From 32c3712f35db8c0148109d61ad6c274054ad3da6 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Wed, 15 Aug 2018 09:44:20 +0800 Subject: [PATCH 01/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...ingle-private-key-to-secure-your-assets.md | 76 ++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index e29d864..acb7a39 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -5,6 +5,8 @@ tags: _Reasons why it is unreasonable to expect yourself and everyone else in the world to only have one fragile layer of security for their assets_ + + ![](https://cdn-images-1.medium.com/freeze/max/60/1*W65-DR2esMrCvm0Ig8pMpg.jpeg?q=20) ![](https://cdn-images-1.medium.com/max/1600/1*W65-DR2esMrCvm0Ig8pMpg.jpeg) @@ -12,38 +14,52 @@ _Reasons why it is unreasonable to expect yourself and everyone else in the worl ![](https://cdn-images-1.medium.com/max/1600/1*W65-DR2esMrCvm0Ig8pMpg.jpeg) #### Let me tell you a story…. +让我告诉你一个故事...... Matthew Mellon \[1\] was a guy who had high hopes for the cryptocurrency Ripple (XRP). He saw Ripple as a great step forward for the future of American banking. Matthew was one of the first investors in Ripple, and would buy more over the years as the popularity (and price) grew. +Matthew Mellon [1]是一个对瑞波币Ripple(XRP)寄予厚望的人。他认为瑞波币是美国银行业未来的一大进步。Matthew是瑞波币的首批投资者之一,随着人气(和价格)的增长,多年来他不断增持更多的XRP。 As Matthew acquired more XRP, he separated his holdings into a few different accounts. > Matthew Mellon held almost all of his fortune in Ripple in cold wallets all around the country, with no one else knowing the codes to the wallets. A cold wallet is a vault that is not connected to the internet for safety measures, to avoid hacks or breaches. +随着Matthew拥有更多的XRP资产,他将所有的XRP分成几个不同的账户的冷钱包里,并把他们分散存放在在不同地方的保险库内,并且没有人知道他冷钱包的密码。冷钱包是一种未连接到互联网的,以避免黑客攻击或破坏的安全保险库。 Matthew is a smart guy! He is a millionaire who made sure he knew how to manage his crypto holdings himself, keeping his access codes in his head to stay safe from pesky hackers stealing them from a bank. +Matthew是个聪明的百万富翁,他知道如何管理自己的加密资产,保护访问权限,以及知道如何保护他的数字资产免受黑客窃取的危险。 His XRP will never get taken by anyone! Even himself! +他的XRP永远不会被任何人取走!连他自己! … huh? himself? +是吗?本人呢? … Oh yeah. I forgot to mention that Matthew Melon died of a heart attack on April 16th. And when he died, his $500 million in XRP essentially died with him. The XRP is still there! But unfortunately, anyone who wants to access it will need those access codes that are only stored in electrical signals in Matthew’s brain, which disappeared in April. +对了。我忘了说Matthew 在4月16日死于心脏病。当他去世时,他5亿美元的XRP基本上和他一起死了。 虽然XRP还在那里,但不幸的是,任何想要访问它的人都需要那些仅存储在Matthew大脑中的访问代码,这些代码在4月份消失了。 While Matthew’s story might be the first instance of an extremely rich family losing all their cryptocurrency because of a death, it is by no means the first time anyone has been burned from relying on a single private authorization key to secure an account on a blockchain. Unsurprisingly, this is one of the biggest causes of lost or stolen cryptocurrency. +虽然Matthew的故事可能是一个极端的因死亡而失去所有加密货币的一个例子,但这绝不是第一次因依赖单一私钥来保护区块链账户而受到损失的人。不出所料,这是加密货币丢失或被盗的最大原因之一。 According to The Anti-Phishing Working group’s research, over **$1.2 billion of crypto-assets have been stolen or lost since the beginning of 2017.** +根据反网络钓鱼工作组的研究,自2017年初以来,已有超过12亿美元的加密资产被盗或丢失。 This is unacceptable! How could all of this value have been lost? Lets look at some of the reasons. +这是无法接受的!怎么可能丢失这些有价值的资产呢?让我们看看一些原因。 **Lost private keys:** Someone stores their private key either in their brain, on a piece of paper, locally on their computer, or in a hardware wallet. Through one reason or another, it is forgotten, deleted, or lost and nobody can ever access the funds ever again. +私钥的丢失:有人将他们的私钥存储在他们的大脑,纸上,本地计算机或硬件钱包中。由于这样或那样的原因,它被遗忘,删除或丢失,那就没有人能再获得资金。 **Phishing attacks:** A very bad person gains the trust of the owner of the private key and somehow convinces them to reveal the key. The very bad person then uses the key to steal all of the victim’s assets secured by that key. +钓鱼网络的攻击:一个非常糟糕的人获得私钥所有者的信任,并以某种方式说服他们泄露密钥。然后,非常坏的人使用密钥窃取该密钥保护的所有受害者资产。 **Deaths:** Like Matthew’s case above, the only person who knows the keys dies and the knowledge, and therefore access, to the cryptoassets is lost forever. +拥有者死亡:就像上面的Matthew案例一样,唯一知道密钥的人死了,因此访问加密资产的密钥也永远地丢失。 **Private key hacks:** An unsuspecting victim stores their private key insecurely on one of their devices and a clever hacker finds a way in and steals the key. With this key, the hacker can access the victim’s account and steal all their cryptoassets. +私钥攻击:一个不知情的受害者将他们的私钥不安全地存储在他们的一个设备上,一个聪明的黑客找到了一个方法并窃取了密钥。使用此密钥,黑客可以访问受害者的帐户并窃取他们所有的密码集。 ![](https://cdn-images-1.medium.com/freeze/max/60/1*tOESAZSkdh01dgSKSs6flQ.gif?q=20) @@ -54,57 +70,91 @@ This is unacceptable! How could all of this value have been lost? Lets look at s There is definitely a pattern here! ### The single-key problem +单键问题 All of these issues happen because of some unfortunate or irresponsible circumstance that takes advantage of the fact that there is only one layer of security protecting a user’s assets, and there are no take-backs in this world. +所有这些问题的发生都是因为不负责任地只用一层安全措施保护自已的资产,而且这个世界上没有任何其他措施挽回。 Now, some of you might be reading this thinking, “Hrmph! I am incorruptible, invincible, and unable to ever make a mistake!” +现在,你们中的一些人可能正在想着,“Hrmph!我无敌,无畏,我不会犯错!” Let me be clear, there are plenty of people in the world who are perfectly capable of controlling their own private key and managing it completely on their own, be that with a hardware wallet, cold wallet, or some other solution. And in a perfect world, we all would be able to do that and nobody would try to steal from anyone! +让我明确一点,世界上有很多人完全有能力控制他们自己的私钥并完全自己管理,就像硬件钱包,冷钱包或其他解决方案一样。在一个完美的世界里,我们都能够做到这一点,没有人会试图从任何人那里窃取! Unfortunately, we live in a world where the vast majority of the population has more important things to worry about than using a bunch of extra brain power and work to secure their keys. +不幸的是,我们生活在这样一个世界,我们绝大多数人都有更重要的事情需要担心,而不是使用一堆额外的脑力并努力保护他们的私钥。 You might be the kind of person who wants complete control, and that is completely fair, but I think we can all agree that most humans (including myself) can be irresponsible, forgetful, or simply too busy to be bestowed with this kind of responsibility. +你可能是那种想要完全控制的人,这是完全公平的,但我认为我们都同意大多数人(包括我自己)可能是不负责任的,健忘的,或者只是太忙而无法承担这种责任。 #### It is obvious that it is unreasonable to expect everyone to have one authorization key and be able to keep it safe and secure themselves. +很明显,期望每个人都拥有一个授权密钥并且能够保证自己的安全是不合理的。 +然而,这产生了一个问题。以太坊基于仅与一个密钥相关联的帐户,因此添加额外的安全复杂性层可能存在风险和挑战。 This indroduces an issue though. Ethereum is based around accounts being associated with just one key, so adding additional layers of security complexity could be risky and challenging. ### How are existing solutions solving this issue? +现有解决方案如何解决此问题? There are a few offerings out there that acknowledge this issue and look to provide solutions that are safer and easier than a single key solution. Unfortunately, they mostly aren’t good enough to satisfy all the security requirements that users need while also providing complete and a good user experience. +有一些产品可以解决这个问题,并提供比单一密钥解决方案更安全,更方便的解决方案。不幸的是,它们大多不足以满足用户需要的所有安全要求,同时还提供完整和良好的用户体验。 **Solution #1: Centralized storage** +解决方案#1:集中存储 **Company controls your crypto account on your behalf, similar to a traditional bank.** You sign into a centrally managed system with a traditional password and tell the company to sign transactions for you. +公司代表您控制您的加密帐户,类似于传统银行。您使用传统密码登录集中管理的系统,并允许公司为您签署交易。 **Pros:** * OK approach for simply passively holding financial assets * Can be secure when done correctly (but rarely is) * Simplifies some of the blockchain technical aspects +优点: + +* 可以简单地被动地持有金融资产 +* 正确完成后可以安全(但很少) +* 简化部分区块链技术方面要求 **Challenges:** * Requires trust in third party. If they lose access to your account (private keys) or are hacked, you lose your assets * Limited to no management functionality — difficult to use assets outside of just holding them +挑战: + +* 需要信任第三方。如果他们无法访问您的帐户(私钥)或被黑客入侵,您就会丢失资产 +* 仅限于没有管理功能 - 仅仅持有它们之外的资产很难使用 **Solution #2: Multi-Sig Wallets Controlled by multiple people** +解决方案#2:Multi-Sig Wallets由多人控制 **You and other friends/colleagues each have Ethereum accounts controlled by one private key which are used as authorization signatures in a multisig wallet.** You each control your accounts single private key in the normal way, but don’t hold any funds besides what is needed to execute transactions. +您和其他朋友/同事各自拥有由一个私钥控制的以太坊帐户,这些私钥在multisig钱包中用作授权签名。每个人都以正常方式控制您的帐户单个私钥,但除了执行交易所需的资金之外,不要持有任何资金。 **Pros:** * Only a subset of the signatures is required, protecting against death or lost signatures. * Control lies with the owners and not a third party. * Lost or stolen keys can be changed to protect against theft +优点: + +* 只需要签名的一部分,以防止死亡或丢失签名。 +* 控制权在于所有者而非第三方。 +* 可以更改丢失或被盗的钥匙以防止被盗 **Challenges:** * Smart contracts required to implement this can be complicated, which can introduce complexity and unintended behavior that might cause a vulnerability. * Hard to interact with decentralized applications when multiple people are required to execute transactions. * User experience is still suboptimal, requiring technical knowledge to handle +挑战: + +* 实现此目标所需的智能合约可能很复杂,这可能会引入可能导致漏洞的复杂性和意外行为。 +* 当需要多个人执行交易时,很难与分散的应用程序交互。 +* 用户体验仍然不是最理想的,需要技术知识来处理 As you can see, the existing solutions can work in certain situations, but all have drawbacks. Is there a way we can have all the pros of these solutions, but none of the cons? +如您所见,现有解决方案可以在某些情况下工作,但都有缺点。有没有办法我们可以拥有这些解决方案的所有优点,但没有一个缺点? ![](https://cdn-images-1.medium.com/freeze/max/60/1*ttxBTM5pgIzdL0N1kSQfUg.gif?q=20) @@ -115,24 +165,38 @@ As you can see, the existing solutions can work in certain situations, but all h Musn’t be afraid to dream a little bigger, darling…. Challenging problems require novel solutions +挑战性问题需要新颖的解决方案 ### EIP-191 and Our Solution +EIP-191和我们的解决方案 The answer is yes, and it involves an interesting contract standard you might have heard of called [EIP-191: Signed Data Standard](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-191.md). This is a standard that separates the signing of transactions from the sending, allowing for some novel ways to interact with the Ethereum blockchain. This standard allows a contract to accept presigned data by the different keys associated with it and it is the central technology that underpins our upcoming cryptoasset custody application. +答案是肯定的,它涉及一个你可能听说过的有趣的合同标准,称为EIP-191:签名数据标准。这是一种将交易签名与发送分开的标准,允许一些新颖的方式与以太坊区块链进行交互。该标准允许合同通过与其相关联的不同密钥接受预先签署的数据,并且它是支持我们即将推出的加密密码保管应用程序的核心技术。 We are building a desktop wallet application which uses a unique protocol that requires messages to be signed by multiple private keys. This protocol pieces messages together using an enhanced version of EIP-191. Additionally, we enact transactions through a custom smart contract assigned to each user which understands this protocol. The user’s assets are maintained within this contract and can only be accessed by the requisite private keys assigned to it. +我们正在构建一个桌面钱包应用程序,它使用一种独特的协议,要求消息由多个私钥签名。该协议使用增强版EIP-191将消息组合在一起。此外,我们通过分配给了解此协议的每个用户的自定义智能合约来制定交易。用户的资产在此合同中维护,只能通过分配给它的必要私钥访问。 Unlike other multisigs though, this contract/account is only managed by one person! This is because we want to keep this level of security, but also give our users options for how they secure their keys, while never taking complete control of it ourselves. +与其他multisigs不同,此合约/账户仅由一个人管理!这是因为我们希望保持这种安全级别,同时也为我们的用户提供了如何保护密钥的选项,同时也从不完全控制它。 These private keys can be maintained in a variety of configurations which run the spectrum from decentralization to centralization, depending on the level of responsibility the user is comfortable with: +这些私钥可以维护在各种配置中,这些配置运行从分散到集中的范围,具体取决于用户感到满意的责任级别: 1. **Total Control:** The user maintains complete control of all private keys: These keys are encrypted and stored locally on the users device. The password that the user enters to sign into the application is used to decrypt the user profile that is stored locally. +1. 总控制:用户保持对所有私钥的完全控制:这些密钥被加密并本地存储在用户设备上。用户输入以登录应用程序的密码用于解密本地存储的用户配置文件。 + 2. **Partial Control with 2FA:** The user maintains primary private keys and the applicatin maintains supporting private keys utilizing our 2-Factor Authentication. The 2-Factor Authentication code is what authorizes the second key to sign a transaction. +2. 使用2FA进行部分控制:用户维护主私钥,应用程序使用我们的双因素身份验证维护支持私钥。双因素身份验证代码授权第二个签名交易的密钥。 + 3. **Partial Control with Third-Party**: The user maintains the primary private key and stores a secondary key with a trusted third-party which automatically authorizes transactions. +3. 使用第三方进行部分控制:用户维护主私钥并将辅助密钥与受信任的第三方存储,后者自动授权事务。 **With all of these solutions, the keys are always encrypted, stored locally, and handled by the application, removing the need for users to worry about handling their keys at all.** +通过所有这些解决方案,密钥始终被加密,本地存储并由应用程序处理,从而使用户无需担心处理其密钥。 A unique feature of our contracts is that all message signing takes place off -chain, with the final message being forwarded to the contract afterward. This gives us the flexibility for users to maintain private keys themselves in several locations distributing signing mechanisms throughout an intranet of personal contacts, for instance, enhancing ownership and security. +我们的合同的一个独特之处在于,所有消息签名都是在链外进行的,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置维护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 + ![](https://cdn-images-1.medium.com/freeze/max/60/1*r96qkipf_j6cu7OG47P4hw.png?q=20) @@ -141,21 +205,31 @@ A unique feature of our contracts is that all message signing takes place off -c ![](https://cdn-images-1.medium.com/max/1600/1*r96qkipf_j6cu7OG47P4hw.png) Users sign transactions with their multiple keys, which are then forwarded through their account’s smart contract and posted to the blockchain +用户使用多个密钥签署交易,然后通过其帐户的智能合约转发并发布到区块链 **How does this solve the problems of the other solutions?** +这如何解决其他解决方案的问题? As you can see, the flexibility of control this setup offers to users is unparalleled by current offerings. Our solution uses this technology to provide users with an even more secure and user friendly wallet experience. +正如您所看到的,此设置为用户提供的控制灵活性是当前产品所无法比拟的。我们的解决方案使用此技术为用户提供更安全和用户友好的钱包体验。 Since we separates transaction signing and spending, users do not have to worry about specifying and paying for transaction fees within the system, thus alleviating a technical hurdle that many wallet users are very confused about in other solutions. The application actively monitors, manages, and pays for transactions fees under the hood in order for transactions to be sent and processed in a timely manner. +由于我们将交易签名和支出分开,用户不必担心在系统内指定和支付交易费用,从而减轻了许多钱包用户在其他解决方案中非常困惑的技术障碍。该应用程序主动监控,管理和支付交易费用,以便及时发送和处理交易。 Additionally, Because of the power of multisig wallets, there’s no problem if one of the private keys is lost or exposed. Using the other keys, the compromised key can be recovered or changed to protect against user error and unexpected deaths. +此外,由于multisig钱包的强大功能,如果其中一个私钥丢失或暴露,则没有问题。使用其他密钥,可以恢复或更改受损密钥,以防止用户错误和意外死亡。 And lastly, this multisig wallet setup is a very low-complexity smart contract, meaning that the attack surface is very small with almost no room for possible vulnerabilities. +最后,这个multisig钱包设置是一个非常低复杂度的智能合约,这意味着攻击面非常小,几乎没有可能存在漏洞的空间。 ### The path forward +前进的道路 As opportunities in blockchain and cryptoassets have grown significantly, more and more people and businesses are entering the space. There is a real threat of technical inexperience resulting in lost funds, and the average user cannot be trusted to manage their own private keys. Modular is working diligently to give businesses and users the management tools to solve these and other challenges. +随着区块链和密码集中的机会显着增加,越来越多的人和企业进入这个领域。存在技术缺乏经验的真正威胁导致资金损失,并且普通用户无法信任管理他们自己的私钥。 Modular正在努力为企业和用户提供管理工具来解决这些和其他挑战。 If Matthew Mellon and more users had a sophisticated tool like what is described here, maybe we wouldn’t have already lost so much money! +如果Matthew Mellon和更多用户拥有像这里描述的那样复杂的工具,也许我们不会已经损失了这么多钱! -This was just a small taste of the security and functionality features that we will offer. Stay tuned and subscribe for more updates and product announcements from Modular. We’ll be detailing more features we offer in upcoming posts in the Modular publication, so make sure to follow in order to receive updates! \ No newline at end of file +This was just a small taste of the security and functionality features that we will offer. Stay tuned and subscribe for more updates and product announcements from Modular. We’ll be detailing more features we offer in upcoming posts in the Modular publication, so make sure to follow in order to receive updates! +这只是我们将提供的安全性和功能性的一小部分。请继续关注并订阅Modular的更多更新和产品公告。我们将详细介绍我们在Modular出版物即将发布的帖子中提供的更多功能,因此请务必关注以接收更新! From 3b180c72e69203c92abb93e82e572a5fd0454e77 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Wed, 15 Aug 2018 09:46:17 +0800 Subject: [PATCH 02/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...ouldnt-use-a-single-private-key-to-secure-your-assets.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index acb7a39..0b0cc88 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -7,21 +7,21 @@ _Reasons why it is unreasonable to expect yourself and everyone else in the worl -![](https://cdn-images-1.medium.com/freeze/max/60/1*W65-DR2esMrCvm0Ig8pMpg.jpeg?q=20) - -![](https://cdn-images-1.medium.com/max/1600/1*W65-DR2esMrCvm0Ig8pMpg.jpeg) ![](https://cdn-images-1.medium.com/max/1600/1*W65-DR2esMrCvm0Ig8pMpg.jpeg) #### Let me tell you a story…. + 让我告诉你一个故事...... Matthew Mellon \[1\] was a guy who had high hopes for the cryptocurrency Ripple (XRP). He saw Ripple as a great step forward for the future of American banking. Matthew was one of the first investors in Ripple, and would buy more over the years as the popularity (and price) grew. + Matthew Mellon [1]是一个对瑞波币Ripple(XRP)寄予厚望的人。他认为瑞波币是美国银行业未来的一大进步。Matthew是瑞波币的首批投资者之一,随着人气(和价格)的增长,多年来他不断增持更多的XRP。 As Matthew acquired more XRP, he separated his holdings into a few different accounts. > Matthew Mellon held almost all of his fortune in Ripple in cold wallets all around the country, with no one else knowing the codes to the wallets. A cold wallet is a vault that is not connected to the internet for safety measures, to avoid hacks or breaches. + 随着Matthew拥有更多的XRP资产,他将所有的XRP分成几个不同的账户的冷钱包里,并把他们分散存放在在不同地方的保险库内,并且没有人知道他冷钱包的密码。冷钱包是一种未连接到互联网的,以避免黑客攻击或破坏的安全保险库。 Matthew is a smart guy! He is a millionaire who made sure he knew how to manage his crypto holdings himself, keeping his access codes in his head to stay safe from pesky hackers stealing them from a bank. From 2312906c2bb6356256794ff95c5a25acd70da2d7 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Wed, 15 Aug 2018 09:48:42 +0800 Subject: [PATCH 03/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...ingle-private-key-to-secure-your-assets.md | 60 +++++++++++++++---- 1 file changed, 49 insertions(+), 11 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 0b0cc88..4f1a605 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -25,84 +25,103 @@ As Matthew acquired more XRP, he separated his holdings into a few different acc 随着Matthew拥有更多的XRP资产,他将所有的XRP分成几个不同的账户的冷钱包里,并把他们分散存放在在不同地方的保险库内,并且没有人知道他冷钱包的密码。冷钱包是一种未连接到互联网的,以避免黑客攻击或破坏的安全保险库。 Matthew is a smart guy! He is a millionaire who made sure he knew how to manage his crypto holdings himself, keeping his access codes in his head to stay safe from pesky hackers stealing them from a bank. + Matthew是个聪明的百万富翁,他知道如何管理自己的加密资产,保护访问权限,以及知道如何保护他的数字资产免受黑客窃取的危险。 His XRP will never get taken by anyone! Even himself! + 他的XRP永远不会被任何人取走!连他自己! … huh? himself? + 是吗?本人呢? … Oh yeah. I forgot to mention that Matthew Melon died of a heart attack on April 16th. And when he died, his $500 million in XRP essentially died with him. The XRP is still there! But unfortunately, anyone who wants to access it will need those access codes that are only stored in electrical signals in Matthew’s brain, which disappeared in April. + 对了。我忘了说Matthew 在4月16日死于心脏病。当他去世时,他5亿美元的XRP基本上和他一起死了。 虽然XRP还在那里,但不幸的是,任何想要访问它的人都需要那些仅存储在Matthew大脑中的访问代码,这些代码在4月份消失了。 While Matthew’s story might be the first instance of an extremely rich family losing all their cryptocurrency because of a death, it is by no means the first time anyone has been burned from relying on a single private authorization key to secure an account on a blockchain. Unsurprisingly, this is one of the biggest causes of lost or stolen cryptocurrency. + 虽然Matthew的故事可能是一个极端的因死亡而失去所有加密货币的一个例子,但这绝不是第一次因依赖单一私钥来保护区块链账户而受到损失的人。不出所料,这是加密货币丢失或被盗的最大原因之一。 According to The Anti-Phishing Working group’s research, over **$1.2 billion of crypto-assets have been stolen or lost since the beginning of 2017.** + 根据反网络钓鱼工作组的研究,自2017年初以来,已有超过12亿美元的加密资产被盗或丢失。 This is unacceptable! How could all of this value have been lost? Lets look at some of the reasons. + 这是无法接受的!怎么可能丢失这些有价值的资产呢?让我们看看一些原因。 **Lost private keys:** Someone stores their private key either in their brain, on a piece of paper, locally on their computer, or in a hardware wallet. Through one reason or another, it is forgotten, deleted, or lost and nobody can ever access the funds ever again. + 私钥的丢失:有人将他们的私钥存储在他们的大脑,纸上,本地计算机或硬件钱包中。由于这样或那样的原因,它被遗忘,删除或丢失,那就没有人能再获得资金。 **Phishing attacks:** A very bad person gains the trust of the owner of the private key and somehow convinces them to reveal the key. The very bad person then uses the key to steal all of the victim’s assets secured by that key. + 钓鱼网络的攻击:一个非常糟糕的人获得私钥所有者的信任,并以某种方式说服他们泄露密钥。然后,非常坏的人使用密钥窃取该密钥保护的所有受害者资产。 **Deaths:** Like Matthew’s case above, the only person who knows the keys dies and the knowledge, and therefore access, to the cryptoassets is lost forever. + 拥有者死亡:就像上面的Matthew案例一样,唯一知道密钥的人死了,因此访问加密资产的密钥也永远地丢失。 **Private key hacks:** An unsuspecting victim stores their private key insecurely on one of their devices and a clever hacker finds a way in and steals the key. With this key, the hacker can access the victim’s account and steal all their cryptoassets. + 私钥攻击:一个不知情的受害者将他们的私钥不安全地存储在他们的一个设备上,一个聪明的黑客找到了一个方法并窃取了密钥。使用此密钥,黑客可以访问受害者的帐户并窃取他们所有的密码集。 -![](https://cdn-images-1.medium.com/freeze/max/60/1*tOESAZSkdh01dgSKSs6flQ.gif?q=20) - -![](https://cdn-images-1.medium.com/max/1600/1*tOESAZSkdh01dgSKSs6flQ.gif) ![](https://cdn-images-1.medium.com/max/1600/1*tOESAZSkdh01dgSKSs6flQ.gif) There is definitely a pattern here! ### The single-key problem + 单键问题 All of these issues happen because of some unfortunate or irresponsible circumstance that takes advantage of the fact that there is only one layer of security protecting a user’s assets, and there are no take-backs in this world. + 所有这些问题的发生都是因为不负责任地只用一层安全措施保护自已的资产,而且这个世界上没有任何其他措施挽回。 Now, some of you might be reading this thinking, “Hrmph! I am incorruptible, invincible, and unable to ever make a mistake!” + 现在,你们中的一些人可能正在想着,“Hrmph!我无敌,无畏,我不会犯错!” Let me be clear, there are plenty of people in the world who are perfectly capable of controlling their own private key and managing it completely on their own, be that with a hardware wallet, cold wallet, or some other solution. And in a perfect world, we all would be able to do that and nobody would try to steal from anyone! + 让我明确一点,世界上有很多人完全有能力控制他们自己的私钥并完全自己管理,就像硬件钱包,冷钱包或其他解决方案一样。在一个完美的世界里,我们都能够做到这一点,没有人会试图从任何人那里窃取! Unfortunately, we live in a world where the vast majority of the population has more important things to worry about than using a bunch of extra brain power and work to secure their keys. + 不幸的是,我们生活在这样一个世界,我们绝大多数人都有更重要的事情需要担心,而不是使用一堆额外的脑力并努力保护他们的私钥。 You might be the kind of person who wants complete control, and that is completely fair, but I think we can all agree that most humans (including myself) can be irresponsible, forgetful, or simply too busy to be bestowed with this kind of responsibility. + 你可能是那种想要完全控制的人,这是完全公平的,但我认为我们都同意大多数人(包括我自己)可能是不负责任的,健忘的,或者只是太忙而无法承担这种责任。 #### It is obvious that it is unreasonable to expect everyone to have one authorization key and be able to keep it safe and secure themselves. + 很明显,期望每个人都拥有一个授权密钥并且能够保证自己的安全是不合理的。 然而,这产生了一个问题。以太坊基于仅与一个密钥相关联的帐户,因此添加额外的安全复杂性层可能存在风险和挑战。 This indroduces an issue though. Ethereum is based around accounts being associated with just one key, so adding additional layers of security complexity could be risky and challenging. ### How are existing solutions solving this issue? + 现有解决方案如何解决此问题? There are a few offerings out there that acknowledge this issue and look to provide solutions that are safer and easier than a single key solution. Unfortunately, they mostly aren’t good enough to satisfy all the security requirements that users need while also providing complete and a good user experience. + 有一些产品可以解决这个问题,并提供比单一密钥解决方案更安全,更方便的解决方案。不幸的是,它们大多不足以满足用户需要的所有安全要求,同时还提供完整和良好的用户体验。 **Solution #1: Centralized storage** + 解决方案#1:集中存储 **Company controls your crypto account on your behalf, similar to a traditional bank.** You sign into a centrally managed system with a traditional password and tell the company to sign transactions for you. + 公司代表您控制您的加密帐户,类似于传统银行。您使用传统密码登录集中管理的系统,并允许公司为您签署交易。 **Pros:** @@ -110,6 +129,7 @@ There are a few offerings out there that acknowledge this issue and look to prov * OK approach for simply passively holding financial assets * Can be secure when done correctly (but rarely is) * Simplifies some of the blockchain technical aspects + 优点: * 可以简单地被动地持有金融资产 @@ -120,15 +140,18 @@ There are a few offerings out there that acknowledge this issue and look to prov * Requires trust in third party. If they lose access to your account (private keys) or are hacked, you lose your assets * Limited to no management functionality — difficult to use assets outside of just holding them + 挑战: * 需要信任第三方。如果他们无法访问您的帐户(私钥)或被黑客入侵,您就会丢失资产 * 仅限于没有管理功能 - 仅仅持有它们之外的资产很难使用 **Solution #2: Multi-Sig Wallets Controlled by multiple people** + 解决方案#2:Multi-Sig Wallets由多人控制 **You and other friends/colleagues each have Ethereum accounts controlled by one private key which are used as authorization signatures in a multisig wallet.** You each control your accounts single private key in the normal way, but don’t hold any funds besides what is needed to execute transactions. + 您和其他朋友/同事各自拥有由一个私钥控制的以太坊帐户,这些私钥在multisig钱包中用作授权签名。每个人都以正常方式控制您的帐户单个私钥,但除了执行交易所需的资金之外,不要持有任何资金。 **Pros:** @@ -136,6 +159,7 @@ There are a few offerings out there that acknowledge this issue and look to prov * Only a subset of the signatures is required, protecting against death or lost signatures. * Control lies with the owners and not a third party. * Lost or stolen keys can be changed to protect against theft + 优点: * 只需要签名的一部分,以防止死亡或丢失签名。 @@ -147,6 +171,7 @@ There are a few offerings out there that acknowledge this issue and look to prov * Smart contracts required to implement this can be complicated, which can introduce complexity and unintended behavior that might cause a vulnerability. * Hard to interact with decentralized applications when multiple people are required to execute transactions. * User experience is still suboptimal, requiring technical knowledge to handle + 挑战: * 实现此目标所需的智能合约可能很复杂,这可能会引入可能导致漏洞的复杂性和意外行为。 @@ -154,82 +179,95 @@ There are a few offerings out there that acknowledge this issue and look to prov * 用户体验仍然不是最理想的,需要技术知识来处理 As you can see, the existing solutions can work in certain situations, but all have drawbacks. Is there a way we can have all the pros of these solutions, but none of the cons? -如您所见,现有解决方案可以在某些情况下工作,但都有缺点。有没有办法我们可以拥有这些解决方案的所有优点,但没有一个缺点? -![](https://cdn-images-1.medium.com/freeze/max/60/1*ttxBTM5pgIzdL0N1kSQfUg.gif?q=20) - -![](https://cdn-images-1.medium.com/max/1600/1*ttxBTM5pgIzdL0N1kSQfUg.gif) +如您所见,现有解决方案可以在某些情况下工作,但都有缺点。有没有办法我们可以拥有这些解决方案的所有优点,但没有一个缺点? ![](https://cdn-images-1.medium.com/max/1600/1*ttxBTM5pgIzdL0N1kSQfUg.gif) Musn’t be afraid to dream a little bigger, darling…. Challenging problems require novel solutions + 挑战性问题需要新颖的解决方案 ### EIP-191 and Our Solution + EIP-191和我们的解决方案 The answer is yes, and it involves an interesting contract standard you might have heard of called [EIP-191: Signed Data Standard](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-191.md). This is a standard that separates the signing of transactions from the sending, allowing for some novel ways to interact with the Ethereum blockchain. This standard allows a contract to accept presigned data by the different keys associated with it and it is the central technology that underpins our upcoming cryptoasset custody application. + 答案是肯定的,它涉及一个你可能听说过的有趣的合同标准,称为EIP-191:签名数据标准。这是一种将交易签名与发送分开的标准,允许一些新颖的方式与以太坊区块链进行交互。该标准允许合同通过与其相关联的不同密钥接受预先签署的数据,并且它是支持我们即将推出的加密密码保管应用程序的核心技术。 We are building a desktop wallet application which uses a unique protocol that requires messages to be signed by multiple private keys. This protocol pieces messages together using an enhanced version of EIP-191. Additionally, we enact transactions through a custom smart contract assigned to each user which understands this protocol. The user’s assets are maintained within this contract and can only be accessed by the requisite private keys assigned to it. + 我们正在构建一个桌面钱包应用程序,它使用一种独特的协议,要求消息由多个私钥签名。该协议使用增强版EIP-191将消息组合在一起。此外,我们通过分配给了解此协议的每个用户的自定义智能合约来制定交易。用户的资产在此合同中维护,只能通过分配给它的必要私钥访问。 Unlike other multisigs though, this contract/account is only managed by one person! This is because we want to keep this level of security, but also give our users options for how they secure their keys, while never taking complete control of it ourselves. 与其他multisigs不同,此合约/账户仅由一个人管理!这是因为我们希望保持这种安全级别,同时也为我们的用户提供了如何保护密钥的选项,同时也从不完全控制它。 These private keys can be maintained in a variety of configurations which run the spectrum from decentralization to centralization, depending on the level of responsibility the user is comfortable with: + 这些私钥可以维护在各种配置中,这些配置运行从分散到集中的范围,具体取决于用户感到满意的责任级别: 1. **Total Control:** The user maintains complete control of all private keys: These keys are encrypted and stored locally on the users device. The password that the user enters to sign into the application is used to decrypt the user profile that is stored locally. + 1. 总控制:用户保持对所有私钥的完全控制:这些密钥被加密并本地存储在用户设备上。用户输入以登录应用程序的密码用于解密本地存储的用户配置文件。 2. **Partial Control with 2FA:** The user maintains primary private keys and the applicatin maintains supporting private keys utilizing our 2-Factor Authentication. The 2-Factor Authentication code is what authorizes the second key to sign a transaction. + 2. 使用2FA进行部分控制:用户维护主私钥,应用程序使用我们的双因素身份验证维护支持私钥。双因素身份验证代码授权第二个签名交易的密钥。 3. **Partial Control with Third-Party**: The user maintains the primary private key and stores a secondary key with a trusted third-party which automatically authorizes transactions. + 3. 使用第三方进行部分控制:用户维护主私钥并将辅助密钥与受信任的第三方存储,后者自动授权事务。 **With all of these solutions, the keys are always encrypted, stored locally, and handled by the application, removing the need for users to worry about handling their keys at all.** + 通过所有这些解决方案,密钥始终被加密,本地存储并由应用程序处理,从而使用户无需担心处理其密钥。 A unique feature of our contracts is that all message signing takes place off -chain, with the final message being forwarded to the contract afterward. This gives us the flexibility for users to maintain private keys themselves in several locations distributing signing mechanisms throughout an intranet of personal contacts, for instance, enhancing ownership and security. -我们的合同的一个独特之处在于,所有消息签名都是在链外进行的,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置维护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 - -![](https://cdn-images-1.medium.com/freeze/max/60/1*r96qkipf_j6cu7OG47P4hw.png?q=20) +我们的合同的一个独特之处在于,所有消息签名都是在链外进行的,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置维护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 -![](https://cdn-images-1.medium.com/max/1600/1*r96qkipf_j6cu7OG47P4hw.png) ![](https://cdn-images-1.medium.com/max/1600/1*r96qkipf_j6cu7OG47P4hw.png) Users sign transactions with their multiple keys, which are then forwarded through their account’s smart contract and posted to the blockchain + 用户使用多个密钥签署交易,然后通过其帐户的智能合约转发并发布到区块链 **How does this solve the problems of the other solutions?** + 这如何解决其他解决方案的问题? As you can see, the flexibility of control this setup offers to users is unparalleled by current offerings. Our solution uses this technology to provide users with an even more secure and user friendly wallet experience. + 正如您所看到的,此设置为用户提供的控制灵活性是当前产品所无法比拟的。我们的解决方案使用此技术为用户提供更安全和用户友好的钱包体验。 Since we separates transaction signing and spending, users do not have to worry about specifying and paying for transaction fees within the system, thus alleviating a technical hurdle that many wallet users are very confused about in other solutions. The application actively monitors, manages, and pays for transactions fees under the hood in order for transactions to be sent and processed in a timely manner. + 由于我们将交易签名和支出分开,用户不必担心在系统内指定和支付交易费用,从而减轻了许多钱包用户在其他解决方案中非常困惑的技术障碍。该应用程序主动监控,管理和支付交易费用,以便及时发送和处理交易。 Additionally, Because of the power of multisig wallets, there’s no problem if one of the private keys is lost or exposed. Using the other keys, the compromised key can be recovered or changed to protect against user error and unexpected deaths. + 此外,由于multisig钱包的强大功能,如果其中一个私钥丢失或暴露,则没有问题。使用其他密钥,可以恢复或更改受损密钥,以防止用户错误和意外死亡。 And lastly, this multisig wallet setup is a very low-complexity smart contract, meaning that the attack surface is very small with almost no room for possible vulnerabilities. + 最后,这个multisig钱包设置是一个非常低复杂度的智能合约,这意味着攻击面非常小,几乎没有可能存在漏洞的空间。 ### The path forward + 前进的道路 As opportunities in blockchain and cryptoassets have grown significantly, more and more people and businesses are entering the space. There is a real threat of technical inexperience resulting in lost funds, and the average user cannot be trusted to manage their own private keys. Modular is working diligently to give businesses and users the management tools to solve these and other challenges. + 随着区块链和密码集中的机会显着增加,越来越多的人和企业进入这个领域。存在技术缺乏经验的真正威胁导致资金损失,并且普通用户无法信任管理他们自己的私钥。 Modular正在努力为企业和用户提供管理工具来解决这些和其他挑战。 If Matthew Mellon and more users had a sophisticated tool like what is described here, maybe we wouldn’t have already lost so much money! + 如果Matthew Mellon和更多用户拥有像这里描述的那样复杂的工具,也许我们不会已经损失了这么多钱! This was just a small taste of the security and functionality features that we will offer. Stay tuned and subscribe for more updates and product announcements from Modular. We’ll be detailing more features we offer in upcoming posts in the Modular publication, so make sure to follow in order to receive updates! + 这只是我们将提供的安全性和功能性的一小部分。请继续关注并订阅Modular的更多更新和产品公告。我们将详细介绍我们在Modular出版物即将发布的帖子中提供的更多功能,因此请务必关注以接收更新! From f55c24d610f900687f7d016b51ec14dccad31024 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Wed, 15 Aug 2018 16:48:32 +0800 Subject: [PATCH 04/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...-single-private-key-to-secure-your-assets.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 4f1a605..9a8e9b8 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -5,6 +5,7 @@ tags: _Reasons why it is unreasonable to expect yourself and everyone else in the world to only have one fragile layer of security for their assets_ +为什么数字资产只有一层脆弱的安全保障是不合理的 @@ -16,13 +17,13 @@ _Reasons why it is unreasonable to expect yourself and everyone else in the worl Matthew Mellon \[1\] was a guy who had high hopes for the cryptocurrency Ripple (XRP). He saw Ripple as a great step forward for the future of American banking. Matthew was one of the first investors in Ripple, and would buy more over the years as the popularity (and price) grew. -Matthew Mellon [1]是一个对瑞波币Ripple(XRP)寄予厚望的人。他认为瑞波币是美国银行业未来的一大进步。Matthew是瑞波币的首批投资者之一,随着人气(和价格)的增长,多年来他不断增持更多的XRP。 +Matthew Mellon [1]是一个对瑞波币Ripple(XRP)寄予厚望的人。他认为瑞波币是美国银行业未来的一大进步。Matthew是瑞波币的首批投资者之一,随着人气(和价格)的增长,多年来他不断增持XRP。 As Matthew acquired more XRP, he separated his holdings into a few different accounts. > Matthew Mellon held almost all of his fortune in Ripple in cold wallets all around the country, with no one else knowing the codes to the wallets. A cold wallet is a vault that is not connected to the internet for safety measures, to avoid hacks or breaches. -随着Matthew拥有更多的XRP资产,他将所有的XRP分成几个不同的账户的冷钱包里,并把他们分散存放在在不同地方的保险库内,并且没有人知道他冷钱包的密码。冷钱包是一种未连接到互联网的,以避免黑客攻击或破坏的安全保险库。 +随着Matthew拥有更多的XRP资产,他将所有的XRP分别保存在几个不同的账户冷钱包里,并把他们分散存放在在不同地方的保险库内,并且没有人知道他冷钱包的密码。冷钱包是一种未连接到互联网的物理设备,以避免黑客通过网络攻击或破坏。 Matthew is a smart guy! He is a millionaire who made sure he knew how to manage his crypto holdings himself, keeping his access codes in his head to stay safe from pesky hackers stealing them from a bank. @@ -42,7 +43,7 @@ huh? himself? Oh yeah. I forgot to mention that Matthew Melon died of a heart attack on April 16th. And when he died, his $500 million in XRP essentially died with him. The XRP is still there! But unfortunately, anyone who wants to access it will need those access codes that are only stored in electrical signals in Matthew’s brain, which disappeared in April. -对了。我忘了说Matthew 在4月16日死于心脏病。当他去世时,他5亿美元的XRP基本上和他一起死了。 虽然XRP还在那里,但不幸的是,任何想要访问它的人都需要那些仅存储在Matthew大脑中的访问代码,这些代码在4月份消失了。 +对了。我忘了说Matthew 在4月16日死于心脏病。当他去世时,他5亿美元的XRP基本上和他一起死了。 虽然XRP还在那里,但不幸的是,任何想要访问它的人都需要那些仅存在Matthew大脑中的访问密码,这些密码在4月份消失了。 While Matthew’s story might be the first instance of an extremely rich family losing all their cryptocurrency because of a death, it is by no means the first time anyone has been burned from relying on a single private authorization key to secure an account on a blockchain. Unsurprisingly, this is one of the biggest causes of lost or stolen cryptocurrency. @@ -58,19 +59,19 @@ This is unacceptable! How could all of this value have been lost? Lets look at s **Lost private keys:** Someone stores their private key either in their brain, on a piece of paper, locally on their computer, or in a hardware wallet. Through one reason or another, it is forgotten, deleted, or lost and nobody can ever access the funds ever again. -私钥的丢失:有人将他们的私钥存储在他们的大脑,纸上,本地计算机或硬件钱包中。由于这样或那样的原因,它被遗忘,删除或丢失,那就没有人能再获得资金。 +私钥的丢失:有人将他们的私钥存储在他们的大脑,纸上,本地计算机或硬件钱包中。由于这样或那样的原因,它被遗忘,删除或丢失,那就没有人能再获得资产。 **Phishing attacks:** A very bad person gains the trust of the owner of the private key and somehow convinces them to reveal the key. The very bad person then uses the key to steal all of the victim’s assets secured by that key. -钓鱼网络的攻击:一个非常糟糕的人获得私钥所有者的信任,并以某种方式说服他们泄露密钥。然后,非常坏的人使用密钥窃取该密钥保护的所有受害者资产。 +网络钓鱼的攻击:坏人通过欺骗获得信任,并以某种方式骗取他们的密钥。然后,坏人使用密钥窃取该密钥保护的资产。 **Deaths:** Like Matthew’s case above, the only person who knows the keys dies and the knowledge, and therefore access, to the cryptoassets is lost forever. -拥有者死亡:就像上面的Matthew案例一样,唯一知道密钥的人死了,因此访问加密资产的密钥也永远地丢失。 +拥有者死亡:就像上面的Matthew案例一样,唯一知道密钥的人死了,因此访问加密资产的密钥也永远地丢失了。 **Private key hacks:** An unsuspecting victim stores their private key insecurely on one of their devices and a clever hacker finds a way in and steals the key. With this key, the hacker can access the victim’s account and steal all their cryptoassets. -私钥攻击:一个不知情的受害者将他们的私钥不安全地存储在他们的一个设备上,一个聪明的黑客找到了一个方法并窃取了密钥。使用此密钥,黑客可以访问受害者的帐户并窃取他们所有的密码集。 +私钥攻击:一个不知情的受害者将他们的私钥不安全地存储在他们的一个设备上,一个聪明的黑客找到了一个方法并窃取了密钥。使用此密钥,黑客可以访问受害者的帐户并窃取他们所有的数字资产。 ![](https://cdn-images-1.medium.com/max/1600/1*tOESAZSkdh01dgSKSs6flQ.gif) @@ -79,7 +80,7 @@ There is definitely a pattern here! ### The single-key problem -单键问题 +单一密钥的问题 All of these issues happen because of some unfortunate or irresponsible circumstance that takes advantage of the fact that there is only one layer of security protecting a user’s assets, and there are no take-backs in this world. From 67caebe1d473871dfb857c51d583efded2166068 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Thu, 16 Aug 2018 05:36:46 +0800 Subject: [PATCH 05/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...-single-private-key-to-secure-your-assets.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 9a8e9b8..9b14ea6 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -84,11 +84,11 @@ There is definitely a pattern here! All of these issues happen because of some unfortunate or irresponsible circumstance that takes advantage of the fact that there is only one layer of security protecting a user’s assets, and there are no take-backs in this world. -所有这些问题的发生都是因为不负责任地只用一层安全措施保护自已的资产,而且这个世界上没有任何其他措施挽回。 +所有这些问题的发生都是因为不负责任地只用一层安全措施保护自已的资产,而且暂时没有任何其他措施可以挽回。 Now, some of you might be reading this thinking, “Hrmph! I am incorruptible, invincible, and unable to ever make a mistake!” -现在,你们中的一些人可能正在想着,“Hrmph!我无敌,无畏,我不会犯错!” +现在,你们中的一些人可能正在想着,“Hrmph!我无敌,我无畏,我不会犯错!” Let me be clear, there are plenty of people in the world who are perfectly capable of controlling their own private key and managing it completely on their own, be that with a hardware wallet, cold wallet, or some other solution. And in a perfect world, we all would be able to do that and nobody would try to steal from anyone! @@ -96,26 +96,27 @@ Let me be clear, there are plenty of people in the world who are perfectly capab Unfortunately, we live in a world where the vast majority of the population has more important things to worry about than using a bunch of extra brain power and work to secure their keys. -不幸的是,我们生活在这样一个世界,我们绝大多数人都有更重要的事情需要担心,而不是使用一堆额外的脑力并努力保护他们的私钥。 +不幸的是,我们生活的世界里,绝大多数人都有更重要的事情需要担心,而不是使用一堆额外的脑力努力保护他们的密钥。 You might be the kind of person who wants complete control, and that is completely fair, but I think we can all agree that most humans (including myself) can be irresponsible, forgetful, or simply too busy to be bestowed with this kind of responsibility. -你可能是那种想要完全控制的人,这是完全公平的,但我认为我们都同意大多数人(包括我自己)可能是不负责任的,健忘的,或者只是太忙而无法承担这种责任。 +你可能是那种想要完全控制的人,这是完全公平的,但我认为我们都同意大多数人(包括我自己)这是不负责任的,健忘的,或者只是太忙而无法承担这种责任。 #### It is obvious that it is unreasonable to expect everyone to have one authorization key and be able to keep it safe and secure themselves. -很明显,期望每个人都拥有一个授权密钥并且能够保证自己的安全是不合理的。 -然而,这产生了一个问题。以太坊基于仅与一个密钥相关联的帐户,因此添加额外的安全复杂性层可能存在风险和挑战。 +很明显,每个人只有一个授权密钥并且能够保证能保存好是不合理的。 This indroduces an issue though. Ethereum is based around accounts being associated with just one key, so adding additional layers of security complexity could be risky and challenging. +然而,这产生了一个问题。基于以太坊仅有一个密钥的帐户体系下,要添加额外的安全复杂性层可能存在风险和挑战。 + ### How are existing solutions solving this issue? 现有解决方案如何解决此问题? There are a few offerings out there that acknowledge this issue and look to provide solutions that are safer and easier than a single key solution. Unfortunately, they mostly aren’t good enough to satisfy all the security requirements that users need while also providing complete and a good user experience. -有一些产品可以解决这个问题,并提供比单一密钥解决方案更安全,更方便的解决方案。不幸的是,它们大多不足以满足用户需要的所有安全要求,同时还提供完整和良好的用户体验。 +有一些产品可以解决这个问题,并提供比单一密钥解决方案更安全,更方便的解决方案。不幸的是,它们大多数不足以满足用户需要的所有安全要求,同时还提供完整和良好的用户体验。 **Solution #1: Centralized storage** @@ -123,7 +124,7 @@ There are a few offerings out there that acknowledge this issue and look to prov **Company controls your crypto account on your behalf, similar to a traditional bank.** You sign into a centrally managed system with a traditional password and tell the company to sign transactions for you. -公司代表您控制您的加密帐户,类似于传统银行。您使用传统密码登录集中管理的系统,并允许公司为您签署交易。 +公司代表您控制您的加密帐户,类似于传统银行。您使用密码登录并集中管理,系统并允许公司为您签署交易。 **Pros:** From c1e62aabc0f339e0dda6a5da92205c45af92e3e6 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Mon, 20 Aug 2018 10:13:42 +0800 Subject: [PATCH 06/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...a-single-private-key-to-secure-your-assets.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 9b14ea6..4056220 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -145,7 +145,7 @@ There are a few offerings out there that acknowledge this issue and look to prov 挑战: -* 需要信任第三方。如果他们无法访问您的帐户(私钥)或被黑客入侵,您就会丢失资产 +* 需要信任第三方。如果他们丢失你的私钥或被黑客入侵,您的资产也会丢失 * 仅限于没有管理功能 - 仅仅持有它们之外的资产很难使用 **Solution #2: Multi-Sig Wallets Controlled by multiple people** @@ -154,7 +154,7 @@ There are a few offerings out there that acknowledge this issue and look to prov **You and other friends/colleagues each have Ethereum accounts controlled by one private key which are used as authorization signatures in a multisig wallet.** You each control your accounts single private key in the normal way, but don’t hold any funds besides what is needed to execute transactions. -您和其他朋友/同事各自拥有由一个私钥控制的以太坊帐户,这些私钥在multisig钱包中用作授权签名。每个人都以正常方式控制您的帐户单个私钥,但除了执行交易所需的资金之外,不要持有任何资金。 +您和您的其他朋友/同事各自拥有由一个私钥控制的以太坊帐户,这些私钥在multisig钱包中用作授权签名。每个人都以正常方式控制您的帐户单个私钥,但除了执行交易所需的资金之外,不要持有任何资金。 **Pros:** @@ -198,18 +198,18 @@ EIP-191和我们的解决方案 The answer is yes, and it involves an interesting contract standard you might have heard of called [EIP-191: Signed Data Standard](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-191.md). This is a standard that separates the signing of transactions from the sending, allowing for some novel ways to interact with the Ethereum blockchain. This standard allows a contract to accept presigned data by the different keys associated with it and it is the central technology that underpins our upcoming cryptoasset custody application. -答案是肯定的,它涉及一个你可能听说过的有趣的合同标准,称为EIP-191:签名数据标准。这是一种将交易签名与发送分开的标准,允许一些新颖的方式与以太坊区块链进行交互。该标准允许合同通过与其相关联的不同密钥接受预先签署的数据,并且它是支持我们即将推出的加密密码保管应用程序的核心技术。 +你可能听说过EIP-191:签名数据标准。这是一种将交易签名与发送分开的标准,允许一些新颖的方式与以太坊区块链进行交互。该标准允许合同通过与其相关联的不同密钥接受预先签署的数据,并且它是支持我们即将推出的加密密码保管应用程序的核心技术。 We are building a desktop wallet application which uses a unique protocol that requires messages to be signed by multiple private keys. This protocol pieces messages together using an enhanced version of EIP-191. Additionally, we enact transactions through a custom smart contract assigned to each user which understands this protocol. The user’s assets are maintained within this contract and can only be accessed by the requisite private keys assigned to it. -我们正在构建一个桌面钱包应用程序,它使用一种独特的协议,要求消息由多个私钥签名。该协议使用增强版EIP-191将消息组合在一起。此外,我们通过分配给了解此协议的每个用户的自定义智能合约来制定交易。用户的资产在此合同中维护,只能通过分配给它的必要私钥访问。 +我们正在构建一个桌面钱包应用程序,它使用这种独特的协议,要求消息由多个私钥签名。该协议使用增强版EIP-191将消息组合在一起。此外,我们通过分配给了解此协议的每个用户的自定义智能合约来制定交易。用户的资产在此合同中维护,只能通过分配给它的必要私钥访问。 Unlike other multisigs though, this contract/account is only managed by one person! This is because we want to keep this level of security, but also give our users options for how they secure their keys, while never taking complete control of it ourselves. 与其他multisigs不同,此合约/账户仅由一个人管理!这是因为我们希望保持这种安全级别,同时也为我们的用户提供了如何保护密钥的选项,同时也从不完全控制它。 These private keys can be maintained in a variety of configurations which run the spectrum from decentralization to centralization, depending on the level of responsibility the user is comfortable with: -这些私钥可以维护在各种配置中,这些配置运行从分散到集中的范围,具体取决于用户感到满意的责任级别: +这些私钥可以维护各种配置,这些配置运行从分散到集中的范围,具体取决于用户感到满意的责任级别: 1. **Total Control:** The user maintains complete control of all private keys: These keys are encrypted and stored locally on the users device. The password that the user enters to sign into the application is used to decrypt the user profile that is stored locally. @@ -217,11 +217,11 @@ These private keys can be maintained in a variety of configurations which run th 2. **Partial Control with 2FA:** The user maintains primary private keys and the applicatin maintains supporting private keys utilizing our 2-Factor Authentication. The 2-Factor Authentication code is what authorizes the second key to sign a transaction. -2. 使用2FA进行部分控制:用户维护主私钥,应用程序使用我们的双因素身份验证维护支持私钥。双因素身份验证代码授权第二个签名交易的密钥。 +2. 使用2FA进行部分控制:用户维护主私钥,应用程序使用我们的2FA身份验证维护支持私钥。2FA身份验证代码授权第二个签名交易的密钥。 3. **Partial Control with Third-Party**: The user maintains the primary private key and stores a secondary key with a trusted third-party which automatically authorizes transactions. -3. 使用第三方进行部分控制:用户维护主私钥并将辅助密钥与受信任的第三方存储,后者自动授权事务。 +3. 第三方进行部分控制:用户维护主私钥并将辅助密钥受以信任的第三方存储,后者自动授权事务。 **With all of these solutions, the keys are always encrypted, stored locally, and handled by the application, removing the need for users to worry about handling their keys at all.** @@ -229,7 +229,7 @@ These private keys can be maintained in a variety of configurations which run th A unique feature of our contracts is that all message signing takes place off -chain, with the final message being forwarded to the contract afterward. This gives us the flexibility for users to maintain private keys themselves in several locations distributing signing mechanisms throughout an intranet of personal contacts, for instance, enhancing ownership and security. -我们的合同的一个独特之处在于,所有消息签名都是在链外进行的,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置维护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 +我们的合同的一个独特之处在于,所有消息签名都是在链外进行的,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置保护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 ![](https://cdn-images-1.medium.com/max/1600/1*r96qkipf_j6cu7OG47P4hw.png) From 3e39c604256962016aac45e1d7199caee6818160 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Mon, 20 Aug 2018 14:01:02 +0800 Subject: [PATCH 07/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...ingle-private-key-to-secure-your-assets.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 4056220..4a9b015 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -135,7 +135,7 @@ There are a few offerings out there that acknowledge this issue and look to prov 优点: * 可以简单地被动地持有金融资产 -* 正确完成后可以安全(但很少) +* 当正确处理时是安全的(但有要求) * 简化部分区块链技术方面要求 **Challenges:** @@ -164,7 +164,7 @@ There are a few offerings out there that acknowledge this issue and look to prov 优点: -* 只需要签名的一部分,以防止死亡或丢失签名。 +* 只需要签名的一部分,以防止死亡或签名丢失。 * 控制权在于所有者而非第三方。 * 可以更改丢失或被盗的钥匙以防止被盗 @@ -177,12 +177,12 @@ There are a few offerings out there that acknowledge this issue and look to prov 挑战: * 实现此目标所需的智能合约可能很复杂,这可能会引入可能导致漏洞的复杂性和意外行为。 -* 当需要多个人执行交易时,很难与分散的应用程序交互。 +* 当需要多个人执行交易时,很难与分布式的应用程序交互。 * 用户体验仍然不是最理想的,需要技术知识来处理 As you can see, the existing solutions can work in certain situations, but all have drawbacks. Is there a way we can have all the pros of these solutions, but none of the cons? -如您所见,现有解决方案可以在某些情况下工作,但都有缺点。有没有办法我们可以拥有这些解决方案的所有优点,但没有一个缺点? +如您所见,现有解决方案可以在某些情况下工作,但都有缺点,并不那么完美。有没有一种方案有他们所有的优点,但没有缺点? ![](https://cdn-images-1.medium.com/max/1600/1*ttxBTM5pgIzdL0N1kSQfUg.gif) @@ -229,26 +229,26 @@ These private keys can be maintained in a variety of configurations which run th A unique feature of our contracts is that all message signing takes place off -chain, with the final message being forwarded to the contract afterward. This gives us the flexibility for users to maintain private keys themselves in several locations distributing signing mechanisms throughout an intranet of personal contacts, for instance, enhancing ownership and security. -我们的合同的一个独特之处在于,所有消息签名都是在链外进行的,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置保护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 +我们的合同的一个独特之处在于,所有消息签名都是在链外进行,最后的消息会在之后转发给合同。这为用户提供了灵活性,使用户可以在几个位置保护私钥,在整个个人联系人的内联网中分发签名机制,例如,增强所有权和安全性。 ![](https://cdn-images-1.medium.com/max/1600/1*r96qkipf_j6cu7OG47P4hw.png) Users sign transactions with their multiple keys, which are then forwarded through their account’s smart contract and posted to the blockchain -用户使用多个密钥签署交易,然后通过其帐户的智能合约转发并发布到区块链 +用户用多密钥签署交易,然后通过其帐户的智能合约并发布到区块链上 **How does this solve the problems of the other solutions?** -这如何解决其他解决方案的问题? +这是如何解决其他解决方案中出现的问题呢? As you can see, the flexibility of control this setup offers to users is unparalleled by current offerings. Our solution uses this technology to provide users with an even more secure and user friendly wallet experience. -正如您所看到的,此设置为用户提供的控制灵活性是当前产品所无法比拟的。我们的解决方案使用此技术为用户提供更安全和用户友好的钱包体验。 +正如您所看到的,为用户提供的灵活设置是当前产品所无法比拟的。我们的解决方案为用户提供更安全和友好的钱包体验。 Since we separates transaction signing and spending, users do not have to worry about specifying and paying for transaction fees within the system, thus alleviating a technical hurdle that many wallet users are very confused about in other solutions. The application actively monitors, manages, and pays for transactions fees under the hood in order for transactions to be sent and processed in a timely manner. -由于我们将交易签名和支出分开,用户不必担心在系统内指定和支付交易费用,从而减轻了许多钱包用户在其他解决方案中非常困惑的技术障碍。该应用程序主动监控,管理和支付交易费用,以便及时发送和处理交易。 +由于我们将交易签名和发送分开,所以不必担心系统内的交易费用,并且减轻了在其他解决方案中困惑用户的技术障碍。该应用程序监控,管理和支付交易费用,以便及时发送和处理交易。 Additionally, Because of the power of multisig wallets, there’s no problem if one of the private keys is lost or exposed. Using the other keys, the compromised key can be recovered or changed to protect against user error and unexpected deaths. @@ -256,7 +256,7 @@ Additionally, Because of the power of multisig wallets, there’s no problem if And lastly, this multisig wallet setup is a very low-complexity smart contract, meaning that the attack surface is very small with almost no room for possible vulnerabilities. -最后,这个multisig钱包设置是一个非常低复杂度的智能合约,这意味着攻击面非常小,几乎没有可能存在漏洞的空间。 +最后,这个multisig钱包设置是一个非常低复杂度的智能合约,这意味着攻击面非常小,几乎没有可能存在漏洞。 ### The path forward @@ -264,11 +264,11 @@ And lastly, this multisig wallet setup is a very low-complexity smart contract, As opportunities in blockchain and cryptoassets have grown significantly, more and more people and businesses are entering the space. There is a real threat of technical inexperience resulting in lost funds, and the average user cannot be trusted to manage their own private keys. Modular is working diligently to give businesses and users the management tools to solve these and other challenges. -随着区块链和密码集中的机会显着增加,越来越多的人和企业进入这个领域。存在技术缺乏经验的真正威胁导致资金损失,并且普通用户无法信任管理他们自己的私钥。 Modular正在努力为企业和用户提供管理工具来解决这些和其他挑战。 +随着区块链和数字资产的机会显着增加,越来越多的人和企业进入这个领域。缺乏技术经验导致资金损失,并且普通用户无法信任第三方管理他们自己的私钥。 Modular正在努力为企业和用户提供管理工具来解决这些问题和挑战。 If Matthew Mellon and more users had a sophisticated tool like what is described here, maybe we wouldn’t have already lost so much money! -如果Matthew Mellon和更多用户拥有像这里描述的那样复杂的工具,也许我们不会已经损失了这么多钱! +如果Matthew Mellon和其他用户拥有像这里描述的那样私密管理工具,也许就不会损失了这么多钱了! This was just a small taste of the security and functionality features that we will offer. Stay tuned and subscribe for more updates and product announcements from Modular. We’ll be detailing more features we offer in upcoming posts in the Modular publication, so make sure to follow in order to receive updates! From 7e19e78bc2a6d76889798f101ad76e2cc31f64e9 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Mon, 20 Aug 2018 14:02:37 +0800 Subject: [PATCH 08/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...-shouldnt-use-a-single-private-key-to-secure-your-assets.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 4a9b015..b034279 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -5,8 +5,7 @@ tags: _Reasons why it is unreasonable to expect yourself and everyone else in the world to only have one fragile layer of security for their assets_ -为什么数字资产只有一层脆弱的安全保障是不合理的 - +为什么只用一个私钥管理数字资产中不合理的? ![](https://cdn-images-1.medium.com/max/1600/1*W65-DR2esMrCvm0Ig8pMpg.jpeg) From 131bc4ef98870f14ea0ade5c28d48192966fccf0 Mon Sep 17 00:00:00 2001 From: Anthony H Date: Mon, 20 Aug 2018 14:03:00 +0800 Subject: [PATCH 09/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...y-shouldnt-use-a-single-private-key-to-secure-your-assets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index b034279..4e56e5d 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -5,7 +5,7 @@ tags: _Reasons why it is unreasonable to expect yourself and everyone else in the world to only have one fragile layer of security for their assets_ -为什么只用一个私钥管理数字资产中不合理的? +为什么只用一个私钥管理数字资产是不合理的? ![](https://cdn-images-1.medium.com/max/1600/1*W65-DR2esMrCvm0Ig8pMpg.jpeg) From 104d20b30544dea5f213bc2dfc12aa34531ce47f Mon Sep 17 00:00:00 2001 From: Anthony H Date: Mon, 20 Aug 2018 14:10:23 +0800 Subject: [PATCH 10/10] Update why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md --- ...e-a-single-private-key-to-secure-your-assets.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md index 4e56e5d..2a7ca7e 100644 --- a/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md +++ b/source/_drafts/why-you-probably-shouldnt-use-a-single-private-key-to-secure-your-assets.md @@ -16,7 +16,7 @@ _Reasons why it is unreasonable to expect yourself and everyone else in the worl Matthew Mellon \[1\] was a guy who had high hopes for the cryptocurrency Ripple (XRP). He saw Ripple as a great step forward for the future of American banking. Matthew was one of the first investors in Ripple, and would buy more over the years as the popularity (and price) grew. -Matthew Mellon [1]是一个对瑞波币Ripple(XRP)寄予厚望的人。他认为瑞波币是美国银行业未来的一大进步。Matthew是瑞波币的首批投资者之一,随着人气(和价格)的增长,多年来他不断增持XRP。 +Matthew Mellon [1]是一个对瑞波币Ripple(XRP)寄予厚望的人。他认为瑞波币是美国银行业未来的一大进步。Matthew是瑞波币的首批投资者之一,随着XRP人气(和价格)的增长,多年来他不断增持。 As Matthew acquired more XRP, he separated his holdings into a few different accounts. @@ -30,7 +30,7 @@ Matthew是个聪明的百万富翁,他知道如何管理自己的加密资产 His XRP will never get taken by anyone! Even himself! -他的XRP永远不会被任何人取走!连他自己! +他不让任何人取走他的的XRP!连他自己也不能! … @@ -79,11 +79,11 @@ There is definitely a pattern here! ### The single-key problem -单一密钥的问题 +单一私钥的问题 All of these issues happen because of some unfortunate or irresponsible circumstance that takes advantage of the fact that there is only one layer of security protecting a user’s assets, and there are no take-backs in this world. -所有这些问题的发生都是因为不负责任地只用一层安全措施保护自已的资产,而且暂时没有任何其他措施可以挽回。 +所有这些问题的发生都是因为不负责任地只用一个私密保护自已的资产,而且这了这个暂时没有任何其他措施可以挽回。 Now, some of you might be reading this thinking, “Hrmph! I am incorruptible, invincible, and unable to ever make a mistake!” @@ -99,15 +99,15 @@ Unfortunately, we live in a world where the vast majority of the population has You might be the kind of person who wants complete control, and that is completely fair, but I think we can all agree that most humans (including myself) can be irresponsible, forgetful, or simply too busy to be bestowed with this kind of responsibility. -你可能是那种想要完全控制的人,这是完全公平的,但我认为我们都同意大多数人(包括我自己)这是不负责任的,健忘的,或者只是太忙而无法承担这种责任。 +你可能是那种想要完全控制的人,但我认为我们都同意大多数人(包括我自己)这是不负责任的,健忘的,或者只是太忙而无法承担这种责任。 #### It is obvious that it is unreasonable to expect everyone to have one authorization key and be able to keep it safe and secure themselves. -很明显,每个人只有一个授权密钥并且能够保证能保存好是不合理的。 +很明显,每个人只有一个私钥并且能够保证能保存好是不合理的。 This indroduces an issue though. Ethereum is based around accounts being associated with just one key, so adding additional layers of security complexity could be risky and challenging. -然而,这产生了一个问题。基于以太坊仅有一个密钥的帐户体系下,要添加额外的安全复杂性层可能存在风险和挑战。 +然而,这产生了一个问题。基于以太坊仅有一个密钥的帐户体系下,要添加额外的安全功能可能存在风险和挑战。 ### How are existing solutions solving this issue?