Today Hyperledger announced a new cryptography library called Project Ursa. The goal is to enable the cryptography code to be shared by Hyperledger blockchain projects and others. Cryptography is core to blockchain. It’s used to prove that a block is part of a chain and for many other purposes.
Hyperledger, part of the Linux Foundation, now has eleven enterprise projects. While many use the same low-level cryptographic algorithms and common core libraries, at the blockchain software level they each rolled their own implementations.
The aim is for cryptographic functions to be easily callable in a standard way from the Ursa cryptography library using APIs.
As a potentially common component across multiple blockchains, Ursa promotes the concept of modularity. For future new blockchain projects, having a drop-in library should avoid code duplication. Even for existing projects, after they’ve migrated to Ursa, their maintenance effort should be reduced.
Cryptography is one of those areas where some but not sufficient knowledge can be dangerous. With less code duplication and expert cryptographers, there should be enhanced security. And sharing the code should make cross-platform interoperability simpler.
Not reinventing the wheel
The first main subproject is a base cryptographic library that includes standard functionality. There are no raw implementations, but rather wrappers for existing code libraries such as Apache Milagro Crypto Library (AMCL). It’s a convenient API.
Initially, the focus is a shared modular signature library. Hence blockchain developers can easily change signature schemes or use more than one. Currently, it’s a work in progress. There are plans to extend this to common cryptographic algorithms, for example, hash algorithms with different performance characteristics.
As with most Hyperledger projects the maintainers are drawn from a cross-section of organizations. These include the Sovrin Foundation, Evernym, Intel, Bitwise, DFINITY, and the Linux Foundation.
A second project called zmix is a generic implementation for Zero-Knowledge Proofs (ZKP). Although people use ZKP, it’s not standardized compared to what’s included in the base library. Hence it was separated. Also, most users will need the base crypto library, but only some will want the ZKP features. Likewise, on the development side, the separation reduces the number of people who need to be on conference calls.
In the future, there may be other libraries like zmix which are based on semi-trusted implementations.
Research
There’s also a cryptographic research aspect which will remain within Hyperledger’s Labs rather than part of the main Ursa project. A hypothetical example of their theoretical work is a more efficient ZKP protocol which has been published, peer-reviewed and coded in an algorithm. The maintainer team consists of three DFINITY employees and Hart Montgomery from Fujitsu who is also the Project Ursa maintainer.
Ledger Insights asked whether the research team could suffer from “group-think” because several team members are from the same company. Montgomery replied via email: “There are very few theoretical cryptographers working in the permissioned blockchain space.”
“Ideally, we would like to have more cryptographers involved but, quite frankly, we are very lucky to have the group that we do and I think that the current group is more than capable. I’m not really worried about “group-think” — the DFINITY team is a group of very accomplished cryptographers, and they collaborate extensively with outside researchers.”
Who’s using it
Self-sovereign identity project Hyperledger Indy plans to adopt Ursa soon. It’s expected Hyperledger Fabric will use the zero-knowledge proofs aspect by the first quarter of next year. Hyperledger Sawtooth will move towards Ursa in the future. There have been discussions with the Burrow and Iroha projects, but no firm commitments as yet.
There’s potential for Ursa to look a little confusing for a while. Each project is being encouraged to add their own crypto library to Ursa. Which means initially there will be code duplication where different projects implement the same functionality. Over time implementations will merge.
Another aspect of who might use Project Ursa relates to standards. The U.S. Standards Institute is government department NIST. But for example, Russia uses different cryptographic standards, and there’s already been a separate implementation of Ethereum that uses Russian GOST standards.
“We plan on supporting multiple standards. We want people to be able to (securely) configure cryptography in order to best fit their needs,” Montgomery elaborated.
“Users will be able to make sure that any standards they need will be “pluggable” into Ursa. Supporting multiple block ciphers is, in fact, one of the examples we had in mind, and we plan on doing just that.”
Project Ursa will be officially unveiled at the Hyperledger Global Forum which takes place in Basel, Switzerland on 12-15 December. Ledger Insights is a media partner, and the following code will provide a 20% discount: HGF18LEDGER
