Hyperledger announced the new library called the Ursa Project. The aim is to allow Hyperledger blockchain projects and others to share the cryptography code.
Cryptography is the blockchain’s core. It is used to prove that a block for many other purposes is a part of a chain. Hyperledger, a member of the Linux Foundation, now has 11 company projects.
While many use the same low-level cryptographic algorithms and common core libraries, they have each developed their own implementations at the blockchain software level. The aim is to calculate cryptographic functions easily by default from the Ursa cryptography library using APIs.
Ursa promotes the concept of modularity as a potentially common component in several blockchains. For new blockchain projects in the future, the drop-in library should avoid duplication of code. Even for existing projects, their maintenance efforts should be reduced after migration to Ursa.
With less duplication of code and expert cryptographers, improved security should be provided. And code sharing should make interoperability across platforms simpler.
The first major subproject is a basic cryptographic library with standard features. Existing code libraries such as Apache Milagro Crypto Library (AMCL) have no raw implementations, but wrappers. It’s a handy API. The focus is primarily on a shared modular signature library. Blockchain developers can therefore easily change or use more than one signature scheme.
It’s a work in progress today. This is to be extended to common cryptographic algorithms such as hash algorithms with different performance features. Like most Hyperledger projects, the managers come from a cross-section of companies. These include the Sovrin Foundation, Evernym, Intel, Bitwise, the Linux Foundation and DFINITY.
A second project called zmix is a general Zero Knowledge Proof (ZKP) implementation. Even if people use ZKP, it is not standardized compared to the basic library. It was therefore separated.
In addition, most users need the base crypto library, but only some people want the ZKP functionality. Similarly, separation on the development side reduces the number of people who have to participate in conferences. There may be other libraries, such as zmix, based on semi-trusted implementations in the future.
There is also a cryptographic research aspect that will remain in the laboratories of Hyperledger rather than in the major project of Ursa. A more efficient ZKP protocol, published, peer-reviewed and coded in an algorithm, is a hypothetical example of their theoretic work. The maintenance team consists of three DFINITY staff and Fujitsu’s Hart Montgomery, who is also the Ursa project manager.
Ledger Insights asked if the research team could be “group-thinking” because several team members belong to the same firm. Montgomery replied via email: “In the permitted blockchain space there are very few theoretical cryptographers.”
“Ideally, we would like to have more cryptographers involved but, quite frankly, we are very lucky to have the group that we do and I think that the current group is more than capable. I’m not really worried about “group-think” — the DFINITY team is a group of very accomplished cryptographers, and they collaborate extensively with outside researchers.”
The Hyperledger Indy self-sovereign identity project plans to adopt Ursa soon. It is anticipated that Hyperledger Fabric will use the zero-knowledge proof aspect by next year’s first quarter. In the future, Hyperledger Sawtooth will move towards Ursa. The Burrow and Iroha projects have been discussed, but no firm commitments have yet been made.
There is a chance that Ursa will look a bit confusing for a while. Every project is encouraged to add a crypto library of its own to Ursa. That means code duplication initially occurs when different projects implement the same functionality. Implementations will merge over time. Another aspect that Project Ursa could use relates to standards. The United States Standards Institute is NIST department of government.
However, Russia, for example, uses different cryptographic standards and a separate implementation of Ethereum using Russian GOST standards has already taken place. Montgomery elaborated as follows “We plan on supporting multiple standards. We want people to be able to (securely) configure cryptography in order to best fit their needs.”
Users will be able to make sure that any standards they need will be “pluggable” into Ursa. Supporting multiple block ciphers is, in fact, one of the examples we had in mind, and we plan on doing just that.”
The Ursa project will be officially unveiled at the Hyperledger Global Forum from 12 to 15 December in Basel, Switzerland.