Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Research Zurich
32 likes9,576 views
This document summarizes the architecture of the Hyperledger blockchain fabric framework. It describes how Hyperledger fabric implements a permissioned blockchain using Byzantine Fault Tolerant (BFT) consensus. Key aspects covered include the use of smart contracts, separation of transaction endorsement from ordering, and how privacy and confidentiality are achieved through techniques like pseudonymous transactions and encrypted state. The document also discusses ongoing work to further improve scalability and flexibility of the Hyperledger fabric design.
![4
Blockchain state machine
§ Append-only log
– Every operation o appends a "block" of valid transactions (tx) to the log
§ Log content is verifiable from the most recent element
§ Log entries form a hash chain
ht ← Hash( [tx1, tx2, ... ] || ht-1 || t) .
o
s s'](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-4-320.jpg)
![12
Consortium consensus = permissioned
§ Central entity controls group membership
– Dynamic membership changes in protocol
– Membership may be decided inline, by protocol itself
§ Features
– BFT and consensus are very-well understood problems
● Clear assumptions and top-down design
● 700 protocols and counting [AGK+15]
● Textbooks [CGR11]
● Open-source implementations (BFT-SMaRT)
– Many systems already provide crash tolerant consensus (Chubby, Zookeeper, etcd ...)
– Requires Ω(n2) communication (OK for 10-100 nodes, not > 1000s)
§ Revival of research in BFT protocols
– Focus on scalability and communication efficiency](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-12-320.jpg)
![13
Consortium consensus – under development
§ Hyperledger fabric (originated from IBM's contribution to Hyperledger)
– Includes PBFT protocol [CL02]
§ Tendermint and others
§ HoneyBadgerBFT [MXC+16]
– Revisits practical randomized BFT [CKPS01], including amoritzation
§ Many existing BFT libraries predate blockchain
– BFT-SMaRT, Univ. Lisbon (github.com/bft-smart/library)
– Prime, Johns Hopkins Univ. (www.dsn.jhu.edu/byzrep/prime.html)](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-13-320.jpg)
![14
More variations of consensus
§ Bitcoin-NG [EGS+16]
– Bitcoin PoW elects a leader, it is responsible for ordering the next K tx
§ Proof-of-stake (explored by Ethereum)
– Voting power relative to asset holdings (through cryptocurrency held by blockchain)
§ Hybrid PoW (PeerCensus [DSW16])
– PoW protocol to elect nodes in one consensus group
– Group runs ordinary BFT consensus
§ Hierarchical & partitioned, randomized [LNB+15]
– Random sub-groups, nodes and tx assigned randomly to sub-groups
– Each sub-group runs ordinary BFT consensus](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-14-320.jpg)
![22
Hyperledger fabric details / 2
§ Consensus in BFT model
– Modular architecture supports other consensus protocols
– Currently, PBFT [CL02]
– Non-determinism addressed by Sieve protocol [CSV16]
– Static membership in consensus group
§ Hash chain computed over state and transactions](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-22-320.jpg)
![24
Non-determinism in BFT replication [CSV16]
§ Service-replication paradigm needs deterministic operations
– Agree on order of operations, then every node executes
§ What if application is given as black-box? Deterministic? ... undecidable!
§ Our approach – filter out inadvertent non-determinism
– Execute operation, compare results, and revert it if "too much" divergence is evident
– When "enough" nodes arrive at the same result, accept it
§ If application is randomized
– For algorithmic purpose (Monte Carlo): use master-slave approach
– For cryptography and security functions: cryptographic verifiable random functions (VRF)](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-24-320.jpg)
![29
References
www.hyperledger.org
github.com/hyperledger/fabric
hyperledger-fabric.readthedocs.io/
[AGK+15] P.-L. Aublin, R. Guerraoui, N. Knezevic, V. Quéma, M. Vukolic: The Next 700 BFT Protocols. ACM
TOCS, 32(4), 2015.
[BCG+14] E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, M. Virza: Zerocash:
Decentralized Anonymous Payments from Bitcoin. IEEE S&P 2014.
[CKPS01] C. Cachin, K. Kursawe, F. Petzold, V. Shoup: Secure and Efficient Asynchronous Broadcast
Protocols. CRYPTO 2001.
[CGR11] C. Cachin, R. Guerraoui, L. Rodrigues: Introduction to Reliable and Secure Distributed
Programming (2. ed.). Springer, 2011.
[CSV16] C. Cachin, S. Schubert, M. Vukolic: Non-determinism in Byzantine Fault-Tolerant Replication.
OPODIS 2016.](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-29-320.jpg)
![30
References
[CL02] M. Castro, B. Liskov: Practical Byzantine fault tolerance and proactive recovery. ACM TOCS, 20(4),
2002.
[DSW16] C. Decker, J. Seidel, R. Wattenhofer: Bitcoin meets strong consistency. ICDCN 2016.
[EGS+16] I. Eyal, A. Gencer, E.G. Sirer, R. van Renesse: Bitcoin-NG: A Scalable Blockchain Protocol. NSDI
2016.
[KMS+16] A. Kosba, A. Miller, E. Shi, Z. Wen, C. Papamanthou: Hawk: The Blockchain Model of
Cryptography and Privacy-Preserving Smart Contracts. IEEE S&P 2016.
[LNB+15] L. Luu, V. Narayanan, K. Baweja, C. Zheng, S. Gilbert, P. Saxena: A Secure Sharding Protocol For
Open Blockchains. ACM CCS 2016.
[MR98] D. Malkhi, M. Reiter: Byzantine Quorum Systems. Distributed Computing, 1998.
[MXC+16] A. Miller, Y. Xia, K. Croman, E. Shi, D. Song: The Honey Badger of BFT Protocols. ACM CCS 2016.
[V16] M. Vukolic: The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication. LNCS 9591,
Proc. iNetSeC 2015.](https://image.slidesharecdn.com/20161122-bcconnect-161124124308/85/Architecture-of-the-Hyperledger-Blockchain-Fabric-Christian-Cachin-IBM-Research-Zurich-30-320.jpg)
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Research Zurich
- 1. Architecture of the Hyperledger Blockchain Fabric Christian Cachin IBM Research – Zurich & many others at IBM, IBM Research, and Hyperledger November 2016
- 2. 2 What is a blockchain?
- 3. 3 A state machine § Functionality F – Operation o transforms a state s to new state s' and may generate a response r (s', r) ← F(s, o) § Validation condition – Operation needs to be valid, in current state, according to a predicate P() o s s' / r o s s' / r P(s,o) = TRUE
- 4. 4 Blockchain state machine § Append-only log – Every operation o appends a "block" of valid transactions (tx) to the log § Log content is verifiable from the most recent element § Log entries form a hash chain ht ← Hash( [tx1, tx2, ... ] || ht-1 || t) . o s s'
- 5. 5 Distributed p2p protocol to create a ledger o1 o2 o3 s0 s1 s2 s3 Nodes run a protocol to construct the ledger Nodes produce transactions
- 6. 6 Blockchain protocol features § Only "valid" operations (transactions) are "executed" § Transactions can be simple – Bitcoin tx are statement of ownership for coins, digitally signed "This bitcoin now belongs to K2" signed by K1 § Transactions can be complex (smart contracts = arbitrary code) – Embody logic that responds to events (on blockchain) and may transfer assets in response – Auctions, elections, investment decisions, blackmail ...
- 7. 7 Security and privacy § Transactional privacy – Anonymity or pseudonymity through cryptographic tools – Some is feasible today (e.g., anonymous credentials in IBM Identity Mixer) § Contract privacy – Distributed secure cryptographic computation on encrypted data § Accountability & non-repudiation – Identity and cryptographic signatures § Auditability & transparency – Cryptographic hash chain § Many of these need advanced cryptographic protocols
- 8. 8 Consensus
- 9. 9 Decentralized – Nakamoto consensus/Bitcoin § Nodes prepare blocks – List of transactions (tx) – All tx valid § Lottery race – Solves a hard puzzle – Selects a random winner/leader – Winner's operation/ block is executed and "mines" a coin § All nodes verify and validate new block – "Longest" chain wins
- 10. 10 Decentralized = permissionless § Survives censorship and suppression – No central entity § Nakamoto consensus requires proof-of-work (PoW) – Original intent: one CPU, one vote – Majority of hashing power controls network – Gives economic incentive to participate (solution to PoW is a newly "mined" Bitcoin) § Today, total hashing work consumes a lot of electricity – Estimates vary, 250-500MW, from a major city to a small country ... § Protocol features – Stability is a tradeoff between dissemination of new block (10s-20s) and mining rate (new block on average every 10min) – Decisions are not final ("wait until chain is 6 blocks longer before a tx is confirmed")
- 11. 11 Consortium consensus (BFT, Hyperledger) § Designated set of homogeneous validator nodes § BFT/Byzantine agreement – Tolerates f-out-of-n faulty/ adversarial nodes – Generalized quorums § Tx sent to consensus nodes § Consensus validates tx, decides, and disseminates result
- 12. 12 Consortium consensus = permissioned § Central entity controls group membership – Dynamic membership changes in protocol – Membership may be decided inline, by protocol itself § Features – BFT and consensus are very-well understood problems ● Clear assumptions and top-down design ● 700 protocols and counting [AGK+15] ● Textbooks [CGR11] ● Open-source implementations (BFT-SMaRT) – Many systems already provide crash tolerant consensus (Chubby, Zookeeper, etcd ...) – Requires Ω(n2) communication (OK for 10-100 nodes, not > 1000s) § Revival of research in BFT protocols – Focus on scalability and communication efficiency
- 13. 13 Consortium consensus – under development § Hyperledger fabric (originated from IBM's contribution to Hyperledger) – Includes PBFT protocol [CL02] § Tendermint and others § HoneyBadgerBFT [MXC+16] – Revisits practical randomized BFT [CKPS01], including amoritzation § Many existing BFT libraries predate blockchain – BFT-SMaRT, Univ. Lisbon (github.com/bft-smart/library) – Prime, Johns Hopkins Univ. (www.dsn.jhu.edu/byzrep/prime.html)
- 14. 14 More variations of consensus § Bitcoin-NG [EGS+16] – Bitcoin PoW elects a leader, it is responsible for ordering the next K tx § Proof-of-stake (explored by Ethereum) – Voting power relative to asset holdings (through cryptocurrency held by blockchain) § Hybrid PoW (PeerCensus [DSW16]) – PoW protocol to elect nodes in one consensus group – Group runs ordinary BFT consensus § Hierarchical & partitioned, randomized [LNB+15] – Random sub-groups, nodes and tx assigned randomly to sub-groups – Each sub-group runs ordinary BFT consensus
- 15. 15 Scalability–performance tradeoff M. Vukolic: The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication. Proc. iNetSeC 2015, LNCS 9591.
- 16. 16 Hyperledger
- 17. 17 Hyperledger Project § Open-source collaboration under Linux Foundation – www.hyperledger.org – Hyperledger unites industry leaders to advance blockchain technology (Dec. '15) – 50+ members in July '16 § Develops an enterprise-grade, open source distributed ledger framework § Code contributions from several members § IBM's contribution – github.com/hyperledger/fabric/ – Security architecture and consensus protocols from IBM Research - Zurich
- 18. 18
- 19. 19 Hyperledger fabric § Enterprise-grade blockchain fabric and distributed ledger framework – A blockchain implementation in the Hyperledger Project § Developed open-source, by IBM and others (DAH, LSEG ...) – github.com/hyperledger/fabric – Initially called 'openblockchain' – Donated by IBM to Hyperledger project – Actively developed § Technical details – Implemented in GO – Runs smart contracts ("chaincode") within Docker containers – Implements consortium blockchain using BFT consensus
- 21. 21 Hyperledger fabric details (v0.6-preview) / 1 § Platform-agnostic – GO, gRPC over HTTP/2 § Peers – Validating peers (all running consensus) and non-validating peers § Transactions – Deploy new chaincode / Invoke an operation / Read state – Chaincode is arbitrary GO program running in a Docker container § State is a key-value store (RocksDB) – Put, get ... no other state must be held in chaincode – Non-validating peers store state and execute transactions
- 22. 22 Hyperledger fabric details / 2 § Consensus in BFT model – Modular architecture supports other consensus protocols – Currently, PBFT [CL02] – Non-determinism addressed by Sieve protocol [CSV16] – Static membership in consensus group § Hash chain computed over state and transactions
- 23. 23 Hyperledger fabric details / 3 § Membership service issues certificates to peers – Enrollment certificates (E-Cert, issued by E-CA) ● Assign identity to node, gives permission to join and issue transactions – Transaction certificates (T-Cert, issued by T-CA) ● Capability to issue one transaction (or more) ● Unlinkable to enrollment certificate, for anyone except for transaction CA § Pseudonymous transaction authorization – Controlled by peer, how many Transaction-Signatures with same T-Cert
- 24. 24 Non-determinism in BFT replication [CSV16] § Service-replication paradigm needs deterministic operations – Agree on order of operations, then every node executes § What if application is given as black-box? Deterministic? ... undecidable! § Our approach – filter out inadvertent non-determinism – Execute operation, compare results, and revert it if "too much" divergence is evident – When "enough" nodes arrive at the same result, accept it § If application is randomized – For algorithmic purpose (Monte Carlo): use master-slave approach – For cryptography and security functions: cryptographic verifiable random functions (VRF)
- 25. 25 Towards Hyperledger fabric v1.0 § Separate the functions of nodes into endorsers and consensus nodes – Every chaincode may have different endorsers – Endorsers have state, run tx, and validate tx for their chaincode – Consensus nodes order already-validated tx § Scales better, computation effort can be distributed § Permits confidential state on blockchain (seen only by endorsers)
- 26. 26 Separation of endorsement from consensus § Validation is by chaincode § Dedicated endorsers per chaincode § Consensus service – Only communication – Pub/sub messaging – Ordering for endorsed tx § State and hash chain are common – State may be encrypted Consensus service only orders tx Per-chaincode endorsers
- 28. 28 Conclusion § Blockchain combines many interesting techniques – Distributed computing for consensus – Cryptography for integrity, privacy, anonymity § Blockchain = Distributing trust over the Internet § Hyperledger Fabric – Open-source platform for permissioned ledger (so far, consortium consensus) – GO, gRPC, HTTP/2, Docker, RocksDB ... – Modular consensus (PBFT so far) – Pseudonymous authorization
- 29. 29 References www.hyperledger.org github.com/hyperledger/fabric hyperledger-fabric.readthedocs.io/ [AGK+15] P.-L. Aublin, R. Guerraoui, N. Knezevic, V. Quéma, M. Vukolic: The Next 700 BFT Protocols. ACM TOCS, 32(4), 2015. [BCG+14] E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, M. Virza: Zerocash: Decentralized Anonymous Payments from Bitcoin. IEEE S&P 2014. [CKPS01] C. Cachin, K. Kursawe, F. Petzold, V. Shoup: Secure and Efficient Asynchronous Broadcast Protocols. CRYPTO 2001. [CGR11] C. Cachin, R. Guerraoui, L. Rodrigues: Introduction to Reliable and Secure Distributed Programming (2. ed.). Springer, 2011. [CSV16] C. Cachin, S. Schubert, M. Vukolic: Non-determinism in Byzantine Fault-Tolerant Replication. OPODIS 2016.
- 30. 30 References [CL02] M. Castro, B. Liskov: Practical Byzantine fault tolerance and proactive recovery. ACM TOCS, 20(4), 2002. [DSW16] C. Decker, J. Seidel, R. Wattenhofer: Bitcoin meets strong consistency. ICDCN 2016. [EGS+16] I. Eyal, A. Gencer, E.G. Sirer, R. van Renesse: Bitcoin-NG: A Scalable Blockchain Protocol. NSDI 2016. [KMS+16] A. Kosba, A. Miller, E. Shi, Z. Wen, C. Papamanthou: Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. IEEE S&P 2016. [LNB+15] L. Luu, V. Narayanan, K. Baweja, C. Zheng, S. Gilbert, P. Saxena: A Secure Sharding Protocol For Open Blockchains. ACM CCS 2016. [MR98] D. Malkhi, M. Reiter: Byzantine Quorum Systems. Distributed Computing, 1998. [MXC+16] A. Miller, Y. Xia, K. Croman, E. Shi, D. Song: The Honey Badger of BFT Protocols. ACM CCS 2016. [V16] M. Vukolic: The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication. LNCS 9591, Proc. iNetSeC 2015.