Simplifying Blockchain Security Using Hyperledger Ursa
In a recent blog post, the Hyperledger project has announced their latest project, Hyperledger Ursa , has been accepted by the Technical Steering Committee (TSC). Ursa’s primary objective is to simplify and consolidate cryptographic libraries in a trusted, consumable manner for use in distributed ledger technology projects in an interoperable way.
Within Project Ursa, a comprehensive library of modular signatures and symmetric-key primitives will be available so developers can swap in and out different cryptographic schemes through configuration and without having to modify their code. In addition to this base library, Ursa will also include newer cryptography, including pairing-based , threshold , and aggregate signatures. In addition to these signatures, zero-knowledge primitives including SNARKs will also be included.
Blockchain security is highly dependent upon cryptographic operations, but for developers, choosing the correct implementation is a challenge. Hart Montgomery , a cryptographic researcher at Fujitsu and a member of the Hyperledger TSC, explains:
As Hyperledger has matured, the individual projects within Hyperledger have started to find a need for sophisticated cryptographic implementations. Rather than have each project implement its own cryptographic protocols, it is much better to collaborate on a shared library.
The Hyperledger Ursa project has identified the following benefits:
- Avoiding duplication of solving similar security requirements across different blockchain implementations.
- Security audits of cryptographic operations are simpler to analyze when code is consolidated into a single location. This reduces maintenance efforts of these libraries and improves the security footprint for developers who may be less experienced in distributed ledger projects.
- Expert Reviews take place on all cryptographic code to reduce the likelihood of dangerous security bugs.
- Cross-platform interoperability improves when multiple platforms, who require cryptographic verification, are using the same security protocols on both platforms.
- Modularity of common components, lay the framework for future modular distributed ledger technology platforms using common components. A successful reference implementation of a common component, like security, creates future opportunities.
- New projects are able to accelerate their time to market if an existing security paradigm can be plugged-in without a project needing to build it themselves.
As Hyperledger Ursa is in its infancy, the project has broad future plans, including further investments in modularizing Minicrypt , Montgomery explains:
Our first library is our “base crypto” library. Right now we are focused on our shared modular signature library, but we plan to extend this to allow easy modularization of all commonly used cryptographic primitives in Minicrypt. This—work in progress—has the implementation of several different signature schemes with a common API, allowing for blockchain builders to change signature schemes almost on-the-fly—or to use and support multiple signature schemes easily. Exact implementations and APIs have not been finalized, but they are in progress.
Project Ursa does not include raw crypto implementations within their library, but chooses to use wrappers for code from existing libraries instead. Montgomery characterizes the benefit as:
The novelty here is the modularization and API, which enables blockchain platforms to easily use a wide variety of changeable cryptographic algorithms without having to understand or interact with the underlying mathematics.
Ursa is mostly written in Rust but will have interfaces in all of the different languages that are commonly used throughout Hyperledger including Go, Python and Java. The repository for Ursa is available on GitHub .