第6章 Hyperledger Fabric模型

This section outlines the key design features woven into Hyperledger Fabric that fulfill its promise of a comprehensive, yet customizable, enterprise blockchain solution:

• Assets - Asset definitions enable the exchange of almost anything with monetary value over the network, from whole foods to antique cars to currency futures.
• Chaincode - Chaincode execution is partitioned from transaction ordering, limiting the required levels of trust and verification across node types, and optimizing network scalability and performance.
• Ledger Features - The immutable, shared ledger encodes the entire transaction history for each channel, and includes SQL-like query capability for efficient auditing and dispute resolution.
• Privacy through Channels - Channels enable multi-lateral transactions with the high degrees of privacy and confidentiality required by competing businesses and regulated industries that exchange assets on a common network.
• Security & Membership Services - Permissioned membership provides a trusted blockchain network, where participants know that all transactions can be detected and traced by authorized regulators and auditors.
• Consensus - a unique approach to consensus enables the flexibility and scalability needed for the enterprise.

本节概述了编入Hyperledger Fabric结构的关键设计特征，它实现了全面的、可定制的企业级区块链解决方案:

• 资产——资产定义使得几乎任何可货币化的东西都可以通过网络交换，从食物到古董车，再到货币期货。
• 链码——链码执行从交易排序中分离出来，限制了跨节点类型的信任和验证级别，并优化了网络的可伸缩性和性能。
• 账本特性——不可变的且共享的账本为每个通道编码整个交易历史，并且包括高效审计和纠纷解决的类sql的查询功能。
• 通过通道进行的隐私保护——通道使具有高度隐私和机密性的多边交易成为可能，它是竞争企业和受监管行业在公共网络上交换资产所必需的。
• 安全与成员服务——授信成员提供了一个可信的区块链网络，在该网络上，参与者知道所有的交易都可以被授权的监管机构和审计人员发现和追踪。
• 协商一致——一种独特的协商一致的方法可以为企业提供所需的灵活性和可伸缩性。

Assets

Assets can range from the tangible (real estate and hardware) to the intangible (contracts and intellectual property).
Hyperledger Fabric provides the ability to modify assets using chaincode transactions.
Assets are represented in Hyperledger Fabric as a collection of key-value pairs, with state changes recorded as transactions on a Channel ledger. Assets can be represented in binary and/or JSON form.
You can easily define and use assets in your Hyperledger Fabric applications using the Hyperledger Composer tool.

资产

资产范围可以从有形资产（房地产和硬件）到无形资产（合同和知识产权）。

Hyperledger Fabric提供了使用链码事务修改资产的能力。

资产在Hyperledger Fabric中表示为键值对的集合，状态更改被记录为通道账本上的交易。资产可以用二进制或JSON形式表示。

您可以使用Hyperledger Composer工具轻松地定义和使用你在Hyperledger Fabric应用程序中的资产。

Chaincode

Chaincode is software defining an asset or assets, and the transaction instructions for modifying the asset(s). In other words, it’s the business logic. Chaincode enforces the rules for reading or altering key value pairs or other state database information. Chaincode functions execute against the ledger’s current state database and are initiated through a transaction proposal. Chaincode execution results in a set of key value writes (write set) that can be submitted to the network and applied to the ledger on all peers.

链码

链码是一个定义资产,以及修改资产的交易指令的软件。换句话说，它是业务逻辑。Chaincode强制执行读取或修改键值对或其他状态数据库信息的规则。链码函数针对账本的当前状态数据库执行，并通过交易提案初始化。链码执行的结果是一组键值写入（写集），他可以提交到网络，并将其应用到所有对等节点的账本上。

Ledger Features

The ledger is the sequenced, tamper-resistant record of all state transitions in the fabric. State transitions are a result of chaincode invocations (‘transactions’) submitted by participating parties. Each transaction results in a set of asset key-value pairs that are committed to the ledger as creates, updates, or deletes.

账本功能

账本是fabric中所有状态变换的有序的、防篡改的记录。状态转换是参与各方提交的链码调用（交易）的结果。每一个交易都会产生一组资产键值对，这些键值对用于创建、更新或删除账本。

The ledger is comprised of a blockchain (‘chain’) to store the immutable, sequenced record in blocks, as well as a state database to maintain current fabric state. There is one ledger per channel. Each peer maintains a copy of the ledger for each channel of which they are a member.

账本由存储不变的、顺序记录的区块链和维护当前fabric状态的状态数据库组成。每个通道有一个账本，每个对等节点为他们是其成员的每个通道维护一份账本的拷贝。

• Query and update ledger using key-based lookups, range queries, and composite key queries
• Read-only queries using a rich query language (if using CouchDB as state database)
• Read-only history queries - Query ledger history for a key, enabling data provenance scenarios
• Transactions consist of the versions of keys/values that were read in chaincode (read set) and keys/values that written in chaincode (write set)
• Transactions contain signatures of every endorsing peer and are submitted to ordering service
• Transactions are ordered into blocks and are “delivered” from an ordering service to peers on a channel
• Peers validate transactions against endorsement policies and enforce the policies
• Prior to appending a block, a versioning check is performed to ensure that states for assets that were read have not changed since chaincode execution time
• There is immutability once a transaction is validated and committed
• A channel’s ledger contains a configuration block defining policies, access control lists, and other pertinent information
• Channel’s contain Membership Service Provider instances allowing for crypto materials to be derived from different certificate authorities

See the Ledger topic for a deeper dive on the databases, storage structure, and “query-ability.”

• 使用基于键的查找、范围查询和组合键查询来查询和更新账本
• 使用丰富查询语言的只读查询（如果使用CouchDB作为状态数据库）
• 只读的历史查询——通过键查询帐本历史，实现数据溯源场景
• 交易包括两组键值的版本，一组是在链码（读集）中读取的键值，一组是在链码（写集）中写入的键值
• 交易包含每个背书节点的签名，并提交给排序服务
• 交易会顺序入块，并从排序服务“传递”到通道上的对等点
• 对等节点验证交易的背书政策并执行政策
• 在追加块之前，将执行版本控制检查，以确保读取的资产状态自链码执行时间以来没有改变
• 一旦交易被验证并提交，该交易就不可变了
• 通道的帐本包含一个定义策略、访问控制列表和其他相关信息的配置块。
• 通道包含Membership Service Provider实例，允许从不同的证书颁发机构获得加密材料

关于数据库、存储结构和“查询能力”的深入研究，请参阅账本主题。

Privacy through Channels

Hyperledger Fabric employs an immutable ledger on a per-channel basis, as well as chaincodes that can manipulate and modify the current state of assets (i.e. update key value pairs). A ledger exists in the scope of a channel - it can be shared across the entire network (assuming every participant is operating on one common channel) - or it can be privatized to only include a specific set of participants.

基于通道的隐私性

Hyperledger Fabric在每个通道上使用一个不可变的账本，以及可以操作和修改当前资产状态的链码（例如更细键值对）。一个帐本存在于一个通道的范围内——它可以在整个网络中共享（假设每个参与者都在一个公共通道上操作）——或者它也可以私有化，只包括一组特定的参与者。

In the latter scenario, these participants would create a separate channel and thereby isolate/segregate their transactions and ledger. In order to solve scenarios that want to bridge the gap between total transparency and privacy, chaincode can be installed only on peers that need to access the asset states to perform reads and writes (in other words, if a chaincode is not installed on a peer, it will not be able to properly interface with the ledger). To further obfuscate the data, values within chaincode can be encrypted (in part or in total) using common cryptographic algorithms such as AES before appending to the ledger.

在后一种情况下，这些参与者将创建一个单独的通道，从而隔离他们的交易和账本。为了解决想要缩小完全透明与隐私性之间的差距的场景，链码可只安装在需要访问资产状态以执行读写操作的节点上（换句话说，如果链码没有安装在对等节点上，它就不能正确地与帐本交互）。为了进一步混淆数据，链码中的值可在添加到账本之前，使用常见的加密算法（例如AES）进行部分或全部的加密。

Security & Membership Services

Hyperledger Fabric underpins a transactional network where all participants have known identities. Public Key Infrastructure is used to generate cryptographic certificates which are tied to organizations, network components, and end users or client applications. As a result, data access control can be manipulated and governed on the broader network and on channel levels. This “permissioned” notion of Hyperledger Fabric, coupled with the existence and capabilities of channels, helps address scenarios where privacy and confidentiality are paramount concerns.

See the Membership Service Providers (MSP) topic to better understand cryptographic implementations, and the sign, verify, authenticate approach used in Hyperledger Fabric.

安全和成员服务

Hyperledger Fabric以交易网络为基础，在该网络上所有参与者均识别身份。公钥基础设施用于生成与组织、网络组件和终端用户或客户端应用程序相关的加密证书。因此，数据访问控制可以在更广泛的网络和通道层面进行操作和管理。Hyperledger Fabric的授权概念，结合通道的存在和功能，帮助解决那些高度关注隐私和机密的场景。

查阅成员服务提供者（MSP）主题以便更好地理解Hyperledger Fabric中使用的加密实现、签名、验证、鉴权方法。

Consensus

In distributed ledger technology, consensus has recently become synonymous with a specific algorithm, within a single function. However, consensus encompasses more than simply agreeing upon the order of transactions, and this differentiation is highlighted in Hyperledger Fabric through its fundamental role in the entire transaction flow, from proposal and endorsement, to ordering, validation and commitment. In a nutshell, consensus is defined as the full-circle verification of the correctness of a set of transactions comprising a block.

共识

在分布式账本技术中，共识最近变得等同于一个函数内特定算法。然而，共识包括的不仅仅是同意交易的顺序，还有贯穿Hyperledger Fabric整个交易流程的基本角色的差异，从提案到背书、排序、验证、提交。简而言之，共识被定义为组成一个块的一组交易的正确性的全周期验证。

Consensus is ultimately achieved when the order and results of a block’s transactions have met the explicit policy criteria checks. These checks and balances take place during the lifecycle of a transaction, and include the usage of endorsement policies to dictate which specific members must endorse a certain transaction class, as well as system chaincodes to ensure that these policies are enforced and upheld. Prior to commitment, the peers will employ these system chaincodes to make sure that enough endorsements are present, and that they were derived from the appropriate entities. Moreover, a versioning check will take place during which the current state of the ledger is agreed or consented upon, before any blocks containing transactions are appended to the ledger. This final check provides protection against double spend operations and other threats that might compromise data integrity, and allows for functions to be executed against non-static variables.

当一个区块中的交易的顺序和结果符合明确的政策标准检查时，共识最终就实现了。这些检查和平衡发生在交易的生命周期中，包括背书策略的使用，用于说明哪个特定成员必须背书特定的交易类型，同时系统链码确保政策被强制执行和支撑。在提交之前，对等节点会使用系统链码确保当前有足够多的背书，并且他们来自合适的实体。此外，在包含交易的块写入账本之前，当账本的当前状态同意或答应时，版本检查将会发生。这个最终检查提供了针对双重支付和其他威胁保护，他们可能破坏数据完整性并同意执行非静态变量的函数。

In addition to the multitude of endorsement, validity and versioning checks that take place, there are also ongoing identity verifications happening in all directions of the transaction flow. Access control lists are implemented on hierarchal layers of the network (ordering service down to channels), and payloads are repeatedly signed, verified and authenticated as a transaction proposal passes through the different architectural components. To conclude, consensus is not merely limited to the agreed upon order of a batch of transactions, but rather, it is an overarching characterization that is achieved as a byproduct of the ongoing verifications that take place during a transaction’s journey from proposal to commitment. 

在交易流的各个环节，除了背书、验证、版本检查之外，还有持续的身份认证。访问控制列表在网络上的多个层级（从排序服务到通道）实现，载荷作为交易提案被反复签名、验证、鉴权，它们会传递到不同的架构组件。总结，共识不仅仅局限于一批交易的顺序，它更适合一组包罗万象的特征，该特征实现为交易从提案到提交整个过程中发生的持续验证的产物。

Check out the Transaction Flow diagram for a visual representation of consensus.

查看交易流程图获取共识的可视化展现。