Installation and usage of the platform
Confidential data exchange¶
The Waves Enterprise blockchain platform allows you to restrict access to certain data placed on the blockchain.
To do this, users are combined into groups that have access to sensitive data. One user can be a member of more than one such group. Any member of the group can distribute data to other members of the same group without the data being disclosed to the rest of the blockchain.
Confidential data is transmitted within a group on a peer-to-peer basis. It is not the data itself that is sent to the blockchain, but only the hash of the data. Confidential data is not stored in the blockchain state.
Important
If you are transferring confidential data on your private blockchain network, in order to upgrade from versions older than 1.7.2, you must first upgrade to version 1.7.2 and then to version 1.8 or higher. This requirement is related to the private data exchange protocol modification.
Important
You can also restrict access to data at the smart contract level. For this purpose, confidential smart contracts are implemented on the platform.
Creating a confidential data group¶
Any member of the network can create a confidential data access group (policy).
There are two roles in the group:
recipient – is a member of the data exchange; he can read data from the group and send data to other members of the group;
owner – the administrator of the group; in addition to accessing confidential data, he can change the composition of the group members.
Before you create an access group, decide on the list of members that will be part of it.
Then sign and submit the 112 CreatePolicy transaction:
In the
recipients
field, enter the comma-separated addresses of participants who will have access to confidential data.In the
owners
field, specify the addresses of the owners (administrators) of the access group, separated by commas.
For example:
policyName: "Private data exchange 1"
description: "This group is made to share private data..."
recipients: [
"3AqTkL47j..."
"5GdYrt9fD...."
]
owners: [
"8FhBlR12g..."
]
fee: ...
timestamp: ...
When you send the transaction, you will receive the transaction ID of the signed CreatePolicy transaction; the same ID is the ID of the created access group (policyId
). You will need it later to change the composition of the group members.
Once a transaction is sent to the blockchain, all participants registered in the created access group will have access to the confidential data sent to the network.
As the creator of the transaction, you will be able to change the composition of the group, as will the participants added to the owners
field.
Updating a confidential data group¶
To change the membership of an access group, the group owner signs and submits the 113 UpdatePolicy transaction:
In the
policyId
field, enter the identifier of the access group to be changed.In the
opType
field, enter the action to be performed on the group:add
– add members;remove
– delete members.
If you want to add or remove members of an access group, type their public keys in the
recipients
field.To add or remove access group owners, type their public keys in the
owners
field.
Access group information is updated after a transaction is sent to the blockchain.
Only the members of a confidential data group added to the owners
field during the group creation, as well as its creator himself (group owners) can change the composition of the confidential data access group. If there is more than one owner in a group, each owner can change the group independently. That means one signature in the 113 UpdatePolicy transaction is enough.
When a new member is added to an access group, he can request access to all of the confidential data sent to that group earlier.
Confidential data storage¶
To receive and send confidential data, you must configure the confidential data storage. Use the privacy section of the node configuration file for this purpose.
On the Waves Enterprise blockchain platform you can use the following types of storage for confidential data:
PostgreSQL (version 8.2and higer)
Note
Regardless of which storage type is selected, a single data format is used. Thus, members of the same group can use different types of storage.
Once the storage is set up and the group is created, you can send confidential data.
Sending confidential data into the network¶
Use the following methods to send confidential data into the network:
gRPC methods
REST API methods
With the POST /privacy/sendData and POST /privacy/sendDataV2 methods, you can send data up to 20 megabytes. Use the POST /privacy/sendLargeData method to send data larger than 20 megabytes.
When confidential data is sent, its hash is sent to the blockchain network in a separate transaction. Group members can poll other members of the same group after receiving such a transaction.
These methods require authorization.