Yao Qian: Dealing with Fintech with Supervision Technology is the Response of Blockchain Governance

Text: Yao Qian, Technology Supervision Bureau, China Securities Regulatory Commission

Source: Tsinghua Financial Review

Editor's Note: The original title was "Yao Qian: High-quality Development of Blockchain and Data Governance"

How to develop a good blockchain is a key proposition that must be answered urgently. This article believes that it is a pragmatic strategy to start with data storage and sharing. Considering that the technological frontier is in the public chain, we should support the research of the public chain. In order to prevent risks, the public chain must be transformed. Based on the actual environment, the alliance chain may be a better choice for application landing. The application and innovative development of domestic cryptographic algorithms should be strengthened to ensure the security and controllability of China's blockchain. At present, the most important thing is that we should promote the high-quality development of the blockchain. To this end, we need to strengthen on-chain and off-chain data governance (Data Governance) and establish an effective blockchain digital governance system.

General Secretary Xi Jinping's speech in the eighteenth collective study of the Political Bureau of the CPC Central Committee is rich in content and profound in thought. He keenly grasped the frontier hotspots of the development of modern information technology, stressed the need to accelerate the development of blockchain technology and industrial innovation, and proposed a blueprint for the development of China's blockchain technology, guiding us in the direction. At the same time, he also required an objective and dialectical look at the "double-edged sword" effect of innovative technologies, emphasizing the need to strengthen guidance and regulation of blockchain technology, strengthen risk research and analysis, strengthen industry self-discipline, implement security responsibilities, govern the chain according to law, and promote Blockchain secure and orderly development.

It should be said that there is no dispute about whether to develop a blockchain. How to develop is a key proposition that needs to be answered urgently at present. This article believes that it is a pragmatic strategy to start with data storage and sharing. Considering that the frontier of technology is in the public chain, we should support the research of the public chain. Based on the actual environment, the alliance chain may be a better choice for application landing. Cryptography is an important cornerstone of blockchain technology. The application and innovation of domestic cryptographic algorithms should be strengthened to ensure the security and controllability of China's blockchain. At present, the most important thing is that we should promote the high-quality development of the blockchain. To this end, we need to strengthen on-chain and off-chain data governance (Data Governance) and establish an effective blockchain digital governance system.

Starting with data storage and sharing, and gradually moving towards the value network, it is a pragmatic landing strategy

From the current stage of technology maturity, there is still a performance dispute over the value transfer of blockchain, but it is a peer-to-peer data sharing network, so there are fewer differences in its applicability in data storage and sharing. . In the important speech of the General Secretary, promoting data sharing is one of the five major blockchain functions he pointed out, and it is also the key application direction of blockchain that he emphasized. Utilizing the credible advantages of blockchain data, the establishment of an innovative model of data storage and sharing can realize the cross-department and cross-regional maintenance and utilization of government data, and promote greater scale in urban areas in terms of information, funds, talents, integrity, etc. Interconnections ensure the orderly and efficient flow of production factors in the region and improve the level of intelligence and precision in urban management.

However, the blockchain technology itself requires high data redundancy, which objectively increases the computing and storage overhead. In addition, the characteristics of blockchain technology in terms of data transparency must be combined with secure multi-party computing, homomorphic encryption, zero-knowledge proof, etc. The privacy protection technology can be widely applied on the premise that all parties are autonomous and controllable, and the efficiency of the privacy protection technology itself is still improving.

Therefore, the current more reasonable implementation method is the Hash fingerprint storage and information disclosure of the shared data on the chain. The real data is based on the three principles of "data does not go out, data does not land, and data is invisible." Shared use as authorized. In the future, with the advancement of infrastructure and security technology, the system and protected real data will be migrated to the blockchain in a planned manner, and then developed into a value network.

Technology research in the public chain, scenario applications in the alliance chain

From private chain to alliance chain and public chain, the level of community trust gradually decreases, and the corresponding technical problems (such as consensus mechanism, performance issues, privacy protection, etc.) gradually increase. Private chains are similar to traditional information systems. Alliance chains are interconnected between trusted institutions. They are between decentralization and centralization. Depending on the requirements of the business scenario, POS or POW may not be the only option. PBFT, etc. may be used. The traditional consensus mechanism can also adopt a hybrid consensus mechanism that combines multiple consensus protocols. Libra is the alliance chain. The public chain has the lowest mutual trust, and the highest level of technology required for security and performance challenges under high openness and fault tolerance. The cutting-edge technological breakthroughs of public chains will provide new solutions to the existing technical problems of alliance chains and private chains. Therefore, as far as academics are concerned, the key point of the technological innovation of the blockchain is more on the public chain. Supporting the research of public chain and promoting the application of alliance chain is the due meaning of China's blockchain development strategy.

Tackling financial technology with regulatory technology is the response to blockchain governance

It can be said that the decentralization of the blockchain has brought new propositions and challenges to financial supervision. There is a compliance risk in the fully open and free public chain. If it carries financial technology applications, it must be improved. The answer might be to use regulatory technology to deal with fintech. The alliance chain is a permission chain, which can carry out cross-agency applications and provide services for industry self-regulation and supervision. In view of this, without prejudice to the technical advantages of the blockchain, consider adding a monitoring node on the public chain to ensure the legal compliance of the public chain, or adopt a multi-chain strategy, that is, using the "two of the alliance chain + public chain "Meta model", the alliance chain is registered with relevant regulatory authorities to carry out on-chain supervision, while decentralized applications use public chains to carry out decentralized commercial activities. If necessary, regulators can also penetrate the alliance chain to the public chain to control the overall situation. Based on the actual requirements of legal compliance, the alliance chain may be a better choice for application landing.

The application and innovative development of domestic cryptographic algorithms are the foundation of China's blockchain security and control

In essence, the blockchain is a distributed shared storage and computing system based on the principles of cryptography. Its sublation of centralized institutions and its reliance on cryptography technology marks a transfer of control in a new paradigm. From this perspective, the application and innovative development of domestic cryptographic algorithms are of great significance. For the application of blockchain in key areas, cryptographic technology must meet national cryptographic standards.

At present, China ’s self-developed national commercial cryptographic algorithms announced by the National Cryptography Bureau include SSF33, SM1 (SCB2), SM2, SM3, SM4, SM7, SM9, and Zuchong's cryptographic algorithms (ZUC). Among them, SSF33, SM1, SM4, SM7, and ZUC are symmetric algorithms; SM2 and SM9 are asymmetric algorithms; and SM3 is a hash algorithm. The national secret algorithm has advantages, but it also needs improvement. Taking SM2 as an example, compared with the traditional elliptic curve signature algorithm ECDSA, the core steps of signature and signature verification are similar. The SM2 signature verification algorithm adds more error detection functions, which improves the data integrity of the signature verification system, System reliability and security; compared with the widely used RSA digital signature algorithm, SM2 requires fewer key bits under the same security strength, and the key pair generation speed and signature speed are better than the RSA digital signature algorithm. However, SM2 also has its disadvantages. For example, the speed of signing inspections is obviously inferior to RSA and needs to be improved.

At present, the national secret algorithm has not covered homomorphic encryption, zero-knowledge proof, multi-party secure computing, etc. It is urgent to expand the corresponding national secret algorithm library and achieve standardization. As China ’s blockchain applications go abroad, national secret algorithms should also go global and become international standards. All these put forward higher requirements for China's national secret algorithm.

Although the application of the blockchain is decentralized, the cryptographic standard system of the blockchain is formulated by specific institutions. In a sense, whoever masters the cryptographic standard system will have the say in the development of the blockchain.

Strengthening on-chain and off-chain data governance is the key to promoting high-quality development of the blockchain at this stage

As mentioned above, data interconnection should be the key application direction of the current blockchain technology, and the alliance chain may be its main form. However, we should promote the high-quality development of the blockchain, and be alert to the disorderly and low-quality development of “big cadres and special enthusiasm”. It needs to be emphasized that the data on the blockchain should be publicly available and unmodifiable data with high value. This is its characteristics, but also its advantages and qualities. If the valueless and freely changeable data is unnecessarily uploaded to the chain, it is actually an abuse of blockchain technology, and an application that meets the actual business requirements cannot be constructed. To this end, we need to establish an effective blockchain data governance system to ensure the quality and quality of blockchain applications.

In general terms, data governance refers to all business, technical and management activities carried out to improve the quality of data, including organizational structure, policies and systems, technical tools, data standards, process specifications, supervision and assessment. The Data Management Knowledge System Guide (DMBOK) of the International Data Management Association (DAMA) defines the data governance framework as data control, data architecture management, data development, data operation management, data security management, data quality management, reference data and 10 aspects including master data management, data warehouse and business intelligence management, file and content management, metadata management, etc. According to the characteristics of blockchain technology, we may start from the following aspects to build a blockchain data governance system:

First, strengthen the evaluation and supervision of off-chain data governance to prevent short-board effects

Blockchain technology can solve the problem of trust on the chain and ensure the authenticity, accuracy and consistency of the data on the chain. However, for the data off-chain, the blockchain is “unreachable” and cannot guarantee its quality. If the source data off-chain is "contaminated", the data circulating on the blockchain will become "garbage", which is also called "Garbage in, Garbage out". Therefore, high-quality off-chain data is a prerequisite for high-quality blockchain. To achieve this premise, you need to rely on the off-chain data governance of each node. Although it seems that the off-chain data governance of each node is their own business, the lack of data governance of a node often limits the overall quality and value of the blockchain and forms a short-term effect. Therefore, each node should adopt effective technical tools, management methods and organizational systems to identify, measure, monitor, and warn about quality problems that may exist during the planning, acquisition, storage, sharing, maintenance, application, and death of the entire life cycle. And improvements.

In order to avoid the short-term effect, consider setting up a joint working group of the alliance chain to evaluate the maturity of the data governance of each node off-chain, and urge all parties to improve the data quality of the on-chain, and if necessary, set an entry threshold for the maturity of data governance. Currently, there are more mature data governance evaluation models available, such as IBM's data governance maturity assessment model, CMMI's data capability maturity model (DMM), EDM's data capability maturity model (DCAM), and DataFlux data. Governance Maturity Model, Oracle MDM Master Data Management Maturity Model, MD3M Master Data Management Capability Maturity Model, and the Data Management Capability Maturity Evaluation Model, which was launched in 2014 by the Information Technology Standardization Technical Committee of China ( Data Capability Maturity Model (DCMM) national standard.

Second, carry out on-chain data governance with reference to master data management theory

In the data governance framework, master data management is the core. The so-called master data refers to data that describes the core business entities of the organization and is widely used and shared inside and outside the organization. It is the core asset of the organization and has high value and sensitivity. Establishing a unified master data standard can realize the interoperability and sharing of the original business systems in the shaft at the master data level, ensuring the global consistency and accuracy of the master data. In fact, blockchain technology can also be considered as an integrated technology or architecture of master data across nodes. Therefore, we can refer to the master data management theory to carry out on-chain data governance.

The first is clear business needs. Not all data needs to be chained. Only high-value data that needs to be shared by multiple parties, or only the master data, needs to be chained. In the early days, only the Hash fingerprint of the master data was stored on the chain.

The second is clear master data rules and standards. The parties to the alliance chain should agree in advance on the standards and rules: Is the on-chain data of each node unified in the off-chain standard or their own specifications, and only when the data is extracted through the data extraction engine (such as ETL, ESB), will it be different? The structured data is transformed into a standard data set in a unified format on the chain. If it is the former, then all parties should jointly formulate off-chain data standards, that is, unified data definition, classification, record format and encoding, as well as classification specifications, encoding structure, data model, and attribute description. In the latter case, each node performs a series of processing on the data to be chained through the data extraction engine before the data is chained to form a standard unified master data, and then the data is stored according to the data operation specifications on the chain. Card and information disclosure.

The third is a unified on-chain metadata standard. In order for the data on the multi-source chain to be accurately understood and used by the participating nodes of the blockchain, it is necessary to define metadata for each data element in advance, eliminate the ambiguity of the data, reduce the cost of data integration, and let all parties Able to interpret and verify on-chain and off-chain data on a unified logical framework.

Fourth, appropriate intervention mechanisms. The EU's General Data Protection Regulation (GDPR) stipulates that data subjects have the right to informed consent, access, denial, portability, right to delete (forgotten right), right to correction, continuous control, etc. Rights. Among them, the right to delete (the right to be forgotten) is the right of the data subject to require the data controller to immediately delete the personal data and its copies, backups and any links related to it. The right of correction refers to the right of the data subject to ask the data controller to correct and improve the personal data related to it. From this perspective, the difficulty of tampering with the blockchain conflicts with the rights of the two data subjects mentioned above. Therefore, it is necessary to establish an appropriate intervention mechanism on the alliance chain to meet legal data subject rights protection requirements and other compliance requirements, and this is also the proper meaning of ensuring a good network ecology.

The fifth is a scientific management system. Digital governance is essentially a management activity. It requires corresponding operation and maintenance organizations, management processes, and evaluation mechanisms to promote the implementation and effective implementation of data standards and specifications. For example, consider setting up a joint working group of the alliance chain, which is responsible for clearing data needs, formulating standards, unifying rules, monitoring and evaluation and other governance work, and is responsible for evaluating the maturity of off-chain data governance of each node and exercising the node's permission to access.

Third, strengthen data security management and privacy protection to protect the value of data assets

With the advent of the digital economy, data has become a key factor of production. Data has economic value and is an important asset. How to avoid data leakage while sharing data is naturally the top priority of data governance. When planning requirements, each node should sort out their own data in advance to identify which is non-confidential data, which is confidential data, which is sensitive data, which is edge data, which is public, visible to whom, and shared with whom. On this basis On the basis of the data's value, sensitivity and privacy, the access control matrix and differentiated privacy policies are formulated. When data is chained, the interface should be secure. Regardless of on-chain data access or off-chain data access, there should be access control such as identity authentication and hierarchical authorization to prevent attackers from impersonating legitimate users to gain access and ensure system and data security. In the process of data transmission and sharing, you can desensitize different data according to data sharing and security needs, or use data encryption technology, such as zero-knowledge proof (ZKP) algorithm to encrypt data, or use some channel technology To limit the scope of data sharing and control the risk of data leakage.

Conclusion

At present, blockchain technology has suddenly become an irresistible technological trend, and it is a new track for global industrial transformation. Countries are making efforts to accelerate the layout. In such a globally prominent position, we should make solid preparations to seize the commanding heights of technology. General Secretary Xi ’s speech is the guiding ideology and fundamental observance of China ’s blockchain technology innovation and industrial development. We should actively implement the spirit of the General Secretary ’s important speech, cherish strategic opportunities, seek truth and be pragmatic, and have the courage to explore. It will play a role in building a strong network nation, developing a digital economy, and helping economic and social development.

This article only represents personal academic opinions and does not represent the opinions of the institution. This article was published in the January 2020 issue of Tsinghua Financial Review and published on January 5, 2020. Edited by: Wang Junjun