1. 程式人生 > >Privacy and confidentiality with Hyperledger Fabric

Privacy and confidentiality with Hyperledger Fabric

Lately, news of significant data breaches suffered by industries of every stripe surfaces on a weekly basis. Both individuals and businesses have become aware of the critical need for preserving privacy of data. Privacy is the right to control the degree to which you will share your information with others, while confidentiality comprises a set of mechanisms that can be used to enforce privacy of information.

Blockchain technology has inspired novel techniques to help address privacy concerns in a decentralized setting. However, as different blockchain systems come with different privacy features and models, each use case will dictate what approach or blockchain technology is required each time.

Challenges of using blockchain for business

Public permissionless blockchains such as Bitcoin, were the first to face privacy challenges because transaction details are shared ubiquitously in the clear, and recorded on the public ledger. Given that identities in public permissionless blockchains are pseudonymous, having the transaction details shared ubiquitously might not seem a problem. Yet, for many types of transactions, regulatory requirements such as Anti-Money Laundering (AML) and Know Your Customer (KYC) require that identity be known.

However, when you combine known identities with transparent data, privacy is compromised.

Permissioned blockchains have emerged as an alternative to public permissionless ones to address the need to have known and identifiable participants while at the same time enabling privacy through a variety of confidentiality enforcing mechanisms.

Confidentiality Mechanisms in Hyperledger Fabric

Hyperledger Fabric is a permissioned blockchain with a membership infrastructure that enables participants of the network to not only strongly authenticate themselves in transactions, but also to prove authorization to perform a variety of system operations, e.g., reconfiguration. Starting from its permissioned nature, Hyperledger Fabric offers a variety of confidentiality mechanisms to accommodate varying degrees of managing privacy, depending on the use case.

Channels

Hyperledger Fabric implements a channel architecture that can be used in certain use cases to offer privacy. A channel can be thought of as a virtual overlay blockchain network, that sits on top of a physical blockchain network. Because channels employ their own transaction ordering mechanism, they provide scalability, allowing for effective ordering and sharing of huge amounts of data. Channels in Hyperledger Fabric are configured with access policies that govern access to the channel’s resources, i.e., chaincode, transactions, and ledger state, restricting access to information exclusively within the membership in the channel.

There are a variety of use cases for which channels work well. However, the Hyperledger Fabric community has not been idle, we have been delivering innovation at a furious pace to bring even greater control and flexibility to ensuring privacy of your enterprise blockchain solution that will be available in the coming quarterly releases.

Private transactions

Private transactions offer transaction privacy at a more fine-grained level than channels. With private transactions, the sensitive data (which we refer to as private data) is distributed peer-to-peer amongst parties relevant to the transaction, while only the hashes of that data are recorded on the shared/public ledger. The private data is stored in a database local to the authorized parties and maintained by the Fabric infrastructure. This database is updated alongside the public ledger as transactions containing references to private data are committed. The hashes on the public ledger serve as verifiable proof of the data.

This feature is especially useful in cases where, for regulatory or legal reasons, private data is not allowed to reside off the premise of the parties involved in the transaction. A representative example is from the healthcare sector where health information in certain ages should only be released for a specified amount of time, e.g., a patient’s prescription history be made available to specialist doctor for a period of time before a specific surgery occurs. Private transactions would ensure data confidentiality in only allowing the patient and the specialist to see the information for a specified amount of time while also recording the hash of the data as evidence that the transaction occurred.  Privacy is achieved in that there is control over who can access the actual sensitive data.

Zero-Knowledge Proof-based Technologies

Zero-Knowledge Proof (ZKP) primitives offer the ability for a party who possesses a secret (the prover) to prove to another party (the verifier) that its secret satisfies a certain set of properties (knowledge) without revealing the actual secret (zero-knowledge). There are two privacy aspects within Hyperledger Fabric that will be addressed using ZKPs.

Anonymous Client Authentication with Identity Mixer

Idemix will be available as a formally released feature in Hyperledger Fabric 1.2. It leverages ZKP to offer anonymous authentication for clients in their transactions. ZKP protocols take place between the Fabric client whose secret is its actual identity – and any attributes associated with it – and the rest of network entities, e.g., its peers. These entities wish to verify that the creator of a transaction is a member of a particular organization (a.k.a. membership proof), or that it is in possession of a specific set of attributes (a.k.a. selective disclosure of attributes). In both cases, the protocols guarantee that nothing is revealed about the client’s identity beyond whether the corresponding statement is true. As a basic example to demonstrate the power of ZKP, if you show your ID to the bouncer at a bar, you end up showing him your name, your address, and your age.  If you used ZKP, you would be able to transform your id in another form that would preserve the fact that it is a valid ID and the fact that you meet the bar’s age requirements, but while concealing your name, address and exact age.

ZK-AT (Zero Knowledge Asset Transfer)

First demonstrated at Consensus 2018, is a capability that we call ZKAT. This feature will be landing in the next release beyond Hyperledger Fabric 1.2. It will integrate ZKP to a wider range of applications targeting asset management. ZKAT allows transactors to issue assets and request transfer of their assets in a way such that they do not reveal anything to the public ledger for the assets being exchanged beyond the fact that the transfer complies with the asset management rules (i.e., each asset is transferred after its owner request, and there is no new value created through the transfer). ZKAT is built on top of anonymous authentication mechanisms offered by Identity Mixer.

As opposed to other privacy-preserving asset management systems for Blockchain, ZKAT is tailored to the needs of enterprise networks. In particular, auditability of the privacy-preserving transactions comes as a crucial feature differentiation from the other competing schemes in the market. Each user is assigned a specific auditor that is entitled unlimited access to all the transactions of that user. The auditors are passive, i.e., may come in afterwards and extract the confidential information of all transactions the audited user is involved in, but without being able to access the data for any other party.

Beyond the basic essence of zero knowledge proofs as defined above, the ZKAT demonstration also includes the secure auditing capability. Audit-enabled privacy is useful particularly in financial use cases.  Banks make money by lending at rates higher than the cost of money they acquired. As a result, if a bank were to use a blockchain network with this advanced ZKP capability applied, they would want to be able to exchange assets (money) and record the corresponding transactions in the shared ledger without revealing the fact that they are transacting, with whom they transact, or the amount of the assets they are exchanging in their transactions.

Failure to do so would clearly compromise their confidentiality regulations, and expose their business models. With zero-knowledge proof, transactions containing verifiable proof that the asset (money) is exchanged are available on the ledger, without revealing the lending rates or the quantity and parties a bank trades, allowing the bank at any particular point in time to understand the liquidity of what they have in cash. The additional advantage with Hyperledger Fabric is they can now be audited based on ZKAT.

Conclusion

As you can see, the Hyperledger Fabric community is working hard to deliver enterprise-grade technologies for blockchain use beyond the basic crypto-currency applications. If you are in NYC this week for Consensus 2018, please do stop by the IBM booth and check out these new innovations for Hyperledger Fabric! If you are interested in learning more about these technologies, please check out our longer article on IBM developerWorks. It goes into much greater detail.

相關推薦

Privacy and confidentiality with Hyperledger Fabric

Lately, news of significant data breaches suffered by industries of every stripe surfaces on a weekly basis. Both individuals and businesses have become

Ask HN: What is your experience with Hyperledger Fabric and Sawtooth

I'm currently trying out different enterprise distributed ledger frameworks. I have tried Corda and now, I have arrived to the point where I want to test H

Create a blockchain app for loyalty points with Hyperledger Fabric Ethereum Virtual Machine

Summary Hyperledger Fabric provides a blockchain network with a modular architecture and consensus protocols that do not require a na

Expert View: Reconciling Privacy and Internet Freedom with Blockchain

Reconciling Privacy and Internet Freedom with BlockchainThe past few months have seen a handful of data scandals emerge that have finally demonstrated to B

Create and deploy a blockchain network using Hyperledger Fabric SDK for Java

Summary In a blockchain solution, the network works as a back end with an application front end to communicate with the network using

圖書源代碼下載: Modern Differential Geometry of CURVES and SURFACES with Mathematica

light abs enter efi -c des pre diff -h http://alpha01.dm.unito.it/personalpages/abbena/gray/ Contents 1. Curves i

Hyperledger fabric 1.0Beta網絡組成及構建流程

負責 組成 proposal 安裝 style 客戶端 invoke install eat 一、fabric網絡結構(暫時不包括CA)   如上圖所示,在fabric網絡中,O表示Orderer,P代表Peer,EP代表Endorsing Peer(endors

HyperLedger Fabric 1.0的Transaction處理流程

toa 足夠 余額 無法 -1 ber pla client ack 如果把區塊鏈比作一個只能讀寫,不能刪改的分布式數據庫的話,那麽事務和查詢就是對這個數據庫進行的最重要的操作。以比特幣來說,我們通過錢包或者Blockchain.info進行區塊鏈的查詢操作,而轉賬行為就是

Hyperledger fabric網絡中transaction產生以及流轉過程

sta 並不會 font eid teset amp 包括 ntb 當前 一、發起transaction 當client想要發起一個transaction時,它會首先發送一個PROPOSE消息到它選擇的一組endorser節點,消息模式有以下兩種,節點可以自由選擇(可能有更

Hyperledger Fabric-CA學習

運行 -1 lba haproxy i2c media lsi 體系架構 mos p { margin-bottom: 0.25cm; line-height: 120% } a:link { } Hyperleder Fabric系統架構核心邏輯包括MemberShip、

Hyperledger Fabric 架構梳理

斷開 序列號 進行 結構 屬性 per leg perl 宋體 區塊鏈的數據結構 State數據結構 由peer維護,key/value store Ledger 記錄了所有成功和不成功的狀態更新交易。Ledger被ordering service構造,是一個全排序的交易

Hyperledger Fabric概述

私有化 hyper 生成 了解 思想 區塊 提交 管理 清晰 綜述 Hyperledger Fabric是一個模塊化的分布式賬本解決方案支撐平臺,提供高度的保密性、彈性、靈活性與可擴展性。它的目的是支持不同組件的可插入實現,並適應經濟系統中存在的復雜性。Hyperledge

如何創建一個Hyperledger Fabric channel

gets 樣例目錄 extract 包含 其他 putc yaml sign 進制 創建channel的步驟: 執行configtxgen tool來生成genesis block; 執行configtxgen tool來生成初始二進制配置定義; 通過以下兩種方式獲取si

Hyperledger Fabric密碼模塊系列之BCCSP(一)

服務 編碼轉換 簡單 fabric 實現 支持 模塊 store block Fabric作為IBM主導的區塊鏈平臺,可謂是聯盟鏈中的一枝獨秀,現如今已經有100多個大型國際銀行、金融以及科技公司的加盟。與其說Fabric是區塊鏈的一種平臺,倒不如說是一個區塊鏈框架更

Hyperledger Fabric 1.0 從零開始(二)——公網環境構建

1.3 項目 htm move 自己 lvm2 fast 情況 tor 1:環境構建 在本文中用到的宿主機環境是Centos ,版本為Centos.x86_647.2,通過Docker 容器來運行Fabric的節點,版本為v1.0。因此,啟動Fabric網絡中的節點需要先安

Hyperledger Fabric 1.0 從零開始(六)——創建Fabric多節點集群

_id 測試 es2017 xtra 去掉 compose 多個 服務 執行命令 4:創建Fabric多節點集群 4.1、配置說明 首先可以根據官方Fabric自帶的e2e_cli列子中的集群方案來生成我們自己的集群,與案例不同的是我們需要把容器都分配到不同的服務器上,彼此

搭建基於hyperledger fabric的聯盟社區(三) --生成公私鑰證書及配置文件

ger tput reat cts crypto github 最終 pda 成功 一.生成公私鑰和證書 Fabric中有兩種類型的公私鑰和證書,一種是給節點之前通訊安全而準備的TLS證書,另一種是用戶登錄和權限控制的用戶證書。這些證書本來應該是由CA來頒發,但是目前只有兩

搭建基於hyperledger fabric的聯盟社區(八) --Fabric證書解析

一個 憑證 密鑰 設計 根證書 私鑰 文件 ons crt 一.證書目錄解析 通過cryptogen生成所有證書文件後,以peerOrgannizations的第一個組織樹org1為例,每個目錄和對應文件的功能如下: ca: 存放組織的根證書和對應的私鑰文件,默認

Hyperledger Fabric Read-Write set semantics——讀寫集

例如 abr 排序 必須 示例 最低要求 包含 討論 size Read-Write set semantics(讀寫集) 本文討論了關於讀寫集當前實現的細節。 Transaction simulation and read-write set(事務模擬和讀寫集) 客戶

Hyperledger Fabric Chaincode是什麽,智能合約是什麽

eas https erl 應用 運行 支持 pos 編程語言 type 首先看下Blockchain結構,除了header指向下一個block的hash value外,block是由一組transaction構成, Transactions --> Blocks -