NSFW? Microsoft tries to make blockchains work-appropriate

With bitcoin near all-time highs, it’s easy to forget how much time and money the financial industry has spent in recent years trying to appropriate the digital currency’s underlying technology.

Executives at banks and other companies have sought to borrow the basic idea of an immutable, distributed ledger where one version of a set of data is shared among several parties, with no need for middlemen. Banks see a way to save money and have fewer disputes, more transparency, faster agreement on and execution of contracts, and better traceability.

But they also have a long list of concerns and demands such technology would need to meet to be acceptable in a heavily regulated industry: security, data privacy, reliability, speed, control, performance and scalability among them.

A host of vendors and organizations have been working feverishly to satisfy these demands and to produce a version of distributed ledger technology banks could feel comfortable using, including IBM, Microsoft, R3, the Hyperledger Project, and Digital Asset Holdings.

The vendor that can provide distributed ledger that’s enterprise-ready will have many deep-pocketed companies beating a path to its door.

Microsoft announced Thursday its effort to provide these missing pieces around distributed ledger technology. It’s called Coco Framework — the name Coco stands for confidential consortium — and it will be posted to Github as an open source project in early 2018.

(Microsoft wants to be perceived as a thought leader in this space. And though blockchain nodes run by Coco don’t have to run in Microsoft’s Azure, they can, so Microsoft hopes Coco will give its cloud computing business a boost.)

Significantly, JPMorgan Chase — an early innovator in this space that’s developed its own Ethereum-based blockchain, Quorum — Intel, bank-backed distributed ledger company R3 and supply chain company Mojix (which has blockchain technology for the retail and supply chain industry) have thrown their support behind it. Work has already been done to integrate the public Ethereum blockchain with it, as well as Quorum, R3's Corda, and the Hyperledger Sawtooth.

"Information sharing is what powers business at this point," said Amber Baldet, executive director and blockchain program lead at JPMorgan Chase. "We see a lot of opportunity in mutualization of infrastructure and being able to share information not only quickly but with a high degree of security and trust in the veracity of that information. Blockchain and distributed ledger help us do that.”

In financial services, she said, “there's the added opportunity to transfer value and digital assets across these systems, which could revolutionize the way banking and capital markets and all our payment systems work in the future."

Amber Baldet

Quorum, JPMorgan Chase's open-source blockchain project, has its own answers to security, privacy and performance. But in the hopes of making Quorum appealing to as many people as possible, Chase’s Quorum is offering integration with Coco. (While Quorum itself is free, open-source software, the applications the bank is writing for it are not. The more useful Quorum is to organizations, the more opportunity JPMorgan will have to sell software.)

R3 is also integrating its Corda distributed ledger platform with Coco.

What's in the Coco Framework

The Coco Framework creates a trusted network of distributed nodes, a little like bitcoin’s mining nodes but without the electricity-guzzling process of mining. This network maintains a distributed key value store, using the RAFT protocol. Communication between applications and nodes and between nodes are secured with Transport Layer Security authentication.

At the heart of the Coco Framework is what Microsoft calls a Trusted Execution Environment — a secure container of sorts for code, data and transactions that can be based on hardware (such as Intel’s Software Guard Extensions) or software (e.g. Microsoft’s Virtual Secure Mode). Members of a Coco network run validating nodes in which instances of the blockchain are run within a protected enclave of the TEE.

The Coco Framework also provides a constitution, meaning a complete expression of network policies: which members are allowed, who are the members in this network, what are the nodes in this network, what versions of software could be running on the Coco Framework. The constitution is managed through distributed voting.

Microsoft and its partners set out to address several perceived shortcomings of the bitcoin blockchain that its clients had noted.

One is speed, or more correctly, the lack of it. Throughput on the Ethereum blockchain is around 10 to 20 transactions per second. Banks and other large businesses often need to process thousands of transactions per second, pointed out Mark Russinovich, chief technology officer for Microsoft Azure.

And latency, or data transmission delays, in the Ethereum blockchain can be tens of seconds or even minutes — too long for many businesses to tolerate. In trading, for instance, latency is measured in milliseconds — thousandths of a second.

The slowness and delays on Ethereum are caused by the distributed consensus algorithms, according to Russinovich.

"No party trusts anybody else, so that requires a very distributed consensus algorithm to take place and it requires the parties to prove they're trustworthy," Russinovich said. "In many cases, that's through mining where you start to introduce latencies."

To speed things up, the Coco Framework abandons the concept of mining and the distributed consensus algorithm.

"All the parties trust the code that's in the trusted execution environment and trust the TEE to protect the confidentiality of that code and data," Russinovich said. "They can achieve centralized database levels of transaction latency and throughput."

In a demo, the Microsoft team showed 1,700 transactions per second running over a Coco network.

The second challenge they addressed was confidentiality. Banks, for instance, don't want their peers to see all the payments they're processing on a shared ledger.

"On today's blockchain systems, it's very difficult to provide that kind of confidentiality," Russinovich noted. "People have to implement very complex systems of cryptography to try to hide what's behind the transactions."

The TEE, he said, provides confidentiality.

"What you've got running inside the TEE is not visible to anybody outside and so once you put the code and data inside that with the system around that, confidentiality becomes just an access control problem. Who's authorized to see the decrypted data?” Russinovich said.

“You can make it so parties in a bank consortium can't see any transactions but their own, but the auditor can come and see transactions at the banks that they're overseeing and regulating.”

In short, "parties on the outside can't see what's going on inside, only the party that's got the code and data can see it," Russinovich said.

A third aspect of blockchain technology that businesses balk at is the way members are allowed in. Anyone can use a public ledger.

The Coco Framework leverages code inside the TEEs to provide governance for the network, including voting new members in.

COCOchart.png

"If someone is proposing a new member for admission, instead of some out-of-band process, that can be handled through a vote directly into the blockchain," Russinovich said. "Those votes appear as transactions and the admission of a new member appears as a transaction and update to the constitution of the network and then that member is able to join.”

According to Rick Echevarria, vice president of the software and services group and general manager of platforms security at Intel, the key thing Coco provides is trust.

“Most people base the business case for blockchain on the pure efficiencies this type of model can enable,” Echevarria said. “But for you to do that, you have to build something called trust — a lot of people in the industry call blockchain the equivalent of a trust protocol. How do you make trust happen? Data governance and confidentiality.”

Baldet at JPMorgan acknowledged the financial services industry still has a ways to go before it’s ready for blockchain.

“Enterprise adoption and transformation of existing industries doesn't happen just because a technology falls in people's laps,” she said. “We're spending more time thinking about what market transformation means. The first things we see move to production will probably be more lift-and-drop of existing market models leveraging the new technology to achieve additional efficiency.”

Over the longer term, it should lead to real transformation and new products, she said.

“Within a highly regulated industry like finance or healthcare, those changes are going to be relatively slow,” she said. “We can build demos and prototypes, but it’s not just winning hearts and minds, you need to also engage with regulators and lawyers and your peers in the market to agree on a solution and that takes time.”

JPMorgan Chase’s Quorum is a permissioned variant of Ethereum that has private smart contract execution, a software enclave, and a key distribution system.

Chase has been running an intrabank payments settlement system built on Quorum since November. The pilot is running parallel with the bank’s existing production system, to make sure Quorum matches its performance. Baldet said so far, it does. It’s being used in other pilots, for instance for a capital markets application.

Some companies will want the extra security proffered by Coco, Baldet said.

“It depends on the use case. If you have a high-value payment and you want to make sure that has a higher degree of security than normal, or you want to ramp up performance while keeping higher security guarantees, Coco could act as a turbocharger.”

For reprint and licensing requests for this article, click here.
Blockchain Distributed ledger technology Bank technology JPMorgan Chase Microsoft
MORE FROM AMERICAN BANKER