Hyperledger Fabric private data is a new feature introduced in version 1.2. Fabric private data uses side database (SideDB) to save private data between several channel members, thus providing a more flexible layer on top of the channel. Data protection mechanism. This article will introduce how to use fabric private data in chain code development.
fabric private data uses SideDB to save private data, which is equivalent to providing a more fine-grained data privacy protection mechanism on top of the channel. This article will introduce the purpose, basic concepts and application scenarios of fabric private data.
What is fabric private data?
The current way to achieve data privacy in Hyperledger Fabric is to use channels. However, officials are not alone in creating a large number of channels in large networks in order to achieve data privacy protection, because this will bring additional overhead, such as management policies, chain code versions, and member service provision (MSP). In a channel, all data is either public or private. Therefore, it will be very troublesome if you want to transfer assets to members outside the channel. This is why Hyperledger Fabric introduces private transactions. farbic private data allows the creation of private data sets based on policies to define which members of the channel can access the data. Fabric private data can be managed simply by adding policies. This makes it possible to make certain data public to only some members.
Consider Hyperledger Fabric’s marbles example. All marble data can be made public, except for its holder and price information. These two data cannot be disclosed to others, and the price should not be known to others. Maybe you need to track this data because you need to verify that the person selling the marble is the real owner. A hypothetical marble audit firm can act as your partner to verify this. If you use channels, all your actions will be recorded in the ledger state and can be seen by anyone.
How does fabric private data solve the above problems?
In the above figure, the first set, Channel Read-Write Sets" is the architecture when fabric private data is not introduced. Each transaction Both record their status and history.
The second set, private state partition 1, shows a shared private state between two nodes belonging to different organizations. This state is based on a pre-set policy. Replicated between nodes.
The third set, private state partition 2&3 shows a real example of fabric private data. The data set can be ignored by some members. This means that you can create a new set for each marble Sellers and auditors set up private data sets separately. These data sets allow the addition of some additional data, and the main data is still stored in the main state and ledger.
Authorized Nodes will be able to see the data hash on the main ledger, as well as the real data in the private database. Unauthorized nodes will not synchronize the private database and can only see the data hash on the main ledger. Due to the hash The hash is irreversible, so these unauthorized nodes cannot see the real data.
From a higher level, the problem solved by fabric private data looks like this:
fabric private data use case
We use the classic fabcar case in Hyperledger Fabric to show how to use private data sets. The initLedger function will be in Create 10 new cars in our dataset. All of these cars can be viewed by anyone on the network. Now let's create a private database, and this data will only be shared with another member garage we hold.
fabric private data data set configuration
We first need a data set configuration file collections_config.json, which contains the private data set name and access policy. The access policy is similar to the endorsement policy, This allows us to use already existing policy logic, such as OR, AND, etc.
[
{
"name": "carCollection",
"policy": "OR ('Org1MSP.member','Org2MSP.member')",
"requiredPeerCount": 0,
"maxPeerCount": 3,
"blockToLive":1000000
}
]Modify the chaincode to support fabric private data
Here is the original createCar function:
async createCar(stubHelper: StubHelper, args: string[]) {
const verifiedArgs = await Helpers.checkArgs<any>(args[0], Yup.object()
.shape({
key: Yup.string().required(),
make: Yup.string().required(),
model: Yup.string().required(),
color: Yup.string().required(),
owner: Yup.string().required(),
}));
let car = {
docType: 'car',
make: verifiedArgs.make,
model: verifiedArgs.model,
color: verifiedArgs.color,
owner: verifiedArgs.owner
};
await stubHelper.putState(verifiedArgs.key, car);
}To add data to the private data set carCollection, we need to specify the target data set:
await stubHelper.putState(verifiedArgs.key, car, {privateCollection: 'carCollection'});Next, if we want to query the vehicle, we also need to specify the target private data set:
async queryPrivateCar(stubHelper: StubHelper, args: string[]) {
const verifiedArgs = await Helpers.checkArgs<any>(args[0], Yup.object()
.shape({
key: Yup.string().required(),
}));
const car = await stubHelper.getStateAsObject(verifiedArgs.key, {privateCollection: 'carCollection'});
if (!car) {
throw new NotFoundError('Car does not exist');
}
return car;
}Similarly, for delete and update operations, you need to specify the target private data set to be operated.
fabric private data chaincode best practices
Of course, some of our data is visible to anyone in the Hyperledger Fabric network. However, some of this data is private and held in a private dataset and therefore can only be accessed by peers defined in the dataset configuration file.
We recommend saving data using the same key in both the public and private datasets to make it easier to extract the data. Finally, I hope this article is helpful to you.
If you want to know more related tutorials, please pay attention to PHP Chinese website!
The above is the detailed content of Fabric private data beginners' practical experience. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
