Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains Blockchain Security Seminar Pirmin Schmid Pirmin Schmid | | 11.05.2018 1
Seminar presentation and discussion of this paper Pirmin Schmid | | 11.05.2018 2
Bitcoin-like blockchains § Distributed public anonymous ledger § Consensus by longest chain § PoW / PoS § Fixed system for each variant § Applications picture from pixabay (CC0) Pirmin Schmid | | 11.05.2018 3
Fabric § Open-source Framework to build blockchains § Modular for all aspects of the system § Permissioned § No currency § Go, Java, Node.js, … § Example use cases § New very crucial insights picture from pixabay (CC0) Pirmin Schmid | | 11.05.2018 4
Fabric Components Policies Membership service provider (MSP) Chaincode Peer Docker Endorser: execute Committer: validate Ledger: transaction manager (PTM) KVS: Database Pirmin Schmid | | 11.05.2018 5
Fabric Components Policies Membership service provider (MSP) Chaincode Client Peer Client Docker Endorser: execute Client Client Committer: validate Client Client Ledger: transaction manager (PTM) KVS: Database Client Client Gossip Order service Pirmin Schmid | | 11.05.2018 6
Fabric Components Policies Membership service provider (MSP) Chaincode Client Client Client Client Client Client Client Client Gossip Order service Pirmin Schmid | | 11.05.2018 7
Fabric Building blocks § Store: CouchDB / LevelDB § Chaincode: Go, Java, Node.js, … § Docker containers § gRPC § Gossip: push/pull methods § Orderer § Apache Kafka (ZooKeeper) § Byzantine Fault Tolerant (BFT) orderer § Solo (centralized) for development Pirmin Schmid | | 11.05.2018 8
Traditional Architecture Validate § Order by longest chain or BFT § Execute smart contracts on all peers § State updates on all peers → Ledger Pirmin Schmid | | 11.05.2018 9
Traditional Architecture Validate Problem § Sequential execution of all contracts on all peers → bottleneck Pirmin Schmid | | 11.05.2018 10
Traditional Architecture Validate Problems § Sequential execution of all contracts on all peers → bottleneck § Programs MUST be deterministic → NO general purpose languages Pirmin Schmid | | 11.05.2018 11
Deterministic? Pirmin Schmid | | 11.05.2018 12
Deterministic? Pirmin Schmid | | 11.05.2018 13
Deterministic? Pirmin Schmid | | 11.05.2018 14
Deterministic? Pirmin Schmid | | 11.05.2018 15
Traditional Architecture Validate Problems § Sequential execution of all contracts on all peers → bottleneck § Programs MUST be deterministic → NO general purpose languages Pirmin Schmid | | 11.05.2018 16
Fabric Architecture Key insight Pirmin Schmid | | 11.05.2018 17
Fabric Architecture State § Versioned key-value store § Maintained on all peers Pirmin Schmid | | 11.05.2018 18
Fabric Architecture Execute § Only some peers are executing the chaincode (simulation) § Use current local state § Create read-set and write-set for access of versioned key-value store § Create signed “endorsement” Pirmin Schmid | | 11.05.2018 19
Fabric Architecture Key insight State must be replicated on all peers, not execution Sequential execution in O(n) instead of O(N) n << N N = computing steps n = size of read and write sets Execute § Only some peers are executing the chaincode (simulation) § Use current local state § Create read-set and write-set for access of versioned key-value store § Create signed “endorsement” Pirmin Schmid | | 11.05.2018 20
Fabric Architecture Order § Needs enough endorsements with identical read-/write-sets § Uses Apache Kafka, BFT or other methods § Peer gossip Pirmin Schmid | | 11.05.2018 21
Fabric Architecture Validate § Parallel § All peers validate correctness of transaction based on policy § NO execution of the chaincode Pirmin Schmid | | 11.05.2018 22
Fabric Architecture Update state § sequential § Peer transaction manager (PTM) § Checks again versions of the keys in readset mismatch → invalidate transaction Pirmin Schmid | | 11.05.2018 23
Transaction flow Pirmin Schmid | | 11.05.2018 24
Fabric Components Policies Membership service provider (MSP) Chaincode Client Client Client Client Client Client Client Client Gossip Order service Pirmin Schmid | | 11.05.2018 25
Policy § Number of endorsements § Which endorser shall be used § Execution limitations § Validation rules § Parallel chaincode execution § Confidential chaincode Pirmin Schmid | | 11.05.2018 26
Security § TLS for communication § Classic membership service § Signatures § Docker for sandboxing § Complex system § Dependency on many 3 rd party codes Pirmin Schmid | | 11.05.2018 27
Evaluation § Fabcoin: UTXO § VMs in one data center § 2.0 GHz 16 vCPU VMs running Ubuntu with 8 GiB RAM and SSDs § 1Gbps networking connections § Orderer: Kafka with 3 ZooKeeper nodes, 4 Kafka brokers, 3 Fabric orderers § 5 peers, all Fabcoin endorsers § TLS for all connections § Signatures with 256-bit ECDA scheme § Node clocks synchronized by NTP § MINT phase / SPEND phase Pirmin Schmid | | 11.05.2018 28
Block size Pirmin Schmid | | 11.05.2018 29
Scales with number of vCPUs Pirmin Schmid | | 11.05.2018 30
Latency in detail Pirmin Schmid | | 11.05.2018 31
Latency in detail Pirmin Schmid | | 11.05.2018 32
Latency in detail Pirmin Schmid | | 11.05.2018 33
Latency in detail Pirmin Schmid | | 11.05.2018 34
Conclusion Pirmin Schmid | | 11.05.2018 35
Reserve slides for questions Pirmin Schmid | | 11.05.2018 36
Blockchain use cases § Food-safety network § Global shipping trade § Enterprise asset management § Foreign exchange netting § Global cross-currency payments § One size does not fit all Pirmin Schmid | | 11.05.2018 37
Modules: allow step-wise improvements § Docker: container but not actually sandbox Google just presented gVisor these days → improved security § Orderer: Currently weak part of the system → improved distributed BFT based order is being built § Execution / Validation: Can be extended to various policies and advancements in research § Storage: Improved DBs / KVS if available Pirmin Schmid | | 11.05.2018 38
Google gVisor: available for docker picture from github.com/google/gvisor Pirmin Schmid | | 11.05.2018 39
Apache Kafka: a distributed streaming platform picture from kafka.apache.org Pirmin Schmid | | 11.05.2018 40
Number of peers Pirmin Schmid | | 11.05.2018 41
Distance between data centers § 100 peers across 5 data centers Pirmin Schmid | | 11.05.2018 42
Recommend
More recommend