Hyperledger Iroha

Hyperledger Iroha Security Audit Results

By | Blog, Hyperledger Iroha


The time has come again for another Hyperledger project to begin their version 1.0 release process. Hyperledger Iroha is getting close to a 1.0 release and as part of that, Hyperledger hired an outside security auditing firm to review the code and audit it for security vulnerabilities. Nettitude conducted a review of the code this past fall and reported their findings to the Hyperledger security team and the Iroha developers.

The Iroha audit found four security issues, including one that was critical enough to require us to issue our first Common Vulnerabilities and Exposure (CVE) notice. All four issues were tracked using our JIRA and resolved shortly after the audit concluded.

I want to highlight the details of two of the security issues that the audit discovered because they show how easy it is to make bad assumptions about cryptography that results in a critical failure. Crypto code is always difficult to get right and as you will see, knowing good coding practices isn’t always enough. A developer must also be aware of algorithm and implementation details and the guarantees offered by a cryptographic primitive.

Blockchain Review

Before digging into the error, let us review the way things are supposed to work in a permissioned blockchain network. Figure 1 shows the normal process of transaction proposal and verification. In the diagram, Node 1 proposes the transaction by signing it and forwarding it to Node 2. Node 2 verifies the validity of the transaction as well as the validity of Node 1’s digital signature endorsement. Node 2 then endorses the transaction and forwards it to Node 3. Node 3 does the same checks as Node 2 except that it is also careful to ensure that the endorsements from Node 1 and Node 2 are both valid and unique. If everything passes the checks, Node 3 endorses the transaction and forwards it to Node 4. Node 4 now repeats the checks of Node 2 and Node 3 and sees that the transaction has enough valid and unique endorsements to be accepted into the next block of the blockchain. Node 4 transmits the fully endorsed and accepted transaction to all other nodes in preparation of the block construction and consensus steps. It is important to point out that not only is the validity of each digital signature important, but that a transaction also has enough unique endorsements before it will be accepted.

Figure 1—How a transaction is endorsed and validated.

Signature Schemes

Hyperledger Iroha uses the Twisted Edwards Curves based elliptic curve digital signature scheme more commonly known as Ed25519 or EdDSA. Unlike almost every other elliptic curve digital signature scheme, Ed25519 doesn’t take random data as one of its inputs. Most digital signature schemes generate a random number used only once—also known as a nonce (Number used ONCE)1—when calculating a digital signature of a message. The reason for this is because a digital signature is just a message digest encrypted using a public key encryption algorithm. Public key encryption algorithms are trivial to break if there is no nonce or a nonce gets reused, with the same secret key, to encrypt multiple messages.2 This is called a “chosen plaintext attack”.3 Figure 2 shows how a random nonce is used when encrypting the message digest to create the digital signature. By including a nonce, repeated use of the secret key over different messages does not compromise the encryption. Digital signatures using this method are different even though the same secret key and message are used.

Figure 2—Digital signature calculation with random nonce.

The Ed25519 signature scheme used by Iroha is different in that it generates the nonce by processing the inputs to the signing algorithm and thus repeated signatures of the same data with the same key result in the same encrypted data.4 This doesn’t compromise the key because the nonce is still different for different inputs. Figure 3 illustrates how the nonce for an Ed25519 digital signature is calculated from the input message and are therefore deterministic rather than generated randomly. Digital signatures using this method are the same when the same secret key and message are given.

Figure 3—Digital signature calculated with deterministic nonce.

The Bug

The flaw in Iroha was that the developers wrote the signature checking code to assume that signing the same data with the same key would always result in the same encrypted data. When determining if a transaction has enough different signatures to be valid, the code was comparing the public key bytes as well as the digital signature bytes when testing to see if two signatures were different. Figure 4 shows how the public key bytes and the digital signature bytes were combined when checking to see if two endorsements were different.

Figure 4—Flawed endorsement check that includes digital signature bytes.

The auditors at Nettitude created a modified version of the Ed25519 signature library so that it instead used random nonces, thus creating different encrypted data for the same secret key and message data. Figure 5 shows how the comparison of endorsements fails when random nonces are used. The resulting endorsements are not the same even though the message and secret key used to sign the message are the same.

Figure 5—Random nonces produce different signatures from the same inputs.

The result is that other nodes in the Iroha network—nodes running unmodified Ed25519 libraries—correctly validate the signatures because the public key correctly decrypts the digital signatures but the code for testing the uniqueness of the signatures is fooled. Each validating node sees different signatures for the same data and the same secret key and assumes they are unique endorsements and that the transaction is properly endorsed. Figure 6 shows how the Nettitude engineers were able to fully bypass this check with their single malicious node. It resulted in a bypass of the Byzantine guarantees of the system.

Figure 6—A malicious node bypassing the Byzantine checks.

The Fix

The correction for this security bug is to change the transaction and block signature validation code to first check that all signatures are valid and then check only the public keys for uniqueness when determining if there are enough valid and unique signatures on a transaction or block. Figure 7 shows how the scenario in Figure 6 plays out with the fixed code. Again a malicious node with a modified Ed25519 implementation signs a transaction multiple times with the same key. The signature bytes are unique, but the keys are not. When the other nodes in the network check the transaction, they see three valid signatures but the keys are not different. Each nodes determines that there is only one unique and valid signature and rejects the transaction.

Figure 7—A malicious node unable to bypass the Byzantine checks.

Two bugs were filed, one for transaction validation and one for block validation to address this flaw. The first bug is titled “multi-signature transactions can potentially be authorised by single user”5 The second bug is titled “vote early, vote often”6 Both flaws were fixed shortly after the report was given to us from Nettitude and the current version of Iroha has been fixed.


It is very important for developers to understand the subtleties of cryptography and applying it to engineering problems. Careful study and consideration of the guarantees and assumptions is required as well as multiple reviews from other engineers with similar knowledge and attention to detail. The “many eyeballs” theory of open source software development does work. This audit proved it.

The management and technical reports from the audit can be found on the Hyperledger wiki.



All Are Welcome Here

By | 网志, Hyperledger Burrow, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha, Hyperledger Sawtooth

A Minneapolis coffee shop that has fueled or at least caffeinated a lot of Hyperledger commits.

One of the first things people learn when coming to Hyperledger is that Hyperledger isn’t, like it’s name may imply, a ledger. It is a collection of blockchain technology projects. When we started out it was clear almost immediately that a single project could not satisfy the broad range of uses nor explore enough creative and useful approaches to fit those needs. Having a portfolio of projects, though, enables us to have the variety of ideas and contributors to become a strong open source community. Back in January of 2016 Sawtooth and Fabric were both on the horizon followed shortly by Iroha, but we wouldn’t have predicted that we would have Hyperledger Burrow and Hyperledger Indy – two projects that bear no resemblance to each other. Burrow is a permissioned Ethereum-based platform and Indy is a distributed identity ledger. Burrow is written in Go, and Indy was created in Python and is porting to Rust.

Both of these platforms are interesting in their own rights, but Hyperledger is even more interesting for the combination of these projects with the others. Both Sawtooth and Fabric have already integrated with Burrow’s EVM. Now Hyperledger has a set of offerings that can simultaneously satisfy diverse requirements for smart contract language, permissioning, and consensus. Likewise Sawtooth and Indy have been working together at our last several hackfests. The results of that may unlock new use cases and deployment architectures for distributed identity. So it’s not that our multiplicity of projects has given us strength through numbers, but rather strength through diversity.

Hyperledger Hackfest – December 2017 at The Underground Lisboa

The hackfests that we mentioned are one of the rare times that we get together face to face. Most of our collaboration is over mail list, chat, and pull-requests. When we do get together though it’s always in a new city with new faces. One of our most recent projects was hatched inside one of those buses. It wasn’t the most ergonomic meeting I’ve ever had but there was room for everyone on that bus.

Hyperledger Hackfest in Chicago

Our hackfest in Chicago was in a lot more conventional surroundings (still a very cool shared creative space .. lots of lab equipment and benches out of view on the other side of the wall to the right). Looking back at this photo is fun for me. I can see a lot of separate conversations happening at each table… people sharing different ideas, helping ramp new contributors, working on advancing new concepts with existing contributors. I can see a lot of similarity but also a little variety. It’s a busy room but there’s still open chairs and room for more variety.

Our next hackfest won’t be until March 2019 (Hyperledger is hosting Hyperledger Global Forum in December in Basel though). The March hackfest will be somewhere in Asia – location to be settled soon. The dates and locations of the other 2019 hackfests aren’t set yet. I don’t know where they will be specifically, but I do know that there will be a seat available and you will be welcome there.

These face to face meetings really are more the exception than the rule at Hyperledger. There are now more than 780 contributors spread all across the globe. 165 of those were just in the last few months. That means that every day we have a new person contributing to Hyperledger. Most of our engagement is through the development process. People contribute bug fixes, write new documentation, develop new features, file bugs, etc. If you’ve never contributed open source code before getting started might be intimidating. We don’t want it to be, though. There are a number of resources to help you get started. You can watch this quick video from Community Architect, Tracy Kuhrt. There’s documentation for each project, mail lists, a chat server, working groups, and some of the projects even host weekly phone calls to help new developers get engaged. Everyone in Hyperledger abides by a Code of Conduct so you can feel comfortable knowing that when you join any of those forums you will be treated respectfully. Anyone who wants to get involved can regardless of “physical appearance, race, ethnic origin, genetic differences, national or social origin, name, religion, gender, sexual orientation, family or health situation, pregnancy, disability, age, education, wealth, domicile, political view, morals, employment, or union activity.” We know that to get the best ideas, best code, best user experience we need your involvement. Please come join our community.

Image created by for Hyperledger

As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions:

(9.19.18) JAXenter: Blockchain development made easy: Getting started with Hyperledger Iroha

By | Hyperledger Iroha, News

Our ‘Blockchain development made easy’ series continues with Hyperledger Iroha, a simple blockchain platform you can use to make trusted, secure, and fast applications. What are the advantages and how can developers get started with it? We talked to Makoto Takemiya, co-founder and co-CEO of Soramitsu about what’s under this project’s hood.

More here.

Hyperledger 2018 Summer Mentors Recap

By | 网志, Hyperledger Cello, Hyperledger Fabric, Hyperledger Iroha

Our interns did some great work on some very meaningful projects this summer. We’ve shared details of their work here. Of course, the program wouldn’t work without the time, effort and input our mentors provided. Many of them went the extra mile and provided their take on lessons learned, what they gained by being a mentor and advice for future interns as well. Here is some of the wisdom they shared:

Baohua Yang, Principal Architect, Oracle Blockchain (Project: Design Effective Operational Platform for Blockchain Management)

Lessons learned:

The intern’s self-motivation is important as is his/her interests with open-source projects.

What you got out of being a mentor:

I was very glad to help new person to get involved into the open-source world.

Advice for those interested in interning in the future:

Knowledge or skill is not the most important thing to learn as an intern. The Hyperledger internship is a great opportunity to help you learn open culture and principles to participant a teamwork.

Dave Huseby, Security Maven, Hyperledger, The Linux Foundation (Project: Simulating Hyperledger Networks with Shadow)

Lessons learned:

The primary lesson I learned is to choose the right size for an intern project. I was ambitious in what I asked my intern to do. It turns out that blockchains are complicated pieces of software and getting them to run under a simulator is difficult. That said, the reduced scope we agreed upon mid-summer was met and we did advance this effort.  I’m hoping that an intern next summer will pick up where my intern left off.

What you got out of being a mentor:

It was interesting to see our community through the eyes of a newcomer.  I got involved with open source communities so long ago that I forgot what it was like to be new.  I had forgotten all of the mental shifts (e.g., don’t ask for permission, just do) and leaps of faith (e.g., here’s my code, please be nice) that a developer has to make to be a successful contributor to an open source project. It takes real courage to contribute code and fully participate in a community where you know nobody. I really enjoyed encouraging Martin when things got tough. More importantly, the best thing I got from being a mentor was a new friend.  Martin is a really good person.

Advice for those interested in interning in the future

Be prepared to work hard. Working remotely is difficult and not a normal way of working. It takes a great deal of self-discipline, and as I said above, it takes real courage to submit code to people you don’t know and be judged by your contribution.  Be prepared to learn. With the right attitude, an intern can get some real rubber-meets-the-road experience. There’s a big difference between a recent computer science graduate and a work-a-day programmer. An internship working on open source software can go along way towards making you a work-a-day programmer.

Jay Guo Software Engineer, IBM (Project: Extended Support for EVM and and Tooling in Hyperledger Fabric)

Lessons learned:

We should set realistic goals for interns, and we should give them enough time to climb the learning curve.

What you got out of being a mentor:

Mentoring requires more than technical skills. I learned a great deal of project management, communication and presentation skills

Advice for those interested in interning in the future:

  • Remote internship is hard and timezone difference makes it even harder. Both mentors and applicants should take this into consideration. Being located in the same city would make life much easier.
  • Communication is a key part of internship. Interns should proactively seek help from mentors, and this is a quality that mentors should pay attention to when interviewing candidates.

Swetha Repakula, Open Source Developer, IBM Digital Business Group (Project: Extended Support for EVM and and Tooling in Hyperledger Fabric)

Lessons learned:

  • Most of my lessons comes from the fact that this was a remote internship. I underestimated the difficulty that comes from both not being able to work together in person as well as being able to finding a reasonable time for everyone involved to be able to speak. Because of this, I think projects that are suggested for this program either have to be very structured and scoped or the project needs to be isolated enough that the intern is able to make progress without other people. The solution to this we found was scheduling regular calls and asking for daily reports on progress to make she was on track.
  • Another thing I learned was making sure our intern felt comfortable asking questions and not feeling like she was alone. Creating that environment was our number one goal because interns shouldn’t feel like they are expected to do everything by themselves. We found that explaining our expectations to her and constantly encouraging her to ask us questions was the best solution to this.
  • My final takeaway was setting realistic goals for the internship. Goals can refer to the actual progress of the project, but I viewed the internship successful if our intern was able to end the program with a skill set she could apply to whatever she planned to do next. Of course our intern produced results, but what I was most proud of was when she understood concepts such as test-driven development or breaking down a project into smaller achievable tasks. Those are the skills that will make her a good developer and, in the end, the goal of this program is to enrich our interns, not necessarily just got some work done for our projects.

What you got out of being a mentor:

  • I have always enjoyed sharing knowledge, and this program gave me the opportunity to do that. My proudest moment easily was when my intern spoke about how the things we taught her during the internship directly applied to her current classes. As I mentioned above, our first goal was to make sure our intern learned enough that she could apply it to the rest of her career.
  • I found though that mentoring someone was not just about teaching but required some managerial skills. That would involve making sure my schedule allowed enough time for me to be available to guide my intern, ensuring she was making enough progress at the correct pace and helping her get the resources she needed to complete her work. This is was a very new experience from me.

Advice for those interested in interning in the future:

  • I recommend that those who wish to intern in the future be honest, whether that is about their skill set, their availability, or their professional interests. Our intern was clear about what she understood or didn’t understand and that really helped make sure the limited time we had was focused on what she was stuck on.
  • Be proud of your current accomplishments. As mentors we aren’t expecting you to necessarily have experience in the topics we are working on. What I look for is someone who is driven and passionate about the work they do. So be able to talk about those accomplishments, regardless of whether it is a class assignment or a huge project you have worked on.
  • Communication is key for anything you work on. Focus on being to explain your ideas clearly as well as relaying what you have done in the past. And, lastly, come with your ideas and questions.

Sheehan Anderson, Vice President/Director of Architecture, State Street (Project: Hyperledger Fabric Chrome Extension)

Lessons learned:

Working remotely brings unique challenges, especially when starting a new project. There were several of steps we took that worked really well throughout the internship.

  1. Have a plan laid out on day one that covers the length of the internship. Understand what parts of the project should be functioning by the end of each week as 12 weeks will go by really quickly. You don’t want to be spending time deciding what to do at the start of each week.
  2. Communication is important. Have regular video conference calls to demo what has been built, discuss any blockers, make sure that next steps are understood, and just to get to know each other. Be available on Rocket.Chat ( so you can answer questions. Also, encourage your intern to reach out in the various channels when they have a question. It’s a great way to meet other Hyperledger developers.
  3. Be flexible. Chances are that your 12 week plan will encounter at least some roadblocks. Be quick to remove or alter features if they are taking longer than expected to build.

What you got out of being a mentor:

Hyperledger Fabric is no longer a new project. I started as one of the original developers and now spend most of my time writing applications that run on the Hyperledger Fabric platform. I’m surrounded by people with similar experience. Having a chance to work with someone who is both new to Hyperledger and early in their software engineering career brings new perspectives that are important. A risk of working on the same thing for too long is that you get used to the way things are and don’t stop and question why something is done in a particular way and if there may be a new or better alternative. Being a mentor requires you to both be able to explain the existing architecture and answer those “why” questions that you may have ignored otherwise.

Advice for those interested in interning in the future:

The interns that really stood out during the interview process had built projects utilizing existing open source projects. This showed that they had curiosity, determination, and the ability to self-learn and get unstuck when faced with an obstacle. Sometimes contributing to existing open source projects can seem daunting or have a very steep learning curve. Creating your own small project that makes use of an existing open source project can be a great introduction to various open source communities and will also show that you have the skills needed to succeed in a program like the Hyperledger internship.

Salman A. Baset, IBM (Project – Running Solidity Smart Contracts on Hyperledger Fabric or Vice Versa)

1) Lessons learned:

To have a successful internship outcome, a project needs to be crisply defined, have an intern who possesses the necessary background and is excited to learn, and have periodic sync ups with the intern. I was fortunate to have an intern who had background in compilers and was excited to learn both Ethereum and Hyperledger Fabric in order to translate Solidity smart contracts into Javascript for Fabric. We leveraged Zoom and Hyperledger Rocket chat for communication.

The key takeaway from the project is that it is possible to write smart contracts for one platform that run in another without making changes to the core platform. Perhaps, a bigger lesson is that there is a need to write smart contracts in a language that can be run on any target platform (similar to Java). Hopefully, next year, we can have a project to develop a smart language that targets multiple blockchain platforms within Hyperledger.

The project is available as open source with Apache 2.0 license and will soon be converted to a Hyperledger Lab. The source code is available here:

What you got out of being a mentor:

I had the satisfaction of supervising a hardworking intern who was able to create running code for the seemingly difficult idea of running Solidity contracts on Fabric. My hope is that the project does not end with the culmination of the internship and sparks interest among other members of the community.

Advice for those interested in interning in the future:

Asking questions to your mentor and seeking solutions on your own from members of community is very important.

We would also like to recognize the mentors for all the time, effort and input they provided! As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions:

Hyperledger 2018 Summer Interns Recap

By | 网志, Hyperledger Burrow, Hyperledger Cello, Hyperledger Fabric, Hyperledger Iroha

It’s suddenly September and so it’s time to check in on our Hyperledger summer interns and mentors. Read on for more about five of the projects our interns tackled. We asked the interns about their summer with Hyperledger.

Here, their own words, are the goals, successes and lessons learned from each intern:

Ahmad Zafar (Project: Running Solidity Smart Contracts on Hyperledger Fabric or Vice Versa)

Project goals:

I was working on Running Solidity Smart Contracts on Hyperledger Fabric Project. The Solidity smart contracts are easy to write and are widely used by developers. The aim of this project was to help the developers to translate the publicly available Solidity smart contracts into readable and, hopefully, functionally equivalent Hyperledger Fabric contracts without writing the contracts from scratch. For Hyperledger Fabric, we chose Javascript language. Our goal was to translate 70-80% of the Solidity grammar/programs correctly into fabric smart contracts that are also human readable to make them easy to understand and change.


I have successfully translated approximately 65-70% of solidity code to javascript code for Fabric smart contracts. Examples of language features include types, expressions, functions, events, function modifiers, structs, and single inheritance. Since Ethereum is a public blockchain with notions of Ether (Cryptocurrency) and Ether transfer, I had to provide functional equivalence in terms of Ether transfer on Fabric – (we ignore gas for now).

I have also translated 15 Solidity smart contracts examples to javascript code. These contract have been taken from different places. Some are from solidity documentation, and some are from github repositories, including the ERC20 token format which is used to create ICOs. These contracts were chosen with my mentor to cover a large number of Solidity features.

My translator will work on other contracts as well if the contract has 65-70% of the common components. My translated code and all examples that I have tested are placed on my github repository along with all the other content related to my project, including which components we have covered, how you can run this tool and results of my translated code.

Lessons learned:

For developing a translator from Solidity to Fabric, one has to have knowledge of compilers and has to learn both Solidity and chain code and both frameworks for testing code. Before starting this internship, I worked on compiler construction in my university project. The scope of that project was not big but making a translator for complete language was a massive task for me. Successfully completing that project boosted my skills in writing translator tools for different things. However, before starting this project, I had little knowledge about Ethereum and Hyperledger Fabric smart contracts. After this project, I have become skillful enough in writing both Ethereum and Fabric smart contracts. Other than languages, I have learned how to run contracts on both frameworks and their architecture. In short, I learned many things related to Ethereum and Hyperledger Fabric. This project will help me a lot to start development in blockchain, especially in Fabric and hopefully other Hyperledger frameworks.

A V Lakshmy (Project: Extended Support for EVM and and Tooling in Hyperledger Fabric)

Project goals:

My project involved the integration of Ethereum events into Hyperledger Fabric. The two key goals of the project were:

  • Implementation of event-related interfaces from Hyperledger Burrow to work with the event framework in Hyperledger Fabric
  • Modification of the JSON-RPC API functions in the fabproxy module to deal with events


  • In the initial few weeks of my internship, I wrote some simple test cases for the chaincode evmscc.go. When my patch passed through the review process and finally got merged into the repository, I was elated
  • I also wrote code for an event manager module and modified the API functions in the fabproxy module. These pieces are still under review and will hopefully be merged before the September release.
  • This was my first experience with open-source development and in the exciting field of blockchain. I am thrilled that my work will eventually be included in the source code of a vast project like Fabric!

Lessons learned:

  • I got to study a new programming language, Golang.
  • I learned about Ethereum and Fabric and how to interact with these blockchain frameworks.
  • I got an exposure to version control systems like Git.
  • I grasped good software engineering principles, such as test-driven development.

I am very grateful to my mentors, Swetha Mam and Jay Sir , for patiently guiding me through this project. All in all, this project was an incredible learning experience for me!

Daniel McSheehy (Project: Hyperledger Fabric Chrome Extension)

Project goals:

The goals of my project was to build a Chrome extension that can connect to a Hyperledger Fabric network and provide an easy to use api for websites to send transactions.


The Chrome Extension is operational. Through a simple api, a website can easily prompt the chrome extension to send transactions and query the ledger. The extension also requires confirmations from the user, preventing a website maliciously sending transactions.

Lessons learned:

Sometimes the “right” way to do something doesn’t work, so I had to come up with alternative solutions to get things working. Because my project is intended to make things easy for users, I also learned the importance of reaching out to others and receiving feedback.

Martin Martinez (Project: Simulating Hyperledger Networks with Shadow)

Project goals:

We had two key goals for the project:

  • Analyzing the current Shadow tool characteristics to find compatibility with Hyperledger networks.
  • Testing the Shadow tool with platforms such a Hyperledger Sawtooth, Hyperledger Fabric and Hyperledger Iroha.


We successfully identified that Hyperledger Iroha is the most suited candidate to use the Shadow network simulation tool.

Lessons learned:

I learn more about the complexity and benefits of working in an open source community. Also, I feel grateful for the support of my mentor as well as the Hyperledger community members that I contacted through different channels such a Hyperledger chat.

Shuo Wang (Project: Design Effective Operational Platform for Blockchain Management)

Project goals:

My internship project focused on supporting dynamic blockchain configuration and integrating Fabric-CA module into Hyperledger Cello to make it more suitable for production environment. For beginners or in the testing environment, we often use an offline tool to generate all the cryptographic configuration artifacts statically. However, it is a centralized and unsafe way for a single user to generate all users’ identities in a real application scenario.


I adopted Fabric-CA module and made the generation of cryptographic artifacts dynamic, automatic and decentralized. After users login into an operator dashboard, they could easily connect to a worker node and create the blockchain on it with quite simple configuration of the network type, size and roles in the blockchain. All the orderer nodes and peer nodes will register and enroll their identities from the CA server. Then users could login into a User-Dashboard to install and run chaincode in the blockchain with a newly generated user identity from the CA server.

I will continue to work in Hyperledger Cello Project after internship, and I plan to make the process of Cello workflow more dynamic so that each organization in the blockchain network could change their own settings more freely.

Currently, I am doing my master thesis at the Southern University of California and Tsinghua University. My research is focused on the blockchain consensus. Therefore, I am quite interested in seeing the Byzantine-fault-tolerant consensus used in the future version of Hyperledger Fabric.

Lessons learned:

During the internship, I enjoyed the culture of open source and learned some great tools for open source project development. The most important lesson I learned is to be timely in following up and keep in close touch with mentors and colleagues because people work collaboratively from all over the world. I really appreciate my mentor, Dr. Baohua Yang, and his kind help and guidance. He gave me many practical suggestions and shared deep insight of blockchain industry with me.

As a bonus, we asked for the intern’s take on what they’d like to see Hyperledger do in the future. Here are a couple of our favorite answers:

“I hope Hyperledger offers or organizes hackathons at universities. I think that it could be a great way to get students involved in blockchain and expose them to open source communities. I’m always amazed at the ideas people come up with at hackathons, and think that there could be projects and use cases that have never been thought of.” – Daniel McSheehy

“I hope that Hyperledger continues to give such amazing internship opportunities to students!” – A V Lakshmy

We would like to thank these interns for all their hard work and success. We would also like to recognize the mentors for all the time, effort and input they provided. Many of them went the extra mile and provided some their take on lessons learned, what they gained by being a mentor and advice for future interns as well. We will be posting their reactions and experiences with the program in another blog tomorrow – stay tuned! As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions:

Meet the Hyperledger Summer 2018 Interns Part 1

By | 网志, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha

Back in March, we announced the return of Hyperledger’s Summer Internship Program. This year, we have 12 interns, which is more than double what we had last year! We’re very proud of this program, as it offers students one-on-one mentorship from some of the leading technologists in our community, as well as it builds their development portfolio of projects that will feed into the larger Hyperledger ecosystem. The students applied to work on an extensive line-up of internship projects proposed by our community mentors.

Today, we’d like to introduce six of the 12 interns, provide information on what they will work on and help you get to know them a bit better. We asked each intern a few questions including:

  1. How did you first become interested in blockchain, and why are you excited to work on Hyperledger and your project in particular?
  2. How do you see blockchain technology evolving over the next five years?
  3. If there’s one or issue you hope blockchain can solve, what is it and why?

Let’s see what they had to say!

Amar Singh

Pursuing a Bachelor’s degree in Math and Computer Science at the University of Virginia

Hyperledger intern project: Algorithmic Dispute Resolution in Construction

  1. A few years ago, a good friend of mine told me that the next iteration of the internet was coming and it was going to be decentralized. At the time, we were both taking a class on internet protocols and had recently attended a lecture on the OSI model (a conceptual model for understanding the different layers for dot com internet protocols). A breakdown of the model revealed inefficiencies due to centralization (for example, the control of domain names), but we had been taught that these inefficiencies were necessary due to the economies of scale of technology companies. The possibility of a new system designed to solve these inefficiencies piqued my interest. After a few months of reading, I decided to fully commit myself to studying blockchain protocols. Since I went down the crypto rabbit hole, I have been impressed by the pace of progress in this space and the quality of output. After spending the past two semesters researching blockchain protocols at the University of Virginia, I was drawn to Hyperledger because of its emphasis on designing modular and interoperable blockchain solutions. Hyperledger’s architecture emphasizes a separation of the blockchain components, thereby enabling developers to build flexible blockchain applications that can easily interface between different consensus protocols, data storage modules, and communication patterns. For my project, I will construct an off-chain dispute resolution framework that leverages Hyperledger’s modular approach. I am especially excited to dive into Hyperledger’s architecture and explore the ways by which applications can optimize performance-security tradeoffs by incorporating a diverse set of tools/frameworks.
  2. Over the next 3-5 years, I expect the internet’s current structure to be overhauled and replaced by blockchain protocols. As brilliant teams around the world continue to collaborate and develop at an impressive pace, I expect that many of the problems that prevent the viability of blockchain solutions will be solved (e.g.., scalability, privacy, custody, UX). I am optimistic about the future of this space and excited to start contributing.
  3. Today, search engines like Google and social media giants like Facebook maintain an overwhelming amount of power and influence over the rest of the world. Even so, many people undervalue privacy as a basic human right, but I expect this to change over the next few years. There’s a Snowden quote that comes to mind: “Arguing that you don’t care about privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.” I believe that advances in homomorphic encryption and multi-party computation coupled with blockchain innovation will provide liberation in the form of increased privacy.

Arijit Sen

Pursuing a Bachelor’s degree in Computer Science from the Apex Institute Of Technology in Bhubanshwar, India

Hyperledger intern project: Python Library for Hyperledger – Iroha

  1. I came across the concept of blockchain in my college. I found myself attracted to the whole concept of a decentralized system that is void of any 3rd party interference. I am really excited to work on Hyperledger since it addresses some critical business issues regarding blockchain. Also compared to other blockchain ecosystem platforms, Hyperledger had a smaller learning curve.
  2. Blockchain has already taken the technology world by storm. I am pretty sure that we will be seeing most of the current technology stacks shifted to blockchain. However, I am concerned regarding an uncontrolled blockchain system. Just imagine a scenario getting a perfect AI agent, powered to thrive over blockchain and letting him learn and work as much as he can. Maybe he will just develop himself as an unstoppable entity since there is no single server or database to hold him. Too much fiction? Well I doubt it. The growth on both AI and blockchain is exponential. I won’t be surprised if something like that happens.
  3. Blockchain can solve a lot of issues in the world. Just imagine a legal evidence system where all the legal documents and evidence can be put into a secure blockchain platform. Not even the wealthiest criminals could tamper with the evidence or forensic findings. It could power an unbiased law and order system. Or an unbiased voting system where no party can do any discrepancies during the election. Or it could secure payment transaction for overseas without any 3rd party interference. Blockchain opens up a thousand possibilities.

Kuzma Leshakov

Pursuing a Bachelor’s degree in Computer Science at Innopolis University

Hyperledger intern project: Hyperledger Identity WG Onboarding and Auth

  1. The first time I became interested in blockchain was couple of years ago when I heard about the decentralization concept and its implementations in Bitcoin and Ethereum. I am excited to work on the Hyperledger because of the following opportunities:
  • to work closely with community experts and developers to learn the open-source culture and skills
  • to advance knowledge in the distributed ledger design and one of its form, the blockchain
  • to get a teamwork experience with distributed, international colleagues

The project I chose is Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. This project allows getting both practical and theoretical experience in blockchain development under the supervision of leading field experts. In particular:

  • to master skills in both Python and Rust programming languages, cryptography
  • to become familiar with the concept of Decentralized Identifiers (DID) and implement applications using it
  • to learn up-to-date software production techniques
  • to advance in creating and using tests as a professional developer
  • to get code reviews and advices on the best practices of documenting and structuring code

Throughout the internship, I will be making important contributions to the Hyperledger community, the Indy codebase, and the entire decentralized identity ecosystem. It will be an important step for me on becoming a professional software engineer.

2. I see blockchain technology becoming significantly used by public institutions (e.g., banks, universities). Also, I hope it will become more user-friendly and, as a result, more people will get involved in its development. Besides, some improvements should be made in blockchain-based systems (e.g., Bitcoin, Ethereum) with respect to its logs storage, which already takes a significant amount of memory.

3. One issue I hope blockchain can solve is a decentralized identity. Today’s main identification method requires users to login into every application (e.g., Facebook, Amazon) they interact with. Therefore, each user has dozens of login/password sets to remember (which also should be changed periodically). It is important to have a single and decentralized identity, as it will increase user’s security and user’s experience.

A V Lakshmy

Pursuing a Bachelor’s degree in Computer Science and Engineering at IIT Madras in India

Hyperledger intern project: Extended Support for EVM and and Tooling in Hyperledger Fabric

  1. I am an undergraduate student in the Department of Computer Science and Engineering at the Indian Institute of Technology Madras (IIT Madras), India. Being a Computer Science student, I like to keep learning about new technologies. I first learned about blockchains by reading about Bitcoin, and other blockchain platforms, in newspapers, magazines, and on the Internet. I was amazed at the way blockchains could utilize distributed ledgers to eliminate the need for trusting third-parties in transactions! More recently, my uncle told me about the Hyperledger Summer Internship Program. I viewed this as a great opportunity to work on a project relating to blockchain technology, the talk of the town these days! During this internship, I am going to be working on a small portion of the integration of EVM (Ethereum Virtual Machine) into Hyperledger Fabric. This project has really interested me because I will get to learn about two different blockchain platforms, Hyperledger Fabric and Ethereum, and understand their similarities and differences. Moreover, this is the first time I will be engaging in open source development, and I am pretty sure this will be a great learning experience for me!
  2. Blockchains have the potential to completely change the way businesses, governments and societies function. I envisage a future where money-related transactions will be carried out in real time using blockchains. Tracking the movement of goods in the supply chain will become completely transparent. Each person will have a unique digital ID on the blockchain, which can be used not only for authentication on a global scale, but also to keep personal information safe and secure. But, in order to live up to its potential, blockchain technology will have to deal with challenges such as scalability, regulations, and so on. To incorporate blockchain technology into their current legacy framework, companies will have to do a complete revamp,  which will obviously be very expensive. For widespread acceptance of blockchains, a change in mindset of the public will also be required. If we are able to come up with ways to deal with these problems, blockchains will surely revolutionise the world!
  3. In today’s world, there is a lot of corruption in business transactions. Bribing and under-the-table dealings have become very common. Many times, people who are supposed to receive money don’t actually receive it, as it is pocketed by some middle-man. Blockchains provide a distributed ledger to store information about transactions in a tamper-proof manner. So, blockchains can be incorporated into businesses, making all transactions completely transparent. Every transaction can be seen publicly, which will discourage people from taking bribes, or pocketing others’ money. And, wrongdoers cannot try to cover up their shady transactions by trying to change the contents of the ledger, as they will surely be caught by others on the blockchain during the verification process. Thus, I feel, blockchains may be an effective way to curb corruption!

Ahmad Zafar

Pursuing a Masters degree in Computer Science at Information Technology University in Pakistan

Hyperledger Intern Project: Running Solidity Smart Contracts on Hyperledger Fabric or Vice Versa

  1. After completing my Bachelor degree in computer science, I started working in the industry for almost two years. But my future plan was something else. I wanted to do research in different fields of computer science. I explored different things, which are exclusively demanding related to my field. The specific field that attracts me a lot is blockchain. After discussing with fellow teachers in Information Technology University, I learned about the opportunity to be a Research Associate, working on blockchain technology. It was a great pleasure for me to work on my desired direction. Here I started my research on Hyperledger Fabric, in which I explore many things. My aim is to learn to write smart contracts in an efficient way, so that I can deploy applications on Hyperledger Fabric. The project that I selected enabled me to enhance my skills related to it.
  2. In my country, Pakistan, most of the people involved in the computer science field do not know about blockchain. Until a few months ago, most of the people considered Bitcoin as blockchain. Many think that blockchain is only used for cryptocurrencies. But the truth is, blockchain can deal with storing and transmitting information, automating the purchase process, improving transaction flow, securing the supply chain, etc. Nowadays people are well aware of blockchain through seminars conducted at universities and industry level. And many companies have started working on it. Furthermore, in my university, ITU, a lab is being set up only for blockchain research. 35 to 40 people will be hired including research associates, Phd Students and experts. Blockchain is providing enhanced transparency, greater scalability and better security. For these reasons, people are traversing to it to achieve various innovations to increase profits and strengthen relationships across the supplier. And in the next five years blockchain will be commonly known to IT people.
  3. Nowadays banks are using some middle organizations for getting services from other companies for scalability such as payments of utility bills, loading mobile accounts, transactions among cross banking, etc. For example, banks uses a middle organization for telecom services to recharge the mobile account. Blockchain can eradicate the middle organization from the banking system. We can use Hyperledger Fabric channels, and shared ledger and smart contracts for this purpose. This leads to a decrease in time, extra charges and improves traceability of transactions.

Sanchay Mittal

Pursuing a Bachelor’s degree in Computer Science at BML Munjal University in India

Hyperledger intern project: UTXO Transactions in Iroha

  1. I first heard about blockchain from my brother Sachin Mittal. It’s astonishing features like distributed, decentralised, shared, authenticated, auditable, immutable and many more fascinated me and drove me to understand the very depth of this technology. Learning more about Bitcoin and other cryptocurrencies, I got to learn its limited implementation in the financial exchange. But, with the advent of Ethereum, things changed. Smart contracts showed the pathway of automating and regulating industries on DLTs. But many restrictions such as the principle of hierarchy of any organization were compromised and every network started its own cryptocurrency just to fabricate itself with the name ‘blockchain’. The problem was solved by Hyperledger Iroha, which is a permissioned blockchain with prebuilt commands hence easy to incorporate into infrastructural projects requiring DLTs. My project allows me to understand this very innovative technology and to add a new feature, a UTXO based transaction model that is currently used by bitcoin
  2. We are witnessing the beginning of a new chapter in human history, just like when the internet came along and changed so many aspects to the way we used to live. Based on the current rate of evolution, I believe blockchain solutions could reach their full potential in the next five years. The maturity of blockchain has started to soar, its development is starting to have a material impact on every individual. The true nature of equality is here, which means of power is changing, thinking is changing. Blockchain and its development are starting to have a material impact on everyone’s life. Governments have already stated that they have much interest in blockchain technology and they want to learn more about its development for adapting it to their local financial systems. Unlike the dot-com bubble, I think blockchain technology is here to stay and it will be adopted by almost every field globally. The global leaders in government, finance, banking, IoT, supply chain, manufacturing, technology are acknowledging its potential.
  3. The issue I hope blockchain can solve is our centralized internet and social networks. People, without even blinking an eye, sign and agree to privacy policies that give the mainstream companies the power to use their data in any way they see fit. Privacy and security of individuals depend on their behavioural data which can be hacked (Experian) or misused (Cambridge Analytica). With blockchain, users will be able to choose whom to show their  content to and be able to set their own restrictions while determining how and where it gets distributed. They’ll also have full control of their private data. No more storing it on centralized servers and losing it when these servers go down or when their security gets breached.

We’re happy to welcome such a solid group of young people to the community and look forward to seeing all that they contribute. We hope you join them in the effort by contributing to Hyperledger projects. You can plug into the Hyperledger community at github, Rocket.Chat the wiki or our mailing list. As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions:

Be sure to check back for the second post in this series that will highlight the other six interns we will have this summer!


Enterprise Blockchain Demos & Presentations at Consensus

By | 网志, Events, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha, Hyperledger Sawtooth

Next week we will be busy at Consensus, happening in New York May 14-16. Consensus is a great event for our members to set the stage and speak to what’s happening in the Hyperledger community, as production blockchain deployments have been heavily increasing. Many members will demonstrate applications of distributed ledger technology for financial services, supply chain, identity management and various other use cases.

These demos highlight true collaboration and maturity of Hyperledger technologies across many industries. As we head farther into 2018, we’re excited to see how these frameworks continue to evolve and improve business processes across many other industries.

Hyperledger members will showcase the following demos and presentations at the Hyperledger booth (#315):

Monday, May 14

10:20am: IntellectEU – Enterprise Blockchain integration with IoT devices and back office systems by Hanna Zubko, CEO and Paulo Rodrigues, Global Business Developer Manager and CEO Portuguese Offices

This presentation will cover a real customer case leveraging Blockchain technology to offer a new insurance product: a flexible pay per mile insurance based on the real car mileage and condition, calculating the insurance premium rate and quoting the offer based on the accumulated data received from the IoT device installed in the car. This pilot project is based on Hyperledger Fabric 1.0 and IntellectEU’s Catalyst integration solution. Catalyst serves as a hub for connecting the insurance database, emulated IoT device, end user application and the ledger itself. Catalyst listens to the changes on all data sources and based on the business rules applies the corresponding logic.

12:30pm: SecureKey – Using Hyperledger Tracking to Make Frictionless Digital Identity Possible by Matt Jaksic, Business Development

SecureKey will demonstrate Verified.Me, its digital identity network launching later this year that will put consumers in control of how they validate their identities. Collaboratively created by leading organizations across many different sectors including Canada’s leading banks, Verified.Me will enable consumers to privately, securely and conveniently share information from trusted providers such as banks, telecommunications companies and governments. The platform is designed to empower the consumer by giving them the ability to explicitly choose what information to share, when to share it and with whom. Come see how Verified.Me can change the way we get things done faster and securely online, in person and on the phone!

1:00pm: Thales eSecurity – Enterprise ready high security blockchain by Jon Geater, Chief Technology Officer and John Velissarios, Managing Director at Accenture

Accenture has developed an enterprise ready blockchain solution with enhanced cryptographic security from Thales eSecurity Hardware Security Module. It provides an immutable audit trail proving hardware, software and documentation authenticity and compliance across supply chains. Using CryptoSeal and FPGA fingerprinting technology, they are able to give materials in the supply chain a unique identity to prove authenticity. This combination of technologies allows someone to securely and transparently track all kinds of transactions, between OEMs, suppliers, manufacturers and customers. This dramatically reduces time delays, added costs, and human error that affect the surety of transactions underpinning our supply chains today.

3:00pm: Omnitude – Seamless Blockchain Integration by Martyn Brougham, COO Americas, and James Worthington, Blockchain Consultant

Omnitude is a middleware plug and play blockchain built on Hyperledger Fabric, for use across the whole spectrum of enterprise and eCommerce platforms and allows eCommerce businesses to adopt blockchain quickly and efficiently, without needing to replace current systems. The presentation will show how Omnitude allows eCommerce and enterprise businesses to adopt blockchain quickly and efficiently, without needing to replace current systems.

3:50pm: DLT Labs – DLT Wallet by David Freeman, Director

DLT Labs will be showing off their DL Digital Wallet, a sophisticated peer-to-peer network powered by Hyperledger Fabric, offering security, efficiency, and convenience for an overall improved customer experience. DL Digital Wallet facilitates seamless account overview, accommodates company loyalty programs and management, and is integrated with leading e-payment service providers. The cost of each transaction is fixed irrespective of value transferred and received and is significantly less costly than other charges by any payment network today.

Tuesday, May 15

10:20am: ScanTrust – “Cambio” Your Coffee: Using Blockchain to Drive Ethically Sourced Coffee by Tobias Kars, VP of Product & Delivery and Nathan J. Anderson, CEO/Co-founder

As tech-savvy and socially conscious consumers seek more information about the sustainability of the products they consume, businesses need to adapt and find ways to track their relationships with suppliers and communicate this to their customer base. This demo highlights how ScanTrust and Cambio Coffee, a leading Asian direct trade specialty coffee company, leverage Hyperledger Sawtooth to deliver greater supply chain transparency within the coffee industry and bring to light trusted product information.

12:30pm: Soramitsu – Hyperledger Iroha by Makoto Takemiya, Co-CEO

Hyperledger Iroha 1.0 is close to being released and has many new features and architectural differences from previous versions. In particular, a new consensus algorithm, YAC, has been developed that allows for full Byzantine fault tolerance. Predefined commands to perform common tasks, such as creating and transferring assets, allow programmers to quickly build applications on top of Hyperledger Iroha. Come by to see what’s new with Hyperledger Iroha!

1:00pm: Evernym – Verifiable Credentials with Hyperledger Indy and the Sovrin DLT by Drummond Reed, Chief Trust Officer and Judd Bagley, Sr. Communications Director

Evernym will share a live demonstration of the use of Verifiable Credentials on the Sovrin DLT, powered by Hyperledger Indy. The demo will include a brief overview of key concepts, then show actual business cases for how a self-sovereign identity owner can be issued verifiable digital identity credentials into a mobile digital wallet and then present them to relying parties who can verify them by checking public keys on the Sovrin ledger. The result is much simpler, faster, more secure, and more privacy-respecting digital identity as well as powerful new types of decentralized online relationships. Evernym personnel will be in attendance for Q&A during and after the demonstration.

2:10pm: Oracle – Hyperledger Fabric in Enterprise-Grade Cloud by Deepak Goel, Sr Director, Software Development

Oracle’s blockchain cloud service, built on Hyperledger Fabric, provides a hardened enterprise-grade platform for building blockchain applications and enabling existing enterprise applications to use distributed ledgers and trusted transactions. In this demo, they will show how it enables rapid experimentation and provides a production-ready blockchain infrastructure to realize successful use cases in production environment with high availability, enterprise security, dynamic scalability, and ease of operations built into the platform. They will walk you through the tools in the operations console and demonstrate how Hyperledger Fabric configuration, operations, and monitoring has been simplified and how developers and IT operations can be more productive leveraging Oracle’s blockchain cloud service as their Hyperledger Fabric platform.

3:50pm: Greenstream Technology – Blockchain Meets Cannabis: Emerging Tech for an Emerging Industry by Manu Varghese, Chief Product Officer and Jim Anastassiou, VP Engineering

Greenstream Network is an industry-wide gateway solution that will allow Licensed Producers, Retailers, Regulators and other industry stakeholders to communicate, interoperate and transfer assets and value through the Canadian cannabis ecosystem. The emerging Cannabis ecosystem faces a plethora of challenges like Trace and Track of the goods through the supply chain, auditing and compliance issues, process integrity, slower payments and challenges with respect to identity validation. Greenstream provides three key solutions: Supply Chain Integrity, Payments and Settlements Engine and Self Sovereign Identity. The Greenstream ecosystem is based on a permissioned DLT model and uses Hyperledger frameworks such as Hyperledger Fabric, Burrow and Indy to achieve specific objectives. This talk outlines the options considered and the factors evaluated; challenges faced and the learnings learned etc.

Wednesday, May 16

12:15pm: B9lab – Someone needs to build it: closing the Hyperledger talent gap by Elias Haase, Founder

Every day, B9lab gets requests for Hyperledger Fabric developers, from concept-phase startups to major enterprises. However, as these requests grow, so does the need for thorough vetting and certification in the Hyperledger talent market. How do you know if the developers you are hiring are as good as they say they are? Come see this presentation to find out!

12:45pm: REMME – REMME WebAuth – passwordless authentication powered by blockchain by Alex Momot, CEO

REMME WebAuth is a first and one of the basic DApps in the REMME ecosystem. This demo will demonstrate how users (employees or clients) could log in into the browser service via REMME in one click. REMME is an access management solution that obsoletes passwords. For each device users generate certificates. Once it is installed on a device it enables one-click authentication on the service that has REMME integrated with. REMME WebAuth could be integrated with any service, from crypto exchange to big enterprises’ intranets or web services.

1:45: Altoros – Decentralization of P2P Securities Transfer Implemented on Hyperledger Fabric by Greg Skerry, Blockchain Solution Architect, Trainer

This presentation will cover details of a working blockchain project implemented for a National Settlements Depository Institution: decentralized platform for peer-to-peer securities transfer and keeping the records of securities owned by each holder. The solution developed on the Hyperledger Fabric framework keeps an immutable, auditable chain of records reflecting securities ownership transfers. This presentation will focus on the product functionality: how the platform works; how it can be adapted for transferring different types of assets or rights, incl. intangible assets.

In addition to these demos and presentations, several Hyperledger members including MedicalChain, Embleema and Change Healthcare will participate in the “State of Blockchain in Healthcare” panel at Consensus 3:10pm on May 15.

You can also join Hyperledger on the last evening of Consensus from 6-8pm at the Meetup: “The Hyperledger Greenhouse: Meet Developers Building Blockchain Frameworks” to get a chance to network and hear directly from developers of several Hyperledger frameworks! Tracy Kuhrt, Community Architect at Hyperledger, will provide an overview of the frameworks and tools that you can leverage for your enterprise blockchain solution. Then breakout sessions will give you the opportunity to have a deeper discussion to learn more about Hyperledger Fabric, Sawtooth (Seth), Indy and more. Please bring your burning questions about how to get started and participate in the Hyperledger community.

Be sure to follow Hyperledger on Twitter for the latest updates at Consensus. We look forward to an exciting week and seeing everyone there!


Hyperledger Bug Bounty Program Now Open

By | 网志, Hyperledger Composer, Hyperledger Fabric, Hyperledger Iroha, Hyperledger Sawtooth

Dave Huseby, Hyperledger Security Maven

When I started as the Hyperledger Security Maven just over a year ago, I set out to make sure that Hyperledger’s community of contributors were doing everything possible to make good on the promise of better software and better security from the open source process. As of right now, we have in place a public bug tracker, continuous integration builds, core infrastructure initiative compliance, and a full responsible disclosure security bug policy and process. Today, I am happy to announce the next piece of our security process: the Hyperledger Bug Bounty.  

For the last six months we have been running a private bug bounty with HackerOne. Today we are opening up the Hyperledger Bug Bounty for public participation. Currently only Hyperledger Fabric is in the scope of the bounty program but we hope to add Hyperledger Sawtooth and other Hyperledger projects soon. HackerOne will continue to administer the bug bounty for us with close cooperation between their team and our community. We chose HackerOne because we think it is the best use of our resources and they share a similar commit to open source software as Hyperledger and The Linux Foundation.

At Hyperledger we have a broad base of committed developers and it is their professionalism that makes our security process solid and straightforward. When I first started, we already had in place our public bug tracking system and most teams had set up continuous integration build systems for monitoring build health. In the last year we formalized the process by which projects can move from development status to their first 1.0 release, including a number of security requirements.

The first security requirement is to meet the requirements of the Core Infrastructure Initiative (CII). The Core Infrastructure Initiative is a set of best practices for open source software security. Earning the CII badge requires open source projects to set up services and processes and key positions that all serve the goal of producing more secure and trustworthy software. At the time of this writing, Hyperledger Fabric, Sawtooth, Iroha, and Composer have all earned their CII badge.

The second security requirement is to nominate one to three members of a project’s community to participate on the Hyperledger security team. The Hyperledger security team manages and executes our policy of responsible disclosure of security bugs. Security bugs are confidentially reported to Hyperledger through or by filing a security bug in our JIRA. It is the job of the volunteer security team to triage, respond to, fix, and disclose the security bugs that are reported. As of right now, the security team consists of 16 members from five of our project communities.

The third security requirement is for a project to undergo a security audit from an outside auditor to establish a baseline for the codebase. We hired the auditing firm Nettitude to do security audits of Hyperledger Fabric, Sawtooth, Iroha and Composer.  So far Hyperledger Fabric, Sawtooth and Iroha have been completed and are in various stages of resolution and publication. Currently only the Hyperledger Fabric security audit report has been fully resolved and published. The rest will be published soon.

Looking ahead into the future, I plan on getting more involved with the Software Package Data Exchange (SPDX) to see if we can use Hyperledger blockchain platforms to better track the provenance of open source software, including our own. I hope to one day use verifiable claims to automatically check for vulnerabilities in dependencies from our continuous integration build system. If open source software packages were to issue a verifiable claim stating that a specific version of their software has no known security vulnerabilities, then when one is reported, the claim can be revoked. The revocation of the claim could then function as an automatic signal to all users of that software that they need to update. Continuous integration systems could check the claims of all dependencies and stop the build if one or more are found to have vulnerabilities.  This represents the next generation of reproducible builds and would leverage blockchains for provenance tracking of software from construction all the way through deprecation.

Security is always an ongoing process of improvement. Thanks to the commitment and professionalism and general good cheer of the Hyperledger community, we have made great strides in the last year. Now with our public bug bounty, we hope to further make good on the open source promise and to deserve the trust our users have in us.

We encourage developers to join our efforts on the bug bounty program and also start contributing to Hyperledger projects. You can plug into the Hyperledger community at github, Rocket.Chat the wiki or our mailing list. You can also follow Hyperledger on Twitter or email us with any questions:

(3.28.18) CoinDesk: Hyperledger Tech Heats Up Ahead of Software Debuts

By | Hyperledger Burrow, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha, Hyperledger Sawtooth, News

Just six minutes.

That’s how long Hyperledger executive director Brian Behlendorf had to get former Chilean president Michelle Bachelet up to speed on blockchain. Spurred by a special request from the nation’s lawmakers, Behlendorf was one of multiple blockchain experts called to the country to talk about the merits of the technology and the ways in which it could modernize the copper-rich nation’s mining supply chain.

More here.


By | 网志, Hyperledger Composer, Hyperledger Fabric, Hyperledger Iroha

面向所有学生开发者: 2018年夏季是你通过Hyperledger 实习计划 获得真实世界经验的时候了。我们收集了大量由活跃的区块链开发人员提出并领导实习项目,希望通过与下一代工程师的合作来扩展Hyperledger项目和技术社区。

这是你的从超级账本社区一些领先的技术专家获得一对一指导的机会,可以建立您的项目开发履历,并帮助你投入到更大的超级账本生态系统。我们是否提到过,这些实习还包括奖学金和参加12月12日至15日在瑞士巴塞尔举行的 Hyperledger全球论坛的可能?你可以在任何地方工作!


“超级账本实习计划对每个人都是一个巨大的机会: 实习,导师和广大的超级账本社区。我有幸看到去年夏天的实习生做的报告,并与里斯本的超级账本社区成员有所接触,他们的工作给我留下了深刻的印象。所有有关方面的反馈意见都是积极的。” – Chris Ferris, 超级账本技术委员会主席


Construction is the second largest global industrial sector. Litigation accounts for approximately 10% of the expenditure. The industry suffers from a dysfunctional relationship between the architects, project managers, consultants, developers, and clients. This is a phased project that will model the workflows of a major construction project, in partnership with a leading UK contractor/project management company. The aim is to identify all relevant material prior to the contract being signed, automating the discovery phase of litigation, machining the large data set down to a ‘hearing bundle’ and then assessing ‘needs and interests’ prior to an automated resolution process. This is the first phase of the project and will focus on identifying the workflows and relevant documents, files and other digital material and on assembling them in the blockchain where authentication can take place and a ‘hearing bundle’ prepared.

扩展功能/Hyperledger Fabric中支持以太坊虚拟机(EVM)智能合约和工具

Hyperledger Burrow has created an EVM implementation that is being integrated into Fabric. In its initial phase, Hyperledger Fabric will support EVM bytecode smart contracts in a limited manner. Some of the features that need to be added include support for EVM smart contract events and extending support for the Ethereum API. This project will involve working with and understanding different blockchain platforms and being able to map their differing concepts.

Hyperledger Iroha的Python程序库

Hyperledger Iroha is designed for simple creation and management of assets. This is a distributed ledger of transactions. Interns are expected to make a full fledged Python library for Iroha. Later, in the next stage, we want the intern to maintain the docs of Iroha. There are many missing docs on getting started and about the internal works of Iroha. We expect the student to complete the doc part along with dev work.


The Hyperledger Identity WG intern will be mentored by members of the Identity WG / Hyperledger Indy Maintainers and accomplish two main tasks: learn and develop an iPython notebooks for onboarding new community members and a browser-based authentication app using decentralized identifiers in Hyperledger Indy. This bachelors-level internship has two core goals: experience and contribution.

    • Experience: The Identity WG Intern will create interoperable, open-source code that will educate new and existing Hyperledger community members. Creating an iPython notebook and code sample will be based on their own onboarding into Hyperledger and Indy, using what they have learned in the process and helping the community by identifying what would be more effective in a better onboarding experience. For browser-based authentication with DIDs, Interns will learn critical professional development skills, from working in GIT to understanding the structure of well-formed code, to developing their own tests and proper documentation best practices.
    • Contribution:Through developing both projects (iPython notebooks / code samples and browser-based authentication with DIDs), the Intern will be making an important contributions to future Hyperledger community members onboarding efforts, the Hyperledger Indy codebase and the entire decentralized identity ecosystem.

Hyperledger Composer模型化工具

The Hyperledger Composer modelling language is used by both Hyperledger Composer and the Accord Project, Cicero as an object-oriented data description (schema) language, based on a textual domain-specific language. The intern will be tasked with improving the tooling for the the Hyperledger Composer modelling language, including the ability to generate UML style diagrams and web-forms.

更多实习项目与详情请点击这里, 并查看申请材料和步骤 。请记住, 申请截止日期为3月23日。  

如有问题, 请联系