I am creating a blockchain app in Hyperledger that performs a bidding process for a manufacturing company. The bidding process involves 4 suppliers (Supplier A to Supplier D). The one with the lowest bid wins.
I am able to create the chaincode for this. However, since it is a blockchain, the suppliers can see each other's bid (e.g., by simply looking at the contents of the blocks). In addition, the non-winning suppliers will know who actually won the bidding process.
I want to enforce the following privacy rules in the blockchain:
a. the bid of a particular supplier should be viewable only by the manufacturing company and the supplier itself (e.g., supplier A cannot see the bid of supplier B)
b. only the manufacturing company and the winning supplier knows who won (e.g., if supplier A loses the bid, supplier A only knows that it lost the bid but has no idea who won)
I have looked at the purpose of the transaction certificate, and I think this will address my privacy concern.
I am able to request for multiple transaction certificates using the REST API. However, I am not sure on how to utilize the transaction certificates.
Is it meant to be used outside of the chaincode (e.g., is it is used to encrypt parameters that will be passed to an invoke function)?
Or is it meant to be passed as a parameter to a chaincode function and use it inside the chaincode to encrypt a particular data before storing it in the blockchain?
How do I perform the actual encryption using the transaction certificates?
I am currently using v0.6 of the Hyperledger fabric for my chaincode. For my front end, I'm using Node.JS HFC SDK v0.6.5.
Is there a sample code that I can use as a basis to understand how transaction certificates are used to address privacy?
Enrolled users can request transaction certificates. Then, these certificates are for invoking Chaincode transactions on the blockchain. I think that these certificates don't let you privacy, they are more to authenticate the owner of the transaction.
However, if I were you, I'd start using the v1.0 of the Hyperledger Fabric.
- The v0.6 of the Hyperledger fabric is a project developed for testing the advantages and disadvantages of blockchain. They realized that every peer in the network is required to execute every transaction, maintain a ledger and run consensus. So, they can't scale very well and can't support true private transactions and confidential contracts. https://www.youtube.com/watch?v=EKa5Gh9whgU
- The v1.0 gives you the chance to creating isolated Blockchains inside your network. That's possible thanks to the channels. When you define a Channel, you define who are the members of it, so, only those peers could send transactions throught that channel. Therefore, only members of the channel could see your transaccionts.
- So, for your approach, you should create four channels, each one for each supplier. The manufacturinf company should be a menber of all channels.
In my opinion, nowadays there's more information about the v1.0.
I don't think there is a way today to perform this other than what allenchen said before, in a manual way. However there are some open issues that you may like to follow:
- Supporting private data in Hyperledger: https://jira.hyperledger.org/browse/FAB-5131
- And Side DB - Channel Private Data - experimental feature
https://jira.hyperledger.org/browse/FAB-1151 done recently as a experimental feature and being promoted to production on: https://jira.hyperledger.org/browse/FAB-8718
Good luck with your use case!
