Hyperledger Indy [Part I] - Layer of Trust

In this series of articles, we will be discussing what Hyperledger Indy is, what are its main components and architecture, and how to deploy your own agent. So fasten your seat belts because we are about to begin our journey.

Introduction:

As we know that in the current era, we have two ways to prove our identity over the internet. One way is User ID/Email and password, another way is Single Sign On (SSO). Big organizations such as Facebook or Google maintain our identity and we use the provided APIs in our platform to receive the proof of the user's identity.

This model leads to data breaches and vulnerabilities and correlations. We no longer own our data and data breaches can expose our sensitive information. Other than that, one more problem that we face is verifying the issued credentials.

Therefore, in this article, we will discuss the Paper Credential Model and how the Verifiable Credential Model solves many problems regarding centralized identifiers and also what enables the layer of trust over the internet.

Paper Credential Model:

Before explaining the Paper Credential Model, first, let’s understand what actually a credential is.

A credential is basically an attested qualification issued to a person or entity by an organization that is competent. Examples of credentials are your national identity card, driver’s license, degree, or any kind of certificate.

Hyperledger Indy - Paper Credential Model

Consider a scenario in which you have to prove that you are eligible to drive. The entity (holder) holds the credential which is the driver's license. An authorized organization (issuer) issues this credential. The holder presents the proof to the organization (verifier), which then verifies it. That’s the Paper Credential Model.

Ideally Paper Credential Model proves:

Who holds the credential?
Who issued the credential?
Has someone altered or tampered the credential?

Disadvantages of the model:

One can easily forge or alter the documents, certificates, or any other kind of credential. In the modern world with modern technology, it's really easy for the person to even create fake credentials. And the verification process totally depends on the skills of the verifying organization.

Verifiable Credential Model:

The Verifiable Credential Model works in the same way as the Paper Credential Model which means:

An issuer issues the credential to you.
You hold those credentials in your (digital) wallet.
The verifier requests you to present proof of that credential.
The verifier checks the revocation status of the credential.

Before moving on, let’s understand one more term “Claim”. Credentials are a set of claims. Your driver's license is a credential but your name and other information are individual claims.

Verifiable credentials are not as simple as paper credentials that anyone can use. They are cryptographically encrypted documents. Calculations and algorithms run over these documents to verify these four attributes.

Who issued the credential?
The presenter owns the Claims.
Claims have not tampered.
Claims have not been revoked.

Verifiable credentials are stored in verifiable data registry (Blockchain). When a verifier asks for proof from the issuer he uses the information from the registry and performs cryptographic calculations to verify the four attributes. This cryptographic calculation and storing of the document make it hard to forge.

Trust layer over the Internet:

As we have discussed Paper Credential Model and how the Verifiable Credential Model is more secure, VCM is being enabled by some key concepts which enable this trust layer over the internet. So let’s discuss them.

Self Sovereign Identity:

The literal meaning of SSI is an identity that you control and own. There is no central organization that owns or controls your identity. In order to understand SSI more, let’s look at these principles of SSI:

Every user must have an independent existence.
Users must control their identities.
Users must have access to their own data.
Identities do not get expired or deleted.
Users can transport the information linked to their identity to another service.
Identities should not have any constraint over the usage.

Decentralized Identifiers (DIDs):

Decentralized Identifiers are the enabler and important components of verifiable credentials. The owners themselves create DIDs independent of any central authority. A DID looks like the following as per DID specification. It is similar to an HTTP address but the usage is different.

DID doc is the document that is linked to this specific pattern string. It contains the public key whose private key is owned by the owner, also a service endpoint through which we can communicate with the holder. A DID is like a URL, you can resolve your DID doc by using the DID resolver.

Following are some benefits of a DID:

Provable
You can prove your identity through the DID you own. Because the DID doc contains the public key of which the private key you hold. Cryptographically no one can claim your DID until and unless you provide them your private key.
Non-Correlatable
One problem with the SSO model is that we are re-using one identity over every service. You can use your one DID for every service you use but the better way to avoid correlation is to remake a new DID for every service you use.
Secure Communication
DID doc contains a communication URL as well as a public key. So whenever we are communicating by using DIDs we encrypt the message with the public key of the receiver. This enables a layer of security also.

Zero-Knowledge Proof and Selective Disclosure:

Zero-Knowledge Proof means to prove the claim without revealing the DID or any correlating information. In a ZKP claim, the DID of the holder is not revealed. Only the DID of the issuer is revealed.

As we have mentioned above that credentials are a set of claims. It means that your driver’s license is a credential and your first name, last name, etc are individual claims. Now in today’s world when you are asked to present a claim to prove that you are above 18. Your other information is also disclosed including name and other relevant information in your credential.

But selective disclosure enables the user to disclose only relevant information in the presentation of claims. Selective disclosure and ZKP are both used together to ensure security and also the confidentiality of the data. The reason for this is that in SSI, data is owned by the user and the user decides how much information they want to share.

Agents and Wallets:

In the article, we have talked about terms like verifiable credentials, DIDs, public and private keys, etc. But where do they reside? How to manage them? What is the channel through which the DIDs communicate and present claims? Agents store them.

Agents and wallets are interchangeable terms. They have secure storage to manage DIDs, public and private keys, and verifiable credentials.

There are different types of agents. The most common one is “Mobile Agent”. For simple understanding, agents are software that is used to manage DIDs, wallet keys, and verifiable credentials. But agents are used for other purposes too. We won’t be diving deep into the technical details in this article.

Conclusion:

In this article, we have talked about the building components which provide the layer of trust over the internet. We have discussed two credential models. Also, we learned about SSI, DID, verifiable credential, and many other things that help to implement the Verifiable Credential Model and other things. We haven’t taken a deep dive technically into things yet but in the next article, we will take the leap of faith. Just to give you a sneak peek, we will discuss the architecture of agents, type of agents, and how Hyperledger Indy enables all of this with other Hyperledger tools.

Also read our series of articles on Setting up Hyperledger Fabric Network.

Xord is here to help you with your Blockchain projects. Connect with us at https://blockapexlabs.com/contact/

Private Blockchain Platforms You Should Know About

Blockchain platforms can be public or private, depending on the need of the user. This article will provide you details about what a Private Blockchain is and the most used Private Blockchains in the market right now.

Enterprise Blockchain:

Enterprise or private Blockchains are invitation-only networks and a single organization governs them. Private Blockchain platforms let the network authority to place restrictions on the type and number of the members allowed on the network. This is to say, members with an identity can access a private network only. Every transaction made on the network is sent to and from a known member. Using a private Blockchain, any organization can hide certain data from some users and make it visible for others. This is the level of authority and security a Private Blockchain gives you! Law enforcement agencies and the military use Private Blockchains because of the reliability they offer.

Hyperledger Fabric:

Linux foundation hosts an open-source consortium, to facilitate cross-industry Blockchain technologies, named 'Hyperledger'. Hyperledger gives software developers and industries a platform to work in diverse communities. This lets them build Blockchain platforms and frameworks together, that support business transactions. Hyperledger is a global collaboration including leaders in finance, IoT, supply chains and technology. Hyperledger does not have its own cryptocurrency or token. But it sure has possibilities to build non-monetary, highly scalable, industrial decentralized applications. Hyperledger aims to educate the public about Blockchain technology by building communities within its community. It incubates a variety of industrial-scale Blockchain technologies, including smart contract engines, libraries, applications, and decentralized frameworks. Hyperledger Fabric is one of those projects.

IBM founded Hyperledger Fabric. It is an enterprise-grade, permissioned, decentralized ledger platform in the Hyperledger consortium. Fabric, just like most other Blockchain platforms, uses smart contracts and helps its members send assets and perform their transactions. But unlike the permissionless platforms, Hyperledger Fabric members are required to enroll in the network through a trusted Membership Service Provider (MSP). Also, in order to get on the ledger, the transactions have to pass a transaction endorsement policy. Then once they are on the network, every peer rechecks the transactions in his validation step. Businesses want some of their member data to be private and others to be public, they want to maintain different sort of relationships on one network, rather than an open permissionless network. Hyperledger Fabric offers a modular, safe and scalable platform that supports confidential contracts.

Some use case examples of Hyperledger Fabric:

Supply Chain applications
Record keeping of Travel/Airlines agencies
Finance applications

Technicalities:

Fabric is a secure, high performing, scalable Blockchain network. Go, JavaScript, or Java, SDKs in Node.js, Java, Go, REST and Python support Fabric. It uses 'Chaincode' as its smart contract. Chaincode is a software that defines assets and transactions. Hyeperledger Fabric uses Byzantine Fault Tolerance as it's consensus algorithm.

Hyperledger Sawtooth:

Hyperledger Sawtooth was an Intel initiative and now the Sawtooth community takes care of it. It is a highly flexible and modular enterprise Blockchain platform that helps developers to build, deploy and run distributed digital ledgers. Hyperledger Sawtooth supports permissionless and permissioned infrastructure. Sawtooth has an architecture that makes sure the ledgers are distributed and smart contracts on the network are safe and specifically for enterprise use. Using this architecture, developers can create decentralized applications in various programming languages that can be operated and deployed on the system. Sawtooth works on Proof of Elapsed Time (PoET) consensus algorithm that is run by a validator. PoET is a consensus algorithm that avoids high resources and energy consumption. This keeps the process more efficient. It has the Sawtooth Validator and a transaction processor for transactions. The validator of the process handles all the processes like validating the transactions and distributing the transaction to the peer nodes. Hyperledger Sawtooth performs parallel transaction execution that divides transactions into parallel flows, unlike the traditional serial execution.

Some use case examples of Hyperledger Sawtooth:

Traceability of products
Digital asset ownership

Technicalities:

Sawtooth supports multiple languages, such as Rust, Python, Go, or JavaScript. It works on PoET that chooses validator by targetting largely distributed validator populations with very little resource utilization. Sawtooth supports unpluggable consensus, which means you can switch to different consensus algorithms according to your needs. And while changing, it won't start over with a new genesis block, or you won't have to stop the validators. This is Dynamic Consensus. Hence, Sawtooth supports multiple consensus algorithms, Devmode, PBFT, PoET, and Raft.

Quorum:

Developed by J.P. Morgan, Quorum is an open-source digital ledger platform that combines Ethereum attributes with almost the same architecture as of a permissionless platform, but with more enhancements and advancements to meet enterprise needs. It is more like a permissioned implementation of Ethereum with more confidentiality, transaction and contract privacy. Like every other private Blockchain platform, Quorum has strict privacy constraints that do not broadcast the transaction data to the whole network but rather sends it to the participants involved in the transaction. It can perform hundreds of transactions in a second and the speed of transactions can be configured according to smart contracts and the network configuration. Quorum works on multiple voting-based consensus algorithms, that have a smart contract to govern over the process and who can partake in the consensus. Ethereum's signature feature helps to validate signatures from the maker and voter nodes. Quorum was developed to make the financial industries adopt Blockchain technology in their processes. It manages its secure message transfers on a system called 'Constellation' that is not blockchain-specific but rather a general mechanism. It involves encryption of messages, storage of previous transactions, and authentications.

Some use case examples of Quorum:

Financial industries

Technicalities:

Quorum has its own smart contract language, Solidity. It works with various consensus algorithms according to your needs. Options are RAFT, IBFT or Clique POA. Unlike the rest of private Blockchain platforms, Quorum has its token, 'Ether'. Quorum has a cloud feature cloud DRaaS that makes integration easier and more accessible for the end-user. It is a way to recover critical data from the cloud, directly after a system failure. You just have to boot up a snapshot and the recovery will happen in minutes instead of days.

R3 Corda:

Corda is an open-source, Distributed Ledger Technology founded by r3 in September 2015. Corda aims to make business transactions more efficient and secure. The Corda architecture is designed to automate the real-world transactions in a legal and secure way. Corda allows multiple decentralized applications to interoperate smoothly. A network authority identifies members of Corda DLT and allows them on the network. It provides open governance at it's best. Corda members can share data and assets with other members, and unlike in Bitcoin, where a copy of the transaction is sent to every node on the chain and added to a block, in Corda, the copy of the data is only sent to the members involved in the transaction. It is not added in a block. Hence, the data sent is secure as no one can make changes to it. And the transaction is more scalable and efficient than transactions in Bitcoin or Ethereum. Corda focused on financial organizations initially, but now it aims to focus on different sectors like government, healthcare, trade, and supply chain systems.

Some basic use case examples of R3 Corda can be:

Finance applications
Insurance applications

Technicalities:

R3 Corda works on pBFT consensus algorithm and has State DB as its smart contract. Corda supports Kotlin programming language.

Openchain:

Openchain is also an open-source DLT suited for organizations that want to secure and scale digital assets. It comes with an instant transaction confirmation property that makes it highly scalable. Each instance has one authority that validates transactions. Instances can connect to each other. Different authorities verify each transaction, depending on the assets exchanged. There is no mining fee in Openchain as there is no miner and the asset administrator directly validates the transactions. Openchain does not use the concept of blocks. But rather it connects the transactions into a chain. Validators on the network validate and store the digital transactions. The ones who are not part of the transaction, the observers, get a read-only copy of it to store. Anyone can join Openchain anonymously, as well as with identity, but the identified and approved users have more rights than the unknown users. An administrator can also define the rules of the ledger and can set permissions in the ledger at any stage. Openchain has an edge over other private Blockchain platforms, as it comes with a web wallet. The Openchain Wallet is an open-source web-based interface that runs in a browser as a client-side application. It can connect to one or many Openchain endpoints at the same time. It can pull and send transactions and information to multiple instances of Openchain.

Some use case examples of Openchain:

Automation of regulatory compliance
Inter-organizational data management

Technicalities:

Openchain works on a client-server model which is way more efficient than a peer-to-peer system architecture. It regulates on Proof of Elapsed Time consensus algorithm.

Multichain:

Multichain technology is a platform where you can create private Blockchain platforms within an organization or between organizations for financial transactions. You can create assets, send and receive transactions, chains and blocks. Each Blockchain you create on Multichain is as open or as closed as you need. It enables multiple networks to execute on a single server, simultaneously. Multichain comes with an API and a command-line interface that helps in setting up the chain of network. Multichain is based on Bitcoin's Blockchain. But you must configure the Multichain at every node, unlike Bitcoin where anyone can join the network and make transactions. The process of hand-shaking occurs when the nodes connect with each other. Multichain allows customers the management of the privacy of the chain, permissions, the block target time, block size and metadata. In Multichain, transaction fees and block rewards are null by default, but they can be customized, members can also be charged a yearly fee.

Some use cases of Multichain:

Asset ownership lifecycle
General immutable data storage

Technicalities:

Multichain comes with Native multi-currency support. It supports PHP, Python, C#, Ruby, JavaScript. It does not have its own cryptocurrency or smart contract.

If you need more guidance regarding choosing a platform, check our article The Best Blockchain For Your Business.

To learn more about the difference between private and public Blockchain platforms, click here.

Still unsure about which private blockchain platform to choose for your business needs? Talk to a Blockchain expert from Xord here and get FREE consultation.