Since launching its Azure Blockchain as a Service (BaaS) last November, Microsoft has worked with partners to understand core industry scenarios, and to develop the technologies to bring blockchain to enterprises, governments, and individuals.
Project Bletchley is Microsoft’s vision for an open, modular blockchain powered by Azure, according to Marley Gray, director of blockchain business development and strategy at Microsoft, in an Azure blog. That vision, articulated in a white paper on Github, includes new elements the company believes to be key to enterprise blockchain architecture.
Bletchley represents Microsoft’s approach to an enterprise consortium blockchain ecosystem. It marks an attempt to bring distributed ledger platforms to create solutions to business problems in an open platform.
Project Bletchley themes include:
• Platform openness
• Privacy, identity, key management, security, operations management and interoperability
• Scale, performance, support and stability
• Consortium blockchains – members-only, permissioned networks for members to execute contracts
Azure serves as the cloud platform where distributed applications are created and delivered. Its availability in 24 regions, hybrid cloud capabilities, extensive compliance certification portfolio, and enterprise-grade security allow blockchain adoption, particularly in regulated areas such as government, financial services and healthcare.
It will be open to various blockchain protocols and support simple, unspent transaction output-based protocols such as Hyperledger; sophisticated, smart contract-based protocols such as Ethereum; and others.
Project Bletchley introduces two concepts: Cryptlets and blockchain middleware.
Blockchain middleware will offer core services that function in the cloud, such as operations management and identity, along with data services such as machine learning and analytics. Such technologies can ensure the secure operation blockchain provides. They can also provide the reporting and business intelligence capabilities regulators and businesses require.
New middleware will work with existing Azure services such as Key Vault and Active Directory and other blockchain ecosystem technologies to offer a set of solutions and a holistic platform.
Cryptlets are a new blockchain technology to allow secure communication between Azure and Microsoft. Cryptlets function when additional information is required to execute a transaction or a contract, such as time and date. Cryptlets will be a critical component of high-level blockchain systems, allowing all technology to work together in a scalable, secure way.
Project Bletchley will deliver blockchain as a service (BaaS) that is flexible and open to all partners, customers and platforms.
Open source technologies will be this ecosystem’s building blocks. The key to establishing trust within the larger ecosystem and accelerating innovation is supporting open standards for protocol level deployments of P2P/networking, database, consensus and virtual machines.
Azure will remain open to all consensus algorithms, protocols, databases and virtual machines. But Bletchley will launch a modular framework allowing users to decide what combination of technologies best fits the business domain they wish to address. Since each distributed ledger will ensure that all nodes on that network agree, there will be many ledgers by default.
Public blockchains such as Ethereum, bitcoin and others will define their protocol stacks, but consortium (a new way to refer to private, permissioned blockchains) distributed ledgers will specify their networks based on the business they address.
In financial services, for instance, a distributed ledger meeting the privacy, security, performance, functional and regulatory requirements for a derivative contract will differ from one handling cross-border payments. There will have to be separate distributed ledgers operating the networks. It will not need a 1-1 mapping between blockchain and product because similar products can reside on the same distributed ledger.
A modular framework will permit consortiums to choose the best components and create their distributed applications regardless of the supporting detail. It will also permit the components to change barring dependencies developed above the core layer.
Cryptlets are the main building block for launching a secure blockchain middleware tier to the architecture. Given blockchain’s distributed nature, the middleware functions naturally as a service in the cloud such as AWS, Private, Google and Azure/Azure Stack.
In what is referenced as blockchain 1.0 and 2.0, if external events or data based on market conditions or time need to interact with the blockchain, an “oracle” is needed. There is not a standard way to supply “oracle” data securely. It can rapidly become an issue in multi-party smart contracts. Calling data or code outside a smart contract or a blockchain in general breaks the trust, compromising the authenticity of the transactions that depend on it. Cryptlets provide this functionality.
Cryptlets are off-chain code components written in any language. They execute within a trusted, secure container and communicate with secure channels. They can be used in UXTO systems and smart contracts when additional information or functionality is required and given using an adapter or “CryptoDelegate.”
A CryptoDelegate is the function “hook” in the smart contract virtual machine that calls the Cryptlet from the smart contract code that extends the authentic and secure envelope for transactions. They are registered at the attested host^1 and automatically created or referenced by developers.
Two Main Cryptlets
There are two main Cryptlet types; contract and utility.
Utility Cryptlets have their own identification and signatures registered for use in the cloud. They make up the bulk of blockchain middleware and provide horizontal services such as encryption, time and date events, external data access and authentication services. Developers can find and enlist Cryptlets into their smart contracts to build more trusted and robust transactions.
Contract Cryptlets are full delegation engines acting as a smart contract surrogate off the chain. These provide the execution logic, and they securely store the data in the smart contract. They are bound to their smart contract and they are created on the fly when the contract is deployed to the blockchain. Since contract Cryptlets don’t execute in the virtual machine, they don’t operate on all nodes in a blockchain. They can run in parallel and execute on vertically-scaled systems for better performance.
Contract Cryptlets can act as bots or autonomous agents, interacting off the chain while maintaining the integrity of the smart contract and the blockchain. They are desirable to consortium blockchains where smart contracts are signed by known counterparties and there is no need for execution of the logic to run globally. This will permit smart-contract-based blockchains to scale computational power and overall performance.
When a smart contract has to use a Cryptlet, a CryptoDelegate is called that uses aspects within the smart contract language, such as Solidity. Attributes can be put in the code to indicate the execution of logic at the attribution point is delegated through the CryptoDelegate. For instance, if a property in a smart contract has to be encrypted and only visible to counterparties to the contract, such an attribute can be applied.
uint public trade_amount = 0;
The attribute will indicate the field is to be encrypted, but not how. That gets determined at runtime based on a policy that is set in the cloud. The registration of Cryptlets is maintained by a blockchain for the network and it links to a policy stored by Bletchley.
By using Cryptlets via the CryptoDelegate, the security envelope extends from the smart contract on the blockchain using secure communications (HTTPS/SSL), key verification, attested hosting, and signature recording in the smart contract by the Cryptlet that provides the service. Optional attributes can also allow process isolation for additional security levels.
Cryptlets and/or their Cryptlet container can also include digital signatures from or be signed by identities that the Cryptlet could work “on-behalf of.”
For instance, a user can create a Cryptlet and sign it with a digital signature and perform actions as an agent for the user in a business process.
The addition of this middleware tier can be considered as Blockchain 3.0; logic and data on a chain with Cryptlets called by a CryptoDelegate from a smart contract for off-chain functionality.
Because a distributed ledger network’s value is multiplied by its number of participants, consortiums will dominate. This requires interoperability. It also requires management, operations, key management, privacy, identity, and an enhanced execution model.
Blockchain middleware is basically an enterprise consortium distributed ledger fabric that will feel and look like traditional middleware, but it would span the globe functioning primarily as Platform as a Service or APIs.
Core Services Provided
It will provide the following core services:
- Identity and Certificate Services: This is functionality found in Key Vault and Azure Active Directory to provide PaaS services for authorization, authentication, storage, key issuance, access and lifecycle management. Giving Cryptlet registration and policy and establishing an identity for organizations, people, contracts, key transactions and other things, the service can serve as a platform for others to create vertical services such as asset registration, know your customer service, etc.
- Encryption Services: Partial payload encryption, or field level encryption for blockchain transactions with encryption schemes (threshold, homomorphic, etc.) to make secret values that should only be seen by regulators, counterparties and the owner.
- Cryptlet Services: Attested hosting for Cryptlets to be invoked securely by CryptoDelegates in smart contracts or UTXO adapters. Services such as trust validation, location and secure isolated containers will give the runtime for Cryptlets written in any language to be executed deterministically. Specifications for Cryptlets, CryptoDelegate and Adapters will be provided to the community using an open source so they can be deployed in other distributed ledgers.
- Blockchain Gateway Services: Interledger-like services to enable tokenized objects and smart contracts to be passed between different ledger systems. Such a service can give transactional integrity to inter-ledger transactions such as the transfer of financial instruments in a supply chain that spans a number of blockchains.
- Data Services: Key data services such as distributed file systems (Storj, IPFS, etc.) of off-chain data referenced by public keys. These include advanced analytics, auditing, dashboarding and machine learning services for smart contracts, consortia, blockchains and regulators.
- Management and Operations: Tools for management, deployment, and operations of enterprise consortia distributed ledgers will deliver the enterprise maturity that is lacking in today’s market.
The base platform tier can be any smart contract or UTXO implementation. If the platform selected supports the Bletchley model, the underlying modules can be exchanged out for partner offerings such as Intel’s POET and Tendermint.
The middleware tier can be consumed by any consortium node by direct integration of the CryptoDelegate in the UTXO Adapter or VM, regardless of the node’s location (private data center, Azure, AzureStack, AWS, etc.).
Middleware is needed to provide the common enterprise consortium blockchain fabric for vertical solutions. The integration of existing tools can expose distributed ledger capabilities to end users in a way with which they are familiar.
New Categories To Emerge
Entire new categories can be developed within the marketplace. Cryptlets, base platform components, new distributed middleware services and full smart contract libraries can be developed, bought and used within the tools end users use every day.
A bank can generate a certified commercial loan smart contract and list it on the marketplace and be paid for each instance created. A small business owner can select an open project funding request smart contract to crowd source a project. A developer can discover a KYC Cryptlet to meet requirements for an application and a consortium can find the next best consensus algorithm to improve performance.
Consortiums will form and settle into networks. The networks will interoperate with each other with transactions, ownership transfers and value along with provenance and lineage tracking over ecosystems. With machine learning observing these distributed ledgers, no one knows what will be discovered.
Images from Shutterstock and GitHub.