 All right. Hello everyone. Welcome to the Fabric Private Chanko tutorial session today. We are lucky to host you as a session right now from Switzerland and from Argentina. So I'm Marcus. I'm with IBM Research and Zurich. And with me here is Maria. Hi, I'm Maria. I'm an independent consultant. All right. And we together we will guide you through your first hands-on experience on Fabric Private Chanko if this is the first experience for you. And in order to find this out, we created a poll here in the system, which we would like to answer you to get a little bit understanding what the experience with Fabric Private Chanko our audience already has. So please go to the poll and vote. All right. And in this tutorial we do, I will start with a little deep dive into the technology to answer the question what FPC or Fabric Private Chanko actually is. And then I will hand over to Maria to do the hands-on part to show your FPC in action. All right. So let's jump into the presentation first. So we all know about use cases, which make sense for blockchain application, because they can benefit from the verifiability aspects of a blockchain. However, there are also use cases which come with strong privacy requirements. Think about, for instance, an auction system or a voting system based on a blockchain, where we definitely benefit from the verifiability aspect. So for voting, we can then later verify that all votes have been considered during the voting process. This is nice. However, those use cases, they come with a strong privacy requirement for voting. We understand that all the ballots need to, that we need to maintain the secrecy of all the ballots, right? For a sealed auction, for instance, we also need to maintain the secrecy of the bits. And there are other use cases where also some parts, maybe of a contract, we do not want to reveal to other parties on the blockchain. Luckily, so luckily, there are already some privacy mechanisms available with Hyperletter Fabric. For instance, we have channel, which allows us to split our blockchain into multiple blockchains, essentially, and they will separate the participants. But there are also private data collections, which help us to partition the data access to certain data, or we can just submit data as part of a transient field of a transaction, which in the end does not end up as part of the transaction on the blockchain. And those mechanisms already allows us to cover a broad range of privacy-sensitive use cases. However, there's a problem. And the problem is actually the data visibility at the endorsing peers. What does this mean? So if we think about the voting example again, if the government would run an endorsing peer for such a voting system, they would have access to all the ballots, even if they are encrypted in some form, because if they want to process them, they need to decrypt them. So this is the problem. And in order to tackle that problem, we are introducing Fabric Private Chain Code, or just FPC, which is a framework to build, deploy, and run private chain codes of Hyperletter Fabric. And with a particular focus on such use cases, which require strong privacy requirements. And in the core, why we can do that with Fabric Private Chain Code is that because we are leveraging modern hardware-based trusted execution technology like Intel SGX. FPC, or Fabric Private Chain Code, benefits from the use of that technology in three different ways. And we, therefore, Fabric Private Chain Code provides us three nice properties. The first property is confidential compute. That means that all the transaction and the letter content is contained only encrypted data. The second property is variable operation. That means that all the transactions are verified through an attestation process backed into the trusted execution hardware. And the third property is that we can prevent data misuse because all the chain code-related data is bound to the use inside the trusted execution context or technology. So I'm not sure if you all heard about Intel SGX, trusted execution technology, confidential computing is a new password nowadays. But I tried to summarize those nice properties just in a single slide. There's definitely more to explore about that technology see on the documentation, for instance, for Intel SGX. However, all that trusted execution technologies like Intel SGX have one common goal. So the thing is that they try to isolate a specific portion of your or a sensitive portion of your application and execute it in an isolated form in the so-called enclave or enclave. And this is done by leveraging some secure memory or hardware protected memory inside the CPU architecture, which prevents unauthorized access from application outside the enclave. That also means that even the administrator or the operating system of the host system cannot look at runtime inside what's going on in such an enclave. And this gives us the confidentiality property and allows us to provision our enclave with sensitive data without revealing it to the host. The second property we get through such an enclave is it maintains the integrity of the execution of the application itself. If we now think about if we put a smart contact or a chain code in such a trusted execution environment, it's ensured by the hardware that the smart contact follows its specification. And as a third part, which is crucial to establish trust in an application which is executed with an enclave is the variability through attestation, which allows a third party to send a challenge to the enclave-based application in order to retrieve an attestation or cryptographic proof that it runs a specific code on a protected platform, essentially. And combining this with fabric chain code, we get fabric private chain code, essentially. So let's have a brief look how the architecture of fabric private chain code looks like. So we can see on the right side, we see a bunch of peers and ordering service and a couple of clients. The clients are part of an organization and together the consortium in the beginning agrees on the chain code definition, which includes with fabric private chain code the code identity of the chain code we are executing inside the enclave. In SGX language, this is also called MR enclave. This is done initially. Then a chain code enclave on the peer is spawned, provisioned with the FPC chain code, which then is executed again securely and isolated from the executing or from the endorsing peer. Since we are using the trusted execution environment, the peer cannot access on the code and data inside the enclave. However, in order to make chain codes working, the chain code, of course, needs to consume data. First is the transaction proposal itself when the execution is triggered. In order to protect that, our FPC cloud SDK is responsible to encrypt and authenticate the arguments of a transaction proposal in a way that only the chain code, the FPC chain code can decrypt it. And the second part is the word state, which is retrieved by a chain code when the application logic needs to access the state. And by default, also all the data is encrypted when it's stored outside the chain code that is on the word state. So this basically covers the basics of how FPC Fabric Private Chain Code is working. But since this is a tutorial, we would like to target focus a little bit more today on the user experience or developer experience. So first of all, our Fabric Private Chain Code is available on GitHub. We created RFC last year, which was accepted this year for Fabric. And now we are on all the code, which is already fully implemented and is there to be tested for you. In order to make your life easier, we provide you a localized development environment, which already comes with all the software dependencies installed. In particular, in order to compile or build Fabric Private Chain Code, we rely on the Intel SGX SDK to compile the code, which is then executed inside such a trusted execution environment. Since not all, not everyone has SGX capable hardware, our development environment also comes with this SGX simulation mode. So you don't have to worry about getting the hardware first. You can just go to our repository, get the code, create the Docker container and just start playing with Fabric Private Chain Code. In order to, I mean, developing and compiling a chain code is just one aspect. You also want to run your chain code in a test environment. So therefore, we also provide you in that development environment a test network based on the Fabric samples you may already know about. But we also provide you an integration test harness for rapid development and testing of your Fabric Private Chain Code. Let's have a look at what a Fabric Private Chain Code looks like. As I said, we are relying on the Intel SGX SDK for compiling the actual chain code. FPC chain code is therefore written in CEC++. However, in order to make or to provide you the same look and feel as you're already familiar with other chain code languages like Go or JavaScript, we also try to provide you the same experience, but just from the perspective of a CEC++ developer, of course. That means in order to write a chain code, you just have to implement an invoke method, which then triggers your application logic. And our FPC shim allows you to access the letters through get state and put state operation, but there are also additional functionalities available in the shim in order to, for instance, to get the function name and the parameters. The interesting thing about our FPC shim is that it already takes care for you about the protection of the data. That means that the shim is responsible to encrypt and decrypt the data when get state and put state is invoked. However, due to security reasons, we only provide a limited shim functionality. But if you think there is something missing which prevents you from using it in your use case, please let us know. We can look into that. Developing the chain code itself is just one side. As we saw in the architecture slide, we also have to look into the client application. And in order to make this as smooth as possible, we provide you the FPC client SDK for Go, which is based again on top of the normal fabric SDK for Go and extended with the same mechanisms with transparent encryption for the transaction arguments, as mentioned before. That allows us to protect the chain code interaction, but we also provide you with the lifecycle commands in order to package, install, approve, and commit an FPC chain code. And with this, I give to Maria for the hands-on session. Thank you. Thank you, Marcus. There are some questions in the QA that you might want to look at while I and start showing. So, Marcus, what FPC is about and what we have to be able to use it. So, the first thing he mentioned is that we have the repository here, right? The Git repository here. In the Git repository, we have the readme that we can start to follow to be able to create this environment, this FPC environment. I don't have on my laptop any SGX Intel processor, so I have to go with the Docker image, right? So, to be able to do that, I first had to get the clone, the fabric chain code, and I make note of this because you have to do it, you have to use a certain flag to be able to get the whole environment set it. Once you follow these instructions, you just have to make run, and then you get a Docker environment ready with all the FPC functionality incorporated. One of the cool things about this is that you get your directory is mounted. So, while you're working on the, if you want to work on stuff and use your own editor to be able to change the samples, for example, or whatever, you can do it using what you already have installed, and it will be automatically reflected inside of the Docker image. So, in, what are the samples that we have? Here, if we look at the directory structure here in the repository, we can see that there is a samples directory. In the samples directory, we have categorized the different samples according to the, what their object is, rejected is. If it's an application to be able to access and execute an FPC chain code, if it is the chain code per se, or if it is that we want to add this functionality to an environment. So, in right now, what I'm going to show you is how would, if we want to write an FPC chain code, and when we want to start with a sample, we could choose the Hello World sample. In this Hello World sample, we have here the code that we should follow. In this sample, what you do is you develop the chain code, you launch the fabric network, you install it, and you instantiate it in a very reduced environment with only a peer so that you can try it out, and then in the transactions using the two functions of the transactions, StoreAsset and RetrieveAsset. In this tutorial, we invoke these transactions using the peer command and line interface FPC extension and also using the FPC client SDK for Go. So, I like to use VS Code. So, I have here in the tutorial, we explain everything that you have to create, and you can go through that, but I have already set up here the different files that we would need. The first one is the chain code per se, the program, and here we can see the Hello World chain code, and we can see here in the invoke transaction that we are here calling the function, and we are calling StoreAsset, and if it's RetrieveAsset, we are calling RetrieveAsset, and if we go and look at these functions, StoreAsset and RetrieveAsset up here, we can see that we are using PutState and GetState. So, it's the same functionality that we usually see in fabric environments, okay? So, once you have created the Hello World, you need to compile it, and we also provide the files, the definition, the CMakeLists, and the MakeFiles so that you can compile it, and you want to test it. So, we also give you a script that lets you create an environment where here you can see that we are going to execute the similar commands as you would in a fabric environment to be able to package, install, approve, commit, approve from organization, and commit a chain code, and we also have a special, another instruction to be able to start that enclave that Marcus was talking about, and then you can invoke the chain code, here in this case we are invoking, and you can see that here it is invoking, and that we can see function and the value, and the important thing is that under the covers when FPC receives that, it encrypts it and stores it encrypted. So, even though we might be seeing it here in the clear, FPC handles everything so that it is encrypted. Now, you would normally, I said this comes and you would get a small environment, right? And what we wanted to show you here is how you can, why use that, okay? That wouldn't be as exciting as if we could show you how you could incorporate this hello world chain code in an actual environment, right? Because we don't usually, our fabric environments don't consist only of one peer. So, what we did is we, and I'll show you here again in the created another sample inside of the deployment for the test network where you set up a test network based on the fabric samples, and what we do there is add the FPC functionality, add this chain code so that the chain code that is executed in this environment is the one that we've developed. So, following this tutorial, changing only here where it says echo to hello world, I was able to set up an environment, okay? And if you follow this tutorial here, it offers you down below. It offers you here the possibility to use a Go program that has the FPC, that is using, sorry, the FPC client SDK for Go to be able to enter. And if I go back here to, sorry, to VS code, and I show you the application. So, here is the code of the FPC, of this application that is connecting using the FPC client SDK. And we can see that here, I am connecting like I would in any environment. I am connecting to a gateway. I'm getting my credentials from my wallet. And then I am getting the contract. This is all part of what we have included in the FPC client SDK for Go. So, they are similar APIs as you would have in fabric. And here, we have a small, well, according to what FPC, if it's echo or if it's hello world, what we are going to invoke. Here again, you're going to see that we have store asset, asset one, asset one with a value 100, and that we submit the transaction, okay? The same as your functionality as you have in fabric where you can invoke a submit transaction or evaluate transaction, you have here. Now, if I go to my environment here, I can run this, as you can see as I've already run it here. I can run it. I can change here the organization that I am going to be running it against. And we are going to see that it says that it is invoking the private chain code hello world and that the result is okay. But you might say, hey, but how do I know if it's encrypted or if it isn't encrypted? Okay. I want to believe what you're saying. So, what we did is what I did was I added to this test network blockchain explorer. And if I go here to the explorer, let me log in again so that it can show us. So here, this was following the blockchain explorer tutorial. It was quite simple to add it. And here I'm going to be able to see the transactions that were executed. And here I can see these are the normal, the lifecycle ones that we saw where we install, we approve, we commit, all of those that are here. And then we see the specific one for FPC when it registers to be able to obtain the credentials. And here we can see the hello world. And here, if I look at the hello world, I can look down below here and see the values. So here we can see asset one and that the value is Y3MG. So it's not 100. Like we saw that it is in the code. Okay. So we can see that here it is encrypted. And if we look at the following one and look at the value there, we can also see that it is, that it's whomever is looking at the ledger is not going to easily be able to deduce what the values are because both of the, we have hard coded 100 and the value that we are obtaining is totally different. With this, here's the other one that I run. Look, it just, that we can see that it is running, that it ran. And that it also is giving another value. The good thing about this is that I could come over here and say, okay, let's change this and let's put 200 here. And let me save here to the terminal and run it again. And we let it run. It is taking its time because it's sleepy like I am, it seems. We are going to see it populate here, another transaction. And if I look at its value, it is going to be totally different. You just have to wait. So show us until it runs. It wants to go to sleep, it seems. Just like I would like to go to sleep. Too early in Argentina. Yeah, the computer knows it. I don't know if you want to take the time and reply some of the, answer some of the questions. Yes. So let me also share the screen again so I can show the last slide again. Yes, of course. All right. So thank you, Marie again for that hands-on presentation on FPC. I think we all now got an intuition, what it takes to write an FPC code, compile it, and then run it using our test network. So as Marie mentioned, we have on our GitHub repository, we have a bunch of readme's which guide you through the process of writing the code. There were some questions and one question was about, oh no, there are more questions, one question was about any production case of FPC. And so there, this is a nice question. So I would highlight another session today where Andrew and Bruno will talk about a potential use case of FPC and which is integrating FPC into an existing system. So join the session, bringing trust and privacy preserving smart conflicts to clinical trials and healthcare. But I would also like to emphasize that right now we are working towards a production-ready code of FPC, but the code is already feature-complete in a way that you can already start testing it and using it for POCs. But right now we do not recommend it for production at this moment. Let me see what other questions we had. There's a question was asking if it does take this long, Ricardo was asking if it does take this long to run the transactions and no, it doesn't, but I have a lot running on my laptop and with the video streaming and all, it is, I don't have that much memory on my laptop. Yeah. So there was also another question about the overhead of FPC. FPC definitely introduces some overhead because by default we are encrypting all the inputs and the outputs, that takes some time as well inside the chain code during the endorsement, but also on the client side when the arguments are encrypted before they are sent to the endorsing piece. That of course introduces overhead. However, the actual overhead introduced by the SGX technology is more or less negligible. So we have a scientific paper linked also on our repository which also addresses some performance evaluation of an earlier architecture of FPC and there it turns out that there are other bottlenecks into fabric or into the communication between the chain code and the word state which introduces more overhead than executing the actual chain code inside the enclave. So there's another interesting question. Would the SGX emulator be appropriate for production or would you recommend just use it for development only? So the SGX simulation mode is not meant to use for production. So if you run something with the SGX simulator, it's not secure. It's just for development purpose. So for running it securely with SGX, you actually need SGX capable hardware. Another question is any one-click deployment package available to test like Docker or Vagrant? I wouldn't say one-click deployment packages, but with our Docker setup, we try to go into that direction. At the moment we are not distributing a pre-compiled Docker image. So that means right now you have to clone our repository and build the Docker images by yourself, which takes a couple of minutes, but it's fine, I hope, as a start. There's another question about the overhead. In the paper, you say that it's 10-20% for an auction app. And could this overhead scale with more complex applications? Well, I think then in the paper we are talking about the overhead of a single chain code. I mean, the way of scaling in general with Fabric is if the processing of your chain code takes much time, you need to scale. You just spawn multiple or add more endorsers, which can then execute the chain code. I think the crucial part, which makes your application slow in general for normal chain code, but also for the FPC chain code is whenever the chain code needs to access the word state. So whenever you perform a get state operation, this is really expensive operation with normal chain code and with Fabric private chain code. Because what needs to happen is that the chain code communicates back to the peer via GRPC, ask, hey, can you please look into the word state? Is there a key which I provide you? And then the peer needs to go to the database depending on the implementation of the word state database. It takes more time. I don't know. And then we have to communicate those data back. And on top of that with FPC, the data then also needs to be decrypted when it's read into the chain code. So I'm struggling a little bit here being more precise on in terms of percentage overhead here. We have not yet really evaluated the current implementation to see what are the limits of Fabric private chain code. We are right now focusing more on the functionality and try to improve the field for the anterior in order to simplify the adoption of FPC. So we are over time. But so I'm happy to answer more questions. But if you guys need to leave to go to another session, we have also the chance to take things offline. You can either visit us on the hyperlateral rocket chat and Fabric private chain code, or we can also interact here in the hope in app somehow, I guess, and continue discussions. Yes. And the important thing I don't know, Marcus, is if you have referenced them to the session that's going to be later today, where there's going to be a use case presented? Right. I think I said that. Sorry. I was saying that again. That's good. I don't know. So Mark, can we answer those questions here in the Q&A later? And people who asked those questions can see that. Mark, your action is required as a moderator here. Yes. You said yes. He said yes in the chat. Yes. I just look at the Q&A. Okay. So then I propose that we conclude now this session. I hope everyone learned something about Fabric private chain code and visit our GitHub repository. And if you feel something is missing, just create an issue or a future request and let us know. So we can further improve Fabric private chain code to make it more usable than it is right now. Thank you so much. Thank you.