Professional Documents
Culture Documents
07 BCT Hyperledger Fabric
07 BCT Hyperledger Fabric
07 BCT Hyperledger Fabric
Source: Androulaki, Elli, et al. "Hyperledger fabric: a distributed operating system for permissioned blockchains." Proceedings of
1
the thirteenth EuroSys conference. 2018.
2
Limitations of earlier Permissioned Blockchains
• Consensus, often hard-coded within the platform, contradicts the well-established
understanding that there is no “one-size-fits-all” (BFT) consensus protocol
• The trust model of transaction validation is determined by the consensus protocol
and cannot be adapted to the requirements of the smart contract
• Smart contracts must be written in a fixed, non-standard, or domain-specific
language - hinders wide-spread adoption and may lead to programming errors
• The sequential execution of all transactions by all peers limits performance
• Complex measures are needed to prevent denial-of-service attacks against the
platform originating from untrusted contracts (such as accounting for runtime with
“gas” in Ethereum)
• Transactions must be deterministic, which can be difficult to ensure
programmatically
• Every smart contract runs on all peers, which is at odds with confidentiality, and
prohibits the dissemination of contract code and state to a subset of peers. 3
Order-Execute Architecture in Replicated Services [1]
• Hard-coded consensus.
• Virtually all blockchain systems, permissioned or not, come with a hard-coded
consensus protocol. However, there is no such “one-size-fits-all” solution.
• BFT protocols differ widely in their performance when deployed in potentially
adversarial environments -- when moving from LAN to a WAN
• BFT consensus should be inherently reconfigurable and ideally adapt dynamically to a
changing environment
• Another important aspect is to match the protocol’s trust assumption to a given
blockchain deployment scenario.
• Replace BFT consensus with a protocol based on an alternative trust models like XFT
or a CFT protocol, such as Paxos/Raft and ZooKeeper, or even a permissionless
protocol like PoW. 10
Hyperledger Fabric
• Hyperledger Fabric or simply Fabric is an open-source blockchain platform.
• https://www.hyperledger.org/use/fabric
• Fabric is one of the projects of Hyperledger under the auspices of the Linux
Foundation.
• Fabric is a distributed operating system for permissioned block-chains
• Executes distributed applications written in general-purpose programming languages
(e.g., Go, Java, Node.js).
• Securely tracks its execution history in an append-only replicated ledger data structure
• Has no cryptocurrency built in
• Fabric’s general purpose nature has found application across different
industries and use cases
• dispute resolution, trade logistics, FX netting, food safety, contract management,
diamond provenance, rewards point management, low liquidity securities trading and
settlement, identity management, settlement through digital currency, etc.
11
Hyperledger Fabric
• Hyperledger Fabric embraces a modular architecture with key components
that include:
• An ordering service atomically broadcasts state updates to peers and
establishes consensus on the order of transactions.
• A membership service provider (MSP) is responsible for associating peers
with cryptographic identities. It maintains the permissioned nature of Fabric.
• An optional peer-to-peer gossip service disseminates the blocks output by
ordering service to all peers.
• Smart contracts in Fabric run within a container environment for isolation.
They can be written in standard programming languages but do not have
direct access to the ledger state.
• Each peer locally maintains the ledger in the form of the append-only
blockchain and as a snapshot of the most recent state in a key-value store.
12
Execute-order-validate architecture of Fabric
▪ Each peer then validates the state changes from endorsed transactions with
respect to the endorsement policy and the consistency of the execution in the
validation phase.
▪ All peers validate the transactions in the same order and validation is
deterministic.
▪ Fabric introduces a novel hybrid replication paradigm in the Byzantine model,
which combines passive replication (the pre-consensus computation of state
updates) and active replication (the post-consensus validation of execution
results and state changes). 16
Roles played by Nodes in Fabric [1]
▪ A Fabric blockchain consists of a set of
nodes that form a network
▪ Fabric is permissioned, all nodes that
participate in the network have an
identity, as provided by a modular
membership service provider (MSP)
▪ Nodes in Fabric take up one of the
three roles:
▪ Clients submit transaction proposals for
execution, help orchestrate the execution
phase, and, finally, broadcast transactions
for ordering.
17
Roles played by Nodes in Fabric [2]
▪ Peers execute transaction proposals and
validate transactions.
▪ All peers maintain the blockchain ledger, an
append-only data structure recording all
transactions in the form of a hash chain, as
well as the state, a succinct representation of
the latest ledger state.
▪ A transaction is implemented by a Chaincode,
which has to adhere to a policy.
▪ This policy specifies a subset of peers, called
endorsing peers (or simply endorsers)
▪ Thus, all peers do not execute all transaction
proposals
18
Roles played by Nodes in Fabric [3]
▪ Ordering Service Nodes (OSN) (or, simply,
orderers) are the nodes that collectively form
the ordering service.
▪ The ordering service establishes the total order
of all transactions in Fabric
▪ Each transaction contains:
▪ state updates and dependencies computed during
the execution phase
▪ Cryptographic signatures of the endorsing peers.
▪ Orderers are entirely unaware of the
application state, and do not participate in the
execution nor in the validation of transactions.
▪ This design choice renders consensus in Fabric
as modular as possible and simplifies
replacement of consensus protocols.
19
Roles played by Nodes in Fabric [4]
▪ A Fabric network can supports multiple
blockchains connected to the same ordering
service.
▪ Each such blockchain is called a channel and
may have different peers as its members.
▪ Channels can be used to partition the state
of the blockchain network.
▪ Consensus across channels is not
coordinated and the total order of
transactions in each channel is separate
from the others.
▪ Certain deployments that consider all
orderers as trusted may also implement by-
channel access control for peers. 20
A Sample Hyperledger Fabric Network [1]
▪ Four organizations: R1, R2, R3 and R4 have jointly decided to set up and
operate a Hyperledger Fabric network.
▪ R4 is the network initiator – that will set up the initial version of the network.
▪ R4 will not perform business transactions on the network. 21
A Sample Hyperledger Fabric Network [2]
▪ Channel C2 is governed according to the policy rules specified in channel configuration CC2
and is under the control of organizations R2 and R3.
▪ An ordering service O4 uses the system channel & services as a network administration point
for N
▪ O4 also supports application channels C1 and C2, for the purposes of transaction ordering
into blocks for distribution.
▪ Each of the four organizations has a preferred Certificate Authority. 25
Execute Phase [1]
▪ In the execution phase, clients sign and
send the transaction proposal to one or
more endorsers for execution.
▪ A proposal contains:
▪ Identity of the submitting client (according to
the MSP)
▪ Transaction payload in the form of an operation
to execute, parameters, and the identifier of
the chaincode,
▪ A nonce to be used only once by each client
(such as a counter or a random value)
▪ A transaction identifier derived from the client
identifier and the nonce. ▪ The chaincode runs in a Docker
▪ The endorsers simulate the proposal, by container, isolated from the main
executing the operation on the specified endorser process.
26
chaincode
Execute Phase [2]
▪ Each endorser produces:
▪ a value writeset, consisting of the state
updates produced by simulation (i.e., the
modified keys along with their new values)
▪ a readset, representing the version
dependencies of the proposal simulation (i.e.,
all keys read during simulation along with their
version numbers).
▪ The endorser cryptographically signs a message
called endorsement, which contains readset and
writeset (together with metadata such as
transaction ID, endorser ID, and endorser
signature) and sends it back to the client in a
proposal response ▪ The client creates the transaction
and passes it to the ordering
▪ The client collects endorsements until they satisfy
the endorsement policy of the chaincode
service
27
Execute Phase [3]
▪ Endorsers do not synchronize with other endorsers
▪ Two endorsers may execute it on different states of
the ledger and produce different outputs.
▪ For the standard endorsement policy which
requires multiple endorsers to produce the same
result, this implies that under high contention of
operations accessing the same keys, a client may
not be able to satisfy the endorsement policy.
▪ No single peer is trusted for correct execution in a
blockchain.
▪ This design considerably simplifies the architecture
and is adequate for typical blockchain applications.
▪ Tackle DoS attacks from untrusted
▪ Executing a transaction before the ordering phase chaincode as an endorser can simply
is critical to tolerating non-deterministic abort an execution according to a local
chaincodes. policy if it suspects a DoS attack.
28
Ordering Phase [1]
▪ Once a client has collected enough endorsements
on a proposal it assembles a transaction and
submits this to the ordering service.
▪ The transaction contains the transaction payload
(i.e., the chaincode operation including
parameters), transaction metadata, and a set of
endorsements.
▪ The ordering phase establishes a total order on all
submitted transactions per channel.
▪ Ordering atomically broadcasts endorsements and
thereby establishes consensus on transactions,
despite faulty orderers.
▪ Only relatively few nodes are expected
▪ Grouping or batching transactions into blocks by to implement the ordering service.
the Ordering Service improves the throughput of
the broadcast protocol, which is a well-known ▪ A built-in gossip service can disseminate
technique used in fault-tolerant broadcasts. delivered blocks from the ordering
29
service to all peers
Ordering Phase [2]
▪ The ordering service does not maintain any state of
the blockchain, and neither validates nor executes
transactions.
▪ This architecture is a crucial, defining feature of
Fabric, and makes Fabric the first blockchain system
to totally separate consensus from execution and
validation.
▪ This makes consensus as modular as possible, and
enables an ecosystem of consensus protocols
implementing the ordering service.
▪ Note that the ordering service does not prevent
transaction duplication.
▪ This simplifies its implementation and is not a
concern
▪ Duplicated transactions are filtered in the read-
write check by the peers during validation. 30
Validation Phase [1]
▪ Blocks are delivered to peers either directly by the
ordering service or through gossip.
▪ A new block then enters the validation phase which
consists of three sequential steps:
▪ The endorsement policy evaluation occurs in
parallel for all transactions within the block.
▪ The evaluation is the task of the so-called validation
system chaincode (VSCC)
▪ VSCC is a static library and a part of the blockchain’s
configuration. It is responsible for validating the
endorsement with respect to the endorsement
policy configured for the chaincode
▪ If the endorsement is not satisfied, the transaction
is marked as invalid and its effects are disregarded.
31
Validation Phase [2]
▪ Second, a read-write conflict check is done for all
transactions in the block sequentially.
▪ For each transaction it compares the versions of
the keys in the readset field to those in the current
state of the ledger, as stored locally by the peer,
and ensures they are still the same.
▪ If the versions do not match, the transaction is
marked as invalid and its effects are disregarded.
▪ The ledger update phase runs last, in which the
block is appended to the locally stored ledger and
the blockchain state is updated.
▪ The results of the validity checks in the first two
steps are persisted as well
▪ This facilitates the reconstruction of the state at a
later time.
32
Trust and Fault Model [1]
▪ Fabric can accommodate flexible trust and fault
assumptions.
▪ In general, any client is considered potentially
malicious or Byzantine.
▪ Peers are grouped into organizations and every
organization forms one trust domain, such that a
peer trusts all peers within its organization but no
peer of another organization.
▪ The ordering service considers all peers (and
clients) as potentially Byzantine.
▪ The integrity of a Fabric network relies on the
consistency of the ordering service.
▪ The trust model of the ordering service depends
directly on its implementation
33
Trust and Fault Model [2]
▪ Different Implementations
▪ A centralized, single-node implementation,
▪ a CFT (Crash Fault Tolerance) ordering service running on
a cluster
▪ A third implementation, a proof of concept based on
BFT-SMaRt that tolerates up to one third of Byzantine
OSNs.
▪ Note that Fabric decouples the trust model for
applications from the trust model of consensus.
▪ A distributed application can define its own trust
assumptions, which are conveyed through the
endorsement policy.
▪ They are independent from those of consensus
implemented by the ordering service.
34
A Fabric network with federated MSPs and running
multiple chaincodes
36
Transaction Flow in Hyperledger Fabric [1]
▪ Consider a standard asset exchange, for example, two clients, A and B, who are buying
and selling radishes.
▪ Each one has a peer on the network through which they send their transactions and
interact with the ledger.
▪ Assumptions
▪ A channel is set up and running.
▪ The application user has registered and enrolled with the organization’s Certificate Authority (CA)
and received back necessary cryptographic material, which is used to authenticate to the network.
▪ The chaincode (containing a set of key value pairs representing the initial state of the radish market)
is installed on the peers and deployed to the channel.
▪ The chaincode contains logic defining a set of transaction instructions and the agreed upon price for
a radish.
▪ An endorsement policy has also been set for this chaincode, stating that both peerA and peerB must
endorse any transaction. 37
Transaction Flow in Hyperledger Fabric [2]
39
Transaction Flow in Hyperledger Fabric [4]
• Ledger updated
• Each peer appends the block to the channel’s chain, and for each valid transaction the
write sets are committed to current state database.
• An event is emitted by each peer to notify the client application that
• the transaction (invocation) has been immutably appended to the chain
• whether the transaction was validated or invalidated.
• Without listening for transaction events, applications will not know whether the
concerned transaction has actually been ordered, validated, and committed to the
ledger.
45
Transaction Flow in Hyperledger Fabric: Swimlane
Sequence Diagram
1. Client A initiates a
transaction
2. Endorsing peers verify
signature & execute
the transaction & send
back responses
• Proposal
responses are
examined
3. Client assembles
responses into a
transaction and sends
it to the ordering peers
4. Transaction is validated
and committed. The
ledger is updated.
46
Thanks