The privacy protection mechanism of Hyperledger Fabric and its application in supply chain finance
- 150 Downloads
Blockchain technology ensures that data is tamper-proof, traceable, and trustworthy. This article introduces a well-known blockchain technology implementation—Hyperledger Fabric. The basic framework and privacy protection mechanisms of Hyperledger Fabric such as certificate authority, channel, Private Data Collection, etc. are described. As an example, a specific business scenario of supply chain finance is figured out. And accordingly, some design details about how to apply these privacy protection mechanisms are described.
KeywordsPrivacy protection Supply chain finance Hyperledger Fabric
Private data collection
Small or middle enterprise
Transport layer security
China’s small and middle enterprises (SMEs) account for 99% of the total number of enterprises, and provide more than 80% jobs, which is an important part of the national economy. However, due to the lack of sufficient collateral and the opaque information, it is difficult to obtain financial support from financial institutions. The problem of financing difficulties is a huge obstacle to the development of small and micro enterprises (Jiang et al. 2014; Wang 2016). Moreover, SMEs are often in a weak position in the product supply chain. Accounts receivable and advance prepayments occupy most of the liquidity of these enterprises, which undoubtedly would exacerbate their financial strain, increase the risk of capital chain broken, affect their normal operations and greatly reduce their production efficiency (Yao and Liu 2018; Zhu et al. 2016). Supply chain finance service takes the real trade background as the premise and relies on a core enterprise which effectively integrate the capital flow into the supply chain management process (Gelsomino et al. 2016; Lekkakos and Serrano 2016). Supply chain finance as a new way to solve the financing problems of SMEs would revitalize massive “dead” assets such as accounts receivable, prepayments and inventory warehouse receipts. According to the National Bureau of Statistics at the end of 2016, the net amount of accounts receivable of industrial enterprises in China was 12.68 trillion yuan. However, according to China’s commercial factoring industry development report, the size of China’s commercial factoring markets in 2015 was only about 200 billion yuan, and a large number of “dead” assets were still not fully revitalized. The credibility of commercial bills, core enterprises and supply chain platforms is a key obstacle.
Blockchain technology is a rapidly developing and influential innovation technology. It is an ever-increasing distribute database (DDB), also known as a distributed ledger (Pilkington 2016; Iansiti and Lakhani 2017). The DDB need multiple entities to participate and maintain. Different from traditional bookkeeping technology, it bundles a series of trading records into blocks, which connected and encrypted by cryptographic methods. The Hash value, timestamp, delivery data and other information of the previous block are embedded into the latter block. The participants in the blockchain maintain a growing long chain collectively. What they can do is only adding new records but tampering with records that have occurred. They can reach a consensus without central control. Meanwhile, they use cryptographic mechanism to ensure that transactions cannot be disavowed and tampered, and to protect the privacy of data and records as much as possible (Cachin 2016; Belle 2017). Because of its decentralized, traceable, irrevocable and tampering nature, blockchain is expected to be the cornerstone of the trust economy in the future.
Many countries attach grant importance to the development of blockchain. For example, in May 2018, Xi Jinping, the president of China, clearly stated that “new generation of information technology represented by artificial intelligence, quantum information, mobile communications, Internet of Things, and blockchain accelerates breakthrough applications.” In July 2018, the Firecoin Group, one of the world’s largest cryptocurrency exchanges, launched a “blockchain+industry alliance” to upgrade and transform real economy projects through blockchain technology, and to promote the blockchain in the physical industry. Blockchain technology and the cryptocurrency economy help companies to effectively solve problems encountered in the actual development process. In this background, “blockchain+supply chain finance” is highly valued. For example, in 2018, Ping An Group and China Foton Motor Group use the blockchain technology and electronic signatures to improve the financing efficiency of the enterprises. China Tencent Company uses the accounts receivable from the core enterprises as the underlying assets to realize the circulation of the credit certificates through the blockchain. In addition, Huawei, UF, Yixin, Bubi and other well-known Chinese companies have also put forward the “blockchain + supply chain finance” solution, achieving the weak centralization of supply chain finance, data traceable, anti-tampering.
The blockchain technology makes the transaction data credible and shareable, however, it also increases the risk of disclosing the business privacy of the enterprise. Actually, the company does not want competitors to know such information as price, cost, etc., therefore, how to effectively protect various types of data in the blockchain network system is a crucial problem. On the one hand, SMEs need supply chain financial services to solve the problem of financing difficulties and high financing costs. Blockchain technology can make transaction data irreversible, traceable, and reduce credit risk. On the other hand, supply chain financial service providers often need the business information of SMEs when they conduct credit evaluation on SMEs based on blockchain technology. At the same time, the information of each enterprise in the blockchain needs to be shared, In this process, the privacy of SMEs needs to be protected, we need an algorithm to protect privacy. Data sharing is not implemented in the traditional supply chain process. Therefore, the privacy protection requirements are different from those in the supply chain based on blockchain. In the traditional supply chain business process, some methods are used to protect privacy, such as the combination secure multiparty computation cryptography methods with risk identification algorithms from social network analysis, differential privacy, bidirectional efficiency-privacy transferable authentication protocol, public-key cryptography, symmetric encryption, message authentication codes, randomized read access control, etc. The advantages of these methods include strengthening risk identification for the supply chain network, authenticating a batch of tags with less privacy guarantees, reducing trust issues between supply chain owners and tag manufacturers, reducing computational and communication overhead, and reducing computational effort. However, these passive privacy protection methods cannot completely solve the privacy protection based on transaction information sharing (Zare-Garizy et al. 2018; Yao et al. 2016; Qi et al. 2012; Arbit et al. 2014; Lee and Park 2013; Gao et al. 2004). Hyperledger Fabric is a well-known blockchain technology implementation. This paper describes the privacy protection mechanism and their applications in supply chain finance scenarios.
About Hyperledger Fabric
In December 2015, the Linux Foundation and 30 initial companies set up a Hyperledger project to promote cross-industry blockchain technology and provide open source reference implementations for transparent, open, decentralized enterprise-level distributed ledger technology. Hyperledger Fabric has promoted the development of related protocols, specifications and standards of blockchain and distributed ledger. Fabric is one of the first programs added to Hyperledger, it was presented by IBM, DAH and other enterprises by the end of 2015, the positioning of the program is business-oriented distributed ledger platform. Hyperledger Fabric introduced rights management, and its design supports pluggable and expandable. It is the first open source project for the league chain. By August 2018, the Hyperledger has more than 250 members, including Intel, Accenture, Huawei, JD, and other well-known enterprises. Since the fabric 1.2 version already provides a mature and stable privacy protection mechanism, the subsequent solutions in this article are based on this version.
The privacy security mechanism of Hyperledger Fabric
The privacy protection measures of Hyperledger Fabric include the following four aspects: Firstly, asymmetric cryptography and zero-knowledge proof separate the transaction data from on-chain records, protecting privacy from the underlying algorithm. Secondly, the digital certificate management service guarantees the legitimacy of the organization on the blockchain. Thirdly, the design of multi-channel separates the information between different channels. Finally, privacy data collection further satisfies the need for the isolation of privacy data between different organizations within the same channel.
In the above measures, the two most distinctive methods are the channel and privacy data collection. The channel is dedicated to the blockchain privacy protection, allowing the data on the channel to be isolated separately. The peer on the same channel shares a ledger, the transaction peer needs to obtain the recognition of the channel before it can join the channel and transact with others. The PDC (private data collection) is a collection of organizations that are authorized to store private data on a channel, and the data stored includes: (1) Private data, which implements peer-to-peer communication between authorized organizations through the Gossip protocol. The privacy data is stored in the peer’s private database. (2) The hash value of private data. For private data, the peers on the channel use the hash value of the private data when sorting and writing the endorsement, as evidence of the existence of the transaction and for state validation and auditing.
The client application submits the offer request to call the chain code function to the endorsement peer of the private data set authorization, and the private data is sent through the provisional domain in the offer.
The endorsement peer simulates the transaction and stores the private data in a local temporary repository in the peer. The endorsement peer disseminates the private data to the authorized peer via the gossip protocol.
The endorsement peer returns the public data, including the hash value of the private data key-value pair, to the client.
The client application submits the transaction to the sorting service peer, and the sorting result is distributed to each block. These blocks containing hash values are distributed to all peers. Each peer above the channel can use the hash of the private data to verify the transaction without knowing the exact private data.
- 5.When submitting a block, the authorized peer can use the collection policy to determine if it is authorized to view private data. The authorization peer will check the local temporary data store firstly to determine if it has received private data when the chaincode is endorsed. If not, they will attempt to obtain private data from other peers. It then verifies that the hash of the private data and the hash in the block’s public information are consistent and commits the transaction and the block. Once authenticated or submitted, the privacy data will be transferred to a copy of the privacy state database and the privacy write repository. Privacy data will be removed from the temporary data store.
When a member of a private data collection shares private data with other organizations, such as when a member of the collection has a dispute or if they want to transfer the asset to a third party. The third party can calculate the hash of the private data and check that the hash value is consistent with the hash on the channel ledger, thus proving the existence of the transaction.
For very private data, after a period of time, the organization that shares the data hopes or requests for timely removal of the data store for policy reasons, leaving only the hash of the data as evidence that the transaction cannot be tampered with. In some cases, private data needs to be stored in the peer’s privacy database until it can be replicated to a database outside of the blockchain. This data needs to be stored in the peer until the chaincode business process is used. To support subsequent transactions, once a certain number of subsequent blocks are added to the private database, the previous private data can be purged.
In addition, the Hyperledger Fabric protects privacy data including: within a channel, you can restrict the input data of a chain code to a collection of endorsements, and by using a visual data set, this visibility setting will determine whether the input and output chain code data is included in the submission transaction, not just the output data; hashes and encrypts the data before calling the chain code. If the data is hashed, you need to provide a way to share the data source, and if you encrypt the data, you need to provide a way to share the decryption key. By building access control in chain code logic, you can restrict data access to certain roles in your organization; the still encrypted data can be encrypted by the file encryption system on the peer and the data in the transmission is encrypted by TLS.
Applications in supply chain finance
Business scenarios of supply chain finance
In the upstream segment of the supply chain, the supplier relies on the transaction relationship with the core enterprise to obtain the credit support, including contract orders and accounts receivable, etc. In the core enterprise interval, logistics finance mainly relies on the credit of the material itself. The credit of the material relates to standardization, fluidity, pledge and salvage value, etc. Therefore, the pledge is the warehouse storage and futures generated in the circulation of bulk commodities. In the downstream section of the supply chain, it includes financial products such as credit loan, receivables pledge and so on. Most of the financial product design in the supply chain needs the documents, transaction records, credit status and other information of the enterprises in the chain. Through the blockchain technology, once the transaction is formed, the relevant data to achieve the distributed storage, which can be traced and verified, so as to alleviate the core enterprise is difficult to self-certification innocence, small and medium-sized enterprises financing difficult financing problems.
Take the example of order financing in the upstream of the supply chain. Manufacturing companies purchase raw materials from upstream raw material suppliers by purchasing and selling contracts with downstream core companies. Manufacturing companies borrow from financial institutions to pay for raw materials, and their finished and semi-finished products are monitored in third-party logistics. Sales revenue to repay bank principal and interest. However, in the actual production and operation activities, the upstream manufacturing companies are far away from the core enterprises in the production process, and it is difficult to obtain commercial papers directly related to the core enterprises. A commercial paper that has not been endorsed by a core enterprise will have the problem of financing difficulties, and the blockchain can solve this problem. Nontamperable and traceable features of data reduce billing costs and reduce financing costs. The financing of financial institutions by means of orders requires the manufacturing companies to provide transaction data, but because of the competitive relationship between manufacturing companies, there is a need for transaction privacy protection. On the one hand, the transaction price between competitors needs to be kept secret; on the other hand, the trading behavior of special industries requires privacy protection, such as military units.
Data transmission is safe and reliable
SME B does not want any transaction behavior between itself and SME A to be known by SME C.
SME B does not want transaction data related to privacy to be passed to financial institution A and government management department in the business process, and hopes to obtain the prepayment of financial institution A by virtue of the provided non-private transaction data, the financial institution needs to obtain relevant Transaction data to determine the authenticity of the transaction and the risk of lending, the government management agencies hope to obtain relevant transaction data in order to grasp the economy.
The core confidential information of each unit needs to be completely confidential.
Privacy protection design of supply chain finance
All organizations joining the blockchain must be authenticated at the CA to prevent illegal organizations from joining the network to steal user privacy. The viewing rights of the private data can be further subdivided. In the scenario of the league chain served by the Hyperledger, many organizational relationships on the channel are complex. Therefore, privacy data of different degrees of encryption can be given with different levels according to the nature of the transaction activity and the socio-economic relationship between the organizations. For example, organizations that directly participate in transactions can obtain fully transparent privacy data. Upstream and downstream companies associated with this transaction can obtain private data that is added with less noise. Organizations and industry associations that have little to do with the transaction can obtain statistics on transactions. However, competitors may not be able to have fully access the relevant data of this transaction.
Establish different channels for different business processes. In this case, the two business processes form two channels to ensure complete separation of information between SME C and SME B. Based on the channel formed by the first business process, establish a private data set including SME B and SME A, and a private data set including SME A and core enterprise, and also in the second business process. Establishing similar collections of private data to ensure that private data is only disseminated to both parties to the transaction. Other data is provided to financial institutions for risk assessment and provided to government managements for statistical and regulatory purposes.
For the core confidential information within each organization, the organization performs asymmetric encryption and transmits hash of data to the blockchain. This approach should also be part of the Hyperledger Fabric’s privacy protection mechanism. In addition, the storage model for private data should be further designed. At present, Hyperledger’s storage of private data is stored in the privacy database of the peer. Once the private data is copied to the database outside the chain, the linked database data will be deleted, leaving only the hash value of the private data to prove the existence of the transaction. However, this approach makes it impossible to fully exploit the traceability of the blockchain, and the final traceability is only the hash of the transaction data, which cannot be verified on the chain. Therefore, the local database should also establish a corresponding hash value of the privacy transaction data and implement mapping with the privacy database on the chain to achieve traceability based on the same hash value.
The data can be further encrypted according to the attributes of different login users after the privacy data is stored in the database of the organization. Even if the same client of the same organization, the person who manipulates it may be different, so it is necessary to encrypt the data to different degrees according to the attributes of the login user. For example, a supervisor in an organization has the right to view all of the data in the peer database, and visitors in the organization can only see the encrypted data. The permissions of different peers in the same organization to view data should also be different. This is an improvement direction of the privacy protection design on Hyperledger Fabric
Differences Between Blockchain-Based Accounting Method and Traditional Ledgers
Blockchain-Based Accounting Method
Decentralized; Distributed storage, each peer has the same ledger
Centralized; Each participant only saves its own ledgers
Traceable, each transaction is recorded
Untraceable, whether the transaction is recorded or not is determined by the participant
Transaction records cannot be tampered after multiple verifications
Each participant is able to modify their own ledgers
Channel and Privacy Data Collections in Hyperledger fabric are designed to protect data privacy
Protecting user’s privacy with a login password
Data sharing and privacy protection are both implemented
Data sharing is not implemented
The blockchain has a relatively short development history, it was only used as a technology to support digital currency bitcoin in the very beginning. At present, blockchain technology has been separated from Bitcoin, and has been applied in many fields such as finance, trade, credit, Internet of things and shared economy. In the face of complex scenarios such as the privacy protection challenges of the supply chain financial business scenario, Hyperledger Fabric offers a range of solutions. Flexible combination of these privacy protection mechanisms can meet various privacy security needs.
Supply chain finance involves different participants, with a wide variety of scenarios and complex business processes. This article mainly introduces the privacy protection mechanism of the Hyperledger Fabric, and uses a supply chain financial case to explain. Our next work will be to analyze the specific privacy protection needs of different supply chain financial business scenarios, and improve the privacy protection mechanism of the Hyperledger Fabric, such as setting the viewing permission of hierarchical subdivision, improving the privacy data storage mode, etc.
The authors are indebted to Mr. Wenxuan Long, the Hyperledger China’s Community Development Manager, for providing documents on the Hyperledger, and express our gratitude to Dr. Haijie Peng, the engineer of Chuangfa Science & Technology Co., who gave some suggestions on the manuscript.
This research is supported by National Natural Science Foundation of China (71871090; 71850012) and Hunan Provincial Science & Technology Major Project (2018GK1020).
Availability of data and materials
The authors are indebted to Mr. Wenxuan Long, the Hyperledger China’s Community Development Manager, for providing documents on the Hyperledger, and express our gratitude to Dr. Haijie Peng, the engineer of CCS TransFar technology Co, who gave some suggestions on the manuscript.
MC, LQ and ZZ conceived and designed the study, KX collected materials, carried out drawing and writing, MC and ZZ reviewed the manuscript, LQ edited the manuscript. All authors read and approved the manuscript.
The authors declare that they have no competing interests.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
- Belle I (2017) The architecture, engineering and construction industry and blockchain technology. Digital Culture 2017:279–284Google Scholar
- Cachin C (2016) Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers, vol 2016.Google Scholar
- Gao X, Xiang Z, Wang H, et al. An approach to security and privacy of RFID system for supply chain in: E-commerce Technology for Dynamic E-business, Beijing, 13–15 SEP, 2004Google Scholar
- Hyperledger (2018) A Blockchain platform for the Enterprise. https://hyperledger-fabric.readthedocs.io/en/release-1.2/. Accessed 5 Sept 2018
- Iansiti M, Lakhani KR (2017) The truth about blockchain. Harv Bus Rev 95(1):118–127Google Scholar
- Jiang J, Li Z, Lin C (2014) Financing difficulties of SMEs from its financing sources in China. J Serv Sci Manag 7(03):196Google Scholar
- Pilkington M (2016) Blockchain technology: principles and applications. Research handbook on digital transformations 2016:225Google Scholar
- Wang Y (2016) What are the biggest obstacles to growth of SMEs in developing countries? – an empirical evidence from an enterprise survey. Borsa Istanbul Rev 16(3):167–76Google Scholar
- WelinkData (2017) Division of supply chain finance model. http://info.10000link.com/newsdetail.aspx?doc=2017072090035. Accessed 21 Jan 2019
- Yao X, Du W, Zhou X, Ma J (2016) Security and privacy for data mining of RFID-enabled product supply chains. In: Proceedings of the 2016 SAI Computing Conference (SAI), London, p. 1037–1046Google Scholar
- Yao Y, Liu H (2018) Research on Financing Modes of Small and Medium-Sized Enterprises on the Background of Supply Chain Finance. In: Proceedings of 2018 International Conference on Robots & Intelligent System (ICRIS), Changsha China, 26-27 May 2018.Google Scholar
- Garizy TZ, Fridgen G, Wederhake L (2018) A privacy preserving approach to collaborative systemic risk identification: the use-case of supply chain networks. Security and Communication Networks 2018:2018Google Scholar
- Zhang Z, Dong N, Zhu X, Chen J (2018) Depth exploration block chain-Hyperledger’s technology and application. China Machine Press, BeijingGoogle Scholar
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.