Dive Deep into Quorum - blockchain.tokyo #22

Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun
Takagiwa Dive Deep into Quorum 1

Takagiwa About us Shun Takagiwa / 高際隼 Senior Software Architect at LayerX Inc. • ブロックチェーン利用したソフトウェア開発 (2018-) • スマートフォンゲーム開発 (2013-2018) • 東京工業大学にて数学/計算機科学を専攻 (2007-2013) Matthew D. Wright Head of Community, Quorum, J.P. Morgan • Head of Community, Quorum, Senior Associate (2018-) • Director of Emerging Markets (2015-2018) • University of California, Los Angeles, B.A. (2012-2014) @shun_tak 2 Matt Wright

Takagiwa Contents 3 1. Intro to Quorum 2. Quorum Architecture 3. Private Transaction 4. 追加のセキュリティ 5. Use cases and Usage

Takagiwa Part.1 Intro to Quorum 4

Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
Quorum is a fork of the Go Ethereum (geth) client, which is the official GoLang implementation of the Ethereum protocol. Quorum is developed and maintained by J.P. Morgan. Enterprise-ready, open-source blockchain platform, based on Ethereum: • Designed for processing of private transactions within a permissioned group of known participants • Addresses specific challenges to blockchain adoption within and beyond the financial services industry, e.g., privacy, speed, throughput What is Quorum?

Quorum Beneﬁts ✓ Conﬁdentiality - details of transactions are private and never broadcast ✓ Secure – uses advanced encryption techniques, ensures only permissioned entities can access the network ✓ Decentralized – no dependency on a central service or party Community – leverages world’s largest pool of blockchain developers, supported by 150+ Enterprises through EEA Proven – Ethereum has been in production since 2015, proving Quorum’s underlying protocol in normal & stressed environments

Quorum Key Features PERFORMANCE • Very high TPS rate • Blocks every ~ 50 ms FINALITY PERMISSIONING • Private Contracts & Transactions • Zero Knowledge Layer PRIVACY • No chain forking • No transaction reversal • Known Peers Only • Built into the protocol

Takagiwa Part.2 Quorum Architecture 8

Takagiwa Quorum Components Quorum geth go ethereum + プライベートTx用JSON-RPC + 追加のコンセンサスアルゴリズム (Raft, IBFT 1.0) Transaction Manager プライベートTx管理 + EnclaveへのGateway + 他参加者のTransaction Managerとの通信 Enclave 共通鍵の管理 + 暗号/復号の実行 Tesseraと別プロセスで動かすことも可能 Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key 9

Takagiwa Consensus Algorithm 10 Raft IBFT 1.0 ブロックタイム短い (デフォルト50msec) 長い (デフォルト1秒; 1~10秒で設定可) Leader/Proposer rotation Leaderが落ちるまで交代しない round robin (default) or sticky proposer Learner/Non-validator node 今は追加できない追加できる故障耐性 crash recovery byzantine fault tolerance (復旧できないケースもある) ブロック生成未承認Txがあれば生成未承認Txがなくても生成し続ける最大許容故障数Fに対する最適ノード数 2F + 1 (quorum: F + 1) 3F + 1 (quorum: 2F + 1) 信用できる参加者で運営 => Raft 利害が対立する参加者同士で運営 => IBFT 1.0

Takagiwa Quorum Network Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key Participant A Participant B Participant C 11 Tx (Ethereum P2P) Block (Raft / IBFT) encrypted tx (REST) encrypted tx (REST) Tx (Ethereum P2P) Block (Raft / IBFT)

Takagiwa Part.3 Private Transaction 12

Takagiwa Private Transaction Public tx data structure { from: 0x0000, to: 0x1111, value: 0, input: 0xaaaa, } • どちらのtransactionもgethで全ノードに共有される • Private transactionではinput dataが秘匿化される • Transaction managerの持つDBは { key: hash(enc(input)), value: enc(input) } のようなデータ構造でデータを持つ 13 Private tx data structure { from: 0x0000, to: 0x1111, value: 0, input: hash(enc(0xaaaa)), } Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key 0xaaaaの評価値はPrivate stateへ Encrypt

Takagiwa How Tessera works (Private tx between A&B) 14 Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Participant A Participant B Participant C

Takagiwa How Tessera works (Private tx between A&B) 15 Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Tessera Transaction manager Enclave Quorum geth public private Participant A Participant B Participant C 1.Tx 3.encrypt 2.Tx.input 4.enc(Tx.input) { from: 0x0000, to: 0x1111, value: 0, input: 0xaaaa, } 5.share enc(Tx.input) 6.hash(enc(Tx.input)) 7.Tx { from: 0x0000, to: 0x1111, value: 0, input: hash(enc(0xaaaa)), } 7.Tx { from: 0x0000, to: 0x1111, value: 0, input: hash(enc(0xaaaa)), } 8.New Block with the Tx that contains hashed input 9.request tx payload 10.decrypt 11.Tx.input 12.Tx.input 9.request tx payload 12.Not found

Takagiwa Test case 1 16 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B] B: get() => returns 42 C: get() => returns 0 Node A data == 42 Node B data == 42 Node C data == 0

Takagiwa Test case 2 17 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B] Node A data == 42 Node B data == 42 Node C data == 0

Takagiwa Test case 2 18 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B] B: set(10) privateFor: [A] Node A data == 10 Node B data == 10 Node C data == 0

Takagiwa Test case 3 19 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B, C] Node A data == 42 Node B data == 42 Node C data == 42

Takagiwa Test case 3 20 contract SimpleStorage { uint data; constructor(uint d) { data = d } function set(uint d) { data = d } function get() { return data } } A, B, Cでのコンソーシアムを仮定 A: create contract SimpleStorage(42) privateFor: [B, C] B: set(10) privateFor: [A] データ不整合が発生してしまう Node A data == 10 Node B data == 10 Node C data == 42

Takagiwa Data Availability Problem 21 hash(enc(tx.input))を持ってても、enc(tx.input)を共有されてない人は読めない →本来共有されるべき人に共有されていない場合に問題が起こる検知方法 1. コントラクトのstorageRootを監視 (JSON RPC eth_storageRoot) 2. そのコントラクトアドレスをtoに設定したtxを監視 3. consistency checker 修復方法 1. enc(tx.input) を再送してもらう（Quorum.js sendRawRequest; 未検証） 2. privateForを正しく設定して再実行（再実行して問題ないデータに限る）良い修復方法は無い他のDLTでも似たような問題はある

Takagiwa Demo 7 nodes example external call 22

Takagiwa Part.4 追加のセキュリティ 23

Takagiwa HTTP Enclave 24 EnclaveをTransaction Manager (Tessera) と別プロセスで起動できる他のTransaction Managerと通信が必要なTesseraはインターネットに公開し、鍵を持つEnclaveはインターネットから非公開にすることで機密性を向上 https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Enclave/ https://github.com/jpmorganchase/tessera/releases (enclave-jaxrs-*-server.jar を実行することで HTTP Enclaveが起動する)

Takagiwa Key Vault Tessera/Enclaveの持つ秘密鍵をHashicorp VaultやAzure Key Vaultと連携してセキュアに管理できる (Tessera/Enclaveから分離できる) 仮想マシンから鍵を分離し、適切な権限管理を設定することで、仮想マシン以外は誰も鍵にアクセスできないような構成を取ることが可能仮想マシンに誰もログインできないよう設定すると更に安全になる https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20a%20Hashicorp%20Vault/ https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20an%20Azure%20Key%20Vault/ 25

Takagiwa Private Transaction版sendRawTransaction 26 未署名tx作成→署名→送信という手順に分割することで、署名をオフライン環境等のより機密性の高い環境で実行することが可能になる https://github.com/jpmorganchase/quorum.js/blob/master/7nodes-test/deployContractViaHttp-externalSigningTemplate.js

Takagiwa Part.5 Use cases and Usage 27

What can I build with Quorum? ❑ Private blockchains are useful when you have an organization or problems that consist of ❑ Geographically distributed members ❑ Spotty trust between members ❑ No reason or need for central control ❑ With above conditions met, some of the things that we can build with Quorum are ❑ Asset or supply chain systems ❑ Multi-party and organizational decision making via multi-signature contracts (distributed trust) ❑ Real-time auditing, operational transparency, and data integrity uses Inspired by: https://www.quora.com/What-are-some-use-cases-for-private-blockchains

❑ Financial Services ❑ IIN - Cross bank blockchain for data exchange between 200+ banks ❑ JPM Coin - instant settlement of transactions between bank clients ❑ Project Dromaius - Debt issuance platform ❑ Project Khokha - South Africa’s Central bank - payments and settlements ❑ Project Ubin - Singapore mon. authority - wholesale payments on in digital SDG on chain ❑ Healthcare ❑ Synaptic Healthcare - Healthcare provider data ❑ IoT ❑ Project Vento - Using blockchain-powered identity and connected devices for real-time toll road transactions ❑ Supply Chain ❑ LVMH - authenticity of luxury goods ❑ Chronicled - Gold bar tracking ❑ Suku - industry agnostic supply chain solution ❑ Cross-Industry ❑ State Farm/ USAA - auto insurance claims ❑ Microsoft/ EY - video game royalties Who is using Quorum today?

https://github.com/jpmorganchase/quorum-examples The easy way ✔ Official Quorum starting point ✔ An easy guest environment to get started with on any platform ▪ Vagrant (works on all machines) ▪ Dockerized setup ✔ Comes with examples for public and private smart contracts ▪ configures an operational and fully configured 7 node cluster ▪ has a real world example from finance industry: 5NodeRTGS

For more advanced users with access to AWS and other environments The advanced way ✔ Quorum Cloud – the official way of deploying Quorum networks on AWS using ECS Fargate, S3, and EC2 via automated Terraform configuration ▪ https://github.com/jpmorganchase/quorum-cloud ✔ Quorum Maker – an open source tool made by Synechron Labs for guided Quorum network kick-start and management. This tool is provider agnostic ▪ https://github.com/synechron-finlabs/quorum-maker ✔ Cakeshop – is an integrated development environment and SDK for Quorum ▪ https://github.com/jpmorganchase/cakeshop

Takagiwa Ref. 32 • Quorum Documents (情報の宝庫) • GitHub • Slack (開発者がいつでも質問に答えてくれる) • quorum-examples (7つのノードを起動でき、いろんなサンプルを実行可能) • Quorum.js (Quorum APIをサポートするweb3.js拡張)

Takagiwa Quorum geth public state private state signing key Tessera Transaction manager Enclave encrypted tx data symmetric key 33

Takagiwa Tessera Transaction manager Enclave Quorum geth public private 34

Dive Deep into Quorum - blockchain.tokyo #22

Dive Deep into Quorum - blockchain.tokyo #22

More Decks by Shun Takagiwa

Other Decks in Technology

Featured

Transcript