- The Beijing Certificate Authority has launched a new Blockchain Security Assessment Service to help audit Chinese blockchain companies’ software.
- Best practices and third-party security auditing have not caught up to the growth of China's blockchain sector.
- Auditing firms will likely be checking that encryption keys used in public applications are Chinese-made and have their keys registered with Beijing.
Certificate authorities, entities that issue digital certificates that verify public keys, play an essential part in securing e-commerce transactions. As blockchain technology becomes a bigger part of many enterprises’ software stack, the need to ensure that the underlying security of the code is robust becomes more pressing.
The firm’s recently launched Blockchain Security Assessment Service assesses three-parts of a blockchain-based platform or application: basic requirements, performance, and security.
It also benchmarks other key metrics such as the transaction throughput rate, while also auditing the nodes, ledgers, and encryption algorithms used.
Why does blockchain need security assessments?
With China's government throwing its weight behind blockchain, tens of thousands of blockchain companies have been registered in the country. But concerns remain over how many are legitimate enterprises, and whether some are simply attaching “blockchain” to their name as a form of SEO for investor interest.
Without a set of industry standards and some sort of third-party certification, it’s tough to differentiate between companies with actual merit, companies that have nothing to do with blockchain looking to capitalize on a trend, and companies with shoddy code that they are trying to pass off on unsuspecting firms.
Authorities are well aware of the problem: in February the People’s Central Bank of China, or PBoC, published a spec sheet titled Financial Distributed Ledger Technology Security Specification, on what it viewed as best practices for the sector. Earlier this month the PBoC followed up on this with an evaluation ruleset that the Beijing Certificate Authority contributed to.
Encryption and blockchain in China
Encryption plays a pivotal role in any blockchain platform, but it becomes contentious when operating in China. Per local regulations, any encryption technology used in public applications in China must be developed in China and registered with Beijing. Hyperledger, for instance, is reportedly working on a government-approved “refined” version of its fabric with a China-developed encryption protocol for use inside the country.
With that in mind, it’s likely that one of the priorities of the Beijing Certificate Authority’s assessment process will be ensuring that government-approved encryption keys are used—to ensure that there are no backdoors that can be exploited.
This story was produced in collaboration with our friends at Forkast, a content platform focused on emerging technology at the intersection of business, economy, and politics, from Asia to the world.