 I'll drop the live stream link when it's okay your life okay super thanks a lot so hi everybody this is Hyperledger Budapest this is a meet-up from Minux Foundation focusing actually on the construction blockchain technology and and you know I mean it's basically free sharing meet-up so everybody is welcome to bring any topic I mean related to to construction blockchains of course especially especially products of the Hyperledger Umbrella and the incubation. We're gonna have today two presentations the first is from Dior Balaji independent digital strategy consultant and WXperf he's gonna have actually a very good presentation on the possibilities of of having demo a rapid application development tool instead of instead of a fabric composer and the second presentation will be will be will be done by me it will be some singles with deep drive I mean not so deep but but deeper than than healthy I would say so deep dive into the into the fabric keys and certificates and and access control and stuff like that so this was actually the brief presentation I hope people wanting to see this this meet-up joining slowly so I would say I would give the I mean the stage for for for duty and then during the the stage the floor is yours thank you very much I'm starting to I would start sharing my screen if it was possible so can you give me the ride to share my screen you should be able to share the previous person needs to unshare first no it's good okay so my name is Dior Balaji and the topic will be the fabric composer what it's a it's design principles and ambitions was why was it relevant and why is it still relevant I'm I'm using past tense because it has been deprecated a few years ago it was a relatively short-lived project but but its existence proves that there is something something important the people behind this project that tried to fulfill and I'm comparing the promise of this fabric composer platform to a relatively new other platform which is a smart contract platform called demo VAML and I also have among us a community manager from the company behind demo Anthony Lucardi he promised me to help out with with questions so he will interrupt me when he sees that there are relevant questions in the chat so please type your questions on the fly to the to the chat and Anthony will help us to time the answers yes okay oh no I said I sure will I'm just practicing interrupting you now for later so I have prepared a few demo files you will be able to find these in this Github repo and then then I start so as a summary of my of my message of my message so there was this fabric composer platform which was which has had the mission to make it easy to build distributed business applications and I think on one hand it's a sad thing that it has been deprecated but it has shown us an important development area and I think the promise of of composer is fulfilled by the demo smart contract platform which is also which can also be used on top of hyper ledger fabric and many other blockchains and centralized databases as well the company behind the demo is no stranger to the hyper ledger project they donated actually the name hyper ledger and the original code base of fabric to the project and da is also not stranger to Budapest they have an office here among other locations worldwide so my my storyline will be I will elaborate on on my specific POV my specific point of view because it might be different from yours and because your perspective is your reality it might mean that you you you see things different differently than I and I see but I think this point of view is relevant in this topic because it is it seems to be very similar to the people who who created the the fabric composer framework and I will be a bit speaking a bit about what are distributed applications so I I would like to stress a few aspects of distributed applications because this is the super category of of the platforms we are speaking about like blockchain distributed ledger technology then I will elaborate on a bit more detail what actually the fabric composer was for those of you who don't know that platform or didn't use that platform or don't remember so so well what it was and how it was used and then I will come to the most exciting part of my presentation at least for me so I will do some live coding and I will demonstrate one key feature of the demo smart contract platform this is the proposed accept pattern and I will show you how we can create real real contract like objects in demo actually signed by several parties and then I will show you which are the platforms on which demo can be used one of them is fabric but there are several other platform as mentioned and you can ask questions then or or Anthony will see the comments maybe he will interrupt me on the fly so my specific point of view so some of you might be enterprise architects I think and some of you and and those people who who are working as enterprise architects think in terms of containerization orchestration event sourcing reactive programming certificate authority as as Daniel will elaborate on but my point of view is something slightly different and is closer to to the business applications so I would say I'm an economic network architect so my goal is to implement transaction networks which encompass several companies or government agencies and I I like to think in terms of economic networks need to know basis GDPR within that specifically the right to be forgotten principle and delivery versus payment power of attorney and and things like that so this perspective is as mentioned more it's closer to the to the business needs and it it represents a another abstraction layer than the typical concerns of enterprise architects and as mentioned I think this perspective is similar to to the perspective of of the people behind the composer so what are distributed applications my my next question so if you think about it distributed applications are older than computers or or computer networks or the internet so I would even say distributed applications are as old as as mankind so businesses are over distributed so if you think about it when you sign a contract you never sign a contract in one one copy you always sign several copies and identical copies of the same contract get signed by several several stakeholders or counterparties and these paper contracts we we are speaking about before the computer age so these paper contracts get distributed among among the the stakeholders and make up a kind of virtual shared ledger together on the left hand side of this of this slide I have put an interesting picture this is a mechanical device which is you which was used by president Jefferson and it's called a polygraph and he used this for for the purpose of copying every outgoing letter so that he can he can he can preserve a copy of the letters he has sent and this this virtual shared ledger which consists of of contract copies is supported by the judicial system so it doesn't stand in itself so it is part of a a system of of institutions as well so when we switch from paper to digital then things get more interesting for us because we are IT experts and we think think in terms of IT systems and I would like to emphasize one important aspect of of distributed applications namely that there is a clear distinction between what is inside and what is outside of this this network or a distributed application or as it's called on this diagram a virtual shared ledger and it's important important that the client applications which are connected to the to the network or the distributed applications are not part of this application that they are not controlled by the network itself so they can even be adversely the network or the shared ledger or distributed application itself consists provides the users with pair-portive views which are not necessarily identical to each other so it's it's usually not not the same so the privacy rules dictate different projections of the same information to several participants. Examples of these kind of distributed IT systems already I'm not speaking about anymore about the paper contract systems so such IT systems are stock exchange online forecast supply chain and there are a lot of a lot of other examples so now I'm coming to the point of what was the purpose and the design principle of this fabric component and before going to that I would like to share a a view my experience on how usually the standalone fabric platform is used so the standalone fabric platform in terms of application development provides two basic functions this is get state to read the state of the ledger and put state to write the state of the ledger and basically everything else must be written from scratch in terms of in terms of chain code which implements the direct the direct connection with the ledger and client applications which which are which are at the other side of the of the of the API and I have the observation that the standalone fabric is typically used as a I would say a registered digital to cubemail so it is used to usually to move information from one participant to another or or more other participants in a safe and controlled and auditable way and the transaction logic is often implemented client side which I think is a a problem because of what I have emphasized formerly about distributed applications so if we put substantial parts of the business logic outside of of the of the common application so the so the so the client side we are we cannot be really sure that these client applications operate in in concert with the with the with the with the distributed common application so so there is there there seems to be a missing piece or or a missing link here between the IT platform and the business application business applications and it seems that the people behind the fabric composer felt this this this missing link and they wanted to create a platform which feels in this missing missing link between the fabric platform itself the IT platform and the business hierarchy yes Arnold had a comment in the chat I think in respect to some logic the ending up in client applications and they said that it's clearly not always true it's up to the application in chain code developers can you maybe talk a little bit about that uh could could you repeat the question please uh yeah they said it's clearly not always true that some of the logic would end up I if I'm understanding correctly if some of the logic would end up in the client's application it's up to the application in chain code developers essentially yes that's that's that's true of course um I'm uh so I I'm not I'm not stating that this is this is always always the true that the transaction logic is implemented client side but I have seen several examples for that and I have seen several applications where where the fabric platform itself was was only used for for like a notary service so I'm not not stating this is this is always the case but there's a tendency for that I think yeah I think to your point you're just saying that demo makes these separations of concerns a lot more explicit which I think is very useful and it kind of encourages developers down a happier path uh I would I would say yes yes thank you oh and Greg it just asked isn't composer deprecated yes um so this this diagram uh was taken from a presentation uh from from the early days of the composer platform and it shows how the underlying fabric network is extended by this by this upper layer so the underlying fabric infrastructure uses concepts like key values store chain code peers consensus and the the the layer built on top of the of that consists already of business uh abstractions like like participants participant identity assets uh like in this uh so this example represents a car auction network where we have we have cars as assets and car listings when the owner offers up the car for an auction so these are the main basic assets and the participants are the car owner who can who can list the car we have potential buyers who make offer for the car and and the auctioneer who conducts this who organizes this uh whole auction so these kind of business so we we we are speaking about these kind of business networks and the so I find important the abstractions so so these are the these are the kind of business related or business friendly abstractions that were supported by the fabric composer platform and are also supported by the demo smart contract platform so there there was actually one aspect of this fabric composer framework which was not so much convenient uh namely that you had to create several files with several uh syntaxes uh in order to implement this kind of uh business network so there is a model file uh which uh contains the assets the participants the transactions there is a separate file which in which you had to actually write in javascript the transaction functions and there was a third separate file which consisted of the of the access control rules which regulate who can do what so who among these participants can do what with these assets listed in the in the model file and there was no very convenient way of checking the consistency of these files and in this respect at least demo seems to be more convenient because uh as I will show you you can put all these things in in in one consistent in one consistent syntax and you can you have a consistency check checks in terms of of type checking so actually you can find the original files of these car option network in a github repo so you can see I have also I can I can also show you how these files look like in reality so for this car auction network this is the this is the model file and you can specify participants and assets in in in in in a in an object object oriented manner you can as in in many other programming languages as as fields of an object and you can also specify links between several kinds of of of assets and and and participant so the other file is the actual javascript code which implements those transactions which are uh listed in the in the model file in this case uh there are two transactions uh offer and close bidding and the actual functions which implement these these transactions uh had to be written separately in in this javascript file and the third part of of of the system is a an access control file which is a another different syntax where you could specify these access control rules where it is stated which participants can do what with which resources so in this case for instance a a member so what a member can do with a resource which is a vehicle so this is a this is how this this platform worked and I was doing some research about why actually it was it was deprecated and I have found an interesting document for this this was a a composer technical stealing committee update and it it it explains in detail what the design principles and and and and and the reasons for deprecating of this platform uh and interestingly one of the so there were two main goals of this platform one of them was to improve developer experience which I think they could pull off and they also set a a big goal because they wanted to support multiple uh blockchains not uh just uh the hyper ledger uh fabric and uh another nice thing about uh uh fabric composer was that uh unlike fabric it had a rest api which which the the standalone fabric platform doesn't have and as a result of of uh fabric composer there were many pocs but as the authors have stated there were few production applications which were which were created using this platform and they identified two problems behind that and one of them was that um uh in parallel to the to the standalone uh fabric uh the composer represented a different uh programming model and many many developers thought that they have to choose one or the other and and many many programmers choose choose the traditional uh fabric chain quote development programming model and the other reason uh and the other problem which led ultimately to the deprecation of the platform is was that uh it turned out to be difficult to keep up with the fabric features um uh e.g. uh the the private the collection features uh of uh hyper ledger so this is uh what I was bringing up um uh with with the fabric composer and now I I'm coming to the to the point where I'm um going to show you um the alternative or or or the the platform which I think can be a good substitute of of this business friendly application development platform and now I will go to some some live coding so um um I have to say I've never done this before and then I'm very exciting to do it to do that I did a few rehearsals and then I hope I won't do many mistakes so the focus of this this this live coding session will be that I will show you how on this demo platform you can implement contracts which are signed by several parties and before doing that um I I want to mention some some general um uh some general general features of this this smart contract mental model which which is behind uh the demo platform so uh in demo the basic concepts we have are parties like in in the fabric composer and uh the platform is very much focusing on uh implementing rights and obligations and its ambition is to implement the principles of contract law and a privacy model together with that which which is which is the need to know basis so that information is only disclosed to those parties who actually have to do something with that information. Other details of the of the demo ledger model you can read in the in the demo ledger model section of the of the demo documentation and now I actually come to the to the live demo and now I would like to show you how we can implement an agreement contract which I already started to write in this file and so this is how in general a a demo contract template looks like maybe it's a missing piece of information that in demo um we have a different terminology uh from let's say ethereum so in demo uh we we call contract the actual uh piece of of ledger items which are created um based on uh demo templates and the the demo code consists of these contract templates and so when when writing a demo code we often write the contract templates alongside with scripts which actually demonstrate and test how the ledger transactions based on these contract templates look like and what what the result of these ledger transactions will be so in the background so what what you can see here is called the demo studio this is a vscode extension and in the background of this a ledger sandbox is running which simulates the ledger transaction validation and the error messages signal the fact when a when a ledger transaction would be rejected by an actual demo ledger and what we can see here is that I started to write an agreement template very for a very simple contract this contract only says that we have two parties we have party a and party b uh the contract should be signed by party a and party b in order to be created and it only says it only has an agreement text text which is a parametric text and when the contract is created the text says that in in our case Alice and Bob are good friends so this is a very very basic contract template but we have a problem with that so this red sign and the error message state that this that the creation of this contract which is written here in this line so this line states that Alice wants to submit a create a transaction with the parameters stating that the party a of the agreement should be Alice and the party bay parameter of the contract should be Bob and uh and the contract template states that the can you argue can you just make the text a little bigger it's actually a little hard to see okay I appear okay is it better now yeah that's that's a bit better or shall I try even more so uh as stated we are we are demonstrating alongside with writing the the contract template with a script and we have allocated the parties on the ledger called Alice Bob and Carol and we have stated that we call Alice party a we call be both party b and Carol party c and this is the line which says that Alice tries to create this agreement with these parameters party a equals Alice party bay equals Bob and we have this error message stating that this transaction is rejected by by the ledger because Bob's authorization is missing which is quite understandable we can try to improve the situation if we delete from the from the template that this contract needs the authorization of Bob and in this case we can see that actually the ledger would accept this transaction and would create this agreement contract but the problem is that this is not the contract we want to see because this is not a contract signed by two parties this is just signed by by by one party and this dilemma seems to be very difficult because we have we have the challenge of signing a contract by two different parties and what the demo platform offers as a solution is this proposed accept pattern and for this I need to create another contract template which is a template which is an a proposal contract with basically the same parameters and I I put back here so part so the agreement contract should be also signed by a party b and now we have a proposal template and an agreement template and in the script if we change the template name from agreement to proposal then we can see that Alice actually can create this proposal contract and this can be seen on this part of the screen so actually this demo studio has the nice feature that it actually shows you the result of ledger transaction proposals or attempts. Now we have a valid proposal contract and an agreement contract which we would like to create but we have the challenge to connect these two things together and the demo solution to this is that we can put so-called choices into demo contracts and we can extend the proposal contract template so that we say that we will have a choice which has a controller so controller party b which will be Bob can do something the name of the choice which will be exercised is proposal underscore accept this is a convention which indicates that we are defining a and the choice on the proposal contract which with the content of accepting this proposal and we also have to specify the return type of this choice and the return type is usually a contract ID of the created contract and we want the agreement contract to be created so this is the choice name and return type and what the choice actually does we put into a so-called do black and in this case the result of exercising this choice will be simply creating an agreement contract with the parameters which are already specified so we want to be created this agreement contract so that the party a parameter of the agreement contract shall be identical with the party a parameter of the proposal contract and the party b field should be identical with the value of the party b parameter of the proposal contract and now we can see in the result screen that actually okay we cannot see because I have didn't extend the script yet so we can see here just the first step that the proposal contract has already been created as a result of Alice creating it and now we put here another step which means that submit barb and this case this will not be a create command but an exercise command we have to specify which is the contract on which we exercise the choice and that's that will be the proposal contract we have just created and we also have to specify the choice which will be exercised by Bob and this is the proposal accept choice and now we can see that the result of these two steps so in the in these scripts these are two these are the emulation of two ledger transactions we can see that as a result of these two steps and agreement contract has been created instead of the proposal contract which was the first step and if we want to see the evolution of the contracts we can also specify that we want to see the archived contracts and in this case with this setting we can make visible that there was actually the proposal contract before the second step but it has already been archived and there is another interesting option in this screen namely we can specify that we want to see the detailed disclosure of these contracts and the disclosure can be seen in this part of these of these tables and this shows that the proposal contract was signed by Alice so Alice was a signatory this is something we knew because this is how we created the script and Bob was an observer on this contract we didn't specify this but we specified that Bob should be a controller of a choice on this contract and this is why the demo platform makes Bob automatically an observer on this contract and I'm going to show you another interesting part of this disclosure mechanism because this kind of observer is called implicit observer on the demo platform but we can specify observers explicitly so I specify a third party on this proposal contract and I will say that this third party which will be Carol this third party should be an observer on this contract and we can see what happens with this double dot shorthand we already made sure that Carol will be substituted in the place of party C at the creation of this proposal contract so that's why we can see here Carol and not only here but in the proposal contracts we can see that Carol was also an observer just like Bob but it was it's a different situation because Carol is not an implicit observer but an explicit observer we explicitly told in the contract template that we want this proposal contract this close to Carol but there is an interesting consequence of this observer status because in the agreement contract template we didn't say anything about Carol we didn't say in the agreement contract template that we want Carol to be an observer of the contract instance but due to the privacy model of the demo platform Carol was made automatically observer of this the created agreement platform more specifically not an observer but a witness and this is called witness because it's neither an implicit observer nor an explicit observer it's the witness it's actually so she's actually the witness of the creation of this contract and that's why she can also see the next stage of the evolution of this of this contract process and I don't want to spend more time or with this with this live demo but the next question would be if we wanted to spend more time on on this proposed pattern that okay we know now how to create a contract which is signed by two parties but how we archive a contract which is which has been signed by two parties because I will show that to you that the naive methods won't work so we cannot archive this contract in a simple way so let this let this be the agreement CID which is the the contract ID of the of the created agreement contract and let's try submit Alice archive command this agreement CID and we will see actually a an error message which state that this transaction would be rejected by a demo ledger because bob who is also a signatory of the agreement contract didn't authorize the archival of this contract so I think I spent a bit too much time so far this this is a a diagram showing this two-step process we have seen in detail in the developer environment so this shows that the the creation of this agreement process happened in two steps first Alice created a proposal contract in the second step bob exercised a choice on this proposal contract and as a result of these two steps an agreement contract was created where signatory is Alice and bob at the same time and what you can see on this diagram is that we the way we could implement the archival of this agreement contract that we could specify choices for Alice and Bob so that they can archive the contract unilateral okay so this was this was the proposed except pattern of the demo platform and now I continue with with information about which underlying ledgers can support the demo smart contract platform these are several blockchain platforms among them hyper ledger fabric hyper ledger sawtooth hyper ledger basu which is a which is the enterprise ethereum client it's also supported by corda vmware blockchain and this bsn is stands for the Chinese nationwide blockchain platform which has been created last year maybe and in this list you can also see centralized ledgers or or simple pre-national databases so you can use the demo smart contract platform with amazon aurora and amazon quantum ledger database as well and postgres sequel is not listed in this list but it's also available and there is a cloud-based ledger as a service developed and maintained by a digital asset where you can also uh use uh demo uh based applications and uh so the beauty of of this portability is that you can create demo models without actually deciding which underlying platform you want to use eventually so you can you can start with a with a sandbox test environment then you can deploy it on a simple relational database and later if you find it necessary you can port your application to a distributed blockchain platform this is a the architecture um uh diagram of the demo long fabric platform you can check it out uh for yourself and now please ask questions sorry for daniel but he mentioned that uh i can i can be liberal with time so uh he will not be upset if if we spend a little bit more time with my yogi uh greg was asking if anything was on gcp which i think would be google's google cloud platform uh google cloud platform i think but but please please correct me if i'm wrong the demo based applications can be deployed on several cloud platforms including google i don't know about any special uh support on behalf of of of gcp but you can deploy basically gcp does have postgres support so you can definitely do a demo on gcp over postgres and probably other things too because you probably host whatever you want on gcp yes yes i i think uh fabric ad yeah yeah so so uh so then so then the demo platform doesn't have any special require runs uh so demo runs on java virtual machine and you can use it on any platform which supports jvm which is i think all the it platforms do we have except thank you so no other questions uh no no other questions at the moment okay so i would leave you with a few hints about possible next steps if you found this topic interesting i would recommend uh to check out um the wide demo section of the of the demo website it's a it's an excellent uh summary of of the design principles and the application potential of the of the demo platform so i would recommend this as a first read definitely then you can try demo online so they have a an online playground where you can play around basically the same way as you can do in a in the vs code demo studio i i was showing to you next step if you are even more interested uh download uh demo connect which is the demo platform uh the demo SDK you can learn about demo in interactive tutorials uh you can try for yourself the demo on fabric uh driver and as mentioned uh then uh digital asset is also already maintaining a cloud-based ledger as a service platform which is called demo hub and this is also a potential deployment target and the interesting part of this demo hub is that as far as i know this is the only platform where actually the demo smart contract package is transparent for the users so if you use this platform you can actually see with your own eyes what is the underlying demo package which uh which uh specifies the transactions and it it's an excellent opportunity to to audit demo-based applications so thank you very much it was so much i wanted to share with you and uh i hand back to to Daniel uh super awesome uh thanks a lot for the great presentation uh is there perhaps any question uh regarding to demo or demo on fabric uh from the audience so i can see just the chat at the moment but actually there's not much going on so if normal question then i would propose i would just switch back to the general introduction and where basically the next presentation is from me uh it was planned to have a deep dive into fabric certificates but i would say so i mean so it's a big topic uh and then due to time limit it will be just a brief dive into the topic uh i can share video for a second but i've been working in home office for more than a year so i don't look well so i just stop sharing my video and then i concentrate on the focus so if we want if you want to understand hyperledger fabric and hyperledger certificates then we have to be over a couple of things uh so basically fabric is something which is called an enterprise system enterprise system is something that is capable to cover many different scenarios which means it can be set up with many different enterprise requirements it is of course an advantage but the problem of course is always that then it gives some complexity to the system so it's not always very simple to set up even in simple scenarios the basic idea of hyperledger fabric and actually for all for most of the blockchain is is the digital signature so usually there's a question hey we got we got blockchain it it has a lot of cryptography so it it makes some secrecy as well but this is usually a misconception so basically blockchains do not really provide secrecy do not really provide privacy there are some ongoing investigations as well but basically blockchains do have a lot of cryptography but this cryptography is usually digital signature and hash functions most of the blockchains do not have built-in privacy concepts as cryptography as secrecy as encryption so the basic idea is is digital signature i mean digital signature looks that way we got like Alice and Bob in this slide so basically Alice has a private key uh she can sign with this private key uh Bob having basically Alice's public key and then if Alice signs something with her private key uh and Bob having the public key from Alice then he can verify uh if the document or usually transaction or communication way was really signed by Alice uh so that's the basic idea of digital signature uh we get like to come on uh crypto crypto systems uh one is basically it's based the based on the RSA system so Daniel uh in chat they're saying that the voice is a little loud in the story do you maybe turn down the volume on your microphone a little bit okay yeah that might be a problem uh or if i just yeah that's much better stop shouting that that might turn out no worries you're enthusiastic yeah okay okay i get the point i get the point so let's just take a look so basically we got like two big arithmetic systems or cryptography systems uh one is basically RSA RSA is based on based on it's like you know it's a clock clock arithmetic so this is like 12 o'clock uh this is like six o'clock and so on so the basic idea is something similar that we got a one-way function uh which can be computed very easily in one way uh but it's much more difficult to compute in another way so like uh if we got this modular arithmetic then i mean having something in a modular modular arithmetic like multiplication is something which can be very easily computed in one direction but based on like a multiplication uh implicating back to the original numbers is difficult so this is a one-way function easy to compute in one way but even more difficult or very difficult to compute in another way it's actually not a not a not an mp complete problem uh but it is supposed to be very difficult to compute uh in a reverse direction and we got another one so we don't have RSA in hyperlegia or fabric uh we got something as an elliptic curve digital signature and elliptic curve cryptography so elliptic curve cryptography has something similar ideas so basically this is your elliptic curve and we can define some some some operations on that like addition and multiplication so like addition is something you get two points uh you get one line and this is the this is the third point so if this is a and this is b then this is a plus b we get something as multiplication as well multiplication is uh this is like if this is key then this is minus two key and actually this is two key so i'm not gonna go very much into the details uh the idea is basically the same so we iterate we iterate somehow on the elliptic curve in a way that it can be computed very easily in one way so like multiplicating something several times is the easy easy to compute but based on the multiplication uh implicating back to the original numbers is difficult um so basically that's somehow of the idea Greg has a question uh is RSA also in bitcoin or is this a bitcoin concept as well uh as far as i know there's nowhere to say in bitcoin uh bitcoin uses elliptic curve cryptography as well yeah i think it's sccp whatever yeah exactly so uh for some reason uh i don't know any of the blockchairs that uses basically basically RSA uh bitcoin uses elliptic curve cryptography and there's one more i think one more uh stuff there's an there's an explicit hash function in the in the in the address generation of bitcoin and the reason is for that because it makes the system more quantum computing uh resistance uh the problem is both from uh elliptic curve cryptography and RSA that they are not resistance for for compute quantum computing so you can easily compute uh both staffs both algorithms with the help of like quantum computer from like thousand thousand five hundred bits uh Greg is asking is that an ellipsis curve on the screen sorry uh so this one this one is an elliptic curve uh i mean as as as far as as far as i can draw it so this one is an elliptic curve i'm not very good at drawing something but this is supposed to be something as an elliptic curve okay the green one so uh i got probably a better uh so this one is a better one uh this is the red one and this is the elliptic curve actually on my slide and then you get here the addition actually so it's like a p plus equals minus r no sorry r i guess uh or minus r and this one is the r so actually i see if there's a quantum computer that can break uh these elliptic curves algorithms so as far as i know not at the moment uh the point is that you can break simple RSA algorithms from thousand two thousand five hundred qubits uh and as far as we know then the i mean the biggest quantum computer is something like like hundred hundred qubits uh so we still have time in this sense but you know i mean who knows perhaps uh somewhere in secure military complex there's there's even more quantum computing uh but again the state of the art is that is that RSA can be broken from thousand two thousand five hundred qubits uh elliptic curve might be or requires perhaps even a little bit more and then as far as i know the state of the art is something like uh hundred qubits uh at the moment so any other questions at this at this stage i try to take a look on the chat actually uh it's just sometimes uh difficult you know i mean just keep switching between the presentation and the and the chat so i'll basically i'll read them out as they come through but no there's no other questions at the moment for access thank you awesome cool so i mean you can just interrupt me anytime and then then just just ask your question i guess that's the most interactive way cool so basically fabric based on elliptic curve and elliptic curve digital signature uh algorithm uh you can you can choose like three different uh algorithm including uh different key size uh in your in the certificate authorities but all freeze are actually elliptic curve digital signature uh so there's there's no exception so that's signing and then one more stuff that is basically uh you have to know on high quality of fabric uh that's the basic pki public infrastructure concepts and it starts with certificate authorities so basically uh if we just look back in this original uh picture it looks that way that i mean so digital signature supposes somehow that bob uh has the public key of ellis and then bob should actually get this public key from a trusted source otherwise the whole system is is can have problems and many middle attacks so this public key we have to make sure that this public key comes really from ellis uh in the standard digital signature algorithms so one way of of having such a trusted public key exchange is to have some single certificate authority and then basically certificate authority uh this reboots public keys uh for both the recent and bob or jams uh in this sense so basically certificate authorities signs uh somehow this public keys so if you have the public keys uh from i mean if ellis has the private key from jam signed by the certificate authority or or jam has the private key from ellis signed by the certificate authorities then they can be both sure uh that they that this public key is from a valid source is from a valid authority uh so that certificate authority uh and then we get something as an x 509 certificate uh basically x 509 certificate is a standard uh standard document format for the whole public key infrastructure so this is how it looks like uh we got something as so it's it's basically a public key uh it can be actually a private key as well of there there are many x 509 certificates but in our example it is usually a public key which is signed by a certificate authority so this is how it looks like uh we get a lot of metadata here but basically the two important stuffs are we got something as an issuer and then in our example issuer is actually a hyperager fabric certificate authority so usually you get your certificates from i don't know good idea or or some some other sources but this is important then in hyperager fabric we get hyperager fabric certificate authorities uh that are usually used in most of the cases and your certificates and public keys are signed by this certificate authority uh and usually it's in terms of x 509 certificates so what we got here we got some metadata some some signature algorithm and then we get the issuer so the issuer is actually one certificate authority which is somehow associated to the org one dot example dot com and then basically this is the certificate authority dot org one dot example dot com uh it is usually is if you if you work with like fabric samples uh this is a usual setup for instance uh for the for your whole structure and for the for the certificate authorities for your certificate authorities so this is basically uh the issuer which is the certificate authority and we got a subject and then subject is is somebody having basically a public key or somebody's public key basically so at this example we got here a peer so we got a peer certificate basically which is the peer zero dot org one dot example dot com and then it is again something which is usually in fabric samples so we see that this is a peer certificate it is actually a peer identity certificate uh we can see somewhere that this is this is actually used for digital signature uh so again x so x 509 is basically a general document format that can have many different versions so you can have something as as digital signature keys as as keys for use for for tls for keys using encryption and so on and so on and usually in key usage uh and i think in one more field you find what kind of a key is that exactly so in this example this is a digital this key is used for digital signature uh and in the subject uh we can see in the organization you need that this is a peer key so this key is actually used for identifying something as a peer identity and it is signed or it is issued by an issuer which is basically our certificate authority uh let we have some i don't know if your guys are familiar with us uh i have here a very simple organization actually i i do not even have something as a certificate authority and the reason is for that uh because you have basically one tool uh which is called uh cryptogen and cryptogen is used to generate uh for you test certificates so in this very simple example uh if you have a word with like hyperlegia fabric uh you get basically the cryptoconfig and under cryptoconfig you find in a structured way all of your certificate so if i just go inside and then i just take a look like the sign set here and let me just find uh uh so if i take a look on on one certificate then it should look that way that i can take a look in the in the content of this certificate and basically we should see something similar that i show you on the screen okay so basically this is the content of hyperlegia fabric certificate uh it was generated actually by by the by the cryptogen so it wasn't directly it was like it's like a simulated hyperlegia fabric certificate authority certificate and we got here the information like the issuer it's again it's a certificate authority which is simulated in this case but usually you should have this kind of a certificate authority in your hyperlegia fabric network yeah question yeah Greg is asking uh from the example you were showing i guess is it true that two orgs with two peers each creates almost a hundred certificates or was that just perhaps not a hundred but but many yeah so if you ever take a look on basically a cryptoconfig folder then then you find a lot of certificates uh they are not always individual certificates but but there are many yeah okay so that's the reason uh you should be aware of this whole certificate stuff uh if you were with hyperlegia fabric infrastructure yeah so so you see the issuer that's the issuer here you see actually the validity uh it's like theoretically if you generate these certificates with cryptogen uh then you get uh you get the validity for for one uh for ten years uh which is which is not very practical in production scanners and then if you generate for cryptogen it can't really be revoked for instance but anyway so this is the validity of your certificate you get a subject uh so this is the subject of your certificate uh you see that this is a peer uh in organization unit you usually find the different versions of your certificate it can be a peer uh then you see in organization unit that's a peer uh it can be an ordering service then you see that's an ordering service it can be an administrator of an organization then you see here admin and then the force one is if i'm not mistaken that client client is uh somebody wanting to send transactions on the network i guess that's the force one and it's reflected in the organization unit and it's c and you see basically the so that's your that's your peer peer basically so this is a peer identity uh certificate for this peer and then i mean the rest is not fabric specific you find something like i guess this is the this is the algorithm that you use uh you got one elliptical digital signature algorithm and then you get to have hash function as well so basically it looks that way that you got like a public key you should hash it together and sign it with your certificate authority so you got like one hash function and sorry one hash function and one elliptic curve digital signature algorithm so these are the pairs and you find here some some more information on the elliptic curve that you exactly using uh one of the most important actually the key usage so you can see here if this key is used for digital signature for for uh for for encryption i mean there's no encryption in fabric but generally if you take a look on x059 certificate you might see that that's used actually for for encryption you find here tls if it's used for tls and so on uh and then i guess that's your signature uh somehow basically okay so that's how an x509 certificate look like and then so based on public keys x509 certificates we got something as a public key infrastructure and this is how generally public key infrastructure look like so basically what we have uh we have somehow i mean the major the basic idea is and that's that's the basic idea of of fabric as well so i generate somehow a key pair i generate i generate the public key and the private key and basically what i want to do i want to share somehow my public key in a way that basically everybody knows that this public key is related to me so it's if i sign something with my private key then everybody can check that really i mean this was signed by me uh but for that it's required that this public key is somehow trusted so if this public key is not trusted you can have something as a many limited attack which should be avoided so what's happening here uh we generate the key pair usually that's that's on a client for instance i mean it depends on the infrastructure but in most cases that's that's on your client and we get something as a certificate signing request so we send this public key to the certificate authority and say hey uh this is my public key uh everybody should trust me so sign this public key for me and if this public key is signed uh basically based on the signed public key i mean the signed certificate authority is a signed public key we generate an x509 certificate and this x509 certificate can be actually distributed to anybody and then anybody takes a look on that x509 certificate finds my public key inside and then finds the signature of of a certificate authority and knows that hey this guy can be trusted i mean if i see basically a transaction or anything which was signed by the private key uh then i know that this is related to the public key and i know that this public key is related to that guy really i mean uh i can trust on the public key as far as i trust in the certificate authority basically okay Greg just had not a question but a comment that he said uh he believes that this is that pki is also how the bitcoin network works in his opinion uh not exactly so so one of the different between uh so you get you get digital signature uh you get digital signature in elliptical digital signature in the bitcoin network that's that's correct but you don't have certificate authorities uh so the point i mean one of the big differences between between like bitcoin public networks and and and consortium networks like like hyper ledger fabric is that this is this is actually a certificate uh this is a semi trusted networks so we have something which is uh which certifies my public key in bitcoin i can generate any time a public and private key pair but and i can use it with the network but this is a fully open permissionless network uh and nobody certifies my public key so i can generate s s i want but there's no something it's a total trustless system so there's no like trust way of of trusting my public key uh the point is behind hyper ledger fabric that this is a consortium network and it's uh it's like you can build up like semi trusted scanners so it means uh basically there can be more centralized components like certificate authorities and we have to trust in the public keys only that are signed in the signed by the certificate authority so this is like a consortium uh and permissioned network and one one big difference between like bitcoin and and and hyper ledger fabric in terms of of keys keys and signatures is that in hyper ledger fabric these signatures must be trusted somehow and this must be trusted is exactly how the permission blockchain uh is built up yeah i just clarified that he meant uh the public and private key pairs yeah exactly i mean you get absolutely public and private keys key pairs and they work pretty much similarly uh in this way uh with electric digital signature algorithms then here in fabric uh here the big difference is uh that there must be some some permission permissions built in the system and the permissions are built in most with the way of of having like certificate authorities signing your public keys and trusting only in the signed public keys yeah you're absolutely right i mean the keys keys are exactly the same as in bitcoin so the core the core digital algorithm is is absolutely the same uh you're you're absolutely right yeah so so then the next slide is so again uh conceptually what we got here if we if we just take a look on let's just compare like bitcoin and and hyper ledger fabric just from a conceptual point of view so the point is with bitcoin you get like peers running your blockchain uh or clients we can call it as bitcoin clients and basically it looks that way everybody can can run a peer so uh basically uh if i download bitcoin core uh i can synchronize my network it's gonna take a while but anyway i can attach to the network and i can do whatever i i want whatever i can so this is an open permission blockchain of course i mean there's uh there's a limited resource in the system that's computation at the moment which might not be unlucky so i can do anything in the network up to my computation power let me put it that way but this is like an open permission network uh the major idea between between uh behind hyper ledger fabric that this is pretty strongly a consortium network so it means uh you don't have the peers the clients just i mean all over the words uh running by anybody but you get here something as as institutes uh institutes that basically know each other uh they don't necessarily trust fully in each other but at least uh usually uh we say that hey these are like i don't know like financial institutes uh wanting to build up kind of a network and we get like these five financial institutes this is just four but anyway four financial institutes in the network and they wanting to cooperate and they wanting to share information and they at least a little bit trust each other not fully trust but at least a little bit trust and anybody wanting to join to the network is not such an easy process so if i want to join to the network it's not doesn't look like as as in bitcoin then i just download some kind of a client synchronized by blockchain and rock and roll uh but basically it has to be allowed by all members or majority of of the members of the consortium so this is something which means this is uh this is a consortium permission network and then from another point of view that's from the infrastructure point of view if you take a look on the client basically in bitcoin it looks that way anybody can basically generate a public private key pairs and can start to to use the network so there's no limit on that but basically it doesn't look like in hyperlogic fabric hyperlogic is a is a is a private permission network actually it's a consortium one but anyway so great kind of comment if you just generate a key player uh great kind of comment that uh they don't trust each other they trust the consortium yeah uh so so let me put it that way yes there's more trust in the system than in bitcoin because because you know i mean in bitcoin uh you don't want to trust anybody you don't want to know anybody uh in a consortium network i would say there's a little bit more trust in the in the in other in other institution as well uh because because the point is basically that so usually there's uh you don't expect from another organization to to attack the whole network okay so basically it looks that way uh in bitcoin nobody knows uh where's your where's your where's your client where's your where's your node uh basically if you if you have like a five node organization in a consortium network at least they they know each other so they are not on any moves so if like one one organization try to attack the network then the others uh we recognize it uh we'll know exactly who's the guy behind the things who's the guy behind that institution so what they can do they can have something that's like you know i mean legal actions for instance against this guy so i would say there's a little bit more trust for other other participants in the consortium network than in bitcoin okay that's that's all and Greg also had a comment uh that if one trusts the linux foundation they should trust the fabric and sarcha much uh i wouldn't say it because i mean it looks that way that you find you find the coding in github uh so of course you have to trust the code but this is a totally open source project so what you can do you can download the code and then you can review it i mean byte to byte uh just like as in as in as in any kind of a public blockchain network so you don't have to trust the linux foundation or you don't have to trust even the code you can download your load and make your own investigation or or if you don't have the competence making that byte to byte in investigation you can just uh contract you know some professional developers to do that on behalf of you so i would say you don't have to trust the linux foundation and do you ever had a comment that one of the big differences i guess is less with uh trust and there's censorship resistance in bitcoin and ethereum but it's there's no such thing really in consortium networks uh so censorship resistance depends actually a little bit it's a more difficult question i would say it's like uh we can have some censorship resistance but it depends on your on your uh on your algorithm actually like on your volume algorithm so what you can do for instance uh if you have like i mean censorship resistance in hyper ledger fabric uh depends on the ordering service basically uh so if if you have your full ordering service running in with one call with one uh actually uh let me just think it over i mean these are difficult questions but so basically in hyper ledger ledger fabric uh your censorship resistance depends on how much your endorsement policy is decentralized and how much your ordering service is decentralized uh you can build up actually pretty centralized systems with hyper ledger fabric but uh let me just imagine is both your both your endorsement policy and your ordering service are fully decentralized then it means that like uh let me let me say uh we vote for a transaction with a quorum of this of these five organizations so if free of the organization says yes then your transaction is valid uh in very simple terms uh and if at least free organization blocks your transaction uh then your transaction is blocked okay uh so it means it has some some centralization but this uh some and some decentralization as well so it's less censorship resistance than bitcoin but it does not necessarily look that way that one organization decides if your transaction on valid or valid or not if that makes sense uh Greg said there's no orders in bitcoin and fabric has changed or algos from Kafka to raft for instance yeah that's right that's right so that's not much the access policy but you get i mean you get actually uh so hyper ledger fabric has a has like a several stage consensus mechanism uh i have one slides slide about if you're if you're interested but it's basically a several stage consensus mechanism so uh it is it is totally different from the consensus mechanism of bitcoin uh but yeah one part is the is the ordering service uh so actually consensus how much your consensus is decentralized based on two things uh one of one is your endorsement policy and the second one is the ordering service and then in in both both items you can find uh or you can configure in many many different ways and for orders basically you can have Kafka or raft or even solo consensus mechanism and actually uh so the difference is between that i mean solo is just for development and for for for one uh node basically uh raft is simple to configure uh but it's just uh fault tolerant not bison and fault tolerant so if your nodes are hacked then basically that's a problem in Kafka there can be configured something as uh bison and fault tolerant uh uh consensus mechanism as well up to one bison bison and failure uh error uh but the point is that Kafka is basically difficult to configure but let me say let me put it that way that basically the so the attack model for a consortium network is pretty different from an attack model of of bitcoin so like if you want to attack at the bitcoin uh you have one one scarce resource the scarce resource is the computation so if you want to attack the bitcoin network you need a lot of computation uh in consortium network your scarce resource is basically the identity so these these institutes have actually an identity behind and only uh only institutes or course with identity can participate somehow the network so if you want to if you want to attack a consortium network what you have to do is basically steal an identity so that basically means that you have to break in into one or two such organizations so you have to hack the organization it and then you have the chance of of somehow attacking the network uh but if you just imagine that these institutes are like like I don't know uh banks uh or financial institutes usually it is not so simple to break in uh into the idea of of such an institute so did I answer all of the questions uh yes I believe you did and yeah so going forward if there's anything uh that people once said just ask it in the form of a question and I'll ask it otherwise I'll just say just so we don't uh eat up too much of your time okay awesome so so what we want to to build up actually are based on uh public private key infrastructure is some kind of an access control and there are several items where you find access control in hyper ledger fabric again this is a primary permission network so like for instance you got something as as as network network items components like peers and order orders and there are some rules that appear can communicate with an order just in certain situations or there are some examples that an order can communicate with a peer again in some certain situations and then in terms of user I mean regarding users as well as well you can have you can have actually policies so like your user can communicate with your peer uh that is again again access control and you can have something else basically roles of your user so you can say that hey this is an administrator role so it can it can actually communicate with your with your network as an administrator or this is a normal user basically and normal user can communicate with your network as a normal user and then the I mean the wide idea or not so wide but the difficult idea is that all of the hyper ledger fabric access control is built up with public public key infrastructure so that's the reason why it's so so complicated so basically it looks that way or it can look that way one way of doing this is like you want to you want to be sure that the that the peer communicates with the order are and then basically a message comes from your peer if it communicates with the order are so one way of doing this is to put your public key to put the the public key of your peer somehow somewhere in your ordering service into a folder we can call it MSP as well and then basically it means if there's a communication way signed by the private key and we get the public key here and we know that this public key is related to the peer that then we know basically that the the peer communicates with us and not some other actor okay it's basically the same if if an ordering service wants to communicate with the peer we store somehow the public key of the ordering service and then we know actually that the ordering service communicates with us and basically it's the same for user as well so if a user wants to communicate with us then we can see or we can say that hey we store the public key of the user so anytime a user signs a transaction or or or or signs even a communication signs even a message then basically we know that this is our user if there's an administrator then what we can do hey we store the public key of our user of our administrator user somewhere in this peer we can have a folder we can call it even as membership service provider and then basically if a user signs anything uh then we know hey this is an administrator user and we can define some extra rights for for our administrator okay so this is the easy way it can be realized in a more complicated way as well uh because i said hey uh if we want to know that this is our user this is our admin admin user we can store the public key of our user but basically it can be built up in a more complicated way as well we don't have to store the public key of our user uh because actually the user with the with the signing uh can send the not just the public key but somehow the whole whole certificate x509 certificate as well and if we know that this public key is uh basically is in an is in a certificate uh that was signed by a certificate authority that we trust in then we can say hey this is an administrator we we give we give the give for this user extra rights so if we just take a look basically i don't know if i find an admin set these are certificate authority sets but like we get like users if you ever take a look on basically on this crypto config stuff we get something as a user and in user there's like i think sign set should be so this should be actually a certificate which is related to a to an administrator so basically it means uh if somebody signs basically any kind of transaction and then there's an x509 certificate uh somehow this way uh then we know that this is really an administrator uh it was a little bit i guess fuzzy what i was saying but let me take a look and i'm just closing this chat because uh because otherwise we can't see actually the screen so let me just copy actually my open ss stuff so this is our open ss command i uh i have to take a look so and just one second and let me just do some copy paste magic and basically basically my copy paste doesn't work sorry for that and it's because because this zoom is a little bit big so just give me a second this is the i mean typical typical demonstration stuff i have to take but the zoom and let me just make some just so this is just the usual uh demonstration effect but basically it looks that way that i have here an administrator certificate and an administrator certificate looks that way that i get an issuer so basically i i need to have an issuer uh that's the basis of the trust so not anybody can be actually an administrator in my network uh but only somebody having basically an x509 certificate or basically a key pair for that the public key is actually signed by the certificate authority with some actually meta meta attributes as well so we got here the certificate authority that we trust uh that's our certificate authority and we got here our subject and in subject you find two two information one is the admin so simply put this means that that this is our administration administrator so anybody anybody seeing actually this signature with this kind of a certificate knows that basically this was done by an admin and then this is actually the name of the admin and we can have some more information like actually i mean the organization and stuff like that but this is the major idea for for access control so if we want to have a role of users or the role of of of any kind of network component uh and role means that members of the role having like uh you know i mean i mean i mean different different rights of doing things then everything looks that way then there should be actually a public pride key pair and then the public key should be signed by a trusted certificate authorities and the trusted certificate authority should say as well that hey this this public key is related to a certain role okay so anything which is an access control which is right right of user access of peers uh access of infrastructure components is built up with public private key infrastructure hey Daniel Greg wanted asked what's the syntax of the open SSL commands you use oh yeah sorry uh it's not so complicated it's just uh open SSL X 509 uh minus in then you have the certificate name name and and minus text so this is actually the command um and then and then this is the certificate name okay so so based on this stuff uh we get the we get the membership service provider i mean if you if you heard on about like hyperlegia fabric you you probably heard that so membership service provider is this is this lot of keys uh collected together uh having access to the components to each other okay so if you if you just take a look in this uh in this crypto config folder uh it has actually a lot of keys not just membership service providers but basically if you just go to like like to one peer uh then under one peer you find the msp folder and the msp folder is the local membership service provider Daniel you're a screen one in life sorry did you did you intend to turn your screen off no it's not being shared anymore okay i'm not okay but let me take a look i don't know it's just vanished somehow okay okay just a second awesome so is it better now yeah we can see it now so if you just take a look on your crypto config folder and you go to like one peer uh and this is one peer under one peer this is like one component you see like the msp folder and msp folder is actually this this this bunch of keys and certificates related to the to the local local uh you know i mean who's who in the network who's who uh enterprise or access can do anything uh on the local peer staffs so basically you have here like administrator certs uh these are the signed uh these are the certificate authority sets that we trust in uh this is the this is the identity key for your peer for instance and this is the public key signed by your certificate authority as a sign sign certs uh sign certificates and we get something as tls we can we can configure like tls and secure connection as well and it's getting even more complicated okay but the point is basically that membership service provider is really this lot of keys uh giving access for the who's who in your network okay so i don't go much more very much into the details just i don't know if you if you ever seen is just like in five minutes uh covering some high quality of fabric uh very high quality of fabric specific tasks as well so usually it looks that way uh you have something as to generate uh and then the reason why i can't do is because here so basically uh you have usually in the different test networks uh if you use with like fabric samples you get basically a generate script and generate uses one built-in tool that's cryptogen and cryptogen generates for you based on your crypto config yaml uh some default certificates for for development and for testing reasons so it's just you know much easier to start basically your your network uh but this is not really production ready uh if you just take look on config uh it looks that way that uh sorry this is the wrong config this is this is the good front thing so it looks that way we get like ordering service uh we generate like like identity certificates uh for the ordering service components we generate like identity certificates and tls certificates for our peers and we get one organization as well uh and then we generate some users as well for the organization uh it's like it's like standard users and and administrators as well so i would not necessarily go more into the details because we are running out of time uh so this is what i covered from hyperledger fabric basis uh let me say if you have any if you guys have any questions uh i will try to answer so if you're not very much familiar with hyperledger fabric uh it was probably a difficult presentation uh this is like hyperledger fabric here so it's like you know consortium blockchain networks you get different components on your network like peers ordering service certificate authorities so everything which is one client uh one node uh with bitcoin that's distributed uh in a fully microservice architecture uh having a lot of stuff here basically uh so is there is there any questions or if you guys want to know i can pledge a little bit more into the details into general hyperledger fabric introduction uh but it wasn't really planned actually by me for today but i can do it anytime nevertheless so let me just take a look uh if we get something i'm just sharing uh because i just want to go to youtube if we might have some questions there uh but it's always difficult yeah so there's one question how does hyperledger fabric 2 plus version supports you want to 20 uh it's a good question uh it should actually uh you find something else basically uh as an installation uh as an installation uh guide on hyperledger fabric uh it's actually one slip that you have to run it downloads all of your components containers and then installs your fabric samples where you can where you can find stuff like that like for generated configs and and other stuffs but it might be actually an old question i don't so any more questions so if there's no more question uh then that was actually the hyperledger fabric uh meet up budapest meet up for today uh or story for tonight so i would like to thank you very much for for for your for duty uh the presentation and i would like to thank you very much uh the participation of all of the participants and then that was all for for today i thank you for the opportunity thanks for the great questions everybody okay thank you thanks bye