Privacy and Confidentiality With Hyperledger Fabric

Lately, news of significant data breaches suffered by industries of every stripe surfaces on a weekly basis. Both individuals and businesses have become aware of the critical need for preserving the privacy of data. Privacy is the right to control the degree to which you will share your information with others, while confidentiality comprising a set of mechanisms that can be used to enforce privacy of information.

Blockchain technology has inspired novel techniques to help address privacy concerns in a decentralized setting. However, as different blockchain systems come with different privacy features and models, each use case will dictate what approach or blockchain technology is required each time.

Challenges of Using Blockchain for Business

Public permissionless blockchains, such as Bitcoin, were the first to face privacy challenges because transaction details are shared ubiquitously in the clear, and recorded on the public ledger. Given that identities in public permissionless blockchains are pseudonymous, having the transaction details shared ubiquitously might not seem a problem. Yet, for many types of transactions, regulatory requirements such as Anti-Money Laundering (AML) and Know Your Customer (KYC) require that identity be known.

However, when you combine known identities with transparent data, privacy is compromised.

Permissioned blockchains have emerged as an alternative to public permissionless ones to address the need to have known and identifiable participants while at the same time enabling privacy through a variety of confidentiality enforcing mechanisms.

Confidentiality Mechanisms in Hyperledger Fabric

Hyperledger Fabric is a permissioned blockchain with a membership infrastructure that enables participants of the network to not only strongly authenticate themselves in transactions but also to prove authorization to perform a variety of system operations, e.g., reconfiguration. Starting from its permissioned nature, Hyperledger Fabric offers a variety of confidentiality mechanisms to accommodate varying degrees of managing privacy, depending on the use case.

Channels

Hyperledger Fabric implements a channel architecture that can be used in certain use cases to offer privacy. A channel can be thought of as a virtual overlay blockchain network, that sits on top of a physical blockchain network. Because channels employ their own transaction ordering mechanism, they provide scalability, allowing for effective ordering and sharing of huge amounts of data. Channels in Hyperledger Fabric are configured with access policies that govern access to the channel’s resources, i.e., chaincode, transactions, and ledger state, restricting access to information exclusively within the membership in the channel.

There are a variety of use cases for which channels work well. However, the Hyperledger Fabric community has not been idle, we have been delivering innovation at a furious pace to bring even greater control and flexibility to ensuring the privacy of your enterprise blockchain solution that will be available in the coming quarterly releases.

Private Transactions

Private transactions offer transaction privacy at a more fine-grained level than channels. With private transactions, the sensitive data (which we refer to as private data) is distributed peer-to-peer amongst parties relevant to the transaction, while only the hashes of that data are recorded on the shared/public ledger. The private data is stored in a database local to the authorized parties and maintained by the Fabric infrastructure. This database is updated alongside the public ledger as transactions containing references to private data are committed. The hashes on the public ledger serve as verifiable proof of the data.

This feature is especially useful in cases where, for regulatory or legal reasons, private data is not allowed to reside off the premise of the parties involved in the transaction. A representative example is from the healthcare sector where health information in certain ages should only be released for a specified amount of time, e.g., a patient's prescription history be made available to a specialist doctor for a period of time before a specific surgery occurs. Private transactions would ensure data confidentiality in only allowing the patient and the specialist to see the information for a specified amount of time while also recording the hash of the data as evidence that the transaction occurred.  Privacy is achieved in that there is control over who can access the actual sensitive data.

Zero-Knowledge Proof-Based Technologies

Zero-Knowledge Proof (ZKP) primitives offer the ability for a party who possesses a secret (the prover) to prove to another party (the verifier) that its secret satisfies a certain set of properties (knowledge) without revealing the actual secret (zero-knowledge). There are two privacy aspects within Hyperledger Fabric that will be addressed using ZKPs.

Anonymous Client Authentication With Identity Mixer

Idemix will be available as a formally released feature in Hyperledger Fabric 1.2. It leverages ZKP to offer anonymous authentication for clients in their transactions. ZKP protocols take place between the Fabric client whose secret is its actual identity – and any attributes associated with it – and the rest of network entities, e.g., its peers. These entities wish to verify that the creator of a transaction is a member of a particular organization (a.k.a. membership proof), or that it is in possession of a specific set of attributes (a.k.a. selective disclosure of attributes). In both cases, the protocols guarantee that nothing is revealed about the client’s identity beyond whether the corresponding statement is true. As a basic example to demonstrate the power of ZKP, if you show your ID to the bouncer at a bar, you end up showing him your name, your address, and your age.  If you used ZKP, you would be able to transform your id into another form that would preserve the fact that it is a valid ID and the fact that you meet the bar’s age requirements, but while concealing your name, address, and exact age.

ZKAT (Zero-Knowledge Asset Transfer)

First demonstrated at Consensus 2018, is a capability that we call ZKAT. This feature will be landing in the next release beyond Hyperledger Fabric 1.2. It will integrate ZKP to a wider range of applications targeting asset management. ZKAT allows transactors to issue assets and request transfer of their assets in a way such that they do not reveal anything to the public ledger for the assets being exchanged beyond the fact that the transfer complies with the asset management rules (i.e., each asset is transferred after its owner's request, and there is no new value created through the transfer). ZKAT is built on top of anonymous authentication mechanisms offered by Identity Mixer.

As opposed to other privacy-preserving asset management systems for Blockchain, ZKAT is tailored to the needs of enterprise networks. In particular, auditability of the privacy-preserving transactions comes as a crucial feature differentiation from the other competing schemes in the market. Each user is assigned a specific auditor that is entitled unlimited access to all the transactions of that user. The auditors are passive, i.e., may come in afterward and extract the confidential information of all transactions the audited user is involved in, but without being able to access the data for any other party.

Beyond the basic essence of zero-knowledge proofs, as defined above, the ZKAT demonstration also includes the secure auditing capability. Audit-enabled privacy is useful, particularly in financial use cases. Banks make money by lending at rates higher than the cost of money they acquired. As a result, if a bank were to use a blockchain network with this advanced ZKP capability applied, they would want to be able to exchange assets (money) and record the corresponding transactions in the shared ledger without revealing the fact that they are transacting, with whom they transact, or the amount of the assets they are exchanging in their transactions.

Failure to do so would clearly compromise their confidentiality regulations, and expose their business models. With zero-knowledge proof, transactions containing verifiable proof that the asset (money) is exchanged are available on the ledger, without revealing the lending rates or the quantity and parties a bank trades, allowing the bank at any particular point in time to understand the liquidity of what they have in cash. The additional advantage with Hyperledger Fabric is they can now be audited based on ZKAT.

Conclusion

As you can see, the Hyperledger Fabric community is working hard to deliver enterprise-grade technologies for blockchain use beyond the basic crypto-currency applications. If you are in NYC this week for Consensus 2018, please do stop by the IBM booth and check out these new innovations for Hyperledger Fabric! If you are interested in learning more about these technologies, please check out our longer article. It goes into much greater detail.