Re: [Hyperledger Project TSC] IBM whitepaper

benedikt herudek <benedikt.herudek@...>

Hi Chris,

excellent paper !

Below two remarks / questions around Identity Management vs Consensus and one suggestion concerning data privacy on permissioned blockchains.

Interested in anyone's view.



1st remark: Chain Language, Turing halting problem & native currency:

Understand, you don't introduce a native OBC currency. It seems you might introduce a native OBC language in the future. But at the moment, you support existing languages like go.

Without a native currency, but with a full turing complete language, how will you address someone introducing mailicious code running through endless loops and eating up ressources ? Ethereum wants to address this with the notion of gas, so transactions running too long and not having the ressources will just get halted and rolled back. That is inherently connected to having participants pay for transactions. Hence, having a native cryptocurrency as part of a blockchain seems to offer a good mechanism to block such attacks.

Is the implicit assumption here that enterprise permissioned blockchains have a lesser risk of such intruders and hence, if we establish identity of blockchain participants and have auditors over the network, we would get on top of such intruders anyways ?

2nd remark: Trusted Ledger: Identity Management & Consensus Mechanism:

The OBC you suggests offers participants to plug in their own consenus mechanism. It seems one could even use the OBC architecture without a consensus mechanism:

In that case it might be (see 1st remark) the implicit assumption is we establish identity of participants in blockchains to restrict access and audit members and with ensuring this, we have eventually only trusted members (we dont let others in or remove them) in the network. The need for 'unbreakable' consensus mechanisms like bitcoin proof of work for a permissionless network (everyone can plugin) might become lesser of a concern.

One might think Identity Management introduces a notion of centralization (you also address this point here: into a blockchain. But for enterprise transactions, having identity management is just indispensable.

My concern would however be to overstress Identity Management compared to consensus as the underlying mechanism to ensure we have trusted data in a shared ledger. Having Consensus optional and Identity Management mandatory might allow 'abuses' of the architecture as a simple 'inter - enterprise - B2B - platform'. Maybe it could be useful to default a minimal consensus mechanism and give (minimal) criteria to replace the default consensus mechanism you suggest. Having a consensus mechanism enforced, it could also be useful having a lightweight or no-identity management option as part of the OBC for 'bitcoin like' usecases, where participants might not want to reveal their identity.

A Suggestion for Data Privacy on (permissioned) Blockchains

Placing certain data on a shared ledger will be a hard sell too many, who dont sleep well over hearing concepts like 'distrubuted shared ledger' and 'health and financial data' in one sentence. It will be difficult to overcome such concerns with a treatise on the strength of cryptography and frankly, there are ongoing discussions how secure crypto is and will be with more (quantum) computing power in the future.

A pragmatic solution could be placing 'really sensitive data' outside the blockchain, link the data and keep only e.g. a (partial) fingerprint  on the blockchain. You mention someting similar in a different context and purpose for files. (section Architecture / Blockchain) : Large files (documents, etc.) are stored in off-chain storage, not on the Ledger. Their hashes can be stored on-chain as part of the transactions, which is required to maintain the integrity of files

This could be a general and optional feature: One should be able choosing to have 'really sensitive' data in a permissioned database in one's regular enterprise network. The Blockchain transaction (cryptograhically secured) would contain:
  1. A Link / Url / security tokens (indicating whoever knows this, was 'inside' that blockchain transaction) that allow access to several external System, typically within the enterprise network of participants of the transaction. These networks would use whatever authentication and security regulation authorities and enterprises deem necessary and revoke them when this might seem appropriate.
  2. A 'as good as possible proof' of the contents linked data. This is obviously vague, the idea is that the data is not readable (it's at best partially there) on the blockchain, even if cryptograhpy is 'broken'. Then however, if participants in a transaction have a disput over the content of a transaction, such a 'partial fingerprint' of the data on the blockchain can at least help ruling out 'offbeat' claims from transaction partcipants, which in reality have forged their local data copy.
This feature would represent a trade off between the need for privacy (at your own terms) and the traceability of transactions to settle disputes. One would give up some traceability of the contents of a transaction but gain privacy, in the sense that you control the sensitive data yourself with whatever mechanisms your enterprise (and not the blockchain) considers necessary. For some usecases, this might just be what is needed and integrating this as an optional feature in a enterprise blockchain could enable a number of interesting usecases.

regards groet gruss benedikt herudek

On 18.02.2016 18:55, Duc Trinh via hyperledger-tsc wrote:


This is a very well thought-out paper!  Two very minor suggested mods for clarity:


"As the shared ledger concept gains tracking traction in the business world, blockchain's added feature – smart contract – is also getting a lot of attention from the industry."


"We believe that one of the fundamental requirements for any blockchain fabric is that the identity and patterns of behavior of any party on a network must be impossible can be protected from unauthorized parties to ascertain by inspecting the ledger."






From: hyperledger-tsc-bounces@... [mailto:hyperledger-tsc-bounces@...] On Behalf Of Christopher B Ferris via hyperledger-tsc
Sent: Thursday, February 18, 2016 10:32 AM
To: hyperledger-tsc@...
Subject: [Hyperledger Project TSC] IBM whitepaper


All, as we discussed on the TSC call, here's a link to the IBM blockchain whitepaper that we published with the open blockchain repos earlier this week. We welcome any and all feedback.




Christopher Ferris
IBM Distinguished Engineer, CTO Open Technology
IBM Cloud, Open Technologies
email: chrisfer@...
twitter: @christo4ferris
phone: +1 508 667 0402


hyperledger-tsc mailing list

Join to automatically receive all group messages.