Hyperledger Indy Custom Network with Indy Node & Plenum(Protocol & Ledger)

Self Sovereign Identity (SSI) with Blockchain

The popularity of Self Sovereign Identity (SSI) with Blockchain technology is gaining very rapidly where Self Sovereign Identity (SSI) is considered as the future of internet identity and Blockchain technology will be used to build the underlying structures of a proper Self Sovereign Identity (SSI) system. On the other hand Hyperledger Indy provides tools, libraries, and reusable components for providing digital self sovereign identities rooted on blockchains or other distributed ledgers so that they are interoperable across administrative domains, applications, and any other silo. Hyperledger Indy is a developing platform and so far there has no proper tutorial or document for development of a custom Indy network as all other tutorials are based on Indy Test Network. Moreover Indy Sdk is not ready to develop a custom Indy network. So by following this tutorial, anyone can easily build a custom made Hyperledger Indy network as per anyone’s requirements.

To know the necessity of Self Sovereign Identity (SSI), please follow below link:
https://medium.com/@taseen.junaid/self-sovereign-identity-ssi-in-blockchain-the-future-of-internet-identity-6deb75607aa

Self Sovereign Identity (SSI) in Blockchain & The Future of Internet Identity

Hyperledger Indy Network

Indy Node:

Each Indy Node works as a distributed server and each node houses ledger to store records.

Indy Plenum(Protocol & Ledger):

Ledger

Ledger is used to store transactions and each node into a blockchain based distributed system holds the same identical ledger. Currently, Indy Plenum has four types of ledger but plugins can add new ledger too.

Domain Ledger is used to store identity and application specific transactions. For example if you need to store stewards,trustees,actors identity or you need to store credential definition, schema definition or even revocation information of a particular credential, you have to use domain ledger.

Different types of Indy Ledger

Pool ledger is used to store all node specific transactions so that we can create and manage network pools. It is used to add, edit or remove nodes into a distributed system.

Config ledger is used to store configuration related transactions, pool config parameters, transactions validation etc purpose. For example if an authority wants to add a credential definition and needs permission from the majority of stewards, we can store this type of access control options into config ledger.

Audit ledger actually works as a blockchain as it holds a global sequence number of all other ledger transactions(Domain, Pool, Config) in a sequential way.

Protocol

Protocol is the established set of rules that is used to govern our distributed system. Currently Indy uses Redundant Byzantine Fault Tolerance (RBFT) protocol for consensus with a potential plan to move to Aardvark.

Public Permissioned Blockchain

Hyperledger Indy is called a public permissioned blockchain due to its nature. Everyone can read data from ledger without any permission which is the reason to call it public blockchain. On the other hand, to write data into ledger, you need validation according to a consensus mechanism and so it is also called permissioned blockchain.

To write something into a ledger, someone not only needs permission, but also needs consensus from a certain percentage of nodes. For example, a network pool is created with 10 nodes, so to write something into a ledger, someone needs consensus from at least 7 (10–3) nodes. The fault tolerance formula is ‘N = (3F + 1 )’ where ’N’ is the total number of nodes and F is the maximum number of malicious nodes.

Write request

On the other hand, reading data does not need any permission or consensus and anyone can read data from any random node.

Read request

Hands on Tutorial

Prerequisites

Hyperledger Indy network can be created by running nodes on different Ubuntu 16.04 machines. As till October, 2020 there is full support for only Ubuntu 16.04 which is also known as Ubuntu Xenial. So we have to use Ubuntu Xenial where Docker or Virtual Machine can also be used to make the network.
Download the latest version of git if it is not already installed.

Presetup

Please clone the project by using the following command.

git clone https://github.com/Ta-SeenJunaid/Hyperledger-Indy-Tutorial.git

For this tutorial, we will use version v1.0.0 and so we have to checkout that version with the following command.

git checkout tags/v1.0.0 -b v1.0.0-branch

Using tag V1.0.0

To set up the environment, you have to use the “prerequisites.sh” file. Instead of downloading different Indy components, we can also build those from respective sources.

sudo bash prerequisites.sh

Prerequisites

Generating public info using private/secret seed value

Seed is a 32 character long value which acts as an actor’s/component’s private information which is not shareable with others for security reasons. By using seed value, we can generate public information and can share those public information via agents or other mediums.
By calling “get_did_and_verkey.py” with 32 character long seed value, different actors can see their did(Decentralized Identity) and verification keys.

python3 get_did_and_verkey.py --seed 100A000000300000c0000000Steward1

Generating public info using private/secret seed value

Initial Actors and Components

In an Indy based network there are some initials actors called endorsers, these include stewards and trustees.

Trustee
First and foremost actors of our network are trustees. Domain ledger transactions start with trustee. In domain ledger, a trustee can add new stewards too. Both trustee and stewards have power to write on domain ledger.
In this tutorial, we have one trustee with seed value “T0003000u0I000D000F000g0Trustee1”

Stewards
Stewards have power to write on both domain ledger and pool ledger. A steward can add a new node by using pool ledger transactions. A steward can add only one node and so each steward can add its only node into networks.
In this tutorial, as we have three nodes, we use three stewards with seed values
“100A000000300000c0000000Steward1”,
“300600b0D030000000z00000Steward2”, “v000K00l0000S000000e0000Steward3”

You can find different actors role into the following links
https://hyperledger-indy.readthedocs.io/projects/node/en/latest/auth_rules.html#default-auth-map-rules

Nodes:
Every node is a network component which holds ledgers. Users need to initialize each node by calling “init_indy_node.py” with the node name and node’s seed value. This code also prints that node’s public information like verification keys, BLS Public key, Proof of possession for BLS key which we share with others via agents or other mediums.

sudo python3 init_indy_node.py --name Node1 --seed 4000F000u00000D0000000g0000Node1

Initialization of node

In this tutorial, as we have three nodes, we use seed with values
“4000F000u00000D0000000g0000Node1”, “T00000000u0000I0000v0003000Node2”, “300000A00u000z0000600003000Node3”

Single Host Network Development

If we have an existing previous setup, we have to clear that at the very beginning by calling “clear_setup.py”.

sudo python3 clear_setup.py --full True --network sandbox

Clear previous setup

To initialize nodes and to generate domain ledger and pool ledger genesis transactions, we have to call “single_host_generation.sh” file.

sudo bash single_host_generation.sh

Setup

To start Node, we have to use the “start_indy_node.py” file for each node.For Node1:

sudo python3 start_indy_node.py Node1 0.0.0.0 9701 0.0.0.0 9702

For Node2:

sudo python3 start_indy_node.py Node2 0.0.0.0 9703 0.0.0.0 9704

For Node3:

sudo python3 start_indy_node.py Node3 0.0.0.0 9705 0.0.0.0 9706

Node start

To check the node information:

sudo python3 validator_info.py

Node information

To restart the stopped node:

sudo bash restart_indy_node.sh

Node restart

If your validity information shows that your node is stopped, you have to restart it again.

Multi Hosts Network Development

If you want to run the network on a single host, then please skip the “Multi Hosts Network Development” section.

Suppose Host IP of 3 Nodes are ‘191.177.76.26’, ‘22.185.194.102’, ‘247.81.153.79’ respectively. If you want to use your own IP, then you have to edit the “- -ips” flag of multi_host_host1_generation.sh, multi_host_host2_generation.sh, multi_host_host3_generation.sh files. Actually for each node, you have to write that node’s generation file so that no one will be able to know that node’s seed value.

Host 1:
Host IP: 191.177.76.26

sudo python3 clear_setup.py --full True --network sandbox
sudo bash multi_host_host1_generation.sh
sudo python3 start_indy_node.py Node1 0.0.0.0 9701 0.0.0.0 9702

To check node information and to restart stopped node

sudo python3 validator_info.py
sudo bash restart_indy_node.sh

Host 2:
Host IP: 22.185.194.102

sudo python3 clear_setup.py --full True --network sandbox
sudo bash multi_host_host1_generation.sh
sudo python3 start_indy_node.py Node2 0.0.0.0 9703 0.0.0.0 9704

To check node information and to restart stopped node

sudo python3 validator_info.py
sudo bash restart_indy_node.sh

Host 3:
Host IP: 247.81.153.79

sudo python3 clear_setup.py --full True --network sandbox
sudo bash multi_host_host1_generation.sh
sudo python3 start_indy_node.py Node3 0.0.0.0 9705 0.0.0.0 9706

To check node information and to restart stopped node

sudo python3 validator_info.py
sudo bash restart_indy_node.sh

Behind the Scene

At the very beginning, every host has to initialize it’s node with seed value and has to share it’s public information with others.

After that we have to create a domain ledger genesis file with stewards and trustees public information.

Next we have to create a pool ledger genesis file with nodes and stewards public information. Besides that, we have to provide node names, node to node communication ports, node to clients communication ports, node numbers, node IPs, network name etc.

After finishing the domain ledger genesis file and pool ledger genesis file, every host is ready to start it’s node.

Every actor/component has to generate it’s public information with secret seed value and every actor/component has to keep the seed value secret for security purposes. For that reason, we have to use get_did_and_verkey.py and init_indy_node.py file and have to share public information via agents or other mediums.

For single host pluggable setup, we have to modify single_host_generation.sh file and for multi hosts pluggable setups, each host has to write it’s own generation file.

Testing with SDK Applications

Here we’ll be using an Indy SDK API (as provided by libindy) instead of an app, so we can see what happens behind the scenes.

We can follow the following links to know more about “Indy Story Walkthrough”

Link: https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/getting-started/indy-walkthrough.html#indy-walkthrough

Indy Walkthrough - Hyperledger Indy SDK documentation

Link: https://medium.com/@kctheservant/exploring-hyperledger-indy-through-indy-dev-example-10075d2547ae

Exploring Hyperledger Indy through indy-dev Example

Go to any of host machine and you will find pool_transactions_genesis file into following directory:

“/var/lib/indy/sandbox/pool_transactions_genesis”

You can also get pool transactions by going to “indy_network” directory and by executing read_ledger.py file.

Now we have to share the pool_transactions_genesis file with others via agents or other mediums.

Please go to “indy_sdk/src/utils.py” file and fix the “pool_genesis_txn_data()” functions return value according to the pool_transactions_genesis file.

Now from “indy_sdk” directory call “sdk_sample.py” to witness the end to end application demo with Indy SDK. Be careful about putting the steward seed value at “sdk_sample.py” file because we have to use one of our stewards credentials that we use during the network development process.

python3 -m src.sdk_sample

Indy SDK demo

If you face any problem like “Wallet already exists”, “Pool already exists” etc to witness the end to end application demo with Indy SDK then please clear the “.indy_client” folder from your Home directory.

Summary:

This blog is written only for learning purposes and we try to develop Hyperledger Indy customized blockchain network without sharing any private information. We hope this blog will be helpful for you and also expect your valuable reviews so that we all can have a chance to learn from you.

Also, Read

• The Best Crypto Trading Bot
• Crypto Copy Trading Platforms
• The Best Crypto Tax Software
• Best Crypto Trading Platforms
• Best Crypto Lending Platforms
• Best Blockchain Analysis Tools
• Crypto arbitrage guide: How to make money as a beginner
• Best Crypto Charting Tool
• Ledger vs Trezor
• What are the best books to learn about Bitcoin?
• 3Commas Review
• AAX Exchange Review | Referral Code, Trading Fee, Pros and Cons
• Deribit Review | Options, Fees, APIs and Testnet
• FTX Crypto Exchange Review
• NGRAVE ZERO review
• Bybit Exchange Review
• 3Commas vs Cryptohopper
• The Best Bitcoin Hardware wallet
• Best monero wallet
• ledger nano s vs x
• Bitsgap vs 3Commas vs Quadency
• Ledger Nano S vs Trezor one vs Trezor T vs Ledger Nano X
• BlockFi vs Celsius vs Hodlnaut
• Bitsgap review — A Crypto Trading Bot That Makes Easy Money
• Quadency Review- A Crypto Trading Bot Made For Professionals
• PrimeXBT Review | Leverage Trading, Fee and Covesting
• Ellipal Titan Review
• SecuX Stone Review
• BlockFi Review | Earn up to 8.6% interests on your Crypto