Dive Deep into Quorum

1

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

About Us

Shun Takagiwa / 高際 隼�Senior Software Architect, LayerX Inc.

• ブロックチェーン利用したソフトウェア開発 (2018-)
• スマートフォンゲーム開発 (2013-2018)
• 東京工業大学にて数学/計算機科学を専攻 (2007-2013)

Matthew D. Wright�Head of Community, Quorum, J.P. Morgan

• Head of Community, Quorum, Senior Associate (2018-)
• Director of Emerging Markets (2015-2018)
• University of California, Los Angeles, B.A. (2012-2014)

2

Matt Wright

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Contents

1. Intro to Quorum
2. Quorum Architecture
3. Private Transaction
4. 追加のセキュリティ
5. Use cases and Usage

3

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Part.1�Intro to Quorum

4

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Quorum is a fork of the Go Ethereum (geth) client, which is the official GoLang implementation of the Ethereum protocol. Quorum is developed and maintained by J.P. Morgan.

​

Enterprise-ready, open-source blockchain platform, based on Ethereum:

• Designed for processing of private transactions within a permissioned group of known participants
• Addresses specific challenges to blockchain adoption within and beyond the financial services industry, e.g., privacy, speed, throughput

What is Quorum?

​

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

Quorum Benefits

• Confidentiality - details of transactions are private and never broadcast
• Secure – uses advanced encryption techniques, ensures only permissioned entities can access the network
• Decentralized – no dependency on a central service or party

Community – leverages world’s largest pool of blockchain developers, supported by 150+ Enterprises through EEA

Proven – Ethereum has been in production since 2015, proving Quorum’s underlying protocol in normal & stressed environments

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

Quorum Key Features

PERFORMANCE

• Very high TPS rate
• Blocks every ~ 50 ms

FINALITY

PERMISSIONING

• Private Contracts & Transactions
• Zero Knowledge Layer

PRIVACY

• No chain forking
• No transaction reversal

• Known Peers Only
• Built into the protocol

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

Part.2�Quorum Architecture

8

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Quorum Components

Quorum geth�go ethereum + プライベートTx用JSON-RPC� + 追加のコンセンサスアルゴリズム (Raft, IBFT 1.0)

Transaction Manager�プライベートTx管理 + EnclaveへのGateway� + 他参加者のTransaction Managerとの通信

Enclave�共通鍵の管理 + 暗号/復号の実行�Tesseraと別プロセスで動かすことも可能

​

9

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Consensus Algorithm

信用できる参加者で運営 => Raft�利害が対立する参加者同士で運営 => IBFT 1.0

10

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Quorum Network

11

Participant A

Participant B

Participant C

Tx�(Ethereum P2P)

Block�(Raft / IBFT)

encrypted tx�(REST)

encrypted tx�(REST)

Tx�(Ethereum P2P)

Block�(Raft / IBFT)

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Part.3�Private Transaction

12

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Private Transaction

Public tx data structure�{� from: 0x0000,� to: 0x1111,� value: 0,� input: 0xaaaa,�}

Private tx data structure�{� from: 0x0000,� to: 0x1111,� value: 0,� input: hash(enc(0xaaaa)),�}

13

• どちらのtransactionもgethで全ノードに共有される
• Private transactionではinput dataが秘匿化される
• Transaction managerの持つDBは� { key: hash(enc(input)), value: enc(input) }�のようなデータ構造でデータを持つ

0xaaaaの評価値はPrivate stateへ

Encrypt

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

How Tessera works (Private tx between A&B)

14

Participant A

Participant B

Participant C

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

How Tessera works (Private tx between A&B)

15

Participant A

Participant B

Participant C

1.Tx

3.encrypt

2.Tx.input

4.enc(Tx.input)

{� from: 0x0000,� to: 0x1111,� value: 0,� input: 0xaaaa,�}

5.share enc(Tx.input)

6.hash(enc(Tx.input))

7.Tx

{� from: 0x0000,� to: 0x1111,� value: 0,� input: hash(enc(0xaaaa)),�}

7.Tx

{� from: 0x0000,� to: 0x1111,� value: 0,� input: hash(enc(0xaaaa)),�}

8.New Block with the Tx that contains hashed input

9.request�tx payload

10.decrypt

11.Tx.input

12.Tx.input

9.request�tx payload

12.Not found

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Test case 1

contract SimpleStorage {� uint data;� constructor(uint d) {� data = d� }� function set(uint d) {� data = d� }� function get() {� return data� }�}

A, B, Cでのコンソーシアムを仮定

A: create contract SimpleStorage(42)� privateFor: [B]

B: get() => returns 42

C: get() => returns 0

16

Node A

data == 42

Node B

data == 42

Node C

data == 0

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Test case 2

contract SimpleStorage {� uint data;� constructor(uint d) {� data = d� }� function set(uint d) {� data = d� }� function get() {� return data� }�}

A, B, Cでのコンソーシアムを仮定

A: create contract SimpleStorage(42)� privateFor: [B]

​

17

Node A

data == 42

Node B

data == 42

Node C

data == 0

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Test case 2

contract SimpleStorage {� uint data;� constructor(uint d) {� data = d� }� function set(uint d) {� data = d� }� function get() {� return data� }�}

A, B, Cでのコンソーシアムを仮定

A: create contract SimpleStorage(42)� privateFor: [B]

B: set(10)� privateFor: [A]

​

18

Node A

data == 10

Node B

data == 10

Node C

data == 0

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Test case 3

contract SimpleStorage {� uint data;� constructor(uint d) {� data = d� }� function set(uint d) {� data = d� }� function get() {� return data� }�}

A, B, Cでのコンソーシアムを仮定

A: create contract SimpleStorage(42)� privateFor: [B, C]

​

19

Node A

data == 42

Node B

data == 42

Node C

data == 42

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Test case 3

contract SimpleStorage {� uint data;� constructor(uint d) {� data = d� }� function set(uint d) {� data = d� }� function get() {� return data� }�}

A, B, Cでのコンソーシアムを仮定

A: create contract SimpleStorage(42)� privateFor: [B, C]

B: set(10)� privateFor: [A]

​

​

�データ不整合が発生してしまう

20

Node A

data == 10

Node B

data == 10

Node C

data == 42

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Data Availability Problem

hash(enc(tx.input))を持ってても、enc(tx.input)を共有されてない人は読めない�→本来共有されるべき人に共有されていない場合に問題が起こる

検知方法�1. コントラクトのstorageRootを監視 (JSON RPC eth_storageRoot)�2. そのコントラクトアドレスをtoに設定したtxを監視�3. consistency checker

修復方法�1. enc(tx.input) を再送してもらう（Quorum.js sendRawRequest; 未検証）�2. privateForを正しく設定して再実行（再実行して問題ないデータに限る）

良い修復方法は無い�他のDLTでも似たような問題はある

21

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Demo

7 nodes example

external call

​

22

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Part.4�追加のセキュリティ

23

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

HTTP Enclave

EnclaveをTransaction Manager (Tessera) と別プロセスで起動できる

他のTransaction Managerと通信が必要なTesseraはインターネットに公開し、�鍵を持つEnclaveはインターネットから非公開にすることで機密性を向上

https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Enclave/�https://github.com/jpmorganchase/tessera/releases (enclave-jaxrs-*-server.jar を実行することでHTTP Enclaveが起動する)

​

24

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Key Vault

Tessera/Enclaveの持つ秘密鍵をHashicorp VaultやAzure Key Vaultと連携してセキュアに管理できる (Tessera/Enclaveから分離できる)

仮想マシンから鍵を分離し、適切な権限管理を設定することで、�仮想マシン以外は誰も鍵にアクセスできないような構成を取ることが可能

仮想マシンに誰もログインできないよう設定すると更に安全になる

https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20a%20Hashicorp%20Vault/�https://docs.goquorum.com/en/latest/Privacy/Tessera/Tessera%20Services/Keys/Setting%20up%20an%20Azure%20Key%20Vault/

​

25

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Private Transaction版sendRawTransaction

未署名tx作成→署名→送信という手順に分割することで、�署名をオフライン環境等のより機密性の高い環境で実行することが可能になる

https://github.com/jpmorganchase/quorum.js/blob/master/7nodes-test/deployContractViaHttp-externalSigningTemplate.js

​

26

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

Part.5�Use cases and Usage

27

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

What can I build with Quorum?

• Private blockchains are useful when you have an organization or problems that consist of
• Geographically distributed members
• Spotty trust between members
• No reason or need for central control
• With above conditions met, some of the things that we can build with Quorum are
• Asset or supply chain systems
• Multi-party and organizational decision making via multi-signature contracts (distributed trust)
• Real-time auditing, operational transparency, and data integrity uses

Inspired by: https://www.quora.com/What-are-some-use-cases-for-private-blockchains

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

Who is using Quorum today?

• Financial Services
• IIN - Cross bank blockchain for data exchange between 200+ banks
• JPM Coin - instant settlement of transactions between bank clients
• Project Dromaius - Debt issuance platform
• Project Khokha - South Africa’s Central bank - payments and settlements
• Project Ubin - Singapore mon. authority - wholesale payments on in digital SDG on chain
• Healthcare
• Synaptic Healthcare - Healthcare provider data
• IoT
• Project Vento - Using blockchain-powered identity and connected devices for real-time toll road transactions
• Supply Chain
• LVMH - authenticity of luxury goods
• Chronicled - Gold bar tracking
• Suku - industry agnostic supply chain solution
• Cross-Industry
• State Farm/ USAA - auto insurance claims
• Microsoft/ EY - video game royalties

​

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

The easy way

https://github.com/jpmorganchase/quorum-examples

• Official Quorum starting point

​

• An easy guest environment to get started with on any platform
• Vagrant (works on all machines)
• Dockerized setup

​

• Comes with examples for public and private smart contracts
• configures an operational and fully configured 7 node cluster
• has a real world example from finance industry: 5NodeRTGS

​

​

​

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

The advanced way

For more advanced users with access to AWS and other environments

• Quorum Cloud – the official way of deploying Quorum networks on AWS using ECS Fargate, S3, and EC2 via automated Terraform configuration
• https://github.com/jpmorganchase/quorum-cloud

​

• Quorum Maker – an open source tool made by Synechron Labs for guided Quorum network kick-start and management. This tool is provider agnostic
• https://github.com/synechron-finlabs/quorum-maker

​

• Cakeshop – is an integrated development environment and SDK for Quorum
• https://github.com/jpmorganchase/cakeshop

​

​

​

​

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Quorum

Ref.

• Quorum Documents (情報の宝庫)
• GitHub
• Slack (開発者がいつでも質問に答えてくれる)
• quorum-examples (7つのノードを起動でき、いろんなサンプルを実行可能)
• Quorum.js (Quorum APIをサポートするweb3.js拡張)

​

32

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

33

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa

34

Dive Deep into Quorum - blockchain.tokyo #22

© 2019 Shun Takagiwa