(View presentation in full-screen mode for compatibility)
2019 is shaping up to be the pivotal point of broad adoption of blockchain technologies, thanks to the large amount of projects in the enterprise space. Among the top concerns of blockchain projects in the private sector and government alike are privacy and scalability. This talk will cover various technologies such as identity masking, data isolation, zero-knowledge proof, homomorphic encryption that helps keep private data protected from unintended parties, and technologies for improving scalability such as state/payment channels, sharding, and novel consensus algorithms.
Scale your database traffic with Read & Write split using MySQL Router
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
1. THE BLOCKCHAIN BUSINESS CLOUD
ADVANCED BLOCKCHAIN TECHNOLOGIES
ON PRIVACY AND SCALABILITY
Jim Zhang, Co-founder, Head of Protocol Engineering
Kaleido, The Blockchain Business Cloud
2. Agenda
• What makes Jim from Kaleido qualified for this topic?
• Privacy
• Scalability
3. The Blockchain Business Cloud
Full Stack Blockchain Platform for Modern Business Networks
Business Networks Made Radically Simple For the Enterprise
4. Kaleido sits at the intersection of world’s largest
blockchain company and the world’s leading clouds
Largest cloud infrastructure provider
61 Availability Zones across 20 Regions,
Complimentary services
A leading pure-play blockchain company
Global consulting. Deep blockchain expertise
1,200+ specialists in 30+ countries
Early Pioneer of blockchain technology
100+ datacenters across 54 regions
Complimentary services
THE BLOCKCHAIN BUSINESS CLOUD
6. BLOCKCHAIN NETWORK
LEDGER & SMART CONTRACTS
OFF-CHAIN STACK
DECENTRALIZED TECH
APPLICATION
APPS & MIDDLEWARE
The chain is
of a complete
blockchain solution 5%
45%
50%
Typical projects have over 40 components
Modernizing Business Networks
7. Enterprise IntegrationCollaboration Services
Digital Assets Cryptography API Gateway
Data Feeds B2B Messaging Connectors
Off Chain On Chain Data BusData
Full Stack blockchain for the
modern business network
Middleware
App
Blockchain Network
Privacy Blockchain First EventsTransaction
8. Cross-Cloud:
One Chain, Many Clouds
Kaleido’s platform offers a single, seamless experience across
participants to build and manage blockchains running across
Microsoft Azure and AWS
Multi-Region:
Start Anywhere, Grow Anywhere
Start your consortium in any available cloud region and enable
members to join from their geography of choice.
Hybrid Deployment: Run Behind Your Own
Firewall
Deploy the Kaleido stack on your own on-premise node and
integrate seamlessly into broader business network.
Only Kaleido delivers multi-region, cross-cloud,
and hybrid deployments
On-prem
Private cloud
Org C: Kaleido Private Stack
Org A: AWS Org B: Azure
12. Quick Refresher on Blockchain
• Foundational properties of a blockchain:
• Shared ledger
• Shared view of transactions order
• Trustless model
• Do not trust others’ records
• Independent validation of proposed blocks (order of transactions)
• Independent execution of transactions
• Consensus
• All copies of the ledger are guaranteed to be identical (fraudulent records are easy to
discover and dispute)
13. Privacy is inherently challenging in blockchain
• The most valuable property of blockchain is data immutability
• Which is achieved by having multiple parties maintain a shared ledger
• Transactions are independently executed by nodes while validating
blocks
• As a result, both transaction input and state are globally shared
throughout the network participants
• How can privacy be achieved in such an architectural context?
14. Technique #1: Data Isolation
• Only a subset of the network participants get the transaction input,
others do not know such transactions have happened
• States are inherently partitioned: there are many separate state trees
corresponding to private transactions
• It’s also important to have a reference of commitment in the global
shared ledger to ensure security of the private transactions (eg. For
dispute resolution when private parties do not agree with private
states)
• Examples: EEA Private Transactions (Quorum, Hyperledger Besu),
Hyperledger Fabric private data collections
15. Technique #2: Separate Blockchains
• Most enterprise use cases dictate permissioned blockchains, such
that data is not accessible to external parties
• Setting up different instances of permissioned blockchains, among
different groups of private transactions, to keep transactions private
• Overhead can be high, although with Hyperledger Fabric’s channel
design, single node can participate in multiple networks
• Can still be a costly pattern given the number of permutations
required to satisfy privacy among a large number of participants
16. Technique #3: Address Generation
• Only addresses anonymity
• Use a new address for every transaction, making it impossible to link
signing keys to real world identity
• Hides trading patterns
• Typically using key derivation from a master seed to avoid tracking a
large number of signing keys
• e.g BIP32 compliant Hierarchical Deterministic wallets
17. Technique #3: Trusted Compute
• The idea is that:
• Transaction inputs are hidden,
• but the processing logic is public,
• such that the computations involved in the state transfer can be performed
only by the transaction participants
• but others can be convinced that the computations are done
correctly/honestly
• “I may not know what you did, but I know you did it
honestly/correctly”
18. Different types of Trusted Compute
• Zero Knowledge Proof (ZKP)
• Using advanced cryptography, present a proof that only the transaction
submitter can generate, and ask all participants to verify for correctness
• Trusted Execution Environment (TEE)
• Execute the transaction on a special hardware based environment, and be
assured the code involved match expected processing logic
19. Zero Knowledge Proof
• A cryptographic protocol
• Actors: prover, verifier
• Goal: prover to convince the verifier of the possession of knowledge
X, without disclosing what X is
20. ZKP – An illustrative explanation
• Alice to Prove: Knowledge of a Sudoku puzzle solution
Prover Verifier
21. ZKP – An illustrative explanation
• Step 1: Alice to permute the solution by using different numbers, 1-
>5, 2-> 7, 3->2, etc.
Prover Verifier
22. ZKP – An illustrative explanation
• Step 1: mask the solution, called a “commitment”
Prover Verifier
commitment
23. ZKP – An illustrative explanation
• Step 2: present the commitment to Bob
commitment
Prover Verifier
24. ZKP – An illustrative explanation
• Step 3: Bob randomly picks a unit (row, column or 3x3 square) and asks
Alice to reveal the (permuted) solution; Bob verifies for correctness
Prover Verifier
25. ZKP – An illustrative explanation
• Step 4: Alice permutes the solution again to get a different set of
numbers (still mapped from the original solution)
Prover Verifier
26. ZKP – An illustrative explanation
• Step 5: Bob randomly picks another unit and asks Alice to reveal the
(permuted) solution again
Prover Verifier
27. ZKP – An illustrative explanation
• After enough rounds, Bob is convinced that Alice must know the
correct answer to be able to nail each requested unit, randomly
decided by the verifier
• Zero Knowledge Proof is a probabilistic proof
Prover Verifier
28. ZKP – cryptographic components*
• Secure hashing (to produce commitments)
• Homomorphic encryption (to hide verifier’s challenge)
• Cryptographic pairing (to make the protocol non-interactive and
operate on encrypted public parameters from trusted setup)
* Based on zkSNARKs protocol
29. ZKP – comparing protocols
Proof
Verification
Time
Proof Size Utility Trusted Setup
zkSNARKs Short Constant (228 bytes for 128bit
security)
General purpose Needed
Bulletproof Long Logarithmic to complexity of the
arithmetic circuits
Numeric operations,
Range proofs
Not needed
zkSTARKs General purpose Not needed
30. Trusted Execution Environment
• Hardware based secure enclave where code and data are protected
against malicious access, even if attacker gained admin privilege
• Both confidentiality (can not steal what’s inside the enclave) and
integrity (can be ensured the right code is executed) are protected
• Provides remote attestation on the code and data inside the enclave
• Examples:
• Intel SGX (Software Guard Extension)
• IBM SSC (Secure Service Container)
• ARM TrustZone
31. TEE - How It Works and Why It Matters
• “Enclaves” are special regions of memory that is only accessible to
CPUs, not even system administrator can see what’s inside
• “Attestation” is equivalent to a proof in ZKP, that can convince a
verifier of correct computation
• Therefore, using TEE to process transactions and sending either the
encrypted result or hash to the blockchain, guarantees confidentiality
32. Enterprise Ethereum Alliance Trusted Token Dapp
– A Reference Implementation of Hyperledger
Avalon
Admin Scope
TEE
Listener
Registered WorkerUser Scope Blockchain
SGX VM Cluster
JWT
Secret
Provision
Transaction
Data
Storage
Encrypted
Tx Requests
SMS
TEE
App
Intel SGX Enclave
33. Kaleido Offers Wide Range of Privacy Features
• Data Isolation
• Kaleido supports EEA Compliant Private Transactions via Quorum, Hyperledger Besu
• Separate blockchains
• streamlined onboarding, same Kaleido attested organizational identifies can be re-used in many
instances of blockchains
• Address generation
• BIP32 compliant HD Wallet in Kaleido marketplace
• Zero Knowledge Proof
• Zero Knowledge Token Transfer service in Kaleido marketplace; QEDIT as a partner service
• Trusted Execution Environment
• Kaleido is a founding member of Hyperledger Avalon, the latest project to utilize trusted
compute in blockchains
36. Decentralization in Enterprise Blockchains
• Unlike public blockchains, enterprise blockchains are almost always
built with permissioned networks, where all identities are known to
be linked to real world entities
• This gives consortiums legal tools that are not available to public
blockchains
• As such, decentralization in enterprise blockchains are not achieved
with massive number of nodes, but with competing real world
interests (thus making collusions costly)
37. Achieving Scalability
• Increased block size
• More efficient consensus algorithms, instead of PoW, use:
• Crash fault tolerance – Raft, Kafka (zookeeper)
• Byzantine fault tolerance – IBFT, Tendermint
• Off-chain (“layer-2”) transactions
• state channels
• Trusted Execution Environment
• Sharding
• Split smart contracts and accounts among instances of blockchains, and have
a single coordinating chain to ensure security (consensus)
• Eth2.0