) It consumes a lot of energy, and computing power is created at the expense of energy consumption
(2) ) The confirmation time of the block is difficult to shorten
(3) Forks may occur, and multiple confirmations need to be waited for to complete the transaction
(4) Based on (3), theoretically we can say that POW has no finality , because a longer chain may always appear to replace the current ledger, but in fact its probability has approached 0 after six confirmations

4.2. POS (Proof-of-stake) Proof of Stake
How does POS specifically select the writer of the current block? If the person with the highest equity is always selected, the member with the most currency will always have exclusive writing rights. Therefore, the following two methods are usually implemented:
(1) Random selection method:
Generate random numbers, And random numbers are used with specific formulas to select writers. Only those with the highest rights will still have a greater chance of being selected.
(2) Selection method based on currency age:
This method is used to improve the situation of Evergrande. For details, please refer to Peercoin’s approach. Write rights can be added after the currency is held for more than 30 days. Competition, multiply the number of each batch of currencies by the number of holding days, and you can get a number. The larger the number, the higher the probability of being selected as a writer, and once the writing right is obtained, the number of this batch of currencies will be The coin age will be reset to zero and it must be held for another 30 days before it can be re-added to the calculation. However, there is an upper limit to the above-mentioned numbers. Coins that are older than 90 days will not be able to further increase the probability. Holding a large amount of currency may also reach the maximum probability. This method can effectively improve the centralization situation and greatly increase the difficulty of attacks. [8]

The advantages of POS are:
(1) There is no need to compete for computing power, so it consumes low energy
(2) Members competing for writing rights must own currency. Therefore, rather than destroying, they would rather protect the system to avoid the evaporation of currency value
(3) Compared with POW, the same scaleThe hardware budget can protect more on-chain assets
The disadvantages of POS are:
(1) Members with interests may not want to participate in accounting
(2) Obtain writing rights If a bad guy wants to rewrite another fake chain, he only needs to spend a small amount of computing power, which may lead to a successful double spending attack
(3) The cost of doing bad things is very low, and there is no punishment mechanism
(4 ) Based on the above (2) and (3), the implementation of POS requires other mechanisms to improve this situation, and is therefore more complicated than POW

4.3. DPOS (Delegated-proof-of-stake) Proof of Rights Authorization
As mentioned above, one of the shortcomings of POS is that members with rights and interests may not want to participate in accounting. DPOS can solve this problem. It is similar to the democratic representative system. It first selects bookkeepers through proof of rights and interests. Account participants (verification nodes), and then through the operation mechanism, these verification nodes compete for the right to write blocks. At the same time, due to the significant reduction in the number of verification nodes, consensus can be reached quickly.
Currently, Bitshares and Ethereum have proposed DPOS consensus mechanisms. In order to solve the shortcoming of the above-mentioned POS consensus that the cost of doing bad things is very low, Ethereum proposed a method that requires those who intend to participate in the verification node to pay a deposit (cryptocurrency) before they can participate. If the verification node violates the rules and participates in fraud or attack, or even just does something that the system deems "invalid", the deposit will be confiscated. This consensus mechanism is called Casper, and Ethereum claims that it will be implemented at an appropriate time in the future. Casper is used as the consensus algorithm.
Casper is not just a DPOS, it actually refers to the PBFT mechanism for improvements. Pure DPOS, like POS, will have forks and cannot be final. Casper uses an improved mechanism to ensure the finality of the block. If an attack does occur, two blocks of the same height will be finalized. If at least one-third of the verification nodes violate the rules, the deposits of these nodes will be confiscated, which may be worth tens of millions of dollars. As these cryptocurrencies disappear from the market, the price of the currency will rise. , which may replace the previous method of initiating an emergency hard fork to correct the attack. [9]

In addition to the advantages of POS, OS also has:
(1) Reduce the number of participating verification nodes and greatly increase the consensus speed
The disadvantages of POS are:< br />(1) Must rely on cryptocurrency, but in many cases today there is no cryptocurrency in the alliance chain
(2) Excluding Casper, most DPOS still cannot have block finality

4.4. PBFT (Practical-byzantine-fault-tolerance) Practical Byzantine Fault Tolerance Algorithm
The consensus mechanisms introduced above are all more suitable for public chains, while PBFT is a consensus mechanism more suitable for alliance chains. PBFT uses a mathematical proof model to verify its speed and fault tolerance in achieving consensus. When it is within its fault tolerance range, it can be proved that the system cannot be forked. The above-mentioned POW or POS can systematically prevent hackers from forging a large number of useful Verification nodes, however, native PBFT does not have this capability, but if used in a consortium chain, this problem will be naturally solved because the members and nodes of the consortium chain are already screened and verified.

The advantages of PBFT are:
(1) The system cannot be forked within the fault tolerance range
(2) The system can tolerate any type of error within the fault tolerance range
>(3) Verification and consensus are extremely fast
(4) There is no need to compete for computing power, so energy consumption is low
(5) Based on the aforementioned point (1), blocks are final
The disadvantages of PBFT are:
(1) If more than 1/3 of the verification nodes fail, the system cannot continue to operate
(2) There is no ability to prevent hackers from forging a large number of verification nodes

5 .Anonymity and Privacy

On public chains such as Bitcoin and Ethereum, each user is anonymous and difficult to be traced or linked to his or her real identity, making it a common choice for illegal activities. Bitcoin is a trading medium, but governments of various countries cannot control the blockchain and cannot technically ban it. Therefore, the response measures taken are controlled from the entry/exit points of legal currencies. Cryptocurrency transactions rely on exchanges. To exchange cryptocurrencies with legal tender on an exchange, you must go through a bank that the exchange cooperates with. Therefore, governments currently monitor the flow of funds from cooperative banks, and each deposit must be proven to be legal. In order to prevent money laundering and other activities, large-amount withdrawals are also monitored. However, some exchanges that deliberately avoid monitoring will constantly change their cooperative banks. These cooperative banks are usually located in small countries overseas that have no diplomatic relations to avoid track.
Although users are anonymous, on the public chain, each user's transactions and balances are completely transparent and can be queried by anyone, including historical transactions since the creation of the world. Many large players are not aware of this. Open multiple electronic accounts to disperse transactions and balance custody. As long as you are confident that you can manage multiple sets of encrypted visa keys, the blockchain does not limit the upper limit of accounts that each person can open.
When the banking industry considers using blockchain technology to save transaction data, the above-mentioned anonymity and privacy become an issue, because banks need controllable anonymity and privacy, that is, users can give consent Objects verify their true identity, and non-consenting objects cannot query their historical transactions or balances. Blockchains that can do this are alliance chains, or private chains.

6. What is a consortium chain/private chain?

The characteristic of the alliance chain/private chain is that only nodes with consent can join as verification nodes, which means that all verification nodes are usually members of the alliance, know each other's true identities, and jointly maintain a blockchain . Compared with public chains, such blockchains are less decentralized and less decentralized. This does not refer to the difference in quantity, but because the alliance chain is collectively controlled by the alliance, including the members. Joining requires review, the overall operating model can be defined and changed, etc.
If this is a consortium chain formed by the banking industry, ordinary depositors usually do not care whether the bank uses traditional databases or blockchains behind it, but they can still feel the benefits. For example, in the past, wire transfers were made to Overseas banks usually take 2 to 7 days, but using blockchain only takes tens of seconds.
In addition, the number of nodes in the alliance chain is much smaller than that of the public chain, usually only tens to hundreds. The above-mentioned POW consensus mechanism has security concerns, so it is necessary to Additional security protection systems and measures, such as permission control, will be introduced in the next section.

7. Alliance Blockchain Supervision Technology

As mentioned above, because enterprises attach great importance to transaction processing speed, protection of private data, and even compliance requirements for commercial applications (such as financial transactions, etc.), therefore More and more enterprises tend to use the design concept of alliance chain to stack application services on it. Of course, in order to stack up a variety of diverse services, in addition to the underlying alliance chain basic environment, many key technologies must also be developed in the blockchain architecture or the intermediary layer connecting the blockchain in response to enterprise needs, including the most One of the most widely discussed technological development issues is regulation. Under this topic, it can be further subdivided into monitoring and management technologies for the security of blockchain systems, including authority control and protocol layer fraud detection technologies; and technologies related to blockchain transaction security, including real-name authentication, Technologies such as privacy data encryption, on-chain data supervision and abnormal transaction detection.

7.1. Permission control
The number of nodes in the alliance blockchain is very small compared to the 6,000 nodes in the public chain, maybe only a dozen, so it can be said There is no quantitative security protection mechanism. The common POW consensus algorithm uses the computing power of the entire network to protect the blockchain. To launch an effective attack, more than half of the computing power of the entire network is required. However, if participation is not restricted in the alliance blockchain It is not difficult for an attacker who intends to launch an attack to achieve this condition. Therefore, a mechanism is needed to control participants and regulate the behaviors that participants can perform. This is the concept of permission control.
In the permission control mechanism, five common operations and four node roles can be planned in the blockchain, allowing managers to set roles according to different architectural requirements and target nodes for different purposes. Grant corresponding permissions. This can effectively protect the blockchain from attacks, and can even be set to an architectural mode in which block data is not leaked according to needs.
The five common operations in blockchain are as shown in Figure 4:

Figure 4 Five common operations in the blockchain

According to these operations, they are further divided into four types of nodes and related permissions, as shown in Figure 5 below:

Figure 5 Four types of nodes and related permissions

-In the early stages of establishing the alliance chain system, the Administrator node will establish relevant permissions.
-When node A connects to this alliance chain, node A will request permission information from other nodes, and node A will operate according to this permission.
-Permission related information must be signed by the Administrator node to prevent other nodes without permission from sending permission information.
-During the operation of the alliance chain system, the Administrator node can change permissions at any time. This permission information will be transmitted to the entire alliance chain network, and similar transaction or block information will be transmitted to the entire network.
-If a node wants to perform a certain operation, in addition to the node itself having to hold the permission, other nodes in the network must also recognize that the node does have the permission.
-If a node does not have the corresponding permissions, but it is able to perform an operation through some illegal modification.

Scenario 1:
(1) Assume that a participant node attempts to change its node permissions, and this permission information is transmitted to the alliance chain network.
(2) Other nodes will reject this message because the sender of this message does not have this authority.
Scenario 2:
(1) Assume that a validator node attempts to issue a smart contract and authenticate this transaction block, and this block message is transmitted to the alliance chain network.
(2) Other nodes will reject this block because the sender of this block does not have this authority.

With the permission control mechanism, we can grant corresponding permissions to nodes with different purposes. This is completely different from imposing hard restrictions on the network layer. For example, we can set any Nodes can connect to the blockchain and issue transaction requests (mobile lightweight nodes). However, any unauthorized node cannot perform authentication (mining), which basically blocks 51% attacks. For alliance chains that require no data leakage, nodes that are not on the whitelist can be set to be unable to connect. In this way, other operations are not feasible, and the block data in the alliance chain can also be safely protected.

7.2 Protocol layer fraud detection

The blockchain system has a clear definition of the role of each node, the transmission and verification of each information, but this It does not mean that there are no systemic loopholes in everything that seems to be legal. In order to prevent trusted nodes from being invaded by hackers and conducting operations that violate fairness and destroying the trust of enterprises/users in the blockchain system, fraud detection technology at the protocol layer must be developed. In terms of mechanism design, firstFirst, all the nodes in the blockchain need to jointly collect the observed blockchain activity data, and then send it to a specific server for data integration and in-depth analysis. When abnormal activities or possible attacks are found, the system can be sent out as soon as possible. The alert notifies relevant maintenance personnel for confirmation and processing, and responds at the early stage of the hacker attempt.
The so-called protocol layer mainly covers technologies such as data transmission, encrypted signatures, data storage, and consensus mechanisms. Therefore, the above-mentioned technologies can be used in fraud detection design to develop corresponding prevention mechanisms, such as at the data transmission level. Monitor, calculate and analyze the packet sending volume of each node and build a model. When a node has a high frequency of packet volume, it can be reasonably suspected to be a denial of service attack caused by hackers; or it can be designed based on the consensus mechanism. Fraud prevention strategy, for example, if the consensus algorithm used by the alliance blockchain is POW, and the POW consensus mechanism assumes that each verification node has the same computing power, each verification node wins the block write The probability of rights should be close to random distribution, so if a node repeatedly obtains the right to write to the blockchain, it means that the blockchain system is out of balance and requires appropriate technical and management intervention.

7.3 Real-name Authentication

Bitcoin, Ethereum and other blockchains based on public chains are mostly anonymous, but more and more industry players are beginning to work on Develop real-name authenticated private chains/consortium chains to promote more diverse innovative applications. In particular, financial-related applications require real-name authentication technology to ensure the traceability of actors/units. This can be seen from the "Financial Technology Development Strategy White Paper" published by the Financial Supervisory Commission in 2016. The most basic one is to build integrated security. Network Identity Center to get verified. In practical terms, when a user/enterprise applies for a blockchain account, the identity of the user/enterprise can be confirmed through a third-party authentication unit (government household registration unit, natural person certificate system, TWCA, etc.), and the user/enterprise who has passed the real-name authentication process will be User credentials are stored in the blockchain, and the user credentials are managed through smart contracts and the security and trust mechanisms of the blockchain, and API services are provided for application interfaces to be used as "real-name" authentication for application services. If you want to expand to "real person" authentication, you can combine it with biometrics (such as face, voiceprint, fingerprint) and other identity recognition technologies for further confirmation, and even when applying for a blockchain account/transaction, you can also require the applicant Enter special voice content/actions to prove the identity and authenticity of the applicant.

7.4. Privacy data protection

In the original design, the blockchain was based on the perspective of openness and transparency, and each node can access all data. However, in consortium chains, especially for financial-related needs, it is impossible to allow all nodes to see all transaction data like public blockchains, so data privacy protection is inevitable. The privacy data protection technology can be mainly designed at two levels. The first is the isolation level. For example, it is developed by various international organizations.The blockchain platform Corda developed by R3, a major bank blockchain alliance, is designed to protect private data through permission isolation. In summary, the method is that the data transmission between each node is not to all Node transmission, only the relevant nodes of the transaction can receive the corresponding data. In addition, Corda also introduces the role of the notary (node) to record the block transaction data, that is, only the notary of the transaction and related objects can see the original data. . The other is the encryption level, which means that transactions/smart contracts and other contents are encrypted through technologies such as PKI (Public Key Infrastructure) and multi-signature, so that only transaction-related objects with the key can decrypt it. To protect the privacy of data.
In encryption technology, in recent years, blockchain technicians have also tried to use zero-knowledge proofs (ZKPs, Zero Knowledge Proofs) technology to protect private data. Conceptually, it allows provers (Prover) and verification A Verifier can obtain a consensus that a statement (such as a solution to a puzzle) is true/correct without revealing any information other than that the statement is true. The above explanation seems very mysterious. Let's give a simple example to let everyone better understand the concept of zero-knowledge proof. Assume that the verifier needs to confirm whether a Sudoku solution proposed by the prover is correct. The prover can use 81 Small pieces of paper. Each small piece of paper has a number written on it. Arrange the pieces according to the answer and turn the back of the paper upward (so that the verifier cannot see the number). When the verifier wants to confirm whether the solution is correct, he can check one row/column at a time according to the Sudoku problem-solving rules to see if 1 to 9 each appear once. During each check, the prover will add 9 pieces of the row/column. The small pieces of paper are scrambled/shuffled and then given to the verifier to check whether all 1 to 9 appear. By repeating this operation, the verifier can prove that the answer is correct, but there is no way to know what the real answer looks like. Through this technology, the identities of transaction participants and transaction content can be encrypted to maintain the security of the blockchain without disclosing transaction-related data.

7.5 On-chain data monitoring

In addition to the above-mentioned technology for monitoring the fairness of the operation of the blockchain system, there is also the monitoring of various transaction data generated on the blockchain. Ensuring the legality and security of transactions is also an issue that regulatory agencies, service operators, and even users attach great importance to. In terms of on-chain data monitoring technology, supporting a visual interface to present the overall real-time transaction load status of the platform is the most basic function. Blockchain platforms such as Ethereum, Hyperledger, and Corda all provide visual interfaces (Dashboard). To monitor the transaction status, network status and other information on the blockchain; in addition, the compliance confirmation of real-time transaction data is also an area that can be technically strengthened in response to service needs. This part can be introduced into smart contracts by legal rules ( For example, financial transactions need to confirm whether both parties to the transaction haveThrough authentication of identity/assets/ownership, daily transaction limit for each person/enterprise, etc.), or users/enterprises customizing suspicious events, we ensure that transactions comply with contract rules and legal regulations, and at the same time, we can deal with abnormal events A warning notification will be issued when an event occurs, and blockchain services will be provided with not only infrastructure monitoring, but also application service level operation and security protection.

7.6 Abnormal transaction detection

Abnormal detection of transaction data can be simply divided into two categories: rule-based mode and data-driven mode. . The rule model includes the legal specifications mentioned in the previous section, or rules defined through rules of thumb to detect anomalies in real-time transactions; the data-driven model uses artificial intelligence, intelligent computing, machine learning, etc. Analyze the big data of transactions and automatically search for possible abnormal transaction patterns offline. Under this data-driven model, the technology can be further divided into personalized ones based on the differences in detection objects. Abnormal transaction detection and mass-based abnormal transaction detection. Personalized abnormal transaction detection focuses on understanding personal transaction behavior, including the scope of transaction objects, types and quantities of digital assets traded, frequency of transactions and other habits, and establishing a personalized behavioral model to detect abnormal transaction events; the public The traditional abnormal transaction detection technology seeks to analyze the correlation and context between transactions from the intricate long-term accumulated data of multiple accounts and multiple transactions, and dig out possible abnormal transaction patterns such as money laundering and fraud. The detected individual/mass abnormal patterns can be fed back to the on-chain data monitoring system (such as suspicious account IDs, transaction time points, and even transaction locations, etc.) to offline-to- The online method provides detection modules for complex abnormal transactions such as fraud/money laundering/fraud, improving the effectiveness of transaction risk control on the blockchain.

8. Why use blockchain?

Compared with traditional databases, the processing speed of blockchain is much slower. So in addition to the trustworthiness and immutability mentioned above, what other advantages does blockchain have? Why choose to use blockchain?
Another advantage of blockchain is the formation of smart contracts, which will be introduced in the next section. Here we first explain an important concept. In practice, not all situations are suitable for using blockchain, or it can be said that at present In terms of processing speed and complexity, most applications are not yet suitable, but fortunately Bitcoin and Ethereum have proposed technologies such as lightning network and sharding processing, which are expected to significantly increase the number of transactions per second in the future, but even Due to the inherent limitation of block generation time, it is still far away from the real-time and processing speed of traditional databases. Therefore, some applications still have advantages in using traditional databases. We will not go into technical in-depth discussion here, but use practical examples. Note that, for example, in an online real-time strategy game, if player data is stored in a traditional database, all other players’ actions will beThe data captured will be very real-time, but if it is stored in the blockchain, it may happen that the data basis for making judgments is older data, because the latest data has not yet been synchronized to the entire blockchain and has not yet been When writing blocks, if you have to wait for the synchronization time to confirm the time, the game experience will be very poor, so it is not suitable for application types with very high "immediate" requirements, but the two can complement each other, such as every once in a while The data of the traditional database is synchronized to the blockchain for storage to ensure that player data will never disappear due to any accident and will continue to exist even after the game company goes bankrupt.
The opposite example is the worldwide electronic wallet system, which is very suitable for using blockchain. First of all, it ensures that the valuables in the wallet are documented and no entity can control or control them. Take it away, and transactions conducted through this electronic wallet cannot be forged or altered. Both parties to the transaction are equally secure, and can be completed quickly no matter where the transaction partner is in the world.
However, there is another important point that must be clarified in order to truly understand why blockchain should be used, and that is the value of smart contracts.

9. What is a smart contract?

Before explaining the smart contract, let’s give an example. Michael and I bet on how much the US dollar will be against the Taiwan dollar at 12 o’clock today. My bet is less than or equal to 30.91, and Michael’s bet is greater than 30.91. We have three ways to complete it. Bet:
(1) Michael and I signed a contract for this. According to the contract, the losing party has to pay the winning party. However, if the losing party is unwilling to pay at that time, the winning party may have to spend time. It doesn’t seem worth the money to go to court just for a hundred dollars.
(2) Mike and I trust each other. If we are good friends, this may be a good way, but what if we are strangers? Various bets are commonly placed on the message boards of electronic forums, but in fact they cannot be cashed out.
(3) Find a neutral third party. We will each pay him 100 yuan first, but this neutral third party may pocket 200 yuan.

The above is a common situation. The two parties to the transaction are strangers and cannot trust each other. Smart contracts can realize the role of a neutral third party and will never take it for themselves. It is completely based on the program code specified in the contract. Execution, when the smart contract is established, one hundred yuan will be charged to both parties, and the exchange rate of the central bank will be automatically checked at 12 o'clock, and two hundred yuan will be remitted to the winner's account.
It can be seen that smart contracts are safe, fast, and cheap, and bets as small as 1 yuan and transactions as large as tens or hundreds of millions of yuan can be safely executed.
A smart contract is not just a program that can be executed automatically. It is a participant in itself. It can accept and store messages and valuables, and can also send messages and valuables. It is always executed according to the prior rules. operate.

9.1 Smart contracts full of unlimited imagination

The virtual currency system records transactions in the blockchainof decentralized data structures. Bitcoin, the ancestor of virtual currency, supports basic scripting language (Script) to automatically process transaction data. Ethereum further provides a Turing Complete programming language, which can rewrite all contracts in the world in a programmatic way, thus opening up people's unlimited imagination of smart contracts. Currently, there are hundreds of smart contracts in progress. Automatically executed on the Ethereum blockchain network.
Smart contracts are written in computer programming languages ​​and can be automatically executed in decentralized blockchain network nodes, responsible for processing and transferring digital assets with actual value. Ethereum provides a programming language called Solidity, which is specially used to write smart contracts, allowing developers to write smart contracts such as electronic voting, auctions, e-commerce, micro-payments, etc., or even develop a complete program code. of unmanned companies. In addition to the basic requirements for correct execution, how to implement smart contracts securely is the key to success or failure.

9.2 Program vulnerability worth US$50 million

In June 2016, The DAO was the world’s first unmanned company composed of smart contracts, and it was also the first unmanned company in history. The crowdfunding company with the highest amount of funds raised (about 150 million U.S. dollars). However, due to several security vulnerabilities in the smart contract source code, it was attacked by hackers just after it started operations, stealing approximately 50 million U.S. dollars. The virtual currency ETH. This incident became an opportunity to start smart contract security research, and many security experts have invested in the development of smart contract security tools. Compared with manual verification methods, formal verification (Formal Verification) can cover all test cases, and automated execution improves testing efficiency. Current research shows that The DAO's information security vulnerabilities can be correctly detected [2]. On the other hand, the Zeppelin programming framework (Framework) developed by smart contract experts provides a basic vulnerability-free smart contract library (Library), allowing developers to develop smart contracts without security vulnerabilities. Contract[3].

9.3 Developing smart contracts is super easy

You can develop smart contracts right away in just two simple steps. First, install MetaMask[10], which is a Chrome suite, so you need to Install Chrome first, then install MetaMask. After installation, a cute fox will run out in the upper right corner of Chrome, as shown in Figure 7. After opening an account, you can proceed to the next step.
Then use the Google Chrome browser to open the web version of the Solidity editor [11] provided by the Ethereum Foundation. This editor can compile the developed program code into bytecode that the EVM (Ethereum Virtual Machine) can understand. Use Sol hereThe first example in the idity development document [12] is used to demonstrate. As long as you follow the steps in Figure 8, you can easily deploy smart contracts to the blockchain for testing.

After pressing Create in Browser-solidity, the transaction message will be automatically sent through MetaMask. At this time, the confirmation window on the leftmost side of Figure 9 will pop up. Press Accept to create the transaction of this smart contract. Send it out, and then wait for the transaction to be completed after the block is received.

Back to Browser-solidity, you can see that the functions defined by the two more contracts can be used as shown in Figure 10. The constant function can be called directly without sending a transaction. Other functions will also send transactions through MetaMask. .

10. Heterogeneous blockchain interface

As blockchain technology attracts more and more attention, more digital currencies and blockchain platforms are constantly being developed. These new platform technologies, in addition to In addition to correcting and strengthening the shortcomings of early blockchain platforms (such as Bitcoin), especially in consortium chains, it is easier to develop blockchain platforms designed specifically for certain application service requirements. When various financial services, Internet of Things services, medical services and other resources are established on different blockchains, even the same type of services (such as financial services) are established on different blockchains due to different operators/organizations/regions/countries. , in order to avoid the obstacles and limitations to the development of innovative applications caused by the closed operation of each blockchain, connecting heterogeneous blockchains and operating collaboratively has become an important issue in the development of blockchain technology.
In the past, when talking about the interface of heterogeneous blockchains, most of them revolved around Bitcoin (this is because Bitcoin has experienced the longest market test, and even though it has some shortcomings and limitations, it is still the most popular one. Decentralized and fairest blockchain), sidechain (Sidechain) technologies such as the Element Chain developed by Blockstream and ConsenSys’ BTC Relay are all based on Bitcoin. Element Chain provides an interactive protocol that allows new chains (side chains) to be connected to the original chain (main chain) through two-way peg (Two-way Peg) technology, and allows digital currencies to be exchanged between the two. Transfer between Ethereum and Bitcoin without affecting the value and total amount of the currency; BTC Relay uses Ethereum’s smart contract to connect the Ethereum and Bitcoin blockchains in a secure and decentralized manner. , allowing Ethereum users to conduct transactions with Bitcoin.
In response to the demand for value exchange between different blockchains, Ripple, based on its understanding of the financial industry market, found that financial institutions tend to build their own blockchain environments to develop their own services, so they proposed the Internet Account This protocol (Interledger Protocol, ILP) hopes to achieve the free transfer of currency through a third-party "connector" or "validator". Under this mechanism, both partiesThe accounting system does not need to trust the "connector" because the encryption mechanism has been defined in the ILP, and management trust funds are created for the accounting systems on both sides, so that both parties to the transaction can directly convert funds when they reach a consensus on the funds. , which is quite similar to the way the existing financial system handles it. In addition to the above-mentioned common heterogeneous blockchain interface technologies, Polkadot, Bletchley, and Factom are also technical solutions designed based on different perspectives of role division/trust transfer.

11. Small-amount transactions and rewards

Before the blockchain, instant small-amount transactions were difficult to achieve, such as listening to a piece of music or reading an article for 0.1 yuan, just transferring money. The cost is countless times higher, so it often becomes necessary to store up points, such as three hundred yuan, but if you only listen to one song from beginning to end, the remaining points will most likely not be returned.
With the rise of blockchain, even things like rewards have become possible, and it has even become a trend among pioneers using blockchain. Rewarding refers to any reward of any amount, as small as just a small amount, when you want to not only like the author but also want to give actual encouragement after watching a certain creation such as an article, music, video, or live broadcast. With a number like 0.001 yuan, the blockchain can quickly complete the task.

12. Creation record

Proof of the creative process is the core key to copyright. Here are a few current practical applications:
Blockai - United States, this service uses image comparison technology to establish creation and The relationship between the copyright owners is recorded in the blockchain. Although it has no legal evidence effect, it can be used as strong evidence.

Verisart—USA, provides creative tools to further record the details of the creative process. In addition to the creative content, it can also include information such as the creation time and location. It can be combined with the blockchain through mobile devices. Provide services regardless of location and time [5].
Ascribe—Germany, can share and track creative transaction status, and provides services such as authenticity verification and distribution quantity control. The basic services are the same as Blockai[6].
Law4tw—Taiwan, uploads a single file through the web page, generates a file fingerprint and incorporates it into the blockchain, and declares the current existence status of the single file (paid service, single file $399) [7].

13. Summary of blockchain features

We have explained many features of blockchain above, which are summarized as follows:
(1) Data cannot be tampered with, so it is trustworthy
(2) It is essentially a distributed database and is difficult to be monopolized and controlled by a single entity
(3) Data is secure, transparent, and can be recorded permanently
(4) It can act as an impartial third party
(5) The blockchain is jointly maintained and recorded by participating members in a distributed database. Participating members can track and control the movement of valuables in real time.Transfer and transaction records
After understanding the nature of blockchain, it is not difficult to understand why it is hailed as the most influential invention since the advent of the Internet. In the near future, there may be a wave of financial revolution and change the ways we commonly use it. trading behavior, and even change the way the entire world operates.