Javier Castro - Fotolia

Hyperledger Sawtooth: Blockchain for the enterprise

Hyperledger Sawtooth, an open source blockchain platform, is designed to help enterprises build distributed ledger applications and networks -- but it's also of interest for IoT applications.

Enterprises ready to explore blockchain platforms can now consider Hyperledger Sawtooth 1.0, which was specifically designed to keep ledgers distributed and smart contracts secure within the business realm. Some of its capabilities also make Sawtooth a good fit for IoT applications.

The Linux Foundation's Hyperledger project is an umbrella-type home to nine separate open source projects that each focus on different aspects of technology that complement each other but may also potentially compete.

"We're very proud to announce our second production release, Sawtooth 1.0," said Brian Behlendorf, executive director of Hyperledger. "For us, this is a special milestone because it's a signal from the developers that this code is ready to be used in production environments with live digital assets."

There's much excitement about blockchain technology, but "if you told people they were getting excited about a database, you might not see the same reaction," said Dan Middleton, head of technology for Intel's blockchain and distributed ledger program, as well as maintainer of Hyperledger Sawtooth.

Blockchain is worthy of excitement, though, because it's a new kind of database that's special in several ways. "First, it's distributed, so it gets copied all over the world," Middleton said. "Many people are familiar with bitcoin and cryptocurrencies that are considered public networks, but we're focused on permissioned networks to be used in enterprise and business-to-business scenarios."

The main reason you'd want to use an instantiation of a database, Middleton said, is to deal with the problem of multiple companies that all need to read and edit the same database. "There are a lot of use cases out there -- ranging from the financial sector to supply chain to access control management -- that all have this requirement, and this is mainly what this technology is built to deliver," he explained.

Hyperledger Sawtooth 1.0 benefits and capabilities

Blockchain's instantiation provides two key benefits: "One is an immutable transaction history," Middleton said. "It's a cryptographic linkage of transactions so that, at any given point, you can be assured about the state of information and that the logs are auditable and high availability."

The second is that because this database is copied and running in a large number of places, if you take down one node of that database, the network as a whole continues to be productive. "If you take a node offline or it crashes by itself, which we consider crash fault tolerance, the network will operate despite some number of nodes going down," Middleton said.

Blockchain is worthy of excitement because it's a new kind of database that's special in several ways.

With blockchain, there's often an interest in Byzantine fault tolerance, which means that the network will continue to be viable when exposed to adversarial nodes or ones that are trying to act in malicious ways. "This isn't just that a node crashes or a third of the nodes on the network crash, but rather something like up to a third of the nodes on the network can be actively trying to corrupt the network, but are unable to do that," Middleton said. "This would be our goal for most deployments when you're putting some sort of business value onto the network. You want to know that it will be resilient to attack."

Beyond these capabilities, Hyperledger Sawtooth also features on-chain governance, which uses smart contacts to vote on blockchain configuration settings as the allowed participants and smart contracts. Further, it has an "advanced transaction execution engine" that's capable of processing transactions in parallel to help speed up block creation and validation.

But, arguably, one of Sawtooth's most intriguing benefits "is its proof of elapsed time, or PoET, consensus mechanism, which is a novel attempt to bring the resiliency of public blockchains to the enterprise realm -- without forgoing the requirements of security and scale," said Jessica Groopman, industry analyst and founding partner of Kaleido Insights.

PoET is a Nakamoto-style consensus algorithm, according to The Linux Foundation, which is "designed to be a production-grade protocol capable of supporting large network populations." In other words, quite possibly, for IoT applications.

Another aspect of Sawtooth that Groopman described as notable is that the platform is designed to allow developers to separate and design business applications separately from the core platform. "It also supports a variety of programming languages, including Solidity, Go, Python, Rust, C++ and JavaScript, and has 'dynamic consensus,' which allows administrators to modify the actual consensus mechanism over time as new more scalable algorithms become available," she added.

Sawtooth for IoT?

Companies such as Wind River Systems Inc., a developer of embedded software for intelligent connected systems, are already exploring Sawtooth for IoT applications. Others are embedding Hyperledger's basic functions directly in hardware, such as Filament's Blocklet Chip technology.

As the content of systems shifts to software, Wind River is seeing the value of the components of systems also increasingly attributed to software. This is, in large part, because hardware is set and unchangeable. Software, on the other hand, is dynamic and can be updated. "Now that systems are being connected through IoT, this is exacerbated," said Jim Douglas, president of Wind River.

Within the software realm, it's not uncommon to use components you didn't develop, and maybe some with proprietary code you'd like to integrate or even open source. "One of the big challenges is how do you effectively manage all of these source inputs? How do you identify what's in your code, what's open source? How do you secure the right open distribution rights, and how do you identify and understand open source vulnerabilities?" Douglas queried. "If you're exporting into restricted countries, how do you identify the crypto-technologies you have -- especially in open source? And how do you do all of this when the system is changing all of the time?"

Wind River develops software and uses third-party components and open source in its products, so this is a constant battle for them. "We have competency doing this as a vendor, but saw an opportunity to improve how we do it," Douglas said. "Then the brainstorm came: Everyone has this problem to an extent."

So, the company embraced an earlier version of the Sawtooth open source blockchain platform and developed a "software parts ledger" that effectively establishes trust and accountability between all of the components and software. To be more specific, it can track all of the software parts from suppliers, each of whom provides parts to register with the ledger, so that each individual part is logged.

"All of the compliance artifacts, if you're using open source, that are necessary to satisfy customer or regulatory agencies -- such as source code or legal notices or open source bill of materials, or all of the crypto data -- are identified," Douglas explained. "And a 'compliance envelop' takes all of these things and provides a standard method for bundling and indexing them, which makes it much easier to deliver those artifacts. A 'conductor' manages the relationships between all of those entities by essentially monitoring and coordinating the supply chain of resources and entities and gives them all individual IDs so you can track them. It's licensed under Apache and sitting on Github so people can download it."

This is an example of how you can use blockchain technology -- Hyperledger Sawtooth, specifically -- to tackle the real-world problem of software growing exponentially, with content coming from multiple sources and, more often than not, some open source mixed in. "It can become a nightmare from a developer standpoint," Douglas said. "But this gives you accountability from all of those sources and also the ability to easily demonstrate where those sources are and that you've got rights and any other attribute that's compliance-related. You can quickly articulate that you've checked all of the boxes."

Douglas pointed out that many people still have no real idea what blockchain is. "We made a mistake as positioning it as blockchain at first," he said. "We got a lot of cross-eyed looks until I asked: Do you struggle with chain of custody issues?" Then it clicks.

"I love blockchain's simplicity," Douglas added. "Obviously, there's some technology toughness behind it to ensure it works, but conceptually, it's simple."

The road ahead for distributed ledgers

As we see more ledgers emerge, enterprises are likely going to need to help brokering the intersection of different ledger approaches.

"Different parts of the value chain are probably going to want to use slightly different approaches," Douglas said. "Groups like Hyperledger can potentially fill that broker role to ensure that a notion of trust and accountability between different ledgers exists, and it will be an interesting direction to go in. I'm not sure what it'll look like, but it might be akin to key authorities like the internet."

As distributed ledger technology moves forward, Behlendorf emphasized that Hyperledger is an open source community -- anyone can use the code for free under the Apache license. "We invite all of you to get involved with the further development of Sawtooth -- to understand what it is today, where it's going, what kinds of new features folks might be cooking up and where you think it should go, and how you might be able to help with that path," he said.

Dig Deeper on Internet of things platform

CIO
Security
Networking
Data Center
Data Management
Close