Reputation: 645
How do I make a transaction in Hyperledger Sawtooth private?
Is there a way to make transactions in SawTooth private?
I know HyperLedger Fabric has "channels" and Quorum has private transactions, so looking for something similar but don't see it:
https://sawtooth.hyperledger.org/docs/core/releases/latest/architecture.html
Of course theoretically one could implement encrypt/decrypt process, but this cumbersome to track (if it is an encrypted or decrypted payload)
Upvotes: 2
Views: 1121
Answers (3)
Reputation: 23
We can use Private Transaction Families provided by the Hyperledger labs.
https://github.com/hyperledger-labs/private-transaction-families
The system is based on a generic distributed ledger infrastructure (Hyperledger Sawtooth) and an Intel® SGX (Software Guard Extensions) 'hardened' Transaction Processor which provides a mechanism to enable Hyperledger Sawtooth to contain private information that is both not publicly available but required to validate transactions.
For more information about how Private Transaction Families work, see the following link
https://github.com/hyperledger-labs/private-transaction-families/blob/master/SPECIFICATION.md
Upvotes: 0
Reputation: 2345
There is an experimental feature called Sawtooth Private Data Objects (PDO). Blockchain objects that are kept private through encryption.
For more information, see https://github.com/hyperledger-labs/private-data-objects/tree/master/sawtooth For docs, see links in this tweet: https://twitter.com/kellymolson/status/1019299515646406656
Alternatively, you can encrypt your payload so others without a private key cannot see it in the blockchain. Or you can just store a hash/checksum in your payload.
Upvotes: 1
Reputation: 2627
Since Sawtooth is permissioned it is possible to set up users that have different roles and access rights. This would allow you to create transactions that are private to specific identities.
You can configure a validator to only accept transactions from identities listed in a local config file. Or, use the identity namespace to set the allowed identities, which will be checked when a transaction is received from a client or when a block is validated.
See the identity transaction family for more details of how Sawtooth manages identities and permissions:
The identity system described here is an extensible role and policy based system for defining permissions in a way which can be utilized by other pieces of the architecture. This includes the existing permissioning components for transactor key and validator key, but in the future may also be used by transaction family implementations.
The identity namespace:
- Encompasses ways to identify participants based on public keys
- Stores a set of permit and deny rules called “policies”
- Stores the roles that those policies apply to
Upvotes: 2
Related Questions
- Sawtooth transaction processor not respond to the ping
- hyperledger sawtooth submit transaction error "Tried to get unauthorized address" with status invalid
- Hyperledger Sawtooth Read Permisions
- Sawtooth Transaction Families Interactions
- how to configure hyperledger sawtooth permission
- How to save in a safely way private keys in Hyperledger Sawtooth?
- How to Query Transaction on Hyperledger Sawtooth?
- Hyperledger Sawtooth - Preflight error while submitting transaction
- Sawtooth Transaction Processor message
- Starting with sawtooth xo transaction