Hyperledger Besu

Interoperability and Integration Developments in the Hyperledger Community

By Blog, Hyperledger Aries, Hyperledger Besu, Hyperledger Cactus, Hyperledger Fabric, Hyperledger Grid, Hyperledger Indy, Hyperledger Sawtooth

Interoperability and integration are top of mind issues across the blockchain space right now. From new projects to new solutions, the Hyperledger community is taking on the challenges of cross-chain and cross application communication and data flow. 

Here are some of the most recent #HyperledgerInterop developments from across the community.

New Project – Hyperledger Cactus

The newly announced Hyperledger Cactus is a blockchain integration tool designed to allow users to securely integrate different blockchains. This pluggable architecture helps enable the execution of ledger operations across multiple blockchain ledgers, including Hyperledger Besu, Hyperledger Fabric, Corda, and Quorum available today, with the aim of developers continually adding support for new blockchains in the future. 

 Cactus started as a Hyperledger Labs project six months ago and has attracted significant attention and become a locus of collaboration between developers from teams at Accenture and Fujitsu, and dozens of others working on DLT platforms both inside and outside Hyperledger.

Member applications

  • Smart Block Laboratory built the Hyperledger Fabric-powered distributed register Cryptoenter, blockchain infrastructure for digital banking that unites banks into a single digital space for transmitting financial messages and brings a new level of interaction to the financial market. The platform is designed for p2p interaction between consumers of financial services, safe execution of payment transactions with cryptocurrencies, fiat currencies and cryptocurrencies, user interaction within a social network for investors / distributed crowdfunding platform.

    The basis of the platform is the Rubicon Blockchain, a cloud platform for the blockchain economy, built on Hyperledger Fabric. Cryptoenter has a dual security system: at the Hyperledger blockchain network level and at the Rubicon Blockchain (also based on Hyperledger Fabric) network level. The solution uses an SRP authentication system. TLS (transport layer security) protocol based on SSL (Secure Sockets Layer) protocol is also included. This dual security system allows Cryptoenter to authenticate the person who signed the message, control message integrity, protect the message from fakes and prove the authorship of the person who signed the message.

Technical talks from Hyperledger Global Forum

Nathan George from the Sovrin Foundation offers his take on “Standards and Interoperability for Identity”

 Identity platforms have made significant advances leveraging blockchain technology and standards developed at Hyperledger. In his talk, Nathan covers the latest in trusted information flows and the standards being incubated to promote interoperability and create network effects across multiple blockchains and identity platforms.

Key topics include the advancements incubated in Hyperledger Indy, Hyperledger Aries, the W3C Credentials Community Group and at the Decentralized Identity Foundation for Verifiable Credentials, Decentralized Identifiers (DIDs), DID Communications, Identity Hubs, Authentication, and the data models that power them.

Panelists Rich Meszaros and Sarah Banks from Accenture, Melanie Nuce from GS1 US, David Cecchi for Cargill and Patrick Erichsen from Target discuss “Business Interoperability – The Key to Supply Chain Traceability”

Technology such as blockchain has the power to solve complex challenges and achieve improved supply chain traceability. In order to tap into this powerful technology, interoperability, enabled by robust data and transaction standards, are a must! Segments of the supply chain, such as the food industry, have made significant progress leveraging data standards to support food safety and product transparency use cases. The panelists discuss their companies’ work on improved supply chain traceability, the importance of standards and the role business interoperability plays in accelerating the success of new technologies like blockchain. 

Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerInterop this month on social channels.

Cover image by Clker-Free-Vector-Images from Pixabay

Hyperledger Besu Security Audit 2020

By Blog, Hyperledger Besu


The Hyperledger Besu project underwent a security audit in Q1 of this year. This is the second security audit for the codebase. The codebase had a security audit performed in 2018 prior to the initial launch of the codebase (and when it was named Pantheon). The Besu team conducted another security audit because there have been many new features and functionality added to the codebase since its original security audit. Ensuring security best practices are used in the codebase is a priority for the Besu team.

The Hyperledger Besu team was pleased to partner with Tevora on this security audit and work with them closely on their findings. Tevora’s approach to auditing the codebase included: 

  1. Reconnaissance
  2. Threat Mapping
  3. Known Vulnerability Identification
  4. Exploitation
  5. Post-Exploitation
  6. Reporting

Key Findings and How the Hyperledger Besu Team Addressed Them

When conducting a code audit, it is important to address each finding to help improve the codebase and ensure it meets security expectations. While there were no critical or high issues found in the codebase, there were a couple of medium risk issues that were identified. 

Below is an outline of the issues and the team’s steps to address them:

1) GraphQL Configuration: 

  • Summary of Finding: The Hyperledger Besu client includes a configurable GraphQL endpoint for data queries. Tevora discovered the GraphQL implementation did not adequately protect against malicious queries. If the GraphQL endpoint is served on a routable network interface (a non-default configuration), an attacker could craft a query that exhausts the node’s system resources. This attack would cause over utilization of system resources and the affected node would be disconnected from its peers. A network configured to expose GraphQL endpoints on Besu clients would be at risk of DoS based blockchain attacks.
  • How Team Addressed it: The Besu team immediately began query complexity metering, preventing query loops from forming. Also, as members of the Ethereum community, the team noticed this was a flaw in other Ethereum clients with a GraphQL endpoint so it informed the community so other clients could also implement the appropriate fix. You can find this item resolved in Hyperledger Besu’s 1.4.3 Release.

2) Key Storage

  • Summary of Finding: Besu nodes store the node private key on the host filesystem. Compromise of this key would not lead to a direct loss of funds; however, it would cause a loss of trust in the affected node’s communications. 
  • How Team Addressed It: By design, the Hyperledger Besu team does not store account keys like other Ethereum nodes can be configured to do. This mitigates account takeover attacks. The team is continuing to evaluate how to encourage adoption of best practices for storing node private keys in Besu, including the use of HSMs to store node keys. 

Hyperledger’s Commitment to Security of its Projects

Part of Hyperledger’s role with all of its projects is to ensure security best practices are followed. Activities Hyperledger enforces with its projects to ensure secure codebases include performing security audits, running license checks regularly, and facilitating a security task force with representatives from all project teams. Hyperledger is committed to the security of its projects, and it continues to be diligent about implementing security best practices in all of its projects. 

The Hyperledger Besu team is equally diligent about ensuring security in its codebase, and we believe this security audit was an important step in ensuring its a safe and secure codebase for the community to build on.

“The Hyperledger staff and Besu team were outstanding to work with! Hyperledger takes the security of its projects very seriously and it shows. The response to our primary finding was impressive, with a fix implemented by the Besu team within hours. They are definitely leading by example in the security maturity of open-source software projects.” – Brian Sullivan Information Security Consultant at Tevora.

If you would like to access the full report, you can go here.

Hyperledger Besu Graduates to Active Status

By Blog, Hyperledger Besu

The Hyperledger Besu team is excited to announce Hyperledger’s Technical Steering Committee (TSC) members voted to graduate the project from incubation to active status. The Hyperledger Besu team believes this decision demonstrates the strength of the Besu project and the active community supporting it. With this announcement, Hyperledger Besu joins Fabric, Indy, Sawtooth, and Iroha as projects with active status in the Hyperledger greenhouse and the only Ethereum project to be granted active status.

Since Hyperledger Besu joined Hyperledger in August 2019 under incubation, the Besu team has remained focused on growing Besu’s developer base and making it an inclusive community. The Besu team has had active participation from a number of organizations, including several that have become maintainers of the project. Some of these organizations include ConsenSys, Chainsafe, Web3Labs, Machine Consultancy, Everis, ETC Labs, and MyEtherWallet. Each of these organizations provides critical code to improve and grow the featuresets of the codebase. For example, Chainsafe and ETC Labs focus on maintaining Besu syncing with Ethereum Classic networks, whileWeb3Labs builds the privacy feature. These critical contributions help make Besu the high quality project it is.

Hyperledger Besu’s team has been focused on developing the project to be a leading client for the public Ethereum mainnet as well as in permissioned consortium settings. The Besu team has built enterprise-grade features, including privacy, permissioning, and consensus mechanisms. The optionality of running Besu in a public chain or permissioned chain setting is part of its radical appeal with community members. Now that Besu is an active project, we plan on continuing to encourage enterprises, individual contributors, and application developers alike to explore and support Besu to ensure it continues to evolve to fit each of their purposes. 

What Does Active Status Mean?

By voting for Hyperledger Besu to be granted active status, the Technical Steering Committee acknowledges that Besu meets all of the Incubation Exit Criteria, including legal requirements, high-quality documentation, consistent tooling usage, and diversity of community requirements. Each of these requirements helps demonstrate a project is a safe, welcoming, and vibrant space for community members to join and contribute. By being designated as an active project, Besu is demonstrating that it is meeting Hyperledger’s highest standards for a project.

What is next for Hyperledger Besu?

The next quarterly release, v1.5, is scheduled for mid 2020 and will include our most ambitious features to date. Some features include: 

  • Performance improvements, including block propagation, block product and validation, transaction pool management, and JSON RPC query response time. 
  • Privacy Improvements
  • Beam Sync Early Access
  • Mining Support

Additionally, the Besu team is focused on building out performance metrics using another Hyperledger project, Hyperledger Caliper. The team is looking forward to publishing those results soon.

Hyperledger Besu continues to sit at the intersection of Hyperledger and Ethereum and hopes to continue to grow both communities. We think graduating to Active status is a giant step forward in the project’s maturity.

Do you want to get involved in Hyperledger Besu?

Those looking to interact one on one with Besu developers and contributors can join the conversation on RocketChat at #besu, or join our bi-weekly contributor calls.

Interested in learning more, or curious on how to get started with Besu? 

Announcing Hyperledger Besu v1.4 – Available Now

By Blog, Hyperledger Besu

Learn about the improved enterprise functionality and performance in the latest release of Hyperledger’s first and only public chain-compatible Ethereum client.

Evolution of Hyperledger Besu

Hyperledger Besu was contributed to the Hyperledger organization in August of 2019 as the sole Ethereum blockchain client. Since then several notable improvements have been made that have continued to bridge the gap between permissioned and public chains.

The v1.3 release of Besu released in October 2019 included state pruning, allowing organizations to save money on storage costs by reducing storage size in a node. It also offers relational database support allowing customers with local storage requirements to choose from a selection of DB storage options through transaction manager, Orion. Besu v1.3 was also upgraded to be compatible with the “Istanbul Hard Fork Upgrade,” which took place earlier this year.

The Besu team is pleased to announce the next major release, Hyperledger Besu v1.4, which launched  February 26, 2020, and includes a number of much-anticipated features focusing on performance and enterprise-driven functionality such as:

  • Plugin APIs
  • New tracing APIs
  • Multi-Tenancy
  • Advanced Key Management
  • End-to-End TLS support for incoming and outgoing RPC endpoints

Click here to download Hyperledger Besu 1.4.

Key Features in 1.4

Plugin APIs 

Hyperledger Besu v1.4 also exposes a plugin API, allowing anyone to write custom plugins for Besu and enabling users to take data from any Besu network, public or permissioned, and feed it into the rest of their applications and systems easily. The API exposes data about the following components:

  • Blocks
  • Balances
  • Transactions
  • Smart Contracts
  • Execution Results
  • Logs 
  • Syncing State

In the future, along with more data being exposed via the API, users can expect Besu to compartmentalize key supporting services, eventually allowing them to be swapped via a plugin.

New tracing APIs

As part of its 1.4 release, Besu will now support a new tracing API: trace_replayBlockTransaction. The addition of this API is a step towards Besu being fully compatible with all Ethereum clients on the network. For example, it enables the use of Parity-style traces, which are a more concise alternative to the current debug_* APIs in Besu.

Specifically, the vmTrace option provides an operation-by-operation trace of EVM execution, the stateDiff option highlights the differences in account and storage state before and after the transaction and the trace option details every type and result of calls to account and contracts.

More Parity-style traces will soon be added to Besu as well. The two next ones scheduled are trace_block and trace_transaction. 

Multi-Tenancy – Secure Private Transactions in a shared environment 

Hyperledger Besu v1.4 will be able to run in a “Multi-tenant environment,” allowing a number of users to use the same Ethereum node to connect to the network. The Hyperledger Besu multi-tenancy support enables a much wider user base to make use of the blockchain technology, reducing the barriers to entry associated with learning, upskilling, and additional costs associated with deploying  blockchain.

Support for authenticated API access will also be given, allowing hosts custom control on who to grant access to, depending on the user’s  need. This coupled with Orion, the open-sourced, Apache 2.0 licensed private transaction manager, enables private transactions to take place all while ensuring only the correct recipient can access the data. Through the use of JWT tokens, a user identity is tied to a privacy identity, validating every API call to ensure the user is part of the privacy group before any data is revealed.

Advanced Key Management

The release of Hyperledger Besu v1.4 also includes additional key management functionality through EthSigner. By design, Hyperledger Besu does not allow keys to be stored in the client or node. You have to use an external key manager. In this release, multi-Key support has been added. This support allows for a number of private keys to be securely stored in vaults accessible only when needed to be used for signing a transaction.

This advanced option adds the capability to select the correct key based on the details of transactions, regardless of where those keys are stored, allowing for rotation of keys and further security. 

End-to-end encryption with TLS 

While blockchain delivers significant security benefits, encryption is still critical across the transaction lifecycle. Hyperledger Besu v1.4 will offer end to-end encryption with TLS, meaning all communication from the generation of the private transaction to its signature using private keys stored in secure vaults (e.g., Hashicorp Keyvault), transmission through private transaction managers, and arriving at another node is encrypted. 

What’s Next 

The next quarterly release, v1.5, is scheduled for mid 2020 and will include our most ambitious features to date. In the meantime, Hyperledger Besu is happy to sit at the intersection of the Hyperledger and Ethereum communities and continue to grow its contributor network.  

Those looking to interact one-on-one with Besu developers and contributors can join the conversation on Rocketchat at #besu, or join our regular contributor calls.

Interested in learning more, or curious on how to get started with Besu? Check out the Besu docs, view the tutorials, visit the wiki, or take a look at some open issues in JIRA

For those attending Hyperledger Global Forum, several project maintainers and contributors will also be present and speaking at the event and would love to chat with you. 

This blog was written by PegaSys Digital Marketing Specialist, Gina Rubino, with contributions from PegaSys Product Managers Tim Beiko and Arash Mahboubi

How Hyperledger Besu Will Help Solve the Pharmaceutical Waste Problem in the U.S.

By Blog, Healthcare, Hyperledger Besu

The problem of surplus medication is getting increasingly serious. Each year, tons of prescription drugs remain unused in clinics, assisted living facilities, and at individual patients’ homes. Often, the law demands that any unused medications be destroyed, which results in a whole complex set of problems. 

On the one hand, about $2 billion worth of prescription drugs are wasted every year. On the other hand, one in every three Americans cannot afford their prescribed medications due to the high cost or absence of medical insurance. At the same time, there is no unified procedure for using surplus medications and making them available to those who need it. 

Another issue to consider in this context is the cost of unused drug disposal, which can be around $1.25 per pound. The rules require that unused drugs be disposed of through incineration that creates additional environmental concerns. 

The obvious solution to this complex problem is establishing a mechanism for returning the unused medications and offering them to patients who need them. In fact, the drug donation and reuse programs have been researched for more than twenty years, but only 38 states have passed laws on drug reuse as of now. 

At the same time, the implementation of these laws gives hope that the multi-faceted problem of surplus drugs can be resolved. However, to achieve true effectiveness and prevent misuse, such programs need to take into account many practical aspects: 

– Control over the donated drugs’ quality and expiration. Of course, to be accepted, drugs must be unexpired and their packaging must be intact. 

– Motivation for pharmacies to act as drug acceptance facilities. Participation in the drug donation program has its costs, which pharmacies are not too eager to bear. 

– Motivation for clinics and patients to donate unused drugs. The law prohibits selling medications, thus, their owners should be motivated in a different way. 

– Data security. Medication-related data is highly sensitive and needs special protection from unauthorized access. 

How technology can help 

Our experience with blockchain and distributed applications proves that these technologies can become the core of an effective and secure platform for unused drug donation and redistribution. It resolves the problems of data security and traceability and can help to automate a number of processes. 

Together with the Save Pharmaceutical project, Adoriasoft is now building a blockchain-based platform to join drug donors (clinics, assisted living facilities, individual persons), drug repositories (pharmacies), and patients. The solution will be a multi-functional product allowing donors to donate the medications they do not need, and pharmacies to approve or reject the donations and, ultimately, to provide them to patients. 

We are using Hyperledger Besu as the base technology for this project. By choosing Hyperledger Besu, we plan to leverage the benefits of the protocol to enable transaction processing. Furthermore, we see Hyperledger Besu as a platform for building a permissioned enterprise-scale network to serve the drug repository system. 

In view of the high sensitivity of healthcare data that is going to be exchanged in the network, the transactions will be processed via smart contracts executed on Hyperledger Besu. Only the parties directly involved in the transaction will have access to its details. 

At the same time, blockchain provides the means of controlling the entire transaction flow from the drug donation by the owner to its final assignment to the patient. The platform will include a mechanism of monitoring the pharmacy income from reselling the donated drugs and distributing it among the other participants. 

Since the law explicitly prohibits donors from demanding payment for the drugs they donate, there should be other methods of motivating them to participate in the program. The state laws establish a tax deduction for drug donation, but our product can include an additional compensation in the form of a tradable digital token. 

The tokens issued on the blockchain can be used towards a discount on the platform or exchanged for other assets. The same tokens can be issued to pharmacies, too, to attract them to the program. 

Blockchain-based drug repository networks are going to be a true quantum leap in the healthcare industry, on the one hand, bringing significant cost savings, and, on the other hand, making medications accessible to patients who were otherwise unable to purchase them. We are proud to be a part of a project of such a social impact and to make the knowledge accumulated by the Hyperledger community serve this noble cause.

Best Practices and Lessons Learned from Hyperledger Besu Establishing a Maintainer Process

By Blog, Hyperledger Besu

As an open source project, the Hyperledger Besu team is continuing to focus on building our community. One reason we submitted Hyperledger Besu to Hyperledger was to improve the project’s open source governance using Hyperledger’s best practices and recommendations. The Linux Foundation and Hyperledger have been leaders in establishing open source governance processes for years. Hyperledger uses best practices across its projects, including open communication, tool consistencies, and cross-project technical leadership. The Hyperledger Besu team wanted to take these open source governance learnings a step further to create a process for managing its maintainers. 

Why Maintainer Governance is Important

Maintainers of open source projects are the leaders and direction-setters for the projects. They are oftentimes the ones contributing the most code to the project, talking to the community on chat channels, and dedicating time to other community activities, such as working groups or writing documentation. We wanted our process around maintainer governance to reflect the significance of the role within the project. The Besu team researched how other projects and open source foundations performed the maintainer governance. 

We found the following examples from other organizations to help inform our decision:

The Apache Foundation: The Apache Foundation has Project Management Committee (PMC) Members, which is their alternative for maintainers. PMC Members are elected due to their commitment to the codebase. The PMC has control over the codebase and are the ones who vote on major releases.  

OpenJDK: OpenJDK has a more formal process for adding maintainers, including taking formal nominations for the new maintainer. They hold a one-week nomination period, select a candidate amongst the nominees, and then use a Lazy Consensus vote to vote on the nominee.

Other Hyperledger projects: Currently the Hyperledger projects have different approaches for managing their maintainers. Hyperledger Fabric requires a majority vote of maintainers to add a new maintainer, for example. Hyperledger Indy encourages maintainers to be highly collaborative with other contributors and maintainers.

The Besu Team’s Decision

The Besu team investigated these proven practices with the aim of determining the best option for managing the project’s maintainers. We wanted the process for adding and maintaining maintainers to be as objective and transparent as possible. With this in mind, the team decided to model its maintainer process most closely after the OpenJDK foundation with some additions. 

A few key tenants of Besu’s management maintainers include:

  • A proposed maintainer must have 5 significant changes committed to the codebase
  • A proposed maintainer must be sponsored by a current maintainer
  • A proposed maintainer can be vetoed by a current maintainer but a public explanation is required when such vote occurs. 
  • There is a two week window for voting on a proposed maintainer. Voting can end early if an absolute majority is reached. 
  • A current maintainer can also be removed if warranted. The Hyperledger Code of Conduct can be found here.

These requirements help provide clear and direct expectations for the community on how to become a maintainer. We wanted members of the community to know exactly the steps required if becoming a maintainer interested them. We also tried to make the process be conducted in an open and community-friendly manner. It is important to us to make our project approachable with anyone feeling welcome and encouraged to try it out.

Contribute to Hyperledger Besu Now!

It is easy to begin your journey using and contributing to Hyperledger Besu. Check out these resources to help you get started:

Announcing Hyperledger Besu

By Blog, Hyperledger Besu

Today we are excited to announce Hyperledger Besu as the latest project to join Hyperledger. Hyperledger Besu, a Java-based Ethereum client formerly known as Pantheon, is the first blockchain project submitted to Hyperledger that can operate on a public blockchain. Besu represents the growing interest of enterprises to build both permissioned and public network use cases for their applications. 

The project’s design and architecture decisions have been aimed at clean interfaces and modularity, with the goal of making Hyperledger Besu a platform for open development and deployment. Besu is designed to be as modular as possible, with a separation of concerns between consensus algorithms and other key blockchain features, making these components easy to upgrade or implement. By creating clean interfaces between elements within the client (e.g., networking, storage, EVM, etc.), we believe enterprises will have a much easier time configuring Ethereum to meet their needs while also creating opportunities for other Hyperledger projects to integrate and use elements of Besu’s codebase.

What is Hyperledger Besu?

Hyperledger Besu is an open source Ethereum client developed under the Apache 2.0 license and written in Java. It can be run on the Ethereum public network or on private permissioned networks, as well as test networks such as Rinkeby, Ropsten, and Görli. Hyperledger Besu includes several consensus algorithms including PoW, PoA, and IBFT, and has comprehensive permissioning schemes designed specifically for uses in a consortium environment.

What is an “Ethereum Client”?

Hyperledger Besu is one of several Ethereum clients. An Ethereum client is the software that implements the Ethereum protocol. Ethereum clients contain: 

  • An execution environment for processing transactions in the Ethereum blockchain
  • Storage for persisting data related to transaction execution
  • Peer-to-peer (P2P) networking for communicating with the other Ethereum nodes on the network to synchronize state
  • APIs for application developers to interact with the blockchain 

What are Hyperledger Besu’s Features?

Hyperledger Besu implements the Enterprise Ethereum Alliance (EEA) specification. The EEA specification was established to create common interfaces amongst the various open and closed source projects within Ethereum, to ensure users do not have vendor lock-in, and to create standard interfaces for teams building applications. Besu implements enterprise features in alignment with the EEA client specification. 

Hyperledger Besu’s features include: 

  • The Ethereum Virtual Machine (EVM): The EVM is the Turing complete virtual machine that allows the deployment and execution of smart contracts via transactions within an Ethereum blockchain.
  • Consensus Algorithms: Hyperledger Besu implements various consensus algorithms which are involved in transaction validation, block validation, and block production (i.e., mining in Proof of Work). They include:
    • Proof of Authority: Hyperledger Besu implements several Proof of Authority protocols. Proof of Authority consensus protocols are used when participants are known to each other and there is a level of trust between them––in a permissioned consortium network, for example.
      • IBFT 2.0: In IBFT 2.0 networks, transactions and blocks are validated by approved accounts, known as validators. Validators take turns creating the next block. Existing validators propose and vote to add or remove validators. IBFT 2.0 has immediate finality. When using IBFT 2.0, there are no forks and all valid blocks are included in the main chain.
      • Clique: Clique is more fault-tolerant than IBFT 2.0. Clique tolerates up to half of the validators failing. IBFT 2.0 networks require greater than or equal to ⅔ of validators to be operating to create blocks. Clique does not have immediate finality. Implementations using Clique must be aware of forks and chain reorganizations occurring.
    • Proof of Work (Ethash): Proof of Work is used for mining activities on mainnet Ethereum.
  • Storage: Hyperledger Besu uses a RocksDB key-value database to persist chain data locally.  This data is divided into a few sub-categories:
    • Blockchain: Blockchain data is composed of block headers that form the “chain” of data that is used to cryptographically verify blockchain state; block bodies that contain the list of ordered transactions included in each block; and transaction receipts that contain metadata related to transaction execution including transaction logs. 
    • World State: Every block header references a world state via a stateRoot hash.  The world state is a mapping from addresses to accounts. Externally owned accounts contain an ether balance, while smart contract accounts additionally contain executable code and storage.
  • P2P networking: Hyperledger Besu implements Ethereum’s devp2p network protocols for inter-client communication and an additional sub-protocol for IBFT2:
    • Discovery: A UDP-based protocol for finding peers on the network
    • RLPx: A TCP-based protocol for communication between peers via various “sub-protocols”:
      • ETH Sub-protocol (Ethereum Wire Protocol): Used to synchronize blockchain state across the network and propagate new transactions.
      • IBF Sub-protocol: Used by IBFT2 consensus protocol to facilitate consensus decisions.
  • User-facing APIs: Hyperledger Besu provides mainnet Ethereum and EEA JSON-RPC APIs over HTTP and WebSocket protocols as well as a GraphQL API.  
    • JSON-RPC
      • HTTP JSON-RPC Service
      • WebSocket JSON-RPC Service
    • GraphQL
  • Monitoring: Hyperledger Besu allows you to monitor node and network performance.
    • Node performance is monitored using Prometheus or the debug_metrics JSON-RPC API method. 
    • Network Performance is monitored with Alethio tools such as Block Explorer and EthStats Network Monitor.
  • Privacy: Privacy in Hyperledger Besu refers to the ability to keep transactions private between the involved parties. Other parties cannot access the transaction content, sending party, or list of participating parties. Besu uses a Private Transaction Manager to implement privacy. 
  • Permissioning: A permissioned network allows only specified nodes and accounts to participate by enabling node permissioning and/or account permissioning on the network.

What does Hyperledger Besu support?

Hyperledger Besu includes a command line interface as well as HTTP- and WebSocket-based APIs for running, maintaining, and monitoring nodes in an Ethereum network. 

The Besu client’s APIs supports typical Ethereum functionalities such as smart contract and dapp development, deployment, and operational use cases. Tools such as Truffle, Remix, and web3j enable these activities. The client implements standard JSON-RPC APIs, making integration with ecosystem tooling simple. The client also supports creating private, permissioned consortium networks.

Hyperledger Besu doesn’t support key management within the client due to security concerns. Instead, you can use EthSigner or any Ethereum-compatible wallet for managing private keys. EthSigner provides access to your key store and signs transactions via tools like Hashicorp Vault and Microsoft Azure.

Smart-contract- and local-configuration-based node and account permissioning are available within Besu. Private transactions are available using zero-knowledge methods in the client (including usage of the Aztec protocol). An off-chain approach requires using Orion, an open source private transaction manager separately developed by PegaSys.

At a high level, the architecture for Hyperledger Besu looks like: 

Who is involved in Hyperledger Besu?

PegaSys, the protocol engineering team at ConsenSys, has been the primary contributor and maintainer of the codebase at the core of Hyperledger Besu since its launch in November 2018 as Pantheon. They built this Ethereum client with the goal of lowering barriers to entry for enterprises and maintaining and scaling mainnet. They have developed an active community using and building on the codebase. In addition, there are multiple applications building on top of Besu and consortiums using Besu in production. The PegaSys team is excited to work with the Hyperledger community to continue to strengthen Hyperledger Besu as a platform.

About the Authors

Rob Dawson is Product Lead at PegaSys. Rob has a highly technical background as an IT Developer and Leader with experience in a wide range of technologies including thin and thick clients, agile and heavy methodologies, security and protocols. He also has extensive experience in enterprise software and has led the product development of Hyperledger Besu.

Meredith Baxter is a Blockchain Protocol Engineer at PegaSys. Meredith has 8+ years software engineering experience working in distributed systems and full stack application development. She has worked on Hyperledger Besu since late 2017 when she joined as a member of the project’s founding development team.