ASCH assessment report
ASCH assessment report
Aug. 10, 2017
Last month, we commissioned China Ceprei Laboratory to assess our Asch platform.
The complete assessment report can be downloaded here.
Part of the assessment report was showed as follows:
The conclusion about ASCH decentralized application platform is as follows:
ASCH decentralized application platform adopted the distributed-ledger structure, including chain data structure, block ID, trading Hash, timestamps and distributed storage, P2P network, DOPS+PBFT consensus algorithm, DAPP contract and interchain mechanism based on side chain, and SHA2-256 algorithm, the overall assessment is as follows:
1.Adopting the distributed-ledger structure (the data include the presented block Hash code, the last block Hash code, timestamps, trading Hash etc. ), producing one block per 10 seconds on the platform, distributed storage of the block data in SQLite3 database of each block chain service node.
2.Adopting P2P technology to integrate mesh network, achieving communication between the nodes by broadcast.
3.Adopting the SHA2-256 secure Hash algorithm to calculate the Hash code in the block and the payload Hash code.
4.It uses ED25519 elliptic curve signature algorithm to carry out digital signature and signature operation of block transaction data;
5.It uses a consensus algorithm combined with DPOS + PBFT, uses the DPOS algorithm to elect the delegate, and uses the PBFT algorithm to vote on the consensus result.The process of consensus does not require competition, it allows strong regulatory nodes to participate;
6.It uses the Node JS programming language to implement DAPP contracts;
7.It uses side-chain technology that supports cross-chain asset transfer between the ASCH main-chain and the DAPP contract（which is essentially the ASCH side chain）.
The testing results show that there are some deficiencies in the test object:
1)The test object doesn’t support CA Certification;
2)The test object doesn’t support China cryptography;
3)The test object doesn’t support triggering or destructing contracts. Once started, DAPP contract will always be executed, which will be neither triggered or destructed through transactions or conditions, nor terminated in a limited time, step or fees.
4)The test object doesn’t support the cross-chain asset manipulation between Asch’s main chain and Bitcoin or Ethereum. Moreover, the balance of the Asch main-chain account generated from the address based on the first 8 bytes of the public key doesn’t increase when the withdraw operation is executing, the result of withdrawals is abnormal.
5)The test object doesn’t use the private key of the nodes in the service, but use the plain text for the data transmission between the nodes in the service.
For the above five deficiencies, I would like to talk out my own views.
Q: Why Asch doesn’t support CA certification？
A: Over the past year, Asch platform mainly focused on the development of the underlying public blockchain technology. The current CA certification for blockchain is usually applied in allicance blockchain projects, and it’s just an option. The role of CA is to issue certificates and carry out authentication, and the essential function is the registration and verification of accounts, which would bring in a centralized factor, that means it would introduce an centralized organization in a decentralized system. The accounts of public chain usually are randomly generated from an almost infinite address space, so CA certification is unnecessary.
Of cource, we will also consider adding CA certification to some branch versions. The Asch Chain Company(The full name is BeiJin Asch Chain Technology Co. Ltd.) is dedicated to build alliance blockchain underlying platform for the enterprise users, and the Asch open source community public attention only focuses on the public blockchain technology.
Q: Why not support chain algorithm?
A: The commonly used algorithm in Asch system is ed25519, which is an implementation of eddsa and is currently adopted by many well-known open source software, for example OpenSSH，GnuPG，OpenBSD and so on. Moreover. In the blockchain world, the famous zcash and stellar also use ed25519. Ed25519 , like the signature algorithm secp256k1 which is used in Bitcoin, is international popular encryption algorithm, and has many advantages, such as extremely high performance and security and so on. In the future, we will support chain algorithm, add an option for application developers.
Q: What does it mean to support contract triggering and terminating?
A: Asch is an application development platform, not a smart contract development platform, the application and the smart contract is different, although I have been promoting the idea: each to the center of the application is a broad sense of the smart contract, accurate Should be applied with the narrow sense of the smart contract is different. Asch uses a multi-chain architecture, each application will be carried by a separate block chain, Asch ecological applications are isolated, do not affect each other, so an application even if a serious bug will not affect other applications , The application itself does not need to consider terminating.
Q: When the operation is done, why is the result?
A: The bug has been fixed. We express concern for the rigor of China's Saibao laboratory. We had to make a bug fix on the spot after the bug, but was rejected. Because the evaluation process requires a stable version, so as to more objectively and truly reflect the characteristics of the measured object. The reason for this bug is the compatibility of the old address, the current Asch main chain there are two formats address, a digital address, one is similar to the bitma base58check format address. The former address because of its implementation is not strict should have been abandoned, but in order to the old account compatibility, can only be retained. But in the dapp, we are not the historical burden, so there is no special address to the old address, resulting in this exception. The current repair plan is to completely prohibit the digital address cross-chain transfer to the side chain or application chain, with a digital address of the old account can be the first asset to the new base58check account, and then cross-chain transfer to the side chain.
Q: Why communication between service nodes is transmitted in plaintext?
A: Because the current communication between the service nodes does not involve sensitive information, as far as I know, other public chains do not use ciphertext for inter-node communication, too.
Generally, evaluation process of The Fifth Electronic Research Institute Of MIIT is quite professional and rigorous, but Asch is the first public chain to be evaluated, some evaluation indicators (such as CA, national secret, etc.) apply to the union chain, does not apply to the public chain.