8Q | Don't open the scene: Big coffee gathers DVP, big white hat and hacker

In September, Beijing was very cool and blue sky and white clouds. Invited by the DVP of the Decentralized Vulnerability Platform, the "8 Questions" (WeChat public: jiaxiaobie) column group made an interview with the opening ceremony in the Science and Technology Temple of Gongti North Road.

The theme of this discussion is “the role of decentralized security testing in the blockchain”. For the average audience, the word “blockchain” has already burned their brains, plus “ The words "decentralized" and "safety test" are even more difficult to understand. But this time we actually talked about this topic in a simple and simple way, and the scene was bursting with laughter (visible "8 questions" video version)!

In this issue, Daniel Wen, CEO of DVP platform, Wu Jiazhi, co-founder of PeckShield, Yu Xiaohang, head of blockchain security of Changting Technology, Xiang Dan, vice president of Bibox Exchange, and Yang Pengbo, CTO of public chain Contentos.

First issue cover

In order to comply with reading habits, the text version of "8 Questions" slightly adjusted the original dialogue.

Jia Xiaobe: Let us invite our guests to introduce themselves briefly.

Daniel Wen: "8 questions" (WeChat public: jiaxiaobie) friends, I am very happy to meet you here, my name is Daniel Wen, is the CEO of DVP decentralized vulnerability platform. DVP has a lot of news to bring to you today. The first is that Changting Technology joins the DVP platform. The second is that DVP and White Hat Club, Paidton, and Changting will jointly establish a vulnerability security information platform to provide more information to everyone. Security information. Third, we went online with Bibox, Bithumb global and Bithumb korea, which is a very milestone for the development of our project.

Yu Xiaohang: Hello everyone, I am Yu Xiaohang, the technical leader of the blockchain security in Changting Technology Zone. Our usual job is to dig a 0day vulnerability and then do some security research. Digging loopholes may cover exchanges, public chains, contracts, wallets, mining pools, mining machines. Recently we are working with the DVP platform to build a database of security incidents.

Xiang Dan: "8 questions" (WeChat public: jiaxiaobie) friends, Hello everyone, I am from Dan, from Bibox, Bibox is a digital asset exchange that has been running smoothly and safely for two years, just recently launched DVP. This project, we have always been adhering to the purpose of selecting high-quality digital assets and providing better services to more users.

Wu Jiazhi: "8 questions" (WeChat public: jiaxiaobie) friends, how are you doing today? I am Wu Jiazhi and I am currently the Vice President of Research and Development at PeckShield. What we are mainly doing now is to provide security services to enterprise project parties in each blockchain, mainly to do security auditing business, including code and data analysis. I am very happy to be able to participate in the interview today. DVP is actually like my child. I am the person in charge of the previous DVP. The DVP main online line is my birthday.

Yang Pengbo: Hello everyone, Yang Pengbo, is currently the technical leader of Contentos. Contentos is a public-chain project focused on the content of blockchain content. There are live, short videos, pictures and text-related content in the platform. On September 25th, the main online line will officially open the online mining mode. You can make some creations in our main network. You can get the main network incentives by sending live broadcasts and short videos.

Jia Xiaobe: The first question, I want to know what we are talking about when we are safe in the blockchain.

Yang Pengbo: For the public chain project, the most important issue of blockchain security is actually the Token that the project side and the user are more concerned about, that is, will Token be lost somehow, such as being stolen by others, this It is from the perspective of use.

From the point of view of public chain technology, blockchain security is likely to be the first dimension is whether the design of the consensus agreement is safe, followed by whether the model of your public chain economic system has defects, and the third is your code will There are no serious vulnerabilities that can cause the entire system to crash. This is what I understand.

Wu Jiazhi: I am talking about a simpler point. The security of the blockchain is actually a question related to digital assets. Whether digital assets are safe or not will be lost. If we understand a deeper level of understanding, it is actually a security issue related to digital assets, including double-flowering, including the issue of additional issuance and loss. This is the blockchain security that I know.

Daniel Wen: From the perspective of our DVP platform, it may be a bit more macro. Everyone can think that security is a point in time, the state of a project. From our perspective, security is not a certain point in time, it is a continuous process. How to maintain the process in a safe state requires a more complete system. You must have a strong security team built on your own. Second, you have to use some external security team like PitchShield to help you and make up some aspects. The third must-have is community power. A white hat community like DVP, he will cover the front ground points, things that are impossible to cover completely, so that there will be a three-dimensional, secure architecture. Keep you in a safe state.

Xiang Dan: For the trading platform, security is like air, we usually can't feel it, but we don't need it all the time. Bibox has always regarded security as more important than life. Our own daily processes and some actions in the technical supervision process are actually more of a series of details in our daily work life. It is not only in the underlying architecture, but also in cooperation with industry-leading security agencies and organizations.

Yu Xiaohang: When I think about the security of the blockchain, it may be a bit more complicated. Security objectively speaking, it should have two levels, one is theoretical security and the other is practice security. When many people say that the blockchain is known for its security, it is actually talking about its theoretical security, including the security mentioned in the impossible triangle. In fact, it is also the theoretical level of security. But even if the theoretical level of security is done well, at the practical level, if there are some loopholes, such as memory failures due to negligence of some language features, or other logical and algorithmic loopholes, this will be practice security. And the two shortcomings in the theoretical safety, no matter which one of the two boards has a problem, will reduce the overall safety of the entire project to a very low level.

WechatIMG605

Jia Xiaobe: There were 138 major security incidents in the blockchain in 2018, resulting in economic losses of 2.238 billion US dollars, 68 in 2019, and losses of more than 600 million US dollars. Has there been any statistics on your side, and what major blockchain security incidents have occurred?

Daniel Wen: The blockchain security incident may occur at several levels. The first is at the bottom, the consensus protocol layer, and even the physical layer. Gradually going up, it is at the protocol level, such as the contract layer. Going up, it may be that trading platforms such as exchanges or wallets are more biased. Then there is the question of how the user himself handles security issues and how to do security precautions.

The most typical example at the bottom is bitcoin. Bitcoin suffers from a lot of attacks, but not much is really successful. In 2017, there was a service attack that caused 10% of the nodes to have a lower limit. But the bottom layer actually has relatively few security incidents. The contract layer may seem a little more. The most typical example that everyone can remember is the US chain, BEC project. In fact, my understanding is that there is a code that should be bulk transfer, which causes an event that can be sent to the bank without limit. This is basically the end of the project. The amount of the loss is probably In the case of about ten billion dollars, a rough estimate.

If we look at the platform, this security incident may attract more attention. The latest impression of everyone is that the coin loses 7,000 bitcoins. In fact, there were many security incidents in 2018. For example, there were also fire coins. Because of this attack, although there was no direct economic loss, there were three hours to stop trading. Going forward to look at the potentially larger exchanges, Japan’s Coincheck, which suffered a hacking attack, was 5.3 billion yuan, which is still very shocking. The loss of the first door that we can remember at the time was about 473 million, which is even bigger.

So if you look at this security situation, the bottom-level problem is actually relatively small. The more you go up, the more likely it is to have this problem. I think the biggest reason is to go up. It is a comprehensive thing, it is not a simple blockchain thing, it may involve external security, may involve infrastructure security, etc. This requires your own security team, and The architecture of your entire security system can cover a much wider range.

Jia Xiaobe: Changting Technology is doing Internet security, not limited to blockchain. What are the similarities and differences between the security of the blockchain industry and the information security of the Internet?

Yu Xiaohang: Blockchain security has many similarities with traditional security, and there are many different places.

Just now, Wen also mentioned that many things in the blockchain field are based on some traditional technology stations. For example, like a centralized exchange, it needs to rely on a centralized external server, including some mobiles. End wallet. In our solution to blockchain security, we will also make a two-dimensional split for blockchain security events. That is, we divide it into application scenarios unique to the blockchain, and the traditional technology station in both directions.

After the division, we have some application scenarios unique to the blockchain domain, such as exchanges, wallets, mining pools, etc., which are considered in a special and specific customer case, and are broken down into A blockchain, which has application scenarios and the technical carriers it relies on. In fact, we can easily put some of our experience in the field of traditional Internet security for many years and quickly transform it into the aspect of block security.

Of course, blockchain security also has its own uniqueness, because there are a lot of data in the blockchain system that cannot be modified. It means that many transactions are irreversible after they are sent out, which means many security events. Once this happens, it is difficult for the entire community to roll back the entire chain to roll back the entire transaction, roll back the data to recover the loss, so the blockchain industry will have a greater need for security.

From a macro point of view, the blockchain industry started relatively late and developed very fast. It received a particularly high social attention and a particularly high amount of resources. Therefore, it is particularly high for hackers. In fact, it will be easier to become the cash machine of this hacker.

It is growing too fast, but the security level of the overall blockchain industry does not have a very reliable, fast-improving solution, or we have not yet established a set of standards for a very complete blockchain security, a set of services. Process. Therefore, the difference between the two will make the blockchain ecology more demanding for security.

WechatIMG607

Jia Xiaobe: When the manufacturer is facing some security problems on his own project, what is the solution step? Will you find foreign aid? Where can I find foreign aid? This question is answered from our Contentos and bibox.

Yang Pengbo: If you encounter security problems in general, you must first look at whether you can solve them. Under normal circumstances, 70% or 80% can be solved by themselves. The rest are really things that we can't do. At present, we have some relatively close partners. They have their own professional security team, and they will help us to see some security issues.

Xiang Dan: First of all, our exchange may not be the same. We have artificial intelligence algorithms in it. It will monitor the data during the transaction process and during the access process. Once an abnormal situation is found, it will promptly alert, then Our professional security personnel will intervene and will solve the security problems that are junior or less complicated.

On the other hand, in the industry, we also cooperate with some of the top senior security teams, security companies, and even some security engineers like the Internet like Ali and Baidu, as well as the White Hat Association. Some associations and organizations work together. They will help us find a lot of loopholes. Once we find out, we will fix them in time. Therefore, in the case of a third-party evaluation agency in foreign countries, our vulnerability reward is the highest among all the exchanges in the world, and we have put our safety factor in the highest position through a test in many aspects.

Jia Xiaobe: Use their own hacking techniques to maintain the network. They are fair and just hackers. Then we will call it a white hat. White Hat found a system bug and raised a bug for the project to fix it. Will the project party or the exchange consider this as a kind of blackmail, has this happened?

Daniel Wen: Let me first tell the story of the white hat. I have specially verified that the term white hat came from the United States. It should be around 1965. The word white hat was first used. The white hat refers to Refers to the law-abiding cowboys in the American West. The bad cowboys generally don't wear white hats. Generally, good cowboys wear white hats. So the word evolved into a white hat that is synonymous with good or good.

The term hacker was originally a derogatory term. It was a person who spoke some techniques that were particularly good and had ideals to make up for system vulnerabilities. Of course, it is also used by people with bad intentions as a means of vitality, and the meaning of the word is expanded.

In some projects, he will use some of the requirements of the white hat as a means of extortion. This is also the case, but this is not the case. Many times it is more between the white hat's group and the project side. Everyone does not fully understand one of the two parties' demands, and some errors in communication lead to it. Because from the perspective of white hat, I am doing a good thing. I have to do this thing at a cost. I feel that when I have more time, my efforts have a certain return. It is for me. The effort to endorse this.

In fact, I have read a statistic. This group of white hats is actually quite special. The first 80% of white hats are actually under 35 years old, indicating that this group is very very young and may still be at school. Some people. The second feature is about eighty-nine percent of white hats, which are self-taught, and the ratio is very high. From these two characteristics, their actual demands, the first economic incentive is definitely a factor. But in fact, I look at the statistics of more than forty percent of white hats. In fact, its main appeal is to improve skills. The second is to do some work for my future career in the security industry.

Jia Xiaobe: This question needs a white hat representative to answer, is there a truss between the white hat and the manufacturer?

Wu Jiazhi: I am always dealing with these things. In fact, I just agree with the point that Wen has just said. It is a question that both sides recognize. If we want to communicate well, it is said that the white hat and the project side can understand what the harm of this loophole is. In the end, how much time does the white hat cost? How much cost, to do this thing, to show you how to fix this problem, the two sides' perceptions are different, often saying that the white hat thinks that he is definitely a high-risk, particularly serious loophole, the project party may think, can not directly Cause damage, can not be used, the theoretical attack mode.

They may not necessarily agree, so I think that in this case, it is really necessary to have a platform like DVP. Because they are safe professional people, we will directly write out the rules in black and white, and what kind of attack It is serious, what is Zhongwei, what is low-dimensional, and what is not a loophole. As long as it is clear, both parties assume that technical people can actually communicate with each other and understand.

Jia Xiaobe: What about the exchange? Is there a situation with a white hat truss?

Xiang Dan: Frankly speaking, it is a question of trust. Just like Wen Zong and Wu Zong, it is actually an error in communication. It is also a bias in understanding cognition, which leads to these disputes or misunderstandings. But from our perspective, we are very awe-inspiring and respectful of the organization of the White Hat Association and the power they contribute. Because it is a symbol of justice, because our global exchanges are basically facing the threat of the world's top hackers. Their power is also very strong, and the benefits they want to acquire are also very large, so the potential threats and losses to our losses will be very large. What we have to do is to be able to work more with the White Hat Association of Justice Symbol.

The ideas they came up with, or the loopholes they raised, could have been attacked directly. They didn’t need to tell us that they might bring more benefits, but he told us that the reward he got was definitely To be less profitable than his direct attack, why should they do this? We think that they are valued by their own values ​​and their own feathers. If this trust is not there, then the order of the whole world is also chaotic, and there are white hat associations, some safe associations, some organizational structures, and he will have an industry or association’s own self-discipline. Inside, otherwise he will not join the association, and there is no need to say that he will be able to black out the exchange at home.

Jia Xiaobe: Just about the issue of trust, let our project party talk about it.

Yang Pengbo: First of all, if we come to report bugs or report loopholes, we will definitely not think that you are extortionate. This is certain. Because, as Mr. Wu said just now, there are actually many project parties. He may be a security officer. In fact, his technical level is not so high, but our team is actually not the same. Like me, my first job is to do virus analysis and engage in client security. Later, I did the anti-virus engine for about two or three years, including our CEO. He also worked on this anti-virus software for ten years. We also have a very core architect, who also worked on Jiangbin for nearly a decade. So in fact, our team's awareness of safety, as well as the level of safety technology, is still relatively high. Because this matter is communication and understanding in itself, the problem is not very big in us.

As long as we talk about this term, the two sides have already recognized the extent of this. But if you want to talk to someone who is less likely to have less contact with security, tell him about an RC. You also have to explain from the beginning how I implant the code, how to execute it remotely, and there is a lot to talk about in the front, which is the problem of communication cognition.

Still look at what kind of manufacturers are facing, and what it might be like the people we docked with. Because it is indeed like Wu Zong, there are many colleagues who usually report that various kinds of loopholes in the blockchain and traditional aspects are often said to be a low-risk, or else you say that you are with others. I bumped into the hole, but the private chat found that it was not a hole at all, it was completely two holes. This situation may indeed be different from the industry, because like in the blockchain industry, everyone will pay more attention to safety, so the people we connect with in the blockchain industry may often compare with the traditional industry. I will pay more attention to this matter.

And I think that Wu has just said very well, that is, it really needs a platform like DVP. It can rate some security holes. For my liberal arts student, I don’t even know what Mr. Wu said just now, but I will believe in a third-party objective rating. This security loop is indeed a very high coefficient. Then we really need to spend a lot of money. The energy, financial resources and material resources to solve this problem. I think this is valuable and meaningful, and it is true for the entire industry.

WechatIMG601

Jia Xiaobe: Please chat with Wen. Before the reward of the decentralized vulnerability platform, how does the white hat of our blockchain industry work?

Daniel Wen: First, the more traditional form of organization is definitely dependent on its own security team. Second, a new model, a centralized platform. Like the US HackerOne, the reward platform like BugCrowd is relatively central. This model is more and more accepted abroad. The third is the decentralized platform, which has a greater advantage than the traditional model, but it is not to replace the first two modes, but to form a more complete system, covering a larger scope.

Security issues, even if 99.99% are doing very well, only a little bit left, can be a deadly place. From a cost-benefit point of view, it is very costly to rely on your own team to test and see all the time. There is also a different perspective between the team and the community white hat to see the problem, their team is often from the perspective of defense. The white hat's thinking is more to find your weaknesses from the angle of the attacker, and the coverage is very wide.

Jia Xiaobe: The slogan of the DVP platform is "the loophole is mining", which sounds like a disaster. In fact, it is more appropriate to call "filling holes and mines". In fact, there are some barriers to blockchain technology. The number of white hats is actually not so much, that is, there are very few people involved. Is it a bit high and widowed?

Daniel Wen: The blockchain industry is relatively early, and there are fewer industry players who specialize in blockchain security. The second white hat group may be bigger than we think, and Hacker One has 450,000 registered white hats. From the point of view of the bonus, we still use the traditional platform to give examples. Then, as of August of this year, there are six hackers who have won more than 1 million US dollars in bonuses. This is still a lot of things. It’s all about eating by the ability, right? This is the most fair system, that is, I have this technology, I can find a high-risk loophole, then I can become a millionaire.

From the perspective of the DVP platform, the bonuses that we have actually sent out in the past year, including our own tokens, add up to millions of RMB, which is not too small. Of course, from our point of view, we will continue to modify this community rule according to the development of this platform, to improve the bonus of this quality of higher quality.

Jia Xiaobe: I saw that the rewards for some loopholes on the DVP platform were not high, and the high-risk was more than a thousand yuan. Is this price higher or lower than the market price?

Daniel Wen: The amount of the reward you see is entirely determined by the project owner. The amount of the reward is not high, I think it reflects the importance of the project side to safety. Of course, using this method as a part of your own security architecture is still a relatively new thing in this industry. Everyone has a psychological adaptation process because he does not know whether the effect is what the project expects. I think it is also very normal.

In terms of our own standards, our high risk is actually quite high. Calculated according to the current price, our serious loopholes are basically around $6,000, which is the same as the entire market. The other grades are definitely higher than we are now, so I want to appeal to the project side and pay attention to the safe project side to increase the reward amount.

Raising the reward is not a problem for the project party. If one of your vulnerabilities will cause a loss of 1 billion, but you set a reward of a few hundred dollars, the loophole can be solved. A measure will reveal that the reward is a very, very worthwhile thing.

WechatIMG606

Jia Xiaobe: Why do white hats want to be anonymous? If you are not anonymous, what will you expose if you use your true identity? What will happen?

Wu Jiazhi: There are two factions in the White Hat group. One group uses real names. For example, I am a security researcher who uses real names.

There is another fact that it is obvious that he uses ID, and that ID is not normally used. For example, the hacker group especially likes to replace the English alphabet with numbers. ABCD A will write 4, ABCDE E will write 3, the white hat circle is a culture that uses an ID instead of himself and he does not expose the true identity.

In addition, white hats pay more attention to safety and pay more attention to digital traces. Let me give you an example. I almost don't send a circle of friends. I don't like Facebook. I sometimes like Twitter a bit, but I will try to avoid knowing where I might be at this time, or if I am interested in any topic. Why should we avoid this digital trace? Because you are unaware of your account password. The ID you will use will be unintentionally related to your digital traces. If you expose your birthday, or your daughter’s birthday, he may not spell your password directly with the birthday date, but he You can use some of the logic of the calculation to calculate your password. So try to erase the digital traces is definitely a thing that security program personnel will try to do. Therefore, many hackers do not like to take pictures, like I am the one that rarely takes pictures. Today, "8 Questions" (WeChat public: jiaxiaobie) is exposed.

So I think two levels, the culture of the first hacker is like this, they are used to ID. The second is that they want to erase their own digital traces. Perhaps the third point is that he actually has a certain job now. He uses his spare time to improve his skills to do these things, so he wants to be anonymous.

Yu Xiaohang: It is true that there will be some security considerations. In fact, I think this incident is a white hat hacker or a black hat hacker who pays great attention to his reputation. It is a bit like a US drama called "The Hacking Legion" (English "Mr. Robot"). In "Mr. Robot", I hanged the world's largest banking system, deleted all his backups, and emptied all of its data. The world was in a messy carnival. I know that this ID is doing. Everything I do is associated with my ID, but this ID is not in contact with my real person. In that case, I walked down the street and felt the boiling of the world. Everyone knows that this ID is done, but everyone does not know that this person is me. This feeling is a very cool and wonderful special satisfaction. Feeling, there is a little sense of accomplishment.

We may use our ID to do a blog, and we will operate this blog ourselves. When we operate this server, we will pay special attention to it. We will not take any information of ourselves, such as those related to the company or Some personal information is placed on it. Because once that server is compromised, a lot of our information will be connected in series. If someone tries to attack our personal information, if it is for an account of a certain website, as long as you do not use some very basic password, it is often difficult to crack his password. However, if the person's horizontal and horizontal information is spliced ​​together across all the websites, it can significantly reduce the difficulty of the attack. Because you can use some small security holes between various websites in a horizontal direction, after comparing all the information horizontally, you may be able to recover some of your personal passwords or some other information. It is equivalent to a more accurate portrait. After you are positioned as a person, if you are interested in doing some attacks, it will be easier. Even if it is not an attack, in fact, our personal information is exposed, it is very uncomfortable, for example, it will feel as if it is being monitored.

So on the one hand, it is for a sense of satisfaction, on the other hand, it is indeed the need for such anonymity.

Yang Pengbo: I think this is a personal preference. Generally speaking, because it really exists such a culture. Everyone feels that they are low-key and that low-key will make them look a bit more aggressive.

Jia Xiaobe: Then ask our project side, do you have a trust in an anonymous white hat that is lower than a white hat that is not anonymous?

Xiang Dan: Frankly speaking, there is still some embarrassment. But just listening to a few sharing, I feel that I understand their original intentions and ideas. If it is a hacker, he may have a pleasure in doing bad things without leaving a name, but if he is a white hat, he is a kind of Lei Feng spirit and a sense of satisfaction.

At the same time, we actually don't care if he stays in the name. He cares if the loopholes he provides are really dangerous, or can really make a big difference to us. At the same time, I still have to solve it. I think this thing is more meaningful. And this person, in fact, whether it is a name or a real identity, ID, it is actually a code, a symbol.

However, people do have such a mentality. When they are face to face, they will feel more practical. Because they know what the other party is, there are some comprehensive qualities that can be reflected. On the Internet, in an unnamed environment, can we believe him? This is based on blockchain technology, like Satoshi Satoshi is also a very powerful hacker. Until now we don't know his identity. We still use the logic and the algorithm that he provided. We also And get more benefits. I don't think it's because he doesn't leave a name, but because he does things.

Wu Jiazhi: I think the point she just talked about is particularly good. In fact, we are talking about why we should use the blockchain to do this thing? We actually want to be a community, not a simple blockchain project, and there are many things in the technology chain of the blockchain that can help us achieve this.

Similar to a network like Bitcoin, you may never know who the other party is, but you will still call your bitcoin. Will trust this system, trust this set of rules, this set of technical guarantees that this rule can be carried out without the transfer of someone's will. Therefore, on a platform such as DVP, our efforts are also to be done in this direction, that is, its rules are transparent, and everyone recognizes that it cannot be transferred by the will of an individual. Including the manufacturer's white hat, in fact, is not trusting a certain white hat trust, but it does not trust the trust of this group, so why should we gradually establish a white hat's reputation system, in fact, it is difficult for a group to say It is possible to judge whether a white hat is a real white hat, or whether it is actually a hacker or it will be occupied on both sides.

But what you can do is to look at its behavior on the platform of the system here. It finds loopholes, commits a lot, and contributes a lot. Its tendency is obvious.

It has to be handed over through this platform to get the rewards it deserves, or to achieve fame. For example, we have the first place in the list to be the last hackathon, and he may also be a sense of satisfaction, a respectful satisfaction in this group. So I feel that building a system, everyone can trust, establish a set of rules, everyone can trust, rather than focusing on his real name, I can believe this person, I think it is necessary to build such a platform to take this Things to do.

Jia Xiaobe: Our project representative, Mr. Yang, can talk about it again. Do you have any relationship with the trust of white hats or anonymous?

Yang Pengbo: First of all, as a project party, we definitely hope that he is not anonymous. The first one is definitely human curiosity. You go home at night and then find a stick on the door – "Your lock is broken." Your first reaction must be that I rely on who did this. Did he enter my home, what should this person do? You must be out of this sense of security and this curious need, you must know who he is. Secondly, if he really does not do bad things, we can also establish a good long-term relationship. For example, if I want the TV to be broken, you can repair it again.

WechatIMG608

Jia Xiaobe: In addition to pursuing material, the white hat of justice is still pursuing what?

Wu Jiazhi: It is to prove yourself, to get the public, or at least the project side.

Yu Xiaohang: I don't usually mention any connection with this ID, such as when I apply for a job or what kind of project, I will tell you or it is very low-key to say this is my ID.

Jia Xiaobe: You have to prove the relationship between ID and you.

Yu Xiaohang: A private key is fine. In general, there are still very few cases where proof of requirements is met, and no one will take the lead in identifying IDs. When you say what my ID is, someone will say that I have read your article, that one is very well written, and there is a question just to ask… This is very embarrassing, wear it. It’s still dangerous to take the lead, especially the ID of the big cow.

Xiang Dan: So many people are taking advantage of Nakamoto.

Wu Jiazhi: But the fact that Nakamoto is a hacker or a security circle has some differences. Nakamoto is also a very mysterious thing. What kind of identity can you use to disappear in the world? It is a very bad thing to disappear.

To disappear a digital trace or an ID, EMAIL or something, he has submitted the code, there may be any IP records, this kind of thing CIFBA must be able to check, maybe they are found, or this person is particularly powerful I really can't check it out, or in fact they themselves are Nakamoto.

Yu Xiaohang: Speaking of the topic of Nakamoto, now that Bitcoin is not known to everyone, it is a model of complete decentralization. If one day, Google said that Bitcoin is actually what we are doing, it is issued by us, and the core team is our operation and maintenance. If this project appeared in the early days, there is a fixed company, a fixed team, and a fixed identity for this project. Will Bitcoin's promotion method and distribution method be as smooth as it is now? Or is Bitcoin's distribution method going to encounter resistance from various national governments like Lieber? So in fact, I think that this incident of Nakamoto's anonymity is actually very comfortable, especially powerful, and it is a special wisdom model for the blockchain industry.