Hyperledger Fabric

Lessons Learned from Hyperledger Fabric PoC Projects

By | Blog, Hyperledger Fabric

Guest post: Hanna Zubko, CEO IntellectEU Inc and Thomas Bohner, Product Manager IntellectEU NV

Recently, Hyperledger provided members the opportunity to speak with global analyst firm Gartner about experiences with Proofs of Concept (PoCs) and pilots using technologies from the greenhouse of Hyperledger projects. Given IntellectEU’s announcement today about the release of Catalyst, the first platform to integrate traditional infrastructures with multiple blockchain networks including networks built with Hyperledger Fabric, we decided to share the recent PoC using Hyperledger Fabric and Catalyst we discussed with Gartner.

Implementation of Blockchain technology allows not only to reduce costs and facilitate efficiencies within enterprise ecosystems but also create entirely new revenue streams. The PoC was for a car insurance company. The objective was to use Hyperledger Fabric and Catalyst to create a flexible pay per mile insurance product based on the actual car mileage and condition of the vehicle. Catalyst served as the hub for connecting the insurance database, the car dongle (IoT device), end-user mobile application and Hyperledger Fabric itself. Catalyst listened to the changes on all the data sources and based on the business rules, applied the corresponding logic. IntellectEU deployed two smart contracts on Hyperledger Fabric; one to calculate the premium based on the actual car mileage and a second to confirm the payment. Catalyst has an architecture that is open, modern, and flexible and will be able to add multiple new players to the ecosystem in the future.

As part of the interview, Gartner asked about our preferred methodology for architecting blockchain PoC projects. We broke it down to the following steps:

  1. Begin with a 2-day design thinking session, shaping and grooming the use case, and evaluating if blockchain technology brings significant added value to the use case.
  2. From those discussions, split up the business requirements into multiple use cases.
  3. Shape up the use cases to fit in the “fail fast” methodology.
  4. Create a solution roadmap.
  5. At this stage, select the initial use case to use as a base for the PoC.
  6. Create the Overall Design Document and the Functional Requirements Specification in cooperation with a customer.
  7. Develop the PoC using Agile approach. For more information, visit
  8. Deliver the solution to the customer
  9. Roll out the solution to multiple additional ecosystem participants

From this car insurance related PoC, there were two primary lessons learned that are worth sharing.

First, it is important to determine at the outset whether using distributed ledger technology would give any boost to the use case. We have found that walking customers through the following “Blockchain Decision Path” is very helpful.

Second, it was very important to have a specialist who understood General Data Protection Regulation (GDPR) requirements to ensure compliance. In brief, GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher. GDPR will become enforceable from May 25th 2018. According to an Ovum report, two-thirds of businesses expect to have to change in their global business strategies to accommodate new data privacy regulations and more than half of businesses think they will be fined due to GDPR in Europe.

A valuable benefit of being a part of the Hyperledger community is the opportunity to hear from members about their experiences “in the field” using Hyperledger technologies for PoCs, pilots and production deployments. We believe sharing best practices with the community helps the collective efforts to increase widespread adoption of Hyperledger distributed ledger frameworks.

(4.18.18) CoinDesk: Huawei Unveils Hyperledger-Powered Blockchain Service Platform

By | Hyperledger Fabric, News

Telecommunications and smartphone provider Huawei has become the latest tech giant in China to launch a blockchain-as-a-service (BaaS) platform.

Announced at Huawei’s analyst conference in Shenzhen on Tuesday, the company’s new platform, dubbed Blockchain Service, is said to enable companies to develop smart contracts on top of a distributed ledger network for several use-case scenarios.

More here.

Hyperledger Bug Bounty Program Now Open

By | Blog, Hyperledger Composer, Hyperledger Fabric, Hyperledger Iroha, Hyperledger Sawtooth

Dave Huseby, Hyperledger Security Maven

When I started as the Hyperledger Security Maven just over a year ago, I set out to make sure that Hyperledger’s community of contributors were doing everything possible to make good on the promise of better software and better security from the open source process. As of right now, we have in place a public bug tracker, continuous integration builds, core infrastructure initiative compliance, and a full responsible disclosure security bug policy and process. Today, I am happy to announce the next piece of our security process: the Hyperledger Bug Bounty.  

For the last six months we have been running a private bug bounty with HackerOne. Today we are opening up the Hyperledger Bug Bounty for public participation. Currently only Hyperledger Fabric is in the scope of the bounty program but we hope to add Hyperledger Sawtooth and other Hyperledger projects soon. HackerOne will continue to administer the bug bounty for us with close cooperation between their team and our community. We chose HackerOne because we think it is the best use of our resources and they share a similar commit to open source software as Hyperledger and The Linux Foundation.

At Hyperledger we have a broad base of committed developers and it is their professionalism that makes our security process solid and straightforward. When I first started, we already had in place our public bug tracking system and most teams had set up continuous integration build systems for monitoring build health. In the last year we formalized the process by which projects can move from development status to their first 1.0 release, including a number of security requirements.

The first security requirement is to meet the requirements of the Core Infrastructure Initiative (CII). The Core Infrastructure Initiative is a set of best practices for open source software security. Earning the CII badge requires open source projects to set up services and processes and key positions that all serve the goal of producing more secure and trustworthy software. At the time of this writing, Hyperledger Fabric, Sawtooth, Iroha, and Composer have all earned their CII badge.

The second security requirement is to nominate one to three members of a project’s community to participate on the Hyperledger security team. The Hyperledger security team manages and executes our policy of responsible disclosure of security bugs. Security bugs are confidentially reported to Hyperledger through or by filing a security bug in our JIRA. It is the job of the volunteer security team to triage, respond to, fix, and disclose the security bugs that are reported. As of right now, the security team consists of 16 members from five of our project communities.

The third security requirement is for a project to undergo a security audit from an outside auditor to establish a baseline for the codebase. We hired the auditing firm Nettitude to do security audits of Hyperledger Fabric, Sawtooth, Iroha and Composer.  So far Hyperledger Fabric, Sawtooth and Iroha have been completed and are in various stages of resolution and publication. Currently only the Hyperledger Fabric security audit report has been fully resolved and published. The rest will be published soon.

Looking ahead into the future, I plan on getting more involved with the Software Package Data Exchange (SPDX) to see if we can use Hyperledger blockchain platforms to better track the provenance of open source software, including our own. I hope to one day use verifiable claims to automatically check for vulnerabilities in dependencies from our continuous integration build system. If open source software packages were to issue a verifiable claim stating that a specific version of their software has no known security vulnerabilities, then when one is reported, the claim can be revoked. The revocation of the claim could then function as an automatic signal to all users of that software that they need to update. Continuous integration systems could check the claims of all dependencies and stop the build if one or more are found to have vulnerabilities.  This represents the next generation of reproducible builds and would leverage blockchains for provenance tracking of software from construction all the way through deprecation.

Security is always an ongoing process of improvement. Thanks to the commitment and professionalism and general good cheer of the Hyperledger community, we have made great strides in the last year. Now with our public bug bounty, we hope to further make good on the open source promise and to deserve the trust our users have in us.

We encourage developers to join our efforts on the bug bounty program and also start contributing to Hyperledger projects. You can plug into the Hyperledger community at github, Rocket.Chat the wiki or our mailing list. You can also follow Hyperledger on Twitter or email us with any questions:

(4.16.18) Insurance Journal: Marsh Develops Commercial Blockchain Solution for Proof of Insurance

By | Hyperledger Fabric, News

Marsh announced it is collaborating with IBM, ACORD and its client, ISN, to develop a commercial blockchain solution for proof of insurance.By using blockchain, or distributed ledger technology, Marsh said the certificate of insurance process will be transformed “from complicated and manual to streamlined and transparent, allowing clients to speed up necessary business functions such as hiring contractors and transferring risk while increasing coverage certainty.”

More here.

Developer Showcase Series: Arka Roychowdhury, Infosys

By | Blog, Hyperledger Fabric

Our Developer Showcase blog series serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s incubated projects. Next up is Arka Roychowdhury, a Principal Consultant focusing on Blockchain at InfoSys. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain?

People often ask me, “Arka, I know that you have been working on Blockchain for some time now, can you advise me on how to get started with it [Blockchain]”? Typically, I have less than one minute to answer, because that’s the amount of time they have before the elevator door opens and they have to get down.

The most important thing to get started is to get started; start with the internet; there is no dearth of rich content that can get you started in no time. Google Blockchain, and also visit MooCs such as Edx and Coursera.

But since I am writing a blog, let me be more detailed: The MooC from the Linux foundation on Blockchain for Business is a good one to start with; the Hyperledger website also has links to detailed contents (github pages, videos) on Hyperledger frameworks and tools, that can help you get started quickly.

I must mention that there are several independent youtube videos and github pages that do a superb job at explaining micro topics. However let me warn you that there are also articles and contents which talk about Blockchain and cryptocurrencies at a very high level- throwing words such as consensus, trust and immutability casually, and describe the technology very vaguely (if not incorrectly); you can spend a lot of time skimming those contents and still not be able to appreciate the technology or understand the real benefits.

You don’t need to be a developer to appreciate Blockchain, but there are nitty-gritties that you should understand thoroughly if you honestly want to get started with Blockchain. There are books in the market that you can easily find from Amazon. I recommend that you read the sample chapters and the reviews before making your purchase decision.

If you are a developer, or have a technical inclination, it helps, but again I find no reason, why anyone with any background can’t get started on Blockchain and find a niche area to contribute. You can be from a non-computer background such as Finance, Economics, Supply chain, and still be able to contribute significantly [if not more at times].

Be open to learn and explore, don’t limit yourself to just one framework or one tool. Concepts of Blockchain remain similar whether you are using Hyperledger frameworks, Ethereum, Corda or something else. Concepts that you learn in one project can often be applied to another. There are very good learning material (tutorials) and/or whitepapers in the official websites of Ethereum, Corda, R3 Corda and Cardano (third generation Blockchain) etc. Do visit them, even if you are solely working on Hyperledger; sometimes, subtle technical differences will clear your fundamental concepts better. There are no structured ways of exploring; you don’t need to have a definite goal to start with, it will come to you sooner than you think.

The important thing is to realize whether you really want to get started.

Arka Roychowdhury, Principal Consultant focusing on Blockchain at Infosys

What do you think is most important for Hyperledger to focus on in the next year?

A Blockchain enthusiast, may often overlook any drawback of Blockchain, and fail to acknowledge the challenges of putting together a production ready Enterprise Blockchain solution.

I think Hyperledger should come up with tools and frameworks that the business can use to clearly understand and articulate a, the business benefits and associated costs in quantitative terms b. impact on existing processes if they decide to undertake a Blockchain project, and c. how much time and involvement is required from their side. [I call it (jokingly) a MIR framework- Money, Involvement and Risk. You may also add potential new Business Opportunities and call it a BRIM framework. ]

Hyperledger images may be used for free, but there are obviously other costs: Storage cost, application development and maintenance cost etc. Any organization deciding to invest in Blockchain would definitely want to know the cost structure in detailed granularity.

We might be tempted to say that current processes will remain un-impacted only the underlying technology will change, but you should have some credible explanation backed by some demo or a proof of concept.

A Business stakeholder once made a very curious remark after seeing my presentation, where I demonstrated how an asset can be tracked across the value chain; he said (I am paraphrasing), “Blockchain would work only when all parties, the Customs officials, the Logistic partners, ground handlers, the Internal departments, all work together. What are the chances of that happening?[rhetorically] So if we take the whole onus upon us to build the Blockchain solution, are you (Arka)suggesting that we then go door to door to asking everyone in the Business Network to use our solution? And if a Blockchain network benefits everyone, why should only we pay to build one?”

Perhaps Hyperledger should also focus on open projects, in collaboration with partners and individuals to develop implementation frameworks, methodologies and best practices that can be used by System Integrators and IT houses to implement Blockchain in a production environment.

[it is beginning to come true with Project working groups in the Hyperledger community.]

It is my personal view that, the real challenge [deterrents] to Blockchain’s wide spread enterprise adoption wouldn’t be technology, scalability, price, complexity or risk but the inability to develop a practical Business plan for a Blockchain network and to convince or incentivize stakeholders to join that network.

What’s the one issue or problem you hope Blockchain can solve?

In my conversations with business folks, I tell them not to think of Blockchain as a new piece of technology, but as a new paradigm of doing business. I truly hope that Blockchain will help businesses re-think benefits from the perspective of the entire value chain in which they operate. If I may say so naively, I hope that Blockchain would enable every business [industry] to operate in Nash equilibrium, making each business and society as a whole, better off.

With trusted and transparent visibility of data, companies will be able to leverage analytics to unlock new opportunities for sensible innovations, and stimulate the global economy.

These are the early days of Blockchain, rife with experimentations and PoCs. We will start seeing truly transformative value creation in every industry as more and more participants collaborate and promote “coopetition”.

If there is one issue I could solve, it would be to facilitate global trade and commerce such that companies/countries could produce and exchange goods and services without artificial barriers and friction.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

I am [was] trying to explore a Blockchain solution in sourcing and procurement domain to free up a company’s working capital and reduce its cash conversion cycle. [I must add, it was more of an experiment and evaluation- trying to understand the technology and evaluate how to tackle a business scenario with this new paradigm] With Hyperledger Fabric and a robust business process underneath, we can ensure that regulatory and contractual obligations for a trade are satisfied and delays in order fulfillment (caused by frictions/complexities/incomplete information) are reduced. I am however, not sure whether we can use Hyperledger to design a sensible system for payment and hedging risk.

Another interesting development I am [was] doing- was to communicate with Hyperledger Fabric using non-traditional applications such as a Chatbot and voice. Processes that require human intervention, such as clicking buttons, checking boxes or filling up forms, are error prone and can be easily enhanced using such cognitive services. Since I have a background in analytics, I am [was] also interested in exploring new models to answer pertinent business questions; for instance I used graph analytics (node Centrality concepts) on the historian data to strategize, which supplier to incentivize or improve relationship with, in-order to reduce potential procurement disruption. [Of course many of these endeavors are/were personal in nature- pet projects using free available resources for learning purpose only. But learning shouldn’t be taken lightly. I think most of us (industry professionals, academics and Hyperledger community itself) are still learning. These learnings will allow us to usher new generations of Blockchain technology without the technical limitations of today.]

I am sometimes often confounded by the question, “why do I need a Blockchain for this? can’t the same can be done with a more traditional design.” The question is not easy to answer and you can’t always convince prospective project sponsors by throwing words such as “decentralized” and “trusted” at every problem. You must have a proper qualification criteria for selecting a use-case.

Your Blockchain project stakeholders/sponsors will always want to know the costs and benefits in quantitative terms. You may get Hyperledger for free, but there are plethora of other associated costs. Perform your due diligence before you reach out with a project proposal. You will never have all the answers beforehand, but you should have some rough implementation plan and should be able to give a rough estimate of time, effort and money that they have to invest and indicate potential risks. [I guess it is true for any new technology; but for Blockchain the complexity is multiplied by the number stakeholders you have and their disparate incentives and inhibitions.]

It has become very clear to me, that in order to make a Hyperledger PoC to scale up to Enterprise-grade, it must integrate with the existing IT landscape. This is again, not an easy task, especially if the current landscape is already rife with incompatible IT applications; but at the same time it is doable because Hyperledger Fabric is very easy to interact with using APIs; legacy apps and UIs can easily integrate Blockchcain using these APIs, without much disruption to Business-as-usual. The new solution can work parallel to the existing business application without causing any disruption (at least that’s what I would like to believe).

The benefits of Blockchain might be very clear to you and you may not find any reason why anyone shouldn’t implement it, but you still need to convince people and validate your own belief with a good business case. You will need all the help from the project sponsors, process Owners, architects, Ddvelopers and end users; you will be amazed to find so many of them actually want you to succeed.

(4.4.18) Enterprise Times: Indian blockchain network to prevent fraud built on Monetago

By | Hyperledger Fabric, News

After years of blockchain proofs of concept and pilotsMonetago has deployed an enterprise grade offering for multiple financial services organizations.

The production system, based on the Hyperledger Fabric, provides a common platform which is not controlled by any one financial institution. This enables participants securely and confidentially to share information in order to reduce fraud around receivables financing.

More here.

(4.3.18) American Banker: Anti-fraud blockchain for invoice financing goes live

By | Hyperledger Fabric, News

A blockchain for invoice financing that has gone into production in India may demonstrate how distributed ledger technology can be used to track digital assets and deter fraud.

Three Indian factoring exchanges — RXIL, A.TReDS, and MYND Solutions — and technology company MonetaGo announced the blockchain network on Tuesday. The exchanges are marketplaces to which small businesses bring invoices to obtain financing from large Indian banks and several foreign banks. The exchanges sought a way to reduce fraud.

More here.

Hyperledger Fabric Now Used in Day to Day Operations

By | Blog, Hyperledger Fabric

Guest post:  Jesse Chenard, CEO, MonetaGo


As members of Hyperledger for almost two years, we certainly believe in the promises and benefits that distributed ledger technology can bring to many different industries. In the past, we’ve read about the various proofs of concept (POCs) and pilots using Hyperledger Fabric, Hyperledger Sawtooth, and other frameworks within the Hyperledger greenhouse of projects. The many use cases around these Hyperledger projects are vast.

All that being said, the buzz around blockchain is also deafening. Of course, we’ve heard rumblings from those that think this is all hype and won’t truly transform the way business is conducted today. I think it’s fair to say that many of those people have been vocal both behind closed doors and on stages around the world in their demands to see real production deployments in 2018. It’s important to provide a strong “signal through the noise” by validating that Hyperledger Fabric and other distributed ledger frameworks are ready to provide real business value to organizations by standing up to the rigors of a live deployment.

That’s why we’re excited to share this news from the trenches – we have successfully deployed what we believe to be the first enterprise grade blockchain into production for everyday use by multiple financial services organizations. It has been running for nearly two weeks now – everyone involved wanted to make sure it would stand the test of a production workload before making any announcements. So there you have it: completely separate legal entities have nodes on a shared distributed ledger network which they are using in their daily operations. In other words, we’ve created and deployed an enterprise blockchain which is live and kicking, and provides a common platform which is not controlled by any one financial institution to securely and confidentially share information.

Milestone achieved everyone!

Here’s some background information to provide context: The first purpose of this network is to reduce instances of fraud around receivables financing. Receivables financing is one of the fastest growing and most efficient trade finance mechanisms for small businesses to manage their working capital requirements. The Reserve Bank of India licensed three entities to provide a more efficient venue to do this: RXIL, A.TReDS, and M1xchange. RXIL is a joint venture promoted by National Stock Exchange of India and Small Industries Development Bank of India. A.TREDS is a joint venture of Axis Bank (India’s third largest private bank) and mjunction (the largest e-marketplace for steel in the world and also India’s largest e-commerce company which is itself a venture promoted by Tata Steel and SAIL). M1xchange is a leading global service provider in business process and technology management, offering broad spectrum of services in Finance and Accounting.

The Indian financing market currently provides $219 Billion USD to Micro, Small & Medium Enterprises (MSMEs), yet there remains $188 Billion USD of unmet demand which the exchanges were designed to address. Together, they provide competitive marketplaces for small businesses to obtain the best financing possible. The platforms count some of the biggest Indian banks and a number of foreign banks as funding sources. Each of them helps to enable the discounting of invoices from corporate organizations, government departments, and public sector undertakings.

While it is normal for the exchange customers to go to multiple exchanges in order to obtain better price discovery, the exchanges all agreed that they needed a common platform to prevent the customers from obtaining multiple financings against the same set of invoices. By implementing a common blockchain platform, these exchanges were able to eliminate instances of double financing without sharing specific elements of any invoice or client. Ultimately, this implementation leads to the exchanges being able to offer better rates across the board to all of their customers, and provide access to capital for more businesses otherwise deemed too risky.

Keep in mind, these three Indian exchanges are competitors. Their clients are particularly sensitive about their sourcing inputs, and it is imperative that the exchanges not provide any of their client information to a shared registry controlled by any one entity. By creating a blockchain network built on Hyperledger Fabric, together with some intelligent cryptography, that concern is eliminated as the technology enables the exchanges to work together on a shared network to achieve shared goals without compromising privacy.

As a Hyperledger member, we think this is a significant milestone not only for our community, but for distributed ledger technology at large. We offer a special thank you to the Hyperledger team – the open governance around Hyperledger has helped foster our own innovation and growth, and this live deployment is a small testament to that larger group effort. As our first step also provides the opportunity for participants to build additional functionality on the new network, we look forward to writing about additional Hyperledger production deployments in the coming months – and to hearing about those of others.


[VIDEO] Hyperledger Interviews Alex Migitko, COO, GameCredits

By | Blog, Hyperledger Fabric

At the last Hyperledger Member Summit in Singapore, we had the opportunity to sit down with Alex Migitko, COO of GameCredits, and learn more about why they joined Hyperledger.

First, a little about GameCredits. GameCredits is an international, multicultural company looking to transform the gaming industry with the GameCredits cryptocurrency (GAME) and other blockchain-based products. Founded in 2016 in Belgrade, Serbia, GameCredits Inc. is now a 100-people team spread across 10 offices in five countries.

In a contributed blog post in December, Alex shared his observations about blockchain and the gaming industry:

“Blockchain is becoming increasingly present in the gaming industry, but more as a concept than a tangible solution. That’s understandable because the technology is fairly new and I’m confident that blockchain will find its place in this industry, which has always been known for fast adoption and innovation. What you can see so far are roadmaps and plans detailing how blockchain can be implemented in gaming. But in terms of actual use, there aren’t many companies that can show off a viable product. Most of these projects are still works in progress.”

–Read the full blog post, “Does Blockchain Have a Role in Gaming?

In his video interview, Alex shares how since joining Hyperledger as a general member, the GameCredits team has fast-tracked their progress with their blockchain projects as they have become more active community participants. They more easily get in touch with other synergistic member companies across the globe, they see direct results of the work of other people and have a more clear picture overall of where Hyperledger projects are going. While they’re currently focused on developing their own permissioned blockchain projects based on Hyperledger Fabric, their goal is to ultimately share that back with the rest of the world through Hyperledger.

Please enjoy and share Alex’s full interview below!