Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dive Deep into Quorum - blockchain.tokyo #22

Dive Deep into Quorum - blockchain.tokyo #22

Shun Takagiwa

October 04, 2019
Tweet

More Decks by Shun Takagiwa

Other Decks in Technology

Transcript

  1. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Dive Deep into Quorum
    1

    View Slide

  2. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    About us
    Shun Takagiwa / 高際 隼
    Senior Software Architect at LayerX Inc.
    ● ブロックチェーン利用したソフトウェア開発 (2018-)
    ● スマートフォンゲーム開発 (2013-2018)
    ● 東京工業大学にて数学/計算機科学を専攻 (2007-2013)
    Matthew D. Wright
    Head of Community, Quorum, J.P. Morgan
    ● Head of Community, Quorum, Senior Associate (2018-)
    ● Director of Emerging Markets (2015-2018)
    ● University of California, Los Angeles, B.A. (2012-2014)
    @shun_tak
    2
    Matt Wright

    View Slide

  3. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Contents
    3
    1. Intro to Quorum
    2. Quorum Architecture
    3. Private Transaction
    4. 追加のセキュリティ
    5. Use cases and Usage

    View Slide

  4. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Part.1
    Intro to Quorum
    4

    View Slide

  5. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    Quorum is a fork of the Go Ethereum (geth) client, which is the official
    GoLang implementation of the Ethereum protocol. Quorum is developed and
    maintained by J.P. Morgan.
    Enterprise-ready, open-source blockchain platform, based on Ethereum:
    • Designed for processing of private transactions within a permissioned group of known
    participants
    • Addresses specific challenges to blockchain adoption within and beyond the financial services
    industry, e.g., privacy, speed, throughput
    What is Quorum?

    View Slide

  6. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    Quorum Benefits
    ✓ Confidentiality - details of
    transactions are private and never
    broadcast
    ✓ Secure – uses advanced
    encryption techniques, ensures
    only permissioned entities can
    access the network
    ✓ Decentralized – no dependency on
    a central service or party
    Community – leverages world’s
    largest pool of blockchain
    developers, supported by 150+
    Enterprises through EEA
    Proven – Ethereum has been in
    production since 2015, proving
    Quorum’s underlying protocol in
    normal & stressed environments

    View Slide

  7. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    Quorum Key Features
    PERFORMANCE
    • Very high TPS rate
    • Blocks every ~ 50 ms
    FINALITY PERMISSIONING
    • Private Contracts & Transactions
    • Zero Knowledge Layer
    PRIVACY
    • No chain forking
    • No transaction reversal
    • Known Peers Only
    • Built into the protocol

    View Slide

  8. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Part.2
    Quorum Architecture
    8

    View Slide

  9. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Quorum Components
    Quorum geth
    go ethereum + プライベートTx用JSON-RPC
    + 追加のコンセンサスアルゴリズム (Raft, IBFT 1.0)
    Transaction Manager
    プライベートTx管理 + EnclaveへのGateway
    + 他参加者のTransaction Managerとの通信
    Enclave
    共通鍵の管理 + 暗号/復号の実行
    Tesseraと別プロセスで動かすことも可能
    Quorum
    geth
    public state private state
    signing key
    Tessera
    Transaction
    manager
    Enclave
    encrypted tx data
    symmetric key
    9

    View Slide

  10. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Consensus Algorithm
    10
    Raft IBFT 1.0
    ブロックタイム 短い (デフォルト50msec) 長い (デフォルト1秒; 1~10秒で設定可)
    Leader/Proposer rotation Leaderが落ちるまで交代しない
    round robin (default) or sticky
    proposer
    Learner/Non-validator node 今は追加できない 追加できる
    故障耐性 crash recovery
    byzantine fault tolerance (復旧できな
    いケースもある)
    ブロック生成 未承認Txがあれば生成 未承認Txがなくても生成し続ける
    最大許容故障数Fに対する最適ノード数 2F + 1 (quorum: F + 1) 3F + 1 (quorum: 2F + 1)
    信用できる参加者で運営 => Raft
    利害が対立する参加者同士で運営 => IBFT 1.0

    View Slide

  11. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Quorum Network
    Quorum
    geth
    public state private state
    signing key
    Tessera
    Transaction
    manager
    Enclave
    encrypted tx data
    symmetric key
    Quorum
    geth
    public state private state
    signing key
    Tessera
    Transaction
    manager
    Enclave
    encrypted tx data
    symmetric key
    Quorum
    geth
    public state private state
    signing key
    Tessera
    Transaction
    manager
    Enclave
    encrypted tx data
    symmetric key
    Participant A Participant B Participant C
    11
    Tx
    (Ethereum P2P)
    Block
    (Raft / IBFT)
    encrypted tx
    (REST)
    encrypted tx
    (REST)
    Tx
    (Ethereum P2P)
    Block
    (Raft / IBFT)

    View Slide

  12. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Part.3
    Private Transaction
    12

    View Slide

  13. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Private Transaction
    Public tx data structure
    {
    from: 0x0000,
    to: 0x1111,
    value: 0,
    input: 0xaaaa,
    }
    ● どちらのtransactionもgethで全ノードに共有される
    ● Private transactionではinput dataが秘匿化される
    ● Transaction managerの持つDBは
    { key: hash(enc(input)), value: enc(input) }
    のようなデータ構造でデータを持つ
    13
    Private tx data structure
    {
    from: 0x0000,
    to: 0x1111,
    value: 0,
    input: hash(enc(0xaaaa)),
    }
    Quorum
    geth
    public state private state
    signing key
    Tessera
    Transaction
    manager
    Enclave
    encrypted tx data
    symmetric key
    0xaaaaの評価値
    はPrivate stateへ
    Encrypt

    View Slide

  14. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    How Tessera works (Private tx between A&B)
    14
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    Participant A Participant B Participant C

    View Slide

  15. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    How Tessera works (Private tx between A&B)
    15
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    Participant A Participant B Participant C
    1.Tx
    3.encrypt
    2.Tx.input
    4.enc(Tx.input)
    {
    from: 0x0000,
    to: 0x1111,
    value: 0,
    input: 0xaaaa,
    }
    5.share
    enc(Tx.input)
    6.hash(enc(Tx.input))
    7.Tx
    {
    from: 0x0000,
    to: 0x1111,
    value: 0,
    input: hash(enc(0xaaaa)),
    }
    7.Tx
    {
    from: 0x0000,
    to: 0x1111,
    value: 0,
    input: hash(enc(0xaaaa)),
    }
    8.New Block with the Tx that contains hashed input
    9.request
    tx payload
    10.decrypt 11.Tx.input
    12.Tx.input 9.request
    tx payload
    12.Not found

    View Slide

  16. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Test case 1
    16
    contract SimpleStorage {
    uint data;
    constructor(uint d) {
    data = d
    }
    function set(uint d) {
    data = d
    }
    function get() {
    return data
    }
    }
    A, B, Cでのコンソーシアムを仮定
    A: create contract SimpleStorage(42)
    privateFor: [B]
    B: get() => returns 42
    C: get() => returns 0
    Node A
    data == 42
    Node B
    data == 42
    Node C
    data == 0

    View Slide

  17. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Test case 2
    17
    contract SimpleStorage {
    uint data;
    constructor(uint d) {
    data = d
    }
    function set(uint d) {
    data = d
    }
    function get() {
    return data
    }
    }
    A, B, Cでのコンソーシアムを仮定
    A: create contract SimpleStorage(42)
    privateFor: [B]
    Node A
    data == 42
    Node B
    data == 42
    Node C
    data == 0

    View Slide

  18. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Test case 2
    18
    contract SimpleStorage {
    uint data;
    constructor(uint d) {
    data = d
    }
    function set(uint d) {
    data = d
    }
    function get() {
    return data
    }
    }
    A, B, Cでのコンソーシアムを仮定
    A: create contract SimpleStorage(42)
    privateFor: [B]
    B: set(10)
    privateFor: [A]
    Node A
    data == 10
    Node B
    data == 10
    Node C
    data == 0

    View Slide

  19. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Test case 3
    19
    contract SimpleStorage {
    uint data;
    constructor(uint d) {
    data = d
    }
    function set(uint d) {
    data = d
    }
    function get() {
    return data
    }
    }
    A, B, Cでのコンソーシアムを仮定
    A: create contract SimpleStorage(42)
    privateFor: [B, C]
    Node A
    data == 42
    Node B
    data == 42
    Node C
    data == 42

    View Slide

  20. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Test case 3
    20
    contract SimpleStorage {
    uint data;
    constructor(uint d) {
    data = d
    }
    function set(uint d) {
    data = d
    }
    function get() {
    return data
    }
    }
    A, B, Cでのコンソーシアムを仮定
    A: create contract SimpleStorage(42)
    privateFor: [B, C]
    B: set(10)
    privateFor: [A]
    データ不整合が発生してしまう
    Node A
    data == 10
    Node B
    data == 10
    Node C
    data == 42

    View Slide

  21. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Data Availability Problem
    21
    hash(enc(tx.input))を持ってても、enc(tx.input)を共有されてない人は読めない
    →本来共有されるべき人に共有されていない場合に問題が起こる
    検知方法
    1. コントラクトのstorageRootを監視 (JSON RPC eth_storageRoot)
    2. そのコントラクトアドレスをtoに設定したtxを監視
    3. consistency checker
    修復方法
    1. enc(tx.input) を再送してもらう(Quorum.js sendRawRequest; 未検証)
    2. privateForを正しく設定して再実行(再実行して問題ないデータに限る)
    良い修復方法は無い
    他のDLTでも似たような問題はある

    View Slide

  22. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Demo
    7 nodes example
    external call
    22

    View Slide

  23. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Part.4
    追加のセキュリティ
    23

    View Slide

  24. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    HTTP Enclave
    24
    EnclaveをTransaction Manager (Tessera) と別プロセスで起動できる
    他のTransaction Managerと通信が必要なTesseraはインターネットに公開し、
    鍵を持つEnclaveはインターネットから非公開にすることで機密性を向上
    https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Enclave/
    https://github.com/jpmorganchase/tessera/releases (enclave-jaxrs-*-server.jar を実行することで HTTP Enclaveが起動する)

    View Slide

  25. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Key Vault
    Tessera/Enclaveの持つ秘密鍵をHashicorp VaultやAzure Key Vaultと連携してセキュ
    アに管理できる (Tessera/Enclaveから分離できる)
    仮想マシンから鍵を分離し、適切な権限管理を設定することで、
    仮想マシン以外は誰も鍵にアクセスできないような構成を取ることが可能
    仮想マシンに誰もログインできないよう設定すると更に安全になる
    https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20a%20Hashicorp%20Vault/
    https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20an%20Azure%20Key%20Vault/
    25

    View Slide

  26. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Private Transaction版sendRawTransaction
    26
    未署名tx作成→署名→送信という手順に分割することで、
    署名をオフライン環境等のより機密性の高い環境で実行することが可能になる
    https://github.com/jpmorganchase/quorum.js/blob/master/7nodes-test/deployContractViaHttp-externalSigningTemplate.js

    View Slide

  27. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Part.5
    Use cases and Usage
    27

    View Slide

  28. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    What can I build with Quorum?
    ❑ Private blockchains are useful when you have an organization or problems that consist of
    ❑ Geographically distributed members
    ❑ Spotty trust between members
    ❑ No reason or need for central control
    ❑ With above conditions met, some of the things that we can build with Quorum are
    ❑ Asset or supply chain systems
    ❑ Multi-party and organizational decision making via multi-signature contracts (distributed trust)
    ❑ Real-time auditing, operational transparency, and data integrity uses
    Inspired by: https://www.quora.com/What-are-some-use-cases-for-private-blockchains

    View Slide

  29. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    ❑ Financial Services
    ❑ IIN - Cross bank blockchain for data exchange between 200+ banks
    ❑ JPM Coin - instant settlement of transactions between bank clients
    ❑ Project Dromaius - Debt issuance platform
    ❑ Project Khokha - South Africa’s Central bank - payments and settlements
    ❑ Project Ubin - Singapore mon. authority - wholesale payments on in digital SDG on chain
    ❑ Healthcare
    ❑ Synaptic Healthcare - Healthcare provider data
    ❑ IoT
    ❑ Project Vento - Using blockchain-powered identity and connected devices for real-time toll road transactions
    ❑ Supply Chain
    ❑ LVMH - authenticity of luxury goods
    ❑ Chronicled - Gold bar tracking
    ❑ Suku - industry agnostic supply chain solution
    ❑ Cross-Industry
    ❑ State Farm/ USAA - auto insurance claims
    ❑ Microsoft/ EY - video game royalties
    Who is using Quorum today?

    View Slide

  30. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    https://github.com/jpmorganchase/quorum-examples
    The easy way
    ✔ Official Quorum starting point
    ✔ An easy guest environment to get started with on any platform
    ▪ Vagrant (works on all machines)
    ▪ Dockerized setup
    ✔ Comes with examples for public and private smart contracts
    ▪ configures an operational and fully configured 7 node cluster
    ▪ has a real world example from finance industry: 5NodeRTGS

    View Slide

  31. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Quorum
    For more advanced users with access to AWS and other environments
    The advanced way
    ✔ Quorum Cloud – the official way of deploying Quorum networks on AWS using
    ECS Fargate, S3, and EC2 via automated Terraform configuration
    ▪ https://github.com/jpmorganchase/quorum-cloud
    ✔ Quorum Maker – an open source tool made by Synechron Labs for guided
    Quorum network kick-start and management. This tool is provider agnostic
    ▪ https://github.com/synechron-finlabs/quorum-maker
    ✔ Cakeshop – is an integrated development environment and SDK for Quorum
    ▪ https://github.com/jpmorganchase/cakeshop

    View Slide

  32. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Ref.
    32
    ● Quorum Documents (情報の宝庫)
    ● GitHub
    ● Slack (開発者がいつでも質問に答えてくれる)
    ● quorum-examples (7つのノードを起動でき、いろんなサンプルを実行可能)
    ● Quorum.js (Quorum APIをサポートするweb3.js拡張)

    View Slide

  33. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Quorum
    geth
    public state private state
    signing key
    Tessera
    Transaction
    manager
    Enclave
    encrypted tx data
    symmetric key
    33

    View Slide

  34. Dive Deep into Quorum - blockchain.tokyo #22 © 2019 Shun Takagiwa
    Tessera
    Transaction
    manager
    Enclave
    Quorum
    geth
    public private
    34

    View Slide