Introduction to AWS Blockchain and Ledger Technologies

S V C 2 0 8 Introduction to AWS blockchain and ledger technologies

Dr. Jonathan Shapiro-Ward Solutions Architect Amazon Web Services

The ledger concept

Ledger databases

Blockchain

Amazon Managed Blockchain

Hyperledger Fabric

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Clay tablet, fragment, ledger, Late Babylonian British Museum

Ledger database concepts

L Ledger database

J Journal C | H C | H Current | History L

Current | History Ledger comprises J Journal

Journal determines Current | History

Banking & finance E-commerce Transport & logistics Keeping track of transactions, Where’s my stuff? Tracking transportation trades, and accounts of goods

HR & payroll Manufacturing Government Tracking changes to an Recording components used in Tracking vehicle individual’s profile manufacturing title history

Resource Difficult to Error-prone and Impossible intensive manage and scale incomplete to verify

Blockchain approaches

Designed for a Adds unnecessary different purpose complexity

Fully managed ledger database Track and verify history of all changes made to your application’s data

Immutable Highly scalable Easy to use Cryptographically verifiable

Maintains a sequenced record Uses cryptography to generate Executes 2–3X as Easy to use, letting you of all changes to your data, a secure output file of your many transactions as use familiar database which cannot be deleted or data’s history ledgers in common capabilities like SQL APIs for modified; you have the ability blockchain frameworks querying the data to query and analyze the full history

cars

INSERT INTO cars << ID Manufacturer Model Year VIN Owner { 'Manufacturer':'Tesla', C 'Model':'Model S', 'Year':'2012', 'VIN':'123456789', cars.history 'Owner’:’Jane Doe' } ID Version Start Manufacturer Model Year VIN Owner >> H

journal

INSERT cars H (T1) ID:1 Manufacturer: Tesla Model: Model S Year: 2012 VIN: 123456789 J Owner: Jane Doe Metadata: { Date:07/16/2012 }

cars

INSERT INTO cars << ID Manufacturer Model Year VIN Owner { 'Manufacturer':'Tesla', C 1 Tesla Model S 2012 123456789 Jane Doe 'Model':'Model S', 'Year':'2012', 'VIN':'123456789', cars.history 'Owner’:’Jane Doe' } ID Version Start Manufacturer Model Year VIN Owner >> H 1 1 7/16/2012 Tesla Model S 2012 123456789 Jane Doe

journal

INSERT cars H (T1) ID:1 Manufacturer: Tesla Model: Model S Year: 2012 VIN: 123456789 J Owner: Jane Doe Metadata: { Date:07/16/2012 }

cars

UPDATE cars SET owner = ‘John Stiles' WHERE ID Manufacturer Model Year VIN Owner VIN = '123456789' C 1 Tesla Model S 2012 123456789 TraciJohn RussellStiles

cars.history ID Version Start Manufacturer Model Year VIN Owner H 1 1 7/16/2012 Tesla Model S 2012 123456789 Jane Doe 1 2 8/03/2013 Tesla Model S 2012 123456789 John Stiles

journal

INSERT cars H (T1) UPDATE cars H (T2) ID:1 ID:1 Manufacturer: Tesla Owner: John Stiles Model: Model S Year: 2012 Metadata: { VIN: 123456789 Date:08/03/2013 J Owner: Jane Doe } Metadata: { Date:07/16/2012 }

cars

DELETE FROM cars WHERE VIN = '123456789' ID Manufacturer Model Year VIN Owner C 1 Tesla Model S 2012 123456789 John Stiles

cars.history ID Version Start Manufacturer Model Year VIN Owner H 1 1 7/16/2012 Tesla Model S 2012 123456789 Jane Doe 1 2 8/03/2013 Tesla Model S 2012 123456789 John Stiles 1 3 9/02/2016 Deleted

journal

INSERT cars H (T1) UPDATE cars H (T2) DELETE cars H (T3) ID:1 ID:1 ID:1 Manufacturer: Tesla Owner: John Stiles Model: Model S Metadata: { Year: 2012 Metadata: { Date: 09/02/2016 VIN: 123456789 Date:08/03/2013 } J Owner: Jane Doe } Metadata: { Date:07/16/2012 }

SHA256: Unique signature of a document Merkle trees: Chaining past hashes together

MERKLE ROOT HABCD Hash(HAB+HCD)

a4e31e36910d99bd19b7f875f0 HAB HCD a04597dc0ff52c2f164a16a9288 Hash(HA+HB) Hash(HC+HD) aed9e710fdd

HA HB HC HD Hash(TxA) Hash(TxB) Hash(TxC) Hash(TxD)

Digest: Periodic hash covering all history Proof: A chain of hashes that links a document to its digest

a4e31e36910d99bd19b7f875f0 d07fc3d67314905dd065d55988 2fc7e994c884bd13d5fd22b742 a04597dc0ff52c2f164a16a9288 790070410e87072f27ce2d1cb5 5328d0e5d5b0cdcba4d285b19 aed9e710fdd 6457c0879bc8 8be612f229ccb

Immutable Cryptographically verifiable Highly scalable

Append-only, sequenced Hash-chaining provides data integrity Serverless, highly available

Easy to use ACID transactions Journal-first

Familiar SQL operators Fully serializable isolation The journal is the database

Eliminates the need for central authority in business networks

Three main components: distributed ledger, consensus mechanism, and “smart contract” execution environment

Together these elements allow two parties to transact with one another by ensuring other parties consent to the transaction and record the transaction. This provides immutability and trust

Ledgers Decentralization Consensus algorithms

Immutable, append-only, Distributed trust and No intermediaries in cryptographically verifiable data replication decision process, support for smart contracts

Block 59 Block 60 Block 61

Block hash: Block hash: 000087ea2ffe94 Block hash: 000044bf2efe32 000057ec2fda71 Previous block hash: Previous block hash: Previous block hash: 0000d68b2f0a3b 000057ec2fda71 000087ea2ffe94

Timestamp Timestamp Timestamp

Transaction Transaction Transaction

The journal records an immutable log of all transactions and is maintained by nodes in the blockchain network

Some important attributes • Byzantine fault-tolerance requirements • Transaction rate, energy consumption • Hardware requirements • Security

• Rules embedded in app • Verified execution of code • Conditional operators • Application writes to ledger • Contract can interact with components outside of the blockchain network (off-chain)

Proof of Ownership NOTARIZATION E-COMMERCE Capital Markets DIGITAL RIGHTS GLOBAL PAYMENTS HCLS Documents/Contracts ESCROW REMITTANCE Real Estate Digital Security Trading WAGERS P2P LENDING Legal SMART DIGITAL Enterprise Platforms CONTRACTS CURRENCY Agriculture TRUSTEES MICROFINANCE Mortgage Loans Gaming BLOCKCHAIN TECHNOLOGY Transportation Voting Mechanisms DEBT HEALTHCARE M & E RECORD- Patient Records SECURITIES KEEPING EQUITY TITLE RECORD Digital Advertising Corporate Governance Power/Utilities PRIVATE MARKETS OWNERSHIP Financial Retail CROWDFUNDING VOTING Insurance Cloud DERIVATIVES INTELLECTUAL PROPERTY

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenges with existing blockchain solutions

Setup is hard Hard to scale Complicated to Expensive manage

Hyperledger Fabric

Fully managed Open-source variety Decentralized Create a blockchain network in minutes Support for two frameworks Democratically govern the network

Reliable & scalable Low cost Integrated Backed with Amazon QLDB technology Only pay for resources used Send data to Amazon QLDB for secure analytics

Create a network Invite members Add nodes Deploy applications Managed Blockchain Choose an open-source Invite other AWS accounts to Create and configure blockchain Create and deploy decentralized blockchain framework; set up a join the network peer nodes that store a copy of applications new blockchain network and the distributed ledger to your network through your your membership in your AWS peer nodes; transact with other account with members on just a few clicks the network

• Create permissioned networks with channels to limit the transactions on the ledger each member can see • Chaincode (smart contracts) are written in Go and executed in Docker containers • Validation policy for executing chaincode is configurable • Does not require a native cryptocurrency for chaincode execution

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ethereum • Create smart contracts using the Solidity language that runs across nodes in the network • Very scalable • Create permissioned networks or use public Ethereum network • Configured to use proof-of-work consensus algorithm for public network and proof-of-authority for private networks • Anyone who can access the network can see all data on the ledger

• Networks are decentralized and can remain active even after the initial creator leaves • Inviting members to join • Preview: Network creator can invite • GA: Members vote on who to invite and remove • Network-wide settings • GA: Members can vote on network-wide settings and configure the actual voting rules (e.g., majority rules or one member decides) • Each member pays for their resources • Managed Blockchain manages shared components like the ordering service and networking settings

• Pay-as-you-go with no upfront costs • Hourly rates billed per second • Each member pays for their own resources and the data it writes to the network • VPC endpoints created to access resource endpoints are billed separately • Standard data transfer rates

Starter edition Standard edition • Test and small production networks • Production networks • Up to 5 members/network • Up to 30 members/network • Up to 2 peer nodes/member • Up to 3 peer nodes/member • bc.t3.small and bc.t3.medium • bc.t3, bc.m5, and bc.c5 instance families • Ordering service provisioned has lower • Ordering service provisioned has higher transaction throughput and availability than transaction throughput and availability than that in a standard edition network that in a starter edition network

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transaction flow with Hyperledger Fabric

4 Broadcast endorsement

3 Endorsement signature

5 Verify policy

Ordering service Peer-n 1 Transaction proposal

2 Transaction simulation

Submitting-client Peer-1

6 Transaction delivery to peers

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Augmented Hyperledger Fabric Ordering service • Core component of a fabric network to guarantee delivery and order of transactions • Production-grade networks using open source will utilize Apache Kafka for this component • Managed Blockchain uses Amazon QLDB technology, increasing durability and reliability

Certificate authority • Open source uses a “soft” HSM • Managed Blockchain uses AWS Key Management Service (AWS KMS) to secure the Certificate Authority service

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Channels and private data for access control Channels allow isolation of transactions among specific Hyperledger Fabric ordering service members in the network

Create or update a channel with configuration transaction (configtx) Channel 1 Channel 2 Member 1 Ledger Member 2 Ledger Member 3 Peer Peer Peer Private data enables sub- channel access control Member 1 Member 2 Member 3 Channel 1 Channel 2

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Endorsement policies Endorsement policies allow chaincode to specify which Hyperledger Fabric ordering service members (or how many) need to validate a transaction 3 2 3 before submitting

1 1 Endorsed transactions Ledger Member 1 Member 2 Ledger then get submitted to Peer Peer the ordering service and assembled into blocks

Member 1 client

Account A

VPC endpoint

Account B SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Who is Singapore Exchange A diversified exchange group that runs key market infrastructure including the Singapore stock market and a pan-Asian derivatives exchange covering all major asset classes.

High annual dividend of 28 cents for the past 5 years

London Strong cash flow with Chicago debt-free balance sheet New York Beijing Tokyo San Francisco Shanghai Hong Kong Anchored in Singapore, a AAA- Mumbai rated economy Singapore

Headquarters Office

Managed Blockchain

Challenges with existing financial systems: Benefits of implementing a blockchain:

• Lack of trust • Distributed application provides trust

• Inefficient processes for sending data across • Provides reliability and resiliency borders • Easy to add new participating members • API divergence is expensive and cumbersome to maintain • Efficient transfer of data and transactions without intermediaries SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. About Project Ubin—a multiphase journey Project Ubin is a collaborative project between Singapore Exchange, the Monetary Authority of Singapore (MAS), and the industry to explore the use of blockchain for clearing and settlement of payments and securities.

Phase 1 Phase 2 Current phase Current Phase Future Phase Use of digital currency in Achieved gridlock Domestic Delivery Payment vs Payment Delivery vs Payment vs Real-Time Gross resolution and liquidity vs Payment (DvP) for (PvP) for Payment (DvPvP) for Settlement (RTGS) savings mechanism Securities Settlement cross-border settlement cross-border settlement (LSM) on a distributed of payments and system without securities compromising on privacy

Capital Raising Trading Post-Trade Clearing Settlement Depository

Source: http://www.mas.gov.sg/Singapore-Financial-Centre/Smart-Financial-Centre/Project-Ubin.aspx

VPC Endpoint

Digital Asset Fabric Client API Server Digital Currency Node Arbitrator

Hyperledger Fabric Network by Managed Blockchain VPC Central Bank/FIs

Blockchain X (Ordering Service)

Bank A Bank B RMO Central Bank

Fabric Certificate Fabric Certificate Fabric Certificate Fabric Certificate Authority Authority Authority Authority

Peer Node Peer Node Peer Node Peer Node

Amazon VPC PrivateLink

VPC Bank A VPC Bank B Buyer/Seller Buyer/Seller

VPC Endpoint VPC Endpoint

Fabric Client API Server Fabric Client API Server Node Node

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Conclusions “Flexibility to reduce settlement time” Tokenized currency coupled with smart contracts allows for significant reduction in settlement time 1 on trade-by-trade basis Potential for round-the- clock operations “Consistently” applied rights and obligations Underlying DvP design can be further explored for cross-border transactions 6 • Smart contracts can be used to apply where time-zone differences could mean 2 obligations and rights consistently a delay in settlement time, exposing and coherently participants to unnecessary FX • Compliance enforcement through smart fluctuations and principal risks contracts reduces costs

Potential broadening of asset classes & 5 3 “Higher investor confidence” investor types Design for arbitrator role

Project DvP’s underlying design, • Designing for arbitrator’s role architecture, and benefits can be scaled for provides avenue of recourse for other asset classes beyond central bank- Enhances investors’ security disputed transactions issued digital currencies including Multi-signature, off-chain, out-of- 4 • Maintains a central role to monitor and securities, corporate bonds, commodities, band secure secrets facilitate market functionalities etc. and other investor types such as retail, etc. • Distributed control prevents account compromise • Layered security with blockchain- independent transfer of secret

SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identifying the right AWS blockchain service

Amazon QLDB Managed Blockchain Ownership Owned by a single, trusted authority No single owner of the ledger; joint ownership by multiple parties

Addresses Need Addresses core need of an immutable and Addresses core need of enabling multiple parties to transact verifiable transactional log transparently and with trust in each other

Key Benefit It’s a database, so it’s fast, as it doesn’t Removes intermediaries when a group of members needs to require consent from members transact, so it makes business processes more efficient

Managed Blockchain • Managed Blockchain web page: https://aws.amazon.com/managed-blockchain • Deploying a sample application: https://aws.amazon.com/blogs/database/build-and-deploy-an-application-for-hyperledger-fabric-on- amazon-managed-blockchain/ • Documentation: https://docs.aws.amazon.com/managed-blockchain/latest/managementguide/what-is-managed-blockchain.html

Amazon QLDB • Amazon QLDB web page: https://aws.amazon.com/qldb • Documentation: https://docs.aws.amazon.com/qldb/latest/developerguide/what-is.html • Building System of Record Applications with Amazon QLDB: https://www.youtube.com/watch?v=XGeCNr8eOiA

Dr. Jonathan Shapiro-Ward [email protected]