Key Concepts-Private data
- Introduction
- Hyperledger Fabric Functionalities
- Hyperledger Fabric Model
- Blockchain network
- Identity
- Membership
- Peers
- Smart Contracts and Chaincode
- Ledger
- The Ordering Service
- Private data
- Use Cases
Private data
What is private data?
In cases where a group of organizations on a channel need to keep data private from other organizations on that channel, they have the option to create a new channel comprising just the organizations who need access to the data. However, creating separate channels in each of these cases creates additional administrative overhead (maintaining chaincode versions, policies, MSPs, etc), and doesn’t allow for use cases in which you want all channel participants to see a transaction while keeping a portion of the data private.
如果一個通道上的一組組織需要讓自己的資料對該通道上的其他組織保密,他們可以選擇建立一個新的通道,該通道隻包括需要通路資料的組織。但是,在每種此類情況下都建立單獨的通道會産生額外的管理開銷(維護鍊碼版本、政策、MSP等),并且無法在所有通道參與者在保持部分資料私有的情況下看到事務。
That’s why, starting in v1.2, Fabric offers the ability to create private data collections, which allow a defined subset of organizations on a channel the ability to endorse, commit, or query private data without having to create a separate channel.
這就是為什麼從v1.2開始,Fabric提供了建立私有資料集的能力,這允許在一個通道上定義組織的子集,在不需要建立單獨通道的情況下背書、送出或查詢私有資料。
What is a private data collection?
A collection is the combination of two elements:
集合是兩個元素的組合:
-
The actual private data, sent peer-to-peer via gossip protocol to only the organization(s) authorized to see it. This data is stored in a private state database on the peers of authorized organizations (sometimes called a “side” database, or “SideDB”), which can be accessed from chaincode on these authorized peers.The ordering service is not involved here and does not see the private data. Note that because gossip distributes the private data peer-to-peer across authorized organizations, it is required to set up anchor peers on the channel, and configure CORE_PEER_GOSSIP_EXTERNALENDPOINT on each peer,in order to bootstrap cross-organization communication.
1。實際的私有資料,将通過gossip協定點對點地發送給被授權檢視的組織。此資料存儲在授權組織節點的私有狀态資料庫(有時稱為“side”資料庫或“sidedb”)中,可以被授權節點上的鍊碼通路。此處不涉及排序服務,也看不到私有資料。請注意,由于gossip在授權組織之間點對點地分發私有資料,是以需要在通道上設定錨節點,并在每個對等上配置CORE_PEER_GOSSIP_EXTERNALENDPOINT,以便引導跨組織通信。
譯注:
CORE_PEER_GOSSIP_EXTERNALENDPOINT 直譯就是核心節點的GOSSIP外部終結點,可以視為TCP/IP協定下的網關
-
A hash of that data, which is endorsed, ordered, and written to the ledgers of every peer on the channel. The hash serves as evidence of the transaction and is used for state validation and can be used for audit purposes.
2。資料的散列值,該散列值已被背書、排序并寫入通道上每個對等節點的分類賬中。哈希用作事務的證據,用于狀态驗證,并可用于審計目的。
The following diagram illustrates the ledger contents of a peer authorized to have private data and one which is not.
下圖說明了被授權和未被授權擁有私有資料的對等節點的分類帳内容。
Collection members may decide to share the private data with other parties if they get into a dispute or if they want to transfer the asset to a third party. The third party can then compute the hash of the private data and see if it matches the state on the channel ledger, proving that the state existed between the collection members at a certain point in time.
如果成員遇到争議或想要将資産轉讓給第三方,他們可以決定與其他團體共享私人資料。然後,第三方可以計算私有資料的散列值,并檢視它是否與通道分類賬上的狀态比對,進而證明在某個時間點成員集合之間存在該狀态。
When to use a collection within a channel vs. a separate channel
- Use channels when entire transactions (and ledgers) must be kept onfidential within a set of organizations that are members of the channel.
- Use collections when transactions (and ledgers) must be shared among a set of organizations, but when only a subset of those organizations should have access to some (or all) of the data within a transaction. Additionally, since private data is disseminated peer-to-peer rather than via blocks, use private data collections when transaction data must be kept confidential from ordering service nodes.
- 當整個交易(和分類賬)必須在屬于通道成員的一組組織内保持一緻時,請使用通道。
- 當事務(和分類帳)必須在一組組織之間共享,但隻有這些組織的一個子集可以通路事務中的某些(或全部)資料時,使用集合。此外,由于私有資料是通過點對點而不是通過塊傳播的,是以在必須讓事務資料對排序節點保密的情況下,使用私有資料集。
A use case to explain collections
Consider a group of five organizations on a channel who trade produce:
考慮一個通道上有五個組織從事農産品貿易:
- A Farmer selling his goods abroad
- A Distributor moving goods abroad
- A Shipper moving goods between parties
- A Wholesaler purchasing goods from distributors
- A Retailer purchasing goods from shippers and wholesalers
- 農民在國外銷售他的商品
- 經銷商将貨物運往國外
- 承運人在雙方之間移動貨物
- 批發商從經銷商處采購貨物
- 零售商從承運人和批發商處采購貨物
The Distributor might want to make private transactions with the Farmer and Shipper to keep the terms of the trades confidential from the Wholesaler and the Retailer (so as not to expose the markup they’re charging).
經銷商希望與農民和承運人進行私密交易,以讓交易條款對批發商和零售商保密(以免暴露他們收取的加價)。
The Distributor may also want to have a separate private data relationship with the Wholesaler because it charges them a lower price than it does the Retailer.
分銷商也可能希望與批發商建立獨立的私有資料關系,因為它向批發商收取的費用比向零售商收取的費用更低。
The Wholesaler may also want to have a private data relationship with the Retailer and the Shipper.
批發商也可能希望與零售商和承運人建立私有資料關系。
Rather than defining many small channels for each of these relationships, multiple private data collections (PDC) can be defined to share private data between:
- PDC1: Distributor, Farmer and Shipper
- PDC2: Distributor and Wholesaler
-
PDC3: Wholesaler, Retailer and Shipper
為了在下列主體間共享私有資料,可以定義多個私有資料集 (PDC) ,而不是為這些關系定義多個小通道:
- PDC1: 經銷商、農民和承運人。
- PDC2: 經銷商和批發商
- PDC3: 批發商、零售商和承運人
Using this example, peers owned by the Distributor will have multiple private databases inside their ledger which includes the private data from the Distributor, Farmer and Shipper relationship and the Distributor and Wholesaler relationship. Because these databases are kept separate from the database that holds the channel ledger, private data is sometimes referred to as “SideDB”.
使用此示例,經銷商擁有的對等節點在其分類賬中會有多個私有資料庫,其中包括來自經銷商、農民 和 承運人 關系以及經銷商和批發商關系的私有資料。因為這些資料庫與持有通道分類賬的資料庫是分開的,是以私有資料有時被稱為“SideDB”。
Transaction flow with private data
When private data collections are referenced in chaincode, the transaction flow is slightly different in order to protect the confidentiality of the private data as transactions are proposed, endorsed, and committed to the ledger. For details on transaction flows that don’t use private data refer to our documentation on transaction flow.
當私有資料集在鍊碼中被引用時,為了保護私有資料的機密性,在交易被提案、背書并送出到分類帳時的交易流程略有不同。對于不使用私有資料的事務流的詳細資訊,請參閱事務流上的文檔。
- The client application submits a proposal request to invoke a chaincode function (reading or writing private data) to endorsing peers which are part of authorized organizations of the collection. The private data, or data used to generate private data in chaincode, is sent in a
transient
- 用戶端應用向集合中被認證節點一部分的背書節點送出了一個提案請求,以調用鍊碼函數(讀取或寫入私有資料)。私有資料,或在鍊碼中用于生成私有資料的資料,在提案的“transient”字段中發送。
譯注
transient 直譯是“瞬态”的意思,可以了解為暫存。參考下一段中的相關文字。
- The endorsing peers simulate the transaction and store the private data in a
transient data store
- 背書節點模拟執行事務,并将私有資料存儲在“transient資料存儲”(節點本地的臨時存儲)中。他們根據集合政策,通過[gossip]協定(https://hyperledger-fabric.readthedocs.io/en/release-1.4/gossip.html)将私有資料分發給被授權的節點。
譯注
這裡可以看到對transient的解釋。
- The endorsing peer sends the proposal response back to the client. The proposal response includes the endorsed read/write set, which includes public data, as well as a hash of any private data keys and values. No private data is sent back to the client. For more information on how endorsement works with private data, click here.
- 背書節點将提案響應發送回用戶端。提案響應包括已背書的讀/寫集,其中包括公共資料以及任何私有資料鍵值對的散列值。沒有私密資料發送回用戶端。有關背書機制如何處理私密資料,單擊此處。
- The client application submits the transaction (which includes the proposal response with the private data hashes) to the ordering service. The transactions with the private data hashes get included in blocks as normal. The block with the private data hashes is distributed to all the peers. In this way, all peers on the channel can validate transactions with the hashes of the private data in a consistent way, without knowing the actual private data.
- 用戶端應用将事務(包括帶有私密資料散列的提案響應)送出給排序服務。帶有私有資料散列的事務通常包含在塊中。帶有私有資料散列的塊被分發到所有節點。這樣,通道上的所有節點都可以一緻的方式使用私有資料的散列驗證事務,而不必知道實際的私密資料。
- At block commit time, authorized peers use the collection policy to determine if they are authorized to have access to the private data. If they do, they will first check their local
transient data store
transient data store
.
5。在區塊送出時,被認證的節點使用集合政策來确定他們是否被授權通路私有資料。如果他們被授權,他們将首先檢查他們的本地“臨時資料存儲”以确定他們是否已經在鍊碼背書時收到了私有資料。如果沒有,他們将嘗試從其他被認證的節點中提取私有資料。然後,他們将根據公共區塊中的散列值驗證私有資料,并送出事務和區塊。驗證并送出後,私有資料将移動到私有狀态資料庫和私有寫集合存儲的副本中。然後從“臨時資料存儲”中删除私有資料。
Purging private data
For very sensitive data, even the parties sharing the private data might want — or might be required by government regulations — to periodically “purge” the data on their peers, leaving behind a hash of the data on the blockchain to serve as immutable evidence of the private data.
對于非常敏感的資料,即使是共享私有資料的各方也可能希望——或者可能是政府規定要求——定期“清除”節點上的資料,隻留下區塊鍊上的資料散列值作為私有資料的不可變證據。
In some of these cases, the private data only needs to exist on the peer’s private database until it can be replicated into a database external to the peer’s blockchain. The data might also only need to exist on the peers until a chaincode business process is done with it (trade settled, contract fulfilled, etc).
在某些情況下,私密資料隻需要存在于節點的私有資料庫中,直到它可以複制到節點區塊鍊外部的資料庫中。資料也可能隻需要存在于節點上,直到鍊碼業務流程完成(貿易結算、合同履行等)。
To support these use cases, private data can be purged if it has not been modified for a configurable number of blocks. Purged private data cannot be queried from chaincode, and is not available to other requesting peers.
為了支援這些用例,如果私密資料還沒有被,則可以被清除。無法通過鍊碼查詢已清除的私有資料,其他發起請求的節點也無法使用這些資料。
How a private data collection is defined
For more details on collection definitions, and other low level information about private data and collections, refer to the private data reference topic.
有關集合的定義以及其他有關私密資料和集合的底層詳細資訊,參閱私有資料指導主題。