Privacy laws increasingly require some types of data to be erased at user request, according to GDPR and related regulations. We have developed a secure distributed trust solution for networks using Next-Generation Database Access Control (NDAC) and the Data Block Matrix (DBM), with an open source implementation of the DBM using Hyperledger Fabric. This Hyperledger Fabric component solves the conflict between conventional blockchain use and privacy regulations, by using a data structure that provides hash-based integrity protection, like conventional blockchain, but meets ’right to erasure’ requirements. It may thus be useful for GDPR compliance and other privacy policy support.
For more on the data block matrix, see project site: Enhanced Distributed Ledger Technology
To obtain the source code distribution, please send request to Josh Roberts, joshua.roberts@nist.gov, with your name and organization.
Blockmatrix functions have been integrated with Hyperledger Fabric, making it possible to use Hyperledger in a broader range of applications. Applications that currently use Hyperledger Fabric will be able to function without change, with blockmatrix components providing distributed ledger functions in a transparent manner. To support privacy requirements for deleting private user information, data blocks containing PII can be deleted offline, or functions can be added to the application with appropriate access control for administrators or users as determined by the organization. - Redactable Distributed Ledger (pdf) - IEEE Global Emerging Tech, Blockchain, 2022 and IEEE Istanbul Blockchain, 2022 - A Distributed Ledger Technology Design using Hyperledger Fabric and a Clinical Trial Use Case (pdf) - IEEE Software Tech Conf, 2022 - Blockchain vs. Blockmatrix and Hyperledger Implementation (mp4) - IEEE 5G & Blockchain Summit, 2021 - Blockmatrix Data Structure and Hyperledger Implementation - ETSI, 2021 |
|
We implemented the DBM using Hyperledger Fabric (HF) (https://www.hyperledger.org/use/fabric), an open source, permissioned blockchain (not publicly accessible) framework project from the Linux Foundation. It was forked (copied) into a repository and modified to store data identical to a DBM.
Hyperledger Fabric was identified as the best open source blockchain solution to implement the features of the DBM. HF blocks consist of a header and data. The block data contains transactions that are represented as read-write sets operating on key-value pairs stored on the ledger. The block header contains the hash of the block data and other metadata. To achieve the DBM functionality in Hyperledger Fabric, we modified the blockstorage module to provide a drop-in compatible component.
- Hyperledger is widely-used open source project started by IBM, Intel, and SAP - intended for large distributed systems
- Blockmatrix to be dynamic, increasing capacity as more blocks are added
- Designed to use existing API as closely as possible – add blocks in same manner as adding to blockchain
- Minimal code changes - Changes primarily in blkstorage package, reducing potential for errors and easing future updates and maintenance
- Use of the blockmatrix is configurable at the channel level
- User can configure to use conventional blockchain or blockmatrix
- If a deployment uses two channels, one can be a blockchain and the other can be a blockmatrix
- Enlarge the market for blockchain
- Solve the conflict between blockchain and privacy regulations
- Allow for exception management
- Replace network communication with local data
- You can obviously do this with conventional database functions, but
- New data structure adds integrity checks as in blockchain
Hyperledger Fabric implementation concepts:
- Membership Service Provider (MSP): Connects with federation user authentication mechanism.
- Member: An organization in the federation.
- Identity: Two types of identities: (1) HF, and (2) NDAC. The HF Identity is used by the MAC administrator within each RP.
This user has direct access to the DBM and can read and write to the DBM. The NDAC Identity is automated and only reads from the DBM.
- Channel: A channel is a DBM (ledger) and will be limited to the members conducting transactions on a particular peer node.
- Client: A portal to access a peer node and submit a transaction.
- Peer node: Commits transactions and has a copy of the DBM ledger.
- Certificate Authority (CA): tracks user enrollment (identities).
- Each relying party is a “member”. Each member joins the “channel” to get a copy of the DBM ledger.
- To add members, the MAC administrator = HF Identity.
- Each member registers one HF Identity and multiple NDAC identities
- The HF identity uses the client shown in 5 to set attributes inside the DBM: setAttributes(): accesses the hardcoded
catalog/static table via a chaincode.