Re: Private data : issues and problems #fabric #fabric-questions #fabric-dstorage

David Enyeart

I thought the open questions have been discussed... let me summarize and also share some new reference material...

(1) Data accuracy and agreement is the domain of the application, for example chaincode applications may require multiple parties to come to agreement on the data (regardless of channel data or private data), in addition to the technical endorsement and validation performed by peers. And private data can be shared and verified against the on-chain hashes as needed. Nobody is being tricked... each member is expected to inspect the chaincode application and understand any data/trust assumptions therein before joining the channel and transacting with the chaincode. As there have been misunderstandings about the various ways that private data can be used in applications (in this thread and others), the documentation has recently been extended to enumerate various usage patterns (some available in v1.4.x, some becoming available in upcoming v2.0):

(2) You don't need to open lines of communication with every peer, you only need to open lines of communication for the parties that you intend to transact with and share private data, to meet the endorsement policy and private data requirements as specified for the chaincode application. The degree that you rely on peer-to-peer dissemination of private data versus application dissemination of private data to peers of endorsing organizations is entirely up to you. Again, see the sharing pattens mentioned above for details.

I expect there would be general agreement that setting up networks is non-trivial - this is precisely why various vendors have stood up offerings around Fabric.

Dave Enyeart

"Ivan Ch" ---12/10/2019 09:58:04 PM---apparently the fabric maintainers has decided to falling deaf on this question. however the truth is

From: "Ivan Ch" <acizlan@...>
To: fabric@...
Date: 12/10/2019 09:58 PM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Private data : issues and problems #fabric #fabric-questions #fabric-dstorage
Sent by: fabric@...

apparently the fabric maintainers has decided to falling deaf on this question. however the truth is I've been contacted privately by some current fabric maintainers who agree with me, and due to whatever reason wouldn't speak out. regardless a problem is a problem, I am reposting the summary of all problems related to private data here:

Security issues

1) hashes put on chain don't have salt added to it, which is vulnerable to dictionary attack (solved)

Methodology issues

1) hashes on chain cannot be validated by any third party, so they can be used by adversaries to trick honest participants (open)
2) private data use gossip to transact data, which would require all participants be connected with any other participant part of a chain. if there are 20 participants in a channel, each participant must open up their firewalls to all other 19 participants of a single channel (open)

Engineering issues:

1) when using k8s and behind load-balancers or proxies, users do not even get a chance to use a shared port (in the aforementioned example, each participant can't even open firewalls to 19 other participants without extensive hacking, and I assumed all participants need to deployed these hacked code to make it work. (discussed)

patiently waiting for answers .....

Join to automatically receive all group messages.