Hyperledger Fabric v1.4(LTS) 系列(3.11)：关键概念-Private data

Key Concepts-Private data

• Introduction
• Hyperledger Fabric Functionalities
• Hyperledger Fabric Model
• Blockchain network
• Identity
• Membership
• Peers
• Smart Contracts and Chaincode
• Ledger
• The Ordering Service
• Private data
• Use Cases

Private data

What is private data?

In cases where a group of organizations on a channel need to keep data private from other organizations on that channel, they have the option to create a new channel comprising just the organizations who need access to the data. However, creating separate channels in each of these cases creates additional administrative overhead (maintaining chaincode versions, policies, MSPs, etc), and doesn’t allow for use cases in which you want all channel participants to see a transaction while keeping a portion of the data private.
如果一个通道上的一组组织需要让自己的数据对该通道上的其他组织保密，他们可以选择创建一个新的通道，该通道只包括需要访问数据的组织。但是，在每种此类情况下都创建单独的通道会产生额外的管理开销（维护链码版本、策略、MSP等），并且无法在所有通道参与者在保持部分数据私有的情况下看到事务。

That’s why, starting in v1.2, Fabric offers the ability to create private data collections, which allow a defined subset of organizations on a channel the ability to endorse, commit, or query private data without having to create a separate channel.
这就是为什么从v1.2开始，Fabric提供了创建私有数据集的能力，这允许在一个通道上定义组织的子集，在不需要创建单独通道的情况下背书、提交或查询私有数据。

What is a private data collection?

A collection is the combination of two elements:
集合是两个元素的组合：

1. The actual private data, sent peer-to-peer via gossip protocol to only the organization(s) authorized to see it. This data is stored in a private state database on the peers of authorized organizations (sometimes called a “side” database, or “SideDB”), which can be accessed from chaincode on these authorized peers.The ordering service is not involved here and does not see the private data. Note that because gossip distributes the private data peer-to-peer across authorized organizations, it is required to set up anchor peers on the channel, and configure CORE_PEER_GOSSIP_EXTERNALENDPOINT on each peer,in order to bootstrap cross-organization communication.
   1。实际的私有数据，将通过gossip协议点对点地发送给被授权查看的组织。此数据存储在授权组织节点的私有状态数据库(有时称为“side”数据库或“sidedb”)中，可以被授权节点上的链码访问。此处不涉及排序服务，也看不到私有数据。请注意，由于gossip在授权组织之间点对点地分发私有数据，因此需要在通道上设置锚节点，并在每个对等上配置CORE_PEER_GOSSIP_EXTERNALENDPOINT，以便引导跨组织通信。

译注：
CORE_PEER_GOSSIP_EXTERNALENDPOINT 直译就是核心节点的GOSSIP外部终结点，可以视为TCP/IP协议下的网关

2. A hash of that data, which is endorsed, ordered, and written to the ledgers of every peer on the channel. The hash serves as evidence of the transaction and is used for state validation and can be used for audit purposes.
   2。数据的散列值，该散列值已被背书、排序并写入通道上每个对等节点的分类账中。哈希用作事务的证据，用于状态验证，并可用于审计目的。

The following diagram illustrates the ledger contents of a peer authorized to have private data and one which is not.
下图说明了被授权和未被授权拥有私有数据的对等节点的分类帐内容。

Collection members may decide to share the private data with other parties if they get into a dispute or if they want to transfer the asset to a third party. The third party can then compute the hash of the private data and see if it matches the state on the channel ledger, proving that the state existed between the collection members at a certain point in time.
如果成员遇到争议或想要将资产转让给第三方，他们可以决定与其他团体共享私人数据。然后，第三方可以计算私有数据的散列值，并查看它是否与通道分类账上的状态匹配，从而证明在某个时间点成员集合之间存在该状态。

When to use a collection within a channel vs. a separate channel

• Use channels when entire transactions (and ledgers) must be kept onfidential within a set of organizations that are members of the channel.

• Use collections when transactions (and ledgers) must be shared among a set of organizations, but when only a subset of those organizations should have access to some (or all) of the data within a transaction. Additionally, since private data is disseminated peer-to-peer rather than via blocks, use private data collections when transaction data must be kept confidential from ordering service nodes.

• 当整个交易（和分类账）必须在属于通道成员的一组组织内保持一致时，请使用通道。

• 当事务（和分类帐）必须在一组组织之间共享，但只有这些组织的一个子集可以访问事务中的某些（或全部）数据时，使用集合。此外，由于私有数据是通过点对点而不是通过块传播的，因此在必须让事务数据对排序节点保密的情况下，使用私有数据集。

A use case to explain collections

Consider a group of five organizations on a channel who trade produce:
考虑一个通道上有五个组织从事农产品贸易：

• A Farmer selling his goods abroad

• A Distributor moving goods abroad

• A Shipper moving goods between parties

• A Wholesaler purchasing goods from distributors

• A Retailer purchasing goods from shippers and wholesalers

• 农民在国外销售他的商品

• 经销商将货物运往国外

• 承运人在双方之间移动货物

• 批发商从经销商处采购货物

• 零售商从承运人和批发商处采购货物

The Distributor might want to make private transactions with the Farmer and Shipper to keep the terms of the trades confidential from the Wholesaler and the Retailer (so as not to expose the markup they’re charging).
经销商希望与农民和承运人进行私密交易，以让交易条款对批发商和零售商保密（以免暴露他们收取的加价）。

The Distributor may also want to have a separate private data relationship with the Wholesaler because it charges them a lower price than it does the Retailer.
分销商也可能希望与批发商建立独立的私有数据关系，因为它向批发商收取的费用比向零售商收取的费用更低。

The Wholesaler may also want to have a private data relationship with the Retailer and the Shipper.
批发商也可能希望与零售商和承运人建立私有数据关系。

Rather than defining many small channels for each of these relationships, multiple private data collections (PDC) can be defined to share private data between:

1. PDC1: Distributor, Farmer and Shipper
2. PDC2: Distributor and Wholesaler
3. PDC3: Wholesaler, Retailer and Shipper
   为了在下列主体间共享私有数据，可以定义多个私有数据集 (PDC) ，而不是为这些关系定义多个小通道：
4. PDC1: 经销商、农民和承运人。
5. PDC2: 经销商和批发商
6. PDC3: 批发商、零售商和承运人

Using this example, peers owned by the Distributor will have multiple private databases inside their ledger which includes the private data from the Distributor, Farmer and Shipper relationship and the Distributor and Wholesaler relationship. Because these databases are kept separate from the database that holds the channel ledger, private data is sometimes referred to as “SideDB”.
使用此示例，经销商拥有的对等节点在其分类账中会有多个私有数据库，其中包括来自经销商、农民 和 承运人 关系以及经销商和批发商关系的私有数据。因为这些数据库与持有通道分类账的数据库是分开的，所以私有数据有时被称为“SideDB”。

Transaction flow with private data

When private data collections are referenced in chaincode, the transaction flow is slightly different in order to protect the confidentiality of the private data as transactions are proposed, endorsed, and committed to the ledger. For details on transaction flows that don’t use private data refer to our documentation on transaction flow.
当私有数据集在链码中被引用时，为了保护私有数据的机密性，在交易被提案、背书并提交到分类帐时的交易流程略有不同。对于不使用私有数据的事务流的详细信息，请参阅事务流上的文档。

1. The client application submits a proposal request to invoke a chaincode function (reading or writing private data) to endorsing peers which are part of authorized organizations of the collection. The private data, or data used to generate private data in chaincode, is sent in a transient field of the proposal.
2. 客户端应用向集合中被认证节点一部分的背书节点提交了一个提案请求，以调用链码函数（读取或写入私有数据）。私有数据，或在链码中用于生成私有数据的数据，在提案的“transient”字段中发送。

译注
transient 直译是“瞬态”的意思，可以理解为暂存。参考下一段中的相关文字。

2. The endorsing peers simulate the transaction and store the private data in a transient data store (a temporary storage local to the peer). They distribute the private data, based on the collection policy, to authorized peers via gossip.
3. 背书节点模拟执行事务，并将私有数据存储在“transient数据存储”（节点本地的临时存储）中。他们根据集合策略，通过[gossip]协议(https://hyperledger-fabric.readthedocs.io/en/release-1.4/gossip.html)将私有数据分发给被授权的节点。

译注
这里可以看到对transient的解释。

3. The endorsing peer sends the proposal response back to the client. The proposal response includes the endorsed read/write set, which includes public data, as well as a hash of any private data keys and values. No private data is sent back to the client. For more information on how endorsement works with private data, click here.

4. 背书节点将提案响应发送回客户端。提案响应包括已背书的读/写集，其中包括公共数据以及任何私有数据键值对的散列值。没有私密数据发送回客户端。有关背书机制如何处理私密数据，单击此处。

5. The client application submits the transaction (which includes the proposal response with the private data hashes) to the ordering service. The transactions with the private data hashes get included in blocks as normal. The block with the private data hashes is distributed to all the peers. In this way, all peers on the channel can validate transactions with the hashes of the private data in a consistent way, without knowing the actual private data.

6. 客户端应用将事务（包括带有私密数据散列的提案响应）提交给排序服务。带有私有数据散列的事务通常包含在块中。带有私有数据散列的块被分发到所有节点。这样，通道上的所有节点都可以一致的方式使用私有数据的散列验证事务，而不必知道实际的私密数据。

7. At block commit time, authorized peers use the collection policy to determine if they are authorized to have access to the private data. If they do, they will first check their local transient data store to determine if they have already received the private data at chaincode endorsement time. If not, they will attempt to pull the private data from another authorized peer. Then they will validate the private data against the hashes in the public block and commit the transaction and the block. Upon validation/commit, the private data is moved to their copy of the private state database and private writeset storage. The private data is then deleted from the transient data store.
   5。在区块提交时，被认证的节点使用集合策略来确定他们是否被授权访问私有数据。如果他们被授权，他们将首先检查他们的本地“临时数据存储”以确定他们是否已经在链码背书时收到了私有数据。如果没有，他们将尝试从其他被认证的节点中提取私有数据。然后，他们将根据公共区块中的散列值验证私有数据，并提交事务和区块。验证并提交后，私有数据将移动到私有状态数据库和私有写集合存储的副本中。然后从“临时数据存储”中删除私有数据。

Purging private data

For very sensitive data, even the parties sharing the private data might want — or might be required by government regulations — to periodically “purge” the data on their peers, leaving behind a hash of the data on the blockchain to serve as immutable evidence of the private data.
对于非常敏感的数据，即使是共享私有数据的各方也可能希望——或者可能是政府规定要求——定期“清除”节点上的数据，只留下区块链上的数据散列值作为私有数据的不可变证据。

In some of these cases, the private data only needs to exist on the peer’s private database until it can be replicated into a database external to the peer’s blockchain. The data might also only need to exist on the peers until a chaincode business process is done with it (trade settled, contract fulfilled, etc).
在某些情况下，私密数据只需要存在于节点的私有数据库中，直到它可以复制到节点区块链外部的数据库中。数据也可能只需要存在于节点上，直到链码业务流程完成（贸易结算、合同履行等）。

To support these use cases, private data can be purged if it has not been modified for a configurable number of blocks. Purged private data cannot be queried from chaincode, and is not available to other requesting peers.
为了支持这些用例，如果私密数据还没有被，则可以被清除。无法通过链码查询已清除的私有数据，其他发起请求的节点也无法使用这些数据。

How a private data collection is defined

For more details on collection definitions, and other low level information about private data and collections, refer to the private data reference topic.
有关集合的定义以及其他有关私密数据和集合的底层详细信息，参阅私有数据指导主题。