New article on #tokenization Read more >

Skip to main content
Hyperledger Foundation
search
Menu
  • Learn
    • Case Studies
    • White Papers
    • Training & Certification
    • Training Partners
    • Webinars
    • Research
    • Blockchain Showcase
    • Wiki
  • Use
    • Distributed Ledgers
    • Domain-Specific
    • Libraries
    • Tools
    • Tutorials
    • Hyperledger Certified Service Providers
    • Vendor Directory
  • Participate
    • Collaboration Tools
    • Contribute to Coding
    • Academic Collaboration
    • Find a Meetup
    • Regional Communities
    • Speakers Bureau
    • Join a Community Group
    • Labs
  • Events
  • News
    • Blog
    • Announcements
    • Newsletter
  • About
    • Join Hyperledger
    • Members
    • Leadership
    • Charter
    • Job Board
    • Contact Us
  • Join
  • English
    • 简体中文
    • Português
    • Français
    • Malayalam
    • 日本語
    • Español
  • search
Close Search
Category

Hyperledger Ursa

Jan 25
Love0

Hyperledger Mentorship Spotlight: GVCR: Secure Verifiable Credential Registries (VCR) for GitHub & GitLab

By Sarvesh Shinde Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Mentorship Program, Hyperledger Ursa, Identity

What did you work on?

Project name: GVCR: Secure Verifiable Credential Registries (VCR) for GitHub & GitLab

My name is Sarvesh Shinde and this is my personal blog that I’m writing to share my experience of working on the GVCR Project. A little background about the project is really necessary to fully appreciate the objectives of this project. 

Self-Sovereign Identity (SSI) is a digital identity management model in which an individual or a company has the exclusive ownership over their accounts and personal data. A verifiable credential protocol, in turn, forms one of the three pillars of Self-Sovereign Identity, along with the Decentralized Identifiers protocol (DIDs) and Distributed Ledger Technology (or blockchain).

This project was conceptualized to provision secure verifiable credential registries that utilize Github’s data model and API to offer exactly the same APIs for any other verifiable credential registry. This project exists as an extension to the DRMan project.

The DRMan project, inspired by the SDKMan, acts as a tool for managing multiple versions of different software development libraries. These libraries form the necessary dependencies for the extended feature modules that reside inside DRMan, including GVCR.

What did you learn or accomplish?

GVCR, along with DRMan, is a command line utility. This project has been entirely written in shell script. Shell script has a distinct advantage of making the tool light weight, easy to install and to use.

As of now, GVCR has been provisioned to utilize Github and Gitlab as its two git based registries. The plugin architecture of GVCR allows it to provision for more VCRs in the relative future. The APIs of these individual git based registries are designed to be a collection of facade functions that provide the same feature on the surface, all the while accommodating for the individual data models of the specific registry under the hood.

GVCR can be utilized in an Hyperledger Aries Framework as an implementation of VCR and collaborates with existing Agent and Wallet open source projects in Hyperledger Aries. It can also be used in Hyperledger Indy projects by providing endpoints of cryptographic verifications for credential issuers.

In near future, GVCR is envisioned to leverage Hyperledger Ursa to implement encryption, decryption and verification functions for verifiable credentials.

I was responsible for the design and implementation of this very GVCR module.

Now coming to the topic of the mentorship program itself, let me give you a rundown of its structure, working mechanism and decision making process. This mentorship was a careful balance of a hands-off approach towards the design planning and realization part that I undertook and the existence of biweekly meetings that acted as an efficient feedback mechanism from the mentors. These biweekly meetings were really efficient in setting the tempo of the progress and made sure that all the involved participants were aware of their individual tasks at hand.

The mentorship started on June 1st and continued until November 16th. Further, the mentorship was broken into two halves. In general, the first half was more focused on the design aspect of this project while the second half came down to its implementation.

What comes next?

Overall, this mentorship has been a wonderful experience and has enabled me to pursue my career in blockchain. The future of a secure, verifiable digital identity and its co-operability with a decentralized ledger brings a new outlook to the future of digital identity and just how important its acceptance is to finally realizing the ultimate goal of exclusively owning our own identities. New technologies are constantly coming up to make this future a reality, and I’m looking forward to contributing my part towards it.

Sep 28
Love0

#HyperledgerIdentity round-up: A cross section of production digital identity solutions built using Hyperledger technologies

By Hyperledger Blog, Hyperledger Aries, Hyperledger Fabric, Hyperledger Indy, Hyperledger Ursa, Identity

Verifying identities and information in a digital world is critical for establishing trust. But there are issues of privacy as well as efficiency, scale and accuracy in models that rely on centralized data collectors and databases. 

The adoption of a new generation of digital identity solutions that leverage decentralized technologies such as distributed ledgers and verifiable credentials is accelerating. And Hyperledger technologies are playing a major role in this transformation. 

Read on for a cross section of the many Hyperledger-powered solutions that are in production now. For other examples, check out these past #HyperledgerIdentity round-ups:

  • Hyperledger-Powered Digital Identity Solutions at Work                
  • Identity Applications in Action & Powered by Hyperledger

IBM Digital Health Pass

IBM Digital Health Pass, built on Hyperledger Fabric, offers a multi-credential verifier that organizations can use to manage and execute their verification policies for COVID-19 and vaccination status in a way that balances the privacy of the individual with the requirements set by the organization and local health authorities. With IBM Digital Health Pass, organizations can verify multiple types of health credentials, such as Good Health Pass, IBM Digital Health Pass, Smart Health Card and EU Digital COVID Certificate. Privacy is central to the solution, where the verifier application minimizes the personal data that is ever displayed to the user through the execution of business rules and it never lets any personal data leave, or be stored in, the verifier app.

Indicio Network 

The Indicio Network is a collection of four professionally-staffed, enterprise-grade public-permissioned ledgers that provide a neutral, independent, and reliable network for the exchange of verifiable credentials. MainNet, DemoNet, TestNet, and TempNet are all Hyperledger Indy-based networks with nodes operating on five continents—and a growing number of node operators. The Indicio Network is one of the networks that can support Indicio Proven, a complete suite of decentralized identity components for authenticating and sharing high value data in a privacy-preserving way using verifiable digital credentials. Built on Hyperledger Aries and Hyperledger Ursa, as well as AnonCreds and DIDComm, Proven is designed to make implementing and using these open source codebases simple, providing users with a fully-owned solution that’s easy to integrate with existing systems, to innovate on, and to scale.  

IDUnion 

IDUnion, the European identity verification network created as part of the “Secure Digital Identities Showcase” funding project, brings together public institutions, government agencies, private organizations, associations, educational institutions and other stakeholders from various fields to enable a fundamentally new, secure digital infrastructure for the verification of identity information. In August, 2022, IDUnion spun off Sociedad Cooperativa Europea (SCE) to operate the production network for credential verification. 

The IDUnion network, which is built on Hyperledger Indy, enables the clear verification of individuals, companies and institutions while allowing people and organizations to manage their identity information by themselves and to decide when they want to share this information and with whom. It has a decentralized structure and stores no personal data – not even as a hash. In order to protect privacy right from the start, all personal data is stored on the user’s end device. Users have a choice of wallets for storing and presenting credentials to third parties as required. Credentials are issued, verified and stored using open standards to ensure interoperability. Hyperledger Aries is the framework for managing the credentials.

NHS Covid-19 Digital Staff Passport

In 2019, the NHS was preparing to pilot a digital passport project that would allow staff to carry their HR and other records as credentials on their phones as a long-term plan to make it easier to transfer from one facility to another. When the pandemic hit, this went from a pilot to a production deployment quickly. The NHS Covid-19 Digital Staff Passport rolled out in summer to support swift and efficient staff movement between NHS organizations in response to the response health emergency. The COVID-19 Digital Staff Passport provided a solid legal framework for staff to be temporarily deployed into other NHS organizations with evidence available that checks have been completed before staff move. As laid out in the pilot, the information was transferred securely by the staff member as verified credentials stored on their own smartphone, putting them in control.

This staff passport used the Sorvin Network, which is built on Hyperledger Indy, to verify the digital credentials, and the Evernym (now Avast) Connect.me digital wallet app, which is powered by Hyperledger Aries, Indy and Ursa, to enable staff to store and share their credentials. 

The NHS is now gearing up to roll out the next generation of its Digital Staff Passport, which will streamline transfers and staff movements through the NHS. 

OrgBook BC 

OrgBook BC is a searchable public directory of organizations registered in British Columbia, Canada, provided by the BC Government’s Ministry of Citizens’ Services. OrgBook BC provides verified data, including legal names and DBA names, business numbers, BC registration status and select licensee and permits, for more than 1.4 million organizations. All of the information in the OrgBookBC is received, stored, verified and displayed using the latest digital trust technologies. 

OrgBookBC uses verifiable credentials to ensure that information about organizations are digitally signed by the entity that issues it. Issuers are public sector organizations that hold information about businesses, issue licenses or permits or certify processes. That electronic signature stays with the data throughout its life in OrgBook and is validated before its is display on the website. 

OrgBookBC is part of an overall commitment to digital trust technologies by the Government of British Columbia. In addition to deploying Hyperledger Aries, Indy and Ursa, the team there is leading much of the open source development for those projects. Read more on the Government of BC’s investment in verifiable credentials and digital wallet technologies here. 

Digital Identity updates from Hyperledger Global Forum

At Hyperledger Global Forum 2022, there was a range of business, technical and demo sessions focused on digital identity, including:

  • Bringing Trustworthiness in Industrial Device Lifecycle using Verifiable Credentials – Marquart Franz & Saad Bin Shams, Siemens AG
  • Findy Agency — Highway to Verified Data Networks – Laura Vuorenoja & Harri Lainio, OP Financial Group
  • Digital Identity Using the vLEI – Christoph Schneider, Global Legal Entity Identifier Foundation (GLEIF)
  • Blockchain, Biometrics and Geo-Location: Lessons Learned from the Implementation of Innovative Technologies at the United Nations Joint Staff Pension Fund – Dino Cataldo Dellaccio, United Nations Joint Staff Pension Fund & Shashank Rai, United Nations International Computing Centre (UNICC)
  • Hosted Discussion: Rhode Island Leads on Digital Identity Solutions with Hyperledger – Liz Tanner, State of Rhode Island & Jim Mason, DTCC
  • Last Mile Problem in Self-Sovereign Identity – Biometric Authentification and Device Independent Wallet for Hyperledger Indy – Non Kawana & Ken Naganuma, Hitachi, Ltd.
  • Workshop: How To Build a Self-Sovereign Identity Agent With Hyperledger Aries Framework JavaScript – Timo Glastra & Berend Sliedrecht, ANIMO & Jakub Koci, ABSA

Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerIdentity on social channels. For a hands-on introduction to the market and technologies, join the free four hour Build Your Identity Solution Using Hyperledger Aries workshop. Or, for a more business level introduction, sign up for the free Getting Started with Self-Sovereign Identity (LFS178x) online course from Linux Foundation Training & Certification.

May 31
Love1

Hyperledger Ursa code review

By IDLab Blog, Hyperledger Ursa, Identity

(Le français suit l’anglais)

Hyperledger Ursa is a shared cryptographic library used to avoid duplicating cryptographic related code. The library is an opt-in repository (for Hyperledger and non Hyperledger projects) to place and use crypto.

Broad deployment of digital identity will depend on strong security to deliver the high levels of assurance required in many consumer transactions with their governments, their financial institutions, and other trusted organisations. 

Leading advancements in decentralized identity, several originating in Canada, rely on the Hyperledger family of technologies. As such, Hyperledger Ursa is a central component depended upon to provide the security overlay for decentralized identity.

Rooted in a “trust but verify” mindset, several Canadian public sector entities and Interac (Canada’s interbank network) sponsored a project at the Digital Identity Laboratory of Canada (IDLab) to perform a security and cryptography code review of Hyperledger Ursa  (full report is available here).

Those commissioning this project deemed it important to have an arms-length third party assessment of this foundational component of the Hyperledger family to understand the risks (if any) being assumed with the  deployment and use of Hyperledger-base technology in the domain of decentralized identity.

Overview of Hyperledger Ursa  library code review scope:

A code review that examined: 

  • Entry points
  • Coding standards
  • Data storage and transfer
  • APIs and their security
  • Third party library usage
  • Programming language issue
  • Logic flaws

Cryptography best practices including examination of:

  • Cryptography and key management
  • Entropy
  • Best practice cryptography usage

The review did not include an assessment of the cryptographic algorithms foundation themselves, or their suitability. Examination was limited to assessment of sound implementation within Ursa.

Following the code review and the findings documented, the IDLab team worked closely with key Ursa contributors and the Hyperledger Foundation community to review and assess results. As a result, a number of enhancements were identified to address report findings. 

Ultimately, the exercise concluded that Ursa provides a solid security footing for projects dependent on the Hyperledger family of technologies applicable to digital identity. 

Review findings summary:

In general, the review noted a few relatively minor security defects, some implementation guidance, and some general observations for library improvement. 

These can be briefly described as follows:

  • Minor build issues
  • Cautions to consider when building, primarily with third party libraries or integrations
  • Minor issues related to lack of support for message augmentation
  • Minor issues related to subgroup validation
  • An issue related to public key validation

For those interested in the full report, please have a look here. You can also learn more by viewing this webinar:

If you have any questions about Hyperledger Ursa, you can engage with the community on the Hyperledger Foundation’s Discord server for Ursa. If you want to learn more about IDLab, please visit www.idlab.org.


Revue de code Hyperledger Ursa

Hyperledger Ursa est une librairie cryptographique partagée utilisée pour éviter la duplication du code lié à la cryptographie. La librairie est un répertoire opt-in (pour les projets Hyperledger et ceux qui ne le sont pas) pour placer et utiliser la cryptographie.

Le déploiement à grande échelle de l’identité numérique dépendra d’une forte sécurité afin de fournir les niveaux d’assurance élevés requis dans de nombreuses transactions des consommateurs avec leurs gouvernements, leurs institutions financières et d’autres organisations de confiance. 

Les principales avancées en matière d’identité décentralisée, dont plusieurs proviennent du Canada, reposent sur la famille de technologies Hyperledger. En tant que tel, Hyperledger Ursa est un composant central sur lequel on compte pour fournir la couche de sécurité pour l’identité décentralisée.

Dans un esprit «de confiance et de vérification» (en anglais, trust but verify), plusieurs entités du secteur public canadien et Interac (le réseau interbancaire du Canada) ont parrainé un projet au Laboratoire d’identité numérique du Canada (IDLab) pour effectuer une revue de code de sécurité et de cryptographie d’Hyperledger Ursa (le rapport complet est disponible ici, en anglais seulement).

Les initiateurs de ce projet ont estimé qu’il était important d’avoir une évaluation indépendante par un tiers de ce composant fondamental de la famille Hyperledger pour comprendre les risques (s’il y en a) assumés avec le déploiement et l’utilisation de la technologie basée sur Hyperledger dans le domaine de l’identité décentralisée.

Aperçu de la portée de la revue de code de la librairie Hyperledger Ursa :

  • Une revue de code qui a examiné : 
    • Les points d’entrée
    • Les standards de programmation
    • Stockage et transfert de données
    • Les interfaces API et leur sécurité
    • Utilisation de librairies de tiers
    • Problèmes de langage de programmation
    • Défauts de logique
  • Les meilleures pratiques en matière de cryptographie, y compris l’examen :
    • De la cryptographie et la gestion des clés
    • De l’entropie
    • Des meilleures pratiques en matière d’utilisation de la cryptographie

L’examen n’a pas inclus une évaluation de la fondation des algorithmes cryptographiques eux-mêmes, ni de leur aptitude. L’examen s’est limité à l’évaluation de la bonne mise en place dans Ursa.

Après l’examen du code et la documentation des résultats, l’équipe d’IDLab a travaillé en étroite collaboration avec les principaux contributeurs d’Ursa et les membres de la communauté de l’Hyperledger Foundation pour examiner et évaluer les résultats. En conséquence, un certain nombre d’améliorations ont été identifiées pour répondre aux conclusions du rapport. 

Ultimement, l’exercice a conclu qu’Ursa fournit une base de sécurité solide pour les projets qui dépendent de la famille de technologies Hyperledger applicables à l’identité numérique. 

Résumé des conclusions de l’examen :

En général, l’examen a relevé quelques défauts de sécurité relativement mineurs, quelques conseils de mise en place, et quelques observations générales pour l’amélioration de la librairie. 

Celles-ci peuvent être brièvement décrites comme suit :

  • Problèmes mineurs de construction
  • Précautions à prendre lors de la construction, principalement avec des librairies ou des intégrations de tiers
  • Problèmes mineurs liés à l’absence de prise en charge de l’augmentation des messages
  • Problèmes mineurs liés à la validation des sous-groupes
  • Un problème lié à la validation des clés publiques

Pour ceux qui souhaitent consulter le rapport complet, veuillez cliquer ici. Vous pouvez également en savoir plus en visionnant le webinaire ci-dessus (en anglais).

Si vous avez des questions sur Hyperledger Ursa, vous pouvez vous adresser à la communauté sur le serveur «Discord server for Ursa». Si vous souhaitez en savoir plus sur IDLab, veuillez consulter le site www.idlab.org.

Apr 06
Love0

Call for Applications: 2022 Hyperledger Mentorship Program

By Hyperledger Blog, Hyperledger Aries, Hyperledger Besu, Hyperledger Bevel, Hyperledger Cacti, Hyperledger Fabric, Hyperledger Indy, Hyperledger Mentorship Program, Hyperledger Ursa

Want to jump start a career in blockchain development? Ready to build hands-on skills developing leading-edge open source technologies? Looking to work directly with mentors who are invested in you and your work? Then the Hyperledger Mentorship Program is for you. 

Now in its sixth year, the Hyperledger Mentorship Program provides a structured and guided learning opportunity for anyone, at any career stage, looking to get started in the open source movement. With full and part time options, fully remote work and a stipend, the projects are designed to be a pathway to becoming a contributor to the Hyperledger community that work for students, people in career transition and anyone else who wants to develop or sharpen their knowledge of cutting-edge blockchain technologies. Applications are now open.

This year, the Hyperledger Mentorship Program has grown to 30 planned part and full-time projects covering a range of technologies, challenges and technical difficulty levels and includes non-development projects such as Ecosystem Analysis and Developer Marketing. Each project is designed and proposed by active members of the Hyperledger community. Those who propose the projects serve as the mentors and work closely with their mentees on developing a project plan, setting milestones and solving problems. Mentees can expect regular evaluations and feedback. For more about the program, including the schedule and stipend details, go here.

Over the last five years, more than 70 mentees have completed Hyperledger Mentorship projects. Each of these mentees have made concrete contributions to Hyperledger projects and built important connections in the community. Some, like Bertrand Rioux, have gone on to become mentors themselves:

“I was accepted into the Hyperledger mentorship program last year after seeking a community to help advance my professional goals of developing software for climate action. I was fortunate to find a diverse group of mentors that helped me build the knowledge and skills I needed to effectively contribute to the Hyperledger open source community and to have the opportunity to develop technical expertise in a field I was actively working in. In addition to delivering a secure identity management solution for a Hyperledger Fabric Network, I started contributing my own ideas to the open source operating system for climate action. As a result, I am now taking a leadership role in the community. In addition to serving as mentor in this year’s program, I proposed a project on reducing waste emission in the oil & gas industry that was accepted.” – Bertrand Rioux, Independent Energy Consultant and Mentor for the Multiple Data Integration to Hyperledger Fabric Climate Accounting Network project

To learn more about the Hyperledger Mentorship experience and outcomes, check out these  spotlights on last year’s projects with highlights from both the mentors and mentees.

Read on for descriptions of some of the projects planned for this year:

Multiple Data Integration to Hyperledger Fabric Climate Accounting Network

The Hyperledger Labs blockchain-carbon-accounting project includes a Hyperledger Fabric network for recording the carbon and Greenhouse Gas (GHG) emissions that cause climate change.  Since there are many activities that cause such emissions, the network is designed to accept data from multiple sources of measurements.  In this project, we will demonstrate integrations from measurement sources with blockchain networks by integrating the ThoughtWorks cloud computing emissions calculator, the NREL OpenPath mobile application, and other web- and mobile-based API’s sources to turn instrumented readings into emissions measurements. It will leverage previous projects involving Hyperledger Cactus, Vault security engines, and client security for Hyperledger Fabric.

The expected outcomes of this project are

  • Successful integration of the mobile apps and API’s with Hyperledger Fabric
  • Benchmark comparison of Hyperledger Fabric and alternatives
  • Documentation and tutorials for integrating future data sources

Demonstrate Interoperability using Hyperledger Bevel and Cactus

Hyperledger Cactus support ledger Interoperability but use a local deployment for testing; Hyperledger Bevel supports production-worthy deployments. This project aims to support Cactus deployment using Bevel to demonstrate production-like usage of Hyperledger Cactus. 

The steps will be following:

  1. Deploy a Hyperledger Fabric network using Bevel on a Managed Kubernetes cluster
  2. Deploy a GoQuorum network using Bevel on a Managed Kubernetes cluster (can be the same cluster for simplicity).
  3. Make changes in Hyperledger Bevel code to deploy the Cactus connectors in both the above networks.
  4. Run Cactus test cases.

The expected outcomes of this project are

  • Successful Interoperability testing using Cactus on  production like DLT networks.
  • Update to Hyperledger Bevel code to automatically deploy the Cactus plugins.
  • Update to Documentation of Bevel and Cactus.
  • Detailed tutorials and learning materials which would benefit Bevel and Cactus communities.

Hyperledger Fabric-Ethereum token bridging

One of the key use cases of blockchain integration is asset bridging: in essence, “locking” an asset (typically, a native coin or token) in a smart contract on its authoritative ledger and making available corresponding, newly minted (wrapped/shadow/…) assets on another. By now, bridging is supported by quite mature solutions in the cryptoworld; however, the same is not true for “consortial” distributed ledger technologies. At the same time, such functionality can be expected to become an important requirement in the not too distant future: for instance, a central bank may choose to create a high performance, Hyperledger Fabric-based Central Bank Digital Currency (CBDC) ledger with a strongly controlled set of “smart contracts,” but allow controlled “bridging out” of the currency to dedicated distributed ledgers of industrial/enterprise cooperations. 

Last year, a CBDC prototype with such functionality was created at the Dept. of Measurement and Information Systems of the Budapest University of Technology and Economics (BME), in a research project supported by the central bank of Hungary (MNB); our initial experience with a custom Hyperledger Cactus and TokenBridge based solution showed that this is a problem worth more targeted experimentation and systematic R&D.

The expected outcomes of this project are

  • Report on asset representation in Hyperledger Fabric and mapping approaches to standard Ethereum tokens
  • Report on bridging approaches and technologies and their applicability for bridging from/to Fabric
  • Requirement specification
  • Design specification
  • Prototype implementation and small demo of bridging at least ERC-20 or ERC-721 to Ethereum – and back

Client Connector for Hyperledger Besu

Develop a connector that provides both synchronous and asynchronous modes of interacting with a running Hyperledger Besu node. The connector would act as an interface between an enterprise application and the Hyperledger Besu node for data ingestions and it could provide event subscription options.

The scope of the project would also include an end-to-end test on a sample network.

The expected outcomes of this project are

  • Design and implement the connector.
  • A new Hyperledger Labs project is proposed with a documentation.

GVCR: Secure Verifiable Credential Registries (VCR) for GitHub & GitLab

As conceptualized and standardized by the W3C, the Verifiable Credentials protocol is one of the three pillars of Self-Sovereign Identity, together with the Decentralized Identifiers protocol (DIDs) and Distributed Ledger Technology (or Blockchain). The project aims to design and build a verifiable credential registry (VCR) on GitHub repository, namely GitHub-based Verifiable Credential Registry (GVCR), by leveraging existing GitHub APIs, and other open-source tools provided by other Hyperledger projects, such as Hyperledger Aries, Hyperledger Indy, and Hyperledger Ursa. The basic architecture is already built. For more details about the conceptional design and workflows, please refer to the GitHub repository GitHub-VCR.

The expected outcomes of this project are

  • A verifiable credential registry based on one or more GitHub repositories.
  • Command-Line utility to automate the process of verification of a credential.
  • Proper test cases and documentation.
  • Codebase maintained with proper read me document.

The Hyperledger Summer Mentorship Program is part of the Linux Foundation’s overall commitment to mentoring. The application process is being managed through LFX Mentorship, a platform created by the Linux Foundations to train future open source leaders. 

Check out the full list of mentorship projects and start your application today. The deadline to apply is May 10. Mentees from diverse communities are encouraged to apply. All are welcome here!

Apr 21
Love1

Why Distributed Ledger Technology (DLT) for Identity?

By Stephen Curran, Hyperledger Aries Maintainer, Cloud Compass Computing Inc. Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa, Identity

As we continue our pandemic journey that is 2021, more and more people are getting vaccinated against COVID-19. Once vaccinated, people are (finally!) able to do more “in the real world.” However, in some cases such as international travel, there is a need to prove that you have been vaccinated before you can participate. In the past, that proof has been accomplished in the form of the paper World Health Organization Carte Jaune/Yellow Card. But in our 21st century pandemic, a handwritten paper document is not particularly trusted. It’s just too easy to buy or make your own. The sudden, urgent need to be able to prove health information in a safe, privacy-preserving and secure way has brought the spotlight on the concept of verifiable credentials and, for Hyperledger, on the three identity-focused projects in the community, Indy (a distributed ledger for identity), Aries (data exchange protocols and implementations of agents for people, organizations and things), and Ursa (a cryptographic library underlying Indy and Aries).

While people understand that paper credentials are insufficient and that a trusted digital solution is needed, they don’t understand why verifiable credentials, or more generally, identity, works extremely well with distributed ledger technology (DLT)—a distributed database spread across multiple nodes, of which blockchain is an example. To be clear from the start, it is not to put the credentials on a public ledger so everyone can see them! We’ll reiterate that a lot in this post. No private data ever goes on the blockchain!!!

To understand why DLT is useful for identity, we need to go back to the basics—paper credentials, how that model has worked for 1000s of years, and how the use of DLTs with verifiable credentials allows us to transition the great parts—security and privacy—of that model to the digital age.


Since as far back as 450BC, people have used paper credentials to enable trusted identity. Legend has it that King Artixerxes of the Persian Empire signed and gave Nehemiah a paper “safe transit” authorization that he used in travels across the empire. People have been using such documents ever since. In technical terms, a credential is an attestation of qualification, competence, or authority issued to an entity (e.g., an individual or organization) by a third party with a relevant or de facto authority or assumed competence to do so. Examples of credentials issued to people include a driver’s license, a passport, an academic degree, proof-of-vaccination and so on. Credentials are also issued to companies, such as business registrations, building permits, and even health inspection certifications.

Image

Examples of Paper Credentials
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

A typical paper credential, say a driver’s license, is issued by a government authority (an issuer) after you prove to them who you are (usually in person using your passport or birth certificate) and that you are qualified to drive. You then hold this credential (usually in your wallet) and can use it elsewhere whenever you want—for example, to rent a car, to open a bank account or in a bar to show that you are old enough to drink. When you do that, you’re proving (or presenting) the credential to the verifier. The verifier inspects the physical document to decide if it is valid for the business purpose at hand. Note that in verifying the paper credential, the verifier does not call the issuer of the document. The transaction is only between the holder and the verifier. Further, it is the holder’s choice whether they want to share the piece of paper. If they want, they can keep it to themselves.

 

The Paper Credential Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Verification in the paper credential model (ideally) proves:

  1. Who issued the credential. 
  2. That the credential was issued to the entity presenting it.
  3. That the claims have not been altered.

The caveat “ideally” is included because of the real possibility of forgery in the use of paper credentials. Back to our “proof-of-vaccination” problem.

Let’s see how the good parts of the paper credential model are retained in the verifiable credentials model. With verifiable credentials:

  • An authority decides you are eligible to receive a credential and issues you one.
  • You hold your credential in your (digital) wallet—it does not go on the distributed ledger!
  • At some point, a verifier asks you to prove the claims from one or more credentials.
  • If you decide to share your data with the verifier, you provide a verifiable presentation to the verifier, proving the same three things as with the paper credentials.
  • Plus: You may be able to prove one more thing—that the issued credentials have not been revoked.

As we’ll see, verifiable credentials and presentations are not simple documents that anyone can create. They are cryptographically constructed so that a presentation of the claims within a credential proves four attributes:

Who issued the credential–their identifier is part of the credential and they signed the credential. 

  • Who holds the credential–there is a cryptographic binding to the prover.
  • The claims have not been altered–they were signed at the time of issuance.
  • The credential has not been revoked.

Unlike a paper credential, those four attributes are evaluated not based on the judgment and expertise of the person looking at the credential, but rather by machine using cryptographic algorithms that are extremely difficult to forge. Like the paper credential, the verifier does not go back to the issuer to ask about the credential being presented. Only the prover and verifier, the participants in the interaction, need to know about the presentation. So where do the prover and verifier get the information they need for their transaction? We’re just getting to that…


The Verifiable Credentials Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0 

Compared to the paper credentials model, verifiable credentials are far more secure. When the cryptographic verification succeeds, the verifier can be certain of the validity of the data—those four attributes stemming from verifying the presentation. They are left only with the same question that paper credentials have—do I trust the issuer enough

So where does the DLT fit in?

Three of the four things that the verifier has to prove (listed above) involves published data from the issuer that has to be available in some trusted, public distributed place, a place that is not controlled by a central authority (hmm…sounds like a DLT!). In Indy and Aries, data published to a DLT is used to verify the credential without having to check with the issuer. In particular:

  • The verifier has to know who issued the credential based on an identifier and cryptographic signature. From the presentation, it gets an identifier for the issuer, looks it up on a DLT to get a public key associated with the issuer to verify the signature in the presentation. Thus, the identity of the issuer is known.
  • The verifier has to verify that the claims data has not been altered by verifying a cryptographic signature across the data. Based on an identifier for the type of credential, the verifier gets from a DLT a set of public keys and verifies the signatures. Thus, the verifier knows no one has tampered with the claims data.
  • The issuer periodically updates a revocation registry on a DLT indicating the credentials that have been revoked. If the holder’s credential is revoked, they are unable to create a proof of non-revocation (yes, that’s a double negative…). If the holder can generate that proof, the verifier can check it. Thus, the verifier knows the credential has not been revoked.

The fourth attribute (the binding of the credential to the holder) in Indy is done using some privacy-preserving cryptographic magic (called a Zero Knowledge Proof) that prevents having a unique identifier for the holder or credential being given to the verifier. Thus, no PII is needed for sharing trusted data.

So why DLT? First, we can get the good parts of paper credentials—private transactions between holders and verifiers and no callback to the issuer. Second, the issuer gets a trusted, open and transparent way to publish the cryptographic material needed for those private holder-verifier transactions. Third, there is no need to have a “Trusted Third Party” participating in the interactions.

And did I mention, no private data goes on the DLT!!! 

Hyperledger Indy, Aries and Ursa are enabling this approach to “self-sovereign identity” in a big way,  bringing about a new layer of trust on the Internet that will let us preserve our privacy and give us control over our identity and data—where it belongs. There is a lot to learn. If you’re curious, a great place to start is this Linux Foundation edX course.

Cover image by Nick Youngson CC BY-SA 3.0 Alpha Stock Images

Jan 20
Love1

Kiva Protocol, Built on Hyperledger Indy, Ursa and Aries, Powers Africa’s First Decentralized National ID system

By Hyperledger Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa, Member Case Study

For the 1.7 billion unbanked adults around the world, access to financial services is extremely limited. Without even a basic savings account, economic opportunity is often limited to informal offerings such as local shopkeepers who extend credit to their customers, microfinance institutions that work to serve the last mile, and community savings and credit associations that are setup by individuals living in the same village.

In the unbanked world, individuals borrow a few hundred to a few thousand dollars at a time, paying back over a relatively short time frame of 12-18 months. But despite excellent credit records, they are unable to receive even similar credit facilities at local banks. This is because the data from their informal transactions is essentially invisible: the banks either do not trust the data sources, or are otherwise unable to verify the provenance of the data.

While this is the state of the world today, it does not have to be our future. Kiva, a US-based nonprofit organization focused on financial inclusion, has built Kiva Protocol to bridge the data disconnect and help enable universal financial access. In 2019, Sierra Leone, a West African nation of about 7 million, launched the National Digital Identity Platform (NDIP) that used Kiva Protocol to enable fast, cheap, and secure identity verification for its citizens.

Kiva Protocol is built using Hyperledger Indy, Aries, and Ursa, and as implemented in Sierra Leone, allows citizens to perform electronic Know Your Customer (eKYC) verifications in about 11 seconds, using just their national ID number and a fingerprint. With this verification, it is possible for the nation’s unbanked to open a savings account and move into the formally banked population.

To find the right platform, Kiva assessed more than 20 software stacks, both centralized and decentralized. Blockchain and decentralized ledger technologies quickly emerged as good solutions for the developing world as they enable data provenance at the protocol level and stakeholders can act relatively independently to enable their various activities in the formal and informal sectors.

After deep consideration, Kiva decided to use Hyperledger’s stack for identity: Indy, Aries, Ursa. While all three projects are closely related, each has a distinct mandate:

  • Hyperledger Indy is a distributed ledger purpose-built for decentralized ID with transferable, private, and secure credentials;
  • Hyperledger Aries is infrastructure that supports interactions between peers and between blockchains and other DLTs; and
  • Hyperledger Ursa is a modular, flexible library that enables developers to share time-tested and secure cryptography.

In August 2019, Kiva launched the beta of Kiva Protocol with a public event opened by the president of Sierra Leone. Since that launch, global regulators have made significant progress in terms of how they are considering digital identity and eKYC verifications. There is a growing global movement towards user-owned and -controlled data, better privacy, and more universal access. 

As of today, Kiva is focusing on building additional ecosystem applications and services to make it easier for all stakeholders to access and use Kiva Protocol. Much of this is being contributed upstream into the Hyperledger Indy and Aires projects, with the remaining components hosted in Kiva’s repository.

Hyperledger teamed up with Kiva on a detailed case study covering the challenges of the unbanked, requirements for a solution that delivers fast, cheap and secure ID exchange, and plans for expanding Kiva Protocols’ use to other countries and other applications. 

Read the full case study here.

Dec 06
Love6

Why SSI Incubator: An inside look at the program and startups

By Maya Kanehara, Managing Director, Self-Sovereign Identity Incubator Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa

The identity community at Hyperledger is lucky to see the groundbreaking toolboxes, libraries, and resources grow by leaps and bounds in just a very short time. From Hyperledger Indy, then Hyperledger Ursa, to the new project Hyperledger Aries, widespread adoption of decentralized identity is closer than ever. It was this excitement and optimism for the growing industry of identity products and solutions being born out of this community from which the Self-Sovereign Identity Incubator (SSI Incubator) was launched. By combining the expert mentors from all over the decentralized identity world with some of the most passionate innovators in the identity startup scene today, the Hyperledger identity community is poised to see growth that we’ve all been waiting for.

The SSI Incubator is designed to remove barriers to startup financing and success within the self-sovereign identity (SSI) industry. More than just seed funding and high-profile pitching opportunities, participating startups also receive co-working space, educational workshops, mentorship, and networking events with some of the most influential voices in the decentralized identity community today. The startups in this program are nearing the end of this time-limited and mentor-focused program, with the 12 weeks culminating in a final evening devoted to exploring the future of SSI.

The five startup projects are:

  • Domi (Berlin): Digital passports for landlords and tenants that would create a fairer rental market.
  • HearRo (Los Angeles): A blockchain-powered phone system for trusted, effortless communication
  • MetaDigital Inc (Toronto): An Intelligent Healthcare Platform that would eliminate medical prescription and insurance claim fraud with real-time digital verification.
  • Spaceman ID Inc (Chicago): Tools for companies to easily implement private, secure, and portable digital credentials.
  • Xertify (Bogotá, CO): A network where people and institutions can exchange trusted information based on blockchain technology.

“The Hyperledger identity community holds the secret to growing the use and interoperability of SSI. The SSI Incubator has shined a light on the breadth of organizations of all types and sizes that see the value of decentralized identity,” said Heather C. Dahl, CEO & Executive Director of the Sovrin Foundation. “The mix of SSI solutions and startups focused on healthcare, enterprise adoption, the home rental market, telecommunications, and education joined us from around the world shows the widespread interest and development in self-sovereign identity technologies. This range of diverse solutions is what is driving SSI adoption.”

The SSI Incubator is a joint venture between the Sovrin Foundation and investment firm Hard Yaka. Join the SSI Incubator and startups for the culmination of their work by registering for their final event of the year.

Jan 30
Love1

Hyperledger Kicks Off the New Year with Eight New Members

By Hyperledger Announcements, Hyperledger Fabric, Hyperledger Grid, Hyperledger Ursa


Growing community, new project developments and accelerating pace of deployments mark start of 2019

SAN FRANCISCO (January 30, 2019) – Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, begins 2019 by announcing it has added eight new members to the consortium. In addition, Hyperledger has delivered some key technology updates and now has a total of 12 projects.

Hyperledger is a multi-venture, multi-stakeholder effort that includes various enterprise blockchain and distributed ledger technologies. Recent project updates include the release of Fabric v1.4 LTS, the first long term support version of the framework, as well as the addition of two new projects Hyperledger Ursa and Hyperledger Grid. Grid uses shared, reusable tools to accelerate the development of ledger-based solutions for cross-industry supply chain applications. Additionally, a detailed case study on Circulor’s Hyperledger Fabric-based production system for tracing tantalum mining in Rwanda adds to growing list of resources for guiding enterprise blockchain adoption.

“We wrapped up 2018 with a successful and exciting Hyperledger Global Forum,” said Brian Behlendorf, Executive Director, Hyperledger. “This first worldwide meeting of the Hyperledger community underscored the growing pace of development and deployment of blockchain in general and our tools and technologies in particular. We are seeing more signs of this accelerating pace of maturation and adoption here in early 2019. We welcome these newest members and look forward to their help in driving this growth.”

Hyperledger allows organizations to create solid, industry-specific applications, platforms and hardware systems to support their individual business transactions by offering enterprise-grade, open source distributed ledger frameworks and code bases. The latest general members to join the community are BTS Digital LLP, Exactpro Systems Limited, Jitsuin, Lares Blockchain, Myndshft, Omnigate, Poste Italiane and Wrapious Marketing Co Ltd.

New member quotes:

BTS Digital LLP

“We are an emerging company aiming at creating a national digital ecosystem in Kazakhstan that will facilitate the basic processes of human life and provide equal access to resources,” said Eugene Volkov, Chief Digital Officer, BTS Digital LLP. “As we see accelerated growth of transactions and actors in today’s life, we acknowledge the growing need to build a trustworthy society where all the participants can act with consensus, immutability, equality and transparency. Building such an environment requires trust. Our trust in Hyperledger’s expertise is a primary reason why we choose to become a member. We believe this community will guide us in finding technological solutions in achieving our goals.”

Exactpro Systems Limited

“Being a firm strategically focused on providing the highest level QA services for mission-critical market infrastructures, Exactpro understands the important role of this new technology and strives to enhance our expertise in this area through collaboration with leading blockchain consortia such as Hyperledger,” said Maxim Rudovsky, CTO, Exactpro. “We firmly believe our Hyperledger and The Linux Foundation memberships will provide Exactpro with access to community resources that will help us deliver more profound testing of DLT-based software systems to our clients.”

Jitsuin

“One of the founding decisions we made at Jitsuin was to become a Hyperledger member,” said Jon Geater, Chief Technology Officer, Jitsuin. “As part of our mission to unlock the value of data in the Internet of Things, we focus on Industrial IoT device lifecycle assurance where security, price, reliability and shared responsibility are all crucial. Keeping IoT in a known, good state is a team sport and is exactly where distributed ledger technologies work best. I am also delighted to continue serving the Governing Board and Hyperledger community to help ensure it remains the unrivaled home of advanced cross-industry business blockchain technologies.”

Lares Blockchain

“Lares Blockchain Security is delighted to join the Hyperledger community,” said Chris McGarrigle, CEO, Lares Blockchain Security. “Hyperledger’s fundamental strengths of performance, scalability and security resonate with our core values at Lares Blockchain Security. As our blockchain products and technologies continue to gain momentum in the medical, biotech, mining and financial industries, we see our partnership with Hyperledger as critical to further establishing ourselves in the enterprise.”

Myndshft

“Blockchain presents an enormous opportunity for healthcare to simplify and unify claims management, prior authorizations and other administrative functions, helping payers and providers reduce costs and improve timeliness and quality of care,” said Ron Wince, CEO, Myndshft Technologies. “That is why Myndshft is thrilled to join Hyperledger and collaborate with blockchain leaders and innovators across industries to find ways to leverage the technology to increase efficiency of healthcare operations, improve the patient experience and optimize financial performance in the value-based care era.”

Omnigate

“Omnigate Systems is delighted to join Hyperledger and to leverage blockchain technologies to drive interoperability in finance. Omnigate provides enterprise-grade, universal ledger software with extensive integrations. Our mission is to empower businesses of any size to rapidly build production-grade transactional systems for both traditional assets and emerging digital assets,” said Raphael Carrier, CEO, Omnigate. “We consider the integration of the Interledger protocol (via Hyperledger Quilt) into our product to be a key milestone. We believe this is an important initiative which will advance interoperability and accessibility to the ‘Internet of Value.'”

Poste Italiane

“Blockchain is not just a buzzword or a myth anymore, but is becoming the foundation for establishing a distributed, transparent and cross-industry interoperable ecosystem,” said Mirko Mischiatti, Chief Information Officer, Poste Italiane. “Poste Italiane wants to actively participate in this new and exciting community by becoming a member of Hyperledger in order to continue its path for the innovation and modernization of financial, logistic and insurance industries. We really look forward to working with other members and making our effort to contribute for the enhancement of blockchain technology.”

Wrapious Marketing Co Ltd

“It is our honor to become a member of the Hyperledger community,” said Tommy Wong, Chief Operating Officer, Wrapious Marketing Co Ltd. “Joining Hyperledger provides us with more opportunity to explore more within the blockchain space and to contribute to project developments. Our vision is to create a virtual world that provides equal access to everyone regardless of their status or social class in the community. We believe being part of Hyperledger will add to our ability to achieve this vision.”

About Hyperledger

Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. The Linux Foundation hosts Hyperledger under the foundation. To learn more, visit: https://www.hyperledger.org/.

Dec 04
Love0

Welcome Hyperledger Ursa!

By Hart Montgomery Blog, Hyperledger Ursa

Hyperledger Ursa is the latest project to be accepted by the TSC! It is a modular, flexible cryptography library that is intended for—but not limited to—use by other projects in Hyperledger. Ursa’s objective is to make it much safer and easier for our distributed ledger projects to use existing, time tested, and trusted cryptographic libraries but also new cryptographic library implementations being developed.

Ursa aims to include things like a comprehensive library of modular signatures and symmetric-key primitives built on top of existing implementations, so blockchain developers can choose and modify their cryptographic schemes with a simple configuration file change. Ursa will also have implementations of newer, fancier cryptography, including things like pairing-based signatures, threshold signatures, and aggregate signatures, and also zero-knowledge primitives like SNARKs.

Ursa will be written mostly in Rust, but will have interfaces in all of the different languages that are commonly used throughout Hyperledger.

Why Ursa?

As Hyperledger has matured, the individual projects within Hyperledger have started to find a need for sophisticated cryptographic implementations. Rather than have each project implement its own cryptographic protocols, it is much better to collaborate on a shared library. There are many reasons to do this, including the following:

  1. Avoiding duplication: Crypto implementations are notoriously difficult to get correct (particularly when side channels are taken into account) and often require a lot of work in order to achieve a high level of security.  The library allows projects to share crypto implementations, avoiding unnecessary duplication and extra work.
  2. Security: Having most (or all) of the crypto code in a single location substantially simplifies the security analysis of the crypto portion of Hyperledger.  In addition, the lack of duplication means maintenance is easier (and thus, hopefully security bugs are less numerous). The presence of easy to use, secure crypto implementations might also make it less likely for less experienced people to create their own less secure implementations.  
  3. Expert Review: In addition, the ability to enforce expert review of all cryptographic code should increase security as well.  Having all of our cyptographic code in a single location makes it easier to concentrate all of the cryptographic expertise in the project and ensures that code will be well reviewed, thus decreasing the likelihood of dangerous security bugs.  
  4. Cross-platform interoperability: If two projects use the same crypto libraries, it simplifies (substantially in some cases) cross-platform interoperability, since cryptographic verification involves the same protocols on both sides.
  5. Modularity: This could be the first common component/module and a step towards modular DLT platforms, which share common components.   While we have already outlined most of the advantages this modularity brings in terms of actual functionality, a successful crypto library encourages and pushes forward more modular activities.
  6. New Projects: It is easier for new projects to get off the ground if they have easy access to well-implemented, modular cryptographic abstractions.

Who Is Involved in Ursa?

On the more practical side, Ursa currently includes developers who work on the security aspects of Hyperledger Indy, Sawtooth, and Fabric. In addition, the Ursa project includes several cryptographers with an academic background in theoretical cryptography to ensure that all cryptographic algorithms meet the desired levels of security.

Our goal in creating Ursa is to combine the efforts of all the security and cryptography experts in the Hyperledger community and move all of the projects forward.

Features and Plans

Currently Ursa has two distinct modules: a library for modular, flexible, and standardized basic cryptographic algorithms, and a library for more exotic cryptography, including so-called “smart” signatures and zero knowledge primitives called zmix.

Our first library is our “base crypto” library. Right now we are focused on our shared modular signature library, but we plan to extend this to allow easy modularization of all commonly used cryptographic primitives in Minicrypt. This—work in progress—has the implementation of several different signature schemes with a common API, allowing for blockchain builders to change signature schemes almost on-the-fly—or to use and support multiple signature schemes easily. Exact implementations and APIs have not been finalized, but they are in progress.

We note that there aren’t raw crypto implementations in this library—things here are stable and generally standardized—but wrappers for code from existing libraries and also code generated by commonly used cryptography libraries such as the Apache Milagro Crypto Library (AMCL). The novelty here is the modularization and API, which enables blockchain platforms to easily use a wide variety of changeable cryptographic algorithms without having to understand or interact with the underlying mathematics.

In the future, we expect other wrappings and modular code to go in this library. For instance, Indy makes use of aggregate signatures, a feature which the other platforms would also like available to them. There are also a variety of hash algorithms which provide different performance characteristics or support different signature schemes. Selecting vetted implementations and providing a common interface helps the Hyperledger community manage a growing crypto feature set in a responsible manner.

Our second initial subproject is zmix, which offers a generic way to create zero knowledge proofs that prove statements about multiple cryptographic building blocks, including signatures, commitments, and verifiable encryption. The goal of zmix is to provide a single flexible and secure implementation to construct such zero knowledge proofs. Zmix consists of C-callable code but there are also convenience wrappers for various programming languages.

Getting involved

If you’re interested in learning more about, using, or contributing to Ursa, please check out the following: https://www.hyperledger.org/projects/ursa

We welcome interest even from those who aren’t working with Hyperledger projects, so feel free to join us if you like!

Copyright © 2022 The Linux Foundation®. All rights reserved. Hyperledger Foundation, Hyperledger, and the other Hyperledger Foundation trademarks are trademarks of The Linux Foundation. For a list of Hyperledger Foundation trademarks, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

Close Menu
  • Learn
    • Case Studies
    • White Papers
    • Training & Certification
    • Training Partners
    • Webinars
    • Research
    • Blockchain Showcase
    • Wiki
  • Use
    • Distributed Ledgers
    • Domain-Specific
    • Libraries
    • Tools
    • Tutorials
    • Hyperledger Certified Service Providers
    • Vendor Directory
  • Participate
    • Collaboration Tools
    • Contribute to Coding
    • Academic Collaboration
    • Find a Meetup
    • Regional Communities
    • Speakers Bureau
    • Join a Community Group
    • Labs
  • Events
  • News
    • Blog
    • Announcements
    • Newsletter
  • About
    • Join Hyperledger
    • Members
    • Leadership
    • Charter
    • Job Board
    • Contact Us
  • Join
  • English
    • 简体中文
    • Português
    • Français
    • Malayalam
    • 日本語
    • Español