-
Blockchain-Based, Confidentiality-Preserving Orchestration of Collaborative Workflows
Authors:
Balázs Ádám Toldi,
Imre Kocsis
Abstract:
Business process collaboration between independent parties can be challenging, especially if the participants do not have complete trust in each other. Tracking actions and enforcing the activity authorizations of participants via blockchain-hosted smart contracts is an emerging solution to this lack of trust, with most state-of-the-art approaches generating the orchestrating smart contract logic…
▽ More
Business process collaboration between independent parties can be challenging, especially if the participants do not have complete trust in each other. Tracking actions and enforcing the activity authorizations of participants via blockchain-hosted smart contracts is an emerging solution to this lack of trust, with most state-of-the-art approaches generating the orchestrating smart contract logic from BPMN models. However, as a significant drawback in comparison to centralized business process orchestration, smart contract state typically leaks potentially sensitive information about the state of the collaboration.
We describe a novel approach where the process manager smart contract only stores cryptographic commitments to the state and checks zero-knowledge proofs on update proposals. We cover a representative subset of BPMN, support message passing commitments between participants and provide an open-source end-to-end implementation. Under our approach, no party external to the collaboration can gain trustable knowledge of the current state of a process instance (barring collusion with a participant), even if it has full access to the blockchain history.
△ Less
Submitted 4 November, 2023; v1 submitted 18 March, 2023;
originally announced March 2023.
-
Porting a benchmark with a classic workload to blockchain: TPC-C on Hyperledger Fabric
Authors:
Attila Klenik,
Imre Kocsis
Abstract:
Many cross-organization cooperation applications of blockchain-based distributed ledger technologies (DLT) do not aim at innovation at the cooperation pattern level: essentially the same ''business'' is conducted by the parties, but this time without a central party to be trusted with bookkeeping. The migration to DLT is expected to have a negative performance impact, but some DLTs, such as Hyperl…
▽ More
Many cross-organization cooperation applications of blockchain-based distributed ledger technologies (DLT) do not aim at innovation at the cooperation pattern level: essentially the same ''business'' is conducted by the parties, but this time without a central party to be trusted with bookkeeping. The migration to DLT is expected to have a negative performance impact, but some DLTs, such as Hyperledger Fabric, are accepted to be much better suited performance-wise to such use cases than others. However, with the somewhat surprising, but ongoing absence of application-level performance benchmarks for DLTs, cross-DLT comparison for "classic" workloads and the evaluation of the performance impact of "blockchainification" is still ill-supported. We present the design and Hyperledger Caliper-based open implementation of a full port of the classic TPC-C benchmark to Hyperledger Fabric, complete with a structured approach for transforming the original database schema to a smart contract data model. Initial measurements about the workload characteristics that will affect the design of large-scale performance evaluations are also included.
△ Less
Submitted 21 December, 2021;
originally announced December 2021.
-
Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts
Authors:
Ákos Hajdu,
Naghmeh Ivaki,
Imre Kocsis,
Attila Klenik,
László Gönczy,
Nuno Laranjeiro,
Henrique Madeira,
András Pataricza
Abstract:
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects or faults in these c…
▽ More
Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects or faults in these contracts has notably been the cause of failures, including severe security problems. In this paper, we use a software implemented fault injection (SWIFI) technique to assess the behavior of permissioned blockchain systems in the presence of faulty smart contracts. We emulate the occurrence of general software faults (e.g., missing variable initialization) and also blockchain-specific software faults (e.g., missing require statement on transaction sender) in smart contracts code to observe the impact on the overall system dependability (i.e., reliability and integrity). We also study the effectiveness of formal verification (i.e., done by solc-verify) and runtime protections (e.g., using the assert statement) mechanisms in detection of injected faults. Results indicate that formal verification as well as additional runtime protections have to complement built-in platform checks to guarantee the proper dependability of blockchain systems and applications. The work presented in this paper allows smart contract developers to become aware of possible faults in smart contracts and to understand the impact of their presence. It also provides valuable information for middleware developers to improve the behavior (e.g., overall fault tolerance) of their systems.
△ Less
Submitted 22 October, 2020; v1 submitted 20 June, 2020;
originally announced June 2020.
