Dive Deep into Quorum - blockchain.tokyo #22

Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
Dive Deep into Quorum
1

View Slide

About us
Shun Takagiwa / 高際隼
Senior Software Architect at LayerX Inc.
● ブロックチェーン利用したソフトウェア開発 (2018-)
● スマートフォンゲーム開発 (2013-2018)
● 東京工業大学にて数学/計算機科学を専攻 (2007-2013)
Matthew D. Wright
Head of Community, Quorum, J.P. Morgan
● Head of Community, Quorum, Senior Associate (2018-)
● Director of Emerging Markets (2015-2018)
● University of California, Los Angeles, B.A. (2012-2014)
@shun_tak
2
Matt Wright

View Slide

Contents
3
1. Intro to Quorum
2. Quorum Architecture
3. Private Transaction
4. 追加のセキュリティ
5. Use cases and Usage

View Slide

Part.1
Intro to Quorum
4

View Slide

Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
Quorum is a fork of the Go Ethereum (geth) client, which is the official
GoLang implementation of the Ethereum protocol. Quorum is developed and
maintained by J.P. Morgan.
Enterprise-ready, open-source blockchain platform, based on Ethereum:
• Designed for processing of private transactions within a permissioned group of known
participants
• Addresses specific challenges to blockchain adoption within and beyond the financial services
industry, e.g., privacy, speed, throughput
What is Quorum?

View Slide

Quorum Beneﬁts
✓ Conﬁdentiality - details of
transactions are private and never
broadcast
✓ Secure – uses advanced
encryption techniques, ensures
only permissioned entities can
access the network
✓ Decentralized – no dependency on
a central service or party
Community – leverages world’s
largest pool of blockchain
developers, supported by 150+
Enterprises through EEA
Proven – Ethereum has been in
production since 2015, proving
Quorum’s underlying protocol in
normal & stressed environments

View Slide

Quorum Key Features
PERFORMANCE
• Very high TPS rate
• Blocks every ~ 50 ms
FINALITY PERMISSIONING
• Private Contracts & Transactions
• Zero Knowledge Layer
PRIVACY
• No chain forking
• No transaction reversal
• Known Peers Only
• Built into the protocol

View Slide

Part.2
Quorum Architecture
8

View Slide

Quorum Components
Quorum geth
go ethereum + プライベートTx用JSON-RPC
+ 追加のコンセンサスアルゴリズム (Raft, IBFT 1.0)
Transaction Manager
プライベートTx管理 + EnclaveへのGateway
+ 他参加者のTransaction Managerとの通信
Enclave
共通鍵の管理 + 暗号/復号の実行
Tesseraと別プロセスで動かすことも可能
Quorum
geth
public state private state
signing key
Tessera
Transaction
manager
Enclave
encrypted tx data
symmetric key
9

View Slide

Consensus Algorithm
10
Raft IBFT 1.0
ブロックタイム短い (デフォルト50msec) 長い (デフォルト1秒; 1~10秒で設定可)
Leader/Proposer rotation Leaderが落ちるまで交代しない
round robin (default) or sticky
proposer
Learner/Non-validator node 今は追加できない追加できる
故障耐性 crash recovery
byzantine fault tolerance (復旧できな
いケースもある)
ブロック生成未承認Txがあれば生成未承認Txがなくても生成し続ける
最大許容故障数Fに対する最適ノード数 2F + 1 (quorum: F + 1) 3F + 1 (quorum: 2F + 1)
信用できる参加者で運営 => Raft
利害が対立する参加者同士で運営 => IBFT 1.0

View Slide

Quorum Network
Quorum
geth
signing key
Tessera
Transaction
manager
Enclave
encrypted tx data
symmetric key
Quorum
geth
signing key
Tessera
Transaction
manager
Enclave
encrypted tx data
symmetric key
Quorum
geth
signing key
Tessera
Transaction
manager
Enclave
encrypted tx data
symmetric key
Participant A Participant B Participant C
11
Tx
(Ethereum P2P)
Block
(Raft / IBFT)
encrypted tx
(REST)
encrypted tx
(REST)
Tx
(Ethereum P2P)
Block
(Raft / IBFT)

View Slide

Part.3
Private Transaction
12

View Slide

Private Transaction
Public tx data structure
{
from: 0x0000,
to: 0x1111,
value: 0,
input: 0xaaaa,
}
● どちらのtransactionもgethで全ノードに共有される
● Private transactionではinput dataが秘匿化される
● Transaction managerの持つDBは
{ key: hash(enc(input)), value: enc(input) }
のようなデータ構造でデータを持つ
13
Private tx data structure
{
from: 0x0000,
to: 0x1111,
value: 0,
input: hash(enc(0xaaaa)),
}
Quorum
geth
signing key
Tessera
Transaction
manager
Enclave
encrypted tx data
symmetric key
0xaaaaの評価値
はPrivate stateへ
Encrypt

View Slide

How Tessera works (Private tx between A&B)
14
Tessera
Transaction
manager
Enclave
Quorum
geth
public private
Tessera
Transaction
manager
Enclave
Quorum
geth
public private
Tessera
Transaction
manager
Enclave
Quorum
geth
public private

View Slide

How Tessera works (Private tx between A&B)
15
Tessera
Transaction
manager
Enclave
Quorum
geth
public private
Tessera
Transaction
manager
Enclave
Quorum
geth
public private
Tessera
Transaction
manager
Enclave
Quorum
geth
public private
1.Tx
3.encrypt
2.Tx.input
4.enc(Tx.input)
{
from: 0x0000,
to: 0x1111,
value: 0,
input: 0xaaaa,
}
5.share
enc(Tx.input)
6.hash(enc(Tx.input))
7.Tx
{
from: 0x0000,
to: 0x1111,
value: 0,
}
7.Tx
{
from: 0x0000,
to: 0x1111,
value: 0,
}
8.New Block with the Tx that contains hashed input
9.request
tx payload
10.decrypt 11.Tx.input
12.Tx.input 9.request
tx payload
12.Not found

View Slide

Test case 1
16
contract SimpleStorage {
uint data;
constructor(uint d) {
data = d
}
function set(uint d) {
data = d
}
function get() {
return data
}
}
A, B, Cでのコンソーシアムを仮定
A: create contract SimpleStorage(42)
privateFor: [B]
B: get() => returns 42
C: get() => returns 0
Node A
data == 42
Node B
data == 42
Node C
data == 0

View Slide

Test case 2
17
uint data;
data = d
}
data = d
}
function get() {
return data
}
}
privateFor: [B]
Node A
data == 42
Node B
data == 42
Node C
data == 0

View Slide

Test case 2
18
uint data;
data = d
}
data = d
}
function get() {
return data
}
}
privateFor: [B]
B: set(10)
privateFor: [A]
Node A
data == 10
Node B
data == 10
Node C
data == 0

View Slide

Test case 3
19
uint data;
data = d
}
data = d
}
function get() {
return data
}
}
privateFor: [B, C]
Node A
data == 42
Node B
data == 42
Node C
data == 42

View Slide

Test case 3
20
uint data;
data = d
}
data = d
}
function get() {
return data
}
}
privateFor: [B, C]
B: set(10)
privateFor: [A]
データ不整合が発生してしまう
Node A
data == 10
Node B
data == 10
Node C
data == 42

View Slide

Data Availability Problem
21
hash(enc(tx.input))を持ってても、enc(tx.input)を共有されてない人は読めない
→本来共有されるべき人に共有されていない場合に問題が起こる
検知方法
1. コントラクトのstorageRootを監視 (JSON RPC eth_storageRoot)
2. そのコントラクトアドレスをtoに設定したtxを監視
3. consistency checker
修復方法
1. enc(tx.input) を再送してもらう（Quorum.js sendRawRequest; 未検証）
2. privateForを正しく設定して再実行（再実行して問題ないデータに限る）
良い修復方法は無い
他のDLTでも似たような問題はある

View Slide

Demo
7 nodes example
external call
22

View Slide

Part.4
追加のセキュリティ
23

View Slide

HTTP Enclave
24
EnclaveをTransaction Manager (Tessera) と別プロセスで起動できる
他のTransaction Managerと通信が必要なTesseraはインターネットに公開し、
鍵を持つEnclaveはインターネットから非公開にすることで機密性を向上
https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Enclave/
https://github.com/jpmorganchase/tessera/releases (enclave-jaxrs-*-server.jar を実行することで HTTP Enclaveが起動する)

View Slide

Key Vault
Tessera/Enclaveの持つ秘密鍵をHashicorp VaultやAzure Key Vaultと連携してセキュ
アに管理できる (Tessera/Enclaveから分離できる)
仮想マシンから鍵を分離し、適切な権限管理を設定することで、
仮想マシン以外は誰も鍵にアクセスできないような構成を取ることが可能
仮想マシンに誰もログインできないよう設定すると更に安全になる
https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20a%20Hashicorp%20Vault/
https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20an%20Azure%20Key%20Vault/
25

View Slide

Private Transaction版sendRawTransaction
26
未署名tx作成→署名→送信という手順に分割することで、
署名をオフライン環境等のより機密性の高い環境で実行することが可能になる
https://github.com/jpmorganchase/quorum.js/blob/master/7nodes-test/deployContractViaHttp-externalSigningTemplate.js

View Slide

Part.5
Use cases and Usage
27

View Slide

What can I build with Quorum?
❑ Private blockchains are useful when you have an organization or problems that consist of
❑ Geographically distributed members
❑ Spotty trust between members
❑ No reason or need for central control
❑ With above conditions met, some of the things that we can build with Quorum are
❑ Asset or supply chain systems
❑ Multi-party and organizational decision making via multi-signature contracts (distributed trust)
❑ Real-time auditing, operational transparency, and data integrity uses
Inspired by: https://www.quora.com/What-are-some-use-cases-for-private-blockchains

View Slide

❑ Financial Services
❑ IIN - Cross bank blockchain for data exchange between 200+ banks
❑ JPM Coin - instant settlement of transactions between bank clients
❑ Project Dromaius - Debt issuance platform
❑ Project Khokha - South Africa’s Central bank - payments and settlements
❑ Project Ubin - Singapore mon. authority - wholesale payments on in digital SDG on chain
❑ Healthcare
❑ Synaptic Healthcare - Healthcare provider data
❑ IoT
❑ Project Vento - Using blockchain-powered identity and connected devices for real-time toll road transactions
❑ Supply Chain
❑ LVMH - authenticity of luxury goods
❑ Chronicled - Gold bar tracking
❑ Suku - industry agnostic supply chain solution
❑ Cross-Industry
❑ State Farm/ USAA - auto insurance claims
❑ Microsoft/ EY - video game royalties
Who is using Quorum today?

View Slide

https://github.com/jpmorganchase/quorum-examples
The easy way
✔ Official Quorum starting point
✔ An easy guest environment to get started with on any platform
▪ Vagrant (works on all machines)
▪ Dockerized setup
✔ Comes with examples for public and private smart contracts
▪ configures an operational and fully configured 7 node cluster
▪ has a real world example from finance industry: 5NodeRTGS

View Slide

For more advanced users with access to AWS and other environments
The advanced way
✔ Quorum Cloud – the official way of deploying Quorum networks on AWS using
ECS Fargate, S3, and EC2 via automated Terraform configuration
▪ https://github.com/jpmorganchase/quorum-cloud
✔ Quorum Maker – an open source tool made by Synechron Labs for guided
Quorum network kick-start and management. This tool is provider agnostic
▪ https://github.com/synechron-finlabs/quorum-maker
✔ Cakeshop – is an integrated development environment and SDK for Quorum
▪ https://github.com/jpmorganchase/cakeshop

View Slide

Ref.
32
● Quorum Documents (情報の宝庫)
● GitHub
● Slack (開発者がいつでも質問に答えてくれる)
● quorum-examples (7つのノードを起動でき、いろんなサンプルを実行可能)
● Quorum.js (Quorum APIをサポートするweb3.js拡張)

View Slide

Quorum
geth
signing key
Tessera
Transaction
manager
Enclave
encrypted tx data
symmetric key
33

View Slide

Tessera
Transaction
manager
Enclave
Quorum
geth
public private
34

View Slide

Dive Deep into Quorum - blockchain.tokyo #22

Dive Deep into Quorum - blockchain.tokyo #22

Shun Takagiwa

More Decks by Shun Takagiwa

Other Decks in Technology

Featured

Transcript