Transaction Verification with Homomorphic Encryption (Demo)

Select a 4.x.x version (corresponding to Fabric v2.2) for Version, enter a blockchain name, and select ECDSA for Security Mechanism. Retain the default settings for the organization quantity and name.

1. Click Instance Management, and click a target instance cluster where the homomorphic encryption chaincode will be installed.
2. Choose Workloads > StatefulSets. Select a target cluster, click More in the Operation column of a target peer workload, and click Edit YAML.

   

3. Change the version number of CORE_PEER_CCENV_IMAGE_NAME to 3.0.5.

   

Install and instantiate the demo chaincodes transaction.zip and IDChaincode.zip.

• To facilitate subsequent operations, name the chaincodes transaction and idchaincode.
• During chaincode installation, enter 1.0 for Chaincode Version (as shown in the demo chaincode), and set Golang for Language.
• If the chaincode is developed by yourself, use the chaincode library interface file api_ahe_cc.tar.gz.

• Select SDK Configuration File.

  Chaincode Name: transaction

  Certificate Path: /home/paas

  Channel: channel

  Member: organization

• Select Orderer Certificate.
• Select Peer Certificates, retain the default selection for Peer Organization, and select Administrator certificate.

1. Download the installation package go1.11.5.linux-amd64.tar.gz, upload it to the /usr/local directory on the local server, and decompress the package.

   tar -zxvf go1.11.5.linux-amd64.tar.gz

   

2. Add the following environment variables to the /etc/profile file:

   export GOROOT=/usr/local/go
   export PATH=$PATH:$GOROOT/bin
   export GOPATH=/opt/gopath
   export PAAS_CRYPTO_PATH=/opt/hao
   export PAAS_SSL_ROOT=/opt/hao

3. Run the following command to make the environment variables take effect:

   source /etc/profile

1. Go to the /opt/gopath directory (if this directory does not exist, create it manually), and upload the SDK library (sdk1.11.5.tar.gz), homomorphic encryption library (ahelib1.11.6.tar.gz), and OpenSSL library (openssl.tar.gz). Run the following command to decompress the packages to the current directory:

   tar -zxvf xxx

   

2. Go to the /opt/gopath/src/ahe/PSW/deps/lib directory and copy the files in the directory to the /usr/local/include/openssl/ directory (if this directory does not exist, create it manually).
3. Go to the /opt/gopath/src/ahe/PSW/example/appdemo/ directory and run the go build command to compile the appdemo file.

   

   

1. Create a folder, for example, mkdir cj, in the /home/paas/ directory to generate an image.
2. Decompress the package downloaded in 5. In the /home/paas/cj directory, upload the administrator certificates of the orderer and peers, and copy the appdemo file compiled in Step 6.3, OpenSSL library, SDK library, and Dockerfile to the current directory and decompress them.

   

   

   After decompression, add libltdl.so.7 and libltdl.so.7.3.0 to the /home/paas/cj/openssl directory.

3. Run the unzip xxx.zip command to decompress the administrator certificates of the orderer and peers. Move the decompressed certificate files respectively to the /home/paas/cj/orderer and /home/paas/cj/peer directories (if the directories do not exist, create them manually).

   

4. Decompress the package downloaded in 5 to obtain a .yaml file from the sdk-config folder and modify the certificate path configuration in the file.
   For example:

   1. Delete the hash prefixes from the peer addresses in all paths. Change the peer addresses to the addresses shown in the following figure.

      

   2. Check the paths of the decompressed certificates. After the modification, the SDK configuration file does not contain paths with hash values.

      

   3. Delete the code (if any) in the certificateAuthorities section from the SDK configuration file, save the file, and upload the file to the /home/paas/cj directory.

      

      The following is an example of the modified SDK configuration file:

      name: "global-trade-network"
      
      x-type: "hlfv1"
      x-loggingLevel: info
      
      description: "The network to be in if you want to stay in the global trade business"
      
      version: 1.0.0
      
      client:
      
        organization: aa73c757c9026fb623495d7058ca177f6152bcea
      
        logging:
          level: info
      
        peer:
          timeout:
            connection: 10s
            queryResponse: 45s
            executeTxResponse: 120s
        eventService:
          timeout:
            connection: 10s
            registrationResponse: 50s
        orderer:
          timeout:
            connection: 10s
            response: 45s
      
        cryptoconfig:
          path: /opt/gopath/src/github.com/hyperledger/fabric
      
        credentialStore:
          path: "/tmp/hfc-kvs"
      
          cryptoStore:
            path: /tmp/msp
      
          wallet: wallet-name
      
        BCCSP:
          security:
           enabled: true
           default:
            provider: "SW"
           hashAlgorithm: "SHA2"
           softVerify: true
           ephemeral: false
           level: 256
      
      channels:
      
        tongtai:
          orderers:
      
            - orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9-0.orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9.default.svc.cluster.local
      
          peers:
      
            peer-aa73c757c9026fb623495d7058ca177f6152bcea-0.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local:30605:
              endorsingPeer: true
              chaincodeQuery: true
              ledgerQuery: true
              eventSource: true
      
            peer-aa73c757c9026fb623495d7058ca177f6152bcea-1.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local:30606:
              endorsingPeer: true
              chaincodeQuery: true
              ledgerQuery: true
              eventSource: true
      
          chaincodes:
            - transaction:1.0
      
      organization:
      
        aa73c757c9026fb623495d7058ca177f6152bcea:
          mspid: aa73c757c9026fb623495d7058ca177f6152bceaMSP
      
          cryptoPath:  /home/paas/peer/msp
          tlsCryptoKeyPath: /home/paas/peer/tls/server.key
          tlsCryptoCertPath: /home/paas/peer/tls/server.crt
      
          peers:
      
            - peer-aa73c757c9026fb623495d7058ca177f6152bcea-0.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local:30605
      
            - peer-aa73c757c9026fb623495d7058ca177f6152bcea-1.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local:30606
      
          certificateAuthorities:
            - ca-org1
      
        ordererorg:
            mspID: "2cf8802066c1c5011fd396c54c9126a17c9cfcc9MSP"
      
            cryptoPath: /home/paas/orderer/msp
      orderer-eip: 49.4.81.160
      orderers:
      
        orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9-0.orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9.default.svc.cluster.local:
          url: grpcs://49.4.81.160:30805
      
          grpcOptions:
            ssl-target-name-override: orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9-0.orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9.default.svc.cluster.local
            grpc-max-send-message-length: 15
      
          tlsCACerts:
            path: /home/paas/orderer/msp/tlscacerts/tlsca.2cf8802066c1c5011fd396c54c9126a17c9cfcc9-cert.pem
      
      peers:
      
      
        peer-aa73c757c9026fb623495d7058ca177f6152bcea-0.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local:30605:
      
      
          url: grpcs://49.4.81.160:30605
      
          grpcOptions:
            ssl-target-name-override: peer-aa73c757c9026fb623495d7058ca177f6152bcea-0.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local
            grpc.http2.keepalive_time: 15
      
          tlsCACerts:
            path: /home/paas/peer/msp/tlscacerts/tlsca.aa73c757c9026fb623495d7058ca177f6152bcea-cert.pem
      
      
        peer-aa73c757c9026fb623495d7058ca177f6152bcea-1.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local:30606:
      
      
          url: grpcs://49.4.81.160:30606
      
          grpcOptions:
            ssl-target-name-override: peer-aa73c757c9026fb623495d7058ca177f6152bcea-1.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local
            grpc.http2.keepalive_time: 15
      
          tlsCACerts:
            path: /home/paas/peer/msp/tlscacerts/tlsca.aa73c757c9026fb623495d7058ca177f6152bcea-cert.pem

5. Modify Dockerfile: Change the name to that of the .yaml file decompressed from the downloaded SDK.

   

6. In the /home/paas/cj/ directory, run the following commands to package all files into an image. Ensure that you have installed Docker in advance.

   docker build -t tongtaidemotest:byl1 . 
   docker save tongtaidemotest:byl1>tongtaitest.tar

   

   

   Ensure that the EulerOS 2.2.5 image already exists on the local PC. Otherwise, the packaging will fail.

   

1. Download the packaged image to the local PC. Log in to Huawei Cloud and go to the CCE console. Create a Deployment in the cluster where the BCS instance is deployed, setting the pod quantity to 1. Switch to the new CCE console in the upper right corner.

   

   

2. On the Container Settings tab page, select an image.

   

3. Click Upload Image. On the displayed Dashboard page, click Upload Image.

   

   

4. Select the packaged image file and wait until the upload is completed.

   

5. Then, go to the Select Image page, select the image, and click OK.

   

6. On the Lifecycle tab page, set the Startup Command.
   • Command: /bin/sh
   • Args:

     -c

     sleep 10000

   

7. Submit to create a Deployment. Save the settings.

   

1. Log in to the ECS where the cluster is deployed, and run the following command to check whether the application container is normal:

   docker ps -a | grep tongtai |grep container

   

2. You can view the name of the deployed application. Run the following command to access the container:

   docker exec -it Container ID bash

3. Add the domain name mapping between the orderer and peers to the /etc/hosts file.

   Query the domains of the orderer and peers in the downloaded sdk.yaml file, and add "IP address + Domain of the orderer" and "IP address + Domain of each peer" to the end of the /etc/hosts file, as shown in the following figure.

   

   x.x.x.x orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9-0.orderer-2cf8802066c1c5011fd396c54c9126a17c9cfcc9.default.svc.cluster.local
   x.x.x.x peer-aa73c757c9026fb623495d7058ca177f6152bcea-0.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local
   x.x.x.x peer-aa73c757c9026fb623495d7058ca177f6152bcea-1.peer-aa73c757c9026fb623495d7058ca177f6152bcea.default.svc.cluster.local

4. Run the following commands to configure environment variables and view the registration command:

   export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/paas/openssl
   cd /home/paas
   ./appdemo register -h

   

   • If you log out of the container during demo transactions, run the environment variable configuration commands again when logging in to the container next time.
   • In the preceding command, ./appdemo register -h is used to view the registration command parameters.

   

./appdemo register -u B -p tongtaitestB -i 100  -c ./test-sdk-config.yaml -C tongtai -I idchaincode -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

-u: the registered user name (B).

-p: user B's password (tongtaitestB). The password must contain at least two types of the following: uppercase letters, lowercase letters, digits, and special characters.

-c: the SDK configuration file name.

-C: the name of a channel for installing the chaincode.

-I: the actual chaincode name used after installing the demo chaincode IDChaincode.

-T: the actual chaincode name used after installing the demo chaincode Transaction.

-o: the organization ID of the peer, which can be queried on the Channel Management page.

The parameter description is the same in the following demos.

The returned value is an encrypted address, for example:

b22edf18d64f57954640c8f3f6cf67d9401f262daead588ddfexxxxx

./appdemo register -u A -p tongtaitestA -i 200  -c ./test-sdk-config.yaml -C tongtai -I idchaincode -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

The returned value is an encrypted address, for example:

2efc4639bc281060ce013dfea33a47b647b6f4a20103a6321c33dxxxxxx

./appdemo transaction -u A -p tongtaitestA -b b22edf18d64f57954640c8f3f6cf67d9401f262daead588ddfe8178xxxx -t 10 -c ./test-sdk-config.yaml -C tongtai -I idchaincode -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

The parameter after -b indicates the address of account B (the receiver), which is the value returned when registering account B.

The return value is the address of account A: 2efc4639bc281060ce013dfea33a47b647b6f4a20103a6321c33d67d5xxxx.

./appdemo querybalance -p tongtaitestA -u A -c ./test-sdk-config.yaml -C tongtai -I idchaincode -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

./appdemo querybalance -p tongtaitestB -u B -c ./test-sdk-config.yaml -C tongtai -I idchaincode -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

./appdemo homoadd -c ./test-sdk-config.yaml -a 30 -b 60 -C tongtai -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

The parameters after -a and -b are two numbers for additive homomorphic encryption.

./appdemo homomulti -c ./test-sdk-config.yaml -a 100 -b 5 -C tongtai -T transaction -o aa73c757c9026fb623495d7058ca177f6152bcea

The parameters after -a and -b are multipliers for multiplicative homomorphic encryption. The value after -a is encrypted, while the one after -b is in plaintext.