Blockchain/Distributed Ledger is a system to record the transaction of assets in which the transactions and its details are recorded in multiple places. Unlike traditional databases, these ledgers do not have a central data store. Such a system inherently provides data security — security that only the right transactions are “WRITTEN” to the ledger and the ledger remains consistent for any “READS” in the future.
For the past few months, we at Sahaj have been working on a developing a product for the life sciences industry, on a Blockchain platform.
A generic intro to the problem:
There are multiple stakeholders and there are business workflows around documents, digital assets where respective assets have access and action privileges mapped to specific roles / individuals. There are various events that require 100% verification i.e. proof reading. Imagine a user uploads a document, shares with a certain group of users. Now it is imperative for the document to be stored in a tamper proof manner. Regulatory compliance is of utmost significance to any software built in this space.
What did we do?
We started building a POC to demonstrate how blockchain can be used to build a solution for tamper proof workflows, event recordings etc. Our POC was built using NodeJS, Ethereum, Solidity and Data Store (Postgres/S3). We used Ansible to automate our deployments.
Why Ethereum?
The community is active, the documentation is super useful, truffle framework made development and testing a lot easier. One of my colleagues, Srini has written a couple of cool posts about getting started with Ethereum and Solidity. This should give you an introduction to the truffle framework and how to get started writing your own smart contracts. We also used Ganache — which provides a nice chain explorer like etherchain.org.
What are smart contracts?
A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. Smart contracts allow the performance of credible transactions without third parties. These transactions are trackable and irreversible
Proponents of smart contracts claim that many kinds of contractual clauses may be made partially or fully self-executing, self-enforcing, or both. The aim of smart contracts is to provide security that is superior to traditional contract law and to reduce other transaction costs associated with contracting. (Thanks wikipedia)
Ethereum allows to write these smart contracts that reside on the blockchain and they are immutable in nature, ie. the code cannot be deleted or modified in the blockchain once it is deployed. This can be written using Solidity or other languages, but the most preferred is solidity. It is a turing complete language.
Smart Contracts are made of state and functions. Functions are essentially operations that change the state of a contract.
Transactions:
The process by which assets are moved from one party to another in the network is known as Transaction. One can extend this notion using smart contracts to record events, store state etc. All transactions are recorded and permanently stored on the ledger. Lets say a doctor wants to add a report of a patient, and the patient confirms the correctness of the report — we model this workflow using 2 transactions on a smart contract, in the network.
function storeReport
(bytes32 patient_id,
string report_id,
string report_fingerprint){
patients[patient_id].status = ReportStatus.SUBMITTED;
string memory content = strConcat(“Patient ID—“, patients[patient_id].patient_mnemonic
,”report submitted”);
AuditLog(content, msg.sender, now); //Report Submitted
}function verifyReport(bytes32 patient_id, string report_id, string report_fingerprint) {
if (sha3(patients[patient_id].status) == sha3(’SUBMITTED’))
patients[patient_id].status = ReportStatus.VERIFIED;
string memory content = strConcat(“Patient ID—“, patients[patient_id].patient_mnemonic,
”report verified”);
AuditLog(content, msg.sender, now); //Report Verified
}
Putting it together:
In the POC, all stakeholders are participants in the system. A Nodejs app is responsible for creating user accounts, managing user keys and signing transactions for those accounts. This app communicates with the blockchain using Web3, an Ethereum JSON-RPC Client. Blockchain functions like a distributed DB storing all the user interaction logs/events, creating fingerprints of associated data. Such finger prints are used to verify the tamper proofness of the system.
For the POC, we set up a private Ethereum network with a couple of nodes. Ethereum is a currency-based blockchain and has gas prices for every “write” transaction (brought in primarily to prevent DDOS attacks on the public chain). This could change with the Enterprise Ethereum Alliance suited for enterprises and private blockchains. For our problem, the concept of currency doesn’t make any intuitive sense.
For a user to record a transaction, he or she needs to have an user account on the blockchain and also have currency to send the transaction. To do this, we seed every user’s account with some seed Ether — say 1ETH ~ 10¹⁸ WEI. In order to accomplish this, there must be some account configured with some money to be distributed to the users onboarded to the system. The simplest way to do this is to create an address with funds allocated in the genesis block.
DLT & Nodes:
There are 2 distinct types of nodes
Miners — Propose the “WRITES” to the system
Full Nodes — Ensure the proposed writes are consistent and maintain the state of the ledger.
Below diagram details the typical transaction workflow across the nodes in the system based on Proof Of Work.
Where are we right now?
We were able to successfully demonstrate and visualize the impact of using a decentralized distributed ledger to obtain tamper proofness and security, which could primarily impact operational efficiency and regulatory compliance. We are currently moving away from POC to the Product — Onboarding regulators without exposing user identities (hello, GDPR!)…. We are exploring other blockchain frameworks, Proof of Authority and other aspects that could play a crucial role for this problem space. There are many challenges starting from the determining the number of nodes, proving the immutability, ensuring data migration across smart contract deploys, scalability and many more :-).
