What is blockchain?

For many, "the blockchain" is nothing more than how the bitcoin cryptocurrency works. Hyperledger suggests the definition of a blockchain as a distributed ledger, shared by trusted and distrusted participants, with strong guarantees about data accuracy and consistency.

Ledger. Ledgers are lists of transactions, recording items and assets bought and sold between participants. Transactions are dated and time-stamped and ordered accordingly. Transactions can only be added to ledgers and one is forbidden to go back and edit or delete them. A blockchain using cryptology deters a person from altering the transactions. A blockchain can have ledger entries that are significantly more complex than simple credits and debits, but the underlying concept does not change.

Sharing. Many years before, ledgers were handwritten. Sharing the ledger was unheard of as it was a limited copy. Besides, the only people who could make entries were the folks in accounting. The point of a blockchain is that anyone can add entries to the ledger. More precisely, anyone with the appropriate software can put entries into a pool of entries that will eventually be checked for consistency and added to the ledger.

Permissioned. While sharing the ledger makes it easy on the participants, it also creates vulnerabilities and privacy issues. With proper permissions and access control, the networks used in blockchain management leaves little room for manipulation.

Distributed. Unlike regular databases, the database used in blockchain is not centralized. There’s no central administration or even a DBA deciding who has access, and what rules they must follow. There is no single point of control, and also no single point of failure. Many participants in the blockchain have copies of the entire ledger. Those copies are updated whenever transactions are added to the newer blocks.

Consensus. In a un-permissioned network, having unknown, un-trusted participants is a novel idea in a blockchain. Any participant in such a network can add entries, including people and organizations that don’t trust each other. In enterprise applications, requiring a certain amount of trust allows some important optimizations, which is unlike the concept of "un-trusted participants" as prevalent in a blockchain. A digital consensus, or rather a software algorithm allows certain agreed upon transactions to be written in the blocks and the data duplicated to other copies.

Accuracy / Consistency. Blockchain makes strong guarantees about the ledger's accuracy. Specifically, participants can't add, delete, or modify entries that have already been placed in the ledger. The copies of the distributed ledger aren’t always in strict agreement, but disagreements are quickly resolved automatically. While many "permissioned blockchains" add access control, making the blockchain network more efficient, it's important to understand that the blockchain is all about maintaining an accurate ledger with participants that cannot be trusted.

Users and Participants. It's counterintuitive, but users and user IDs are never stored in the blockchain. Users are an abstraction maintained by certificate wallets. Users are not stored in the blockchain, only their certificate as an address. User addresses are public, but they don’t identify users. Wallets generate a new address for each transaction. The different actors in a blockchain network include peers, orderers, client applications, administrators and more. Each of these actors — active elements inside or outside a network able to consume services — has a digital identity encapsulated in an X.509 digital certificate. These identities really matter because they determine the exact permissions over resources and access to information that actors have in a blockchain network. For an identity to be verifiable, it must come from a trusted authority. A membership service provider (MSP) is how this is achieved in Fabric. More specifically, an MSP is a component that defines the rules that govern the valid identities for this organization. The default MSP implementation in Fabric uses X.509 certificates as identities, adopting a traditional Public Key Infrastructure (PKI) hierarchical model.

Privacy and Certificates. PKI certificate authorities and MSPs provide a similar combination of functionalities. A PKI is like a card provider — it dispenses many different types of verifiable identities. An MSP, on the other hand, is like the list of card providers accepted by the store, determining which identities are the trusted members (actors) of the store payment network. MSPs turn verifiable identities into the members of a blockchain network. A public key infrastructure (PKI) is a collection of internet technologies that provides secure communications in a network. It’s PKI that puts the S in HTTPS — and if you’re reading this documentation on a web browser, you’re probably using a PKI to make sure it comes from a verified source.

PKI (Public Key Infrastructure). A PKI is comprised of Certificate Authorities who issue digital certificates to parties (e.g., users of a service, service provider), who then use them to authenticate themselves in the messages they exchange with their environment. A CA’s Certificate Revocation List (CRL) constitutes a reference for the certificates that are no longer valid. Revocation of a certificate can happen for a number of reasons. For example, a certificate may be revoked because the cryptographic private material associated to the certificate has been exposed. Although a blockchain network is more than a communications network, it relies on the PKI standard to ensure secure communication between various network participants, and to ensure that messages posted on the blockchain are properly authenticated. It’s therefore important to understand the basics of PKI and then why MSPs are so important.

Channels. A channel is a private “subnet” of communication between two or more specific network members, for the purpose of conducting private and confidential transactions. A channel is defined by members (organizations), anchor peers per member, the shared ledger, chaincode application(s) and the ordering service node(s). Each transaction on the network is executed on a channel, where each party must be authenticated and authorized to transact on that channel. Each peer that joins a channel has its own identity given by a membership services provider (MSP), which authenticates each peer to its channel peers and services.

Peers. A blockchain network is comprised primarily of a set of peer nodes (or, simply, peers). Peers are a fundamental element of the network because they host ledgers and smart contracts. Recall that a ledger immutably records all the transactions generated by smart contracts (or chaincode). Smart contracts and ledgers are used to encapsulate the shared processes and shared information in a network, respectively.

The definitions give you an idea of what a blockchain can do. With all the hype surrounding blockchains, it's important to understand what they can and can not do. It is not one size that fits all. Blockchains are solutions to a specific set of important problems. If you’re building applications that span enterprises, and that need to keep accurate records in the presence of un-trusted partners, you should be thinking blockchains.