2.4 Channels and Private Data

In Hyperledger Fabric, privacy and confidentiality are addressed through two primary mechanisms: channels and private data collections. These features allow organizations to share a blockchain network while keeping certain transactions and data private.

Channel Creation and Management

Channels are private subnets of communication between specific network members. Each channel has its own independent ledger, which is only accessible to organizations that are members of that channel.

Channel Definition

A channel in Hyperledger Fabric is defined by:

• Channel Configuration: Policies and settings that govern the channel
• Member Organizations: Organizations that participate in the channel
• Shared Ledger: A blockchain ledger specific to the channel
• Chaincode: Smart contracts deployed to the channel

Channel Creation Process

Creating a channel involves several steps:

1. Generate Channel Configuration
2. Create a configuration transaction (configtx)
3. Define channel name, members, and policies
4. Specify the ordering service for the channel

5. Set up access control policies

6. Submit Configuration to Ordering Service

7. The configuration transaction is sent to the ordering service
8. The ordering service creates the genesis block for the channel

9. The genesis block contains the initial configuration

10. Join Peers to the Channel

11. Organizations receive the genesis block
12. Each organization joins its peers to the channel

13. Peers initialize their copy of the channel ledger

14. Deploy Chaincode to the Channel

15. Install chaincode on peers
16. Approve chaincode definition
17. Commit chaincode definition to the channel

Channel Configuration Updates

Channel configurations can be updated after creation:

1. Fetch Current Configuration
2. Retrieve the latest configuration block

3. Extract the current configuration

4. Modify Configuration

5. Make changes to the configuration

6. Create a configuration update envelope

7. Sign Configuration Update

8. Collect signatures from required organizations

9. Based on the channel's modification policy

10. Submit Update to Ordering Service

11. Send the signed update to the ordering service
12. Ordering service creates a new configuration block
13. New configuration is distributed to all channel members

Channel Management Best Practices

• Start Small: Begin with essential organizations and add others as needed
• Clear Governance: Establish clear policies for channel management
• Regular Maintenance: Periodically review and update channel configurations
• Documentation: Maintain documentation of channel membership and policies
• Backup: Keep secure backups of channel configurations

Private Data Collections

Private Data Collections provide a way to keep certain data confidential between a subset of organizations on a channel, while still maintaining the integrity of the overall ledger.

Private Data Concept

Private data in Hyperledger Fabric: - Is shared only among authorized organizations - Is stored in private state databases (separate from the channel ledger) - Has its hash stored on the channel ledger (for integrity verification) - Can be purged after a specified number of blocks (for compliance purposes)

Private Data Collection Definition

A Private Data Collection is defined by a collection configuration that includes:

• Name: Identifier for the collection
• Policy: Defines which organizations can persist the data
• Required Peer Count: Minimum number of peers to disseminate data to
• Maximum Peer Count: Maximum number of peers to disseminate data to
• Block to Live: Number of blocks after which data is purged
• Member Only Read: Whether only collection members can read the data

Example collection definition in JSON:

[
  {
    "name": "collectionMarbles",
    "policy": "OR('Org1MSP.member', 'Org2MSP.member')",
    "requiredPeerCount": 1,
    "maxPeerCount": 3,
    "blockToLive": 100000,
    "memberOnlyRead": true
  }
]

Private Data Flow

The flow of private data in a transaction:

1. Client Sends Transaction Proposal
2. Includes both public and private data

3. Private data is sent only to authorized peers

4. Endorsing Peers Process Proposal

5. Simulate transaction with both public and private data
6. Generate read-write sets for both public and private data

7. Calculate hash of private data

8. Client Collects Endorsements

9. Receives endorsements from required peers

10. Assembles transaction with public data and private data hashes

11. Transaction Ordering and Validation

12. Transaction with public data and private data hashes is ordered
13. All peers validate the transaction

14. Private data is disseminated peer-to-peer to authorized organizations

15. Ledger Update

16. Public data is written to the channel ledger
17. Private data hashes are written to the channel ledger
18. Private data is stored in private state databases of authorized peers

Private Data Queries

Chaincode can interact with private data in several ways:

• PutPrivateData: Write private data to a collection
• GetPrivateData: Read private data from a collection
• GetPrivateDataHash: Get the hash of private data
• DelPrivateData: Delete private data from a collection
• GetPrivateDataByRange: Query a range of private data
• GetPrivateDataByPartialCompositeKey: Query using a partial composite key

Example chaincode function using private data:

func storePrivateData(ctx contractapi.TransactionContextInterface, collection string, key string, value string) error {
    return ctx.GetStub().PutPrivateData(collection, key, []byte(value))
}

func readPrivateData(ctx contractapi.TransactionContextInterface, collection string, key string) (string, error) {
    bytes, err := ctx.GetStub().GetPrivateData(collection, key)
    if err != nil {
        return "", fmt.Errorf("failed to read private data: %v", err)
    }
    if bytes == nil {
        return "", fmt.Errorf("private data not found")
    }
    return string(bytes), nil
}

Use Cases for Private Data Collections

Private Data Collections are ideal for several scenarios:

• Bilateral Trading: When two organizations need to keep transaction details private
• Competitive Information: When organizations compete but collaborate on the same network
• Personal Data: When handling personally identifiable information (PII)
• Compliance Requirements: When data must be purged after a certain period
• Selective Disclosure: When data should be shared with only specific participants

Data Isolation and Sharing

Hyperledger Fabric provides multiple levels of data isolation and sharing to accommodate different privacy requirements.

Levels of Data Isolation

1. Network Level
2. Separate Fabric networks for complete isolation

3. Highest level of isolation but limits collaboration

4. Channel Level

5. Separate channels within the same network
6. Data is isolated to channel members

7. Allows selective participation in different business cases

8. Collection Level

9. Private data collections within a channel
10. Subset of channel members can access private data

11. Maintains data integrity through hashes on the shared ledger

12. Encryption Level

13. Encrypt sensitive data within transactions
14. All participants can see encrypted data but only authorized parties can decrypt
15. Can be combined with other isolation mechanisms

Data Sharing Patterns

Several patterns can be used for data sharing in Fabric:

1. Need-to-Know Basis
2. Share data only with organizations that need it
3. Use channels or collections to enforce this principle

4. Minimize unnecessary data exposure

5. Tiered Access

6. Different levels of access for different participants
7. Combine channels and collections for hierarchical access

8. Example: Regulators see all data, participants see only their transactions

9. Time-Based Sharing

10. Initially restrict data to certain participants
11. Gradually expand access as time passes

12. Implement using chaincode logic and access control

13. Conditional Sharing

14. Share data only when specific conditions are met
15. Implement using chaincode logic
16. Example: Share pricing data only after a deal is finalized

Cross-Channel Data Sharing

While channels provide isolation, sometimes data needs to be shared across channels:

1. Client-Side Coordination
2. Applications can interact with multiple channels
3. Aggregate and correlate data from different channels

4. Implement business logic that spans channels

5. Chaincode-to-Chaincode Invocation

6. Limited to chaincodes on the same channel

7. Cannot directly access data across channels

8. Shared Reference Data

9. Maintain reference data on a shared channel
10. Use reference identifiers in transaction channels
11. Allows correlation without exposing sensitive details

Privacy Considerations

When implementing privacy solutions in Hyperledger Fabric, several considerations should be taken into account.

Privacy vs. Performance

Privacy features can impact performance: - More channels increase network overhead - Private data collections add complexity to transaction flow - Encryption/decryption operations consume resources

Balance privacy requirements with performance needs by: - Using channels only for major organizational boundaries - Using collections for finer-grained privacy within channels - Optimizing the number of collections and their policies

Regulatory Compliance

Privacy features can help with regulatory compliance: - GDPR: Use block-to-live feature to implement the right to be forgotten - HIPAA: Use private data collections to protect health information - Financial Regulations: Use channels to separate regulated activities

Privacy Limitations

Be aware of the limitations of Fabric's privacy features: - Channel participants can see all channel transactions - Private data hashes are visible to all channel participants - Metadata (transaction IDs, timestamps) is visible to all channel participants - Historical private data may be cached by applications

Privacy Best Practices

Follow these best practices for privacy in Fabric: - Conduct thorough privacy impact assessments - Design with privacy by default and privacy by design principles - Implement proper key management for encrypted data - Regularly audit access to sensitive data - Combine Fabric's privacy features with application-level controls - Consider off-chain storage for highly sensitive data

Understanding channels and private data collections is essential for designing Hyperledger Fabric networks that meet privacy and confidentiality requirements while enabling collaboration between organizations.