Hi;
Google Chrome is not liking the SHA-256 signature algorithm and declaring it as a weak signature algorithm. It is not displaying the lock in the navagation bar and showing an exclamation mark instead. what would be a strong one to use? Would SHA-512 do the job?
Kindly
Wasfi
Detect, investigate, and respond to advanced threats. Confirm and manage identities. Ultimately, prevent IP theft, fraud, and cybercrime.
Explore products and solutions from RSA.
The Hyperledger consortium has launched a new cryptographic software library that will make blockchain development significantly less time consuming, at least in theory. Named “Ursa,” the library can be used by developers for open-source projects not directly related to the Hyperledger platform.
In a blog post published December 4, 2018, the consortium explained that Ursa was born out of a need for standardization in the blockchain development ecosystem:
“The presence of easy to use, secure crypto implementations might also make it less likely for less experienced people to create their own less secure implementations.”
Hosted by The Linux Foundation, Hyperledger is one of the most popular enterprise blockchain projects globally. It is a collaborative effort between leading companies from the finance, technology, supply chain, and manufacturing industries.
In the software industry, building custom solutions for a trivial problem is often seen as reinventing the wheel. As a result, open-source libraries are commonly used to reduce development time and effort. Given the relative immaturity of the technology, however, the current state of blockchain development can only be described as fragmented. As a result, not many blockchain software libraries have seen mass adoption so far.
In their post, Hyperledger explains that crypto-related implementations are “notoriously difficult to get correct.” Furthermore, since blockchains are often used to represent wealth of some kind, custom applications require a fair amount of technical knowledge to secure properly. Both of these problems can be alleviated to a significant degree if a large number of projects adopts a standard library.
Speaking on security, Hyperledger believes that standardizing this component vastly simplifies the analysis procedure for new blockchains. Maintaining variations of code that do the same thing can lead to unwanted software bugs that would eventually lead to catastrophic failure of some kind much later on.
At this time, Ursa has been divided into two separate sections. One is a library that delivers “modular, flexible, and standardized basic cryptographic algorithms,” while the other is a much more ambitious library that includes modern blockchain functionality such as “smart” signatures and zero-knowledge proofs. Describing the current scope of the library, Hyperledger said that Ursa:
“Aims to include things like a comprehensive library of modular signatures and symmetric-key primitives built on top of existing implementations, so blockchain developers can choose and modify their cryptographic schemes with a simple configuration file change. Ursa will also have implementations of newer, fancier cryptography, including things like pairing-based signatures, threshold signatures, and aggregate signatures, and also zero-knowledge primitives like SNARKs.”
As for the team working on Ursa, the consortium says that it currently consists of developers working on security for Hyperledger Indy, Sawtooth, and Fabric platforms. Their work is then reviewed by a panel of cryptography experts who are academically qualified to gauge the security of these algorithms.
Category: Blockchain, Development, Ethereum, News, Platform
Tags: blockchain technology, development, Ethereum, Hyperledger, security, Ursa
JAXenter: What is Hyperledger Ursa and why was it created? What is its endgame?
Hart Montgomery: Hyperledger Ursa is a modular, flexible cryptography library that is intended for—but not limited to—use by other projects in Hyperledger. Ursa’s objective is to make it much safer and easier for our distributed ledger projects to use existing, time-tested and trusted cryptographic libraries but also new cryptographic implementations being developed.
It was created because we realized that it would save us effort and improve security if we collaborated on our cryptographic code. Its endgame is just to be a secure, modular cryptographic library that supports most of the common cryptographic needs for permissioned blockchains in an interoperable way.
If building a blockchain from scratch is beyond your current scope, the blockchain technology whitepaper is worth a look. Experts from the field share their know-how, tips and tricks, development advice, and strategy for becoming a blockchain master.
JAXenter: Who should use it? What are the uses cases for Hyperledger Ursa?
Hart Montgomery: We designed Ursa to be used by the other Hyperledger projects. However, anyone who needs a modular cryptographic library for blockchain might find Ursa useful.
JAXenter: What are its biggest benefits? Why should developers use it?
Hart Montgomery: The biggest benefits (for us) are due to the fact that Ursa concentrates cryptographic and security expertise in Hyperledger in one place. This means that we have more eyes on our algorithms and implementations and thus are likely to make fewer security mistakes. Developers may want to use Ursa due to its modular structure: changing cryptographic schemes or protocols should be much easier than when using traditional libraries.
Developers may want to use Ursa due to its modular structure: changing cryptographic schemes or protocols should be much easier than when using traditional libraries.
JAXenter: Ursa will be written mostly in Rust but will have interfaces in all of the different languages that are commonly used throughout Hyperledger. What languages are we talking about?
Hart Montgomery: In the near term, we are talking about Go, Python, and Java. In the longer term, it’s not entirely clear. We will support what the community uses.
JAXenter: Hyperledger Ursa has two modules. Could you explain what they are all about?
Hart Montgomery: The first module involves basic cryptography wrapped in a modular way. In this module, we incorporate standard libraries and implementations. The goal is to allow developers to use standard cryptography in a “plug and play” manner.
The second module, which we named zmix, contains more complicated, novel, and less standard cryptography related to “smart” signature protocols (i.e., threshold signatures) and zero knowledge-related cryptographic protocols. These algorithms have become popular in blockchain applications recently and other Hyperledger projects have been interested in solid implementations.
JAXenter: Hyperledger Ursa seems to be the first common component/module and a step towards modular DLT platforms, which share common components. What do modular DLT platforms consist of? Are they the natural evolution of DLT platforms?
Hart Montgomery: Great observation! For many of us, the long-term vision for Hyperledger is indeed modular DLT platforms that are built from shared, common components. Modular DLT platforms consist of exactly the same things that regular DLT platforms do, with the difference that it is easy to swap out components in a modular DLT.
Examples of modular components certainly include, but are not limited to, cryptographic algorithms, consensus protocols, data storage mechanisms (database type), identity management systems, chaincode/smart contract interpreters, and much more. Since there will likely be no single DLT configuration that works for all (or even many) blockchain applications, we think that modularity will be the natural evolution of DLT platforms.
JAXenter: What should we expect from Hyperledger Ursa in the future? What are the plans for 2019?
Hart Montgomery: In the near term, we hope to get Ursa up and running to the point that Hyperledger Indy will use it. We expect this to be done relatively soon as the code base is relatively consistent with Indy’s current crypto library. Over the next year, we hope to incorporate the features that the other Hyperledger DLT projects need in order to use Ursa for their cryptography, probably starting with Hyperledger Sawtooth. In addition, we plan to add more new zero knowledge-focused protocols to zmix in the next year as well.
Thank you!
asap
Our Blockchain development made easy interviews published so far:
Hyperledger, led by The Linux Foundation, announced a new project dubbed Hyperledger Ursa. The new project seeks to build a cryptographic library to help the developers on working on various projects in Hyperledger.
According to the official website:
“Hyperledger Ursa is a shared cryptographic library that would enable people (and projects) to avoid duplicating other cryptographic work and hopefully increase security in the process.”
Overall, Ursa is expected to simplify project maintenance while reducing bugs. Most or all of the Ursa crypto code will be kept in a single location where it can be reviewed by crypto experts.
“It is easier for new projects to get off the ground if they have easy access to well-implemented, modular cryptographic abstractions,” according to the blog.
At launch, Ursa has two modules, including: one module for modular, standardized, basic cryptographic algorithms and another module called zmix that relates to “more exotic” blockchain technologies like smart signatures and zero knowledge primitives.
Ursa will be written mostly in Rust, it will also have interfaces in all of the different languages that are commonly used throughout Hyperledger.
It is noteworthy that reportedly back in October, the global standards organization driving the adoption of Enterprise Ethereum, and Hyperledger, The Linux Foundation, jointly announced they had become Associate Members, respectively, within each other’s organization. The open-source, standards-based, cross-platform collaboration between the two organizations will contribute to accelerating mass adoption of blockchain technologies for business.
Blockchain | December 5, 2018 br>By: David Pimentel
Blockchain consortium Hyperledger has announced a new shared cryptographic library that would enable individuals and other blockchain projects to avoid duplicating other cryptographic work.
Called Hyperledger Ursa, the shared cryptography library is the latest project to be accepted by the Hyperledger Technical Steering Committee. Its objective is to make it much safer and easier for our distributed ledger projects to use existing, time tested, and trusted cryptographic libraries but also new cryptographic library implementations being developed.
“As Hyperledger has matured, the individual projects within Hyperledger have started to find a need for sophisticated cryptographic implementations,” Hyperledger said. Rather than have each project implement its own cryptographic protocols, it is much better to collaborate on a shared library.”
Currently, Hyperledger Ursa has two sub-projects. The first one is the base crypto library, which has the implementation of several different signature schemes with a common API that allows for blockchain builders to change signature schemes almost on-the-fly. The second sub-project is Z-mix, which provides a single flexible and secure implementation to construct zero-knowledge proofs that prove statements about multiple cryptographic building blocks.
Ursa will be written mostly in Rust, but it will also have interfaces in all of the different languages that are commonly used throughout Hyperledger.
Ursa currently includes developers who work on the security aspects of Hyperledger Indy, Sawtooth, and Fabric, as well as several cryptographers with an academic background in theoretical cryptography to ensure that all cryptographic algorithms meet the desired levels of security.
“Our goal in creating Ursa is to combine the efforts of all the security and cryptography experts in the Hyperledger community and move all of the projects forward,” Hyperledger said.
Hyperledger, a cross-industry collaborative blockchain initiative, has announced a new project – a shared cryptography library called ‘Ursa.’
Designed by teams at Fujitsu Labs, Intel, State Street, Sovrin Foundation, Bitwise and others, Ursa aims to enable distributed ledger projects to use existing cryptographic libraries as well as new cryptographic library implementations being developed in an easy and secure manner.
The project is currently in incubation. According to the official website:
“Hyperledger Ursa is a shared cryptographic library that would enable people (and projects) to avoid duplicating other cryptographic work and hopefully increase security in the process.”
Hyperledger explained that instead of each project implementing its own cryptographic protocols, it is beneficial to collaborate on a shared library as this would help avoid duplication, simplify the security analysis, enforce expert review, simplify cross-platform interoperability, facilitate modularity, and make it easier for new projects to get off the ground.
According the official announcement, Ursa currently includes developers who work on the security aspects of Hyperledger Indy, Sawtooth, and Fabric, as well as several cryptographers with an academic background in theoretical cryptography.
“Our goal in creating Ursa is to combine the efforts of all the security and cryptography experts in the Hyperledger community and move all of the projects forward,” it added.
While Ursa will be written mostly in Rust, it will also have interfaces in all of the different languages that are commonly used throughout Hyperledger. The tool currently has two distinct modules, which includes:
“a library for modular, flexible, and standardized basic cryptographic algorithms, and a library for more exotic cryptography, including so-called “smart” signatures and zero knowledge primitives called zmix.”
In a press release, the company released Ursa to tackle the protocol issues each DLT company is facing and consolidate all teams efforts into a shared library. It aims to enhance the safety and ease of the Hyperledger projects to use existing, trusted and time-tested cryptographic libraries, as well as support the development of new cryptographic library implementations.
Ursa was also developed to help programmers avoid duplication of projects and problem associated with them. One of the effects of implementing Ursa would be not letting inexperienced developers build insecure applications.
The project would grant the chance for experts to give their suggestions for improvement of the cryptographic code. This move will make cross-border payments much easier because multiple platforms would utilize the same cryptographic code.
HyperLedger’s plans are for blockchain devs to have the ability to modify their source codes with a configuration file. Ursa would also utilize an evolved cryptography, developed and delivered with joint forces.
The massive library is divided into two, smaller parts. The “base” contains a simple, yet effective, cryptography algorithm. The second library would contain “fancier cryptography,” such as pairing-based signatures, threshold signatures, and SNARKs.
The programming language would most probably be Rust, but developers are preparing versions in all languages used throughout the Hyperledger programming community.
Hyperledger expects that Ursa will ease innovations since “it is less demanding for new projects to get off the ground if they can use a well-implemented and hassle-free modular framework.”
Hyperledger is progressively becoming a number one choice for commercial clients and institutions. One of the largest Russian banks, Sberbank, finished up an over-the-counter OTC remote trade contract by utilizing smart contracts on the Hyperledger Fabric Platform.
In November, French retail hegemon Carrefour released a food tracking software, running on Hyperledger, in its Spanish stores. The framework will be utilized to track the path of free-range chickens raised without the use of antibiotics.
Hyperledger announced the new library called the Ursa Project. The aim is to allow Hyperledger blockchain projects and others to share the cryptography code.
Cryptography is the blockchain’s core. It is used to prove that a block for many other purposes is a part of a chain. Hyperledger, a member of the Linux Foundation, now has 11 company projects.
While many use the same low-level cryptographic algorithms and common core libraries, they have each developed their own implementations at the blockchain software level. The aim is to calculate cryptographic functions easily by default from the Ursa cryptography library using APIs.
Ursa promotes the concept of modularity as a potentially common component in several blockchains. For new blockchain projects in the future, the drop-in library should avoid duplication of code. Even for existing projects, their maintenance efforts should be reduced after migration to Ursa.
With less duplication of code and expert cryptographers, improved security should be provided. And code sharing should make interoperability across platforms simpler.
The first major subproject is a basic cryptographic library with standard features. Existing code libraries such as Apache Milagro Crypto Library (AMCL) have no raw implementations, but wrappers. It’s a handy API. The focus is primarily on a shared modular signature library. Blockchain developers can therefore easily change or use more than one signature scheme.
It’s a work in progress today. This is to be extended to common cryptographic algorithms such as hash algorithms with different performance features. Like most Hyperledger projects, the managers come from a cross-section of companies. These include the Sovrin Foundation, Evernym, Intel, Bitwise, the Linux Foundation and DFINITY.
A second project called zmix is a general Zero Knowledge Proof (ZKP) implementation. Even if people use ZKP, it is not standardized compared to the basic library. It was therefore separated.
In addition, most users need the base crypto library, but only some people want the ZKP functionality. Similarly, separation on the development side reduces the number of people who have to participate in conferences. There may be other libraries, such as zmix, based on semi-trusted implementations in the future.
There is also a cryptographic research aspect that will remain in the laboratories of Hyperledger rather than in the major project of Ursa. A more efficient ZKP protocol, published, peer-reviewed and coded in an algorithm, is a hypothetical example of their theoretic work. The maintenance team consists of three DFINITY staff and Fujitsu’s Hart Montgomery, who is also the Ursa project manager.
Ledger Insights asked if the research team could be “group-thinking” because several team members belong to the same firm. Montgomery replied via email: “In the permitted blockchain space there are very few theoretical cryptographers.”
“Ideally, we would like to have more cryptographers involved but, quite frankly, we are very lucky to have the group that we do and I think that the current group is more than capable. I’m not really worried about “group-think” — the DFINITY team is a group of very accomplished cryptographers, and they collaborate extensively with outside researchers.”
The Hyperledger Indy self-sovereign identity project plans to adopt Ursa soon. It is anticipated that Hyperledger Fabric will use the zero-knowledge proof aspect by next year’s first quarter. In the future, Hyperledger Sawtooth will move towards Ursa. The Burrow and Iroha projects have been discussed, but no firm commitments have yet been made.
There is a chance that Ursa will look a bit confusing for a while. Every project is encouraged to add a crypto library of its own to Ursa. That means code duplication initially occurs when different projects implement the same functionality. Implementations will merge over time. Another aspect that Project Ursa could use relates to standards. The United States Standards Institute is NIST department of government.
However, Russia, for example, uses different cryptographic standards and a separate implementation of Ethereum using Russian GOST standards has already taken place. Montgomery elaborated as follows “We plan on supporting multiple standards. We want people to be able to (securely) configure cryptography in order to best fit their needs.”
Users will be able to make sure that any standards they need will be “pluggable” into Ursa. Supporting multiple block ciphers is, in fact, one of the examples we had in mind, and we plan on doing just that.”
The Ursa project will be officially unveiled at the Hyperledger Global Forum from 12 to 15 December in Basel, Switzerland.
Hyperledger has announced a new project dubbed Hyperledger Ursa. The new project seeks to build a cryptographic library to help the developers on working on various projects in Hyperledger. The project’s primary motive is to simplify the use of existing cryptographic libraries while setting up new “sophisticated” implementations for these libraries.
Ursa intends to add modular signatures and symmetric-key primitives to the existing library “so blockchain developers can choose and modify their cryptographic schemes with a simple configuration file change”. The project will also introduce “fancier cryptography” to include pairing-based signatures, threshold signatures, and aggregate signatures. The project will also integrate zero-knowledge primitives like SNARKs.
“Rather than have each project implement its own cryptographic protocols, it is much better to collaborate on a shared library,” read the Hyperledger blog. The library will help avoid the duplication of crypto implementations. They will also add to the security implications of an individual project as the crypto codes will be held within one consolidated library. Since experts have reviewed all the crypto codes on the library, there is no wasting time on analyzing the crypto portion of the ledger. The library also contributes to interoperability as it can help two projects utilize the same resources.
“It is easier for new projects to get off the ground if they have easy access to well-implemented, modular cryptographic abstractions,” according to the blog.
Currently, Ursa has two different modules. The first module or the “base crypto library” will contain basic cryptographic algorithms and the second library will focus on smart signatures zero knowledge primitives called zmix. “The goal of zmix is to provide a single flexible and secure implementation to construct such zero-knowledge proofs,” said the blog.
Hyperledger doesn’t intend to limit the project’s utility to just Hyperledger projects. Hyperledger is known to host a variety of other commercial and institutional projects on their platform. It is an open source platform for developers to create their own blockchain frameworks. Numerous companies including TenneT energy community and London Stock Exchange group makes use of the Hyperledger fabric.
Image via Shutterstock