GiniConnect协议

你在这里:
<返回

GiniConnect协议诞生于我们学习开发,压力测试并最终退休的重要课程 基尼名称系统(GNS). This article briefly summarizes the reasons for this and the significant benefits of the GiniConnect Protocol. (For a much deeper technical understanding of GiniConnect and why it's so unique, please read GiniConnect Protocol: Trustless & Secure Communications.)

加密货币的圣杯是安全的,安全的 方便用户使用 允许利益相关者参与加密货币生态系统的机制,而不必与这样长而丑陋的加密支付地址进行交互:

gini_3zdco6d9mz8yu1u8s3p9pwj71u8hx3udxw9pfxtj4wtzr1gkraimj6utpqq7
(Yes, that's a real Gini public payment address that is valid on the live Gini Network right now, but don't send any money to it because that node is only for testing purposes!)

Long-form addresses work fine if you're not afraid of them and don't accidentally make a typo and send the payment to a wrong or non-existent address. But some people literally have a panic attack when they see long crypto addresses. In fact, we know that those scary addresses are one of the biggest reasons why cryptocurrencies haven't become more widely adopted. That's why Gini has been working diligently to solve this problem.

将电子邮件地址映射到加密地址 不是 解决方案。 There are several ways to solve the "scary crypto address" problem, but they are not equally safe and secure. One way is to map relatively simple, common account-based identifiers like email addresses, phone numbers or DNS records to a crypto payment address. This was the essence of the GNS: Whenever a stakeholder wanted somebody to send them Gini currency, they would say, "Just send it to my email address or phone number from your Gini payment screen!" This functionality was based on a mapping server architecture, which mapped the email/phone addresses to the GNS records that the stakeholders created from within their Gini GUI. It worked just like the mapping between numerical IP addresses and human-friendly website domain names in the Domain Name System (DNS).

我们自己破解以保护利益相关者的安全。 在用户友好性方面,GNS运行良好,大大降低了发送加密付款的复杂性。然而,我们持续的内部渗透测试和黑客攻击我们自己的系统显示,没有名称解析系统足以安全地将付款地址映射到电子邮件地址,电话号码,Facebook帐户或任何其他身份识别令牌/代理,除非真的 可靠 建立机制,使用户能够 保证他们的第一次联系是与正确的一方.

所有电子邮件和电话系统 任何依赖它们的系统都是不安全的。 许多安全研究人员都知道,从安全角度来看,所有公共电子邮件和电话系统都存在根本和致命的缺陷。这意味着依赖于电子邮件/电话帐户的任何系统(包括Facebook,Twitter,Gmail,Instagram等)也是不安全的。我们希望我们能够通过添加加密层来克服困扰这些系统的一些问题, 匿名 生物识别检查(在某些条件下)和其他 匿名 基于身份的身份验证机制 零知识证明。但是,在更多的安全机制上堆积就像堆积更多的衣服以逃避寒冷:在某一点上, 整个系统变得如此笨拙且不灵活 它不再按照原先预期的性能要求运行。

真正安全的系统对不安全通道没有任何实质性的依赖性。 The more we tried to pile additional security mechanisms onto the fundamentally flawed and insecure email and phone systems, the more we realized it was a lost cause. This is a deep technical topic, but in summary, we concluded that the GNS can't have any substantial dependence on email, phone, DNS or any external name/account resolution system operating outside the secure Gini protocol suite because they're all relatively easy to hack and/or manipulate by a skilled and determined hacker or well-funded state actor.

你正在联系正确的党吗? The principle of "connecting to the correct party" might seem simple conceptually: "Just get the unique phone number and email address from the parties and you're done!" some people might say. However, from a network security protocol perspective, it's a deep topic because there are many ways that a hacker/NSA/etc. can intercept insecure communications; hack email/phone accounts; impersonate you with those hacked accounts; socially engineer and bribe banks, crypto exchanges and corporate executives to give them your sensitive data from within their databases . . . if the system is not designed in a fundamentally secure, private and decentralized way.

没有利润动机值得冒险利益相关者的安全。 与通常牺牲安全性以增加利润的营利性公司不同,我们的基本使命是创造最安全,最公平,最可持续的公司 方便用户使用 ecosystem for real-world commerce. Although the GNS was never hacked and the probability of a serious hack was relatively low, we were not willing to take any risk at all with our stakeholders' security.

什么是安全的 用户友好的系统看起来像? After concluding that the GNS was not the optimal solution for the "scary crypto address" problem, we started thinking about creating 多通道协议。我们的协议目标是让利益相关方能够以他们可以的方式轻松交换联系人记录(包括他们的Gini支付地址) 保证 他们的初始付款地址交换的安全性 他们的交易对手的真实性,而无需看到任何冗长,可怕的加密地址。此外,我们的目标是使流程尽可能自动化,同时消除所有常见的攻击媒介。

可靠的系统是否可行? 核心问题是:是否有可能创建一个不依赖于任何不安全渠道的多渠道用户身份验证和连接协议,不需要利益相关者向Gini透露他们的个人身份,从根本上不受黑客攻击和腐败 当局并且不会对利益相关者施加繁琐而耗时的步骤?换句话说:我们能创造一个值得信赖的人吗? 人类在基尼生态系统中连接的简单方法?答案是 and it's called the GiniConnect Protocol. (See 为何信任基尼? to review the difference between "trustworthy" and "trusted" systems.)

解决方案:GiniConnect协议。 基于 Gini Account Center software's 简单的联系人管理功能,GiniConnect使利益相关者能够在不到60秒的时间内与另一个Gini利益相关者安全地验证,连接和共享他们的联系方式和Gini支付地址。在某些方面,GiniConnect的工作方式与SWIFT银行系统相同 from a bank manager's perspective这是银行在需要代表您发送电汇时与其他银行安全通信的方式。但在我们的案例中,GiniConnect基本上使每个Gini利益相关者成为他们自己的个人SWIFT界面的所有者,具有更高效,分散和用户友好的工作流程。

以下屏幕截图说明了它的工作原理。

联系人屏幕:

基尼接触屏幕,新

使用场景: Alice and Bob know each other and want to exchange Gini contacts and payment addresses without having to touch any long crypto addresses. If they've already created a secure contact, they can simply click the Gini currency icon/link from the contact's profile to send the payment. That automatically loads the contact into the simple payment screen, as illustrated below.

基尼支付屏幕

If Alice and Bob haven't already established a secure GiniConnect connection, they would make their initial trustworthy connection by Alice clicking on "New Secure Contact" from the GUI, which is illustrated below.

基尼接触,giniconnect4

然后,只有三个简单的步骤来建立安全的GiniConnect连接。

第1步:创建Gini Flash代码。

基尼接触,giniconnect1

基尼接触,giniconnect3

第2步:共享Flash代码。 Alice shares the Flash Code with Bob through an existing encrypted channel that she already trusts. This could be an encrypted voice or text chat using any of the popular encrypted chat programs like Signal, Telegram, WhatsApp or simply calling Bob to share the details over the phone. (Although, phones are less secure and we don't recommend it.) Even doing it by phone or encrypted voice chat is easy because the Flash Code is much shorter and easier to share than a random 64-character crypto address.

第3步:连接。 Bob enters Alice's Flash Code by clicking on "New Secure Contact" from 他自己 基尼帐户中心GUI。

基尼接触,giniconnect2

Alice立即在她的帐户中心GUI中看到连接请求,她可以接受或拒绝。在几乎所有情况下,Alice都会接受连接,因为在这种情况下垃圾邮件是不可能的,并且她知道对方是真实的,原因如下:

  • 爱丽丝发起了交流。
  • Alice很容易自己生成随机Flash代码,而不依赖于任何不安全的手机,电子邮件或第三方渠道。
  • 随机Flash代码将在3分钟后到期,这是与真正可信赖的交易对手建立安全连接的充足时间,但是没有足够的时间让黑客设计成功的攻击。 (整个GiniConnect过程通常不到60秒。)
  • When the Flash Code is transmitted over the network from Bob to Alice during the connection process, the Gini software encrypts the Flash Code into 160-bit random code (e.g.: 372ba72670b03c1f6a9d09eb5e1ce8f5933ff450), then transmits that encrypted payload over a bank-grade Secure Sockets Layer (SSL) connection, then automatically validates the payload on Alice's side to confirm that Bob has sent the correct cryptographically secure Flash Code. Computationally, it would require over 39 octillion years (3 quintillion years longer than the lifespan of the universe) to brute-force hack the 160-bit code, but hackers only have 3 minutes.
  • 没有中间人攻击是可能的。
  • 没有集中 公司食人族 要么 当局 可以被腐败的政客和企业高管妥协或胁迫。
  • 没有被劫持的电子邮件帐户或不安全的短信代码来破坏交换。
  • Even if somebody hacked Alice's email, phone or computer, they would never have a fresh random Flash Code with enough time to impersonate her.

最简单的支付系统人性化。 Alice and Bob's mutual contact details and Gini payment addresses are securely and automatically loaded into their respective Gini Account Center contact records without needing to see any long crypto addresses at all. Their contact information is not stored on any centralized server; so nobody (not even Gini) can see their details. From that moment forward, whenever Alice wants to send payments to Bob (and vice-versa), Alice can simply click on the "Send Payment" link on Bob's contact profile or start typing "Bob" into her Gini payment screen and Bob's name and payment address are automatically inserted into the recipient box. (The long payment address is also displayed in small font in case the sender wants to visually confirm it.) Nothing could be simpler.

每个基尼利益相关者都拥有自己的个人SWIFT系统。 The Secure Gini Chat tool built into the Gini contact management GUI enables stakeholders to communicate securely and privately with all their trusted payment counterparties. (Clicking the blue-green icon next to the contact's name in the toolbar toggles between Chat Mode and Contact Details Mode.)

基尼接触,聊天屏幕

The chat tool enables stakeholders to keep all their private payment conversations organized with all their other private financial account data in the secure Gini Account Center software, just like fiat bankers do with SWIFT terminals. We're not big fans of the fiat banking system, but in this case, we're pretty enthusiastic about liberating Gini stakeholders from the toxic fiat banking system by empowering them with their own private, 分散 SWIFT系统!

结论。 GiniConnect协议消除了与通过不安全渠道共享敏感财务细节相关的拼写错误和所有安全风险。数十亿人每天都知道并使用Signal,Telegram和WhatsApp等加密聊天工具。现在,他们可以使用Secure Gini Chat在独特,公平和可持续的Gini生态系统中管理自己的私人SWIFT系统。最终,我们希望Secure Gini Chat组件也将成为我们当前用例之外的流行通信工具,但目前,它适用于希望与其受信任的支付对象实时安全地连接和通信的Gini利益相关者。


注意:为防止缠扰者和其他犯罪分子骚扰Gini员工和工程师,本页面上显示的联系电话号码,电子邮件地址和其他个人信息是随机生成的,仅用于说明目的。我们不知道是否有任何实际的人拥有这些数字和地址。


Did You Like This Resource?


Gini is doing important work that no other organization is willing or able to do. Please support us by joining the Gini Newsletter below to be alerted about important Gini news and events and follow 推特上的基尼.