Journal of Information Security Research ›› 2016, Vol. 2 ›› Issue (12): 1090-1097.

Previous Articles     Next Articles

Security Architecture and Key Technologies of Blockchain

Yan Zhu   

  • Received:2016-12-26 Online:2016-12-15 Published:2016-12-26
  • Contact: Yan Zhu



  1. 北京科技大学
  • 通讯作者: 朱岩
  • 作者简介:博士,教授,主要研究方向为网络与信息安全、密码学与安全计算、计算复杂性理论.

Abstract: Blockchain, both the cryptocurrency and the underlying Bitcoin technology, have attracted significant attention around the world. The reason is that blockchain is a decentralization technology with Consensus Trust Mechanism (CTM), which is obviously different from the traditional centralization system with Outer Trust Mechanism (OTM). This has made a great influence on the trust mechanism of people and promoted the usage of security technology in the blockchain. In this paper, we present the security architecture and key technologies of the blockchain, and explain how the blockchain ensure the integrity, non repudiation, privacy, consistency for the stored data through P2P network, distributed ledger, asymmetric encryption, consensus mechanism and smart contracts. Moreover, we analyze some new security threats and measures, for example, the preventing technology of Denial of Service (DoS) attack against the Transaction Storm (TS), the cryptographic access control (CAC) technology to enhance the data privacy, the key management technology against losing and stealing of digital asset, and so on. We also discuss the future security problems and technologies that might be discovered after the blockchain syncretizes new technologies, including, AI, Big Data, IOT, cloud computing, mobile Internet technologies.

Key words: blockchain, distributed ledger, P2P network, asymmetric encryption, consensus mechanism, smart contracts

摘要: 区块链技术作为密码货币和比特币的底层技术,正在吸引着越来越多的人员投入进来.有别于传统信息系统的中心化他信机制,区块链是一种去中心化或者多中心化的共信机制,这对人们的信任机制产生了很大的影响,并促使人们开始重视区块链中的安全技术.对区块链中的关键技术及其安全架构展开了研究,阐述了区块链如何通过P2P网络技术、分布式账本技术、非对称加解密技术、共识机制技术、智能合约技术来实现对其数据完整性、不可否认性、隐私性、一致性等的安全保护.此外,也对一些新的安全威胁和措施进行分析,例如,防止由于交易风暴引起的拒绝服务技术、保护区块链信息隐私的密文访问控制技术、以及防止因为密钥丢失或者泄露所引起的数字资产丢失或者被盗的密钥管理技术等等.也对区块链技术与人工智能、大数据、物联网、云计算、移动互联网技术相融合之后可能出现的新安全问题和安全技术进行了探讨.

关键词: 区块链, 分布式账本, P2P网络, 非对称加密, 共识机制, 智能合约