In many blockchain platforms such as and , data confidentiality is a kind of item in their blockchain framework. In these distributed blockchain platform transactions are executed in every participant node in the network. So, every transaction in the network can be visible to all the peers. The ledger update process through all the endorsed peers and has to reach an agreement among all before it committed successfully to the ledger. So, in this scenario creating a private record and comprises within a certain group of participants in the network is a complete “ ”. Ethereum Bitcoin excluded No Why Private Data? In today’s enterprise business sector data confidentiality is a real biggest challenged for the companies. Many competitors in the market seek data privacy and confidentiality for their clients. But all the major blockchain platforms provide a platform and their architecture doesn’t provide such facility to create a transaction for certain groups. Permissionless In this case, Hyperledger Fabric utilizes the opportunity of controlling as a platform enabling structured architecture. We will see in the course of this article, how the Transaction flows with Private data architecture in Hyperledger Fabric. Permissioned Private Data Transaction flow with Private Data In Hyperledger Fabric, there are many different approaches to create private transactions among a few organizations and discarding the visibility of the content of the transaction from other organizations. In the first approach, there are can be separate individual channels for certain organizations only, so whichever organizations are authorized to see the private data can only join the channel. But creating a private channel creates additional administrative overhead and makes process complex to maintain the version, policy, and other configuration details. Chanicode So, there is another structural procedure by creating for certain organizations. The private data collection will be stored in a side database called . The side database is only accessible to authorized organizations. The does not see the private data but can only process the hash of private data to all the endorsed peers in the network for validation and ledger update process. Yes, all the remaining participants will get a copy of private data with hash encrypted. Private Data Collection SideDB Ordering Service In comparison with the Ordering Service Transaction flow , Private data transaction flow differs in some cases. The client application sends the transaction proposal request to the only authorized endorsing peers. Then the peer invokes the request into the . Chaincode The peers analyze the private data transaction and stores in the . Then, the private data collection distributed to other authorized peers via protocol. transient data store gossip Now the endorsing peers return the proposal response to the client and the response contains the only hash of private data, it’s pair. The client doesn’t get the original private data in the response. private key-value The client submits the transaction response to the . The gets included in the block. Ordering Service hashed private data The block containing the hash of the private data is distributed to the remaining peers in the network. So the block can be validated among all the peers consistently. The authorized peers will validate their private data with the public block containing the hash of the private data. If it matches then they move the private data into the and . And then the Private data is deleted from temporary local peer storage or transient data store. Private State Database Private Writeset Storage Private Data Collection Policy As we can create collections among authorized organizations, so the collections will follow policy while instantiating the Chaincode. These policies define which organization’s peers are authorized to store the private data in their . private state database And these policies will be different from overall endorsing peer policy for a single instantiation. Chaincode In Hyperledger Fabric Go SDK, we can create a collection config for each collection and can use it while instantiating a Chaincode collCfg1, := newCollectionConfig( , , peerCount, maximumPeerCount, blockToLive) collCfg2, := newCollectionConfig( , , peerCount, maximumPeerCount, blockToLive). _ "collectionOrg1Org2" "OR ('Org1MSP.member', 'Org2MSP.member')" _ "collectionOrg3Org4" "OR ('Org3MSP.member', 'Org4MSP.member')" Here there are two collection configs for two sets of organization groups. collCfg1 belongs only to Org1 & Org2 collCfg2 belongs only to Org3 & Org4 Function newCollectionConfig func newCollectionConfig(colName, policy string, reqPeerCount, maxPeerCount int32, blockToLive uint64) (*cb.CollectionConfig, error) { p, := cauthdsl.FromString(policy) err != nil { fmt.Println( +err.Error()) nil, err } cpc := &cb.CollectionPolicyConfig{ : &cb.CollectionPolicyConfig_SignaturePolicy{ : p, }, } &cb.CollectionConfig{ : &cb.CollectionConfig_StaticCollectionConfig{ : &cb.StaticCollectionConfig{ : colName, : cpc, : reqPeerCount, : maxPeerCount, : blockToLive, }, }, }, nil } err if "failed to create newCollectionConfig : " return Payload SignaturePolicy return Payload StaticCollectionConfig Name MemberOrgsPolicy RequiredPeerCount MaximumPeerCount BlockToLive Instantiation of Chaincode While instantiating the chaincode, all the collection configs will be added into a config array. cfg := []*cb.CollectionConfig{ collCfg1, collCfg2} policy = ccPolicy, := cauthdsl.FromString(policy) resp, := s.Resmgmt.InstantiateCC( s.ChannelID, resmgmt.InstantiateCCRequest{ : s.ChaincodeId, : s.ChaincodePath, : s.ChainCodeVersion, : [][]byte{[]byte( )}, : ccPolicy, : cfg, },resmgmt.WithRetry(retry.DefaultResMgmtOpts), resmgmt.WithTargets(orgPeers[ ], orgPeers[ ])) "OR ('Org1MSP.member','Org2MSP.member','Org3MSP.member','Org4MSP.member')" // here this policy is a completely separate entity, it relates to the all organization's peers following an endorsing policy to validate all the blocks in the network consistently. _ // cauthdsl will convert the policy string to Policy object err Name Path Version Args "init" Policy CollConfig 0 1 PrivateLedger I have developed a demonstrating the using Fabric Go SDK. It’s more like an implementation of Fabric Go SDK libraries for Private data. Please follow below link below to check the project. POC Private Data Collection GitHub Github : https://github.com/Deeptiman/privateledger This project requires us to be familiar with the Multi Organization setup using Fabric Go SDK. So, If you need a reference then I have published a Medium article to describe the step by step process for the Multi Organization setup. Please have a look at it. “A Multi Organization Application in Hyperledger Fabric ” So, this is the overall description regarding the role of Hyperledger Fabric in Data Confidentiality and Privacy . I hope this article gave you some useful insight into the topic. Please find the article useful :) Thanks
![featured image - Issues With Private Data and Confidentiality in Hyperledger Fabric [Deep Dive]](https://hackernoon.imgix.net/images/4i763ygx.jpg?auto=format&fit=max&w=3840)
![Making A Case for OffChain Storage in Hyperledger Fabric [Deep Dive]](https://hackernoon.imgix.net/images/nj1ty3ya1.jpg?auto=format&fit=max&w=3840)
