Dans le domaine de la sécurité informatique, une vulnérabilité est une faiblesse qui peut être exploitée par un acteur malveillant pour effectuer des actions non autorisées (modification du fonctionnement, manipulation de données, etc.) au sein d’un système informatique.
A l’aide de divers tests, des chercheurs en sécurité découvrent quotidiennement des vulnérabilités et la question se pose de la communication de ces découvertes. Il y a aujourd’hui débat au sein de la communauté sur la méthode de divulgation de vulnérabilités à employer.
Certains affirment qu’il est nécessaire de communiquer publiquement et immédiatement toutes les informations à propos d’une vulnérabilité dès qu’elle a été découverte (divulgation complète). D’autres affirment qu’il est préférable de limiter en premier lieu la communication uniquement à l’entreprise du système informatique ciblé, voire utilisateurs qui en ont un besoin important (divulgation responsable). …
Until now, making use of personal data could not be done without either revealing a part of this information or compromising its trustworthiness.
We present here a new solution able to build a trust system which keeps sensitive data undisclosed. This new method opens countless perspectives for business use cases, of which we are going to introduce an example.
With the help of this example followed by a technical explanation, we introduce the concept of Zero-Knowledge Decentralized Identity.
Alice drives her car everyday to commute to work. …
Since 2015 and the day the Ethereum mainnet went live, the world has enjoyed the first smart contract platform and witnessed the rise of decentralized applications. Since that day, the world has also been waiting for scalability on this platform, unsatisfied with the limit of 25 transactions per second the network can support. While Ethereum 2.0 plans to overcome this cutoff through sharding in the years to come, other initiatives like Cosmos or Zilliqa may also reach this goal and receive the attention they deserve.
Since May 1st, 2019, another project is live that meets some of these objectives but receives far less coverage : ThunderCore. That is the blockchain that we, at Blockchain Partner, chose to deploy our new product on. Tim, our corporate solution aiming to help business transformation through the exchange of tokens, could only be brought to life with the support of a blockchain which would fulfill a few requirements. …
Reputation systems are nothing new, particularly on the Internet. Whether they are used to run online markets or fight misinformation and fake news, current algorithms mostly rely on third parties and have proven to reach the limits of such highly centralized models prone to manipulation, opacity and, in a way, inefficiency. Truly decentralized technologies could help tackle these flaws  and at the same time strengthen their own models, reaching neglected populations or supporting the rise of decentralized finance for instance .
In order to be accepted and adopted, new systems of this kind must check some prerequisites :
In just a few months, a significant number of smart contract wallet projects arose and proved to some extent their superiority over traditional key management solutions (most notorious initiatives include Dapper, Gnosis Safe, Argent and Authereum).
As expected, they indeed often bring together the best of two worlds :
But this fusion of designs came at the price of a few concessions :
Experimentation is the key to mastering a new framework and actively participating in its construction. Like so many enthusiasts around the world, at Blockchain Partner we constantly strive to innovate through a series of products, proof of concepts and open source projects. The present one tries to tackle privacy issues in new decentralized identity schemes.
With the advent of blockchains, decentralized identities have taken on a new dimension. Bitcoin addresses represent digital identities supporting transfer of value on the decentralized ledger. On Ethereum, many projects intend to build platforms dedicated to the management of these new items. …
Bug-free programming is a difficult task and a fundamental challenge for critical systems. To this end, formal methods provide techniques to develop programs and certify their correctness.
Formal verification is a laborious work. It is highly demanding, requires significant brainpower, assumes substantial investments, and yet it has become a mandatory standard in many fields of the software industry.
But with adoption comes a double-edged sword : more value, be it financial or not, becomes directly at stake than with any other network before. …
In our wonderful Blockchain Partner office, we have a great sound system that can stream music around the entire place (there are three floors). Sadly, some of us still can’t understand why listening to Maitre Gims or One Direction at a very high volume is great. Quickly, it became unbearable for some. Chaos was upon us: we had to find a way to let people choose music “democratically”.
Because cryptocurrency use is sadly still not that user-friendly, some of Blockchain Partner shamelessly didn’t know very well how to use Ether or ERC 20 tokens. Wallets, MetaMask, Ethereum are not easy concepts to master even for those who work around blockchain subjects everyday. We thought choosing music that was played in our office was a good way to teach everyone how to use a wallet and a dApp. We could have designed a very functional centralized system but we thought it was an interesting use case to make people at Blockchain Partner use cryptocurrencies and Ethereum. …