@lambeta
2020-02-14T07:42:32.000000Z
字数 11696
阅读 340
blockchain smartvin
smartVIN平台初始的目标是金融领域,包括批发金融,销售金融,自动轧差等金融业务。但是随着业务发展的多元化,我们发觉了很多2C的场景值得尝试,这些场景涉及用户身份,数字资产,车辆证明,车检证明,分时租赁,二手车买卖。多元化的业务对于技术平台提出了新的挑战,我们发现用户身份,资产“钱包”,甚至跨链资产转移越来越重要。所以我们保持开放的态度,在现有平台局限的地方寻找新平台的原生特性支持。
本文档主要分析smartVIN迁移到开放区块链平台evan.network在下面6个维度上存在的挑战和得到的优势。
在smartVIN的上下文中,我们针对evan.network和Corda平台给出一些主观的对比评价和迁移工作量大小的粗略评估。
NFR in smartVIN context
The smartVIN platform need to be permissioned networks for business participants. Platform requires the capability to manage identity for participants. Which means:
1. Enroll new participants to the network.
2. Avoid illegal party to participate in existing network.
3. Manage the identity information for each participant.
4. Confirm the of identity information of participants in transactions for further auditing purpose.
5. Exiting mechanism for retired participants.
上面提到的是节点准入的要求,除此之外,还有独立于节点,应用层面的用户身份的管理要求。它包含如下内容:
1. 注册
2. 授权
3. 鉴权
4. 注销
节点准入是构建企业可信区块链的基础,在互信的网络中,交易更加容易审计和追踪。除此之外,对于技术决策也有正面的影响作用。
Corda的节点身份遵循X.509证书标准,这些证书由相同的根CA机构颁发,这些被根CA签过名的节点之间组成了一个互信网络。
Evan.network由AuthorityNodes组成,这些节点背后是真实的组织,在加入这个网络之前,各方需要签署Autority Node Operations Agreemeent (ANOA),ANOA设立了权利和义务,这部分工作是否标准化还有待考察。从技术层面上,evan.network虽然提出了利用ISO 9001证书建立节点互相网络的概念,但是具体实现并未提及,依然有待观察。
Corda提供的节点准入方案更加成熟,而evan.network在这方面的论述有些模糊,有潜在的风险。
用户准入是2C业务的基本要求,这包含验证用户身份的真实性,细化用户权限的粒度,用户的资产所有权。这部分内容在应用层面十分重要。
Corda原生并不支持用户的概念,也没有代表数字资产承载单元的钱包概念。不过,Cordite Cordapp提供了这部分功能的支持。Cordite设计中的DGL(Distributed General Ledger)提供了一种管理用户和数字资产的方式。有别于节点身份,用户身份是数字资产的持有单元,也就是说,数字资产(token)只能签发给用户。
为了克服Corda原生的缺陷,Cordite将节点身份(X.509)作为命名空间,在每个命名空间下创建独一无二的用户编号,据此生成全局唯一的用户身份。
这种折中的设计有好处也有坏处。好处是由于命名空间的存在,用户身份必须经由指定的节点才能创建出来。在互信网络当中,用户身份的真实性得以保障。坏处是由于数字资产的所有权最终反映到技术上是数字签名的有效性,这里的用户并不具备数字签名的能力,因为他们没有自己的私钥,所以严格意义上,数字资产的所有权归节点所有,而非个人。
不论是Corda还是Cordite,在用户的权限粒度方面都是欠缺的。在某种意义上,Corda自身的定位也不是2C方向,用户权限控制有可能并不是Corda的考虑重点。
目前,Cordite对于钱包的支持还不完善。
Evan.network从Ethereum fork而来,所以天然支持用户的概念,加上Ethereum强大的开发者生态,各种钱包类应用层出不穷,所以在用户原生和钱包支持上都是很强大的。
除了这些天然的优势,Evan.network还支持了更加丰富的身份信息,这类信息被概括成Profile,包含了:
1. Contacts
2. Data encryption key
3. The public key for generating a shared key for communication.
4. Bookmarked DAPPs
5. Created contracts
由于evan.network的用户准入是自由的,所以如何验证身份的真实性是一个需要解决的问题。我们知道,互信是为了链接,所以evan.network提出了三种解决方案。第一种是AddressBook,也就是用户可以手动添加联系人,即将其他联系人添加到当前的contacts中,这样就可以放心通信了。第二种是ISO 9001证书方式,这种类似Corda中X.509的解决方案,不过具体实现尚待考察。第三种是遵循ERC725[1]/ERC735[2]标准,两者目前还处于草案阶段,ERC725定义了身份代理,而ERC735定义了如何通过Claim验证ERC725定义的身份的合法性。
evan.network在用户权限控制方面提出了SCEP(Smart Contract sEcurity and Permissioning)的概念,通过构建智能合约支持了以下能力:
1. prevent malicious contract manipulation
2. prevent contract content from being illegally accessed by third parties
3. granularly define access and role definitions
这对于应用层控制权限的场景具有很积极的影响。
evan.network借助了Ethereum在2C方向上积累的成果,在用户准入,连接和权限控制方面比Corda更加完善,这对于smartVIN的下阶段目标的实施是利好的,付出的努力也会更少。
evan.network的节点准入机制不够完善,需要更多时间考察和验证。但更多的是,evan.network的用户准入机制比Corda更为全面和规范。
NFR in smartVIN context
The smartVIN platform provides traceability and finance around the vehicle identified by VIN. The ownership, possession and other properties of vehicle need to be traceable to form a complete transfer history for further auditing. With the ownership or possession being transferred between entities, for instance, wholesales happened between the dealer and MPC or retail sales between the customer and dealer. Things get more complex if DFS is involved. From development and modeling point of view, the programming model provided by platform should be strongly expressive to model complex business flow and financial transaction, able to explicitly verify financial constraints and so on.
With the involving of business the smartVIN platform will target, for instance, car to share or the best used car. The digital asset gets more various in those cases, they could be a share of time, possession and even a vehicle mileage. These require us to model asset in a standard way and consider how to enable people easy to verify the validity. So an easy way to model and query whole history(tracebility) for verification of asset transfer does really matter.
Corda提供State的标准模型,内置了很多金融合约,例如:Cash。除此之外,Corda提供很多实用的查询API,可以帮助开发者快速构建数字资产的溯源模型。
evan.network是一个通用联盟链平台,对于金融领域并没有特别的支持。另外,不论是ERC721还是ERC20标准,它们提供的查询接口都比较简单,对于溯源模型(按时间或者拥有者),完整的溯源路径难以获取。如果想要实现类似功能,需要借助发送event在链下构建。
evan.network在金融合约和溯源模型的支持上很匮乏,需要比较多的工作才能完成现有smartVIN的核心金融能力。另外,由于smartVIN平台下阶段的目标有赖于完善的溯源模型,所以evan.network在这方面也得进行大量改造工作。当然,evan.network借助Ethereum强大的生态,可以在2C端应用的构建节省大量时间,比如支持ERC20或ERC721的数字钱包。
NFR in smartVIN context
Different entities in the smartVIN platform only need to see exact transactions that they participate in because of data privacy. But smartVIN platform also need provide the capability to review transfers around vehicle like a vehicle observer node.
There is no single central store of data. Instead, each node maintains a separate database of known facts. The ledger is subjective from each peer’s perspective(Corda achieve better privacy through this mechanism). Two peers are always guaranteed to see the exact same version of any on-ledger facts they share.
Corda supports a variety of transaction data hiding techniques. For example, public keys can be randomised to make it difficult to link transactions to an identity. "Tear-offs" allow some parts of a transaction to be presented without the others. In future versions of the system secure hardware and/or zero knowledge proofs could be used to convince a party of the validity of a transaction without revealing the underlying data.
The evan.network is designed to be an open ecosystem based on Ethereum. Naturally, this means that transactions are visible on the whole network. But users have the ability to configure their transactions to withhold details and only the participants of it can encrypt and decrypt the content. So that, the other users in the network can only know the transaction took place, but never know what happened in itself.
evan.network利用密码学保证了的数据私密性,这和Corda的设计在物理上分离数据有所不同。不过,都可以确保用户对数据的所有权。
由于smartVIN平台要求可以审计每一笔交易,而作为一种去中心平台的evan.network在理念上和这种意愿是相悖的,所以我们无法设置一个类似Vehicle Observer Node参与到每笔交易,以此获取审计信息。不过,多重签名的技术或许能起到类似的效果,它要求每笔交易都要求多方进行签名,这其中就可以加入Observer Account。不过同样需要花费很多时间去改造平台自身才能支持这种意愿。
NFR in smartVIN context
Distributed Consensus is a fundamental problem in computer science. It is about how to reach agreement for a single data value among distributed processes. In the context of blockchain, consensus focus on the validation and ordering of transactions across different participants. In smartVIN platform, there’s limited participants and each participant require permission to join the network. Fraud may happen due to participant’s own business interest. So the consensus need to handle not only fail-stop fault(caused by hardware and software crash) but also Byzantine fault(human fraud in this case). Consensus mechanism also has an impact on transaction throughput and verification time. According to the Daimler business, the acceptable throughput is over 10 TPS(transactions per second) and latency is less than 1 minute.
Daimler sold about 3,270,000 vehicles in 2017. Here assume 100x transactions(ownership transfer and finance transaction across different participants in supply chain) behind each vehicle. The tps calculation formula is:
3,270,000 vehicles * 100 transactions / 365 days / 24 hours / 3600 seconds
≈ 10.4 transactions/second
Corda does not have a global ledger organized in block structure. In Corda, Notaries are responsible to guarantee consensus and expected to be composed of multiple mutually distrusting parties. To reach consensus, transactions just need to be sent through counterparties and Notaries instead of publishing to all the nodes. So Corda get quite high throughput(170 TPS between 2 parties) and nearly-real-time confirmation latency compare with blockchain structure based technology. From a performance point of view Corda is capable to support current business scale.
Notary may be a single network node, a cluster of mutually-trusting nodes, or a cluster of mutually-distrusting nodes. Notary service could choose consensus protocol based on trust environment. Corda has “pluggable” consensus to support different trust level. In high trust environment Corda could use Raft protocol(crash tolerance only) to pursue high performance. Between low trust participants, Corda provide BFT protocol to provide fraud tolerance capability.
Evan Network is a publicly accessible blockchain based on Ethereum and its current consensus protocol is Proof of Authority(PoA). The performance of this network, according to its promise, the maximum amount of transactions per second is 950 only when using a minimum amount of gas. And 3 seconds as a minimum block creation time.
Since almost every public blockchain, for now, is using economic games, such as PoW, etc. as consensus. Evan Network uses PoA as its algorithm has some benefits:
By using PoA there’s no more competitive mining for other common identities.
New blocks can only be signed by AuthorityNodes who are well-known nodes in blockchain network, so it’s possible to block 51% attacks at the very beginning.
By using AuRa it’s possible to achieve high throughput and only 3 seconds block time.
evan.network和Corda在共识机制上都通过将共识节点降低的方式达到更高的吞吐量,在交易确认时间上,evan.network大概需要3秒,甚至更多,这取决于产生多少区块才算确认,所以交易延迟要高于Corda。不过,它们都能满足目前smartVIN的交易频率。
NFR in smartVIN context
smartVIN is designed as a blockchain PaaS which requires cloud native engineering and operations support. Nodes should have failover mechanism to guarantee high availability of smartVIN platform. Meanwhile platform requires complete monitoring mechanism to monitor the status of the system at different levels. Specifically, smartVIN platform requires capability to capture business exception for further diagnosis.
Corda Notaries as a network have availability assurance based on Raft/BFT consensus protocol. For transactional nodes current implementation does not have high availability features. there is no implementation for high availability features.
Corda is deployed on the JVM which provides out of the box for rich monitoring via JMX. This is an industry standard and provides many basic statistics that can be captured such as memory and cpu usage. There are many monitoring solutions available, even as SAAS such as New relic. JMX also allows for the reporting of custom statistics. It is possible therefore to add any number of interesting system and business metrics into the monitoring stack.
Evan.network as a peer-to-peer network have high availability for nature. For specific node there is a predefined SLA signed on Authority Node Operations Agreement (ANOA).
With truffle framework and the provided basic smart contracts template, testing and developing a DAPP is straight and easy enough. That all are benefits from Ethereum ecosystem.
Parity, same as geth, the efficient client of Ethereum was adopted by evan.network, provides capability to access log and metrics for monitoring.
evan.network在节点的高可用性上具备天然的优势,而Corda的高可用方案目前只包含在企业版本里,如果要改造开源版本需要更多的工作量。不过,由于Corda根植在JVM生态中,所以通用的日志和监控标准十分健全,而且周边的辅助工具非常丰富。evan.network根植于Ethereum的生态中,所以周边工具也在持续发展当中,只是这个过程较为迟缓。
NFR in smartVIN context
The smartVIN is open platform which would be built on full Open Source Blockchain or DLT technology without any license issue for business. And also, the maturity of this technology should be taken into consideration including the scale of community and the activity of committees.
The Corda project is licensed by Apache 2.0. On the community activity, Corda has 600+ forks and 2500+ stars on github. Active issues and Pull Requests is closed and merged frequently enough.
evan.network uses the AGPL-3.0 protocol (GNU Affero General Public License v3.0). In community activities, evan.network has a lower level of attention, and the Github has a small number of Stars (evenly only one Star). Google and StackOverflow search for keywords "evan network" returns a little relevant results.
Corda和evan.network的License都可以商用,不过在社区支持方面,Corda明显优于evan.network,而且evan.network开源出来的代码仓库活跃提交量很少,这对于一个开源项目而言是非常不好的趋势。我们很怀疑在smartVIN的迁移过程中,evan.network能否基于及时和可靠的支持。
evan.network在Permission Management方面具有很大的优势,在Consensus Mechanism方面和Corda旗鼓相当。这两方面迁移成本比较小。在Transaction Pravicy方面,evan.network略逊于Corda,不过迁移成本并不大。
evan.network在Programming Model、Operation Support以及License and Community方面劣势很明显,需要在时间和人力投入很多。