In this blog post I will discuss the use of privacy services in blockchain, specifically the Hyperledger blockchain fabric. I will explain privacy services in business terms, and avoid technical gobbledygook!
Blockchain gives participants in a business network the ability to share a ledger which is updated every time a transaction occurs through peer to peer replication. Privacy services ensure that participants see only the parts of the ledger that are relevant to them, and that transactions are secure, authenticated and verifiable. Blockchain also allows the contract for asset transfer to be encoded for execution with the transaction. Network participants agree how transactions are verified through a process known as consensus. Government oversight, compliance & audit can be part of the same network.
Figure 1: Blockchain for Business
Let’s dig a bit deeper into the use of privacy services in the Hyperledger blockchain fabric. Each block of transactions in the (block)chain contains the digital fingerprint of the previous block. This digital fingerprint is calculated using the industry standard method of cryptographic hashing. I like to use the sausage machine analogy to explain the cryptographic hashing in non-technical terms.
Figure 2: Cryptographic Hash Analogy
To make a sausage you feed in the ingredients, run the machine and out it pops! In my analogy, the previous block in the (block)chain is the ingredients, the hashing algorithm is the machine and the digital finger print (machine output) is the sausage.
It’s impossible to reconstitute the ingredients (previous block) from the sausage (digital fingerprint), and if the ingredients (previous block) change in any way, the sausage (digital fingerprint) is different.
This is an imperfect analogy – and has caused my technical colleagues some considerable consternation (!) – but it’s close enough. The method renders the blockchain tamper-proof, leading the key attribute of immutability.
Privacy services also control who can see what in the shared ledger. Consider the situation where Parties A, B & C share a ledger on blockchain, as shown in Figure 3.
Figure 3: Transaction Privacy
This is what we are trying to achieve. If Party A transfers an asset to Party B, both Party A & Party B can see the details of the transaction. Party C can see that A & B have transacted, but can’t see the details of the asset transfer. If an Auditor or regulator joins the network – privacy services can ensure that they see full details of all transactions on the network. Cryptographic technology – this time through the use digital certificates – makes this possible.
Just like a passport, a digital certificate provides identifying information, is forgery resistant and can be verified because it was issued by a trusted agency. The blockchain network will include a certification authority, who issues the digital certificate.
Hyperledger blockchain uses two types of digital certificate:
- Enrolment Certificate – this is requested by the network participant when they join the blockchain network, issued by the certification authority and forms the long term identity of the participant.
- Transaction Certificates – once enrolled, a network participant can request multiple transaction certificates. These are analogous to one time use credit cards, and are used one per transaction. The transaction certificates are derived from the enrolment certificate, and only the certification authority can link the two together.
Let’s go back to the example above, where Party A and Party B want to transact over the blockchain. Party B shares their transaction certificate with Party A, who invokes the transaction and signs this with their transaction certificate, and encrypts the transaction with the transaction certificates from both Parties A & B. This means that only Party A & Party B could access the transaction details.
Smart Contracts – rendered as chain code – can also be signed and encrypted, to verify and secure contract details. The chain code is signed by the contract owner/author and encryption ensures only transaction validators can see and execute transaction chain code.
This a vastly deep and complex subject, and I hope I have not “taken too many liberties” with my non-technical explanation. I hope that this goes some way to explaining how blockchain is ideal for certain specific business use cases (see item #5 below) and includes a natural resilience to cyber attack (see item 3 below).