A digital token is a software representation that encodes the properties of real-world assets, be they physical or digital, tangible or intangible in asset monitoring systems called token or asset exchange systems. For example, a token can represent a financial asset, e.g., a bond, in the financial services world or a physical object that changes owner and custodians in a supply chain context. The lifecycle of a token starts with issuance, which represents the introduction of the respective asset into the digital system, and ends with redemption, which signifies the asset’s exit from the system. In between, the token can change ownership. Token exchange systems, by nature, involve multiple (potentially mistrustful) parties: if Alice transfers the ownership of a token to Bob, it is natural that Bob only accepts the token if he is assured of its validity (i.e., the token has value and will be accepted by others).
Digital Assets and Blockchain-Enabled Tokenization
In the presence of a central authority, token validity checks are straightforward. On the downside, all participants have no choice but trust the central authority. Blockchain, on the other hand, allows token systems to operate in a fully decentralized fashion; valid tokens are those that the blockchain as a whole deems so. The blockchain ensures that a token operation takes place only if it complies with the rules that the participants agreed upon. The validation of transactions is transparent, and participants can for themselves check what rules are being enforced. The added transparency fosters trust in the institutions and entities running blockchain systems. The caveat though is privacy. Token applications handle sensitive information. In the case of retail payments, transactions reveal the purchasing habits of the users. In the case of wholesale payments, transactions reveal payment volumes between two banks. If we take the supply chain, the transactions on the ledger can leak the internal business processes of a company. It is therefore essential that blockchain-based token systems are designed with privacy as a first-class citizen. Token systems should ensure that a transaction does not reveal any information about the identity of its origin nor its content. While there already exist solutions (leveraging zero-knowledge proofs and obfuscation techniques) that address these privacy issues, they are tailored for the permissionless setting, where there are no accountability or audit requirements. However, prominent enterprise token applications (e.g., central-bank digital currency or bond trading platforms) are governed by strict regulations such as KYC, AML, CFT, and any perceived failure to comply (even unintentional) is penalized.
IBM Research aims to offer enterprise token exchange systems that support both privacy and auditability without sacrificing performance. Our design decisions are informed by real-world use-cases and input from industry leaders. As a result:
- The platform of choice is Blockchain, and Hyperledger Fabric (HLF) in particular, which we extend with token capabilities. HLF is an open-source permissioned blockchain designed with strong identity management and accountability, making it a well-suited platform for central-bank digital currency, bond trading applications and the supply chain.
- We are building Fabric Token-SDK, a middleware component, that facilitates the development of token applications on top of HLF in a transparent fashion.
- We leverage Zero-Knowledge Proofs to check the validity of transactions without accessing their content. We also design solutions based on Confidential Computing that can be used when the technology is available and ZKPs are deemed too expensive. Another use of Confidential Computing that we are investigating is infrastructure hardening and its applications to securing token custody systems.
- Anticipating clients’ needs, we plan to leverage the expertise of IBM Research in quantum-safe cryptography to design token systems for the post-quantum world.
The goal of this series of projects is to bridge the gap between theory and practice when it comes to enterprise token exchange systems. To that end, we adopt a top-down approach where we let use-cases drive the requirements for full-stack solutions. More specifically, we work with domain experts to extract real world requirements on the privacy, regulation compliance and performance of a token exchange application (e.g., wholesale / retail CBDC), and assess existing or invent new cryptographic protocols to accommodate these requirements on the application level. To ensure an optimal solution in terms of tradeoffs between security/transparency/resilience and performance/scalability, we evaluate the fit or extend the capabilities of different architectural approaches to this end, i.e., legacy - centralized platforms or decentralized/blockchain ones.
This methodology allows us to test the viability of the developed technologies in real-world settings, and accordingly, adapt our solutions if the need arises.
Our technology builds on the following components
Hyperledger Fabric (HLF) - Platform
A permissioned blockchain that relies on BFT consensus and pre-order execution with the potential to scale to 10s of thousand of transactions per second. It comes with strong identity management that ensures that only enrolled parties submit transactions and that a party cannot deny misbehavior upon detection.
Fabric Token-SDK - Middleware
A tokenization toolbox with built-in support for privacy, compliance, and interoperability. The goal of the Token SDK is to allow developers to orchestrate distributed token applications in a transparent manner. Developers need not worry about the inner workings of HLF or how to implement privacy or audit primitives. Instead, developers can focus on developing their business applications in the way that best fits their needs.
Zero-Knowledge Proofs (ZKPs) allow privacy-preserving validation of token transactions. Notably, they ensure that a transaction is only accepted if it does not violate the system invariants. However, used naively, ZKPs add considerable overhead to transaction generation and transaction verification. To be adopted, privacy-preserving token systems should incur minimal overheard not to impact the user experience. Hence, for throughput-hungry applications (e.g., retail CBDC), we combine layer 2 solutions with ZKPs, in such a way that the overhead from ZKPs become negligible when amortized over all layer 2 transactions.
Confidential Computing (CC) ensures the integrity and confidentiality of sensitive data by leveraging hardware-aided enclaves that isolate programs and their data from (potentially malicious) host systems. This reduces exposure to administrators’ compromises and malicious exploits.
With these characteristics, CC provides an avenue to process token transactions in a secured environment, while ensuring that transaction content remains encrypted at rest and transit (no one accesses transaction information).
Another area where CC is prominently useful is infrastructure hardening. In the context of token systems, secure token custody is vital to safeguard against token loss or theft. Without it, enterprise token systems risk low adoption, or if they are adopted, increased liability.
Fabric Token SDK
Fabric Token SDK is an open-source project that helps developers create token-based distributed applications on Hyperledger Fabric and Orion. Fabric Token SDK supports what we call enterprise privacy, which strikes the best balance between privacy, auditability, and compliance.
Central-Bank Digital Currency
Euroclear and Banque de France wholesale CBDC experimentation
This experimentation assessed the viability of blockchain as enabling technology for post-trade capital market settlement operations in CBDC for French Sovereign Debt Securities. Hyperledger Fabric was chosen as the platform for both CBDC operations and Securities trade and Fabric Token SDK was used to orchestrate CBDC issuance, transfer, and redemption.
Crypto Anchor Platform
Crypto anchors are a wide range of technologies for securely authenticating physical objects such as branded products, safety-critical spare parts, collectibles, or luxury goods. The authentication technologies largely depend on the nature of the physical object they are tuned to protect and range from holograms, random patterns, and DNA to cryptographic RFID tags, to leather surfaces, and chip memories.
Crypto anchors come as a necessary safeguard for digital representations of physical objects/assets, allowing the secure connection of the physical object to its digital twin. Non-fungible tokens (NFTs), that are realizable through the Token SDK, require such an extension to ensure that the tokens in the system represent authentic assets.
The blockchain-based Crypto-Anchor Platform establishes interoperability between different crypto anchor technologies in the context of the same or different (blockchain) applications referring to NFTs, as well as a trusted record of physical object authentication sessions. Moreover, the Crypto Anchor Platform can verify who owns each protected object, and give the owner access to third-party data, services, and experiences around the object, including quality certifications, maintenance records, premium branded content and marketplaces. Taken together, this solution bridges the gap between the physical and the virtual world.
Fabric Private Chaincode (FPC)
Hyperledger Fabric Private Chaincode enables the execution of smart contracts using Intel SGX in Hyperledger Fabric.
While the transparency and resilience of blockchain platforms ensure the integrity of applications on top, they are generally at odds with the privacy requirements of end users. To remedy this, FPC uses Confidential Computing technology, in particular Intel Software Guard Extensions (SGX), to protect the privacy of smart contract data and computation from potentially untrusted participants. This project provides a framework to develop and execute HLF chaincode (smart contract) within a protected environment. This framework allows for the development of HLF applications whose data is encrypted onchain and can only be accessed in the clear by authorized parties.
Fabric private chain code on GitHub
Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza, Alessandro Sorniotti: Trusted Computing Meets Blockchain: Rollback Attacks and a Solution for Hyperledger Fabric. 38th Symposium on Reliable Distributed Systems, SRDS 2019.