Pro Yearly is on sale from $80 to $50! »

Dive Deep into Quorum - blockchain.tokyo #22

Dive Deep into Quorum - blockchain.tokyo #22

7584a5da756f1ab14ed0cd1081a6acd5?s=128

Shun Takagiwa

October 04, 2019
Tweet

Transcript

  1. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Dive Deep into Quorum 1
  2. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa About us Shun Takagiwa / 高際 隼 Senior Software Architect at LayerX Inc. • ブロックチェーン利用したソフトウェア開発 (2018-) • スマートフォンゲーム開発 (2013-2018) • 東京工業大学にて数学/計算機科学を専攻 (2007-2013) Matthew D. Wright Head of Community, Quorum, J.P. Morgan • Head of Community, Quorum, Senior Associate (2018-) • Director of Emerging Markets (2015-2018) • University of California, Los Angeles, B.A. (2012-2014) @shun_tak 2 Matt Wright
  3. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Contents 3 1. Intro to Quorum 2. Quorum Architecture 3. Private Transaction 4. 追加のセキュリティ 5. Use cases and Usage
  4. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Part.1 Intro to Quorum 4
  5. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    Quorum is a fork of the Go Ethereum (geth) client, which is the official GoLang implementation of the Ethereum protocol. Quorum is developed and maintained by J.P. Morgan. Enterprise-ready, open-source blockchain platform, based on Ethereum: • Designed for processing of private transactions within a permissioned group of known participants • Addresses specific challenges to blockchain adoption within and beyond the financial services industry, e.g., privacy, speed, throughput What is Quorum?
  6. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    Quorum Benefits ✓ Confidentiality - details of transactions are private and never broadcast ✓ Secure – uses advanced encryption techniques, ensures only permissioned entities can access the network ✓ Decentralized – no dependency on a central service or party Community – leverages world’s largest pool of blockchain developers, supported by 150+ Enterprises through EEA Proven – Ethereum has been in production since 2015, proving Quorum’s underlying protocol in normal & stressed environments
  7. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    Quorum Key Features PERFORMANCE • Very high TPS rate • Blocks every ~ 50 ms FINALITY PERMISSIONING • Private Contracts & Transactions • Zero Knowledge Layer PRIVACY • No chain forking • No transaction reversal • Known Peers Only • Built into the protocol
  8. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Part.2 Quorum Architecture 8
  9. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Quorum Components Quorum geth go ethereum + プライベートTx用JSON-RPC + 追加のコンセンサスアルゴリズム (Raft, IBFT 1.0) Transaction Manager プライベートTx管理 + EnclaveへのGateway + 他参加者のTransaction Managerとの通信 Enclave 共通鍵の管理 + 暗号/復号の実行 Tesseraと別プロセスで動かすことも可能 Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key 9
  10. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Consensus Algorithm 10 Raft IBFT 1.0 ブロックタイム 短い (デフォルト50msec) 長い (デフォルト1秒; 1~10秒で設定可) Leader/Proposer rotation Leaderが落ちるまで交代しない round robin (default) or sticky proposer Learner/Non-validator node 今は追加できない 追加できる 故障耐性 crash recovery byzantine fault tolerance (復旧できな いケースもある) ブロック生成 未承認Txがあれば生成 未承認Txがなくても生成し続ける 最大許容故障数Fに対する最適ノード数 2F + 1 (quorum: F + 1) 3F + 1 (quorum: 2F + 1) 信用できる参加者で運営 => Raft 利害が対立する参加者同士で運営 => IBFT 1.0
  11. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Quorum Network Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key Participant A Participant B Participant C 11 Tx (Ethereum P2P) Block (Raft / IBFT) encrypted tx (REST) encrypted tx (REST) Tx (Ethereum P2P) Block (Raft / IBFT)
  12. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Part.3 Private Transaction 12
  13. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Private Transaction Public tx data structure { from: 0x0000, to: 0x1111, value: 0, input: 0xaaaa, } • どちらのtransactionもgethで全ノードに共有される • Private transactionではinput dataが秘匿化される • Transaction managerの持つDBは { key: hash(enc(input)), value: enc(input) } のようなデータ構造でデータを持つ 13 Private tx data structure { from: 0x0000, to: 0x1111, value: 0, input: hash(enc(0xaaaa)), } Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key 0xaaaaの評価値 はPrivate stateへ Encrypt
  14. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa How Tessera works (Private tx between A&B) 14 Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Participant A Participant B Participant C
  15. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa How Tessera works (Private tx between A&B) 15 Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Participant A Participant B Participant C 1.Tx 3.encrypt 2.Tx.input 4.enc(Tx.input) { from: 0x0000, to: 0x1111, value: 0, input: 0xaaaa, } 5.share enc(Tx.input) 6.hash(enc(Tx.input)) 7.Tx { from: 0x0000, to: 0x1111, value: 0, input: hash(enc(0xaaaa)), } 7.Tx { from: 0x0000, to: 0x1111, value: 0, input: hash(enc(0xaaaa)), } 8.New Block with the Tx that contains hashed input 9.request tx payload 10.decrypt 11.Tx.input 12.Tx.input 9.request tx payload 12.Not found
  16. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Test case 1 16 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B] B: get() => returns 42 C: get() => returns 0 Node A data == 42 Node B data == 42 Node C data == 0
  17. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Test case 2 17 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B] Node A data == 42 Node B data == 42 Node C data == 0
  18. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Test case 2 18 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B] B: set(10) privateFor: [A] Node A data == 10 Node B data == 10 Node C data == 0
  19. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Test case 3 19 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B, C] Node A data == 42 Node B data == 42 Node C data == 42
  20. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Test case 3 20 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B, C] B: set(10) privateFor: [A] データ不整合が発生してしまう Node A data == 10 Node B data == 10 Node C data == 42
  21. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Data Availability Problem 21 hash(enc(tx.input))を持ってても、enc(tx.input)を共有されてない人は読めない →本来共有されるべき人に共有されていない場合に問題が起こる 検知方法 1. コントラクトのstorageRootを監視 (JSON RPC eth_storageRoot) 2. そのコントラクトアドレスをtoに設定したtxを監視 3. consistency checker 修復方法 1. enc(tx.input) を再送してもらう(Quorum.js sendRawRequest; 未検証) 2. privateForを正しく設定して再実行(再実行して問題ないデータに限る) 良い修復方法は無い 他のDLTでも似たような問題はある
  22. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Demo 7 nodes example external call 22
  23. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Part.4 追加のセキュリティ 23
  24. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa HTTP Enclave 24 EnclaveをTransaction Manager (Tessera) と別プロセスで起動できる 他のTransaction Managerと通信が必要なTesseraはインターネットに公開し、 鍵を持つEnclaveはインターネットから非公開にすることで機密性を向上 https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Enclave/ https://github.com/jpmorganchase/tessera/releases (enclave-jaxrs-*-server.jar を実行することで HTTP Enclaveが起動する)
  25. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Key Vault Tessera/Enclaveの持つ秘密鍵をHashicorp VaultやAzure Key Vaultと連携してセキュ アに管理できる (Tessera/Enclaveから分離できる) 仮想マシンから鍵を分離し、適切な権限管理を設定することで、 仮想マシン以外は誰も鍵にアクセスできないような構成を取ることが可能 仮想マシンに誰もログインできないよう設定すると更に安全になる https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20a%20Hashicorp%20Vault/ https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20an%20Azure%20Key%20Vault/ 25
  26. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Private Transaction版sendRawTransaction 26 未署名tx作成→署名→送信という手順に分割することで、 署名をオフライン環境等のより機密性の高い環境で実行することが可能になる https://github.com/jpmorganchase/quorum.js/blob/master/7nodes-test/deployContractViaHttp-externalSigningTemplate.js
  27. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Part.5 Use cases and Usage 27
  28. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    What can I build with Quorum? ❑ Private blockchains are useful when you have an organization or problems that consist of ❑ Geographically distributed members ❑ Spotty trust between members ❑ No reason or need for central control ❑ With above conditions met, some of the things that we can build with Quorum are ❑ Asset or supply chain systems ❑ Multi-party and organizational decision making via multi-signature contracts (distributed trust) ❑ Real-time auditing, operational transparency, and data integrity uses Inspired by: https://www.quora.com/What-are-some-use-cases-for-private-blockchains
  29. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    ❑ Financial Services ❑ IIN - Cross bank blockchain for data exchange between 200+ banks ❑ JPM Coin - instant settlement of transactions between bank clients ❑ Project Dromaius - Debt issuance platform ❑ Project Khokha - South Africa’s Central bank - payments and settlements ❑ Project Ubin - Singapore mon. authority - wholesale payments on in digital SDG on chain ❑ Healthcare ❑ Synaptic Healthcare - Healthcare provider data ❑ IoT ❑ Project Vento - Using blockchain-powered identity and connected devices for real-time toll road transactions ❑ Supply Chain ❑ LVMH - authenticity of luxury goods ❑ Chronicled - Gold bar tracking ❑ Suku - industry agnostic supply chain solution ❑ Cross-Industry ❑ State Farm/ USAA - auto insurance claims ❑ Microsoft/ EY - video game royalties Who is using Quorum today?
  30. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    https://github.com/jpmorganchase/quorum-examples The easy way ✔ Official Quorum starting point ✔ An easy guest environment to get started with on any platform ▪ Vagrant (works on all machines) ▪ Dockerized setup ✔ Comes with examples for public and private smart contracts ▪ configures an operational and fully configured 7 node cluster ▪ has a real world example from finance industry: 5NodeRTGS
  31. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum

    For more advanced users with access to AWS and other environments The advanced way ✔ Quorum Cloud – the official way of deploying Quorum networks on AWS using ECS Fargate, S3, and EC2 via automated Terraform configuration ▪ https://github.com/jpmorganchase/quorum-cloud ✔ Quorum Maker – an open source tool made by Synechron Labs for guided Quorum network kick-start and management. This tool is provider agnostic ▪ https://github.com/synechron-finlabs/quorum-maker ✔ Cakeshop – is an integrated development environment and SDK for Quorum ▪ https://github.com/jpmorganchase/cakeshop
  32. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Ref. 32 • Quorum Documents (情報の宝庫) • GitHub • Slack (開発者がいつでも質問に答えてくれる) • quorum-examples (7つのノードを起動でき、いろんなサンプルを実行可能) • Quorum.js (Quorum APIをサポートするweb3.js拡張)
  33. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key 33
  34. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun

    Takagiwa Tessera Transaction manager Enclave Quorum geth public private 34