Bolaxy

Bolaxy Ecosystem consists of 3 main products: Bolaxy Chain, BoxVault and WalletMate.

Bolaxy: Public chain made for supply chain finance

BoxVault: Enterprise-grade & non-custodial institutional crypto wallet

WalletMate: Key storage hardware device used to record Mnemonic, Private Key, Key Store, and Google Authenticator

Bolaxy will be the first blockchain operating system that uses the DPoA (Decentralized Proof of Authority) consensus algorithm and the four-token economic model to achieve full ecological super-high concurrency, providing a series of modular API and SDK call interfaces to meet application requirements for enterprise-grade high-frequency and complex scenarios, and it will play an important role in supply chain finance, STO (Security Token
Offering), and information security. Bolaxy will also become an important foundation for the ecological development of BOX, creating the necessary conditions for the rapid expansion.

Bolaxy chain is a hybrid consensus public blockchain with on-chain governance

In our mind, the Universe is vast and mysterious, and the Galaxy we are in is only a drop in the ocean. The connection between the stars gives the world imagination and breeds infinite possibilities. Bolaxy adopts parent-child architecture, and both parent (main chain) and child chains are decentralized P2P networks. Each node in the network belongs to the parent chain, and nodes are interconnected to form a backbone network with all the data shared. Nodes canalso form child chains. As shown in the following figure, the solid circles represent the nodes of the Bolaxy public chain which are interconnected with each other. The closed loop formed by the solid black lines between the nodes represents a child chain. A child chain cannot
exist as an independent network and must run through the infrastructure of the parent chain.

There are two prerequisites for forming a child chain:

1. Child chain must have at least one node of its own.
2. Child chain must connect to the parent chain.

Bolaxy and the Universe have some similarities. The Bolaxy nodes are interconnected to form a "Universe", which has led to numerous "Interstellar Unions" with high autonomy. Each Union has an independent environment and they are also part of the Universe. In order to depict more of the Bolaxy public chain structure, we build the Bolaxy public chain concept based upon the parent-child architecture.

Definitions

Planet: Non-mining node server in the Bolaxy public chain
Star: Mining node server in the Bolaxy public chain
Union: Bolaxy child chain
Citizen: Bolaxy public chain light wallet mobile client
Ecosystem: Bolaxy public chain, applications, infrastructure and participants

BoxVault

BoxVault is a fully open sourced business wallet, which acts as a token management system for the enterprise. It is specifically designed to integrate the process of enterprise business and the automation of event processing so that the management of the certificate is more in line with the traditional business habits of the enterprise.

Instead of fancy technology, BoxVault only employs axiomatic technology within blockchain and cryptology. It’s applicable for all public chains that support elliptic curve cryptography and offline signatures, which means one-stop solution (one private key) for almost all mainstream tokens.

When it comes to information transfer, BoxVault uses an original public key exchange process to ensure mutual information flow between employees; in point-to-point communication, the Diffie–Hellman key exchange security protocol is used to ensure communication security and ensuring forward communication security. Forward security protects past communications from the threat of passwords or keys being exposed in the future; Private Key needed for transfer is kept in memory and will not be exposed at any time; about the business logic process, the approval flow is constructed by the sequential private key signature. At the same time, BoxVault authorization service has security mechanisms such as intrusion lock and system reset to ensure the high security of enterprise crypto assets.


WalletMate

Before, cryptocurrency holders use paper, computer hard drives, mail, chat tools, cloud notes to store their private keys and mnemonics because non-professional tools are not safe enough.

More than 4 million Bitcoin have been lost since it appeared, accounting for 1/5 of the total number of Bitcoin. The main reason is that private keys are easily lost.


Conventional Recording Method

On-paper Recording: plain text recordings are easily leaked, materials are fragile.

E-mail: Content is easily leaked due to factors such as encrypted transmission protocol and firewalls.

Chat Tool & Cloud Note: centralized server, information security is not guaranteed.

Computer Hard Disk Recording: high frequency of use, and networking, easy to be forgotten or attacked by a virus.

WalletMate is key storage hardware using FPGA (Field-Programmable Gate Array) technology which fuses the logic part after the program is written into, to avoid hacking and increase high security.

What WalletMate can Store

Mnemonic
Private Key 
Key Store
Google Authenticator

Features

Anti-tampering: using write-once logic, information cannot be changed once written in, realize physical fusing by using OTP one-time programmable chip.

Double Encryption: check passwords independently to prevent plagiarism; backup content encryption, ciphertext storage. The logic cannot be tampered with.

Durable Components: industrial grade chips, the core memory chip temperature range is -40 to 100 ℃, sustainable work for 20 years at 85 ℃.

Code Open Source: does not collect any user backup information, open-sourced coding.

[Enterprise Token Safe Box is an enterprise-grade management system for crypto assets.]

Enterprise Token Safe Box is an enterprise-grade management system for crypto assets.

BOX offers a secure, convenient and streamlined crypto asset management system for institutional investment, audit risk control, crypto-exchanges and etc.

BOX has solid product which released/open sourced [April 2018], attended Def Con China as the only blockchain company [May 2018], was used as a case study in the 1st blockchain security technology book in China[June 2018]. Thus far, BOX team has already helped 10 institutional clients (token funds and exchanges) with deployment from July 2017, and there are around 40 queuing. Our headquarter is in Singapore while operation office in Shanghai because of the large market there.


BOX Content Creation Bounty Program

BOX team aims to build a community from day one, we’d like our members not only concern our tokens but also conduct research on our product, understand its value, and willing to spread the word about it. This content creation bounty program is for BOX team to reward the community members who help spread the words about BOX by creating quality content including articles and videos. Furthermore, it is also a start for BOX team to look for potential long term ambassadors all around the world.

Here is the basic rules for this content creation bounty program:

• All the posts and reposts should be in English only.
• Spamming is strictly prohibited. Any low-quality content will be denied. We are not looking for simple copy and pastes of the whitepaper/website, we want engaging content.
• If you have simply copy and pasted someone else's work, you will be denied. If somebody has stolen your work, please PM, and we will remove their stakes if we find this to be true.
• We reserve the right to slightly update the rules during the campaign.

1 Join BOX Community telegram group: https://t.me/safeboxla ,if you have any questions about the project, our admins are there;

2 Comment on this thread indicating as following words:

#Join
Content creation: article(or video)
Bitcointalk Username: boxfan  
Telegram @Username: @boxfan

3 Create a noteworthy article/video post on a platform such as: medium, steemit, youtube and etc. (Reviewer will judge if it's proper) You can also share it in other platforms such as twitter, facebook, reddit and etc to expand the outreach.
 
a) There must be at least 2 links to https://box.la and https://t.me/safeboxla.
b) Article at least 300 words; Video at least 1min long without synthesized voices

4 Fill out the simple Bounty form to inform the BOX team of your posting.

5 One of the BOX team members will check the quality and outreach of your posting.

6 If your post meets the requirements then you will be credited with the relevant amount of BOX.

Your reward will depend on the quality of your post, effort and your outreach: BOX price (0.3USD-1.45USD)

Poor 0 BOX
Pass 30 BOX
Good 60 BOX
Excellent 150 BOX

For outstanding one, could up to 500 BOX, these will only be allocated to content that has gone above and beyond what is required, achieving excellent reach and/or outstanding quality.

There are 3000 BOX in the bounty program pool, this program will end when it is all distributed. The token will be transferred to contributors after this program ends. You must follow all the steps above to receive the token. If you have any questions, ask @boxla_admin or @adelablue in telegram.



About BOX

Problems:

• Institutional investors rely on private wallet to manage crypto assets, which means who knows the private key, who controls all — CFO, Operator, Hacker
• Cold wallet is a high security choice for private key, but hard to use — Each transaction requires complicated operation
• Multi-signature tech helps a little about shared permission, but far from enough for institutional use
• No solution so far with formal approval flow or bookkeeping for institutional use

Solution:

• At least 3 shareholders generate a private key together and it will be encrypted and stored in the signature machine.
• Manager can define approval flow templates with hierarchical levels, which will be validated only if 3 shareholders confirm it. The template hash will be saved on the public chain.
• Employee can initiate a transfer request by selecting one of the validated approval flow templates, and collect approvals from approvers defined in it. The request will be then sent to the signature machine.
• The signature machine double checks with the template hash on the public chain. If it matches, it will make the transaction and record the details automatically.

Features:

• Automatic and secure transfer according to approval flow template with bookkeeping
• Self-managed cryptographic keys and shared permissions
• Multi-Layers of security for private key, transaction instruction and communication
• Compliance with multiple token standards, one private key controls multiple chains
• Free and Open Source

If you want to know more, check our website: https://box.la or ANN https://bitcointalk.org/index.php?topic=4581340.msg

[PRODUCT INFORMATION]

PRODUCT INFORMATION

Product name: Enterprise Token Safe BOX - Enterprise-grade management system for crypto assets
Description: BOX offers a secure, convenient and streamlined crypto asset management system for institutional investment, audit risk control, crypto-exchange platforms and etc.

Version: 1.0
Team:
•   Leon Shang → Founder & Chief Executive Officer (16+ years in Internet industry, former COO of Vechain, Senior Manager at eBay)
•   Alpha Qiu → Chief Technology Officer (Former Senior Manager & Expert for Alibaba, Amazon, Microsoft)
•   Aiden Deng → Serial entrepreneur, deeply involved in securities consulting, Internet, K12 education industry. Co-founded chainfunder.
•   Bryan Zhang → Chief Financial Officer (20+ years of Senior Management experiences in Finance, Tax Dept. for many MNCs, and entrepreneur)
Update and insights of BOX Vault can be found at www.box.la.

Links:
•   http://www.box.la
•   Telegram: https://t.me/safeboxla
•   Open Source Code: https://github.com/boxproject
•   Whitepaper: https://box.la/BOX_white_paper_en.pdf
•   Blog: https://medium.com/@boxla888
•   Linkedin: https://www.linkedin.com/company/boxblockchain/
•   Twitter: https://twitter.com/boxla888


Contact Us:
General Queries: contact@box.la

As of now, with this new account, we cannot display pictures here. Please check our website for more information.


BRIEF MARKET INTRODUCTION

Banking and financial organizations are paying more attention to cryptocurrency, in particular hedge funds. The financing scale of VC investing in digital assets has shoot up from USD 2 million in 2012 to USD 3.4 billion, representing an increase by 1672.5 times in 6 years. The accumulative financing scale of VC digital assets investment climbed from 3 in 2012 to 182 in 2018. Institutional investors and businesses are now entering a crypto market becoming mature because their interest in funds dealing with blockchain technology and cryptocurrencies has grown steadily in recent months.

As a result, it is expected that funding for cryptocurrency funds may grow by 1,500% by Q4 2018 as digital assets are now outperforming traditional financial assets and various banking and financial organizations invest massively in blockchain and altcoins projects. International payment systems providers are working on developing digital transactions. This will allow and push the world’s largest financial and banking organizations to invest big figures, further expanding the market for digital coins and impacting their value.


REGULATORY CONSTRAINTS

For years the digital assets market has go on unregulated, and recent actions that some government have taken to
Steps that some governments have taken to prevail the risks of the crypto-market seem to have increased the confidence of institutional investors. Institutional investors prefer investing in markets containing regulatory frameworks.
The U.S. Securities and Exchange Commission (SEC) have started implementing securities laws to regulate the crypto-market and protect customers. This has created an environment where this investor class can access to capital-intensive, long-term investment opportunities.


PROBLEMS FACED BY INSTITUTIONS

When it comes to safekeeping, the investor class is highly relying either on personal wallets or cold wallets, causing many unexpected problems. While Mobile wallets are more practical and easier to use than other crypto wallet types thanks to its features of accepting and sending payments on the fly, phones and laptops are insecure devices that can be stolen, maliciously compromised (malware, keyloggers, etc.) or rooted. When it comes to Cold wallets, they require more effort to move cryptocurrencies around, also more technical knowledge.

The security of such private wallets cannot be fully guaranteed against malicious issues. As for the compliance side, the use of personal wallets by organizations for managing digital currencies is not compatible with any local standardized financial management process, leading to confusions and mistakes with accounting documents filing.

For security reasons, organizations have preferred to gradually shift from hot wallets to cold wallets. Due to its trawl characteristics and problems explain above, its security level remains higher than software wallets. In order to ensure the absolute safety of the cold wallet, they are usually kept in banks’ safe, which causes great inconvenience for making multiple transfers daily. In addition, operating transfers with a cold wallet can be complicated for non-professionals, resulting in inefficient use of the cold wallet or worst, mistakes. If the cold wallet contains an embedded multi-signature technology providing co-management of the private key, it also has some defects because the main chain wallets do not support this technology.

Under the circumstances that institutions usually hold different cryptocurrencies, multi-signature poses some obstacles to manage the institutional digital assets. In addition, the introduction of multi-signature technologies in different main chains results in non-portability of digital asset management. More critical, there are loopholes in some of the main chains using multiple signatures, such as Ethereum's PARITY event. In conclusion, the market is in need for a comprehensive solution which protects efficiently the company’s digital assets.


SOLUTION

BOX offers a secure, convenient and streamlined crypto asset management system for institutional investment, audit risk control and crypto-exchange platforms. It achieves this by using cryptographically secure offline network including flow of approvals, private blockchain technology and communication security. BOX achieve integration of technologies and fundamentally solve the industry security issues such as the theft of private keys and the falsification of directives.


 
 
_____________

Owning the private key of an account gives full access to the fund. The dynamic password provides shared authority, a one-click activation and ensures the security of private keys. The BOX system uses a single private key to manage all cryptocurrencies. Theoretically, all public chains that support the ECDSA elliptic curve algorithm can be controlled with the private key. At this point, the BOX system is more convenient than multi-signature. Meanwhile, BOX uses a multi-person multi-password method to automatically generate a private key by using an algorithm in a signature machine, and then generate a public key from the private key. The partners who have the highest authority only have a part of the dynamic password which provides him with a shared governance on the private key.

In terms of storage, we put the private key in the memory of the signature machine, without any persistent storage, thus making it extremely difficult to be captured. We lock the private key in the memory to prevent bypass attacks. In the event of a power outage, the BOX’s signature machine will automatically shut down the memory and the private key will disappear.

Therefore, even if the signature machine is streaking, the chance of obtaining the private key from the BOX system is almost zero. The partner with the highest authority can instantly restore the original dynamic password by putting it in banks’ safe, in order to prevent a partner from accidentally failing to perform duties. Unlike cold wallets, there is no need to move this backup frequently. Only when a partner has an accident will he vote via the board to decide whether to enable password backup.

The custom approval flow template uses the features of the blockchain that cannot be tampered with to be stored in the private chain. The template of the approval flow is defined by the enterprise itself. The content mainly includes the hierarchy, the initiation (approval), the minimum number of employees at each level, and the employee's public key (address). As a result, the hash value of the custom template and the template on the private chain both ensure that the approval flow cannot be modified. The private key APP will confirm its validity. When an employee initiates an approval flow, if the employee's private key and the address corresponding to the private key are matched, the approval process is matched with the approval flow template stored on the private chain through the associated program on the private chain. If it is in full compliance with the approval flow template, and then through the proxy (private key app interface) flows to the signing machine, before the transfer of the private key in the signing machine, and the hash of the approval flow template stored in the public chain is matched twice (currently The secondary matching of the public chain only supports Ethereum). After ensuring that there is no mistake, the private key in the signature machine will be transferred for transfer. In addition, BOX provides a unified public account for each company, so that the company's assets can be managed under one account for effective management. All digital assets will be traded through the account, preventing the case that public and private accounts are not separated. The approval flow also provides the basis for the audit, the company's managers can also clearly understand the company's assets through these records, and conduct a corresponding analysis.

On the hardware side, deploying a BOX system requires at least 3(2n+1) cloud servers. Each cloud server acts as a node and builds a private chain. An Apple MACBOOK as a signing machine, because IOS is more secure than Windows. Several iPhones are needed to load the private key APP & employee APP.
One-stop integrated solution, BOX system will safeguard the security of investment firms, crypto-exchange platforms and other digital assets. At present, the most suitable companies for BOX investment firms interested in Blockchain, [Suspicious link removed]panies with audit risk control/compliance requirements, and trading platforms. Blockchain investment firms often transfer funds and receive payments frequently. It is inconvenient to use cold wallets. Personal wallets are not suitable for institutions.

The BOX code has been uploaded to GitHub, the largest technology open source community in the world, and it is necessary to build a healthier and safer industry environment together with the you. Any individual or enterprise can use and deploy the system free of charge. In order to stimulate the first contributors of the BOX 0.1.0 version, the BOX team launched the “BOX Super Partner” program. Up to now, more than 30 organizations have signed letters of intent with the BOX Foundation. In the future, the BOX team will focus on community building and system scalability, and work with many organizations to build a healthier and safer industry environment. BOX's open source code on github has multiple repositories providing a complete set of deployable solutions. Including agent - private key APP management server, box-Authorizer - private key APP client, boxguard - signature machine daemon, voucher - access layer, companion - private chain side companion program, box-Staff-Manager - employee APP client End, box-appServer - Employee APP Server.

Main functionalities
There are 5 main functionalites for this voucher progam:
1.   Communicate with proxy server on private chain
2.   Upload realtime status
3.   Receive request from private key app, complete offline signature and publish smart contract etc.
4.   Submitted data will only be confirmed when transctions or approval flows initialized from private blockchain, signed and verified using RSA.
5.   Monitor event log of Ethereum, confirm approval flows, topup and withdrawl and transfer result to proxy server.

How to use:
1.   Initialization. Use the following command for the first time run
make build
Otherwise, use this command
make rebuild
Note: build command will clear all data.
2.   Update parameters (address to associated program, port, public key and certificate) in config.json respectively.
3.   Update rpc api address to config.json
4.   Run program
Run command in cli：
➜ ./voucher


Legal Reminder
Exporting/importing and/or use of strong cryptography software, providing cryptography hooks, or even just communicating technical details about cryptography software is illegal in some parts of the world. If you import this software to your country, re-distribute it from there or even just email technical suggestions or provide source patches to the authors or other people you are strongly advised to pay close attention to any laws or regulations which apply to you. The authors of this software are not liable for any violations you make - it is your responsibility to be aware of and comply with any laws or regulations which apply to you.

We would like to hear critics and feedbacks from you as it will help us to improve this open source project.

Thank you for reading.

[BOX]

BOX

BOX (Enterprise Token Safe Box) is an enterprise-level digital assets safe application that uses the axiomatic techniques in blockchain, cryptography and communications security to protect the private keys and instructions. BOX in principle prevents the theft and tamper of private keys and instructions.

Official Website
http://www.box.la

Whitepaper: You can find the updated version on our official website.

Trading Platform: 已上架交易平台:www.hotbit.io

Social Media:
小管家官方QQ:1694348187
BOX官方微信公众号:SafeBox(box-la)
BOX官方微博:Box小管家
http://weibo.com/u/6443171368
Twitter:SafeBox.la（@SafeboxL）
https://twitter.com/SafeboxL
Facebook:BOX-Foundation
Beechat:BOX官方社区交流1群
Telegram: boxfoundation
Telegram (CN): Safeboxla
https://beechat.io/join?g=7a68910fa46b490b917a6c8f4a1874ae&lang=zh


i. Background

1. Digital Assets Rapid Growth
With the rapid growth of the digital asset market, more and more investment agencies, enterprises and start-up teams have entered this field, and the amount of various digital assets they hold is also rapidly increasing. However, the current digital asset management tools for enterprises are extremely limited. A large number of assets are kept in personal wallets, trading platforms or cold wallets, which is different from the traditional asset management processes. Enterprises have the concerns in terms of the digital assets management and investment as the matters such as the loss of private keys, the theft of trading platform wallets are disclosed by public media. These problems have restricted the investment and management of digital assets by enterprise users.

2. Shortage of Enterprise Digital Asset Mangement System
In the past few years, few teams have tried or are trying to use various technologies to enhance the security of their wallets, but for a variety of reasons, there has so far not been a generic, low cost and easy solution being deployed. Based on the belief and love of the blockchain, we created a high-security digital asset management system through a large number of theoretical discussions and scenario demonstrations for different application scenarios. BOX WAS BORN. In order to thank the communities who have same faith, we will make code open source immediately after its official release. Any organization or individual may deploy and use BOX NOT for commercial purposes.

3. Demand of Enterprise Digtial Assest Mangement
We learned the following requirements are urgently needed through many years of practical experience and a large number of visits:
a) One-stop management tools of digital assets;
b) The highest authority owned by multiple individuals or entities, making digital assets belong to the enterprise, rather than individuals;
c) Unified enterprise wallet address for public account;
d) Financial approval process and reduce the possibility of human error;
e) NO exposure of private key under any circumstances;
f) Unforgeable transaction instructions to steal assets;
g) Facilitate enterprises to record and audit digital assets;
h) Unaffected enterprise assets safety under any circumstances that the private key holder(s) will not or cannot exercise his or her authority.

ii. Design Philosophy
BOX is an independent digital assets bank system owned by the enterprise. BOX system unified manage all types of enterprises owned digital asset, by encrypting private key in memory in order to never being exposed; by recording and verifying instructions in enterprise owned private chain; by customized asset management business flow through orderly signature; by SSL/TLS to ensure absolute security of the communication.BOX in principle to prevent the ubiquitous wallet problems such as hacker, mole and misoperation. Meanwhile, BOX can ensure the high security of enterprise digital assets via intrusion lock, system reset and other mechanisms.

The number of private chain nodes is 2n + 1 (n≥1), the minimum number of private key APPs (PKApp) is 3, the specific number is customized independently by enterprise, the signature machine is an independent physical server. Access layer is cloud server and has no communication with the signature machine. Signature machine can only communicate with the private chain; and only the signature machine can issue the transaction instruction to public chain. The employee APP (EApp) initiates the transaction request and then management APP (MApp) to approval.
BOX system can access all digital assets that support offline signature. The first version will support Ethereum and ERC20 tokens. In future, more digital assets will be supported.

iii. Private Key Safe Protocol
1. Private Key Storage
The private key is stored in the memory of signature machine and will not be stored permanently. In extreme condition that signature machine is hacked, and it is almost impossible to crack the private key in short time, and then the risk of exposure will be reduced greatly.
The signature machine should be an independent server. It is recommended to store in a very high security facility, for example, a financial computer center or a high security computer room owned by enterprise. The signature machine needs 24 hours of uninterrupted power, internet access and a fixed IP address. The signature machine should not be easily accessed to anyone, including the enterprise IT officer.
The enterprise digital assets are actually stored on each public chain (referred to herein as a "hot wallet"). If the official digital wallet supports offline signatures, the private key can be stored in the signature machine memory and be used for the transactions confirmation without exposing private key.
2. Private Key Generation
In order to prevent the private key generation being cracked, BOX use the variant of RFC6979 protocol: k = SHA256 (d + SHA256 (m1) + SHA256 (m2) + SHA256 (m3) + ...), d is the server random number; m is key sentence inputted by PKApp. It is generated by inputting three (minimum number) key sentences (KS), which are strings of any combination of letters and numbers. After the three or more PKApps sequentially input the KSs, the generated private key is stored in the signature machine memory, and the public key address generated by the private key will be registered in the public chain. The PKApp does not store the KS, and BOX code is open to community.
All transaction processes of the PKApp require mutual authentication. PKApp numbers are fixed during first setup. Server only distributes certain number (N) certificates, and the certificate is bound to device ID, other connection requests will be rejected.
If the PKApp is lost, there is no security risk because the APP does not record any KS and passwords. The owner of the KS can reinstall the PKApp and retrieve the server certificate using the original KS. Then, the signature machine rebinds the device ID of the new PKApp.
3. Private Key Recovery
Once the signature machine power off, the private key will disappear immediately. Therefore, after the signature machine restarts, all PKApps are required to re-enter the correct KS. If the owner of a PKApp cannot enter the correct one, you need to enable the cold backup of KS. Since this process belongs to the enterprise management process, this document only provides the recommended solution of cold backup; refer to “Private Key Cold Backup” section.

iv. Private Chain
1. Private Chain Function and Advantage
Private chain in the BOX system is to record and verify the transaction flow. Transaction flow setup and transaction flow approval process are recorded on private chain, and it will be the reliable bases for the auto-transaction on public chain. BOX system (1.0) will build private chain based on Ethereum, the future plans are to support more chains.
The enterprise not only gets a set of systems of record and verification, but also independently controls all nodes via deploying private enterprise chain. Enterprise can control the maximum transactions number per block, the block time, and node numbers by defining the genesis block settings.
Gas consumption is negligible as it is on a private chain and gas consumption is transparent for access layer.
The private chain adopts the Proof of Authority (PoA) consensus mechanism to directly specify which private chain nodes have accounting rights and the other nodes will exist as backup nodes.
2. Companion Program
Companion program is same as Ethereum DAPP. Each private chain node is equipped with the same companion program that is used to handle traditional CS (client-server) application requests, process data to upload private chains, execute smart contracts, monitor smart contract events, send status notifications, coordinate interaction between access layer and signature machine.
Companion programs are parallel and communicate only with private chain nodes on the same server. There are no direct connections between companion programs. Each companion program links to one private chain account for smart contracts execution.
Companion programs coordinate the interaction between the access layer and signature machine. A transaction includes four steps: 1. Initiate the transaction request; 2. Approve the transaction request 3. Complete transaction on public chain; 4. Check the transaction status on chain. We divide these four processes into four sections, as shown in the following figure. Companion programs is in the private chain layer section, it is to record and verify transaction flow through private chain, and it returns the transaction flow results to signature machine. On chain transaction will be operated by the signature machine. Companion programs isolate the direct interaction between the transaction requester and the public account, and this process is automatically executed by the programs with the approved transaction flow.
3. Smart Contract Consensus Mechanism
Data is stored in a smart contract on private chain. Smart contracts use voting to confirm the data on a private chain. Each data must be confirmed with more than 50% nodes having same content.
Each node represents one account operating the same contract. The data on the private chain can be guaranteed to be valid unless more than 50% of the nodes are fully compromised.
The smart contract voting system needs to assign reasonable authority to the accounts. All private chain accounts are fixed after the private chain setup. When a new node is to be added, you must have all the private chain accounts to authorize the node, the system will automatically re-balance the 51% strategy without redeploying the new contract to adapt to the change.
The recorded data include approval process and transaction requests. As shown below: Prior to transaction, you need to set up an approval process which is to identify the departments and corresponding participants that need to be in for transaction request approval. The number of people needs to be confirmed. The transaction request needs to be approved by the highest level of enterprise management. Approved process is used to initiate the transaction.

v. Access Layer
Access layer using the separation of powers architecture.
The power of the entire system is dispersed in the Apps, access layer takes a variety of transactions coordination, but it does not have the right to execute and modify the transaction.
The separation of powers architecture depends on the ECDSA (Elliptic Curve Digital Signature Algorithm). ECC (Elliptic curve cryptography) uses the Bitcoin classic curve secp256K1.
The transaction process is as follows: signature is generated by the EApp & MApp; the transfer is coordinated in the access layer; and it is confirmed on the private chain. Finally, the signature machine issues the transaction on the public chain.
Access layer business includes: 1) transaction flow setup; 2) transaction flow approval
1. Transaction Flow Setup
Transaction flow is setup before executing the transaction. It is a multi-level approve model. The first level is the employee group; and there will be several approval levels with defined minimum approvals.
For example, the transaction flow is shown below:
When the enterprise finishes the transaction flow setup, a system-recognizable protocol format will be inputted via MApp. It is named boxflow in the BOX system.
Boxflow is unauthorized state. If authorization is needed, it is flowed into the access layer. The access layer checks the format, checksum, upload hash to the private chain. All nodes vote and record, then notify the signature machine. Signature machine authorized by PKApp upload hash to the public chain, the hash status is set into valid on private chain once the transaction is successful. Enterprise can make transactions via boxflow as it is authorized state now.
The boxflow modification needs the PKApps to cancel the current authorization and then re- establish.
2. Transaction Flow Approval
After the authorization of boxflow, employee accounts need to be created.
In the BOX system, employee accounts are assigned public and private keys by the employee management group. The EApp obtains the current authorized boxflow, the employee selects the employee group to apply the private key, and the employee management group derives the sub- private key and assigns to employee.
EApp can initiate a transaction request with private key, the application format is as follows: { balance: 100E18,
timestamp: 1512719484736,
destination: '0x6E9483f00cCd685c5F12709Fd542Da1FB20c4d2e', miner: E16,
currency: 'ETH',
applicant:
{ username: 'bluce'} }
Current request is unsigned, and the request needs to be hashed with SHA256 algorithm and signed, and the hash signature is put into the request with the following format:
{ balance: 100E18,
timestamp: 1512719484736,
destination: '0x6E9483f00cCd685c5F12709Fd542Da1FB20c4d2e', miner: E16,
currency: 'ETH',
applicant:
{ username: 'bluce',
sign: '474w3zgKRLwaddG6LadzKQ3ut1JyQUc4HpVLkydR6xdk2TwS7zEXKf4E5AyGHxQkfLYxJsccx hqdY5Qm5352P2H4' } }
The employee's request can only be approved by its corresponding employee management group account.
After approval by the employee management group, the request (including signature) will be hashed and signed. The request after the signature is handed over to the upper level management for approve, the upper level management signs the hash after verifying the lower level signature. Repeat the approval process until the final level.
The final approved transaction request is considered as a transaction, and it is named as transbox.
The transbox hash is the trade ID. After the access layer verifies transbox and matches the corresponding boxflow, then the trade ID (hashed) is recorded on the private chain for voting. Signature machine will be notified for transaction on public chain after successful voting.
After receiving transbox, the signature machine extracts the boxflow and verifies validity, and then verifies the transbox signature. Transaction on public chain is issued after transbox verification by signature machine. TxID is recorded in private chain and access layer can check the status anytime.
3. Multiple Boxflow
In the first version, BOX only supports a single boxflow. Multiple boxflow will be supported in future upgrades.

vi. Boxflow Safe Protocol
There are two important parts to secure auto-transaction. One is the security of the private key (refer to “Private Key Safe Protocol”) and the other one is the security of usage rights. This chapter will explain of boxflow.
1. Boxflow Validity
A valid boxflow needs to go through private chain record, PKApp authorization and public chain confirmation. The valid boxflow is confirmed by N enterprise approvers together and recorded in the private chain; the boxflow validity is tamper-proof.
2. Transbox Generation
The transaction request is initiated and signed by the EApp. After the employee management group and the approvers verify the correct signatures, the transbox is generated. As the public and private keys exist only on the Apps, transbox generation is tamper-proof.
3. Transbox Validity
Transbox validity includes two parts, one is the signature validity, and the other one is the boxflow validity. BOX uses a nested signature method, you only need to validate the signature in sequence, and you will know the signature validity. The transbox itself corresponds to one boxflow which needs to be verified. If both conditions are satisfied, it is proved that transbox was confirmed by boxflow and it’s tamper-proof.

vii. Communication Safe Protocol
1. Signature Machine and Private Chain Communication
Communication between signature machine and private chain use bi-direct gRPC + SSL/TLS authentication. gRPC is a high-performance RPC framework which is designed with the standard HTTP/2 protocol, developed with ProtoBuf (Protocol Buffers) serialized protocol. HTTP/2 protocol requires encrypted data transmission (SSL/TLS). BOX system will develop signature machines for all public chains. Security will be greatly ensured with the SSL / TLS mutual authentication. Man-in-the-middle attacks can be prevented as the connection request will be immediately denied once an abnormal connection appears.
2. Employee APP and Access Layer Communication
All Apps that communicate with the access layer use the HTTPS protocol. The private key for employee's signature is issued through the MApp.
Steps are as follows:
a) MApps generate employee private key and corresponding random number for encryption;
b) MApps encrypt employee's private key via symmetric-key algorithm;
c) MApps inform employee password offline;
d) Access layer cached the encrypted employee private key from management APP
e) EApp downloads the encrypted data from the access layer and decrypts it with the given password.
3. Access Layer and Private Chain Nodes Communication
Communication between access layer and private chain is internal communication via TCP / IP protocol connection. The data passed by the access layer to the private chain has been authorized by the signature and generates a message digest. The private chain only needs to use the signature verification program to verify the data. If the verification fails, the service is denied. The access layer sends a request to all private chain nodes, each private chain node corresponds to one account. Each account uploads the verified data to private chain, the data is successfully confirmed once more 50% accounts confirmed. Access layer provides voting to the access layer. The above process can be summarized into two formulas:
signature =sign(hash)
public key == recover(hash, signature)

viii. Private Key Cold Backup
Print and store in the bank safe!
We recommend that all key sentences be physically backed up to avoid unable to reset private key in any circumstances. For example, each private key APP holder prints the encrypted key sentences via an offline printer, then store printer/key sentences separately in two different banks safe. Key can be kept by enterprise lawer and only be used with the consent resolution of enterprise board.

ix. Road Map
 2017.10 Project planning;
 2018.01 Demo Version;
 2018.04 Version 1.0- open source;
 2018.05 DEFCON Hacking Conference
 2018.07 Version 2.0- open source;
 2019.01 Version 3.0- open source;[/li]
[li][/li]
[/list]