Japanese Fujitsu tests cloud-based blockchain service

Japanese Fujitsu in partnership with other companies tests blockchain  platform for p2p-payments
13 October 2017   1143

Japanese Fujitsu teams up with Mizuho, Sumitomo Mitsui and Mitsubishi UFJ Financial (MUFG- Japan’s largest bank) in order to conduct a joint field trial of a person-to-person money transfer service powered by blockchain technology. The trial will begin in January 2018 and last for about three months.

Money transfer service by Fujitsu
Image credit: Fujitsu

Thus, Fujitsu is to develop a "cloud-based blockchain platform for money transfers between individuals that can be jointly used by these three major banks, as well as a smartphone application that allows users to easily handle the different steps for sending money and for making deposits and withdrawals".

The company and the three major banks will verify that this system can seamlessly link a money transfer account for individuals set up on this platform with the user's actual bank account. The field trial will additionally confirm whether the new platform can accurately and securely handle a series of processes, including transferring value between money transfer accounts for individuals, as well as clearing and settlement.

Through this field trial, Fujitsu will work to develop a service platform that is highly convenient for users in an increasingly monetarily diverse, cashless society.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   212

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.