Category

Hyperledger Iroha

Sep 19
0

2019 Summer Mentee Project Update: Integration of EVM from Hyperledger Burrow into Hyperledger Iroha

By | Blog, Hyperledger Burrow, Hyperledger Iroha, Hyperledger Summer Mentorship Program

Hello, my name is Ivan Tyulyandin. I am a student at Saint Petersburg State University. I took part in the Hyperledger Internship Program, working with Andrei Lebedev (my mentor), Iurii Vinogradov and Eugene Kovalev from the Hyperledger Iroha team.

Hyperledger Iroha is a straightforward distributed ledger technology, inspired by the Japanese Kaizen principle — eliminate excessiveness. Users can create and manage their assets via Iroha commands. Iroha is written using C++, Protobuf, Boost and GTest. There are no smart contracts in Iroha.

Introduction

Hyperledger Burrow provides a modular blockchain client with the possibility to change different parts of the system. One modular piece is a permissioned smart contract engine, partially developed to the specification of the Ethereum Virtual Machine (EVM). Burrow is developed using language Go.

The main purpose of this internship was to integrate EVM from Hyperledger Burrow into Hyperledger Iroha. Since Ethereum is de facto the most known platform for smart contract development, the integration will let Ethereum developers use Iroha as a new blockchain in distributed applications.

Project Components

The starting point was identifying the main components the project needed to address: 

  • First of all, there should be a way to pass data (such as Ethereum bytecode, caller and callee) from Hyperledger Iroha to Hyperledger Burrow EVM. For this purpose, a new command to Iroha has to be added.
  • Another issue is to connect Golang and C++ code to bind Iroha and EVM. 
  • The next step is to implement a special Burrow API to store EVM accounts data in Iroha.
  • The final requirement is new functionality testing.

Challenges

One of the challenges was to get deeper into the codebases of Hyperledger Burrow and Hyperledger Iroha. Existing integration examples of Burrow EVM to Fabric and Sawtooth gave me a nice understanding of what to do. From the Iroha side, Andrei Lebedev led me through the Iroha source code.

Results

With this information, I was able to develop a new command EngineCall. I made a wrapper using CGO (special go compiler mode that generates C library from Go source code) that Iroha uses to call Burrow EVM. Now an implementation of Burrow EVM API can send requests to Iroha for modification of its state via Protobuf messages. Every EVM account is stored in a technical account in Iroha. EVM account storage is emulated in the technical account details (which is key-value storage). All of this work was QA’d by writing and completing module and integration testing.

What comes next

More features can be added to this  integration. The first one is web3 interface implementation, which  will call remote EVM instance or use a local one. The next possible improvement is to add permissions to an Iroha account that represents an EVM account. Also, the current support of Burrow EVM in Iroha is not full, since there is no catching of EVM logs.

For more on this project, please read my full report.

Sep 19
0

2019 Summer Mentee Project Update: Integration of Hyperledger Iroha into Hyperledger Explorer

By | Blog, Hyperledger Explorer, Hyperledger Iroha, Hyperledger Summer Mentorship Program

Hyperledger Iroha is a next-generation permissioned DLT initally contributed by Soramitsu. It provides asset and identity management, multi-signature and batch transactions. During the internship, I visited the Soramitsu office and communicated with Iroha development team.

Hyperledger Explorer is a tool that shows information from DLT networks. Initially, it was built to support for Hyperledger Fabric, with the expecting support for more DLTs would be added. Our goal was to add support for collecting and viewing Iroha transactions and Iroha-specific information to Hyperledger Explorer.

Accomplishments:

  • We implemented an integration of Hyperledger Iroha into Hyperledger Explorer. Now, Hyperledger Explorer shows information about Hyperledger Iroha peers, blocks, transactions, roles, domains, accounts.
  • We found and fixed some ambiguous statements in Hyperledger Iroha documentation.
  • We simplified code of our project by using open-source GraphQL framework developed by Facebook.

For a deeper dive into the work, read my full project report here.

I am very grateful for the support of my mentor, Ales Zivkovic, as well as Hyperledger for the opportunity to learn and contribute to open source Hyperledger projects.

May 09
0

Hyperledger Community, Deployment and Development Momentum Continues

By | Announcements, Hyperledger Indy, Hyperledger Iroha

Adds 10 More Members, Powers Half of the Blockchain 50, Hits Production Milestones for Hyperledger Indy and Hyperledger Iroha

SAN FRANCISCO (May 9, 2019) Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, today announced 10 more organizations have joined its growing global community. These new members join just as the Hyperledger portfolio of production-ready projects doubles and Forbes documents the scope of Hyperledger deployments in leading global businesses.

Hyperledger is a multi-venture, multi-stakeholder effort hosted at the Linux Foundation that includes various enterprise blockchain and distributed ledger technologies. According to the recent Forbes Blockchain 50 list, over half of the biggest companies deploying blockchain are doing so on a Hyperledger platform. And now two more projects, Hyperledger Indy and Hyperleger Iroha, have hit development milestones that make them production ready.

“As the Forbes 50 shows, blockchain technologies and, specifically Hyperledger projects, are now having real-world impact,” said Brian Behlendorf, Executive Director, Hyperledger. “With four production-ready frameworks and 270 members working to develop and deploy Hyperledger technologies around the world, the rate of adoption and the rise of production systems will only accelerate. Our newest members will further fuel this growing community, deployment and development momentum.”

Hyperledger allows organizations to create solid, industry-specific applications, platforms and hardware systems to support their individual business transactions by offering enterprise-grade, open source distributed ledger frameworks and code bases. The latest general members to join the community are Consensus Datatrust Technology Co., Ltd., FRST Corp., Fusion Tech+, Hedera Hashgraph LLC, INBLOCK Ltd,  RealMarket and Xilinx, Inc.

Hyperledger supports an open community that values contributions and participation from various entities. As such, pre-approved non-profits, open source projects and government entities can join Hyperledger at no cost as associate members. Associate members joining this month include Arizona State University, Portland State University and University College London.

New member quotes:

Consensus Datatrust Technology Co., Ltd

“It is a great honor to join and be a member of Hyperledger,” said Maolu Wang, Chairman, Consensus Datatrust. “As a revolutionary new technology, blockchain has shown great potential in the field of B terminal. We understand that the solution of digital letter integrates blockchain and big data. We believe that blockchain technology can be used as a link for multi-party data sharing to solve previous business problems by technical means. As a member of Hyperledger, we will provide strong technology promotion and product promotion support, and we look forward to making continuous contributions to the community.”

FRST Corp

“The open source dev ecosystem has a tradition of testing assumptions, trying new things, and building important, evolving codebases. FRST is excited to join the Hyperledger community, and we believe participation will advance our work as a data-driven, blockchain-native enterprise analytics company,” said Karl T. Muth, CEO of FRST. “We can’t wait to share our questions and ideas with this community.”

Fusion Tech+

“We are very happy to join Hyperledger and look forward to collaborating with the community to provide innovative solutions for our partners and customers,” said Yang Lu, CTO of Fusion Tech+. “Fusion Tech+ is a smart technology company under Fusion Group. Relying on the strong strategic layout of the IoT, Fusion Tech+ puts forward the concept of Tech+ for enabling innovation and an integrated service platform called ‘Fusionfintrade,’ which deeply integrates technology, finance and scenarios to create a mutual enabling ecosystem. Our platform supports many scenarios and, as we develop it, we will also be actively contributing to the Hyperledger ecosystem and working with the other members to promote the development of technology and industry.”

Hedera Hashgraph

“We are excited to join the Hyperledger community, which comprises some of the most forward-looking organizations working on distributed ledger technology,” said Mance Harmon, CEO of Hedera Hashgraph. “We know enterprises have been exploring DLT use cases with Hyperledger technology.  Hedera provides an enterprise-grade public network that complements those existing and future projects.”

INBLOCK Ltd

“It’s been a long-time goal for us to join the Linux Foundation and Hyperledger,” said Jay Baek, vice president at INBLOCK. “Since the introduction of Mainnet last year, we’ve been cooperating with leading experts and allies in the blockchain industry to develop and improve the global business value. While our focus in on digital assets, we see that blockchain has the potential to revolutionize all industries, and we hope to contribute to the technology’s wide, real world impact.”

RealMarket

“RealMarket is a FinTech/RegTech company producing innovative alternative finance solutions using enterprise blockchain, machine learning, and big data. Our ultimate vision is a fully programmable economy powering groundbreaking and sustainable development worldwide,” said Dr. Dušan Gajić, CEO of RealMarket. “Thus, it is natural for us to join Hyperledger and the Linux Foundation, and we are both proud and excited to do so. Hyperledger is vital to our efforts as its suite of technologies ensures that the store of business-vital data and the rules governing their transformation are securely distributed. It is our aim to help develop Hyperledger further as we build an innovative platform combining equity crowdfunding, a private equity secondary market, cap table management, and corporate governance automation. All of this is only possible because Hyperledger Fabric is at the core of our system.”

About Hyperledger

Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. The Linux Foundation hosts Hyperledger under the foundation. To learn more, visit: https://www.hyperledger.org/.


May 06
0

Hyperledger Launches Hyperledger Iroha 1.0

By | Announcements, Hyperledger Iroha

Another production-ready framework released by the Linux Foundation’s open business blockchain consortium

SAN FRANCISCO, CA – (May 6, 2019) – Hyperledger, a collaborative cross-industry effort created to advance blockchain technology, announced today the general availability of Hyperledger Iroha 1.0. Hosted by The Linux Foundation, Hyperledger Iroha is the fourth active Hyperledger project to reach 1.0, following Hyperledger Fabric, Hyperledger Sawtooth and Hyperledger Indy. Iroha is a distributed ledger project that aims to provide a development environment where C++ and mobile application developers can contribute to Hyperledger.

New Hyperledger Iroha 1.0 features include:

  • YAC Consensus — a consensus protocol that ensures the  safety of the ledger, even if some nodes are faulty or cannot be trusted. The protocol scales linearly in the peer network size.
  • Fully Operational Multisignature — an option for transactions when your application needs multiple signatures for transaction settlement.
  • Updated client libraries — support for writing applications on many different platforms from mobile to mainframe using many different programming languages such as Java (compatible with Android, Scala etc.), JS, Python, and iOS.
  • Windows support (experimental) — Hyperledger Iroha now natively runs on Windows, as well as in Linux and MacOS environments.

“It’s extremely gratifying to see another one of Hyperledger’s active projects hit the 1.0 milestone,” said Brian Behlendorf, Executive Director, Hyperledger. “This is a huge testament to the strong collaboration of our growing community. I look forward to seeing development efforts around Hyperledger Iroha continue to grow and more and more productions systems powered by the framework later this year.”

Hyperledger Iroha complements other Hyperledger projects by providing an alternative design solution for mobile-oriented use cases in finance and identity management. Hyperledger Iroha has a long-term vision to simplify the implementation of blockchain business applications by providing an easy-to-use API and a universal peer model. Hyperledger Iroha has a modular architecture making it additive to existing projects using other Hyperledger technologies and provides a robust library of reusable components to enhance existing applications.  

Hyperledger Iroha contributors from around the world attend meet-ups and blockchain events, collaborate  with universities, and answer constant questions in chats to help people learn about and use the framework. All are invited to participate in this open community.

Hyperledger aims to create distributed ledger technology that enables organizations to build and run robust, industry-specific applications, platforms and hardware systems to support their individual business transactions. The consortium now has more than 270 members with steady growth since its inception, spanning various industries including finance, healthcare, the Internet of Things, credit card services, supply chain and aeronautics, among several others.

You can find the Hyperledger Iroha 1.0 documentation here: https://iroha.readthedocs.io/en/latest/. Follow the “Getting Started” guide to create your first Hyperledger Iroha network in 10 minutes.

Community Quotes:

“The release of Hyperledger Iroha 1.0 is a significant milestone for this vibrant community and the enterprise blockchain space,” said Makoto Takemiya, CEO, Soramitsu. “As a core contributor to the project, we are very excited to see the Hyperledger Iroha team reach this milestone and continue to build upon the diverse DLT ecosystem developing under the Hyperledger greenhouse.”

“We are very excited about the release of Hyperledger Iroha 1.0 because it offers an out-of-box solution for implementation of blockchain networks to mobile devices,” said Yasir Azeem, Head AI and Blockchain from Ikioo. “With the combination of scalability and a permissioned Blockchain, Hyperledger has built something worth commending.”

“Global business is always terrific, and we had looked for the solution that fits our requirements in terms of a solution that is 100% open-sourced, oriented to specific needs of our task: account management, and KYC and supportive in terms of community,” said Alexander Yakovlev, NSD. “Iroha’s existing adoption experience in several countries and practical case with Cambodian central bank were additional benefits.”

Additional Resources:

About Hyperledger

Hyperledger is an open source collaborative effort created to advance blockchain technology by addressing important features for a cross-industry open standard for distributed ledgers. It is a global collaboration including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. The Linux Foundation hosts Hyperledger as a Collaborative Project under the foundation. To learn more, visit: https://www.hyperledger.org/.

Contact

Emily Fisher
Hyperledger/Linux Foundation
efisher@contractor.linuxfoundation.org

May 06
0

Welcome Hyperledger Iroha 1.0: Flattening the DLT learning curve

By | Blog, Hyperledger Iroha

My first experience running a blockchain was when I first launched a Bitcoin node about six years ago. I got into Bitcoin out of curiosity and because the idea of sending value as digital data across the Internet was a very compelling idea.

Since those early days of experimentation, blockchain and DLT have emerged and found its place in enterprise — companies, individuals, consortiums want to get rid of non-transparent resource allocation, corruption, and fraud. Today, diamonds are registered on a blockchain, insurance companies know if you registered your MacBook at several places, and cross-border payments can operate more efficiently.

While blockchain technology has passed its longevity test, the software in general is still far from being integrator-friendly, developer-oriented, and straightforward; specifically when it comes to using distributed ledger technology instead of a database. This is where Hyperledger Iroha is different. With Hyperledger Iroha, it took me about 10 minutes to start building a blockchain. And now the Hyperledger Iroha team is releasing its first production-ready version, offering a faster, less complex path to DLT deployment. Welcome Hyperledger Iroha v1.0!

When it comes to solutions for business, it is critical that the technology is fit for the task and easy to integrate. Moreover, it must be reliable and safe so a business can trust it. Hyperledger Iroha provides safety with its decentralized consensus algorithm and reliability with a tested set of commands and queries. With them you can be sure that the code will do exactly what it is supposed to do — whether you want to add information to, or get information from, the ledger.

For this release the team prepared a special set of improvements:

  • New native client libraries deliver cross-application support for desktop/server (on Java, Python, C++) or mobile (iOS, Android (Java)) applications. You only need to get an idea of the client application and you are ready to go! Take a look at desktop and mobile application examples: on Java or JS: https://github.com/soramitsu/iroha-wallet-js
  • Novel, asynchronous consensus algorithm supporting one step agreement on votes with vote collection optimizations included (Yet Another Consensus; YAC). This means that even if a node is faulty, your decentralised ledger will still be up and running correctly. You can now focus on implementing your business application, leaving the question of whether you can trust partners’ nodes to Hyperledger Iroha.
  • Multi-signature transactions, or as we call them, MST, are now ready for production use. What does it mean for your business? It means that you can set a quorum, such that transactions from your company’s wallet will need several signatories instead of just one — just like in traditional banking, but quicker and more secure. This can also be used to model complex business processes in a secure and automatic way.
  • New backwards-compatibility allows you to integrate Hyperledger Iroha into your business and be sure that no breaking changes will affect it.

Hyperledger Iroha is already gaining strong traction with the community and enterprises:

Alexander Yakovlev from Moscow Exchange Group’s National Settlement Depository is using Hyperledger Iroha in D3 Ledger, and he said: “Global business is always terrific, and we looked for a solution that fits our requirements and is 100% open-sourced and oriented for the specific needs of our task. Features such as Iroha’s account management and supportive community, in addition to Soramitsu’s KYC application, were key factors in our decision to use Iroha for D3 Ledger. Iroha’s existing adoption in several countries and the practical use case with the Cambodian central bank were additional benefits.”

Hyperledger Iroha is already used in asset management, identity management, and payment systems. From simple asset transfers to secure information exchange about customers, Hyperledger Iroha can be used to empower a multitude of use cases, all without the need to program custom smart contracts.

Last year, I wrote a paper about Sora Identity, an implementation of a self-sovereign identity protocol using Hyperledger Iroha. Since then, we have worked on expanding this app and now we have a working product for KYC, targeted towards financial institutions. We are now expanding this to be at the core of the Sora decentralized autonomous economy, an exciting new type of economic system, geared towards empowering the creation of new goods and services.

Try it – simplicity and friendly support from the community will surely help you find your own way of improving your project with Hyperledger Iroha blockchain. You can find the Hyperledger Iroha 1.0 documentation here: https://iroha.readthedocs.io/en/latest/. Follow the “Getting Started” guide to create your first Iroha network in 10 minutes.

Mar 28
0

Developer showcase series: Zilya Yagafarova, Soramitsu

By | Blog, Developer Showcase, Hyperledger Iroha

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into technology? How did you get involved in blockchain? In Hyperledger?

I am a project manager for Soramitsu and I work with a team of highly skilled developers writing code for different platforms and also QA and DevOps specialists.

I have been interested in IT since I was a child and, by the age of 14, had already decided to commit myself to studying computer technologies. After graduating from university, I worked as a technical support engineer, an engineer of information systems’ implementation, and a business and system analyst. Now, I am a project manager.

The thing about IT is that you have to constantly learn new skills and work on self-development. Technology is advancing constantly, so you should become a better version of yourself everyday.

A few years ago, blockchain technology appeared on the market–it was new and seemed promising. My friends had already worked on Hyperledger projects and inspired me to join them.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

I am a project manager of Project Bakong, a payment system that is developed in collaboration with the National Bank of Cambodia (NBC) using Hyperledger Iroha blockchain. We have finished with the implementation of the core system and will to launch a pilot with dozens of Cambodian banks, which is very exciting. Some of our technology is also being used in a decentralized autonomous economic system called Sora and in a decentralized digital asset custodian and settlement service called D3 Ledger. Collaborating with other projects is intellectually stimulating and enjoyable.

We decided to use Hyperledger Iroha because it is created for financial institutions to build highly performant systems that can scale to large numbers of concurrent users (in our case it is the population of a whole country!) and it proved itself capable of performing the task, in my experience.

What’s the one issue or problem you hope blockchain can solve?

The main target of the project I am working on is to help expand access to financial services for Cambodian people by providing instant payments through a mobile application and robust, modernized infrastructure.

Blockchain is a new and very promising technology, especially when it comes to finance – transactions in Hyperledger Iroha have settlement finality and the data are impossible to corrupt.

What is the best piece of developer advice you’ve ever received?

Design first–analyse the task from every angle and only then write the code that you fully comprehend; do not rely on random chance because it will not work.

What advice would you give for other women who want to build their careers in development? In blockchain?

Believe in yourself and in your capabilities. Then just work hard.

What technology could you not live without?

That must be maps and translation software. I travel a lot because our company is as decentralized as its products, and it would be impossible to discover the world as I do now without a way to communicate and navigate in it.

Feb 04
0

Hyperledger Iroha Security Audit Results

By | Blog, Hyperledger Iroha

Introduction

The time has come again for another Hyperledger project to begin their version 1.0 release process. Hyperledger Iroha is getting close to a 1.0 release and as part of that, Hyperledger hired an outside security auditing firm to review the code and audit it for security vulnerabilities. Nettitude conducted a review of the code this past fall and reported their findings to the Hyperledger security team and the Iroha developers.

The Iroha audit found four security issues, including one that was critical enough to require us to issue our first Common Vulnerabilities and Exposure (CVE) notice. All four issues were tracked using our JIRA and resolved shortly after the audit concluded.

I want to highlight the details of two of the security issues that the audit discovered because they show how easy it is to make bad assumptions about cryptography that results in a critical failure. Crypto code is always difficult to get right and as you will see, knowing good coding practices isn’t always enough. A developer must also be aware of algorithm and implementation details and the guarantees offered by a cryptographic primitive.

Blockchain Review

Before digging into the error, let us review the way things are supposed to work in a permissioned blockchain network. Figure 1 shows the normal process of transaction proposal and verification. In the diagram, Node 1 proposes the transaction by signing it and forwarding it to Node 2. Node 2 verifies the validity of the transaction as well as the validity of Node 1’s digital signature endorsement. Node 2 then endorses the transaction and forwards it to Node 3. Node 3 does the same checks as Node 2 except that it is also careful to ensure that the endorsements from Node 1 and Node 2 are both valid and unique. If everything passes the checks, Node 3 endorses the transaction and forwards it to Node 4. Node 4 now repeats the checks of Node 2 and Node 3 and sees that the transaction has enough valid and unique endorsements to be accepted into the next block of the blockchain. Node 4 transmits the fully endorsed and accepted transaction to all other nodes in preparation of the block construction and consensus steps. It is important to point out that not only is the validity of each digital signature important, but that a transaction also has enough unique endorsements before it will be accepted.

Figure 1—How a transaction is endorsed and validated.

Signature Schemes

Hyperledger Iroha uses the Twisted Edwards Curves based elliptic curve digital signature scheme more commonly known as Ed25519 or EdDSA. Unlike almost every other elliptic curve digital signature scheme, Ed25519 doesn’t take random data as one of its inputs. Most digital signature schemes generate a random number used only once—also known as a nonce (Number used ONCE)1—when calculating a digital signature of a message. The reason for this is because a digital signature is just a message digest encrypted using a public key encryption algorithm. Public key encryption algorithms are trivial to break if there is no nonce or a nonce gets reused, with the same secret key, to encrypt multiple messages.2 This is called a “chosen plaintext attack”.3 Figure 2 shows how a random nonce is used when encrypting the message digest to create the digital signature. By including a nonce, repeated use of the secret key over different messages does not compromise the encryption. Digital signatures using this method are different even though the same secret key and message are used.

Figure 2—Digital signature calculation with random nonce.

The Ed25519 signature scheme used by Iroha is different in that it generates the nonce by processing the inputs to the signing algorithm and thus repeated signatures of the same data with the same key result in the same encrypted data.4 This doesn’t compromise the key because the nonce is still different for different inputs. Figure 3 illustrates how the nonce for an Ed25519 digital signature is calculated from the input message and are therefore deterministic rather than generated randomly. Digital signatures using this method are the same when the same secret key and message are given.

Figure 3—Digital signature calculated with deterministic nonce.

The Bug

The flaw in Iroha was that the developers wrote the signature checking code to assume that signing the same data with the same key would always result in the same encrypted data. When determining if a transaction has enough different signatures to be valid, the code was comparing the public key bytes as well as the digital signature bytes when testing to see if two signatures were different. Figure 4 shows how the public key bytes and the digital signature bytes were combined when checking to see if two endorsements were different.

Figure 4—Flawed endorsement check that includes digital signature bytes.

The auditors at Nettitude created a modified version of the Ed25519 signature library so that it instead used random nonces, thus creating different encrypted data for the same secret key and message data. Figure 5 shows how the comparison of endorsements fails when random nonces are used. The resulting endorsements are not the same even though the message and secret key used to sign the message are the same.

Figure 5—Random nonces produce different signatures from the same inputs.

The result is that other nodes in the Iroha network—nodes running unmodified Ed25519 libraries—correctly validate the signatures because the public key correctly decrypts the digital signatures but the code for testing the uniqueness of the signatures is fooled. Each validating node sees different signatures for the same data and the same secret key and assumes they are unique endorsements and that the transaction is properly endorsed. Figure 6 shows how the Nettitude engineers were able to fully bypass this check with their single malicious node. It resulted in a bypass of the Byzantine guarantees of the system.

Figure 6—A malicious node bypassing the Byzantine checks.

The Fix

The correction for this security bug is to change the transaction and block signature validation code to first check that all signatures are valid and then check only the public keys for uniqueness when determining if there are enough valid and unique signatures on a transaction or block. Figure 7 shows how the scenario in Figure 6 plays out with the fixed code. Again a malicious node with a modified Ed25519 implementation signs a transaction multiple times with the same key. The signature bytes are unique, but the keys are not. When the other nodes in the network check the transaction, they see three valid signatures but the keys are not different. Each nodes determines that there is only one unique and valid signature and rejects the transaction.

Figure 7—A malicious node unable to bypass the Byzantine checks.

Two bugs were filed, one for transaction validation and one for block validation to address this flaw. The first bug is titled “multi-signature transactions can potentially be authorised by single user”5 The second bug is titled “vote early, vote often”6 Both flaws were fixed shortly after the report was given to us from Nettitude and the current version of Iroha has been fixed.

Conclusion

It is very important for developers to understand the subtleties of cryptography and applying it to engineering problems. Careful study and consideration of the guarantees and assumptions is required as well as multiple reviews from other engineers with similar knowledge and attention to detail. The “many eyeballs” theory of open source software development does work. This audit proved it.

The management and technical reports from the audit can be found on the Hyperledger wiki.

Links

  1. https://en.wikipedia.org/wiki/Cryptographic_nonce
  2. https://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
  3. https://en.wikipedia.org/wiki/Chosen-plaintext_attack
  4. https://ed25519.cr.yp.to/ed25519-20110926.pdf
  5. https://jira.hyperledger.org/browse/IR-2
  6. https://jira.hyperledger.org/browse/IR-3
Dec 03
0

All Are Welcome Here

By | Blog, Hyperledger Burrow, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha, Hyperledger Sawtooth

A Minneapolis coffee shop that has fueled or at least caffeinated a lot of Hyperledger commits.

One of the first things people learn when coming to Hyperledger is that Hyperledger isn’t, like it’s name may imply, a ledger. It is a collection of blockchain technology projects. When we started out it was clear almost immediately that a single project could not satisfy the broad range of uses nor explore enough creative and useful approaches to fit those needs. Having a portfolio of projects, though, enables us to have the variety of ideas and contributors to become a strong open source community. Back in January of 2016 Sawtooth and Fabric were both on the horizon followed shortly by Iroha, but we wouldn’t have predicted that we would have Hyperledger Burrow and Hyperledger Indy – two projects that bear no resemblance to each other. Burrow is a permissioned Ethereum-based platform and Indy is a distributed identity ledger. Burrow is written in Go, and Indy was created in Python and is porting to Rust.

Both of these platforms are interesting in their own rights, but Hyperledger is even more interesting for the combination of these projects with the others. Both Sawtooth and Fabric have already integrated with Burrow’s EVM. Now Hyperledger has a set of offerings that can simultaneously satisfy diverse requirements for smart contract language, permissioning, and consensus. Likewise Sawtooth and Indy have been working together at our last several hackfests. The results of that may unlock new use cases and deployment architectures for distributed identity. So it’s not that our multiplicity of projects has given us strength through numbers, but rather strength through diversity.

Hyperledger Hackfest – December 2017 at The Underground Lisboa

The hackfests that we mentioned are one of the rare times that we get together face to face. Most of our collaboration is over mail list, chat, and pull-requests. When we do get together though it’s always in a new city with new faces. One of our most recent projects was hatched inside one of those buses. It wasn’t the most ergonomic meeting I’ve ever had but there was room for everyone on that bus.

Hyperledger Hackfest in Chicago

Our hackfest in Chicago was in a lot more conventional surroundings (still a very cool shared creative space .. lots of lab equipment and benches out of view on the other side of the wall to the right). Looking back at this photo is fun for me. I can see a lot of separate conversations happening at each table… people sharing different ideas, helping ramp new contributors, working on advancing new concepts with existing contributors. I can see a lot of similarity but also a little variety. It’s a busy room but there’s still open chairs and room for more variety.

Our next hackfest won’t be until March 2019 (Hyperledger is hosting Hyperledger Global Forum in December in Basel though). The March hackfest will be somewhere in Asia – location to be settled soon. The dates and locations of the other 2019 hackfests aren’t set yet. I don’t know where they will be specifically, but I do know that there will be a seat available and you will be welcome there.

These face to face meetings really are more the exception than the rule at Hyperledger. There are now more than 780 contributors spread all across the globe. 165 of those were just in the last few months. That means that every day we have a new person contributing to Hyperledger. Most of our engagement is through the development process. People contribute bug fixes, write new documentation, develop new features, file bugs, etc. If you’ve never contributed open source code before getting started might be intimidating. We don’t want it to be, though. There are a number of resources to help you get started. You can watch this quick video from Community Architect, Tracy Kuhrt. There’s documentation for each project, mail lists, a chat server, working groups, and some of the projects even host weekly phone calls to help new developers get engaged. Everyone in Hyperledger abides by a Code of Conduct so you can feel comfortable knowing that when you join any of those forums you will be treated respectfully. Anyone who wants to get involved can regardless of “physical appearance, race, ethnic origin, genetic differences, national or social origin, name, religion, gender, sexual orientation, family or health situation, pregnancy, disability, age, education, wealth, domicile, political view, morals, employment, or union activity.” We know that to get the best ideas, best code, best user experience we need your involvement. Please come join our community.

Image created by https://allarewelcomehere.us/ for Hyperledger

As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions: info@hyperledger.org.

Sep 19
0

(9.19.18) JAXenter: Blockchain development made easy: Getting started with Hyperledger Iroha

By | Hyperledger Iroha, News

Our ‘Blockchain development made easy’ series continues with Hyperledger Iroha, a simple blockchain platform you can use to make trusted, secure, and fast applications. What are the advantages and how can developers get started with it? We talked to Makoto Takemiya, co-founder and co-CEO of Soramitsu about what’s under this project’s hood.

More here.

Sep 14
0

Hyperledger 2018 Summer Mentors Recap

By | Blog, Hyperledger Cello, Hyperledger Fabric, Hyperledger Iroha

Our interns did some great work on some very meaningful projects this summer. We’ve shared details of their work here. Of course, the program wouldn’t work without the time, effort and input our mentors provided. Many of them went the extra mile and provided their take on lessons learned, what they gained by being a mentor and advice for future interns as well. Here is some of the wisdom they shared:

Baohua Yang, Principal Architect, Oracle Blockchain (Project: Design Effective Operational Platform for Blockchain Management)

Lessons learned:

The intern’s self-motivation is important as is his/her interests with open-source projects.

What you got out of being a mentor:

I was very glad to help new person to get involved into the open-source world.

Advice for those interested in interning in the future:

Knowledge or skill is not the most important thing to learn as an intern. The Hyperledger internship is a great opportunity to help you learn open culture and principles to participant a teamwork.

Dave Huseby, Security Maven, Hyperledger, The Linux Foundation (Project: Simulating Hyperledger Networks with Shadow)

Lessons learned:

The primary lesson I learned is to choose the right size for an intern project. I was ambitious in what I asked my intern to do. It turns out that blockchains are complicated pieces of software and getting them to run under a simulator is difficult. That said, the reduced scope we agreed upon mid-summer was met and we did advance this effort.  I’m hoping that an intern next summer will pick up where my intern left off.

What you got out of being a mentor:

It was interesting to see our community through the eyes of a newcomer.  I got involved with open source communities so long ago that I forgot what it was like to be new.  I had forgotten all of the mental shifts (e.g., don’t ask for permission, just do) and leaps of faith (e.g., here’s my code, please be nice) that a developer has to make to be a successful contributor to an open source project. It takes real courage to contribute code and fully participate in a community where you know nobody. I really enjoyed encouraging Martin when things got tough. More importantly, the best thing I got from being a mentor was a new friend.  Martin is a really good person.

Advice for those interested in interning in the future

Be prepared to work hard. Working remotely is difficult and not a normal way of working. It takes a great deal of self-discipline, and as I said above, it takes real courage to submit code to people you don’t know and be judged by your contribution.  Be prepared to learn. With the right attitude, an intern can get some real rubber-meets-the-road experience. There’s a big difference between a recent computer science graduate and a work-a-day programmer. An internship working on open source software can go along way towards making you a work-a-day programmer.

Jay Guo Software Engineer, IBM (Project: Extended Support for EVM and and Tooling in Hyperledger Fabric)

Lessons learned:

We should set realistic goals for interns, and we should give them enough time to climb the learning curve.

What you got out of being a mentor:

Mentoring requires more than technical skills. I learned a great deal of project management, communication and presentation skills

Advice for those interested in interning in the future:

  • Remote internship is hard and timezone difference makes it even harder. Both mentors and applicants should take this into consideration. Being located in the same city would make life much easier.
  • Communication is a key part of internship. Interns should proactively seek help from mentors, and this is a quality that mentors should pay attention to when interviewing candidates.

Swetha Repakula, Open Source Developer, IBM Digital Business Group (Project: Extended Support for EVM and and Tooling in Hyperledger Fabric)

Lessons learned:

  • Most of my lessons comes from the fact that this was a remote internship. I underestimated the difficulty that comes from both not being able to work together in person as well as being able to finding a reasonable time for everyone involved to be able to speak. Because of this, I think projects that are suggested for this program either have to be very structured and scoped or the project needs to be isolated enough that the intern is able to make progress without other people. The solution to this we found was scheduling regular calls and asking for daily reports on progress to make she was on track.
  • Another thing I learned was making sure our intern felt comfortable asking questions and not feeling like she was alone. Creating that environment was our number one goal because interns shouldn’t feel like they are expected to do everything by themselves. We found that explaining our expectations to her and constantly encouraging her to ask us questions was the best solution to this.
  • My final takeaway was setting realistic goals for the internship. Goals can refer to the actual progress of the project, but I viewed the internship successful if our intern was able to end the program with a skill set she could apply to whatever she planned to do next. Of course our intern produced results, but what I was most proud of was when she understood concepts such as test-driven development or breaking down a project into smaller achievable tasks. Those are the skills that will make her a good developer and, in the end, the goal of this program is to enrich our interns, not necessarily just got some work done for our projects.

What you got out of being a mentor:

  • I have always enjoyed sharing knowledge, and this program gave me the opportunity to do that. My proudest moment easily was when my intern spoke about how the things we taught her during the internship directly applied to her current classes. As I mentioned above, our first goal was to make sure our intern learned enough that she could apply it to the rest of her career.
  • I found though that mentoring someone was not just about teaching but required some managerial skills. That would involve making sure my schedule allowed enough time for me to be available to guide my intern, ensuring she was making enough progress at the correct pace and helping her get the resources she needed to complete her work. This is was a very new experience from me.

Advice for those interested in interning in the future:

  • I recommend that those who wish to intern in the future be honest, whether that is about their skill set, their availability, or their professional interests. Our intern was clear about what she understood or didn’t understand and that really helped make sure the limited time we had was focused on what she was stuck on.
  • Be proud of your current accomplishments. As mentors we aren’t expecting you to necessarily have experience in the topics we are working on. What I look for is someone who is driven and passionate about the work they do. So be able to talk about those accomplishments, regardless of whether it is a class assignment or a huge project you have worked on.
  • Communication is key for anything you work on. Focus on being to explain your ideas clearly as well as relaying what you have done in the past. And, lastly, come with your ideas and questions.

Sheehan Anderson, Vice President/Director of Architecture, State Street (Project: Hyperledger Fabric Chrome Extension)

Lessons learned:

Working remotely brings unique challenges, especially when starting a new project. There were several of steps we took that worked really well throughout the internship.

  1. Have a plan laid out on day one that covers the length of the internship. Understand what parts of the project should be functioning by the end of each week as 12 weeks will go by really quickly. You don’t want to be spending time deciding what to do at the start of each week.
  2. Communication is important. Have regular video conference calls to demo what has been built, discuss any blockers, make sure that next steps are understood, and just to get to know each other. Be available on Rocket.Chat (chat.hyperledger.org) so you can answer questions. Also, encourage your intern to reach out in the various channels when they have a question. It’s a great way to meet other Hyperledger developers.
  3. Be flexible. Chances are that your 12 week plan will encounter at least some roadblocks. Be quick to remove or alter features if they are taking longer than expected to build.

What you got out of being a mentor:

Hyperledger Fabric is no longer a new project. I started as one of the original developers and now spend most of my time writing applications that run on the Hyperledger Fabric platform. I’m surrounded by people with similar experience. Having a chance to work with someone who is both new to Hyperledger and early in their software engineering career brings new perspectives that are important. A risk of working on the same thing for too long is that you get used to the way things are and don’t stop and question why something is done in a particular way and if there may be a new or better alternative. Being a mentor requires you to both be able to explain the existing architecture and answer those “why” questions that you may have ignored otherwise.

Advice for those interested in interning in the future:

The interns that really stood out during the interview process had built projects utilizing existing open source projects. This showed that they had curiosity, determination, and the ability to self-learn and get unstuck when faced with an obstacle. Sometimes contributing to existing open source projects can seem daunting or have a very steep learning curve. Creating your own small project that makes use of an existing open source project can be a great introduction to various open source communities and will also show that you have the skills needed to succeed in a program like the Hyperledger internship.

Salman A. Baset, IBM (Project – Running Solidity Smart Contracts on Hyperledger Fabric or Vice Versa)

1) Lessons learned:

To have a successful internship outcome, a project needs to be crisply defined, have an intern who possesses the necessary background and is excited to learn, and have periodic sync ups with the intern. I was fortunate to have an intern who had background in compilers and was excited to learn both Ethereum and Hyperledger Fabric in order to translate Solidity smart contracts into Javascript for Fabric. We leveraged Zoom and Hyperledger Rocket chat for communication.

The key takeaway from the project is that it is possible to write smart contracts for one platform that run in another without making changes to the core platform. Perhaps, a bigger lesson is that there is a need to write smart contracts in a language that can be run on any target platform (similar to Java). Hopefully, next year, we can have a project to develop a smart language that targets multiple blockchain platforms within Hyperledger.

The project is available as open source with Apache 2.0 license and will soon be converted to a Hyperledger Lab. The source code is available here:

https://github.com/AhmadZafarITU/SolidityToJavascriptTranslatorCode

What you got out of being a mentor:

I had the satisfaction of supervising a hardworking intern who was able to create running code for the seemingly difficult idea of running Solidity contracts on Fabric. My hope is that the project does not end with the culmination of the internship and sparks interest among other members of the community.

Advice for those interested in interning in the future:

Asking questions to your mentor and seeking solutions on your own from members of community is very important.

We would also like to recognize the mentors for all the time, effort and input they provided! As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions: info@hyperledger.org.