-
Notifications
You must be signed in to change notification settings - Fork 91
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
1 changed file
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| # Trusted Ledger (TLCC) | ||
|
|
||
| The purpose of TLCC is to establish a trusted view of the ledger (inside an enclave) | ||
| and enable ECC to verify ledger state receiveed from the (untrusted) peer. | ||
|
|
||
| ## Requirements | ||
|
|
||
| - ECC can query integrity metadata to validate ledger state received from the peer. | ||
| - TLCC must be synronized with peer's ledger state | ||
| - Secure (authenticated) channel between ECC and TLCC to query metadata; | ||
| - ECC must perform queries on a snapshot during a single transaction invocation | ||
| - TLCC must provide identity validation (orderer, msp, etc...) | ||
| - TLCC must provide channel metadata (chaincode definition) | ||
| - Maintaining FPC chaincode state only is sufficient | ||
| - Validate "normal" Enclave Registry (ERCC) transactions; however, ERCC comes with "hard-coded" endorsement policy | ||
|
|
||
|
|
||
|
|
||
| ## Approach | ||
|
|
||
| Restrict Fabric functionality | ||
|
|
||
| - Reduces validation logic to a minimum | ||
| - Minimizes catch-up play with Fabric validation changes | ||
| - Relax the notion of endorsement policy; | ||
| - Simplify chaincode versioning | ||
| - No support for custom endorsing/validation plugins for non-FPC chaincodes | ||
| - Support for default MSP only | ||
| - Any transactions/blocks with unsupported features are ignored/aborted | ||
|
|
||
| Defined process to: | ||
| - keep redundant validation code (in stock peer and TLCC) in sync | ||
| - keep code relation traceable and changes trackable | ||
| - consistent naming and code structure as much as possible | ||
| - bonus: automated code-changes notification; notifies whenever Fabric code changes and FPC must be updates. | ||
|
|
||
| ### Non-features | ||
|
|
||
|
|
||
| ## Design | ||
|
|
||
| Access control | ||
| - check org is "writer" | ||
|
|
||
| MSP: | ||
| - Implement X509-based MSP | ||
|
|
||
| Endorsing: | ||
| - Phase1: Designated enclave only | ||
| - Phase2: Any enclave that runs a particular FPC chaincode | ||
|
|
||
| Versioning: | ||
| - single autonomously monotonously increasing version number | ||
|
|
||
| Validation: | ||
| - Introduce FPC transaction type (similar to introduce FPC namespace) and create | ||
| a dedicated FPC tx processor; (removes the need of custom validation plugins and interference with existing Fabric validation logic; and also gives more freedom to FPC validation logic as no it not longer bound to the structure and format of endorsement transaction). | ||
| - Support for (subset of) endorsing policies | ||
| - Lifecycle (a majority of Orgs) (See [Link](https://hyperledger-fabric.readthedocs.io/en/release-2.2/chaincode_lifecycle.html#install-and-define-a-chaincode)) | ||
| - ERCC (same as lifecycle) | ||
| - FPC Chaincode (see above) | ||
| - Parse chaincode definitions | ||
| - Config blocks are validated by the ordering service ([see code](https://github.com/hyperledger/fabric/blob/f27912f2f419c3b35d2c1df120f19585815eceb0/orderer/common/msgprocessor/standardchannel.go#L131)) | ||
| - Validate Signatures: | ||
| - block signatures | ||
| - FPC endorsement signatures | ||
| - ERCC endorsement signatures | ||
|
|
||
| ## Development plan | ||
|
|
||
| ### short term | ||
| See approach above | ||
| ### mid/long term | ||
| Re-use Fabric code components inside trusted ledger enclave. This requires further development on go-support for SGX. Although some PoC based on graphene for go are already available but seems not be stable yet. | ||
|
|
||
|
|
||
|
|
||
| ### QA process | ||
|
|
||
| ## Implementation | ||
|
|
||
| - nanopb to parse fabric protos (alternatively we could try to use real proto for c) | ||
| - data state : levldb | ||
| - pros: | ||
| + snapshots; | ||
| + batchWrites | ||
| + c++ implementation open source | ||
| - cons: | ||
| + persistence needs syscalls |