In order to comply with the new central bank regulations, Fabric-based blockchain financial projects face large-scale transformation

Text | Interlink Pulse · Golden Walk

On February 26th, Bank of Jiangsu launched an upgraded version of the blockchain financial project "Su Yin Chain 2.0", which carried out a state secret reconstruction of the "Su Yin Chain" originally based on Hyperledger Fabric to reconstruct the underlying architecture and optimization mechanism of the blockchain.

This transformation is to a large extent to meet the central bank's norms on blockchain. On February 25th, the central bank issued the "Financial Distributed Ledger Technical Security Specification", a financial industry specification (hereinafter referred to as the specification). In terms of crypto algorithms, ledger data, identity management, privacy protection, etc. Institutions and projects have proposed more formal specifications and requirements.

The transformation of Su Yinchain ’s state secrets corresponds to the requirements of the State Council on supporting the state secrets algorithm proposed for blockchain financial projects.

In addition to the Su Yin Chain, Mutual Chain Pulse is concerned that many domestic blockchain financial projects are based on foreign fabrics, and Fabric's framework does not fully comply with various specifications proposed by domestic central bank financial blockchain specifications.

Like Su Yinchain, a large number of blockchain financial projects need to be transformed.

Fabric "bears the brunt"

The full text of the interlink pulse observation specification found that the Hyperledger Fabric architecture was incompatible with the requirements of the specification in five places, and required secondary development of the project or transformation on the business system. The cryptographic module actively reformed by Bank of Jiangsu is the first inconsistency.

In terms of cryptographic algorithms, the specification proposes that the specific cryptographic algorithms used by the distributed ledger system should comply with relevant national specifications such as GB / T 32905-2016, GB / T 32907-2016, GB / T 32918-2016 and GM / T0006-2012 , GM / T0009-2012, GM / T0010-2012. GM / T0015-2012, GM / T 0044-2016 and other related industry specifications.

Mutual chain pulse search national standard full-text open system, commercial password monitoring center, these specifications are mainly related to the SM2 elliptic curve public key cryptographic algorithm, SM3 cryptographic hash algorithm, SM4 block cryptographic algorithm, SM9 identification cryptographic algorithm. That is to say, institutions that are engaged in the construction of blockchain systems and service operations have put forward national requirements for passwords.

However, in terms of password support, Fabric does not support the national secret algorithm and does not meet the requirements for the use of commercial passwords. Therefore, a blockchain-based financial project based on the Fabric architecture may need to replace a cryptographic module to meet regulatory requirements in order to meet the severe test of current Internet security.

The second incompatibility is in terms of ledger data.

The specifications issued by the central bank this time put forward more detailed requirements for the security audit of ledger data. Access to the ledger data should provide a security audit function. The audit records include audit-related information such as the date, time, user ID, and data content of the access. In the case of data change failure, node validity check failure, consistency check failure, etc., Audit records are required.

At present, all or part of Fabric's ledger can be audited, but it is incomplete compared to the above audit specifications. A blockchain-based financial project based on Fabric should be re-developed to support the needs of the ledger audit.

In addition, the main discrepancy between the specifications and projects based on the Hyperledger Fabric architecture is in identity management.

The central bank regulations require that corresponding entities should implement effective user identity management. The main functions include identity registration, identity verification, account management credential life cycle management, identity authentication, node identification management, identity update and revocation, etc.

Among them, in terms of credential life cycle management, the standard proposes that credential management of financial distributed ledgers should include the management of the entire process of generating, storing, using, revoking, and terminating vouchers, and each of these links basically involves the user's digital identity , You need to verify the identity of the user.

Generally, on the blockchain, the real identity of an account is not bound. If the project is to comply with this specification, it needs to be implemented through a business system. Even if it is to be recorded on the chain, it is necessary to identify the user's identity before the chain.

The same is true of identity supervision audits. The regulation proposes that the regulatory information should include at least financial regulatory information, specifically the current work site / school, industry type, country of residence, etc. This requires the transformation of business systems for non-compliant projects.

The fourth inconsistency is in the area of ​​privacy protection. The specification proposes that relevant parties should formulate privacy protection policies based on specific scenarios to balance the confidentiality and privacy protection of information provided by the distributed ledger with the efficiency of implementation. At the same time, privacy information should be classified according to the degree of sensitivity, and corresponding privacy protection policies should be set.

If Fabric-based projects cannot meet these privacy protection requirements, they need to transform business systems and on-chain smart contracts at the same time.

Finally, in terms of regulatory support, the norm requires that system supervision should support the access of supervisors; it should support the supervision activities of supervisors; and it should support supervisors to access the lowest level data to achieve penetrating supervision. Fabric is a semi-decentralized architecture, but has not yet been able to support penetrating supervision and requires secondary development of the project.

Domestic multi-bank projects are based on the Fabric architecture: some have been reformed for state secrets and supervision

The mismatch between the projects based on the Fabric architecture and the specifications has led to further transformation and upgrading of domestic blockchain financial projects.

Inter-chain pulse statistics. At present, many blockchain projects in the domestic financial sector, especially in the banking industry, are based on Fabric. For example, Bank of China, Minsheng Bank, Postal Savings Bank, Industrial and Commercial Bank of China, and Construction Bank have all launched the use of Fabric architecture. Blockchain financial project.

(Tabulation: interlink pulse)

Some of these projects have optimized the system during the development process and have met the specifications and requirements put forward by the specifications. Inter-chain pulse statistics, in addition to the Su Yin chain, three fabric-based projects have been transformed in the crypto module.

The domestic letter of credit information transmission system (BCLC) based on blockchain technology jointly launched by Minsheng Bank and CITIC Bank in June 2017; Forfaiting, a blockchain created by CITIC Bank, Bank of China, and Minsheng Bank in September 2018 Trading platform (BCFT); Beijing Hongchain Technology Co., Ltd. launched the macrochain technology blockchain infrastructure in 2016, all based on Hyperledger Fabric.

At present, the three platforms have provided support modules for national secret algorithms, which are in line with the requirements of the specification.

In addition, Interchain Pulse is concerned that the domestic letter of credit information transmission system (BCLC) based on blockchain technology has not only transformed the cryptographic module during the development process, but also developed the regulatory aspects to conform to the specifications.

In the system, the supervisory authority can be accessed as a node on the chain, and an open and transparent bank transaction ledger can help the supervisory authority to collect all business data and manage it in real time. At the same time, node monitoring, block monitoring, contract management, transaction data viewing, etc. can be realized through a visual monitoring platform, which supports horizontal expansion of data storage, regular automatic archiving and a comprehensive log management mechanism.

The Blockchain Forfaiting Trading Platform (BCFT) project, also initiated by multiple banking institutions, has also been optimized in terms of supervision and privacy.

In terms of data privacy protection, the platform uses multiple mechanisms to ensure that only transaction participants can decrypt data. At the same time, taking into account practical applications, the project raised the barriers to entry and added commercial features such as privacy, security, and auditability.

In addition, the macro chain technology blockchain infrastructure also has the field of optimized privacy protection. It implements privacy protection technology based on algorithms such as blind signature, RSA, DSA, and negotiated passwords.

In addition to the above, in November 2019, Bank of China Insurance Information Technology Management Co., Ltd. launched the China Banking and Insurance Credit Information Alliance Chain, which also relies on the blockchain technology based on Fabric.

Observing the pulse of each other, China Banking Insurance Information Technology Management Co., Ltd. is one of the regulatory agencies of the China Banking and Insurance Regulatory Commission. The establishment of the alliance chain is to serve supervision to a certain extent. .

According to public information, it is not yet clear whether other Fabric-based projects have transformed the areas of national secrets, supervision, and privacy.

However, the implementation of the current standard will definitely affect the choice of the project's underlying architecture or will have a certain impact on Fabric; at the same time, it will also regulate the domestic blockchain financial projects and promote their better development.

This article is the original [mutual chain pulse], the original link: , please indicate the source when reproduced!