R3 has hosted its first CordaCon event in London, just before the release of Corda version 1.0 at the end of this month.
Introducing the event, R3 lead engineer Richard Gendal Brown said Corda 1.0 is an important mark in the sand for the banking consortium, providing API stability for a growing army of developers. He also announced the expected release of the first enterprise version at the end of the year, which will feature things like Intel SGX, enhanced DLT performance and greater disaster recovery capabilities.
Privacy was going to be a governing theme for the day: lead platform engineer Mike Hearn had arranged a compare and contrast between SGX and zero knowledge proofs, while Intel and Microsoft were on hand to talk in detail about architecture. There was also going to be a discussion with demo around cash, and specifically the challenge of multiparty netting on distributed ledgers.
Simon Johnson, Intel's SGX program architect, began by looking at trusted execution environments in some detail. SGX changes the memory architecture of computers, he said, leveraging an "Enclave Page Cache Map" (EPCM), a protected structure used by the processor to track the contents of the EPC.
Mike Hearn clarified that developers building apps for Corda would not have to delve into the fineries of SGX; R3's engineering team have gone to some lengths to implement the JVM inside the enclave. "So you don't have to do anything. This is what we are shielding you from," said Hearn.
R3's relationship with Microsoft has always been strong and is now deepening, said Marley Gray, principal architect, Azure Blockchain Engineering, Microsoft. Ethereum remains by far the most popular thing people want to spin up on Azure, something of "a rite of passage".
"We also have to support Fabric," added Gray, "and we see a lot of things like hackthons happening. But for PoCs it's a no-brainer. You will see a lot more R3/Azure templates going forward."
Gray explained Microsoft's middleware approach vis-à-vis underlying blockchains and also said the roadmap for shipping the oracles or cryplets that connect to smart contracts was this calendar year.
As well as useful side offerings like identity and key management, Gray touched on the intriguing idea of blockchain data lakes, in conjunction with machine learning and AI. Referring to public chains more than enterprise, he said: "With the data visibility you get with Ethereum and Bitcoin, who knows what we are going to learn? This is going to be big – we just don't know how big."
Mike Hearn began his talk, "Decrypting the future of privacy with ZKP, SGX" stating that what distributed ledgers are trying to do is a paradox; you want to show but you don't want to tell.
Zero knowledge proofs, where the proofs themselves are visible to everybody but what's being proved is invisible, have a downside in terms of their computational burden. Hearn pointed out that current DLT deployments only work for crypto-assets, such as Z-cash, so smart contracts are out for the time being.
He also flagged up the complexity of attempting to express business logic in terms of equations. "Good luck with this," he said, showing the room a code sample.
Research into this area of cryptography is moving in a risky direction, warned Hearn, as proofs based on new assumptions are pushed along much faster than the usual 10-20 year period of mathematical pondering.
"Zero knowledge proofs were immediately branded 'moon math' for a reason. It's not usual for me to ask that people innovate less fast, but there have been mistakes in the mathematics. I do want to see this succeed because it will make society better," he said.
Drilling down, R3 engineer Konstantinos Chalkias said the discovery of succinct signature size of 288 bytes changed everything in the ZKP world. However, these and other forms of cryptography will not survive the "quantum apocalypse".
"Shor's algorithm can break existing cryptography with less than 2000 qubits. This is a problem for public blockchains," said Chalkias.
He pointed out that the expected risk of RSA and elliptic curve cryptography being broken is 15% by 2026, which jumps to 50% by 2031.
"Corda supports the SPHINCS algorithm so we are prepared for the quantum apocalypse," he said.
A mere handful of people working at banks have actually thought about how to do multiparty netting on distributed ledgers. As well as trade-offs between settlement frequency and settlement efficiency, there's a question of whether efficient netting can be done in a completely decentralised manner.
Some experts believe you have to temporarily centralise an aspect of the algorithm in order to perform the equivalent of a batch exercise, for example, which entails passing control to a trusted entity for a short while – a broadly-trusted node on the distributed ledger or a trusted oracle.
R3 deals with financial use cases using a concept of flows, which don't just change the state of the ledger, but also chart the complex dance between parties that leads up to that point.
Corda models cash as IOUs against banks, and it's these obligations which are being settled. Achieving atomicity with payments of cash and netted obligations began by setting out certain requirements, said Dave Hudson, director, Solutions Architecture at R3.
For instance, participation in the netting cycle would be optional; everybody gets to choose how much cash they want to put in the netting solution. It also needed to be fast, and you can't "stop the world", the system has to keep running and never end up incomplete.
Hudson said: "We use flows; lots of flows. From a high level, it can be broken down into a detect phase and an execute phase.
"Any node can start a scan; talk to neighbours it has obligations with, payments they would like to go in the netting cycle (we use pseudonyms)."
All the information about the different payments to be settled is computed. All participants must agree and their signatures gathered for this to work; if not, the flow will fail and nothing will happen.
"Corda's flows framework and consensus mechanism do this single transaction. Corda flows are powerful building blocks. This isn't really a finance problem, it's a network problem," said Hudson.
He gave a demo of a netting transaction, adding that the whole thing involved a relatively small amount of code, under 1,000 lines.
"It's complex and compact and avoids using a single trusted node which would be a single point of failure."