Skip to content

Commit

Permalink
WIP ledger strategy
Browse files Browse the repository at this point in the history
Signed-off-by: bur <[email protected]>
  • Loading branch information
mbrandenburger committed Aug 14, 2020
1 parent b1366ba commit ed1976e
Showing 1 changed file with 89 additions and 0 deletions.
89 changes: 89 additions & 0 deletions docs/design/fabric-v2+/trusted_ledger.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Trusted Ledger (TLCC)

The purpose of TLCC is to establish a trusted view of the ledger (inside an enclave)
and enable ECC to verify ledger state receiveed from the (untrusted) peer.

## Requirements

- ECC can query integrity metadata to validate ledger state received from the peer.
- TLCC must be synronized with peer's ledger state
- Secure (authenticated) channel between ECC and TLCC to query metadata;
- ECC must perform queries on a snapshot during a single transaction invocation
- TLCC must provide identity validation (orderer, msp, etc...)
- TLCC must provide channel metadata (chaincode definition)
- Maintaining FPC chaincode state only is sufficient
- Validate "normal" Enclave Registry (ERCC) transactions; however, ERCC comes with "hard-coded" endorsement policy



## Approach

Restrict Fabric functionality

- Reduces validation logic to a minimum
- Minimizes catch-up play with Fabric validation changes
- Relax the notion of endorsement policy;
- Simplify chaincode versioning
- No support for custom endorsing/validation plugins for non-FPC chaincodes
- Support for default MSP only
- Any transactions/blocks with unsupported features are ignored/aborted

Defined process to:
- keep redundant validation code (in stock peer and TLCC) in sync
- keep code relation traceable and changes trackable
- consistent naming and code structure as much as possible
- bonus: automated code-changes notification; notifies whenever Fabric code changes and FPC must be updates.

### Non-features


## Design

Access control
- check org is "writer"

MSP:
- Implement X509-based MSP

Endorsing:
- Phase1: Designated enclave only
- Phase2: Any enclave that runs a particular FPC chaincode

Versioning:
- single autonomously monotonously increasing version number

Validation:
- Introduce FPC transaction type (similar to introduce FPC namespace) and create
a dedicated FPC tx processor; (removes the need of custom validation plugins and interference with existing Fabric validation logic; and also gives more freedom to FPC validation logic as no it not longer bound to the structure and format of endorsement transaction).
- Support for (subset of) endorsing policies
- Lifecycle (a majority of Orgs) (See [Link](https://hyperledger-fabric.readthedocs.io/en/release-2.2/chaincode_lifecycle.html#install-and-define-a-chaincode))
- ERCC (same as lifecycle)
- FPC Chaincode (see above)
- Parse chaincode definitions
- Config blocks are validated by the ordering service ([see code](https://github.com/hyperledger/fabric/blob/f27912f2f419c3b35d2c1df120f19585815eceb0/orderer/common/msgprocessor/standardchannel.go#L131))
- Validate Signatures:
- block signatures
- FPC endorsement signatures
- ERCC endorsement signatures

## Development plan

### short term
See approach above
### mid/long term
Re-use Fabric code components inside trusted ledger enclave. This requires further development on go-support for SGX. Although some PoC based on graphene for go are already available but seems not be stable yet.



### QA process

## Implementation

- nanopb to parse fabric protos (alternatively we could try to use real proto for c)
- data state : levldb
- pros:
+ snapshots;
+ batchWrites
+ c++ implementation open source
- cons:
+ persistence needs syscalls

0 comments on commit ed1976e

Please sign in to comment.