Versions Compared

Version Old Version 64 New Version Current
Changes made by

Pritam Singh

Pritam Singh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Abstract

Use Cactus to implement integration between Fabric application such as the emissions data channel and Ethereum emissions token network:

  1. Replace the current ethers connection to Ethereum with Cactus to perform "atomic swap" between Ethereum and Fabric.  Cactus connector will call Ethereum to tokenize emissions records from Fabric, wait for the Ethereum blocks to record, then come back to Fabric to update the emissions records with the Ethereum token information.
  2. Instead of putting private key in a config file, use Cactus to integrate with AWS Secret Manager or the open source Vault
  3. Implement Vault Transit key signing for fabric transaction

Mentor and Mentee

MentorMentorMentorMentee

Si Chen

US PST

sichen@opensourcestrategies.com

Peter Somogyvari

US PST

peter.somogyvari@accenture.com

Kamlesh Nagware

IST

kamlesh.nagware@snapperfuturetech.com

Pritam Singh

IST

pkspritam10@gmail.com

...

Project repo: https://github.com/hyperledger-labs/blockchain-carbon-accounting/tree/mentorship-cactus-integration

Deliverables

  •  1 Cactus Fabric Connector on a feature branch of the carbon accounting tool Cactus Fabric Connector on a feature branch of the carbon accounting tool (proposed)
  •  Add business logic to the Cactus app that’s still missing (mostly the REST endpoints)
  •  3
  •  4
  • Replace direct dependence of carbon accounting application on fabric-node-sdk and ethers pkg with cactus packages. 
  •  Add Support for signing of HL Fabric Transactions with private key stored as transit key in vault server.
  •  Prevent  double minting of emissions token during `record audited emissions token` operation.
  •  Vault Identity management server for the carbon accounting application.

Milestones

Eval 1:

  •  a
  •  b
  • Replace direct dependence of carbon accounting application on fabric-node-sdk and ethers pkg with cactus packages. 

Eval 2:

  •  c
  •  d
  • Add Support for signing of HL Fabric Transactions with private key stored as transit key in vault server.

Eval 3:

  •  e. fPrevent  double minting of emissions token during `record audited emissions token` operation.

Eval 4:

  •  g.
  •  h.
  • Vault Identity management server for the carbon accounting application.

Timeline

WeekTask/PlanDeliverable
May 24 - May 28
  •  Clone and build cactus repository
  •  Clone and build blockchain-carbon-accounting repository
  •  Development environment setup 
May 31 - June 11
  •  Understand and try carbon accounting application
  •  Understand and try examples present in cactus repository
  •  Get cactus set up for blockchain-carbon-accounting working
  •  Project Plan
  •  Understanding of carbon accounting project
  •  Understanding of ledger integration using cactus
June 14 - June 25
  •  Refactor carbon accounting application to use cactus's ethereum connector
  •  Refactor carbon accounting application to use cactus's fabric connector
  •   Carbon accounting application uses cactus's ethereum connector
  •  Carbon accounting application uses cactus's fabric connector
June 28 - July 2
  •   Design request manager system
  •  Implement request manager chaincode
  •  Design of request manager system
July 5 - July 9
  •  Implement request manager chaincode
  •  Test request manager chaincode

Eval 1

  •  Request manager chaincode
  •  First Evaluation


July 12 - July 23
  •  Implement request manager client
  •  Test request manager client
  •  request manager client
July 26 - August 6
  •  Decide a approach for managing client's private keys
  •  Create a pull request to fabric-sdk-node for supporting asyn signing of messages
  •   Approach for managing/securing client's private key
August 9 - August 13
  •  Make singing with vault transit engine work
  •  Propose secure-fabric-connector to HL cactus
  •  fabric-sdk-node PR merged
  •  test vault Transit Engine as identity provider
August 16 - August 27
  •  Make PR to HL Cactus for supporting vault transit engine

Eval 2

  •  HL Cactus support vault transit engine
  •  Second Evaluation
August 30 - Sept 3
  •  Use vault signing inside carbon accounting's node application 
  •  Use vault or Metamask to sign Ethereum tokens
  •  carbon accounting's node application uses vault signing
  •  Demo of carbon accounting using Cactus, Vault signing
Sept 6 - Sept 17
  •  Vault Identity management server for the carbon accounting application.
  •   Vault Identity management server
Sept 20 - 24

Sept 27 - Oct 1


Eval 3



Oct 4 - Oct 15
  •  Update Documentation 
  •  updated Documentation 
Oct 18 - Oct 29
  •   Demo of End-to-End flow
  •   End-to-End flow demo
Nov 1 - Nov 5
  •  Prepare for Final evaluation
  •   Final evaluation
Nov 8 - Nov 12

Eval 4

Final evaluation and presentation of project 


...

Github issues macro
querylabels=mentorship-cactus
repoblockchain-carbon-accounting
userhyperledger-labs
token4

Explanation

Explanation of the project goes here.

Methodology

...

Replace direct dependence of carbon accounting application on fabric-node-sdk and ethers pkg with cactus packages :

carbon accounting application is a REST API server which connects to multiple ledgers (Ethereum and HL fabric ) to perform required business logic for the carbon accounting project. It was using fabric-node-sdk for making HL fabric transactions and ethers package for ethereum transactions.  In order to integrate hypelredger cactus with carbon accounting project, `fabric-node-sdk` is replaced with `@hyperledger/cactus-plugin-ledger-connector-fabric` and `ethers` with `@hyperledger/cactus-plugin-ledger-connector-xdai`

Add Support for signing of HL Fabric Transactions with private key stored as transit key in vault server.

fabric-node-sdk provide two different kind of approaches for managing client's private key.

  1. storing client's private key and certificate together on some database (which implements wallet interface). For this approach a rough flow goes something like this

    • client send request to org's application server to invoke or query chaincode using a give KEY.
    • org's application upon receiving the request , it fetches private key and certificate corresponding to KEY.
    • uses the fetched private key to sign fabric message in order to query or invoke chaincode.
      NOTE : developer of the application has to implement authentication for client's KEY

  2. store private key in HSM , but in this approach application and HSM have to be present on same physical machine (i.e HSM should directly be connected with machine running the application). This approach is mostly used for developing client's desktop application, which will be responsible for communicating with fabric peers.

  • Major Advantage in First approach : clients won't be responsible for communicating with fabric network
  • Major Disadvantage in First approach : all private key are stored in single database which leads to Honey pot for hackers to exploit .
  • Major Advantage in Second approach : client's private key are never exposed to org's application.
  • Major Disadvantage in Second approach : clients are responsible for communicating with fabric network

Now comes the fabric-secure-connector which only brings the advantages from both the approaches. Secure Fabric connector provides a solution to the fabric organization for managing their client's private key such that the client's private key is never brought to Node Server for singing.

Image Added


Reference : 

  1. https://github.com/hyperledger/cactus/issues/1212   (proposal to HL Cactus)
  2. https://github.com/hyperledger/cactus/pull/1243    (PR to HL cactus: feat(connector-fabric): add support for vault transit secret engine)
  3. https://github.com/hyperledger-labs/blockchain-carbon-accounting/pull/287 (PR : integration of vault signing in carbon accounting application)


Prevent  double minting of emissions token during `record audited emissions token` operation.

The `record emissions token` operation requires interaction with both ethereum and fabric network, due to which a problem of double minting of token for same emissions is introduced. To solve this dataLock chaincode is developed.

DataLock Chaincode :

It's a Fabric chaincode for locking fabric data, while transactions related to the locked data are executed on different ledger/dataSource. Use of MVCC (Multiversion concurrency control) makes fabric a perfect blockchain for locking data. In fabric, MVCC is used for the solving double spending problem. DataLock uses the same facts, such that a single process with a unique id can only acquire lock. To minimize number of call to fabric, business logic of data chaincode can be called from DataLock chaincode before locking or unlocking.

Image Added


Reference : 

  1. More Details : https://github.com/hyperledger-labs/blockchain-carbon-accounting/tree/main/utility-emissions-channel/chaincode/datalock

Vault Identity management server for the carbon accounting application.

Server exposing endpoint for clients to manage their vault identity. Each client is represented a identity inside vault with certain policy rule placed on them. Using this server two type identity can be created.

  1. Client : Has access to managing one transit key.
  2. Manager : Identity responsible for create client's identity.

Reference

  1. More Details : https://github.com/hyperledger-labs/blockchain-carbon-accounting/tree/main/secure-identities/vault-identity
  2. PR : https://github.com/hyperledger-labs/blockchain-carbon-accounting/pull/326

Methodology


  1. Design : Each new components/idea is first designed using PlantUML
  2. Make It Work : This is the first iteration of the design implementation.
  3. Refactor/Optimise :   All the implementation are further refactored and optimised.
  4.  Write Test : For the correctness and maintainability unit, integration and end-to-end test are added to the code base.