译文目录:
Key Concepts-Hyperledger Fabric Model
- Introduction
- Hyperledger Fabric Functionalities
- Hyperledger Fabric Model
- Blockchain network
- Identity
- Membership
- Peers
- Smart Contracts and Chaincode
- Ledger
- The Ordering Service
- Private data
- Use Cases
Hyperledger Fabric Model
This section outlines the key design features woven into Hyperledger Fabric that fulfill its promise of a comprehensive, yet customizable, enterprise blockchain solution:
本节概述了Fabric为实现其全面、可定制的企业区块链解决方案的承诺而做的关键特性:
-
Assets — Asset definitions enable the exchange of almost anything with monetary value over the network, from whole foods to antique cars to currency futures.
-
Chaincode — Chaincode execution is partitioned from transaction ordering, limiting the required levels of trust and verification across node types, and optimizing network scalability and performance.
-
Ledger-Features — The immutable, shared ledger encodes the entire
transaction history for each channel, and includes SQL-like query capability
for efficient auditing and dispute resolution. -
Privacy — Channels and private data collections enable private and
confidential multi-lateral transactions that are usually required by
competing businesses and regulated industries that exchange assets on a common network. -
Security & Membership Services — Permissioned membership provides a trusted blockchain network, where participants know that all transactions can be detected and traced by authorized regulators and auditors.
-
Consensus — A unique approach to consensus enables the flexibility and scalability needed for the enterprise.
-
资产—资产的概念允许使用网络上的货币价值交换一切,从有机食品到古董车再到货币期货。
-
链码—链码的执行与事务排序分离,降低了跨节点类型信任和验证所需的级别,并优化网络可扩展性和性能。
-
账本特性—不可变的共享分类账编码每个通道的事务历史记录,包括以类似SQL查询的方式有效审计和解决争议的功能。
-
隐私—通道和私有数据集使得相互竞争的企业和受管制的行业常需要的私有和多边机密交易,能在一个通用的网络上交换资产。
-
安全和成员服务—授权成员机制提供了可信的区块链网络,参与者知道所有交易都可以由授权的监管者和审计者进行检测和跟踪。
-
共识—达成共识的独特方法实现了企业所需的灵活性和可扩展性。
Assets
Assets can range from the tangible (real estate and hardware) to the intangible(contracts and intellectual property). Hyperledger Fabric provides the ability to modify assets using chaincode transactions.
Assets are represented in Hyperledger Fabric as a collection of key-value pairs, with state changes recorded as transactions on a Channel ledger. Assets can be represented in binary and/or JSON form.
You can easily define and use assets in your Hyperledger Fabric applications using the Hyperledger Composer tool.
资产涵盖有形资产(不动产和硬件)到无形资产(合同和知识产权)。Fabric提供使用链码事务修改资产的能力。
资产在Fabric中表示为键值对,状态更改记录为 通道 账本上的事务。资产可以用二进制和/或JSON表示。
您可以轻松地在Hyperledger Fabric 应用程序中使用Hyperledger Composer 定义和使用资产
Chaincode
Chaincode is software defining an asset or assets, and the transaction instructions for modifying the asset(s); in other words, it’s the business logic. Chaincode enforces the rules for reading or altering key-value pairs or other state database information. Chaincode functions execute against the ledger’s current state database and are initiated through a transaction proposal. Chaincode execution results in a set of key-value writes (write set) that can be submitted to the network and applied to the ledger on all peers.
链码通过软件定义一个或多个资产,以及修改资产的事务操作;换句话说,这是业务逻辑。链码强制执行读写键值对或其他状态数据库的规则。链码函数会对分类帐的当前状态数据库执行操作,并以事务提案的形式启动。链码执行产生一组键值写操作(写入集),它们将被提交到网络并应用到所有节点的账本。
Ledger Features
The ledger is the sequenced, tamper-resistant record of all state transitions in the fabric. State transitions are a result of chaincode invocations (‘transactions’) submitted by participating parties. Each transaction results in a set of asset key-value pairs that are committed to the ledger as creates, updates, or deletes.
The ledger is comprised of a blockchain (‘chain’) to store the immutable, sequenced record in blocks, as well as a state database to maintain current fabric state. There is one ledger per channel. Each peer maintains a copy of the ledger for each channel of which they are a member.
分类帐是结构中所有状态转换的有序的、防篡改的记录。状态转换是由参与方提交的链码调用(即“事务”)的结果。每个事务都会产生一组资产键值对,并以创建、更新或删除被提交到分类帐。
分类账由一个区块链(“链”)组成,用于以区块为单位存储不可篡改的有序的记录,区块以一个状态数据库来维护当前的fabric状态。每个通道都有一个分类帐。每个参与方都为其所属的每个通道维护一份分类账副本。
Some features of a Fabric ledger:
- Query and update ledger using key-based lookups, range queries, and composite key queries
- Read-only queries using a rich query language (if using CouchDB as state database)
- Read-only history queries — Query ledger history for a key, enabling data provenance scenarios
- Transactions consist of the versions of keys/values that were read in chaincode (read set) and keys/values that were written in chaincode (write set)
- Transactions contain signatures of every endorsing peer and are submitted to ordering service
- Transactions are ordered into blocks and are “delivered” from an ordering service to peers on a channel
- Peers validate transactions against endorsement policies and enforce the policies
- Prior to appending a block, a versioning check is performed to ensure that states for assets that were read have not changed since chaincode execution time
- There is immutability once a transaction is validated and committed
- A channel’s ledger contains a configuration block defining policies, access control lists, and other pertinent information
- Channels contain
Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities
See the Ledger topic for a deeper dive on the databases, storage structure, and “query-ability.”
Fabric分类账的一些特点:
- 使用基于Key的查找、范围查询和组合键查询来查询和更新分类帐
- 只读查询支持多种富查询语言(如果以CouchDB作为状态数据库)
- 只读历史查询—查询Key的分类帐历史记录,支持数据来源场景
- 事务包含链码(读集)中读取的键/值版本和在链码(写集)中写入的键/值版本
- 交易包含每个背书节点的签名并提交给排序服务
- 事务排序到块里,并从排序服务“发布”到通道上的参与方
- 参与节点根据背书策略验证交易并强制执行策略
- 在追加一个块之前,将执行控制版本检查,以确保在执行chaincode之后读取的资产的状态没有更改
- 一旦一个事务被验证和提交,就不可变了
- 通道的分类帐包含一个配置区块以定义策略、访问控制列表和其他相关信息
- 通道包含
Membership Service Provider实例,以从不同的证书颁发机构加密材料
有关数据库、存储结构和“查询能力”的详细信息,请参阅Ledger主题。
Privacy
Hyperledger Fabric employs an immutable ledger on a per-channel basis, as well as chaincode that can manipulate and modify the current state of assets (i.e. update key-value pairs). A ledger exists in the scope of a channel — it can be shared across the entire network (assuming every participant is operating on one common channel) — or it can be privatized to include only a specific set of participants.
Hyperledger Fabric 使用不可篡改的分类账作为每个通道的基础,同时使用链码操作和修改资产当前状态(即更新key-value对)。分类账存在于通道范围内——既可以在整个网络中共享(如果每个参与者都在一个公共平台通道中操作)——也可以只包括一组特定的参与者以私有化。
In the latter scenario, these participants would create a separate channel and thereby isolate/segregate their transactions and ledger. In order to solve scenarios that want to bridge the gap between total transparency and privacy, chaincode can be installed only on peers that need to access the asset states to perform reads and writes (in other words, if a chaincode is not installed on a peer, it will not be able to properly interface with the ledger).
在后一个场景,这些参与者会成立独立的通道以分离或隔离他们的事务和账本。但存在打通全局透明和隐私的场景,链码可以仅安装在部分需要访问资产状态的节点上,以执行读写操作,换言之,如果链码没装在一个节点上,它将不能和账本正确交互。
When a subset of organizations on that channel need to keep their transaction data confidential, a private data collection (collection) is used to segregate this data in a private database, logically separate from the channel ledger, accessible only to the authorized subset of organizations.
Thus, channels keep transactions private from the broader network whereas collections keep data private between subsets of organizations on the channel.
当该通道上的组织子集需要保留其事务数据保密性时,使用私密数据集来隔离这些数据到一个私密数据库中,逻辑上与通道分类账分开,只能被授权的组织子集访问。
因此,通道使部分事务在广泛的网络间保持私密,而集合使数据在通道上的组织子集之间保持私密。
To further obfuscate the data, values within chaincode can be encrypted (in part or in total) using common cryptographic algorithms such as AES before sending transactions to the ordering service and appending blocks to the ledger. Once encrypted data has been written to the ledger, it can be decrypted only by a user in possession of the corresponding key that was used to generate the cipher text. For further details on chaincode encryption, see the
Chaincode for Developerstopic.
See the Private Datatopic for more details on how to achieve privacy on your blockchain network.
为了进一步混淆数据,可以使用常见的密码算法对链码中的值进行部分或全部加密,如将在将交易发送到排序服务并将块追加到分类帐前使用AES加密。一旦加密数据被写入分类帐,它只能通过拥有用于生成密文的相应密钥的用户来解密。有关链码加密的详细信息,请参阅
Chaincode for Developers主题。
有关如何实现区块链网络上的隐私的更多详细信息,请参阅Private Data主题。
Security & Membership Services
Hyperledger Fabric underpins a transactional network where all participants have known identities. Public Key Infrastructure is used to generate cryptographic certificates which are tied to organizations, network components, and end users or client applications. As a result, data access control can be manipulated and governed on the broader network and on channel levels. This “permissioned” notion of Hyperledger Fabric, coupled with the existence and capabilities of channels, helps address scenarios where privacy and confidentiality are paramount concerns.
See the
Membership Service Providers (MSP)topic to better understand cryptographic implementations, and the sign, verify, authenticate approach used in Hyperledger Fabric.
Hyperledger Fabric 巩固了所有参与者都拥有已知身份的交易网络。公钥基础设施用于生成绑定组织、网络组件和最终用户或客户端应用的加密身份,数据访问控制得以在更广泛的网络或通道级别进行维护和治理。带有“准入”概念的Fabric,加上通道的存在和能力,助力解决隐私和保密性是首要问题的场景。
请参阅
Membership Service Providers (MSP)主题以更好地理解加密实现,以及在Hyperledger Fabric中的签名、验证、认证方式。
Consensus
In distributed ledger technology, consensus has recently become synonymous with a specific algorithm, within a single function. However, consensus encompasses more than simply agreeing upon the order of transactions, and this differentiation is highlighted in Hyperledger Fabric through its fundamental role in the entire transaction flow, from proposal and endorsement, to ordering, validation and commitment. In a nutshell, consensus is defined as the full-circle verification of the correctness of a set of transactions comprising a block.
在分布式账本技术中,共识现在被视为单一函数实现的一个特定算法。其实,共识包含的不止是简单地就交易顺序达成一致,在Hyperledger Fabric中,这种区别通过在整个交易流程中的基本规则强调,从提案和背书到排序、验证和提交。简言之,共识被定义为对一组组成一个块的事务的全流程认证。
Consensus is achieved ultimately when the order and results of a block’s transactions have met the explicit policy criteria checks. These checks and balances take place during the lifecycle of a transaction, and include the usage of endorsement policies to dictate which specific members must endorse a certain transaction class, as well as system chaincodes to ensure that these policies are enforced and upheld. Prior to commitment, the peers will employ these system chaincodes to make sure that enough endorsements are present, and that they were derived from the appropriate entities. Moreover, a versioning check will take place during which the current state of the ledger is agreed or consented upon, before any blocks containing transactions are appended to the ledger. This final check provides protection against double spend operations and other threats that might compromise data integrity, and allows for functions to be executed against non-static variables.
当块中事务的顺序和结果已满足明确的策略条件检查,共识即达成。这些检查和平衡在事务的生命周期中发生,包括使用背书策略确定哪些特定成员必须背书一个特定事务类别,以及以系统链码确保这些策略被强制执行和维持。在提交之前,节点将使用这些系统链码以确保存在足够的背书,且来自适当的个体。此外,版本控制检查将在分类帐的当前状态被认可或正式发布期间,在将包含交易的任何块追加到分类帐之前进行。最终检查可防止双花和其他可能破坏数据完整性的威胁,并允许函数对非静态变量执行。
In addition to the multitude of endorsement, validity and versioning checks that take place, there are also ongoing identity verifications happening in all directions of the transaction flow. Access control lists are implemented on hierarchical layers of the network (ordering service down to channels), and payloads are repeatedly signed, verified and authenticated as a transaction proposal passes through the different architectural components. To conclude, consensus is not merely limited to the agreed upon order of a batch of transactions; rather, it is an overarching characterization that is achieved as a byproduct of the ongoing verifications that take place during a transaction’s journey from proposal to commitment.
Check out the
Transaction Flow diagram for a visual representation of consensus.
除了大量的背书、验证和版本检查之外,身份验证也在所有事务流的方向进行。访问控制列表在网络各层实现(从排序服务向下到通道),交易内容在交易提案通过不同架构模块时被反复签名、验证和验证。总之,共识不只是限于一批交易顺序的认同,相反,它是超越架构的特征,是通过对事务从提案到提交全过程的认证而获得的。
查看
Transaction Flow可以看到共识的可视化展现。