 Okay you are now live and welcome everybody to Hyperledger Meetup. I'd like to introduce the speakers today who will be speaking about fabric private chain code so for that take it away please. All right thank you David for for hosting us actually all right uh-huh so you I think you see also the that screen that we try to make it a little bit smaller so can someone say that you still see my screen yes awesome okay all right let's talk about fabric private chain code so I'm super happy that we have the chance today to share this exciting project with you um so this is the project is called fabric private chain code we are a hyperledger project I mean for providing a new feature for fabric with the subtitle confidentiality confidential chain code execution for hyperledger fabric using Intel SGX so today we are three speakers so it's me Marcus I'm with IBM Research in Zurich then we have Maria with Home Lending Pell and then we have also Bruno from Intel Labs and I suggest that we should start with the motivating so why why does this project exist okay and I use that some words maybe here maybe even smaller great okay so I hope that the audience is familiar with blockchain technology and that even we have people here on the call who are familiar with hyperledger fabric I think that's also the chance to check if this can be an interactive session so I would suggest if someone is familiar with hyperledger fabric please hit a plus in the chat channel and see if we have some people here actively listening awesome I see pluses that's amazing all right okay so even more pluses awesome so I guess I mean since you know hyperledger fabric I don't know maybe you have already thought about privacy sensitive use cases on hyperledger fabric so what do I mean with sensitive use cases so there I mean we know that blockchain technology is is nice for very different applications in particular for the verifiability aspect which is provided by blockchain however there are use cases which come with certain security requirements in particular privacy requirements let's take a few examples here what I mean was that think about a sealed auction there we understand that in the sealed auction or a secret auction the the bit secrecy should be maintained during the auction and in the end an auctioneer reveals the winner of an auction very similar e-voting right so we understand that in the e-voting scheme or in the general voting scheme we submit our ballot and this ballot should maintain the secrecy right and nobody should ever learn what was my particular vote but also health care use cases where for instance genomic data analytics is happening there we also have a quite good understanding that those genomic data is very sensitive data because it allows to identify humans right it helps to identify people and in a supply chain use case where multiple organization they would like to exchange assets for some value for some money right but certain contracts should not be revealed in particular people are not really interested in let's say revealing the price they paid for a certain asset to competitor for instance right so luckily luckily fabric already comes with a bunch of privacy mechanisms built in so for instance we can have channels some of you may already know the concept of a channel so we can actually split the blockchain and multiple blockchains and only participate let people participate in the channel who need to participate for instance in the supply chain we could say okay only the two organizations which are interact with a contract they are on that particular channel that excludes automatically competitors from that channel and from the details of that contract a second mechanism is private data collections for instance I think there was talk about that here on this meetup I think in November so there we learned a little bit more what that means however the recap the basic idea is that we use the letter the blockchain only to store hashes of the data we are exchanging or using in our smart contract and the real data goes between the organizations through the data through the data collections in some way of offline communication direct communication and then the third thing is transient fields which allows us to add data to transaction without adding it to the transaction that means we can submit data to the smart contract to the chain code without this data ending up in the transaction itself which is then later committed to the blockchain or stored on the blockchain however all these mechanisms they have a problem and this is the data visibility at the endorsing peers and the respective organizations so what do I mean with that so think about that in hyperlative fabric there are endorsing peers executing or running a smart contract computing a result then sending it back to the clients and then a transaction is generated and submitted to the network however these endorsing peers they execute a smart contract and in order to execute they need all the data if we now take our voting as an example back here even if the the ballots are in some way encrypted they need to be decrypted at some point by the smart contract processing them and then there's some computation who actually won the election that means that the endorsing peer from a securities perspective has access to the clear data if we now imagine that the government would run such an endorsing peer then we could say well maybe this is not a good idea right depending on if you trust your government or not but I mean this is just an example okay and so in order to overcome now this problem of data visibility we introduce what we call fabric private chain code which is a framework to build deploy and run private chain codes on hyperlative fabric so fabric private chain code accommodates blockchain use cases with strong privacy requirements for instance those examples I just gave and it does it by executing the chain code or the smart contract by using hardware based trusted execution technology like Intel SGX and by using that trusted execution technology we basically get three security properties for our application which uses fabric private chain code but the first one is confidential compute which means that all the transaction and the letter contains only encrypted data the second is verifiable operations where transactions can be or are verified through a mechanism called attestation which is something provided by the trusted execution environment I will come to that also in a second and the third property is data misuse prevention because with this technology it allows us to bind the data we are using in our transaction to the intended chain code okay let me quickly talk about Intel SGX so the idea of Intel SGX is that you take your little piece of code you would like to protect in a certain way and put it in a container or an Intel SGX speak often called Enclave which helps you to reduce the trusted compute base at TBC that means that if my application runs in such an Enclave then we only need to trust of course the trusted execution technology but only the the actual application running inside such an Enclave when you think about the traditional way how the trust model in fabric or any other application works is that we have our application and fabric this means our peer or fabric peer which executes a chain code and this relies on the operating system it relies on the trust of the operating system and the operating system relies on the trust on the hypervisor on the and the hypervisor on the hardware and so on so if we now I mean do a computation in that model we just need to trust the entire box the entire machine that the execution of the chain code is correct and that nobody steals my data with introducing Intel SGX this picture changes a little bit what you can see here on the right side and it changes in a way that we take now our chain code or a smart contract put it in an so-called Enclave which is protected by the hardware itself this changes our security model in a way that we do not need to trust the peer anymore but we only rely on the hardware or the trust in the hardware and the application itself and by using this technology now we get essentially let's say three basic security properties the first one is confidentiality that means that only the Enclave sees the data which it processes so that means that the peer for instance cannot look inside the memory of the Enclave for instance and extract certain secrets the second is integrity where the hardware ensures that the intended application in our case the chain code is executed as intended and the third property is verifiability which links to the property I've mentioned before the hardware-based attestation which allows a third party to ask the application running inside the Enclave hey application are you running inside a trusted execution technology and what are you exactly and that process of attestation will then produce a proof that it executes a certain application or chain code inside a proper hardware-based trusted execution environment like an Enclave so with this understanding now or this brief understanding what Intel SGX is I think we can look in how we're using this actually I mean I think you get the rough idea now we're running our chain code our smart contract inside SGX for more details on SGX I would definitely recommend to look on the documentation on the Intel website if you want to learn more about that Marcus there is a related question in the chat Indira Jit is asking Intel stops its SGX with its processors right would it affect this function so huh okay so I can answer that or do you want to answer this I guess I can answer the first part maybe you can follow up so Indira Jit I guess you're referring to the unavailability of SGX on some client processors and well that's the case but SGX is still available on on server processors particularly on on Ice Lake for example where you can have larger Enclave size so you get more performance so in SGX is available Marcus yes I mean I can try to answer the second part of the question would this affect this function and yes so if the processor does not is SGX capable then we cannot use it in that case right that's definitely a risk however I think it's it's very interesting because there are I mean other uh TEE trusted execution environment vendors which provide similar technology right now we fabric private chain code focuses on Intel SGX because it fits clearly in our security model because we are interested in protecting a chain code application other TEE technologies like AMD SEV they are or they aim to protect entire virtual machines which is which are much bigger than just the chain code this this is just maybe to give you an intuition why we are using Intel SGX here but our in in general I would say our architecture which we have not talked about yet but it's also applicable to other TEE technologies other than Intel SGX but with this let's have a look at the architecture so this gives you again just a rough a rough overview or brief overview on what fabric private chain code looks like so what you can see here on this graphic is I mean the basic components of a standard fabric network I mean we have a bunch of peers we have an ordering service and we have a client or client applications which all together interact and allows us to to run applications on top of the blockchain from the previous slide we already got the idea okay that now the chain code runs inside an enclave which isolated from the execution from the the endorsing peer and through that hardware mechanism all the memory content of that of that chain code or of that application is actually protected from the peer so and this is the first let's call it the big change the second big changes that we are injecting a little bit of additional logic in the deployment phase of a chain code where initially a consortium which runs or wants to use a chain code together they agree on something called a chain code definition and in the chain code definition we now include what we call mr enclave which is a unique identifier of the application or the chain code running inside the enclave and this vehicle we are using to enforce that only the expected chain code protected by sgx is is used during the lifetime of the smart contact or the chain code Marcus we have two questions one is Luciano who's asking what would be the advantage of isolating chain code from the peer so I I hoped I was already answering that question and directly with my motivation slide so the idea is that I mean in a block or the general thing in a blockchain system is that a smart contract is executed by multiple participants so if so I I'm working for IBM if IBM runs a peer I can trust that organization to do a proper execution however we know that in February we can specify an endorsement policy which says okay this chain code needs to be executed at multiple organizations but what if I do not trust one of those other organizations entirely so I would reveal my sensitive data to that organization let me bring back that example of an often often of a voting if the government runs a voting system it runs a peer right I would send my encrypted ballot to that peer of the government and the government needs to decrypt the peer in some way okay let's not talk about I don't know multi-party computation homomorphic encryption things like that that's a target to that but so the the key point is that you maybe maybe there are also situations where you trust the organization but you maybe do not trust the the host where this peers actually hosted I mean maybe that peers I don't know hosted and on a malicious cloud provider so there are definitely some cases where you are not fully trusting a peer I hope that answers that that question a little bit and then sorry yes only one more question to compliment the the other one so this enclave from Intel is something centralized where the chain code leaves well it's it's not centralized in that sense so every peer would run an enclave and every enclave I mean an enclave belongs to the peer in the end of the of the day but I mean as I explained we have a different trust relationship here but I mean the the thing is that we should still have the opportunity to send our our transaction to multiple peers multiple enclaves to do that I don't know if you're already familiar with fabric private chain code and then saw something different so there is so we have some implementation limitations at the moment that our current prototype only supports a single enclave per chain code but I mean this is an implementation issue not a conceptual issue I see any other related question to that I think it's very nice when people are asking the questions instead of typing them Adam and Marcus Adam made a question says how do you make sure that the code is run in SGX hardware and not in some kind of emulation layer yes so for that there exists this mechanism called attestation what I what I was also mentioning before which which let the hardware produce a cryptographic proof which you can verify later and that actually plays together with the with the identifier of the actual chain code as defined in the chain code definition using that hash of the application the mr enclave and with this cryptographic proof you received from the chain code you can verify that and ensure that this was not generated by an emulator layer for instance there are of course SGX simulation modes which I mean which cannot provide such a proof but then there exists a fake proof which you can clearly see that yeah this is a fake proof this this does not run in a protected environment it's not secure but maybe it's still usable useful for developing purpose all right um any other questions no not for now at least on the chat all right so let me now finish this slide and then I will give to Bruno so um two more things so as I already said so now we have protected or isolated the chain code from the peer and in order now to communicate we also need to establish let's say I call it a secure channel between the the actual application and the chain code through the peer that means that fabric private chain code gives you a mechanism um in form of the fpc client SDK which you can use in your application which is responsible for exactly doing that so it's responsible for encrypting and authenticating all the transaction inputs in a way that only the chain code inside the enclave can decrypt and then use that data and the same actually happens for all the data which is stored on the letter or in particular on the word state you know that a chain code can access the word state by performing get state and put state operations and there the fpc chain code makes sure that this data which is stored outside the enclave on the word state is encrypted in a way that only the chain code uh inside the enclave can later decrypt and access the data and clear again all right and I hope now we have an an understanding so what we can do with fabric private chain code and with this I would like to give to Bruno um to talk about a particular use case in the in the healthcare area uh and let's let's see how this is useful to use all right so Bruno do you want to take over the share screen yes hopefully you can see my screen so we still see powerpoint not the full screen version right there we go okay so let me discuss this use case on healthcare and particularly on um clinical trials that we developed with um uh with our partners at soft thread a startup that deals with um works in healthcare uh so be brief background on clinical trials uh well probably you are a little familiar with this um so these are um this is clinical research that is performed to assess the safety and efficacy of drugs and treatments for for people and this use case was interesting for us because there because there are several individuals and parties that participate in these um clinical trials and in the end there are lots of regulations and the data to be protected and of course you need some means to um automate all the procedures and making sure that um security is preserved now let me uh quickly go through some peculiar aspects of these um clinical trials so as I said there are multiple parties and to make a simplified picture you can see that there are at least four you have an institutional review board that takes into consideration and approves proposals for clinical trials for investigators you have subjects that provide the data that has to be um eventually analyzed uh the investigators conduct the trial and maybe some experimenters will um take care of actually analyzing the data in order to um get to a result now there could also be multiple institutions uh but just to keep things simple right now let's just deal with a with a single one which is um already complicated enough enough now since you have to deal with the um patient data uh then uh there are some regulatory compliance to um to deal with uh like for example you always have to make sure that you maintain the the safety of the participants or in the US for example you have these hyper rules or regulations which mandate that the data is treated according to some standards like it that it always has to be protected there must be access control you have to preserve the integrity and always encrypted it must be always encrypted when you um when you store it somewhere so there are several um objectives that must be met in order to comply with this clinical trial with with the with the regulations and one thing that it's not showing the figure uh is the auditing capabilities so uh there is another party usually um public department that takes care of um auditing these clinical trials to check post facto uh whether something has happened and then uh take some countermeasures maybe something that was happened like in data treatments in that case some fines will be issued so what are the the challenges in these clinical trials um well the big question here is to out how to automate and secure them now let me point out that we're not talking about um automating and securing um the physical collection of data from patients or blood samples or anything like that here we're talking about digital data in how to automate and secure um its analysis now of course if you are able to automate these procedures well um you reduce time you save some and you save some cost now for data management and and regulatory compliance things get more um more complicated simply because you again you have multiple parties to deal with and you have to understand where do you place trust whether you place that in the uh in on the individual or on the institution and how can you um better reduce uh the um trust boundaries in order to um improve security in these cases just one second okay uh so the usual um so the first question that comes up is how do we solve this problem and usually the first answer is well let's use a blockchain um and this is what our partners started to um started to do uh blockchain in this case uh means that if before um forms and sensitive data were collected through um uh paper forms um for example well now they can be easily collected and distributed by using a blockchain such as um hyperledger fabric now although this works and brings some benefits um because you are really automating these procedures well things have not really changed from uh privacy or confidentiality perspective simply because before you had uh individuals uh trading uh paper forms and now you have still individual trading uh pdf forms um for example so you still trust the individuals and uh the approach that is being followed from a security perspective is a trust and verify it means that okay i'll give you my data and i trust you not to do um anything unintended and i trust that there will be some auditors uh in the background that will control what you do that will check what you do uh and with the digital data is um basically the same thing um but um uh and still you're relying on the auditors and perhaps things are even a bit worse because because by using a blockchain you're actually distributing this data to uh a multitude of parties simply because the blockchain is um uh shared uh by default although it can be permission in the case of um hyperledger fabric so how do we solve this problem in um with fpc well the idea in fpc is that uh you can reduce the privileges that you delegate to um to the parties now here i have a complicated pictures of um what happens logically uh but hopefully i can help you make sense of that so initially we had the direct interaction interactions between these parties like the subject and institutions the institution to um provide consent for data processing and also the itself or you have the institution um delegating the conduct of the trial to the investigator so the idea in fpc is to uh logically centralize um all the steps uh and the verification of the steps uh instead of an enclave but again i said logically centralized because we are building um fpc on hyperledger fabric so it's in practice it is decentralized so this enclave would essentially contain um all the implementations to um gather sensitive data from um from the subject as well as any approvals from related parties like the arp for the approval of the um of the clinical trial or the investigator to approve experiments that the experimenters are intended to run and only that and only when all the regulations are met uh and the proper checks also are um uh have been um analyzed and controlled by the enclave only in that case the enclave will take care of transferring the sensitive sensitive data from the experiment approval chain code to another experiment always inside an enclave in order to protect confidentiality so by doing this you uh reduce reliance on individual parties and actually increase trust on um automated and verifiable third party agent which is implemented inside inside the enclave which is supposed to implement all the regulations regulations and checks that will allow you to um eventually increase trust and security on data management okay so this is a picture of the demo that we actually built with um with our partners uh again I understand it's a bit intricate and big but it is a big and complicated use case indeed um all these components and and whatever we built you can find that on on our repository on on github so I will just walk you through these um these components to give you a better idea of what's going on and then I will show you a video for how it works in practice so again you can see the different parties that I showed you before so the ARB that approves the the clinical trial and the the approval of the clinical trial and the consent um part from the user these are uh have been implemented by our partners and they're based on plain hyper ledger fabric um the big challenges came when we had to deal with with secrets and manage confidential information and in that case we didn't want of course to um um to release those to all the peers on the on the fabric network and for that reason we uh wanted to rely on on fbc and so on uh hardware-based confidential executions or chain codes for for fabric so what happened here is that the subject will register some data with the experiment approval chain code and it's a registration with um with a promise in this case and the promise is that is something like promise me that you will not release the data to parties that have not been previously approved or experiments that have not previously approved so again that enclave is supposed to implement all the policies and regulations that have that have to be enforced um the investigator will take care of approving any experiment that the experimenters want to run so in this case the subject does not have any a priori knowledge um of what will be the data analytics um in um in the experiments um and uh that's reasonable because there may be different ones um that can come up and once all the approvals and the registration is um is in process then the experimental approval chain code inside the enclave can make can determine whether the um experimental data so that subject data can be provisioned to the external enclave or not um and if so it will be provided to another enclave at the experimenter side and um the data analysis will happen and it will just release the final result to the experimenter so let's go um through the video here so we implemented the uh different parties in this case particularly the data provider which is the subject an experimenter which will run the analysis and the principal investigator who has to approve the software before being used here we have some patient forms I will show you the uh what they contain that will be sensitive data um we have a diagnosed function which is the data analysis that the experimenter wants uh to run and I consult on the side that just to keep track of what's going to happen so this is the patient form is a standard pdf with sensitive information like the name of the patient, birth date, and some questions that the user has to answer like the temperature whether um now is occurred and so on and the point of this pdf form is that eventually the experimenter has to understand whether uh whether this subject has a high probability of having this nephritis of renal pelvis origin so this data will have to be analyzed okay so let's play the part of the data provider or the subject so the subject uploads the data to um now our blockchain um select some options during the upload phase what happens is that the data is encrypted first uh and the secret encryption key is registered on the um fbc chain code while the encrypted data is instead uploaded to an external database this is really uh an optimization simple because the blockchain is a an expensive database and so you don't really want to use that to upload arbitrarily large data okay once this is performed let's play the part of the experimenter the experimenter decides that he wants to run um an ml machine learning inference model over the sensitive data and to do so he decides to use this diagnose python function uh which will use the patient patient data to make the inference now the important part here is these data items visit items are the variables in the code that will contain the sensitive patient data but of course the patient data still has not been disclosed um to um to the experimenter or to this function for the analysis okay so the experimenter submits a description of this experiment together with the code to the investigators for for approval the experiment the investigators are notified that there is an experiment pending approval here three of them are alerted of the new experiment but according to the policy that we implemented a single approval is sufficient um to um for the experiment to be approved so the investigator has access to all the information about the experiment the description and particularly the code uh that is able to um to review before making a determination in this case everything is fine so the investigator goes ahead approves the experiment now the fpc chain could consider considers that as completely approved and the experimenter is ready to launch an instance of this experiment so what are you seeing here um is um an instance of the other enclave the second enclave uh the one that contains the um experimentation service uh and this enclave is the one that contains the experiment code and it's the only one that is able to um to interact and authenticate itself with the fpc chain code uh for the sake of making sure that the experiment was approved and so that this enclave is eligible to receive the sensitive patient data so there is a public key for um authentication and also for establishing a secure channel the experimenter runs the experiment receives the patient data the enclave grabs that from the external database and eventually it um is able to get the final result which is um 19 percent and this is the probability that that particular subject has um these of having these um the Fridays of Reno public's origin and again this is the only information that is uh eventually released to the experimenter um this is because it's how we implemented that uh and so the experimenter did not have access to um any patient data so we were able to preserve the confidentiality from uh from when the data was initially provided to um the experiment approval chain code to the fpc chain code up to when it was um eventually analyzed without ever releasing that okay so this concludes the experiment um the use case we have um two questions one is from Neo who says in this use case does the subject need to hold a private key for transaction signature if yes may I know where is the pk held and does the intel sgx have access to subject private key may I know if um if it performs inside sgx uh okay so uh yes to both um yes to both and uh the the reason is simple the subject has to um of course authenticate itself um in these um in these procedures uh in the end it's a client contacting um an fpc um an fpc chain code and since this is based on fabric well we have a fabric client and a fabric chain code um in the background so for the sake of authentication yes uh and those keys are held um locally at the subject side uh and they are yes they're used to um essentially um trigger transactions on on fpc uh I would also add that these public keys should also be registered with the chain codes um simply because the the fpc chain code has to um authenticate or verify that the subject uh indeed is a subject enrolled with the institution for that clinical trial now the second part of the question is uh does the enclave um use some public and private key pairs uh and the answer is um yes uh and of course yes because it has to perform some digital signature of what it's computing and also it has to authenticate itself with the with other parties because parties such as the subject has to make sure that it is um talking to a legitimate enclave so these enclaves these keys are generated by the enclave at um startup time um and they are attested through the hardware-based attestation mechanism that marcus um quickly introduced introduced before so in the end the chain of trust that you will eventually verify in order to establish trust in those keys is that you will verify the hardware the hardware will tell you that it is running a certain piece of software which is this experiment approval chain code and this piece of software will include those public keys inside inside this attestation so essentially you will refine the whole chain you establish trust in those keys and eventually you can use even the private key inside the enclave to um sign any statement other questions no the other question marcus um answered it on the chat okay so again this demo is available on um on our repository um talk to us if you need additional information about this or about how to run fpc or um order them itself and uh i will stop sharing um and maria can take over so while we're switching here the the gears uh i mean so our repository is on github it's called fabric private chain code um we also show the link later here in our slides um but i can just answer this question while we're changing things fabric private chain code just google it you will find the first first set so just to do a bit of a recap okay um this is the architecture and what are the components that we have to develop so there are two components the fpc chain code and the application that is accessing and calling that chain code right so how do you develop both of those the first one is the chain code how do i develop the chain code so the chain code you have to develop it on c plus plus this is because we are since we are running in an efficient environment um that is using sgx this is a requirement of sgx to develop in c plus plus now we have provided a shim to be able to handle a lot of the logic that is required to do the encryption decryption processing and all of that we are actually develop that shim is on top of the current fabric chain code um functionality so this is not completely different from what you can get with the uh fabric chain code the only difference is that here when you for example here you call the get state or the put state you will not have to encrypt um the uh the parameters before because uh that will be done when the when the invocation is made okay so you only have to import our shim as with any chain code you have to develop the the the invoke and this is where you would program your the chain code logic now if we move on to the client side we need um fabric provides a fabric client sdk in go so as with the chain code we develop on top of that um sdk and since the fabric um client sdk is in go we the fpc client sdk can also be in go um these this sdk manages not only the interaction that we have like here that we have a submit transaction and an evaluate transaction but also the um life cycle so all of the functionality to be able to implement deploy um a chain code into an environment okay here we can see that we get a contract we submit the contract here we can see the values again that is because the um the shim is is the one that is doing all the transformation and here we have an evaluate transaction okay and how can i say so that's the theory of how everything is done and i want to get my hands dirty how can i do that well this is our the link to our github repository where um you're going to be able to find all the things that you need and if you if you don't you can ask us or you can post it and we'll try to help you out right the important thing is also that you're going to say and um one of the first questions was intel doesn't is not um using is not um continuing with sgx and bruno said no it's not doing it with um the client uh processors so if i want to develop i don't have a big ice lake server where i can have the sg how can i do that we provide dockerize development environments that can simulate that sgx so you've got the the hardware well better for you we still do provide a dockerize development environment so you can run everything in there and make it more simple for you and if you don't doesn't matter you're going to be able to develop the same way because you're going to be using sgx simulation now in our repository we have different samples okay the the simple the simplest sample is the hello world tutorial that will help you not only develop the chain code but also develop the fabric client to be able to access and execute that chain code okay and one of the questions that was asked on youtube live was i want to add it to my network how can i do that one of our samples is hey remember the the fabric sample of the how to create a test network well we show you how to add fabric private chain code to that sample okay so it that way you okay you learn how to do with the test network you create your network we'll follow the same rules and just add the bit that we have added so that you can do that and it's not only with the test network but also with kubernetes and bruno just presented the irb demo and something that i would like to add to that is he mentioned that it is in our repository um but also that there we are using a fabric smart the fabric smart client what does this mean he showed all of the different participants so that network is not a simple network and if i'm i'm a developer and i have to set up all of those peers to run on my um laptop it's going to take me a long time okay because it's not already set up i have to do it so we pay back on top of fabric smart client that provides programmatic logic to be able to define that network and get it created and that simplifies the development process it also has uh the ability we've integrated it so from fabric smart client you can also call our utilities our chain codes and that way makes it much simpler to be able to develop a solution to whatever your problem is and i've tried to we've got two minutes left for questions i wanted to take you guys to the github repository but i think it's going to be much more useful if we open this up for any questions if if you're um on the zoom call you can open um your unmute your microphone and and and ask a question or if there's already a question in the chat we can answer it so there is a question on the chat um hubert is asking is it possible to interact with other blockchain say i want to build a smart contract on say a cerium to give some token to those uh giving uh away their data on fabric blockchain how difficult would it be to implement uh i think this is a good question i i also think this is a little bit beyond fabric private chain code um well i mean my answer is um i don't know actually um but yeah i mean you can definitely build a fabric private chain code um which can uh let's say process details of of inputs data you're also presenting to in the serums smart contract i guess but so we do not provide any functionality or any layer which makes let's say our technology is that compatible with for instance the serum i hope this answers the question at least a bit any other questions just just feel free to unmute yourself and just jump in here okay i guess it's 10 and pst at least uh i guess we can wrap up just one last question um um marcus i don't know if you want to answer it um alec dander was asking about the chain code life cycles yes absolutely so i mean with fabric private chain code we are let's say exactly following the same uh chain code lifecycle i mean you have to you have to package it you have to install it i mean deploying it you have to approve it i mean all the organizations they have to submit an approved by my org transaction and then at some point you have to uh i think it's called a commit commit uh chain code definition transaction the only thing what changes here is that as part of the chain code definition we add the unique identifier of our chain code inside the chain code definition and with the unique identifier i'm referring to that hash of the let's say the hash of the compile chain code the expected chain code so we add this to the chain code definition so this is this is one piece how it changes then we have we have a component which we call the enclave registry which is implemented as a chain code we have not talked about that yet today because this is nothing we are exposing to the users of fpc so our client sdk and um our entire framework tries to hide that component however it is crucial for security because when it is it is used when a chain code actually is started there is this process of um or there is one additional call we add to the life cycle which is called register enclave which uh you an admin of an organization using our sdk performs at a certain peer which tells the peer hey please start an instance of that fpc chain code that fpc instant then does what Bruno explained a little bit it produces uh some uh crypto keys it produces a remote attestation which proves that it runs a certain chain code and it's protected by the hardware then this attestation is sent to our enclave registry component which looks at the proof and checks that this proof contains exactly the same hash which was defined previously in the chain code definition and only if that matches then we actually allow the the enclave to be registered and to go live in the system that's one thing we have not talked about today one other minor thing is i mean this goes really into technical deploying details for fpc chain code is that we are relying on the external service functionality of a peer in order to to spawn a chain code as you know from from go chain code or javascript chain code there you normally when you install it on the peer you tell the peer hey here's the code please um compile it package it as a docker container and then there is a docker container running at the peer our entire build framework gives you the the tools in order to create that docker container for you then this will be shipped to the peer and by using the external service or the chain code as a service mechanism the the peer is able to communicate with this docker container where now our fpc chain code is running those are let's say in in in just two minutes how the lifecycle changes but we really try to keep as as close as possible to the normal fabric lifecycle um Maria told you about the fabric samples test network if you go to that tutorial on our repository you will you will see those individual steps very well explained um in the read me you can follow them and I think then it should uh yeah everything should be clear how this is different from a normal chain code lifecycle all right I think we're over time are there are other questions there's one last question is it possible to use fpc to privately store input data on the ledger to be processed later similar to voting the votes will probably be calculated at some moment in the future absolutely so this is actually the use case for fabric private chain code the idea is that we send our data in a way that uh it is only um visible to the actual fpc chain code the fpc chain code can then store that data on the ledger in an encrypted form and at some point when you want to process this data you can trigger the chain code until and now it's the time please do something with the data the chain code gets the data decrypts it process it and without revealing it to the endorsing peer that's actually the use case of fpc right and last just to finish I want to invite anyone who likely idea and wants to help out we meet on Tuesdays you can check the the time on the calendar on the hyper ledger calendar of when our meetings are and we are open to anyone who are two new contributors so um all right David here should thank you thank you David thank you for everyone for joining and um yeah hopefully we will uh talk to you soon all right thank you guys have a good day everyone have a good day thank you bye bye bye