All Posts By

Robin Sloane rjs@circulor.com www.circulor.com

Conflict minerals and child labour: Enabling better business with blockchain traceability

By Blog, Hyperledger Fabric

The hidden costs of raw materials

How much do you know about the making of your phone? How important is it for you to know where all the materials came from?

There are now over 3 billion smartphones in the world and the growth in numbers is expected to continue. This, along with demand for other electronics like tablets, laptops, electric vehicles, even vacuum cleaners, is driving a huge need for raw materials such as cobalt, tin, tungsten and tantalum. Cobalt is used in every lithium-ion rechargeable battery on the planet, while the 3 Ts, also known as conflict minerals, are found in all manner of electronic goods.

Conflict minerals have been classed as such due to their sourcing in conflict areas such as the Democratic Republic of the Congo. Militias will frequently seize control of a mine and force people to work in dangerous conditions for minimal or zero pay. With weak law enforcement in these areas there are many examples of slavery, theft of natural resources, environmental damage and human rights abuses.

The other issue that is rife here is child labour. The Guardian estimates there are more than 255,000 creuseurs (diggers) mining cobalt in the DRC, at least 35,000 of whom are children, some as young as six. These children will spend an entire day digging up enough cobalt-containing heterogenite stone to fill a sack, which they will then try to sell to Chinese traders for about $0.65.

Traceability-as-a-Service

For a long time. people have been talking about blockchain and how it is a technology looking for a problem to solve. Circulor is one of the first companies to build a solution using Hyperledger blockchain and artificial intelligence that provides traceability and transparency across the supply chain where it is really needed – conflict minerals, rare earth minerals, toxic and polluting waste, child labour-based production, to name a few. 

Responsible companies need to know the answers to the questions:

  • To what extent is your supply chain traceable?
  • Are you confident in the provenance of your raw material?
  • Can you prove the provenance?
  • What impact are you having on people and nature?

With extractive industries, true traceability requires reaching far upstream and being able to track material flows through refining, amalgamation and manufacture. Circulor addresses two core challenges – reliably creating a digital identity for a physical commodity at its source in the field, as well as connecting the inputs and outputs from a manufacturing process to enable that identity to be inherited. 

In order to make the identity reliable and digital, Circulor’s solution gives a commodity a dynamic identity, or dynamic twin, so that it can be tracked along the supply chain journey, from source to consumer, even if the commodity changes on the way. Then through the material journey, we use machine learning tools to identify anomalies or fraudulent activity.

With their entire supply chains mapped out for the first time, manufacturers are able to definitively prove responsible sourcing and sustainable production. In relation to conflict minerals and child mining, there are a number of controls in place to enable this. Artificial Intelligence is utilised for facial recognition, ensuring only authorised people are involved in the process, while anti-GPS spoofing measures guarantee that transactions are only done at accredited facilities.

One of these measures is tags that can only be used in a specified geo-fenced area, such as a mine site or production facility. This is an important safeguard because, especially with the case of tin and tungsten mining in Rwanda, the current tagging system is insecure, and tags are frequently traded on the black market. If a commodity has one of these tags, even though it holds no real information on location or identity, that is often enough for it to pass any security checks. Circulor’s tags are linked to specific locations and individuals.

A picture containing ground, nature, outdoor, valley

Description automatically generated
Photo by Hasin Hayder on Unsplash

Enabling better business

In partnership with Kumi, Circulor recently completed a successful project with Volvo Cars, using Hyperledger Fabric blockchain technology to trace the cobalt in the company’s forthcoming electric vehicles. Volvo Cars is leading the way in its industry to conduct responsible production, not just in its own operations but now in all of its suppliers as well. It recognised the importance of being able to prove to its consumers that it sources raw materials ethically and sustainably.

There is no doubting a current consumer trend towards a greater concern for our impact on people and the environment. Last year, the UK spent over £83bn on ethical goods with the continued growth driven by increased environmental concern, showing that more consumers than ever are looking for ways to shop that help people and the planet. Businesses are taking note – Circulor has just signed on with another automotive company to conduct a similar project and there are various examples of opportunities in other industries, such as waste, recycling, agriculture and more. In partnership with Kumi and other forward-thinking organisations, traceability provides huge potential to enable better business.

Sources:
https://www.techrepublic.com/article/how-conflict-minerals-funded-a-war-that-killed-millions/
https://www.washingtonpost.com/news/theworldpost/wp/2018/04/19/conflict-free/

Cover image courtesy of Circulor

Looking ahead to Hyperledger Global Forum 2020: A preview of key topics and themes

By Blog, Hyperledger Global Forum

It’s 2020 and blockchain is well and truly in production. If you have any doubt, take a look at the schedule for the Hyperledger Global Forum 2020.

Whether you are a seasoned developer, business executive or relatively new to the world of enterprise blockchain, you will be well catered for in Phoenix, Arizona, from March 3-6. The conference features an exceptional range of keynotes, case studies and workshops. 

Here are a few key themes that the Hyperledger Global Forum schedule reveals about the state of blockchain in this new and exciting decade…

Self-sovereign identity (SSI) is here to stay

Self-sovereign identity technology removes the tireless friction of maintaining multiple digital identities and empowers users to control the data they share across platforms. Hyperledger Indy, Aries and Ursa provide enterprises with the tools and libraries required to create meaningful business and humanitarian solutions using this powerful technology. 

At the Hyperledger Global Forum you will learn how SSI is 

  1. Reducing the cost of KYC compliance across a consortium of banks across South Africa.
  2. Enabling the Province of British Columbia, Canada, to ascertain the provenance of Greenhouse Gas emitting energy resources in their efforts to modernise their energy grid and support their decarbonisation efforts.
  3. Enabling non-profit Kiva and the Central Bank of Cambodia to issue digital identifications to unbanked populations, creating better opportunities for credit for traditionally underserved communities as well as helping developing economies grow and better align with the larger global economy.

Innovators are realising the value of blockchain in supply chain 

Blockchain or distributed ledger technology is arguably best described as a database architecture that enables trust between multiple parties. Verifying provenance within a supply chain is therefore one of blockchain’s most natural applications.

A wide range of Hyperledger technologies – notably Hyperledger Sawtooth – is being implemented to harden global supply chains and develop new relationships between customers, suppliers and vendors.

Learn how…

  1. Unilever is leveraging Hyperledger Sawtooth to trace the provenance of pork meat so that millions of customers can scan their food packaging using a mobile app to learn the end-to-end provenance of their meat from farm to vendor.
  2. Quantum Materials Corp uses Hyperledger Sawtooth and DAML smart contracts  to bring their nanoscale quantum dot technology to market to ensure absolute product identification within critical and high value supply chains.
  3. Volvo is tracking the provenance of cobalt to develop a more environmentally responsible and efficient supply chain for the manufacturing of their EV batteries

Blockchain interoperability, both public and private, is evolving…

Open source technology is essential to ease systems integration and drive digital transformation. The interoperability of blockchain technologies is an important challenge that needs to be solved to unlock its full potential. 

Hyperledger technologies are principally permissioned, or private, blockchain technologies. The permissioned space has often been characterised as distinct from, and even adversarial to, public blockchain networks, such as Ethereum. 

A much anticipated panel discussion featuring representatives of ConsenSys, Microsoft and IBM will discuss how both Hyperledger and Ethereum can collaborate to achieve their common goal – the global adoption of blockchain.

Summary

This is just a sample of the sessions on offer at Hyperledger Global Forum 2020. In addition to compelling keynotes, there will be more than 50 sessions covering business and technical topics as well as case studies and demos during the first two days of the event. These are followed by two days of workshops where you can deep dive on topics of specific interest, for example, Accenture and the World Economic Forum are jointly leading a half day session aimed at business leaders to help them understand how to properly evaluate blockchain use cases for their organizations.

For more information or to register, visit the Hyperledger Global Forum 2020 website.

The Social Impact of “being”

By Blog, Hyperledger Indy

To be or not to be is not a question nowadays. To the normal citizen, you have your birth certificate that enables you to have an identity, a driver’s license, a passport and voilá: You are.

Even that digitally seems quite common and straightforward. Most of the western citizens have not one but many digital identities with them: a Google account, a Microsoft account, a Facebook account, etc. 

This is not the case for a large segment of mankind: A group that has no identity, knows little or nothing about their roots and cannot provide any proof of them. By not being able to prove their identity, they cannot open a bank account, access healthcare or enroll in university. They cannot have a “normal” life. Unfortunately, for this group, it is easier to buy a pizza using Bitcoin than to prove their names, origins and history.

This happens because we lack a common ground for identities. Governments have strong agreements on how each of them will “understand” documents issued by other nations. Internal conflicts, commercial disputes or other political situations make it hard for some countries to be part of such agreements and they end up being left outside. In some cases, those excluded countries are the ones facing issues that force their populations to migrate. Without an identifying document recognized by their host countries, these migrants become “nobodies” in their new home.

Self-Sovereign Identity, Interoperability and Trust

Hyperledger Indy, a distributed ledger built for the purpose of decentralized identity, will be a powerful tool to overcome this issue. It will do so by being a carrier of trust.

Distributed Ledger Technology (a “blockchain”), in an identity management scenario, enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without revealing the actual data.

Through the infrastructure of a blockchain, an identity verifying party does not need to check the validity of the actual data in the provided proof. Instead, the verifier  can use the blockchain to check the validity of the attestation and attesting party to determine whether to validate the proof.

For example, when an identity owner presents a proof of his or her date of birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.

Hence, the validation of a proof is based on the verifier’s judgement of the reliability of the attestor.

But trust is not the only issue we face. Most of the identity credentials issued by an institution are particular to that institution. There’s no standard on those schemas. Through Indy and standards such as Verifiable Credentials (whose Data Model 1.0 was recently published as a W3C recommendation) interoperability between institutions and different identity management systems might be achieved.

Using this technology, Non-Governmental Organizations (NGOs) can help those “invisible people” gain access to services and expedite the humanitarian process. In the future, it may even enable NGOs to  issue some sort of universally verifiable digital identity credentials to refugees. Credentials that refugee host countries could “understand” and accept because they use the same interoperable digital identity standards and trust the NGO that issued the credentials. This would allow refugees to fully access services in their host countries. They would be able to be included in society, open bank accounts, rent houses and be productive as any other citizen. 

The key is interoperability and the decentralization of trust.

Hyperledger Indy

Hyperledger Indy is still quite young with a lot to be discussed and done. However, it  has an engaged community around it, researching, asking questions and working towards the maturity of the ecosystem. The main tool to start using Indy is Indy-SDK. An SDK (Software Development Kit) is a “kit” that brings all-you-need tools in one library.

Today the solution still relies solely on said SDK. That can be tricky as it carries a lot of heavy-weight assumptions like using ZeroMQ, which browsers are not compatible with because of RAW TCP usage, to communicate with the node. That usually requires more recent mobile devices to work. Also, being a kind of all-in-one library it carries functionalities not always needed to everyone that uses it. 

To be the solution for the problem that plagues 1.2 billion people around the world who do not have an identity, the current technology still needs improvements. It has to be easier to use on basic phones, easier to integrate and easier to develop. It still requires users to have powerful smartphones to hold wallets. It’s not possible to run on a browser. And, we are challenged with little and sometimes confusing documentation on the technical side.

There are a lot of initiatives tackling those issues. Hyperledger Aries, which is making it more modular, Indy-crypto, indy-vcx and other projects are working to make this tech more democratic, transparent and easy to use. 

A lot of independent programmers are also experimenting with it, successfully creating, for example, a nodejs indy request that made a “sdkless” call to the node. I would personally love to see an HTTP with encrypted body request work over an Indy node and other “think outside the box” kind of tools.

Overcoming those issues will not be easy, but when we, the entire digital identity community, position ourselves in a united front to fight these problems, there’s a huge chance to succeed. 

The Value of Attending Hyperledger Global Forum 2020

By Blog, Hyperledger Global Forum

We are a community working together to build tech that will ultimately impact industries all around the world. Of course, we all have our own individual motivations, many of them commercial and many of them underpinned by specific technologies incubated by Hyperledger. Fundamentally, however, we are all sold on the value of blockchain technologies. 

At the Hyperledger Global Forum in 2018 in Basel, Switzerland, the community was still responding to the conflation between blockchain technology and cryptocurrencies. In July, the Member Summit in Tokyo showed that the market has come a long way. As Gartner describes it, the hype has dwindled and we are now in the ‘trough of disillusionment’ – terms that may sound discouraging but actually signify the period when meaningful technological adoption begins. 

Across Hyperledger, blockchain projects are increasingly moving into production and generating genuine business value, from the recent announcement of Salesforce’s low code blockchain platform to Walmart’s leveraging of blockchain to build a food traceability system. 

At this stage, it is an excellent time to engage with the community and showcase the progress we are making. While many of you are seasoned road warriors with your feet barely on the ground before being whisked off to the next conference, I want to explain the value of attending the Hyperledger Global Forum in Arizona 2020.

1) The conference really embodies the spirit of open source. Hyperledger Global Forum genuinely encourages open discussion and conference attendees, whether members or not, have the opportunity to talk with the Hyperledger Technical Steering Committee. It is an opportunity to ask questions and meet the engineers you may collaborate with daily, whether you work for a corporate giant or a start up.

2) You always come away with a new perspective and a new market to explore. With over one thousand attendees from all over the world, Hyperledger Global Forum really is that – global. We came back from Basel with new leads from markets as far flung as Russia, Singapore and Israel – connections that, as a start up, have shaped our direction

3) Hyperledger Global Forum generates real outcomes. Conferences are not an insignificant investment, particularly for a start up. However, the relevance of the tracks and the relationships we developed meant attendance was absolutely worthwhile. Whether this be a collaborative effort with other contributors to solve a common problem within a project or an introduction to a company whose problem we are trying to solve, Hyperledger Global Forum always generates actions.

Many in the community are equally as enthused about Hyperledger Global Forum 2020 and the value this extended, global conversation about all things Hyperledger:  

“The Hyperledger Global Forum is a great event for professionals working in the business of blockchain to participate in. I was proud to represent SecureKey at the event last year and to stand alongside some of the most notable technology professionals. We look forward to our continued work with Hyperledger and highly recommend like-minded organizations take part in this excellent event.”  Dmitry Barinov, CTO – SecureKey Technologies

“The Hyperledger Global Forum attracted leaders from around the globe last year and allowed us to have a number of face-to-face meetings with clients, colleagues and, for me, as the co-founder of the Social Impact Special Interest Group, an in-person meeting with group members from Mexico to Timor-Leste. The global make-up of the conference is just one more reason why Accenture will be the diamond sponsor again this year.” Alissa Worley, Global Marketing Director – Blockchain and Distributed Ledger Technologies at Accenture

“The conference really embodies the spirit of open source. Hyperledger Global Forum genuinely encourages open discussion and conference attendees, whether members or not, have the opportunity to talk with the Hyperledger Technical Steering Committee. It is an opportunity to ask questions and meet the engineers you may collaborate with daily, whether you work for a corporate giant or a start up.” Dan O’Prey, CMO – Digital Asset

Mentorship in Action: Hyperledger 2019 Summer Program Recap – Part 2

By Blog, Hyperledger Summer Mentorship Program

When we hear about internships and related projects, we often think of the resulting technical contributions. However, when such a project takes place in the context of an open source and international ecosystem, like Hyperledger, the code artifacts are just part of the journey. Accordingly, in this blog post, I would like to focus on the participants and the community aspects of the Hyperledger Summer Mentorship program.

The first thing I would like to emphasize is that this is not just a summer job for the interns. During the internship, they had a chance to get to know the intricacies of different Hyperledger projects. They also worked closely with mentors who guided them throughout their work. But above all else, they became part of an open source community.

If you consider all these aspects, it is a challenging journey in two months. I think this is where the mentorship program of Hyperledger shows its strength. It gradually eases you into a (seemingly) complex environment. And the main goal is not just to get the job done, but to give the interns a toolset that allows them to stay engaged with their project, even after the internship is over. 

The opportunity for interns to present their work during a Hyperledger event (like the Global Forum) is in line with this goal.

Attila Klenik, Hyperledger Summer Intern Program alum and current mentor

Let me share a bit of personal experience with you. I also participated in a Hyperledger internship project in 2016. I was in the mentee role back then, and I was already looking into some Hyperledger projects that could prove useful for my Ph.D. research. However, open source development was new territory for me, and it was a bit intimidating at first (technical skills aside). 

But then I got to present my project work on the next Hyperledger event. That was my first close-up experience with the Hyperledger community, and it opened up a world of possibilities. I met the maintainers of many projects, we exchanged ideas, and they answered many of my questions. And suddenly the open source Hyperledger ecosystem wasn’t intimidating anymore. 

It is safe to say that this whole experience put me on the track to get more involved with specific projects, and later becoming a maintainer of Hyperledger Caliper. And, as the next step on the road, I had the pleasure to mentor a Caliper-related internship project this year.

Of course, with the new role came new challenges. Although I have mentored students before, the setup was different this time. I expected that working around the 8 hours time zone difference will not be easy. However, the fact that Caliper was under active development during that time was an even more significant challenge. The most important lessons (and skills) I learned as a mentor was the proper compartmentalization and scoping of tasks. These insights also shaped the further development of Caliper, intending to make it more contributor friendly. So mentees are not the only ones who learn new things during the internship.

Hopefully, this blog post gave you some ideas about the vital role the Hyperledger Summer Mentorship program plays in the open source community, as well in the development of projects themselves. However, don’t forget to check out the other side of the coin, the technical project results from the latest participants to complete the program:

2019 Summer Mentee Project Update: Design Effective OS to Manage Blockchain Networks

By Blog, Hyperledger Summer Mentorship Program

The 2019 Hyperledger Summer Mentorship program has come to an end. During this program, my project was Design Effective OS to Manage Blockchain Networks. It was an amazing experience to work and get involved with the Hyperledger community and the Cello community. I had a wonderful time working with my mentors and the community members, who were all really helpful during the whole course of this internship.

Goals of Project

This project aimed at:

  • Implementing a new governing module to join blockchain networks together
  • Adding advanced capabilities to manage blockchain networks, including life-cycle, chaincode and permission
  • Developing other open objects that align with the existing roadmap

What was Accomplished

During the internship duration, we were able to implement a fully functional agent that makes Cello even more versatile than earlier. We were able to 

  • Create a base for an operator agent for Fabric in the Cello codebase
  • Create custom resources and APIs for CAs, peer and orderer
  • Implement the operator controllers for CA, peer and orderer
  • Integrate the agent with the Cello API and dashboard
  • Generate documentation for the new agent so that it can be used by the users

Project Progress

During my project, we successfully created an agent for Hyperledger Cello that can be used to create peer, CAs and orderers for Hyperledger Fabric. This agent can handle user inputs from the frontend as well as the certificates needed for running these nodes. The agent was developed using Kubernetes and uses the Operator SDK Framework to create Kubernetes Operators. 

The agent has been linked to the frontend and APIs and documentation has also been created to make sure that it is ready to be worked upon.

What I learned

  • The project used Kubernetes and Golang for its creation, and it was really good to learn the tools needed to complete my projects.
  • I learned to collaborate in an open source project, working remotely and successfully communicating with other members of the community.

Future Plans

  • I’ll be continuing my work with the Cello project, contributing code in the future to help with the other parts of the project.
  • This project has laid the groundwork for additional features that can be added to the agent and Cello itself, which can make it fully ready for the production usage.

For the full details, see my complete project report here.

I am very grateful for the support from my mentors, Baohua Yang, Haitao Yue, Tong Li and Jiahao Chen, as well as Hyperledger and for the opportunity to learn and contribute to open source Hyperledger projects.

I will also be speaking at Hyperledger Global Forum 2020 in Phoenix, Arizona, talking about my project and work and also Hyperledger Cello. Please do come if you’re attending the conference.

2019 Summer Mentee Project Update: Git signing with DIDs Hyperledger Indy

By Blog, Hyperledger Summer Mentorship Program

This year, I had the opportunity to contribute to the open source Hyperledger Indy community as part of the 2019 Hyperledger Summer Mentorship program. This experience also helped me collaborate with other open source communities, mainly the git community.

Project presentation

Currently git supports signing/verifying commits and tags using GPG only. The goal of this project is to make the git signing interface compatible with external signing tools and with DIDs (Distributed Identities) using programs such as bettersign, for example.

This project is the continuation of the work already done by David Huseby on the subject. His previous work is here:

This project’s working fork:

The main sections of the project are updating the user configuration and the command handling when a signing or verifying operation occur. 

Another aspect of the project is getting the changes accepted in the git community:

  • The request for proposal has been sent to the git mailing list and can be tracked here.
  • The commits that will be submitted as a patch can be found here.

What was accomplished

Milestones

The project had many steps involved:

  • Updating the git code base with a new generic signing interface
  • Sending the first RFC to the git mailing list and receiving feedback
  • Incorporating the changes depending on the received feedback
  • Sending a second RFC to the mailing list
  • … Still waiting for feedback
  • Creating wrapper tools for signing (Indy signing tool and a template script)

Challenges

Getting to know the git code base from scratch and figure out which parts needed changing was a challenge at first. But the primary challenge we faced was getting the proposal pushed upstream in the git community. We have sent two RFCs and are still waiting for additional feedback.

Technical Overview

The following figure illustrate modification of git and the expected outcome of the project:

image2019-10-29_17-56-22.png

What comes next

This project can open the door to future signing tools integrations and maybe extended to projects other than git.

The mentorship project can be extended in many ways:

  • Create wrappers for additional signing tools like signify for example
  • Write a wrapper for the Assuan protocol to add support for tools that use the Assuan library (like GPG & GPGSM for example)
  • Broaden the project idea to tools other than git (Docker image signing for example)

David Huseby will be creating a Hyperledger Lab for the continuity of the project. It will be used to track future milestones and help other persons contribute and broaden the project perspective.

For more details, please see my complete project report here.

2019 Summer Mentee Project Update: Hyperledger configuration for project management in construction

By Blog, Hyperledger Summer Mentorship Program

Project Description

Construction management configuration of blockchain is a project of the Hyperledger Summer Mentorship Program 2019 that provides a way to apply Hyperledger technologies to construction and engineering (C&E) since literature research and practical simulation prove Hyperledger Fabric as one of the best platforms for C&E. 

This project was conceived to test the potential of blockchains. To do this, a prototype system is used to model real-world commercial process by defining the properties of participant attributes superimposed with algorithms that describe their trading relationships. These are implemented using so-called smart-contracts that make use of the latest features of Hyperledger Fabric  and Hyperledger Composer to model commercial relations between traders in a trust network.

Using Fabric delivers a variety of benefits. For example, the scheduling, confirmation and commissioning of installed components at a construction site can be recorded and, therefore, managed. But management of a Fabric network is a demanding job and good design is essential to allow confidential trading to take place. The access control list (ACL), included within Composer, provides the tools to create, read, update, or delete elements within the commercial network’s domain model. The project has advanced this control by making use of an application programming interface (API) to connect to Web servers that in turn can provide analysis and management applications. This links to common project management tools, notably Gantt charts and other projects metrics such as individual work rates, cost and budgetary items that can be used in reports and figures. 

Tools: Hyperledger Fabric, Hyperledger Composer, Node.js, javascript.

Analyze real construction process

System architecture

Access control for participants

Accomplishments

  • Created a system design for a construction management blockchain implemented on Hyperledger Fabric and Hyperledger Composer.
  • Built an access control list for manipulating access rights of individuals in the blockchain system.
  • Developed an API for connecting Hyperledger Fabric with web services.
  • Built a website for easily making transaction from customer and exchanging information.
  • Created algorithms that are able to analyze data inside a blockchain and represent results in the form of statistics figures such as Gantt chart, line chart and pipe chart.
  • Developed a tutorial on github for installing and using the system.
  • Wrote science publications.

Plan for the future

  • The project is only implemented in localhost for testing functions of blockchain system because of limited budget and computer power. If the project is funded for a free account of cloud and computers, a blockchain system can be deployed on a cloud by using docker and tested in real conditions.
  • With detailed documents and source code, the project would equip developers to convert business needs to algorithms and implement them to chaincode, generate APIs for exchanging data between user and blockchain system, create user interface, make statistics and apply machine learning algorithm for data in transactions. Furthermore, the project’s system architecture defines a method  to combine blockchain, statistics and machine learning based on smart contracts, which would be helpful for Hyperledger to develop extend modules.

For more details, please see my complete project report here.

2019 Summer Mentee Project Update: Hyperledger Fabric-Based Access Control

By Blog, Hyperledger Summer Mentorship Program

During the last six months, I had the chance to work as a part-time intern for the “Hyperledger Fabric-Based Access Control” project. It was my first contribution to an open source project, which was a great learning experience for me. I believe that contribution to an open source project leads to better understanding and more in-depth knowledge by accessing unlimited resources. I also had the chance to work with two amazing mentors from Universidade Nova de Lisboa, Professor Rui Cruz and  Rafael Belchior. 

Project Introduction and goals

The project goal was to create an attribute-based access control system on top of Hyperledger Fabric. We presented a system architecture with an implementation based on Hyperledger Fabric. We used the Google Cloud Platform to run a Virtual Machine instance and test our application and collect performance analysis data. The proposed solution was validated through a multi-stakeholder use case of independent digital libraries. Our preliminary evaluation based on Hyperledger Caliper shows that the system can achieve around 200 access control requests per second, with a latency of around 0.3 seconds. 

Project accomplishments

  • Developing System modelling and architecture (Figure 1)
  • Implementing the attribute-based access control components as Hyperledger Fabric ChainCode (smart contracts) and creating a simple front-end interface to interact with blockchain application
  • Conducting performance analysis based on Hyperledger Caliper
  • Analyzing performance data and graph visualization using matplot library
  • Presenting the project in the format of academic paper

Figure 1. System architecture

Future works

Currently, our project only addresses the authorization components. This project can be expanded to be integrated with the authentication component as well, for example, it can be integrated with Hyperledger Indy, as Hyperledger Indy provides a powerful structure for decentralized identity and systems authentication. 

I want to thank the Linux Foundation and Hyperledger team for providing this opportunity for me and all the other mentees. I also want to especially thank Min Yu. I greatly appreciate her kind assistance during the whole internship program. Lastly, I want to thank my two fantastic mentors, Professor Rui Cruz and Rafael Belchior. I truly appreciate and value everything I have learned from you. 

For more details, please see my complete project report here.

2019 Summer Mentee Project Update: Hyperledger Fabric SDK for Node.js security extension

By Blog, Hyperledger Summer Mentorship Program

What I worked on

I’m Hengming Zhang, a member of this summer’s Hyperledger Mentorship Program.

The general goal of my project was extending the security scope of the Hyperledger Fabric SDK for Node.js. Key objectives included:

  • Fix integration test failures on various operating systems.
  • Refactor the key store class design by object-oriented method.
  • Enhance the compatibilities of Hardware Security Module (HSM).
  • Construct an applicable offline signing scheme.

After having the first talk with my mentor, David Liu, I set out the milestones and deliverables with this project:

  1. Completing a list of checklist items that were established before the beginning of Hyperledger Mentorship Program. The checklist contains preparing:
    • AWS cloud account
    • Virtual machine snapshot for the on-premise desktop
    • Mobile devices
  2. Fixing  the integration test failures on macOS and Ubuntu by the 1st Quarter Evaluation.
  3. Refactoring Key store class design by the Midterm Quarter Evaluation.
  4. Enhancing HSM compatibility by the 3rd Quarter Evaluation.
  5. Offline signing of a client by the Final Evaluation.

Once I had finished the initial set up from the checklist, I started development for this project. During the development, the proudest of experience were using the right Hyperledger channels:

  • Technology – Hyperledger Fabric, Hyperledger Fabric CA, and Hyperledger SDK for Node.js.
  • Tools – Hyperledger Wiki, Hyperledger Gerrit, Hyperledger Chat and Hyperledger Jira.

By the end of this internship, I had finished 6/7 of the deliverables I had created above.

In conclusion, I think my work on the offline signing scheme could have the most impact on the Hyperledger or larger communities. I have constructed an applicable client offline signing scheme using Flutter as the client for the fabric-client-flutter project and Node as the server for the fabric-server-node project.

At last, there are our mentor and mentee’s information for this summer’s Hyperledger Mentorship Program:

MentorEmailOrganization
David (Yuxiang) Liudavid-khala@hotmail.comMediConCen
MenteeEmailUniversity
Hengming (5sWind) Zhangfiveswind@gmail.comFudan University

What I learned or accomplished

As I mentioned in the “What I worked on” section, the six deliverables I completed include:

  • Setting up an AWS cloud account
  • Creating a virtual machine snapshot for the on-premise desktop
  • Preparing mobile devices
  • Fixing the integration test failures on macOS and Ubuntu
  • Enhancing HSM compatibility
  • Offline signing of client

However, there are no such shortcut path as things moved forward. Below are some of the issues I had to overcome: 

  • Running AWS CloudHSM on EC2 instance: Ubuntu 18 / Windows Server 2019 / Red Hat Enterprise Linux
  • Installing SoftHSM on Windows 10 virtual machine snapshot
  • Constructing a PKCS#8 standard RSA asymmetric keys that can be used to interact with Hyperledger Fabric network as the user’s local key store
  • Constructing a Certificate Signing Request (CSR) using RSA keys on the client side
  • Building an interactive model between Hyperledger Fabric and Flutter mobile client
  • Refactoring current CryptoKeyStore mixin class to an object-oriented class model

Plus, there are also some of the insights I got and lessons I learned from the Hyperledger community:

  1. Communicate with others (e.g., project maintainers, mentors)
  2. Connect and work remotely
  3. Document ideas, issues, and reports
  4. Clean code and use state-of-the-art technologies

So, at this time, I would like to share with you some advice regarding working in an open source community:

  1. Clean code and annotations are necessary: it means when others look at your project, they can quickly understand what your code does.
  2. Communication is important: it can help to deduplicate works, find solutions, and so on.

For example, in my internship experience, leveraging the second piece of  advice, I found out that the community was refactoring the code base that I was working on. Therefore, the duplicated work could be avoided.

What comes next

The ending of the internship journey is not the destination. I have some recommended next steps for the project:

  • Advancing and improving the fabric-client-flutter project, such as extend it to support other platforms: Windows, macOS, and even IoT devices for them to use Hyperledger Fabric.
1 fabric-client-flutter project interface on Android device.
2 fabric-client-flutter project interface on iOS device.
  • Refactoring and improving the fabric-server-node project to common Hyperledger Fabric servers that can be serving any request from any Hyperledger Fabric client.
  • Continuously contributing to the fabric-sdk-node project.

In the future, I would like to be a long-term contributor to the Hyperledger or the larger open source community.

With this internship experience, I hope I can move forward as a recognized engineer and cryptographic researcher.

For more details, see my project report here.