What are App Creds and how can I use them?
How do I connect to a Node?
Why is my environment paused?
How do I get more nodes?
Why the Ether Pool?
How do I use Truffle with Kaleido?
How do I connect with MetaMask?
Why am I getting "transaction out of gas" errors?
Why is my transaction queued?
CORS request did not succeed
Reconciling timestamps in Quorum-Raft
Note: This is an extension on work done by the JPMC Quorum working group
A quick overview
While a “permissioned” network does address privacy concerns to some extent, oftentimes there need to be additional layers of obscurity within an already isolated network. The Quorum client, through usage of a special module referred to as “constellation”, accommodates these concerns. The internal flow of private transactions in Quorum is outlined step-by-step below, however a basic grasp of the architecture is necessary before continuing.
The first key area of understanding is the separation of the Quorum node (a forked iteration of Geth containing a public and private database) and the concept of the constellation. The constellation is a module that accommodates private transaction processing and has two distinct sub-modules: transaction manager & enclave. The transaction manager stores encrypted payloads, encrypted symmetric keys and encrypted transaction hashes. These hashes serve as indexes for encrypted symmetric keys and their corresponding encrypted payloads, and allow clients to discover if they are privy to a private transaction when they attempt to execute upon receipt of a block. The enclave co-exists alongside the transaction manager and provides utility support for crypto-operations such as symmetric key generation and transaction payload encryption/decryption.
Assume a scenario with three parties -
C - where a private transaction is conducted between
B, and the third party,
C, has no visibility into the transaction inputs and ensuing state.
Ainitiates a private transaction to their Quorum node and specifies
Bas a recipient through the
privateForparameter. The argument passed to this field is the public key of
B’s transaction manager.
Asends the transaction payload to its transaction manager, requesting for it to store the payload.
a. The transaction manager sends a call to its enclave requesting encryption of the payload.
b. The enclave generates a symmetric key (SK) and random nonce.
c. Using the previously generated SK, the transaction payload & nonce are encrypted.
d. The encrypted payload is hashed through a SHA3-512 algorithm.
e. The enclave now holds the SK, an encrypted payload, and a hash of the encrypted payload.
The critical piece here is the SK which can unlock the encrypted payload and make sense of the inputs. But the SK can’t just be transferred out in the open; there needs to be some assurance that only the parties relevant to THIS private transaction will be able to access it. So how is that accomplished? The enclave will use what is called PGP encryption and utilize the transaction manager public keys to encrypt unique symmetric keys for each recipient.
f. The enclave uses its own transaction manager public key -
tm.pub- to generate an encrypted symmetric key (ESK) for itself. It also uses the
B, which it has stored, to generate a separate ESK for
g. The encrypted payload, the hash of the payload and the encrypted symmetric keys are returned to
A’s transaction manager.
A’s transaction manager stores the encrypted payload, the hash and its own ESK. The hash is important here, because it serves as an index or reference for the ESK and the corresponding payload.
A’s transaction manager securely transfers over HTTPS - the encrypted payload, the hash, and the ESK encrypted with
B’s transaction manager.
C’s transaction manager does not receive the three items (encrypted payload, hash and ESK) because its address was not specified in the
privateForfield when the transaction was initiated.
c. The sending party,
A, waits for an ACK response from
B’s transaction manager before the transaction moves forward.
a. Upon confirmation,
A’s transaction manager sends the hash back to its Quorum node.
b. Quorum Node
Areplaces the original transaction payload with the hash. It also changes the transaction’s
Vvalue to 37 or 38, indicating to fellow nodes that the hash represents a private transaction with an encrypted payload as opposed to standard public transactions with executable machine code.
c. The transaction is propagated to the rest of the network using basic p2p protocol.
d. The hashed private transaction gets bundled into a block via RAFT or IBFT consensus and is disseminated to all nodes in the environment.
a. In processing the block, each node will attempt to execute the transaction. The
Vvalue of 37 or 38 informs the nodes that they are dealing with a private transaction and encrypted payload. Upon this realization, they make a call to their transaction manager asking to look up the hash.
b. Recall that the hash serves as an index for the encrypted payload & ESK.
c. Quorum Nodes
Bdiscover that the hash is present in their transaction managers.
B’s transaction managers send a signature, and the encrypted payload + ESK corresponding to the hash to their respective enclaves.
b. The enclave verifies the signature and then takes the transaction manager’s private key to decrypt the ESK.
c. Recall that the
tm.pubwas used to encrypt the SK, so the corresponding private key can decrypt it. With the decrypted SK in hand, the payload can also be decrypted.
a. The decrypted payload is passed back to the Quorum nodes of
Bfor EVM contract code execution.
b. Quorum Nodes
Bmake state updates for the transaction in their private database.
a. Quorum Node
Casks its transaction manager to look up the transaction hash.
b. The transaction manager finds nothing in its database and returns a
nonRecipientmessage to the Quorum node.
c. Quorum Node
Cmakes no updates to its private database.
Every node still appends the same block to its ledger. The key piece here is the addition of the private database in the Quorum node and the encryption/decryption flow made possible by the constellation module.