Privacy in Pantheon: How It Works and Why Your Enterprise Should Care
DISCLAIMER: As of September 2019, the Ethereum client formerly known as Pantheon was submitted to the Hyperledger Project of the Linux foundation, and is now known as Hyperledger Besu. In October 2020 PegaSys was renamed to Quorum.
Pantheon 1.1 was released April 30th. With our new privacy feature, we now have a comprehensive suite of enterprise-grade offerings that make us the premier Ethereum client for enterprises. Along with our permissioning and innovative consensus algorithm, IBFT 2.0, we have a truly decentralized product that enables enterprises to run a blockchain platform in production. Blog post written by PegaSys Strategic Partner Technical Lead Eric Kellstrand.
Why Privacy in Blockchain for Enterprises?
There is no doubt that blockchain is disrupting many industries. While the decentralized nature of public Ethereum and the transparent validation of transactions by the entire network are hugely appealing features, there are cases where enterprises need to protect the flow and storage of their transaction data. PegaSys meets this enterprise requirement with its new privacy features in Pantheon.
With the release of Pantheon 1.1 on April 30th, PegaSys has an open-source, Java-based private transaction management solution that allows for the propagation of secure, private transactions between Ethereum nodes. Using a private transaction manager means that only nodes that are participating in the private transaction are able to access the contents of the transaction.
Privacy in Pantheon 1.1
Off-chain, or Trusted Compute privacy, is designed for processing a large volume of transactions between a pre-defined group of participants. Additionally, it adds the extra security of knowing that only the participants of each transaction have access to the private data. Only the cryptographic hash of the private transaction is stored on the shared blockchain for verification by the network.
PegaSys has tackled trusted compute privacy by introducing Orion as the private transaction manager for Pantheon. When an application indicates a transaction is private for a set of participants, Pantheon routes the transaction through Orion, which maintains the private data. Orion automatically creates a privacy group for the participants, and transmits the private transaction directly to the participants in the privacy group. Pantheon uses the cryptographic hash from Orion to mark the transaction in the public blockchain for the entire network to verify. The transaction in the public blockchain is known as the privacy marker transaction.
Consider Alice, who wants to send a private transaction to Bob. When Pantheon receives the transaction, it is routed through Alice’s Orion. Alice’s Orion creates a privacy group for Alice & Bob to use for their private transactions (see Privacy Group AB below). They can both access the details of their private transactions, but Charlie only has access to the private marker transaction on the blockchain. When Alice sends a private transaction including both Bob and Charlie, Orion creates a separate privacy group for that set of participants (See Privacy Group ABC below).
Maintaining a private state per privacy group is critical to how Pantheon prevents double-spending when private transactions are used. Pantheon maintains both the public world state and a consistent private state for each privacy group.
Transaction privacy is maintained using smart contracts. When the contract is created and stored in Orion, the privacy group of contract participants is also created. All transactions against the contract are available only to the privacy group members. When an application executes the contract, Pantheon attempts to load the contract from Orion. If the Pantheon node is a participant in the contract, Orion has the contract and returns it to Pantheon for normal execution. Since Pantheon is executing the contract, it means the contract has all of the capabilities of any other contract—including the ability to look up shared blockchain data and execute other smart contracts in the same privacy group.
Refer to our Processing Private Transactions documentation for a more detailed explanation of the processing logic.
Regulatory Use Case
Many users and operators of Enterprise Ethereum implementations are required by their legal jurisdictions to comply with laws and regulations related to privacy. For example, banks in the European Union are required to comply with the European Union regulations when providing payment services when storing personal data regarding individuals.
In the regulatory use case, a consortium needs to transfer assets between its members, but restrict the private transaction to the participants involved and a regulatory body. Each member of the consortium and the regulator installs Pantheon and Orion. Bob can then transfer the asset by sending the transaction to Deb and the regulator (Privacy Group BDR below). Simply by sending the transaction to the participants, a privacy group is created and used. This model significantly reduces the regulatory load on all parties. The members don’t need to separately collect and transfer data to the regulator, and the regulator no longer needs to waste effort reconciling multiple disclosures.
Notary Public Use Case
In this use case, a consortium of banks need to achieve private consensus for setting interest rates. Every day, each bank (Alice, Bob, and Charlie below) in the consortium submits their daily interbank interest rate before noon. The trusted 3rd party then averages the data (or runs any other business processing), and publishes the results.
PegaSys has developed a robust privacy solution meeting enterprise needs for today. We continue to develop the features enterprises will need for tomorrow. Future releases will expand current functionality by adding support for explicitly managing privacy group membership. Privacy group management will allow members to be added to and removed from privacy groups, enabling enterprises the flexibility they need to secure their transaction processing.
The PegaSys team strongly believes that extending the capabilities of public Ethereum with privacy mechanisms will greatly improve the adoption of Ethereum amongst enterprise users and consortium blockchains. Pantheon 1.1 is compliant with most of the privacy requirements of the EEA v2.0 specifications. We are committed to working with the Enterprise Ethereum Alliance and its members to continue to create a privacy scheme that is widely adopted, addresses the needs of the enterprise community, meets regulatory concerns, and helps bring about the transformative power of Ethereum.
Ready to get started? Head over to our updated documentation to begin exploring Pantheon and all of its enterprise-grade features.
We are actively looking for customers and system integrators across industries to use Pantheon. If you want to discuss working with us, send us an email at [email protected]
Want to stay in the loop for all future PegaSys updates? Join our mailing list.