Category

Hyperledger Indy

Privacy By Design in Hyperledger Indy

By | Blog, Hyperledger Indy

The Scope and Limits of Indy’s Privacy Tech

Guest post: Daniel Hardman, Evernym

Privacy is a hot topic in blockchain circles–and across the entire digital landscape. GDPR, ePrivacy, and similar regulatory regimes have the world thinking hard and smart. Modern systems must bake privacy into their DNA; it can’t be bolted on after-the-fact. I’ve written elsewhere about why this is true, and how it must be done–and I’ve spent the last couple years helping Hyperledger Indy embody all the privacy goodness I know. I’m encouraged to hear a swelling chorus of blockchain practitioners opine that certain things must NOT go on a blockchain.

Perhaps you have heard a claim that Indy “solves” privacy. Or perhaps you’ve seen skeptics roll their eyes, muttering about how we’re all going to be correlated by the surveillance state, no matter what we do.

The truth is that both of these perspectives distort reality. Indy does offer some wonderful features to aid privacy, and these features matter! But institutions are certainly going to know some things about us, no matter what Indy does. Indy can minimize this in exciting ways. Nonetheless, what privacy we have, now or in the future, will emerge from a combination of technology, social and legal constructs, market forces, and human behavior; it can’t be trivialized as a tech problem.

What “Privacy Tech” Are We Talking About?

Today, Hyperledger Indy’s approach to privacy includes elliptic curve cryptography, pairwise DIDs, semi-trusted agents, agent-to-agent communication using techniques such as libsodium’s sealed box and authenticated encryption, zero-knowledge proofs, a separation between credentials and proofs, privacy-preserving credential revocation features, an affinity for data and key storage at the edge, and a carefully constructed wallet interface that manages personal secrets with industry best practices. In addition, privacy-preserving agent (device) revocation has been demonstrated as a proof of concept.

Indy’s roadmap includes additional privacy-enhancing features such as a user-friendly SSI tool (mobile app) with smart and safe defaults, microledgers, sophisticated policy and/or AI for agents, mix networks for transaction submitting and agent routing, and so forth.

Some of these technologies exist in other identity technologies, but Indy combines more of them, in far more powerful ways, than any similar technology I know.

What All This Tech Does NOT Deliver

Except for people who live in remote, technology-scarce  places, all of us are constantly observed and recorded. Google maps may have a picture of our front door; cell phone towers track the location of our mobile devices; credit card companies see what we spend; closed-circuit cameras watch us on the road or subway.

In such an environment, much will be known about us, even if we use Indy to prove things in zero knowledge. And, if we choose to use Indy to disclose something identifying–our email or phone number or name+birthdate, for example–then the disclosing interaction is correlatable to a much bigger digital footprint, no matter what fancy math did the proving. Even less perfect correlators like first name + fuzzy place + fuzzy time may correlate us, given sufficient context.

It might be tempting to say, then, that there’s no point to Indy’s elaborate privacy posture. But there is more to the story.

What Hyperledger Indy Privacy DOES Deliver

Hyperledger Indy allows you to construct interactions where the degree of disclosure is explicit and minimal–much smaller than what was previously possible. Nothing about the mechanics of connecting, talking, or proving in Indy is leaky with respect to privacy; vulnerabilities that emerge must come from the broader context. No other technology takes this minimization as far as Indy does, and no other technology separates interactions from one another as carefully. If privacy problems are like a biohazard, Indy is the world’s most vocal champion of wearing gloves and using a sharps container for needles–and it provides the world’s best latex and disinfectants.

Of course, this does not give perfect protection. Like a needle stick, mistakes can ruin Indy’s carefully sanitized interactions, and contamination is always a possibility. In 2017, the layouts of US army bases in some of the most dangerous locations in the world were compromised because soldiers had been using the Strava running app to track where they exercised (https://wapo.st/2J6DQqU). If this can happen when stakes are so high, and when the organization is as careful as a sophisticated army, then similar fiascos will undoubtedly occur, both with and without Indy technology, for the foreseeable future. These are serious problems that are not to be underestimated.

Despite the imperfect guarantees, doctors consider it worthwhile–even vital–to wear gloves. And despite risk, Indy’s privacy tech can deliver real value, if we are careful about constraining behavior and understanding use cases. Any interaction that does not leak is a tiny bit of personal, private space–and chaining such interactions together can accrue significant benefits. Indy makes it possible to prequalify for a loan at a thousand banks, in a way that proves credit worthiness, income, and citizenship, without forfeiting privacy. Used correctly, it can insulate cautious whistleblowers; it can enable secure, private voting; it can make online dating safer. Many other use cases exist. In each situation, we must carefully assess privacy beyond the narrow context of Indy’s proving mechanics. Gloves are less helpful when a disease vector is airborne; the government still needs to know who you are when you pay your taxes.

Intentions And Incentives

Besides discussing what protections Hyperledger Indy offers on the technical level, and what ways there might be to defeat such protections, we can also make an argument that architectures, algorithms, data models, and cryptography always carry a certain “intention” towards the parties we interact with. In our case, this intention is to maintain the individual’s privacy, sovereignty, etc. Whether or not the technology can strictly enforce this intention, or to what extent, is an important question, but not the only argument for building it in a certain way.

If we use pairwise DIDs and zero-knowledge proofs, the message is clearly “don’t try to correlate me,” even if you could find a way to do it if you try hard enough. An HTTP Do-Not-Track header says “do not track me,” but it doesn’t offer any actual protection from tracking. The VRM community has been talking about user-defined terms for a long time. In a relationship, you can express “don’t use my data for advertising,” or “delete my data after 14 days,” or “use my data for research, but not commercially.”

Simply expressing these intentions in code and architecture has value by itself. It bears a message that privacy and sovereignty “should be honored,” even if it cannot always be guaranteed technically that it will be. Over time, we expect that through regulation, trust frameworks, reputation, and similar mechanisms, not honoring such intentions will be discouraged. Of course we must always communicate clearly the limits of intentions and guarantees, lest we create a false sense of security that can lead to severe consequences.

One of the main reasons for the growth of Internet’s re-decentralization movement (Diaspora, Bitcoin, etc.) was not only to achieve more privacy and independence, but also to build architectures that better mirror the way we want society to work in the real world (not client/service aka. master/slave). At the same time, the point of view that “technology is neutral” is getting less prevalent, being more and more replaced by an assumption that “technology has built-in values.” From this perspective, privacy tech is valuable not only as a technical defensive mechanism, but also to make a point, to convey an intention.

Importantly, Indy’s technology also enables the transformation of privacy incentives. Companies that once stored PII can now store an opaque identifier for a customer, and contact the customer’s agent to learn more–then throw away the data after they use it. This has the potential to eliminate many centralized data troves as hacking targets, and it empowers people instead of impersonal and conflicted corporate guardians. Indy also provides meaningful advances in the world’s answers to privacy regimes like GDPR. We believe that in the future, social, software, and legal constructs will evolve to take advantage of the privacy features offered by Hyperledger Indy, and that this will lead to ever more creative types of business models and digital interactions not possible before.

 

Developer Showcase Series: Ian Costanzo, Anon Solutions Inc

By | 网志, Developer Showcase, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy

We return back to our Developer Showcase blog! This series serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s projects. Next up is Ian Costanzo from Anon Solutions Inc. Let’s dig in!

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

Learn the fundamentals, and then get involved in an interesting open source project.

Working with Bitcoin is one of the best ways to learn the fundamentals of blockchain. The original white paper lays the groundwork in a clear and concise way, and there is a significant amount of documentation and examples available. Once you have a good understanding of the basic cryptography, merkle trees, proof of work, etc, it is much easier to work with more complex frameworks, which tend to layer on additional functionality (and complexity).

Then find an open source project and get involved. No matter what your interest there is probably a existing project in with a need for contributions in a number of areas. Documentation, introductory tutorials and testing are common needs. I’ve been involved in a few projects, and I’ve found there is always enthusiastic support (via slack, rocketchat, telegram, etc.) for new participants.

Also check for local meetups – I’m fortunate that in Vancouver there are a lot of blockchain enthusiasts, many meetups, and I’ve met quite a few interesting characters.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I’m working with the BC Government on their Verifiable Organizations Network (VON) project (https://github.com/bcgov/von) using Hyperledger Indy.  I got involved in a roundabout kind of way.

Originally I was working with a homeless shelter in Calgary (https://www.calgarydropin.ca/) – they had recently implemented a new CRM and were looking at ways they could improve service to their clients by (securely) collaborating with other service providers. Their primary concerns were security of personal information, and respect for the sovereignty of individuals to control their own information, where possible. I did a survey of the technology space, and found that the Sovrin network (and Hyperledger Indy) was a clear fit for their requirement. I was lucky enough to get in touch with the BC group who were working with the same technology, and then fortunate to be able to participate in their project.

I’m interested in how blockchain can be used to help protect our personal information, and give us more autonomy and control over how our information is shared and used.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

I’m working with Hyperledger Indy, with the BC Government. My role has been to scale up the solution to handle enterprise requirements, including large data volumes and transaction throughputs.  It’s been a fascinating experience, because I get to work with a lot of very smart people in the BC Government, as well as at Sovrin, Evernym and the whole Indy community.  The technology is new, which is interesting, but we’re also exploring new ways in how the technology is being applied, which creates lots of challenges and opportunities.

Specifically I’ve been working on an Enterprise Wallet for the central credential “holder.” I’ve updated the wallet to support multiple identities and millions of credentials, and to run in an enterprise micro-services deployment. I’m excited for the next round of SDK wallet development, which is going to introduce wallet meta-data, native encryption and improved search capabilities, which are all going to support functionality the team is planning to add in the coming months.

I’d also like to mention that the BC team is working in partnership with the governments of Ontario and Canada. In Victoria we work out of the government’s “Innovation Center”, which is focussed on public/private partnerships and support for the open source community. All the work we are doing is open source, available for use, and we welcome new collaborators.

What do you think is most important for Hyperledger to focus on in the next year?

Ease of use for new developers, as well as scalability. Ease of use is something that Ethereum (for example) has done a very good job with. Solidity is pretty simple to learn, and you can write very sophisticated blockchain applications without having to get too deep into the weeds. This is why Ethereum is one of the most widely used blockchain platforms. The downside of Ethereum is scalability (Crypto Kitties almost brought down the whole network) but that is something they are putting some resources into.

I’ve worked with Hyperledger Fabric and Hyperledger Indy, and I think anyone will agree that these are very complex technologies!  In order to get more widespread adoption documentation, training and tooling are critical. Their strength is that they are more specialized networks, however they come with a very steep learning curve, and this is something that needs to be addressed.

For Hyperledger Fabric, the introduction of Composer for application development was a huge step forward. Hyperledger Indy (what I am mostly working with now) could use similar tooling. There is work in progress on documentation and developer tools, but the more focus in this area the better!

As a private network, Hyperledger Fabric may not suffer from the same scalability concerns as public networks, but Indy supports a public network (Sovrin) so scalability is definitely a concern.

What’s the one issue or problem you hope blockchain can solve?

I like to think that blockchain can be used for the benefit of humanity, rather than just providing a living for those of us fortunate enough to be working with the technology.

Self sovereign identity has a lot of potential, putting information under the control of the individual rather than large corporations, allowing us to (selectively) share with our friends and colleagues, without having to worry about our information being mined and mis-used.  Also being able to benefit disadvantaged populations, like refugees and the homeless.

Privacy is another potential benefit of blockchain, having the ability to secure personal information, as well as being able to communicate and transact anonymously.

I’ve seen a lot of other really interesting applications proposed or prototyped, like using cryptocurrency to distribute aid directly to recipients (reducing the risk of graft), or using blockchain to track ethically captured tuna. I’m excited (and hopeful) for the future of this technology.

What technology could you not live without?

I resisted getting a smartphone for a long time, because I have a bit of a technology addiction. (I also don’t own a TV because I would just end up watching it all the time.) Now I have an Android phone, and I’m in constant communication. I always know the answer to every question (thanks Google) and where to go for lunch or the best route to get to the ferry. When I get involved in an interesting technology (like blockchain!) I become a bit of a workaholic and spend far too much time on the computer.

So the best technology for me is sometimes no technology at all. Leave the phone behind and go for a walk, to clear my mind. Sit down with a pen and paper to solve some problems, rather than try to work it out at the computer (This forces me to do some actual programming for a change, rather than just cut and pasting from StackExchange.) Read the newspaper rather than my news feed online.

Until the nervous twitching starts and I have to reach for my phone!

 

Questions from Decentralized Identity Webinar

By | 网志, Hyperledger Indy

Guest post: Daniel Hardman, Evernym

During our recent webinar on decentralized identity, we accumulated a large backlog of questions. We thought it might be nice to cluster them by topic, and see if we could provide follow-up answers.

Q. How are decentralized identity, DIDs, and similar technologies compliant with (or not compliant with) GDPR, HIPAA and similar regulations?

Done right, decentralized identity can solve many gnarly problems. However, it’s not always done right. The decentralization is an opportunity, not a guarantee. For example, if you put personal data on the blockchain, you have a problem with GDPR’s right to be forgotten–but if you put personal data on a personal microledger, and not in a public place, you have no problem. See http://bit.ly/2taHIR8 for more details.

Q. I do not understand ‘permissioned public’ or ‘permissionless private’. Can you give examples? And why permissioned instead of permissionless?

Permissioned vs. Unpermissioned describes who can operate the network. Bitcoin is unpermissioned because anybody can download the software and run it, without asking permission first. Sovrin and Indy are permissioned, because although anybody can download and run the software, the network won’t accept your node’s vote about consensus on transactions unless/until your node receives permission to join the official validator pool.

Note that this Permissioned/Unpermissioned distinction DOES NOT affect who can use the network to do transactions. That’s a whole different question, addressed by the Public/Private distinction. A public network can be used by the general public; a private one requires special access. Permissioned/Unpermissioned just refers to who can operate the network.

A non-blockchain example of a network that is public but permissioned is ATMs. Anybody in the world can walk up to an ATM and use it, without special access. Thus it is public. But it is not the case that anybody in the world can operate an ATM. You might buy an old ATM second-hand, power it up, and turn it on–but unless banks agree to honor the transactions it does, it’s not going to work. A private permissionless network is one where only a few people can use the system, but anybody in the world can operate the node (or nodes can be configured and participate without any centralized help). An example of this would be a large conglomerate deciding to run a private instance of Ethereum for the benefit of all its subsidiaries. The conglomerate might announce that any division or department can set up a node, but say that only transactions submitted from IP addresses in its corporate intranet IP address range will be honored. Private permissionless is a little bit odd, and often permissions creep into them gradually.

Permissioned networks are helpful when you are worried about regulation (permissionless means there are few levers to control the behavior of the network providers). Permissioned are also capable of greater speed and scale than permissionless (broad generalization). Permissionless systems are naturally censorship-resistant.

Q. What is the user experience like in this brave new world of decentralized identity? How can I use decentralized identity (eID, etc) to get real work done? How do I keep track of all the keys and identity fragments that would be created in such a world?

Here’s a recorded demo that you might find interesting. It shows two sides of a decentralized identity ecosystem–a company, and a private person. The company is using a web application; the private person is using a mobile app. The person is trying to accomplish goals like buying an airplane ticket, proving things with credentials, and so forth. The web application is clunky; the user experience focus here is on the mobile app used by the private person. This demo assumes Sovrin (Indy) is the underlying plumbing. https://vimeo.com/262596133

Q. Most talk about identity centers on human beings. How do organizations and IoT things fit into the identity ecosystem?

Many decentralized identity approaches (including Sovrin and Indy, where I come from) explicitly welcome IoT things and organizations into the ecosystem. There are discussions underway on several fronts about using Sovrin for various IoT use cases, such as proving provenance of devices, securing device communication, and so forth. Organizational use cases are even more mature, with many companies and governmental organizations deploying. One public and advanced example is the Verifiable Organizations Network sponsored by the government of British Columbia in Canada.

The Sovrin Trust Framework (the constitution that Sovrin uses to run an instance of Indy) discusses the relationships of all these types of entities in section 3.2.

Q. Can a decentralized identity that is based on an immutable blockchain be deleted?

(This may relate to the question about GDPR compliance; see above for more on that.)

It depends on what you mean by “deleted”, and what you mean by “based on blockchain.” If an identity owner writes key personal info to an immutable ledger, then deleting such info will be a problem. Indy solves this problem by using the public ledger only for information about entities that don’t have a right to privacy (such as organizations or IoT devices), and requiring private individuals to store their info in a private file called a microledger. This microledger has some nice ledger characteristics–it is tamper-resistant and append-only–but the individual can always delete the file to remove all evidence of themselves.

Q. This is all utopian. Why should businesses give away their data and cooperate in this fashion? Will it take forever for the world to adopt decentralized digital identity? What about vulnerable populations who don’t own a lot of tech?

One incentive that institutions have to adopt this technology is regulation. GDPR, HIPAA, ePrivacy, and other legal requirements are forcing companies to adopt some sort of game-changing identity solution, because traditional approaches are simply too expensive or too hostile to the privacy and user-control standards that governments are demanding.

Another incentive is cybersecurity. If you were the CISO of a large company with many customers, would you feel more secure using traditional identity, where you have a large trove of information about customers that represents a juicy hacking target (including for malicious insiders)–or would you prefer to leave sensitive data in the hands of customers, with the option of looking it up from them whenever you needed it? Leaving it with customers shifts legal burdens in a huge way…

A third incentive is the possibility of eliminating middlemen. Every company would prefer to have a rich, direct interaction with its customers. Today, however, most companies are forced to have a relationship that’s mediated or brokered by some third party. They buy demographic data from data brokers; they contract with ad networks who profile and qualify people to see advertisements; they pay credit reporting agencies to identity proof customers by asking the customers when they last bought a home. All of these relationships cost businesses money and diminish the richness and power they’d like. What they’d prefer, instead, is to reach out to customers directly, knowing they can trust what customers tell them, and to have unfettered interactions with very high trust and a wonderful experience for customers.

These changes are expensive, but their benefits are so attractive that many large organizations are actively exploring the possibilities. This includes multinational banks, the travel industry, the healthcare industry, national governments, universities, and so forth.

Regarding vulnerable populations, the UN and numerous NGOs that work with vulnerable populations are striving to make this technology free and accessible to refugees, children, and those who are displaced or who live away from the internet. The Sovrin Foundation has an Identity for All committee that has interesting stories to tell…

Q. How does Indy compare to Showcard, Civic, uPort, and similar offerings? Is there any effort at compatibility or cooperation or standards?

There are efforts to cooperate. Some of them are taking place in the open, at the W3C, the DIF, and Hyperledger. Most of these efforts are midway through their lifecycle–not brand new, but not frozen into a standard yet. I am feeling very hopeful that these efforts will bear substantial fruit. You are welcome to attend community meetings at Hyperledger; see the community calendar.

I tried to take a platform-neutral stance on decentralized identity in my webinar. I can’t be perfectly objective, though, since I am a practitioner in the space. So please filter my comparison of these technologies through that lens.

All of these technologies are similar in the sense that they involved identity and blockchain. However, they use blockchain differently. They have different beliefs about what belongs on the blockchain, which blockchain to use, how to pay for the blockchain, who should control the ecosystem (if anybody), how to achieve privacy, how much privacy to aim for, and so forth. These differences manifest in different business models, different costs, different assumptions about the basis for trust, and so forth. I respect their people as bright, informed thinkers. I hope they view me as a collegial competitor. 🙂

It’s worth noting that Indy is not a product; it is an Apache 2-licensed codebase that anybody can use for free. Sovrin (an instance of Indy running with a specific constitution) is closer to being a direct analog to these commercial offerings than Indy is. Sovrin is also free.

FWIW, I believe that only Sovrin has a compelling, mature story about personal privacy, and about GDPR compliance. See http://bit.ly/2taHIR8 for more details.

Q. Isn’t there a better onboarding story than “scan your driver’s license and we’ll have our AI check it for fraud–then magically you get a digital identity”? Can we help people develop decentralized identities from birth?

Yes! Sovrin believes that digital credentials should be issued directly, and there are several initiatives underway that demonstrate exciting progress. For example 3 states in the United States are exploring the issuance of digital birth certificates. There is also effort underway among NGOs working with the United Nations to onboard vulnerable persons with a decentralized, self-sovereign, digital identity.

Q. Indy maturity — when will Android support be available, is Fabric further along, can we build something with this today?

The first network built on Indy launched publicly on July 31, 2017, running version 1.0 of Indy. Its SDK released in August of 2017. The demo mentioned above runs against software that’s now about a year old. Parts of the system are moderately mature.

That said, it is true that Indy (and really almost everything in the blockchain space, except for the core Bitcoin and Ethereum ledgers) is a very young technology, and it continues to evolve rapidly. Indy is just now finishing up the due diligence to graduate from Hyperledger incubator status. iOS support for Indy has existed for about 9 months, and Android support comes online in the next month or so. Standards efforts are forcing some evolution. If you’re a programmer, the SDK for this environment supports some common programming languages (python, java, C#, Rust, Go, Node.js) but not every language you might want. In addition, the Indy ledger, despite running as Sovrin for a year, still lacks some experience doing battle with hackers and spammers. So this is a good question; only a specific evaluation of your use cases will tell you whether it’s a good foundation for a business solution today.

Q. What consensus algorithm does Indy use?

Indy uses a modified version of RBFT called Plenum.

Missed the live webinar? Watch the on-demand replay of Decentralized Identity, Distilled today.

Developer Showcase Series: Markus Sabadello, Danube Tech

By | 网志, Hyperledger Indy

We have another Developer Showcase blog ready! This series serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s projects. Next up is Markus Sabadello from Danube Tech. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain?

You probably already have a good technical understanding of how blockchain works. You already know that blockchain is more than Bitcoin. You know that there are many different types of blockchains with different features and properties. You also know that blockchain is not a panacea, that it is sometimes over-used, and that blockchain is often just a small piece of a bigger solution.

Since you know all that already, my advice would be, let’s now try to understand why there is such high interest in blockchain, and why so many individuals and companies are working with this technology. Is it because blockchain is a novel solution for technical challenges such as security and stability? Or is the rise of blockchain mostly about profit and new business models? Or is it about a desire for a utopian new world with more democracy, transparency and without authorities?

Today, it is becoming clearer that technology is not always neutral. It tends to have built-in assumptions and objectives. The design of technical architectures and algorithms can imply and support certain world views and values. Some of the currently existing digital infrastructure is perhaps based on paradigms and assumptions that has resulted in adverse effects for our political and social structures.

As engineers and developers, we have a special responsibility here. Therefore, when you start working with blockchain, try to not only find the best technical solution for your use case, but also consider what deeper human effects your algorithms and data structures will have once they get deployed and used in the real world.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I have worked on digital identity technologies for a long time, the question of who we are, how we present ourselves, and what do others know about us in the digital world. There’s this concept of user-centric identity, and more recently self-sovereign identity, which places individuals at the center of their online relationships and transactions, and gives us all the ability to create, manage, use, and destroy our online identities according to our own rules.

In classic identity technologies such as OpenID, SAML, WebID, etc., the act which establishes a digital identity for an individual always introduces a dependency on an external entity that has to be trusted in some way. In these systems, digital identity is always represented as an account in some service provider’s database, or as an identifier managed by some registration authority.

With blockchain or distributed ledger technology, we realize that now for the first time we have a way to establish digital identity without such dependencies on identity service providers.

In a joint effort of several communities such as the W3C Credentials Community Group, the OASIS XDI Technical Committee, the series of Rebooting-the-Web-of-Trust workshops, and the Internet Identity Workshop, we then began developing the concept of a Decentralized Identifier (DID), which will become a base building block for higher-level identity data formats and protocols. This is currently my focus at Danube Tech.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

The only Hyperledger project I work on is Hyperledger Indy, and I am not among the most active direct contributors, but everything I work on is connected to it. It is a codebase for a distributed ledger, which unlike most others is specifically being built for digital identity that is decentralized, independent, and follows privacy-by-design principles. Indy offers functionality and components for registering DIDs on a ledger, for privacy-preserving cryptography, and for so-called agents, which are off-chain components that exchange verifiable identity data on an identity owner’s behalf.

I can share that there are currently dozens of proof-of-concepts happening around the world using the Indy software, involving well-known major corporations, but also non-profits, academic institutions, and governments. Here in Austria, we have a consortium of several large companies jointly experimenting with Indy, and I think we will soon see plans for concrete products, applications, and services, that will transform the way how identity works online.

I was already part of this project and its community before it was accepted into Hyperledger incubation, but I can definitely say that Hyperledger has really accelerated Indy both in terms of the provided infrastructure, but also credibility and community support.

What is the best piece of developer advice you’ve ever received?

One good advice for developers I have received a few times is “sleep is more important” – but then again, it’s not always true, is it? 🙂

What technology could you not live without?

My pen that I use for writing down thoughts and taking notes during conferences.

Developer Showcase Series: Jean-Louis (JL) Marechaux, JDA Labs

By | 网志, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy

Image: Jean-Louis (JL) Marechaux, JDA Labs

We return back to our Developer Showcase blog series, which serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s projects. Next up is JL Marechaux from JDA Labs. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

The first advice I would offer is what I give on every single new technology adoption: Clearly identify the business need, and make sure that blockchain is appropriate to meet business needs. Blockchain is not a silver bullet. There are a couple of use-cases where blockchain is absolutely not the right answer. Be sure you assess blockchain applicability in your context.

I would also recommend to take an incremental and iterative approach for new Blockchain initiatives. Decompose your business problem to identity a simple use-case, something that can be described as an agile story. Implement this first story in a small prototype, to get familiar with core blockchain concepts. Then incrementally add new capabilities to your blockchain solution.

There are plenty of resources to help when you start a blockchain project. I personally recommend the Hyperledger online documentation, as it cover the key concepts and provide practical tutorials. Moreover, a tool like Hyperledger Composer is an easy way to define and test a business network with minimal investment. To me, Composer is a pretty good platform for an early blockchain prototype.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I work at JDA Labs, which is the R&D entity of JDA Software. The company has a focus on the supply chain and the retail industry, and we provide software solution to support the digital transformation of our customers. Because we are interested in digital transactions between multiple parties, blockchain seems to be a natural fit to address some automation and traceability problems. When products transit all over the world, through multiple countries and multiple companies, I believe that blockchain can help provide a better end-to-end visibility of the supply chain.

I started to be interested in blockchain when I was working at IBM. Around 2015 or 2016, I was part of an internal initiative to identify blockchain use cases for different industries. I had the opportunity to discuss with people far more knowledgeable than me in this area, and to learn basic concepts. When I started at JDA, I was exposed to a new business domain, and it quickly became obvious that blockchain could improve supply chain transparency and traceability. So I decided do more research and experimentation in this area.

As Hyperledger’s incubated projects start maturing and hit 1.0s and beyond, what are the most interesting technologies, apps, or use cases coming out as a result from your perspective?

I see a lot of value in all the Hyperledger projects, so it is difficult to mention just a few.

But given my current job and my focus at this time, I would select Hyperledger Fabric and Indy.

Because it supports permissioned networks, Hyperledger Fabric seems appropriate in a supply chain environment where participants are usually known and vetted. The channel capability in Fabric provides a data partitioning mechanism to restrict visibility to some participants, which is required for some some business transactions. Hyperledger Fabric is based on a modular and scalable architecture to support most business needs.

I have not explored Hyperledger Indy capabilities yet, but given the nature of a blockchain business network, it seems important to have a strong mechanism to manage decentralized identities.

In addition to the blockchain frameworks, I am quite interested in the different tools (e.g. Composer , Explorer) that are developed under the Hyperledger umbrella to facilitate and accelerate blockchain adoption.

What’s the one issue or problem you hope blockchain can solve?

As a consumer, I always wonder where the products I buy are coming from. I can sometime get that information reading the product label, but can I really believe what is written? Why should I trust the organic certification body? Organic food fraud is massive. Traceability on fair trade products is weak. Provenance of consumer goods is nearly impossible to obtain.

Blockchain technologies can solve this problem by enabling full transparency and traceability on products. As a consumer, I would love to be able to scan a product in a store with my smartphone and get the proof of origin through a blockchain.

What is the best piece of developer advice you’ve ever received?

“If you want to eat an elephant, do it one bite at a time.” This comes from an old saying, but I remember receiving that advice for software development, long before Agile practices were popular. To be able to deliver complex software solution, it is important to have the big picture first, to understand the end goal. But then the best approach to deliver the solution is to adopt a step by step approach to incrementally develop the software.

And of course, I was told many times to read the manual. The “RTFM” acronym cannot be repeated often enough.

I think those two tips are relevant for any blockchain project.

Meet the Hyperledger Summer 2018 Interns Part 1

By | 网志, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha

Back in March, we announced the return of Hyperledger’s Summer Internship Program. This year, we have 12 interns, which is more than double what we had last year! We’re very proud of this program, as it offers students one-on-one mentorship from some of the leading technologists in our community, as well as it builds their development portfolio of projects that will feed into the larger Hyperledger ecosystem. The students applied to work on an extensive line-up of internship projects proposed by our community mentors.

Today, we’d like to introduce six of the 12 interns, provide information on what they will work on and help you get to know them a bit better. We asked each intern a few questions including:

  1. How did you first become interested in blockchain, and why are you excited to work on Hyperledger and your project in particular?
  2. How do you see blockchain technology evolving over the next five years?
  3. If there’s one or issue you hope blockchain can solve, what is it and why?

Let’s see what they had to say!

Amar Singh

Pursuing a Bachelor’s degree in Math and Computer Science at the University of Virginia

Hyperledger intern project: Algorithmic Dispute Resolution in Construction

  1. A few years ago, a good friend of mine told me that the next iteration of the internet was coming and it was going to be decentralized. At the time, we were both taking a class on internet protocols and had recently attended a lecture on the OSI model (a conceptual model for understanding the different layers for dot com internet protocols). A breakdown of the model revealed inefficiencies due to centralization (for example, the control of domain names), but we had been taught that these inefficiencies were necessary due to the economies of scale of technology companies. The possibility of a new system designed to solve these inefficiencies piqued my interest. After a few months of reading, I decided to fully commit myself to studying blockchain protocols. Since I went down the crypto rabbit hole, I have been impressed by the pace of progress in this space and the quality of output. After spending the past two semesters researching blockchain protocols at the University of Virginia, I was drawn to Hyperledger because of its emphasis on designing modular and interoperable blockchain solutions. Hyperledger’s architecture emphasizes a separation of the blockchain components, thereby enabling developers to build flexible blockchain applications that can easily interface between different consensus protocols, data storage modules, and communication patterns. For my project, I will construct an off-chain dispute resolution framework that leverages Hyperledger’s modular approach. I am especially excited to dive into Hyperledger’s architecture and explore the ways by which applications can optimize performance-security tradeoffs by incorporating a diverse set of tools/frameworks.
  2. Over the next 3-5 years, I expect the internet’s current structure to be overhauled and replaced by blockchain protocols. As brilliant teams around the world continue to collaborate and develop at an impressive pace, I expect that many of the problems that prevent the viability of blockchain solutions will be solved (e.g.., scalability, privacy, custody, UX). I am optimistic about the future of this space and excited to start contributing.
  3. Today, search engines like Google and social media giants like Facebook maintain an overwhelming amount of power and influence over the rest of the world. Even so, many people undervalue privacy as a basic human right, but I expect this to change over the next few years. There’s a Snowden quote that comes to mind: “Arguing that you don’t care about privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.” I believe that advances in homomorphic encryption and multi-party computation coupled with blockchain innovation will provide liberation in the form of increased privacy.

Arijit Sen

Pursuing a Bachelor’s degree in Computer Science from the Apex Institute Of Technology in Bhubanshwar, India

Hyperledger intern project: Python Library for Hyperledger – Iroha

  1. I came across the concept of blockchain in my college. I found myself attracted to the whole concept of a decentralized system that is void of any 3rd party interference. I am really excited to work on Hyperledger since it addresses some critical business issues regarding blockchain. Also compared to other blockchain ecosystem platforms, Hyperledger had a smaller learning curve.
  2. Blockchain has already taken the technology world by storm. I am pretty sure that we will be seeing most of the current technology stacks shifted to blockchain. However, I am concerned regarding an uncontrolled blockchain system. Just imagine a scenario getting a perfect AI agent, powered to thrive over blockchain and letting him learn and work as much as he can. Maybe he will just develop himself as an unstoppable entity since there is no single server or database to hold him. Too much fiction? Well I doubt it. The growth on both AI and blockchain is exponential. I won’t be surprised if something like that happens.
  3. Blockchain can solve a lot of issues in the world. Just imagine a legal evidence system where all the legal documents and evidence can be put into a secure blockchain platform. Not even the wealthiest criminals could tamper with the evidence or forensic findings. It could power an unbiased law and order system. Or an unbiased voting system where no party can do any discrepancies during the election. Or it could secure payment transaction for overseas without any 3rd party interference. Blockchain opens up a thousand possibilities.

Kuzma Leshakov

Pursuing a Bachelor’s degree in Computer Science at Innopolis University

Hyperledger intern project: Hyperledger Identity WG Onboarding and Auth

  1. The first time I became interested in blockchain was couple of years ago when I heard about the decentralization concept and its implementations in Bitcoin and Ethereum. I am excited to work on the Hyperledger because of the following opportunities:
  • to work closely with community experts and developers to learn the open-source culture and skills
  • to advance knowledge in the distributed ledger design and one of its form, the blockchain
  • to get a teamwork experience with distributed, international colleagues

The project I chose is Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. This project allows getting both practical and theoretical experience in blockchain development under the supervision of leading field experts. In particular:

  • to master skills in both Python and Rust programming languages, cryptography
  • to become familiar with the concept of Decentralized Identifiers (DID) and implement applications using it
  • to learn up-to-date software production techniques
  • to advance in creating and using tests as a professional developer
  • to get code reviews and advices on the best practices of documenting and structuring code

Throughout the internship, I will be making important contributions to the Hyperledger community, the Indy codebase, and the entire decentralized identity ecosystem. It will be an important step for me on becoming a professional software engineer.

2. I see blockchain technology becoming significantly used by public institutions (e.g., banks, universities). Also, I hope it will become more user-friendly and, as a result, more people will get involved in its development. Besides, some improvements should be made in blockchain-based systems (e.g., Bitcoin, Ethereum) with respect to its logs storage, which already takes a significant amount of memory.

3. One issue I hope blockchain can solve is a decentralized identity. Today’s main identification method requires users to login into every application (e.g., Facebook, Amazon) they interact with. Therefore, each user has dozens of login/password sets to remember (which also should be changed periodically). It is important to have a single and decentralized identity, as it will increase user’s security and user’s experience.

A V Lakshmy

Pursuing a Bachelor’s degree in Computer Science and Engineering at IIT Madras in India

Hyperledger intern project: Extended Support for EVM and and Tooling in Hyperledger Fabric

  1. I am an undergraduate student in the Department of Computer Science and Engineering at the Indian Institute of Technology Madras (IIT Madras), India. Being a Computer Science student, I like to keep learning about new technologies. I first learned about blockchains by reading about Bitcoin, and other blockchain platforms, in newspapers, magazines, and on the Internet. I was amazed at the way blockchains could utilize distributed ledgers to eliminate the need for trusting third-parties in transactions! More recently, my uncle told me about the Hyperledger Summer Internship Program. I viewed this as a great opportunity to work on a project relating to blockchain technology, the talk of the town these days! During this internship, I am going to be working on a small portion of the integration of EVM (Ethereum Virtual Machine) into Hyperledger Fabric. This project has really interested me because I will get to learn about two different blockchain platforms, Hyperledger Fabric and Ethereum, and understand their similarities and differences. Moreover, this is the first time I will be engaging in open source development, and I am pretty sure this will be a great learning experience for me!
  2. Blockchains have the potential to completely change the way businesses, governments and societies function. I envisage a future where money-related transactions will be carried out in real time using blockchains. Tracking the movement of goods in the supply chain will become completely transparent. Each person will have a unique digital ID on the blockchain, which can be used not only for authentication on a global scale, but also to keep personal information safe and secure. But, in order to live up to its potential, blockchain technology will have to deal with challenges such as scalability, regulations, and so on. To incorporate blockchain technology into their current legacy framework, companies will have to do a complete revamp,  which will obviously be very expensive. For widespread acceptance of blockchains, a change in mindset of the public will also be required. If we are able to come up with ways to deal with these problems, blockchains will surely revolutionise the world!
  3. In today’s world, there is a lot of corruption in business transactions. Bribing and under-the-table dealings have become very common. Many times, people who are supposed to receive money don’t actually receive it, as it is pocketed by some middle-man. Blockchains provide a distributed ledger to store information about transactions in a tamper-proof manner. So, blockchains can be incorporated into businesses, making all transactions completely transparent. Every transaction can be seen publicly, which will discourage people from taking bribes, or pocketing others’ money. And, wrongdoers cannot try to cover up their shady transactions by trying to change the contents of the ledger, as they will surely be caught by others on the blockchain during the verification process. Thus, I feel, blockchains may be an effective way to curb corruption!

Ahmad Zafar

Pursuing a Masters degree in Computer Science at Information Technology University in Pakistan

Hyperledger Intern Project: Running Solidity Smart Contracts on Hyperledger Fabric or Vice Versa

  1. After completing my Bachelor degree in computer science, I started working in the industry for almost two years. But my future plan was something else. I wanted to do research in different fields of computer science. I explored different things, which are exclusively demanding related to my field. The specific field that attracts me a lot is blockchain. After discussing with fellow teachers in Information Technology University, I learned about the opportunity to be a Research Associate, working on blockchain technology. It was a great pleasure for me to work on my desired direction. Here I started my research on Hyperledger Fabric, in which I explore many things. My aim is to learn to write smart contracts in an efficient way, so that I can deploy applications on Hyperledger Fabric. The project that I selected enabled me to enhance my skills related to it.
  2. In my country, Pakistan, most of the people involved in the computer science field do not know about blockchain. Until a few months ago, most of the people considered Bitcoin as blockchain. Many think that blockchain is only used for cryptocurrencies. But the truth is, blockchain can deal with storing and transmitting information, automating the purchase process, improving transaction flow, securing the supply chain, etc. Nowadays people are well aware of blockchain through seminars conducted at universities and industry level. And many companies have started working on it. Furthermore, in my university, ITU, a lab is being set up only for blockchain research. 35 to 40 people will be hired including research associates, Phd Students and experts. Blockchain is providing enhanced transparency, greater scalability and better security. For these reasons, people are traversing to it to achieve various innovations to increase profits and strengthen relationships across the supplier. And in the next five years blockchain will be commonly known to IT people.
  3. Nowadays banks are using some middle organizations for getting services from other companies for scalability such as payments of utility bills, loading mobile accounts, transactions among cross banking, etc. For example, banks uses a middle organization for telecom services to recharge the mobile account. Blockchain can eradicate the middle organization from the banking system. We can use Hyperledger Fabric channels, and shared ledger and smart contracts for this purpose. This leads to a decrease in time, extra charges and improves traceability of transactions.

Sanchay Mittal

Pursuing a Bachelor’s degree in Computer Science at BML Munjal University in India

Hyperledger intern project: UTXO Transactions in Iroha

  1. I first heard about blockchain from my brother Sachin Mittal. It’s astonishing features like distributed, decentralised, shared, authenticated, auditable, immutable and many more fascinated me and drove me to understand the very depth of this technology. Learning more about Bitcoin and other cryptocurrencies, I got to learn its limited implementation in the financial exchange. But, with the advent of Ethereum, things changed. Smart contracts showed the pathway of automating and regulating industries on DLTs. But many restrictions such as the principle of hierarchy of any organization were compromised and every network started its own cryptocurrency just to fabricate itself with the name ‘blockchain’. The problem was solved by Hyperledger Iroha, which is a permissioned blockchain with prebuilt commands hence easy to incorporate into infrastructural projects requiring DLTs. My project allows me to understand this very innovative technology and to add a new feature, a UTXO based transaction model that is currently used by bitcoin
  2. We are witnessing the beginning of a new chapter in human history, just like when the internet came along and changed so many aspects to the way we used to live. Based on the current rate of evolution, I believe blockchain solutions could reach their full potential in the next five years. The maturity of blockchain has started to soar, its development is starting to have a material impact on every individual. The true nature of equality is here, which means of power is changing, thinking is changing. Blockchain and its development are starting to have a material impact on everyone’s life. Governments have already stated that they have much interest in blockchain technology and they want to learn more about its development for adapting it to their local financial systems. Unlike the dot-com bubble, I think blockchain technology is here to stay and it will be adopted by almost every field globally. The global leaders in government, finance, banking, IoT, supply chain, manufacturing, technology are acknowledging its potential.
  3. The issue I hope blockchain can solve is our centralized internet and social networks. People, without even blinking an eye, sign and agree to privacy policies that give the mainstream companies the power to use their data in any way they see fit. Privacy and security of individuals depend on their behavioural data which can be hacked (Experian) or misused (Cambridge Analytica). With blockchain, users will be able to choose whom to show their  content to and be able to set their own restrictions while determining how and where it gets distributed. They’ll also have full control of their private data. No more storing it on centralized servers and losing it when these servers go down or when their security gets breached.

We’re happy to welcome such a solid group of young people to the community and look forward to seeing all that they contribute. We hope you join them in the effort by contributing to Hyperledger projects. You can plug into the Hyperledger community at github, Rocket.Chat the wiki or our mailing list. As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions: info@hyperledger.org.

Be sure to check back for the second post in this series that will highlight the other six interns we will have this summer!

 

Enterprise Blockchain Demos & Presentations at Consensus

By | 网志, Events, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha, Hyperledger Sawtooth

Next week we will be busy at Consensus, happening in New York May 14-16. Consensus is a great event for our members to set the stage and speak to what’s happening in the Hyperledger community, as production blockchain deployments have been heavily increasing. Many members will demonstrate applications of distributed ledger technology for financial services, supply chain, identity management and various other use cases.

These demos highlight true collaboration and maturity of Hyperledger technologies across many industries. As we head farther into 2018, we’re excited to see how these frameworks continue to evolve and improve business processes across many other industries.

Hyperledger members will showcase the following demos and presentations at the Hyperledger booth (#315):

Monday, May 14

10:20am: IntellectEU – Enterprise Blockchain integration with IoT devices and back office systems by Hanna Zubko, CEO and Paulo Rodrigues, Global Business Developer Manager and CEO Portuguese Offices

This presentation will cover a real customer case leveraging Blockchain technology to offer a new insurance product: a flexible pay per mile insurance based on the real car mileage and condition, calculating the insurance premium rate and quoting the offer based on the accumulated data received from the IoT device installed in the car. This pilot project is based on Hyperledger Fabric 1.0 and IntellectEU’s Catalyst integration solution. Catalyst serves as a hub for connecting the insurance database, emulated IoT device, end user application and the ledger itself. Catalyst listens to the changes on all data sources and based on the business rules applies the corresponding logic.

12:30pm: SecureKey – Using Hyperledger Tracking to Make Frictionless Digital Identity Possible by Matt Jaksic, Business Development

SecureKey will demonstrate Verified.Me, its digital identity network launching later this year that will put consumers in control of how they validate their identities. Collaboratively created by leading organizations across many different sectors including Canada’s leading banks, Verified.Me will enable consumers to privately, securely and conveniently share information from trusted providers such as banks, telecommunications companies and governments. The platform is designed to empower the consumer by giving them the ability to explicitly choose what information to share, when to share it and with whom. Come see how Verified.Me can change the way we get things done faster and securely online, in person and on the phone!

1:00pm: Thales eSecurity – Enterprise ready high security blockchain by Jon Geater, Chief Technology Officer and John Velissarios, Managing Director at Accenture

Accenture has developed an enterprise ready blockchain solution with enhanced cryptographic security from Thales eSecurity Hardware Security Module. It provides an immutable audit trail proving hardware, software and documentation authenticity and compliance across supply chains. Using CryptoSeal and FPGA fingerprinting technology, they are able to give materials in the supply chain a unique identity to prove authenticity. This combination of technologies allows someone to securely and transparently track all kinds of transactions, between OEMs, suppliers, manufacturers and customers. This dramatically reduces time delays, added costs, and human error that affect the surety of transactions underpinning our supply chains today.

3:00pm: Omnitude – Seamless Blockchain Integration by Martyn Brougham, COO Americas, and James Worthington, Blockchain Consultant

Omnitude is a middleware plug and play blockchain built on Hyperledger Fabric, for use across the whole spectrum of enterprise and eCommerce platforms and allows eCommerce businesses to adopt blockchain quickly and efficiently, without needing to replace current systems. The presentation will show how Omnitude allows eCommerce and enterprise businesses to adopt blockchain quickly and efficiently, without needing to replace current systems.

3:50pm: DLT Labs – DLT Wallet by David Freeman, Director

DLT Labs will be showing off their DL Digital Wallet, a sophisticated peer-to-peer network powered by Hyperledger Fabric, offering security, efficiency, and convenience for an overall improved customer experience. DL Digital Wallet facilitates seamless account overview, accommodates company loyalty programs and management, and is integrated with leading e-payment service providers. The cost of each transaction is fixed irrespective of value transferred and received and is significantly less costly than other charges by any payment network today.

Tuesday, May 15

10:20am: ScanTrust – “Cambio” Your Coffee: Using Blockchain to Drive Ethically Sourced Coffee by Tobias Kars, VP of Product & Delivery and Nathan J. Anderson, CEO/Co-founder

As tech-savvy and socially conscious consumers seek more information about the sustainability of the products they consume, businesses need to adapt and find ways to track their relationships with suppliers and communicate this to their customer base. This demo highlights how ScanTrust and Cambio Coffee, a leading Asian direct trade specialty coffee company, leverage Hyperledger Sawtooth to deliver greater supply chain transparency within the coffee industry and bring to light trusted product information.

12:30pm: Soramitsu – Hyperledger Iroha by Makoto Takemiya, Co-CEO

Hyperledger Iroha 1.0 is close to being released and has many new features and architectural differences from previous versions. In particular, a new consensus algorithm, YAC, has been developed that allows for full Byzantine fault tolerance. Predefined commands to perform common tasks, such as creating and transferring assets, allow programmers to quickly build applications on top of Hyperledger Iroha. Come by to see what’s new with Hyperledger Iroha!

1:00pm: Evernym – Verifiable Credentials with Hyperledger Indy and the Sovrin DLT by Drummond Reed, Chief Trust Officer and Judd Bagley, Sr. Communications Director

Evernym will share a live demonstration of the use of Verifiable Credentials on the Sovrin DLT, powered by Hyperledger Indy. The demo will include a brief overview of key concepts, then show actual business cases for how a self-sovereign identity owner can be issued verifiable digital identity credentials into a mobile digital wallet and then present them to relying parties who can verify them by checking public keys on the Sovrin ledger. The result is much simpler, faster, more secure, and more privacy-respecting digital identity as well as powerful new types of decentralized online relationships. Evernym personnel will be in attendance for Q&A during and after the demonstration.

2:10pm: Oracle – Hyperledger Fabric in Enterprise-Grade Cloud by Deepak Goel, Sr Director, Software Development

Oracle’s blockchain cloud service, built on Hyperledger Fabric, provides a hardened enterprise-grade platform for building blockchain applications and enabling existing enterprise applications to use distributed ledgers and trusted transactions. In this demo, they will show how it enables rapid experimentation and provides a production-ready blockchain infrastructure to realize successful use cases in production environment with high availability, enterprise security, dynamic scalability, and ease of operations built into the platform. They will walk you through the tools in the operations console and demonstrate how Hyperledger Fabric configuration, operations, and monitoring has been simplified and how developers and IT operations can be more productive leveraging Oracle’s blockchain cloud service as their Hyperledger Fabric platform.

3:50pm: Greenstream Technology – Blockchain Meets Cannabis: Emerging Tech for an Emerging Industry by Manu Varghese, Chief Product Officer and Jim Anastassiou, VP Engineering

Greenstream Network is an industry-wide gateway solution that will allow Licensed Producers, Retailers, Regulators and other industry stakeholders to communicate, interoperate and transfer assets and value through the Canadian cannabis ecosystem. The emerging Cannabis ecosystem faces a plethora of challenges like Trace and Track of the goods through the supply chain, auditing and compliance issues, process integrity, slower payments and challenges with respect to identity validation. Greenstream provides three key solutions: Supply Chain Integrity, Payments and Settlements Engine and Self Sovereign Identity. The Greenstream ecosystem is based on a permissioned DLT model and uses Hyperledger frameworks such as Hyperledger Fabric, Burrow and Indy to achieve specific objectives. This talk outlines the options considered and the factors evaluated; challenges faced and the learnings learned etc.

Wednesday, May 16

12:15pm: B9lab – Someone needs to build it: closing the Hyperledger talent gap by Elias Haase, Founder

Every day, B9lab gets requests for Hyperledger Fabric developers, from concept-phase startups to major enterprises. However, as these requests grow, so does the need for thorough vetting and certification in the Hyperledger talent market. How do you know if the developers you are hiring are as good as they say they are? Come see this presentation to find out!

12:45pm: REMME – REMME WebAuth – passwordless authentication powered by blockchain by Alex Momot, CEO

REMME WebAuth is a first and one of the basic DApps in the REMME ecosystem. This demo will demonstrate how users (employees or clients) could log in into the browser service via REMME in one click. REMME is an access management solution that obsoletes passwords. For each device users generate certificates. Once it is installed on a device it enables one-click authentication on the service that has REMME integrated with. REMME WebAuth could be integrated with any service, from crypto exchange to big enterprises’ intranets or web services.

1:45: Altoros – Decentralization of P2P Securities Transfer Implemented on Hyperledger Fabric by Greg Skerry, Blockchain Solution Architect, Trainer

This presentation will cover details of a working blockchain project implemented for a National Settlements Depository Institution: decentralized platform for peer-to-peer securities transfer and keeping the records of securities owned by each holder. The solution developed on the Hyperledger Fabric framework keeps an immutable, auditable chain of records reflecting securities ownership transfers. This presentation will focus on the product functionality: how the platform works; how it can be adapted for transferring different types of assets or rights, incl. intangible assets.

In addition to these demos and presentations, several Hyperledger members including MedicalChain, Embleema and Change Healthcare will participate in the “State of Blockchain in Healthcare” panel at Consensus 3:10pm on May 15.

You can also join Hyperledger on the last evening of Consensus from 6-8pm at the Meetup: “The Hyperledger Greenhouse: Meet Developers Building Blockchain Frameworks” to get a chance to network and hear directly from developers of several Hyperledger frameworks! Tracy Kuhrt, Community Architect at Hyperledger, will provide an overview of the frameworks and tools that you can leverage for your enterprise blockchain solution. Then breakout sessions will give you the opportunity to have a deeper discussion to learn more about Hyperledger Fabric, Sawtooth (Seth), Indy and more. Please bring your burning questions about how to get started and participate in the Hyperledger community.

Be sure to follow Hyperledger on Twitter for the latest updates at Consensus. We look forward to an exciting week and seeing everyone there!

 

The Dutchess Project: A Tale of True Interoperability Between Multiple Blockchains

By | 网志, Events, Hyperledger Indy, Hyperledger Sawtooth

As we gear up for Consensus 2018, and for the great Building Blocks Hackathon, we thought it would make sense to resurface a blog on The Dutchess Project from last year’s hackathon that demonstrated radical interoperability across the following technologies:

  • Public Ethereum accounts to transfer money
  • Solidity for business logic using smart contracts (the Dutch Auction, Escrow, Release of Funds)
  • Quorum (JP Morgan’s fork of Ethereum) for encrypting transaction payloads
  • Hyperledger Sawtooth simulating a Trusted Execution Environment (TEE) for Chess moves validation, approvals and auditability.
  • HACERA’s Self-Sovereign Decentralized ID implementation (using DIDs) for registering identity tokens and creating a permissioned and public identity chain (for secure verifiable claims)
  • Microsoft Azure cloud deployment

Ten project teams took home awards from the Consensus 2017: Building Blocks Hackathon. Among them was Dutchess, a chess game built with four blockchain technologies by Jonathan Levi, Sergey Klimenko, Elan Perah and Michael Bogdanov from the HACERA team. This project beautifully illustrates how different blockchains can handle isolated responsibilities while still working together within a larger system.

Dutchess won two challenges in total. It won the Enterprise Ethereum Alliance challenge to “use an Enterprise Ethereum Alliance stack to create a decentralized Dutch auction network with secret bid matching” and the Microsoft challenge to “leverage Microsoft Azure as part of your blockchain project.”

The HACERA Dutchess team: Jonathan Levi, Sergey K, Michael B and Elan Perah receiving the Enterprise Ethereum Award from Jeremey Millar (Consensys) and Sandra Ro (CME Group)

We spent an hour with Jonathan to learn about the Dutchess project and what blockchain developers can learn from it. At the beginning of the hackathon, Jonathan wanted to build something useful, participate in as many of the challenges as possible, learn new technologies, and apply blockchain development expertise from his company to a project. Jonathan is the founder of the blockchain technology company HACERA, which works with several blockchain technology stacks to provide secure identity and access control management of users, devices and data on blockchains. This experience shines through in the way the Dutchess project uses multiple blockchains in an auditable and verifiable chess game with identity protection and privacy preservation.

 

Dutchess uses four blockchain technologies: Ethereum, Quorum, Hyperledger Indy, and Hyperledger Sawtooth

There are six steps to each Dutchess game, which use a total of four different blockchain technologies to implement. The project uses Ethereum for payments, Quorum for smart contracts, Hyperledger Indy for identity management, and Hyperledger Sawtooth for auditable computing. In addition, the project uses three instances of Microsoft Azure. Here’s how the project leverages these technologies across the six steps.

Step 1: Bidding in a dutch auction and sending funds into escrow

Two users, each of whom has some funds in Ethereum, can choose to play a chess game that’s preceded by a dutch auction. During the auction, whichever player agrees to pay the auction fee wins an advantage on the game board — the winner plays with all their pieces while their opponent plays without a queen.

This auction uses one instance from Microsoft Azure that runs Quorum, which is a permissioned version of Ethereum. Quorum’s smart contract contains the logic of the auction and the ability to place blocks periodically. Since a dutch auction is a reverse auction, the smart contract starts with a high offer and reduces the offer with each block placed. The offer starts with 100 Ether. At the next block, it’s 90 Ether. At the next block, it’s 80 Ether, and so on until a player places a bid to accept the offer. By accepting the offer, this player wins the auction, gets the advantage, and sends the value of the bid into escrow via Quorum.

Step 2: Registering IDs for Dutchess accounts

With the bidding done, each player moves on to register an ID for his or her Dutchess account. The IDs allow players to play without exposing their actual identity. To the user, it just looks like they are choosing a username, but behind the scenes the game is registering a Sovrin identity using Hyperledger Indy. This registration process outputs a signed token and a waive token. The waive token is the one that you see in the game interface.

Step 3: Play chess with the ID token

Now, players start playing chess with their tokens. Each game has a white player, a black player, a transaction processor, and an auditor. Each time a move is made by a player, the move is sent to the transaction processor, which checks to ensure that the move is valid. If the move is valid, the transaction processor then posts the state of the board to an instance of Hyperledger Sawtooth in the form of a string. This string documents every position of every piece on the board at the end of each turn. Since a new string is committed to Hyperledger Sawtooth at the end of every move, all Dutchess games can be replayed and analyzed one move at a time by reading the string data back from the blockchain.

Step 4: Update ranking

When players complete a game, the auditor sends a ranking agent information about who won, who lost, or if the game was a stalemate. The ranking agent keeps every outcome of every Dutchess games in the Hyperledger Sawtooth blockchain, where it can be queried. The ranking agent also keeps a tally of player rank among all registered Dutchess player IDs.

Step 5: Payment resolution with claims, proof of winning, and proof of ranking

To collect payment after winning a Dutchess game, the winning player must make a claim that he or she won the game. If the claim is true, the ranking agent will issue a signed proof of the win, which the player can take to Quorum for payment resolution.

Players can also use the ranking agent to output a proof of rank instead of a proof of win. For example, the top ranked player could make a claim that they are #1. The ranking agent would issue a signed proof, that yes, they are #1. This proof could be used to prove a player’s rank to some other system, such as a betting system based on player rank.

Step 6: Release funds

As long as the proof from the ranking agent says the player did indeed win the game, Quorum pays Ether out to the winner from the escrow account setup in step 1.

The architecture of Dutchess achieves isolation of responsibility

Here is a diagram of the architecture of Dutchess, as presented at the Consensus 2017: Building Blocks Hackathon:

The beautiful thing about this architecture is how the game completely isolates multiple types of responsibilities. You can play chess in an anonymous way because the chess game doesn’t know your Ethereum account. You can know who won a game without having to know how the game was won because Hyperledger Sawtooth has the play-by-play while the ranking agent only knows wins, losses, stalemates, and a calculated player rank. This allows players to generate a proof of win or proof of rank from the ranking agent without it having to know anything about the amount of Ether being awarded. Finally, Quorum is able to distribute funds without needing to know anything about how wins and rankings are established. Quorum only needs to know that a player won, or that a player ranks at a certain position. Thus, each responsibility within the game is completely isolated.

Implications for business applications built on blockchain technologies

The Dutchess project shows how blockchain developers need not worry about consolidating all functionality of their business applications to one blockchain. Instead, different organizations with different responsibilities can work with the best blockchain for their specific type of responsibility. Sometimes that will be a permissionless blockchain like Ethereum or Bitcoin. Other times that will be a permissioned blockchain like Hyperledger Sawtooth or Quorum. Points of interoperability can be established between one isolated responsibility and another.

The key takeaway here is that any time a business application requires something as a condition of something else, one blockchain can handle the something, and hand a proof of it off to another blockchain that can handle the something else. This architecture of isolated responsibilities can be applied to any kind of real-world application in areas such as auctions, trading, futures, betting, stock trading, equity, asset management, and more.

Next steps for facilitating interoperability between multiple blockchains

In less than two days, the Dutchess team achieved a lot. They made it clear that the problem of working with more than one technology stack is not a technical one. Blockchain developers can start thinking out of the box, connecting blockchains, and doing it securely. A huge amount of value can be created just by facilitating interoperability.Before you start your next blockchain application, be sure to check out the Dutchess game at https://hacera.com/demos.

We can’t wait to see what folks build this year with Hyperledger technologies at the Building Blocks Hackathon prior to Consensus on May 12-13. You can see all the ways Hyperledger will be involved at Consensus here – hope to see you there!

Developer Showcase Series: David Conroy, National Association of REALTORS

By | 网志, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy

We’re back to our Developer Showcase blog series, which serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s incubated projects. Next up is David Conroy, an R&D Lab Engineer at the Center for REALTOR Technology, as part of the National Association of REALTORS. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

Before getting started working in blockchain, I strongly recommend taking the time to learn the strengths and weaknesses of the many different types of blockchain technologies available today. A great way to accomplish this is to take a look at all of the fantastic open source tools out there that already exist for blockchain development. Understanding the basics prior to beginning the development process can be critical to the success of your future applications. My two favorite development tools currently are Hyperledger Composer (https://github.com/hyperledger/composer), and the Truffle Framework (http://truffleframework.com/). If you are looking for online resources for blockchain education, The Linux Foundation has released a self-paced primer on distributed ledgers that is incredibly thorough and also free of charge.

David Conroy, National Association of REALTORS


Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I work for CRT Labs, a research group operated by the National Association of REALTORS®. Our lab focuses on emerging technologies that could potentially affect real estate. Personally, I have been interested in blockchain since I began learning and writing about Bitcoin in 2013. Since then as the technology has matured, it became increasingly apparent that my personal interests were quickly aligning with my professional ones. This is due to the massive implications that blockchain poses for the real estate industry.  In addition to payment and escrow, blockchains could potentially provide the mechanisms for establishing identity, enforcing of contracts, and improving the overall quality of property records.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

At NAR, we are building a Hyperledger Fabric based system that will allow us to more effectively understand how our association interacts with its 1.3 million members. This project will allow us to tie together all of the various educational courses taken, committees served on, and events attended by our members despite the fact that this activity is occurring at over 1,400 local associations nationwide. Our legacy systems lack the functionality to provide a complete, accurate, and verifiable report that shows the complete picture of a members activity within our association. Now with the assistance of blockchain that granularity of reporting is something we are able to provide. This data can then be used to better provide services, aid in leadership development, and allow for increased recognition of our highly involved members. We took advantage of the Hyperledger Composer tool to define our business network and get our initial proof of concepts running quickly.

In addition to the work I’ve done at NAR, I have also entered into multiple blockchain-related programming competitions in my spare time to keep current on latest development trends. Most recently, I was a part of a team that took first place in IBM’s Blockchain and Artificial Intelligence Global Hackathon. Alongside the cash prize, the top finish came with a opportunity to present at IBM’s Think 2018 Conference. The submission was a Hyperledger-based, IBM Watson-powered parking reservation marketplace called The Spot Exchange.

In addition to the for-profit business models, I’ve also looked at Blockchain for social good. For the past few months, I have been working on a project that uses blockchain and artificial intelligence for social good. Specifically – providing identity, education, and family reunification services for Refugee Resettlement. For more information please visit ProjectSafeHarbor.com.

Locally, I serve as co-chair of the two Chicago-based blockchain meetups, Hyperledger Chicago & Chicago Blockchain in Real Estate.

What’s the one issue or problem you hope blockchain can solve?

One area where I believe blockchains have an enormous potential is improving the state of our current systems for establishing our digital identities. Consumers today are unrealistically expected to securely manage login information across hundreds of different websites. Unfortunately, this burden leads to poor password hygiene from many users, while slowly turning popular websites into an ever-growing target for hackers looking for large amounts of personal information. Two projects that I am following very closely that look to solve some of these issues in a decentralized and self-sovereign manner are Hyperledger Indy, and the Ethereum project uPort.