We are developing an application where we want to store the data of the user on the ethereum blockchain. My thought process is something like this
Have a contract that interfaces with the UI.
When the user enters info on the UI, it triggers the solidity smart contract
The smart contract will inturn trigger an event through oraclejs that will store the data on a database
I want to know if there is a better way to do this.
The blockchain is used for its property of transparency, immutability, security and no downtime. If you use public blockchain the user data will be visible in the transaction and anyone can see it. To utilize the full potential of blockchain I would recommend either using Private Blockchain or encrypt the data while storing in the block.
As storing in Blockchain is costly operation you can store the data in oracle db and store the rowhash(I recommend sha256()) to the blockchain.
mapping (uint=> byets32) dataHashById;
Now whenever you fetch the data from db, you have to make hashing of that row and verify against the hash from blockchain. Thats it.
Related
Is it possible to have application level data privacy in Hyperlegder Fabric v2.2
We have the first network (as referenced in the fabric-samples) in place (Org1 and Org2 with peer0 and peer1 each). I am aware that data privacy can be ensured between 2 organizations using Private Data Collections. Looking at the case where peers in the network can run multiple user applications, consider that, there is app1 and app2 connected to the network via peer0 belonging to Org1. The cause for concern is that despite using private data collections, app1 could access the private data logged by app2 in Org1 private data collection. Is there a way in hyperledger fabric to ensure privacy between apps connected to the network via the same peer.
No, there is not.
You can develop your own authorization routines at smart contract level so that read related operations only return data to authorized users. This way you prevent other clients from accessing data through read operations, but the data is not protected from the peers themselves.
You can also encrypt your data in your client before sending it in a transaction. You can use your own Fabric certificate to encrypt data via ECIES or ECDH encryption schemas (or use any other encryption schema you want). But this way the contract is not going to be able to interpret your data. It will be only able to store it and return it...
In other cases, you may be interested in storing your data in your own private storage system outside Fabric and save only a hash of the data in the channel state as a proof that can be used later if necessary for whatever it is intended to.
These are things you can do to preserve privacy at user level. You can think of other solutions. But Fabric does not provide specific ways to do it. From a blockchain point of view, it is difficult to preserve data privacy at user-level while peers try to reach consensus over that data.
When a Hyperledger Fabric smart contract calls getHistoryForKey it receive the updates for a particular key. I'm wondering where does this information come from? It's not stored in the world-view (levelDB, CouchDB) so it must be retrieved from the blockchain. Does the smart contract has access to blockchain? What am I missing?
There is a setting which enables the history database for peers. It is enabled by default and is a a physically separate database from world state.
Each channel has it's own history database. The history database uses LevelDB (an embedded database) for storage.
The history database stores key/txid/blocknum for each update. When you call GetHistoryForKey, it iterates through the history db and then retrieves the values from block storage.
I am trying to implement a tamper proof uncentralized database of some records. these record are static and they cannot be transferred between participants, i.e, not like some currency or a stock. i just want them to be stored as they are. Identity is an important thing with my project. only certain people can add blocks to the chain, rest of them should be only there to verify the chain. Can i implement a blockchain for this usecase? if it is possible should i use an ethereum chain or hyperledger fabric?
According to your use case which is, certain people, add records and certain query records. A typical normal access control application and the database can solve your issue but,
If you deal with untrusted people and need complete transparency with identity-based access control and equal rights of all participants then hyperledger fabric is best.
Use case: a smart home which gathers raw data from all the sensors within it, processes them and extracts high level information from them. The owner of the house might want to share these information with other people, such as doctors, family members, friends... So, I'm trying to figure out which would be the best way to handle the access permissions on these data. Right now all the information are carefully encrypted and stored in a database (untrusted) and only the people with the right keys can properly decrypt those data.
My idea: I want to use Hyperledger Fabric to store and manage the access permissions to these files and also to store the hash digest of the gathered information for immutability purposes. Once the smart home generates an high level information from the raw data, it stores it inside the database and then it issues a transaction to Hyperledger Fabric with the timestamp and the hash digest of the data.
The smart home owner can share these information with other people, issuing a transaction with the ID of this person and an identifier of the data he would have the access rights on.
So before accessing the information stored inside the encrypted database, the application would check if the requester has the valid permissions stored within the blockchain.
My doubts and questions: since I'm really new on this topic, even though I've read a lot about it, I don't know if this would be an improper use of the Hyperledger Fabric. All the use cases I read about it, store all the data with Hyperledger Fabric, without relying on an external cloud storage service.
Since all the transactions would be stored in the blockchain and the blockchain is maintained by all the peers inside the same channel (btw I would use just one channel to keep everything), they may be able to access to the Hyperledger Fabric database and extract information about the smart home. Am I wrong? If not, how can I solve this issue? I could use the identity mixer feature to "hide" the transaction issuer, but still the transaction would be visible to all of the peers who keep the blockchain available.
I understand your questions. We could not hide all information from Peers, but you can encrypt sensitive information and allow specific people to decrypt it as you mentioned. In addition, even you cannot prevent malicious access on time, but you can collect malicious access activities for auditing in the future. for example: using access control on each world state database of peers.
I am working on a dapp project only using Hyperledger Fabric. The situation is, a bank transfers money from account A to account B. This transaction is recorded in the blockchain. The thing is there will be a role similar to a supervisor. I just want the supervisor to know there was such a transaction and know some detail while some other details are hidden to the supervisor. Can HL Fabric achieve this? Or how can I achieve this?
You can use Hyperledger Fabric 'private data collections’ when participants need to transact on the same blockchain, but keep data private to a subset of transactors (and potentially regulators/auditors). Private data is shared peer-to-peer, with hashes stored on the blockchain as evidence so that all peers can validate transactions.
With private data collections, you can keep the entire state private, or make part of the state public, and part of the state private.
See the Fabric private data documentation and a tutorial.