關於 trust wallet 安全 ，我們在網路上蒐集到這些相關的討論、資訊與評價

【#EAT】#OKRA創新休閒居酒屋成香港唯一接受加密貨幣的餐廳

為慶祝春季來臨，展現破格精神的親民日式居酒屋Okra Hong Kong現接受顧客以加密貨幣付款，希望以最創新的電子付款方式為客人帶來更安全便利的付款選項。
 
隨著全球最大加密貨幣交易平台Coinbase Commerce最近於美國納斯達克市場上市，Okra主廚Max Levy亦對高評級和高流通量的加密貨幣充滿信心，相信香港餐飲業將會相繼採用。
 
Okra透過加密貨幣付款處理器Trust Wallet提供的安全加密貨幣結算服務，現在接受客人以比特幣（BTC）、以太幣（ETH）、幣安幣（BNB）、幣安幣美元（BUSD）和瑞波幣（XRP）支付等值的港元款項。
 
Max Levy一向也是餐廳行業的先驅，在他的帶領下，Okra Hong Kong成為美國境外首間加入Tock平台的餐廳，而他亦要求顧客就廚師發辦料理預先付款，塑造了不設訂座和大型群組支付按金政策的文化，這兩項舉措也有助保障餐廳免受臨時取消和客人缺席引致的損失。如今，Max Levy仍然是行業的先鋒，繼續推動科技革新，證明客人與餐廳東主也能受惠於更靈活合理、安全而便利的付款方案。
 
為了推動香港的科技轉型，顧客凡於Okra以加密貨幣結帳，將可享有全單九五折優
惠，所節省的5%正是商戶使用信用卡付款時需要支付的標準收費。餐牌內的所有價錢將會以港元列示，而付款前餐廳將會向顧客提供匯率資料。
 
隨著電子付款方式興起，餐廳東主兼大廚Max Levy表示：「我們一直致力利用社交媒體以外的嶄新科技，為客人塑造更稱心滿意的優質體驗。電子貨幣和區塊鏈科技不斷發展，不但有助業界節省銀行和信用卡處理公司收取的高昂交易費用，於不久將來也能讓客人享有更佳的支付模式。」Okra以新穎的加密貨幣付款方案在香港開創先河，但美國等科技領先國家早於2010年已奠下電子付款的基礎，現在加密貨幣於這些國家已獲廣泛接納為重要而安全的付款方式，讓顧客能安全地支付交易款項，無需支付第三方或額外交易費用。
 
▫️OKRA香港
地址：西環西營盤皇后大道西110號地舖地下
網站：http://okra.kitchen

@okrahongkong
———

╭─────────────╮
【#香港媽咪 #HongKongMami】
╞ FB : Hong Kong Mami
╞ IG : @hongkongmami
╰─────────────╯

Breaking‼️

美東時間1月5日傍晚，川普以國家安全為由，用行政命令方式禁止阿里支付寶、微信支付、QQ錢包在內的8款中國應用程式（App)。

行政命令發佈後45天，禁止任何人與實體與這8款中國應用程式（App）進行交易。

按照日程，美國下任政府將在15天後，1月20日上任。

—

美國商務部長在同一時間發聲明表示，已指示商務部按行政命令執行禁令，「支持川普總統保護美國人民隱私與安全，免於受到中國共產黨的威脅。」

—

▫️8款App:

支付寶（Alipay）、掃描全能王(CamScanner)、QQ錢包（QQ Wallet）、茄子快傳（SHAREit）、騰訊QQ（Tencent QQ）、阿里巴巴旗下海外短視頻應用VMate、微信支付（WeChat Pay）和辦公型App WPS Office。

圖三：美國商務部聲明

圖四：美國國安顧問聲明
—

▫️白宮行政命令全文：

The White House
Office of the Press Secretary
FOR IMMEDIATE RELEASE
January 5, 2021
EXECUTIVE ORDER



- - - - - - -



ADDRESSING THE THREAT POSED BY APPLICATIONS AND OTHER SOFTWARE DEVELOPED OR CONTROLLED BY CHINESE COMPANIES



By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code,

I, DONALD J. TRUMP, President of the United States of America, find that additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services supply chain declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain). Specifically, the pace and pervasiveness of the spread in the United States of certain connected mobile and desktop applications and other software developed or controlled by persons in the People's Republic of China, to include Hong Kong and Macau (China), continue to threaten the national security, foreign policy, and economy of the United States. At this time, action must be taken to address the threat posed by these Chinese connected software applications.

By accessing personal electronic devices such as smartphones, tablets, and computers, Chinese connected software applications can access and capture vast swaths of information from users, including sensitive personally identifiable information and private information. This data collection threatens to provide the Government of the People's Republic of China (PRC) and the Chinese Communist Party (CCP) with access to Americans' personal and proprietary information -- which would permit China to track the locations of Federal employees and contractors, and build dossiers of personal information.

The continuing activity of the PRC and the CCP to steal or otherwise obtain United States persons' data makes clear that there is an intent to use bulk data collection to advance China's economic and national security agenda. For example, the 2014 cyber intrusions of the Office of Personnel Management of security clearance records of more than 21 million people were orchestrated by Chinese agents. In 2015, a Chinese hacking group breached the United States health insurance company Anthem, affecting more than 78 million Americans. And the Department of Justice indicted members of the Chinese military for the 2017 Equifax cyber intrusion that compromised the personal information of almost half of all Americans.

In light of these risks, many executive departments and agencies (agencies) have prohibited the use of Chinese connected software applications and other dangerous software on Federal Government computers and mobile phones. These prohibitions, however, are not enough given the nature of the threat from Chinese connected software applications. In fact, the Government of India has banned the use of more than 200 Chinese connected software applications throughout the country; in a statement, India's Ministry of Electronics and Information Technology asserted that the applications were "stealing and surreptitiously transmitting users' data in an unauthorized manner to servers which have locations outside India."

The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information, which would allow the PRC and CCP access to Americans' personal and proprietary information.

The United States must take aggressive action against those who develop or control Chinese connected software applications to protect our national security.

Accordingly, I hereby order:

Section 1. (a) The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with persons that develop or control the following Chinese connected software applications, or with their subsidiaries, as those transactions and persons are identified by the Secretary of Commerce (Secretary) under subsection (e) of this section: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office.

(b) The Secretary is directed to continue to evaluate Chinese connected software applications that may pose an unacceptable risk to the national security, foreign policy, or economy of the United States, and to take appropriate action in accordance with Executive Order 13873.

(c) Not later than 45 days after the date of this order, the Secretary, in consultation with the Attorney General and the Director of National Intelligence, shall provide a report to the Assistant to the President for National Security Affairs with recommendations to prevent the sale or transfer of United States user data to, or access of such data by, foreign adversaries, including through the establishment of regulations and policies to identify, control, and license the export of such data.

(d) The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licenses that may be issued pursuant to this order, and notwithstanding any contract entered into or any license or permit granted before the date of this order.

(e) Not earlier than 45 days after the date of this order, the Secretary shall identify the transactions and persons that develop or control the Chinese connected software applications subject to subsection (a) of this section.

Sec. 2. (a) Any transaction by a United States person or within the United States that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate the prohibition set forth in this order is prohibited.

(b) Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited.

Sec. 3. For the purposes of this order:

(a) the term "connected software application" means software, a software program, or group of software programs, designed to be used by an end user on an end-point computing device and designed to collect, process, or transmit data via the Internet as an integral part of its functionality.

(b) the term "entity" means a government or instrumentality of such government, partnership, association, trust, joint venture, corporation, group, subgroup, or other organization, including an international organization;

(c) the term "person" means an individual or entity;

(d) the term "personally identifiable information" (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual.

(e) the term "United States person" means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.

Sec. 4. (a) The Secretary, in consultation with the Secretary of the Treasury and the Attorney General, is hereby authorized to take such actions, including adopting rules and regulations, and to employ all powers granted to me by IEEPA, as may be necessary to implement this order. All agencies shall take all appropriate measures within their authority to implement this order.

(b) The heads of agencies shall provide, in their discretion and to the extent permitted by law, such resources, information, and assistance to the Department of Commerce as required to implement this order, including the assignment of staff to the Department of Commerce to perform the duties described in this order.

Sec. 5. Severability. If any provision of this order, or the application of any provision to any person or circumstance, is held to be invalid, the remainder of this order and the application of its other provisions to any other persons or circumstances shall not be affected thereby.

Sec. 6. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to an executive department, agency, or the head thereof; or

(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.



DONALD J. TRUMP



THE WHITE HOUSE,

January 5, 2021.

📜 [專欄新文章] A Secure State Channels Framework for Ethereum by Liam Horne 解析以太坊上的安全狀態通道
✍️ 田少谷 Shao
📥 歡迎投稿： https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium

Crosslink 第二天早上由 Liam Horne，狀態通道的主要開發團隊 L4 共同創辦人開場。本以為這場會提到筆者前一天晚上還看得霧煞煞的 Counterfactual ，沒想到這次的演講較為科普、以分享開發近況為主，也被以太坊基金會研究員 Chih-Cheng Liang 稱為最接地氣的一場！

何謂狀態通道？

比特幣的支付通道

若熟悉閃電網路，比特幣的支付通道是一個記錄支付行為的通道，只有開關通道時會接觸到區塊鏈。

假設A公司與B公司有頻繁的交易需求，兩方各自把 10 元放入支付通道中：

19:00 交易開始，兩方所擁有的錢: (10,10)

19:15 A->B 3元: (7,13)

20:10 B->A 7元: (14,6)

20:30 A->B 13元: (1,19)

21:45 B->A 4元: (5,15)

到了 21:45 時，交易結束，此時可以將交易結果 (5,15) 寫到區塊鏈上並分配結餘，而區塊鏈上有的紀錄就只有以下兩筆。

19:00 交易開始，兩方所擁有的錢: (10,10)

21:45 交易結束，兩方所擁有的錢: (5,15)

這代表著交易的結果能被記錄到區塊鏈上，卻大幅減少了要和區塊鏈互動的次數，不只可以降低交易雙方等待區塊鏈回應的次數與時間，也讓區塊鏈要處理的交易數量減少 。

以上只是提供一個很粗淺的例子，可以參考以下連結，精美圖示有助理解：

【動區專題】五分鐘看懂：圖說閃電網路 Ligntning Network

狀態通道 State Channel

由於狀態通道是在以太坊上，和比特幣的環境不同，所以實作方法不盡相同 (提示：UTXO)，但本質上是相同的概念：只要牽涉到「狀態轉換 state-altering」，我們就能開一個通道讓交易參與者在通道中任意次數改變「狀態的值」，而最終將結果寫回區塊鏈上就好。

這邊我引用 Pelith 創辦人 Ping Chen 對於狀態通道精闢的解釋：

狀態通道通常是有別種邏輯疊在上面的通道 — 陳品

也就是說，相對於支付通道的邏輯就只是參與者虛擬貨幣的數量，狀態通道通常指的是該應用場景有自身的邏輯/規則。

舉例來說，在一遊戲中，玩家所擁有的虛寶就可以被視為是許多種狀態：遊戲中金幣及等級的是數值、但同時也是狀態；而 (0,1) 可以用來代表道具的擁有狀態 (沒有，有)。

假設一玩家 A 在遊戲中的起始狀態為 (電卷, 金牌, 鞍切, 金幣, 經驗值) = (0, 0, 0, 300, 1)，隨著遊戲進行，虛寶/狀態的改變：

A 花費 100 金購買了金牌: (0, 1, 0, 200, 1)

A 首殺獲得 200 金、升兩等: (0, 1, 0, 400, 3)

A 花費 300 金用金牌合成了鞍切: (0, 0, 1, 100, 3) # 其實好像還要妖刀?xD

A 擊殺了 B 玩家，升一等: (0, 0, 1, 100, 4)

當玩家要登出、暫停遊戲時，最後的 (0, 0, 1, 100, 4) 就可以被更新到區塊鏈上，而下次登入時就會讀取這個區塊鏈上的狀態讓玩家繼續遊玩。

若了解了此例，就不難想像為什麼狀態通道被提出之時，遊戲以及虛擬貨幣的支付被視為最適合運用的兩個場景：給定參與者=玩家，在限定的場域中=遊戲，進行狀態的更新。

更多細節可以參考此一概念的提出人 Jeff Coleman 的解釋：點我

決策者 Mover

每一個狀態都有一位決策者，由通道中所有參與者輪流擔任。決策者透過對一狀態進行「簽署」來表達是否同意此狀態，也就是說狀態的正當性取決於當前的簽署是否來自正確的決策者。

狀態確認 Valid Transaction

狀態的先後順序是驗證狀態是否有效的方法。取決於應用的場景，有不同的實作方式。若簡單以一個計數器 counter 來實作，只要要求新狀態的計數值為舊狀態 +1，即可驗證。

state(N).counter + 1 == state(N+1).counter

關閉通道與終結性 Finality

當沒有更多交易或有參與者決定要結束交易時，只要全部參與者皆同意就可以關閉通道，ex: 給一 boolean 變數 isFinal，全部人都把自己的 isFinal 皆設為 true 就可以將通道關閉。

萬一有參與者半途消失了？Finality 終結性指的就是「每一個狀態都可以是最終的狀態」。假設部分參與者消失，只要有搭配的機制，例如：計時器，就一定會輪替到仍在線的人；即使參與者全部消失，當前的狀態因具備終結性，所以也能被提交為最終的狀態。

狀態通道實作的規劃與開發進程

Liam 將實作狀態通道的規劃劃分成上圖的六層：

Protocol & Contracts:

- State Progression Protocol

這邊就是上方的「決策者、狀態確認、關閉通道與終結性」。

除了以上所提及的內容，目前團隊也正在開發更方便的協議 Protocol Hardening：有別於交易的結束需要所有參與者的同意，目標是想做到「在特定時間內，任一參與者都能自行決定交易的推進或結束而不受其他參與者影響」。

- Channel Funding Protocol

此處是系統設計的另一個協議 Nitro Protocol，也就是如何開「子通道」，可以參考以下連結：

Nitro Protocol

Client & Hub:

- Client & Protocol Engine

這部分是講 Client 端彼此之間會傳送什麼訊息來進行溝通。

https://specs.counterfactual.com/en/latest/protocols/install-virtual-app.html#the-installvirtualappparams-type

- Client API & Wire Protocol

以下的 Github 專案就是將上方三部分的協議內容實作到網頁端：

counterfactual/monorepo

目前第一版的狀態通道已正在運行了，詳見下方額外學習資源的 Connext。Liam 列出了一些實作第二版時必須納入考量的點：

Robustly store states (i.e., guarantee no accidental money loss)

Automatic detection and responding to challenges

Ability to launch challenges directly with in-browser hooks

Go-to production quality hub software for apps and businesses to use

Browser Wallet UX:

- Wallet Integrations

這些是將狀態通道實作於現存的各種 Wallet 時，需要新增的內容：

https://github.com/counterfactual/monorepo/blob/d3b06b42710c0b7dd93839033cb43da9ac6e0a28/packages/types/src/node.ts

- Wallet UI

最後則是區塊鏈、也是所有新技術能否被廣泛使用的大哉問：該如何設計才能讓使用者有良好的體驗？

在此 Liam 提出實作 Wallet 時可以考慮的要點：

How should a user interact with a state channel?

What are the best patterns for acquiring user consent?

How much does the user have to trust the app?

To what extent can your channel wallet protect you?

What policies should a channel wallet be able to enforce?

額外學習資源

Liam 在本場演講及 Panel Discussion 中，都很鼓勵大家一起跳進來當開發者。他的大致建議如下：看懂相關文章、開發的要求 specs，就可以試著做做看。卡住的時候就到以下連結的討論區詢問他們，包含 Liam 在內的開發人員都會在上面回答問題：

State Channels - A community of state channels researchers from bitcoin, ethereum, and other blockchains

狀態通道的 Github：

State Channels

已成功實作第一版狀態通道的 Connext 專案：

Where will I be able to use v2.0 of Connext?

讓筆者看得霧煞煞的 Counterfactual ，可以進一步提升狀態通道的效率：

Counterfactual: Generalized State Channels on Ethereum

結語

本次演講實為筆者綜觀 Liam 在 Youtube 上的影片後，他對狀態通道最簡單、親民的一次演講，主要著重於介紹開發的進程、應注意的要點，也提供了初探此議題的新手很多學習資源、推坑大家加入開發的建議！

其實陳昶吾博士也曾於 Taipei Ethereum Meetup 詳細介紹過此議題(閃電網路為主)，有興趣者可以看以下影片來得到更完整的認識：

最後，如果我的文章有幫助到你/妳，可以看看我的其他文章，歡迎大家一起交流 :)

田少谷 Shao - Medium

一如往常，感謝 Yahsin Huang 及 Chih-Cheng Liang 幫忙審稿，辛苦了！也特別感謝 Ping Chen 耐心回答素未蒙面的我的問題！！

A Secure State Channels Framework for Ethereum by Liam Horne 解析以太坊上的安全狀態通道 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.

👏 歡迎轉載分享鼓掌