Interview with Mu Changchun of the Digital Research Institute of the Central Bank: Where did the first financial blockchain standard come from?

Source of this article: Surging News

Author: surging News intern reporter Ye Ying Zheng Ge charge

At the end of February, the People's Bank of China issued the Technical Specification for Financial Distributed Ledgers (hereinafter referred to as the "Safety Specification"), which was formally implemented from February 5th, which is China's first financial blockchain standard specification.

What is the starting point for the release of the Safety Regulations? What makes a specific security policy? How does it affect digital currencies? Will there be other financial blockchain standards in the future?

Around these issues, surging journalists interviewed Mu Changchun, director of the Digital Currency Research Institute of the People's Bank of China (hereinafter referred to as the Digital Research Institute) and deputy director of the Payment Department.

Surging News: What is the starting point and significance of the Safety Code?

Mu Changchun: In order to implement the plan of the party, the state and the People ’s Bank of China, in accordance with the “13th Five-Year Plan for the Development of Information Technology in the Financial Industry of China” and “FinTech Development Plan (2019-2021)” issued by the People ’s Bank of China With the support of the Gold Standards Commission and the Science and Technology Department, the Digital Currency Research Institute of the People's Bank of China proposed and specifically organized the Industrial and Commercial Bank of China, Agricultural Bank of China, Bank of China, China Construction Bank, China Development Bank and other units to jointly draft the "Finance The main goal of Distributed Ledger Technical Security Specification is to standardize the application of distributed ledger technology in the financial field and improve the information security guarantee capability of distributed ledger technology.

With the development and application of distributed ledger technology, the original security technical specifications are difficult to apply to distributed ledger technology, which are mainly reflected in two aspects : First, distributed ledger is a new system form, usually deployed in multiple Among the beneficial entities, different entities have different management systems and security risk considerations, which are not conducive to the deployment and management of the distributed ledger system. Second , the characteristics of the distributed ledger system determine that its security is jointly maintained by the consensus nodes in the system and only guarantees. The security of a single node is difficult to ensure the overall security of the system.

In order to solve the above problems and consider the application status and development trend of distributed ledger technology in China's financial industry, during the compilation process, the application status and actual needs of domestic financial institutions in the field of distributed ledger technology security were fully investigated , so that the standard has a good Applicability, advancedness and demonstration; In addition, through the preparation of the "Safety Specification", based on the first-mover advantages and practical accumulation of blockchain research in the field of digital research, combined with the technical advantages of many participating units, in-depth research Based on the latest technology developments at home and abroad, reasonable estimates are made for technology development trends, so that the "Safety Regulations" will remain advanced and stable for a period of time.

As the first standard specification of the blockchain and distributed ledger in China's financial industry, the "Safety Specification" constructs a security system framework for distributed ledger technology, which can guide financial institutions in the deployment and implementation of distributed ledger systems in accordance with the basic security requirements of the financial industry. Maintenance, providing business guarantee capability and information security risk constraint capability for large-scale application of distributed ledger technology, forming a benign promotion role for industrial applications.

Surging news : Most of the institutions involved in the formulation of the Security Code are traditional financial institutions. Does this code also apply to non-traditional financial institutions? For example, blockchain companies, technology companies, and so on.

Mu Changchun : The "Safety Specification" sorts out the universal security requirements that should be met by the application of distributed ledger technology in the financial industry. It is applicable to institutions engaged in the construction of distributed ledger systems or service operations in the financial field, and is not limited to traditional finance. Institutions, blockchains, and other technology companies are applicable as long as they are engaged in the construction of distributed ledger systems or service operations in the financial sector.

In fact, the participating units include Internet banks and Internet companies, as well as institutions of higher learning, scientific research institutions, testing institutions, and technology companies. It is precisely because of the participation of different types of organizations that the Security Specification can have multiple perspectives, cover multiple needs, and adapt to multiple scenarios.

Surging news : Can the design of digital currency developed by the central bank draw lessons from the "security specifications"?

Mu Changchun : The People's Bank of China is conducting research and development of DC / EP. DC / EP is issued by the People's Bank of China, and is operated by designated operating agencies and exchanged with the public. It is based on a broad account system, supports loose coupling of bank accounts, is equivalent to paper money and coins, and has value characteristics. A legally controllable and anonymous digital RMB payment instrument system.

DC / EP adopts mature and stable technology and considers innovation in technology selection. It integrates the advantages of traditional centralized architecture and blockchain technology, draws on the core content and advantages of blockchain technology, and avoids its shortcomings. Because the safety technology is interlinked, DC / EP refers to the relevant requirements in the Safety Specification when designing the safety.

The construction of the DC / EP system is based on the principle of long-term evolution and continuous iteration. It does not presuppose or superstitute any technical route. This kind of technically sensitive and forward-looking practice, in turn, is the compilation of the "Safety Specification" And perfecting for reference .

Surging news: You mentioned that blockchain lacks systematic security protection in terms of security. Can the safety regulations eliminate or reduce these security risks and operation and maintenance issues?

Mu Changchun: "Security Specifications" comprehensively sorted out the security system framework of distributed ledger technology, and put forward specific security requirements for 12 aspects, which will help eliminate or reduce security risks and operation and maintenance issues. First , the basic security requirements for the application of distributed ledger technology in the financial field are clarified in conjunction with relevant national laws and regulations, national security standards, and industry security standards. Secondly , according to the characteristics of the distributed ledger system, specific requirements were put forward. In particular, the operation and maintenance chapter in the "Safety Specification" comprehensively covered the key requirements of distributed ledger operation and maintenance based on the basic requirements of equal guarantee.

"Security Specifications" can provide references and constraints for the security design and security testing of financial blockchain systems, but the specifications themselves cannot solve security problems. Implementation of the specifications can improve the system's security capabilities and reduce risks.

Surging news: In the security specification, there are 12 parts of the security system of financial distributed ledger technology. Which parts should we pay more attention to?

Mu Changchun: The security system framework proposed by the "Security Standards" is an organic whole, and the security requirements at each level are very important. Among them, the results of relevant security standards such as information security level protection are borrowed and absorbed, and they are also included in previous security standards New situation never encountered. These contents can provide references and constraints for the security design and security testing of financial distributed ledger systems. At the same time, in the process of the implementation of the "Safety Standards", financial institutions and technology companies in the industry continue to summarize best practices, and will continue to improve the "Safety Standards."

Surging news: Regarding the security requirements of the consensus agreement, there is a mention of supervisability, why is it specifically mentioned? There are special regulatory requirements later. Will there be regulatory difficulties in the supervision of distributed ledger technology?

Mu Changchun: The supervision of the consensus agreement mentioned in the "Security Regulations" mainly means that the historical records of the consensus process and system operation should be auditable, supervisable, and should not be altered. The reason for this is because distributed ledgers cannot be completely tamper-resistant, but only difficult to tamper with. For example, a consensus algorithm based on computing power and proof of equity will encounter a 51% attack problem, that is, with 51% of the computing power or equity of the system, the blockchain data can be rewritten; the alliance chain generally uses voting-based Consensus algorithms also encounter the problem of "collusion tampering" with data. Therefore, under the premise that this risk cannot be completely ruled out, all historical records in the consensus process are required to meet the needs of supervision.

Surging news: Will there be a conflict between real-name authentication and privacy protection? How to solve it?

Mu Changchun: There is no contradiction between real-name authentication and privacy protection. Real-name authentication does not mean that everyone can see someone's account name. Financial distributed ledger systems with privacy protection requirements can use anonymous identity authentication, but should follow the principle of "voluntary front desk, background real name". The front desk uses anonymous identification, and the back office should be able to restore the real name identity of the registered entity.

Surging news: In privacy protection, the security specification proposes a hierarchical privacy protection strategy. What is the difference between a low privacy protection strategy and a high privacy protection strategy?

Mu Changchun: The object of privacy protection is various types of sensitive information. The usual practice is to classify the sensitivity of sensitive information. The "Security Specification" proposes a hierarchical privacy protection strategy, which corresponds to the classification of sensitive information. The distributed ledger system can formulate different levels of policies and adopt different strengths of technical means according to different privacy protection needs. Which level of privacy protection strategy and technical means is implemented specifically needs to strike a balance between system execution efficiency and privacy protection needs according to specific scenarios.

Surging news: There may be conflicts between the decentralized nature of distributed bookkeeping and the centralized management requirements of the central bank. How can this conflict be resolved?

Mu Changchun: In the arrangement of the central bank's system, they are all centralized management methods, which are mainly reflected in the centralized deployment of applications and the centralized collection, storage, and processing of data. It is easier to achieve supervision in a centralized organization; And each process in the blockchain with distributed characteristics often pursues a decentralized design. While obtaining certain technical advantages, it is also easy to hide the abuse of power and hidden manipulation, it is difficult to accurately locate the subject, and a regulatory blind spot appears. , Resulting in data leakage, privacy violations, terrorist financing and other issues. Especially when there are major social problems and group incidents, it is impossible to find the last person responsible.

In fact, the decentralization advantage of the blockchain is more reflected in the decentralization advantage of technology. Dogmatic advocacy of comprehensive decentralization is often a secret desire to evolve into a new center. Therefore, there is a certain conflict between the pure decentralization and the central bank's central management requirements.

In order to avoid conflicts and meet the requirements of centralized management, while not depriving financial industry entities of the technological innovation dividends brought by the blockchain, the underlying system and technical architecture of the blockchain as a financial service tool must be correspondingly transformed and upgraded so that It can not only exert the advantages of decentralized technology, but also meet the requirements of centralized management. Therefore, by default, the blockchain platform should consider the regulatory and privacy protection requirements from the bottom design, such as the relevant content requirements in the "Security Specification".

Surging news: In addition to the "Security Regulations", is the central bank still studying and formulating other financial industry blockchain standards?

Mu Changchun: The People's Bank of China has planned a technical standard system for blockchain and distributed ledger . The "Technical Security Specification for Financial Distributed Ledger" is an important part of it. It is the first blockchain and distributed ledger standard in China's financial industry. specification.

In addition, the Department of Science and Technology of the People's Bank of China has proposed and organized related distributed ledger technology standards such as the “Finance Distributed Ledger Technology Application Technology Reference Architecture”, the “Financial Distributed Ledger Technology Application Evaluation System”, and the “Distributed Ledger Trade Finance Specifications”. The digital currency research institute is taking the lead in orderly advancing the preparation work .