Blockchain company Archives

Pros And Cons Of Using BaaS: A Short Guide For Business Leaders

Posted on March 24, 2023March 24, 2023 by Monica

Blockchain technology has revolutionized the way businesses store and transfer data, offering a secure and transparent way to manage transactions. However, implementing and managing a blockchain network can be daunting and costly, especially for small and medium-sized businesses (SMBs) that may not have the resources to invest in hardware and software infrastructure. BaaS providers offer a solution to this problem, providing pre-built blockchain networks, tools, and APIs that SMBs can use to build and deploy their blockchain applications quickly and easily.

Benefits Of Preferring Blockchain-as-a-Service (BaaS)

There are many benefits associated with using BaaS, some of which are –

Reduced Costs

One of the primary benefits of BaaS is cost reduction. Blockchain-as-a-Service provider offers subscription-based pricing models, which means SMBs can pay for only the resources they use. This eliminates the need for large upfront investments in hardware and software infrastructure, making blockchain technology more accessible to SMBs. For example, an SMB can use a BaaS provider like IBM Blockchain Platform, which offers a free trial and a pay-as-you-go pricing model, to develop and deploy their blockchain application without incurring high infrastructure costs.

Easy Implementation

Another benefit of BaaS is easy implementation. BaaS providers offer pre-built blockchain networks and tools, which means SMBs can quickly and easily implement their blockchain applications without having to spend time and resources on development and testing.

For example, Microsoft Azure Blockchain Workbench offers a range of pricing options, including a free trial and a pay-as-you-go pricing model, making it an affordable option for SMBs looking to implement a blockchain network without a significant investment in infrastructure.

Scalability

Blockchain-as-a-Service Providers offer scalable infrastructure that can accommodate the changing needs of SMBs as they grow. This means that SMBs can easily add or remove nodes from their network as needed without having to worry about the underlying infrastructure.

For example, Amazon Managed Blockchain offers a simple pricing model based on the number of nodes in the network, which makes it an affordable option for SMBs that require a small number of nodes initially but may need to scale in the future.

Security

BaaS providers offer built-in security measures, such as encryption and authentication, to protect blockchain networks and applications from cyber threats. This means that SMBs can focus on their core operations without having to worry about the security of their blockchain network.

For example, the IBM Blockchain Platform offers a range of tools and APIs to help SMBs build and deploy their blockchain applications securely.

Collaboration

Blockchain-as-a-Service provider provides tools and APIs that enable SMBs to collaborate and share data securely with other businesses and partners. This makes it easier for SMBs to work together and streamline their operations.

For example, Microsoft Azure Blockchain Workbench offers a range of tools and APIs to help SMBs build and deploy their blockchain applications collaboratively.

However, while BaaS Blockchain offers multiple advantages, it also includes a few cons.

Drawbacks Of Blockchain-as-a-Service (BaaS)

The pointers mentioned below will help you understand the BaaS cons.

Limited Control

When using a Blockchain-as-a-Service, SMBs rely on the provider’s infrastructure, which means they have limited control over the underlying technology. This lack of control can be a disadvantage when it comes to customization and flexibility.

Security Concerns

Blockchain technology is still relatively new and complex, and SMBs may not have the necessary expertise to ensure the security of their applications. When using a BaaS provider, SMBs must trust the provider’s security measures and protocols, which can be a risk.

Limited Scalability

Some Blockchain-as-a-Service Providers may not be able to accommodate large-scale blockchain applications or high transaction volumes. This can be a problem for SMBs that need to scale their blockchain applications quickly as their business grows.

Dependency

When using a BaaS provider, SMBs rely on the provider’s availability and uptime. Any downtime or service interruptions on the provider’s side can affect the SMB’s ability to access and use their blockchain applications.

Potential Vendor Lock-In

If an SMB relies too heavily on a BaaS provider, it may become locked into using the provider’s technology and services. This can make it difficult to switch providers or move to a self-hosted solution in the future.

Popular Blockchain-as-a-Service (BaaS) Providers

Some of the popular BaaS providers are –

1. IBM Blockchain Platform

The Platform offers a range of tools and APIs to help SMBs build and deploy their blockchain applications. It also offers a free trial and a pay-as-you-go pricing model, which makes it affordable for businesses of all sizes.

2. Microsoft Azure Blockchain Workbench

It offers a range of pricing options, including a free trial and a pay-as-you-go pricing model, making it an affordable option for SMBs. It also offers a range of tools and APIs to help SMBs build and deploy their blockchain applications.

3. Amazon Managed Blockchain

This platform offers a simple pricing model based on the number of nodes in the network, which makes it an affordable option for SMBs that require a small number of nodes initially but may need to scale in the future. It also offers a range of tools and APIs to help SMBs build and

4. Oracle Blockchain Platform

It is a cloud-based platform that offers a range of tools and APIs to help SMBs build and deploy their blockchain applications. It also offers a flexible pricing model based on usage, which means SMBs can pay for only the resources they use.

5. SAP Cloud Platform Blockchain

This is a Blockchain BaaS platform that enables SMBs to build and deploy blockchain applications using pre-built templates and tools. It also offers a flexible pricing model based on usage, which means SMBs can pay for only the resources they use.

6. Alibaba Cloud BaaS

The blockchain platform enables SMBs to build and deploy blockchain applications using pre-built templates and tools. It also offers a range of pricing options, including a free trial and a pay-as-you-go pricing model.

7. Binance Smart Chain

It is a decentralized blockchain platform that enables SMBs to build and deploy blockchain applications using pre-built tools and APIs. It offers affordable transaction fees and fast transaction times, making it an attractive option for SMBs looking to build blockchain applications on a budget.

Wrapping Up

Blockchain-as-a-Service is a cost-effective way for businesses to implement and manage blockchain-based applications. By leveraging the infrastructure and tools provided by Blockchain-as-a-Service providers, businesses can focus on developing and deploying their applications rather than managing the underlying infrastructure, but before selecting a provider, they must carefully evaluate the pros and cons of choosing a BaaS provider before making a decision.

It’s important to choose a provider that offers the right balance of affordability, security, scalability, and control to meet the SMB’s specific needs. We at Infrablok can help you choose the best BaaS solution for all your business needs. Contact us if you wish to know more about it!

Empower Your Business With The Track And Trace APIs Devised By Infrablok

Posted on February 23, 2023 by Monica

Blockchain provides security and trustworthiness, which is a must for any transaction, be that online or offline. This need increases for the transactions that involve the movement of the product(s) from one location to another, be that for shipping/logistics in business-to-consumer transactions or be that be in any supply chain for business-to-business transactions. Blockchain provides a promising solution to this with the implementation of Track and Trace systems in products.

Track and Trace systems over Blockchain allow for transparency and accountability in the supply chain, providing a secure and tamper-proof record of a product’s journey from its origin to its destination.

Track And Trace

The Track and trace software allows tracking of a product at every stage of its journey, from its origin to destination. It enables companies to track a product’s movement providing transparency and accountability. This is important for various reasons, such as complying with regulatory requirements, improving supply chain efficiency, and ensuring product safety.

Blockchain technology allows for the creation of a decentralized and immutable record of transactions. In the context of Track and Trace, a Blockchain can be used to record every step of a product’s journey, from origin to destination. Each and every transaction is recorded in a block, which is then added to the chain. This creates a transparent and tamper-proof record that can be accessed by anyone with the necessary permissions.

The use of Blockchain in Track and Trace provides several benefits; some of them are:

It creates an unalterable and transparent record of a product’s journey. This means that any attempts to tamper with the record will be detected, providing an additional layer of security to the supply chain.
It allows for tracking of a product, enabling companies to respond to any issues that may arise in transit.
It allows the creation of smart contracts that can be automatically triggered based on predefined criteria, such as delays in delivery or quality control issues.

Benefits Of Track And Trace Over Blockchain

There are several benefits of implementing Track and Trace systems over Blockchain, some of which are outlined below:

Transparency

A blockchain-based Track and Trace system provide transparency across the entire supply chain, allowing companies to monitor the movement of their products. This transparency improves accountability and ensures that everyone involved in the process is held responsible for their actions.

Security

Blockchain technology provides a secure & tamper-proof record of transactions. This means that any attempts to alter or tamper with the record will be detected, providing an additional layer of security to the supply chain.

Efficiency

Blockchain-based Track and Trace systems can improve supply chain efficiency by providing tracking of products. This allows companies to respond to any issues that may arise, such as delays in delivery or quality control issues.

Compliance

A track and trace system over a Blockchain can help companies comply with regulatory requirements by providing a transparent and tamper-proof record of their products’ journey.

Infrablok’s Track And Trace APIs

Implementing a Track and Trace system over Blockchain creates a transparent and secure record of a product’s journey. And this provides transparency and accountability across the entire process.

We have created a set of APIs at Infrablok that would help companies implement Track and Trace over the Blockchain. These APIs can be used by any organization that is –

Creating a decentralized application to have the feature of Track and Trace.
Already have a decentralized application but need to have the functionality of Track and Trace.
Working on Web2 but needs to move on to Web3.

Using our APIs, corporations could add tracking and tracing functionality to their own applications, saving around 30% of their time. Integration of these APIs with existing Blockchain products or products that require a decentralized, trustless method for tracing products is possible.

In addition, these APIs create an asset on a smart contract with a unique identifier transferred down the supply chain. In this, a trail of all actions performed on the asset and ownership is transferred to all participants.

A single unit can be packaged into a carton/container with its unique ID and then can be awarded/outwarded. Moreover, all the units in it can be transferred to the new owner simultaneously; afterward, they can be unpackaged for micro-transfers.

Infrablok APIs List

Here is the APIs list that we provide –

New Asset – This registers the product, a single unit at a time.

https://trackntrace.infrablok.com/api/asset/createAsset

New Package – This packages a list of products together into one package.

https://trackntrace.infrablok.com/api/asset/createPackage

Outward Entry – This is for outwarding the group of products or a group of packages from the product owner to the logistics provider, which involves changing ownership of all the products either provided as a single product list or packing list to the logistics provider.

https://trackntrace.infrablok.com/api/asset/createOutwardEntry

Inward Entry – The receiver provides the group of product ids or the group of package ids that are received. It involves changing ownership of all the products either provided as a sole product list or packing list to the receiver.

https://trackntrace.infrablok.com/api/asset/createInwardEntry

Product Delivery To The End User (Setting status as SOLD) – the buyer provides the group of product ids or the group of package ids that the end user received. It involves changing ownership of all the products, either provided as a sole product list to the end-user or setting the final state to SOLD.

https://trackntrace.infrablok.com/api/asset/assetSold

Depackage APackage – This process involves depackaging a package. Here assets packed within the provided package id will be unpacked again.

https://trackntrace.infrablok.com/api/asset/dePackage

Track An Asset – This process returns all the tracking details of an asset.

https://trackntrace.infrablok.com/api/asset/productTraceById

Get An Asset Detail – This process gives details about an asset.

https://trackntrace.infrablok.com/api/asset/getAssetDetailsById

Check If An Asset Exists For A User – This process checks if an asset exists for the provided user address and returns “true” or “false” in response to the call.

https://trackntrace.infrablok.com/api/asset/assetExistsByUserAddress

Get All Asset ids – This process returns asset ids already registered on the Blockchain

https://trackntrace.infrablok.com/api/asset/getAllAssets

Some or all these APIs can be used as per the requirement of the decentralized application being created. The smart contracts for these APIs have been deployed on the Goerli Testnet for users to test and interact with the API’s functionality.

In order to have upgraded options like customized smart contracts or deploying smart contracts on a Blockchain of the user’s choice are also provided. To know about our product and know how to use it, visit HERE.

How To Perform Smart Contracts Auditing?

Posted on February 10, 2023February 10, 2023 by Monica

Blockchain is a secure, reliable, immutable network that provides its users with a lot of trusts despite being trustless. This trust comes in through various conditions that are put over a blockchain in a tamper-proof, decentralized platform in the form of smart contracts. These smart contracts are self-executing computer programs that automatically execute the terms of an agreement when certain conditions are met. These conditions are the terms of an agreement between the two participating parties written in the form of code in the smart contract. For example, contracts for releasing finances when certain preset conditions are met or managing supply chain logistics, voting, etc.

As smart contracts are codes deployed on the blockchain, it becomes necessary to check them thoroughly before deploying them over the blockchain. Once deployed, they become immutable, which means any vulnerability left unchecked in the smart contract might compromise the security & reliability of the whole system. This thorough checking of vulnerabilities is done through auditing.

The DAO Hack

The DAO hack is a famous example to understand the extent of loss one might have to bear if smart contracts are not audited properly. In 2016, a vulnerability in the smart contract deployed by DAO was found by a hacker. The vulnerability resulted from a combination of factors, including a lack of proper error handling and insufficient testing. Specifically, it allowed an attacker to repeatedly withdraw the same funds multiple times before the funds were properly transferred and recorded on the blockchain allowing the malicious attacker to drain approximately 3.6 million ETH (worth around $50 million at that time) from the organization’s funds.

This vulnerability was due to a programming error in the smart contract code, which allowed the attacker to take advantage of a race condition and execute the malicious code before the smart contract had a chance to update its internal state.

It’s worth noting that this vulnerability was not widely understood or anticipated at the time, and it took the Ethereum community by surprise, resulting in a hard fork of Ethereum and dividing the Ethereum blockchain into Ethereum Classic (ETC) and Ethereum (ETH). Thus, the DAO hack serves as a cautionary tale & a reminder of the importance of thoroughly auditing and testing smart contract code before deploying it on the blockchain.

Steps For Auditing Smart Contract

Auditing helps ensure that the smart contract is functioning as intended and meets the users’ requirements. The auditing process involves thoroughly examining the code, its logic, and the underlying business requirements. It helps identify potential issues or areas for improvement and ensures that the smart contract will function as expected.

This auditing follows a two-step approach: the first is to conduct an audit using automated tools, and the second is to get smart contracts audited manually through a certified auditor.

Automated Audit

Automated audits are done with the help of automated tools (free or paid) available online. Some of the freely available tools that can be used to perform automated audits are as follows –

1. Mythril

It is an open-source security analysis tool that uses concolic analysis, taint analysis, & control flow checking to detect various security vulnerabilities in Ethereum smart contracts. To use Mythril, install the tool on the computer & run the following command in the terminal to analyze a smart contract:

myth analyze <contract-file>

For example, if a smart contract is saved in a file named MyContract.sol, then run the following command:

myth analyze MyContract.sol

Mythril will then analyze the code and produce a report that lists any potential vulnerabilities it identified. More details on Mythril can be found at https://mythril-classic.readthedocs.io/

2. Remix

It is a web-based Integrated Development Environment (IDE) for writing, testing, and deploying smart contracts. To audit smart contracts in Remix, activate the MythX plugin and sign in. After signing in, compile the code in the Remix editor and click the “Analysis” button. It will analyze code & produce a report that lists any potential vulnerabilities identified & suggestions for fixing them.

3. Solhint

It is a linter for Solidity, the programming language used to write smart contracts on the Ethereum blockchain. To use Solhint, install the tool on the computer. Thereafter, run the following command in the terminal to analyze a smart contract:

solhint <contract-file>

For example, if a smart contract is saved with a file named MyContract.sol, run the following command:

solhint MyContract.sol

Solhint will then analyze the code and produce a report of identified issues, such as potential security risks, coding style violations, and missing documentation.

These are just a few examples of how some of the free smart contract auditing tools can be used. However, these tools can be useful in identifying potential security risks and vulnerabilities in smart contracts. But these tools should not be used alone for auditing. A thorough security audit should also include manual auditing.

Manual Audit

Following are some steps that are taken to conduct a manual audit on smart contracts to ensure the security & functionality of the code –

1. Code Review

The first step in auditing a smart contract is thoroughly reviewing the code. The auditor examines the code line by line, looking for any potential vulnerabilities or security risks. They also check that the code adheres to best practices and industry standards. It includes checking for common security pitfalls such as reentrancy, overflow/underflow, and integer rounding errors.

2. Test Suite Review

The auditor also reviews the test suite to ensure it covers all possible scenarios and edge cases. They verify that the test suite is comprehensive and includes tests for potential security risks.

3. Testing and Deployment

The auditor deploys the smart contract on a test network & runs a series of tests to check vulnerabilities or security risks. They also check that the smart contract functions as expected and meets the requirements outlined in the code. It may involve using automated tools, such as fuzz testers, to stress-test the code and identify any weaknesses.

4. Security Analysis

The auditor performs a smart contract security analysis to identify potential risks, such as exploits, unauthorized access, or data leaks. It may involve running security scans and penetration testing to identify potential vulnerabilities.

5. Report Generation

The auditor generates a report summarizing their findings and recommendations after the audit. This report provides a clear picture of the security & functionality of the smart contract and outlines necessary modifications or fixes issues.

After following all the steps above, one needs to remember that auditing is an ongoing process, as the code and the underlying blockchain technology keep evolving. Thus, regular security reviews and updates become necessary to maintain the security & functionality of the smart contract.

Ending Note

Auditing smart contracts is a critical step in ensuring the security and functionality of decentralized applications. A comprehensive audit can help to identify potential vulnerabilities & security risks and help to ensure the successful deployment and operation of the smart contract on the blockchain.

As a result, it is critical to identify & address any potential security vulnerabilities or bugs before deployment, as they cannot be fixed afterward. Additionally, auditing helps to increase the overall trust and confidence in the smart contract and the platform it operates on. It provides assurance to users that the contract is secure and meets the necessary standards for quality and reliability. So, if you are looking forward to auditing your smart contracts, get in touch with a reliable Blockchain development company (Infrablok). It will help you perform smart contract auditing in a secure and efficient manner.

Create Decentralized Identifiers And Verifiable Credentials With Veramo Framework

Posted on February 3, 2023February 3, 2023 by Ashwini Singh

Decentralized Identifiers (DIDs) and Verifiable Credentials have gained significant momentum in recent times due to their potential to revolutionize the way we manage and share our personal information online.

In this article, know how to create DIDs and Verifiable Credentials using the Veramo Framework.

What Is Veramo Framework?

Veramo is an open-source JavaScript framework that provides a simple and easy-to-use SDK for creating and managing DIDs and Verifiable Credentials. It is built on top of the Interledger Protocol (ILP) and supports various blockchain platforms, including Ethereum, Bitcoin, and more.

Veramo, collaborate with the W3C and the DIF to ensure compatibility with a multitude of projects and initiatives in the decentralized identity space. Veramo provides flexibility in designing your agent by offering core plugins for various components such as DID Methods, Messaging Protocols, Storage, Key Management, Authentication, and more.

With Veramo, developers can easily implement DIDs and Verifiable Credentials in their applications, enabling them to build more secure and privacy-respecting systems.

Veramo Key Concepts

Veramo is a decentralized identity framework that focuses on various key concepts that are:

1. Verifiable Data

Verifiable data refers to information that can be verified as true and accurate by a trusted party. Additionally, one can obtain this by using Verifiable Credentials, which are signed digital documents that prove claims about individuals.

A Verifiable Credential in Veramo is a digitally signed and encrypted piece of information that serves as proof of an identity attribute or a claim made about an individual. The signature and encryption are used to ensure the integrity and confidentiality of the information, and the fact that a trusted third party verifies the information provides a high level of trust in its accuracy and authenticity.

Here is an example of a Verifiable Credential in Veramo using JSON-LD format. In this example, the verifiable credential attests bachelor’s degree for a subject using a DID of did:example:ebfeb1f712ebc6f1c276e12ec21. The proof is signed by the issuer using the EcdsaSecp256k1Signature2019 signature type.

{ 

    "@context": [ 

        "https://www.w3.org/2018/credentials/v1", 

        "https://www.w3.org/2018/credentials/examples/v1" 

    ], 

    "id": "https://example.com/credentials/3732", 

    "type": [ 

        "VerifiableCredential", 

        "UniversityDegreeCredential" 

    ], 

    "issuer": "did:example:ebfeb1f712ebc6f1c276e12ec21", 

    "issuanceDate": "2010-01-01T19:23:24Z", 

    "credentialSubject": { 

        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", 

        "degree": { 

            "type": "BachelorDegree", 

            "name": "Bachelor of Science and Arts" 

        } 

    }, 

    "proof": { 

        "type": "EcdsaSecp256k1Signature2019", 

        "created": "2022-07-01T19:23:24Z", 

        "proofPurpose": "assertionMethod", 

        "verificationMethod": "did:example:12q3vfrt8q9we8rqw0efrq0wqe", 

        "signatureValue": "base64(hF+...)" 

    } 

}

2. Decentralized Identifier

A Decentralized Identifier (DID) is a unique identifier used to refer to a subject in a decentralized system, such as a blockchain or a distributed ledger. In the context of Veramo, a DID can be used to identify a subject of a verifiable credential, such as an individual, an organization, or a device.

DIDs are designed to be self-sovereign, meaning that the subject has control over its own identifier and can manage the associated data without needing a centralized authority. It provides a privacy-preserving and secure way to represent entities with verifiable credentials. Moreover, the DID can be used to ensure that the right data is being shared with the right recipient.

In Veramo, a DID is like a string that starts with the prefix did:, followed by the identifier of the decentralized system where the DID is registered.

Currently, Veramo core supported methods are ether, web, and key.

For example, a DID could look like this: did:ether:ebfeb1f712ebc6f1c276e12ec21.

3. Signing & Key Management

Veramo provides tools and plugins for signing and managing keys associated with DIDs. This includes key management plugins for creating, storing, and retrieving private keys, as well as signing plugins for signing Verifiable Credentials.

4. Plugins

Veramo provides a range of core plugins for DID Methods, Messaging Protocols, Storage, Key Management, Authentication, and more. Developers can use these plugins to design their agents as they see fit.

You can find a complete list of Vermao plugins here.

5. Agents

An agent is a piece of software that acts on behalf of an individual in the decentralized identity ecosystem. Veramo provides tools and plugins to build agents that can create and manage DIDs and Verifiable Credentials.

The Veramo Agent is responsible for performing various tasks, such as:

Creating identifiers
Resolving identifiers
Issuing credentials
Revoking credentials
Exchanging credentials

Additionally, the Veramo Agent acts as a central hub, providing a common interface for developers to expand its functionality by using plugins. When instantiated, the Veramo Agent manages both core and custom plugins and orchestrates the core event system.

6. Selective Disclosure Request (SDR)

A Selective Disclosure Request is a feature in the Veramo framework that allows an individual or organization to selectively disclose specific pieces of information from their digital identity. It allows them to control the amount of personal information they share with other parties while maintaining privacy. The Veramo framework uses cryptographic techniques to securely store and share this information, ensuring that only authorized parties can access it.

Steps To Create A DID & Verifiable Credential Using Veramo CLI

Following the below-mentioned steps, you can form a DID and Verifiable Credential using Veramo CLI.

#1 Step: Install Veramo CLI

The first step is to install the Veramo CLI by running the following command in your terminal:

npm i @veramo/cli -g

#2 Step: Create Configuration File

You can create a configuration file in the current folder by running the following:

veramo config create

#3 Step: Create A DID

To create a DID, run the following command:

veramo did create

This command will create a DID and store the keys in a local database.

#4 Step: Resolve A DID

To resolve a DID, use the following command with the identifier of the DID you want to resolve, such as

did:ethr:0xf3abebb0d4f5d7e08c2557772f9ce8692a795ab8.

veramo did resolve your_did_identifier

#5 Step: Create A Verifiable Credential

To create a Verifiable Credential, run the following command:

veramo credential create

Conclusion

In this article, one can learn how to create DIDs and Verifiable Credentials using the Veramo Framework using CLI. The Veramo Framework provides a simple and easy-to-use API for creating and managing DIDs and Verifiable Credentials, making it an excellent choice for developers who are new to the space.

The Veramo framework can be implemented in projects using CLI or SDKs in various languages, including NodeJS, ReactJS, and React Native; you can choose the option that best suits your project requirements.

If you are planning to develop such projects, connect with Infrablok. Our technicians are proficient in Node.js, React.js, and React Native and can assist in developing a DID project using the Veramo framework.

Exploring The World Of Hyperledger Indy By Building A DID Solution

Posted on January 27, 2023January 27, 2023 by Ashwini Singh

Hyperledger Indy is an open-source framework based on distributed ledger technology for providing self-sovereign identity. It is one of the Hyperledger projects hosted by The Linux Foundation.

Indy provides a framework for creating and managing digital identities that are verifiable, private, and portable. Allowing individuals and organizations to create, manage, and store their own digital identities and provide tools for verifying the authenticity of these identities.

It is designed to be a foundation for developing various identity-related applications, such as digital identity verification, secure sharing of personal information, and digital signing. It is also suitable for use cases such as providing secure access to online services, creating digital identities for IoT devices, and enabling secure communication between organizations.

Indy is built using a modular architecture, which allows developers to add new features and functionality and customize the platform to meet their specific needs.

In summary, Hyperledger Indy offers a distributed ledger technology that allows individuals and organizations to create, manage, and store their own digital identities securely and independently. Its flexible and modular architecture allows developers to add new features, customize them to their specific needs, and build various identity-related applications.

Hyperledger Indy’s Key Features

Hyperledger Indy has several key features that make it well-suited for use cases related to digital identity management:

1. Self-Sovereign Identity

Hyperledger Indy provides individuals and organizations with the ability to create, manage and control their own digital identities without the need for a centralized authority.

2. Decentralized & Distributed

Indy uses a decentralized and distributed ledger technology, which ensures that digital identities are tamper-proof and transparently managed.

3. Verifiable & Private

Indy allows for the creation of digital identities that are verifiable, private, and portable. It uses digital signatures to verify the authenticity of identities and encrypts personal information to protect privacy.

4. Interoperable

It is designed to be interoperable with other identity systems and can be integrated with other technologies, such as biometrics and blockchain.

5. Modular Architecture

Indy’s modular architecture allows developers to add new features and functionality to the platform and customize it to meet their specific needs.

6. Scalable

It can handle a high volume of transactions and many digital identities, making it suitable for large-scale use cases such as providing digital identities for IoT devices.

7. Compliance

Hyperledger Indy’s design allows for compliance with various regulations and standards, such as GDPR, HIPAA, and others.

8. Identity Verification

Indy provides a framework for creating and managing digital identities that are verifiable, private, and portable. It allows individuals and organizations to create, manage and store their own digital identities and provides tools for verifying the authenticity of these identities.

9. Secure Access To Online Services

Hyperledger Indy enables secure access to online services with the use of digital identities.

Hyperledger Indy Benefits

Here view a few crucial user-centric features of Hyper Hyperledger Indy:

The Hyperledger Indy Projects

It is composed of several projects that work together to provide a platform for self-sovereign identity management. These projects include:

Indy Node: The core component of Hyperledger Indy, responsible for maintaining the distributed ledger and providing a RESTful API for interacting with the ledger.
Indy SDK: A software development kit that provides libraries and tools for building applications that interact with Hyperledger Indy.
Indy CLI: A command-line interface for interacting with the Hyperledger Indy platform.
Indy Plenum: A Byzantine Fault Tolerant (BFT) consensus algorithm for the Hyperledger Indy platform.
Indy Agent: A software agent that can act on behalf of a digital identity and perform actions such as creating and managing digital credentials.
Indy Wallet: A client-side library for managing digital identities and digital credentials in a secure and user-friendly way.
Indy Credx: A library for creating and managing digital credentials that can be used to prove attributes of a digital identity.
Indy Anoncreds: A library for creating and managing anonymous credentials that can be used to prove attributes of a digital identity without revealing the identity itself.
Indy Ledger: A library for creating and managing a distributed ledger, which is the backbone of the Hyperledger Indy platform.
Indy Config: A library for configuring and customizing the Hyperledger Indy platform for different use cases and deployment scenarios.

Together, these projects provide the necessary tools and functionality for creating, managing, and verifying digital identities on a decentralized and distributed ledger, as well as building various identity-related applications.

8 Simple Steps To Create DID Using Hyperledger Indy CLI

Here is a step-by-step guide to creating a Decentralized Identifier (DID) using the Hyperledger Indy CLI:

Step 1

Instal a version of libindy that’s built, installed, and callable in the system path. For building and installing libindy follow the instruction here.

Step 2

Run the Indy pool on your system. To run an Indy pool, follow the instruction in a given document.

Step 3

Start the CLI by running the command “indy-cli” in the terminal.

Step 4

Create a new wallet by running the command “wallet create” and by providing a name and passphrase for the wallet while entering the command.

wallet create   your_wallet_name  -key

Here are the options available when creating a new wallet with the Hyperledger Indy CLI:

name - Identifier of the wallet 

key - (leave empty for deferred input) Key or passphrase used for wallet key derivation. 

            Look at the key_derivation_method param for information about supported key derivation methods. 

key_derivation_method - (optional) Algorithm to use for wallet key derivation. One of: 

                                    argon2m - derive secured wallet key (used by default) 

                                    argon2i - derive secured wallet key (less secure but faster) 

                                    raw - raw wallet key provided (skip derivation) 

storage_type - (optional) Type of the wallet storage. 

storage_config - (optional) The list of key:value pairs defined by storage type. 

storage_credentials - (optional) The list of key:value pairs defined by storage type.

Examples:

wallet create your_wallet_name  key

wallet create your_wallet_name key storage_type=default

wallet create your_wallet_name  key storage_type=default storage_config={"key1":"value1","key2":"value2"}

Step 5

Open the wallet by running the command “wallet open” and by providing the wallet name and passphrase.

wallet open your_wallet_name key

Step 6

Create a new DID (Decentralized Identifier) by running the command “did new” and providing a seed (a string of random characters) for the DID. The seed is used to generate the private key for the DID.

didnew [did=<did-value>] [seed[=<seed-value>]] [method=<method-value>] [metadata=<metadata-value>]

Here are the options available when creating a new DID with the Hyperledger Indy CLI:

did – (optional) Known DID for new wallet instance
seed – (oponal) (leave empty for deferred input) Seed for creating DID key-pair (UTF-8, base64 or hex)
method – (optional) Method name to create fully qualified DID
metadata – (otiptional) DID metadata

Examples:

did new did=VsKV7grR1BUE29mG2Fm2kX 

did new did=VsKV7grR1BUE29mG2Fm2kX method=indy 

did new did=VsKV7grR1BUE29mG2Fm2kX seed=00000000000000000000000000000My1 

did new seed=00000000000000000000000000000My1 metadata=did_metadata

Step 7

Verify that the DID was created and stored by running the command “did list” which should show the newly created DID in the list of identities stored in the wallet.

Step 8

Use the DID to sign and verify messages or to encrypt and decrypt data by using the corresponding commands.

Hyperledger Indy Use Cases

Wrapping Up

In conclusion, creating a Hyperledger Indy DID use the command-line interface (CLI) is a straightforward process that involves installing the Indy CLI, creating a new wallet, generating a new DID, and storing the DID in the wallet. By following the steps outlined in this blog post, developers can quickly and easily create a new digital identity using Hyperledger Indy. This is just the beginning of what Hyperledger Indy can do.

The possibilities are endless as it can be integrated with other technologies (NodeJS, .NET, and Python) to create robust and secure decentralized applications. Hyperledger Indy is a powerful tool for building decentralized identity systems and is well-suited for a wide range of use cases, from enterprise and government applications to personal identity management; if you are planning to develop such projects, connect with Infrablok. It will help you get experts who can help you design apps from scratch.

Short Guide To Decentralized Identity System

Posted on January 19, 2023January 19, 2023 by Ashwini Singh

Decentralized Identity (DID) systems are a new approach to identity management that seeks to give individuals and organizations more control over their own digital identity. DID systems are based on the concept of self-sovereign identity, which means that the individual or organization is in charge of their own identity rather than relying on a centralized authority (such as a government or large corporation) to issue and manage their identity.

Benefits Of A Decentralized Identity System

There are several key benefits of a Decentralized Identity System, some of which are:

Increased Control & Privacy: In a decentralized identity system, the individual or organization is in control of its own identity and can choose what information is shared and with whom. It can help to protect privacy and prevent identity theft.

Interoperability: DID systems are designed to be interoperable, meaning that they can work with different decentralized platforms and technologies. This makes it easier for individuals and organizations to use their digital identities across various applications and services.

Decentralization: DID systems are decentralized, meaning that any organization or person does not control them. It can help prevent censorship and ensure the system is more resilient and secure.

Introducing decentralized identity systems to individuals and organizations can help offer increased control and privacy, interoperability, and decentralization. Moreover, it provides examples of how DID systems can be used in real-world scenarios, such as logging into websites or accessing medical records.

How Does A Decentralized Identity System Work?

A Decentralized Identity System includes the following main elements:

Blockchain

A Decentralized Database shared among computers in the blockchain network records information in such a way that it makes it very difficult to change, hack, or cheat the system.

Decentralized Identity Wallet

A DID is a digital wallet that manages DIDs and the private keys associated with them. It allows the owner of the DID to sign digital documents or transactions and access services or applications that require DID authentication.

To use a DID wallet, the owner of the DID will typically need to install a DID wallet application on their device. They can then use this application to create a new DID or import an existing one. Once the DID is brought into the wallet, the owner can sign transactions or access services that require DID authentication.

In addition to storing a DID and its associated private key, a DID wallet can store other cryptographic keys or credentials. It can be useful for managing access to multiple services or applications that require DID authentication.

Overall, DID wallets play a central role in the functioning of a DID system. They allow individuals and organizations to manage and use their DIDs to authenticate their identity online and provide a secure way to store and access the private key associated with a DID.

Decentralized Identifiers

Decentralized Identifiers (DIDs) are new identifiers that allow individuals and corporations to take control of their online identities. They are decentralized, meaning that any single entity, such as a government or corporation, does not control them. In contrast, distributed ledgers like Blockchains can be used to verify identity securely and transparently.

One of the key benefits of DIDs is that they allow individuals to have more control over their personal information and how it is used. For example, if you have a DID, you can choose which organizations or individuals can access your personal information and revoke access at any time. It can assist in reducing the risk of identity theft and protect your privacy.

Overall, DIDs are a promising technology that has the prospect of revolutionizing the way we assume about and manage online identity.

Decentralized Identifier (DID) Key Component

There are several key components of a Decentralized Identifier (DID):

DID Document: It contains information about the DID, including the methods that can be used to authenticate the DID and the associated services.
DID Method: This is a set of rules that define how a DID can be used and how it is stored on a distributed ledger.
DID URI: It is a unique identifier that is associated with a DID and is used to look up the DID Document.
DID Controller: This entity controls the DID and has the authority to update the DID Document.
DID Subject: This is the entity with which the DID is associated, such as an individual or organization.
Service Endpoint: This URL can access a service associated with the DID, such as a messaging or a payment service.

Overall, these components work together to create a decentralized system for managing identity that is secure and transparent and gives individuals and organizations more control over their personal information.

Verifiable Credential (VC)

Digital, cryptographically secured versions of the paper and digital credentials that individuals can represent to organizations needing them for verification. These are the main parties in the VC system:

Holder: A user who receives a Verifiable Credential after creating a decentralized identifier with a digital wallet app.
Issuer: The association signs a Verifiable Credential with their private key and issues it to the holder.
Verifier: A party that checks the credentials and can read the issuer’s public DID on the blockchain to verify if the Verifiable Credential the holder shared was signed by the issuer’s DID.

Know How Centralized Identity System Flow Works with DID & Verifiable Credential?

Here is an example of how a centralized Identity system flow Works with DID and Verifiable credentials:

1. Issuance

A subject (e.g., an individual) requests a verifiable credential from an issuer (e.g., a government agency). The issuer verifies the claims made by the subject and issues the verifiable credential, a digital record containing the claims, and a digital signature from the issuer.

2. Storage

The subject stores the verifiable credential in a decentralized identity wallet, a secure digital repository for storing and managing decentralized identifiers and verifiable credentials. The subject’s decentralized identifier, a self-owned identifier that is unique and cryptographically verifiable, is use to identify & authenticate the wallet of the subject.

3. Presentation

The subject presents the verifiable credential to a verifier (e.g., a service provider) as proof of a specific claim (e.g., age, employment status). The verifier can verify the verifiable credential’s authenticity by checking the issuer’s digital signature and the subject’s decentralized identifier.

4. Verification

If the verifier trusts the issuer and the subject’s decentralized identifier, it can accept the verifiable credential as evidence and grant the subject access to a service or other benefit. Additionally, if the verifier does not trust the issuer or the subject’s decentralized identifier, it can request additional evidence or information from the subject.

DID Protocols and Frameworks

Several decentralized identity protocols have been developed to enable the creation and management of DIDs. Some of the most widely used DID protocols include:

World Wide Web Consortium’s (W3C) DID Specification: This is the primary standard for DIDs, and it defines a common syntax and structure for DID records, as well as a set of standard methods that can be used to create, update, and deactivate DIDs.

Hyperledger Indy: This is an open-source framework for building decentralized identity applications. It includes a set of modular components that one can use to create and manage DIDs on various blockchains.

Hyperledger Indy is a permissioned blockchain, meaning only authorized participants can access the network. Moreover, it can provide better privacy protection for identity information than public blockchains, where data is visible to anyone.

Veramo: It is a JavaScript (JS) framework that makes it easy for anyone to employ cryptographically verifiable data in their applications. Developers can use DIDs, verifiable credentials, and data-centric protocols to provide next-generation features to their users.

Overall, DID protocols provide a set of rules and standards that are used to create, manage, and use DIDs in a decentralized manner.

Wrapping Up

With decentralized identity technology, many problems caused by centralized and federated identity management systems can be solved, including certificate fraud, slow and expensive verification processes, and data breaches.

Moreover, you can connect with a reliable Blockchain company like Infrablok to get tools and infrastructure for creating DIDs on the permissioned and permissionless blockchains using Veramo and Hyperledger Indy.

Public Blockchain vs Private Blockchain: Which Platform Is Better?

Posted on January 9, 2023 by Samita Tiwari

Blockchain technology started becoming popular in 2009 with the release of its first cryptocurrency, Bitcoin. Moreover, five years ago, when a burgeoning open-source community began producing complete enterprise platforms, including the programmable blockchain, Ethereum, Blockchain hit the market up to the next level. At this point, enterprises started thinking of adopting this technology, and along with this, the demand for hiring a leading Blockchain development company rose.

Since the inception of blockchain technology, public and private blockchains have been debated. It’s actually very important to understand the big differences between these two when working in an enterprise environment.

Public and Private Blockchain plays a huge role in companies looking for the perfect Blockchain-based solutions, so let’s move further to know which one will be perfect for your enterprise – Public vs. Private Blockchain.

What is Public Blockchain?

A Public Blockchain network is permissionless, which means anyone can use it without getting any sort of permission. Ethereum is one of the best examples of a Public Blockchain. Moreover, if you completely want a decentralized network system, then Public Blockchain is the best option.

The public blockchain network was the very first Blockchain type in the revolution, and its best part is that it ensures that all the participants have similar rights no matter what the condition is.

However, the integration of a public blockchain network into an enterprise blockchain process may be a bit problematic.

Public Blockchain Core Features

The below-stated features make Public Blockchain an outstanding platform.

High Security

Most companies and other sites face issues related to hacking or data threats, and this is the reason each corporation wants to design a completely secure platform using Public Blockchain.

Utilizing the security protocols of Public Blockchain, anyone easily stops hacking problems. Moreover, you can ensure better quality for any project.

Open Environment

The term, Public itself defines that the network is open to each and everyone, so it doesn’t matter where you belong or from where you are using the network you can access the same without taking any permission.

One can get multiple benefits from Blockchain technology and can also use it for secure transactions.

Anonymous Nature

It is one of the most loved Public Blockchain features. As we all know, the great thing about this network is that it is open to all, but another good thing is that no one can identify who is using the network; this means if you are using the Public blockchain, then you will be shown as an anonymous user. Moreover, no one can see your details and identity; every piece of information will stay hidden.

But people use it for illegal reasons also. Many criminals on the dark web usually use Bitcoin for illegal activities, and this is the biggest con of using Public Blockchain.

No Regulations

Public Blockchain mainly does not have regulations that nodes require to follow. So, there is no limit to how one can benefit from this platform. But the major issue is that corporations cannot work in a non-regulated environment.

What Is Private Blockchain?

A Private Blockchain is a permissioned network which means it is not open to all. It can be just used by a single association that has authority over the network. All the private Blockchain solutions include some sort of authorization scheme to determine who is accessing the platform.

Most of the time, for the internal networking system of the company, Private Blockchain solutions are adopted. Moreover, in this decentralized platform, you’ll get regulations that other platforms do not offer.

Small to large enterprises prefer using Private Blockchain as it offers high-level security, and using it; no other competitor can enter the platform and leak valuable information.

Private Blockchain Core Features

The features which are explained below make Private Blockchain one of the perfect platforms.

High Efficiency

On Private Blockchain network load is lesser in comparison with Public Blockchain, and this is because specific people who have access can use it.

Moreover, when more people try using various features of the Public Blockchain, its speed gets hampered, but in the Private Blockchain, the speed issue doesn’t exist.

Full Privacy

If I talk about a high privacy level, then Private Blockchain is more reliable than Public Blockchain. Usually, most enterprises deal with issues related to sensitive information as it gets leaked, then the massive loss can occur.

So, it’s necessary for firms to use a network that can completely secure the company and other data. And this is possible by using a Private Blockchain.

Higher Stability

Private Blockchain includes a limited number of people who can access the network, which is why it is more stable. Moreover, basically in each Blockchain platform, you need to pay a certain amount to complete a transaction. In the public platform, this amount usually gets increased due to poor speed in completing the transaction.

But if I talk about a Private Blockchain platform, the fee remains the same as in these platforms’ transaction process occurs speedily.

Empowering Enterprises

The corporation needs great technologies to secure and back up its process, which is why they usually prefer employing Private Blockchain solutions. Additionally, these solutions are mainly for the enterprise’s internal systems, which helps make secure infrastructure.

Private vs Public Blockchain: Which Blockchain Platform To Use?

The parameters described below will help you know which Blockchain platform, Public or Private Blockchain.

1. Authority

Private Blockchain is a big authority and is used by most of the small to big enterprises, but it’s not fully decentralized, but technically it is. On the other hand, the Public Blockchain platform is fully decentralized. At this point, Private Blockchain and Public Blockchain differ.

2. Access

Private Blockchain is not open to all, as it provides limited access means the corporation who requests to access the same can only use it.

Whereas a Public Blockchain network can be accessed by anyone, there are no restrictions in using it. Moreover, anyone can register on it and take part in the transaction process.

3. Transaction Cost

The transaction cost in the Public Blockchain platform can go higher, and this is because the number of nodes on the platforms slows down the performance. And this results in taking a long time to process the transaction request.

Whereas in the Private Blockchain Platform, the amount related to the transaction is very low. The reason transaction costs do not go higher is the limited resources using it, and the transaction speed is faster.

4. Consensus

In a Public Blockchain, numerous nodes are present that have no restrictions in joining the consensus process, which is why it is free to participate in the process.

Private Blockchain decides who can join the consensus, resulting in limited node participation.

5. Data Handling

Well, in the Public Blockchain, everyone can read and write the ledger, but once the information is saved into the ledger, it can’t be changed nor edited.

Whereas in a Private Blockchain, a single corporation can participate and only add and read the information on the ledger. Moreover, they have the authority to delete a ledger.

So, in the race of Private Blockchain vs. Public Blockchain here, Private Blockchain is the winner.

Public Blockchain vs Private Blockchain: Comparison

Conclusion

In the race of Public Blockchain vs. Private Blockchain, it’s difficult to say which one is better as both have their own pros and cons and are suitable for different sorts of tasks. So, picking the right platform totally depends on the enterprise’s project’s requirements.

Additionally, if you wish to effectively use a Public or Private Blockchain platform, it is very crucial to seek advice from a Blockchain expert working in a leading Blockchain development company (Infrablok). By doing so, you will be able to get the right direction of using a suitable platform for your business project.

How To Implement Web3 Login With MetaMask Using NodeJS & ReactJS?

Posted on January 6, 2023January 6, 2023 by Ashwini Singh

Whenever we look up any service over the internet, it requires us to authenticate ourselves as valid users. To prove one is a valid user, he or she needs to sign up for that service using email/password or other social login strategies, which then stores the user’s Web3 login details at that company’s respective server. It means a centralized location on web2.0 that hosts such servers contains our personal information, thus, making user data privacy a primary concern.

On the contrary, Blockchain or Web3.0 provides us with decentralized access, which means nobody has access to any personal information of the user, therefore, mitigating the risk of user privacy and making users the owner of their own information. To authenticate users over Blockchain wallets like Metamask, methods like public key encryption are used, thus, making it a safe & secure platform for accessing services over the internet.

So, let’s begin and know how to execute Web3 login with MetaMask using NodeJS & ReactJS.

How Does User Authentication System Work In Web3 While Using MetaMask?

The concept of a user authentication system with web3 using MetaMask is as follows:

1. The backend provides a random message for the user to sign in with his or her private key in the MetaMask wallet. The signed message is then returned to the backend, together with the user’s public Ethereum address.
2. The backend uses its inbuilt cryptographic methods to check if the message was signed with the same private key to which the public address belongs. If the signed message and public address belong to the same private key, it means that the user who is trying to log in is the owner of the account.

After the successful validation, the backend creates a JSON Web Token (JWT) and sends it to the frontend to authenticate further user requests.

Now we are going to form an authentication solution that enables a user to login with MetaMask. Their public Ethereum address will be utilized as a unique identifier, and we will employ the private key management tools that MetaMask discloses to provide a mechanism for a user to verify they own that particular address and have permission to login as that user.

Let’s Build It Together

The technology stack we are using is:

Frontend – React.js
Backend – Node.js, Express.js, PostgreSQL
MetaMask Wallet

Frontend Flow

In our frontend of ReactJS, if MetaMask is installed as a browser extension, then we can access it using window.web3. Moreover, we can get the current MetaMask account’s public address using web3.eth.coinbase.

When a user clicks the login button, frontend calls the backend API

GET /api/users?publicAddress=${publicAddress}

We can get the public address by using the following code:

<code>  

const coinbase = await web3.eth.getCoinbase();  

const publicAddress = coinbase.toLowerCase();  

 </code>

If the request of the above API call does not return any result, it means the user did not sign up, so we will call POST/users route with publicAdress params in the body, which will create the user as a new user in the database, else API will return nonce with user publicAddress which means user already exists in the database.

Once the frontend receives nonce in response to the previous API call, it executes the following code:

<code>  

web3.personal.sign(nonce, web3.eth.coinbase, callback);   

</code>

It opens MetaMask to show a confirmation popup for signing the message. This popup will display the nonce so that the user knows he or she isn’t signing something malicious data.

When the user signs the message, the callback function is called with the signed message (signature) as an argument

The frontend then makes another API call to POST /api/authentication, passing a body with both signature and publicAddress.

POST /api/authentication request will first check the user using publicAddress given in the request body in the database to fetch the associated nonce.

Using the nonce publicAddress and signature, we use a helper from eth-sig-util to extract the address from the signature once signature verification is successful.

If the address is found with sigUtil.recoverPersonalSignature matches with the initial publicAddress that is saved in the database; this API returns a JWT token that may be saved into the localStorage or cookies that can be used by frontend for further secure communication with the backend, and the user will be logged in successfully.

To prevent the user from logging in again with the same signature, update the nonce with a new random value.

Backend Flow

On the backend side, we are using ExpressJS with Sequalize for the rest endpoints.

The database layer creates a user table in PostgreSQL, and the User model defines its configuration.

<code>  

import {Model } from 'sequelize';  

 export class User extends Model {  

public id!: number;  

public nonce!: number;  

public publicAddress!: string;  

public username?: string;   

}  

</code>

Sequalize will create a user’s table as below in the database using this model configuration.

To the complete code for the backend, click here.

We have created two routes, one for auth and the second for users.

User routes have all routes for the crud operation of users, and auth routes have routes for authentication.

<code>  

import express from 'express';  

  

import { authRouter } from './auth/authRoutes';  

import { userRouter } from './users/usersRoutes';  

  

export const services = express.Router();  

  

services.use('/auth', authRouter);  

services.use('/users', userRouter);  

</code>

The important login code is inside the authcontroller & that we are explaining here. The rest crud operation for the user model inside the code is pretty explanatory. Moreover, the authentication logic we describe here is in the code base.

<code>  

export const login = async (req: Request, res: Response, next: NextFunction) => {  

const {signature, publicAddress } = req.body;  

if (!signature || !publicAddress) {  

return res  

.status(400)  

.send ({message: 'signature and publicAddress is required'});  

  

}  

  

// Get the user with the given publicAddres  

const user = new User();  

const userExists = await User.findOne({ where: { publicAddress }});  

if (!userExists) {  

user.nonce = Math.floor(Math.random() * 10000);  

return user.save();  

}  

else {  

// if user exists then verify user signature  

const msg = `nonce: ${userExists.nonce}`;  

const msgBufferHex = bufferToHex(Buffer.from(msg, 'utf8'));  

const address = recoverPersonalSignature({  

data: msgBufferHex,  

sig: signature,  

});  

  

//match stored address with address found after verifying signature  

  

if (address.toLowerCase() === publicAddress.toLowerCase()) {  

//create jwt token  

const token = jwt.sign({  

payload: {  

id: user.id,  

publicAddress,  

},  

},  

config.secret,  

{  

algorithm: config.algorithms[0],  

})  

return res.json({ accessToken : token });  

} else {  

res.status(401).send({  

error: 'Signature verification failed',  

});  

  

}  

}  

}  

  

</code>

The frontend sends a request on the POST /auth route with parameters publicAddress and a signature in the body; it can fetch using req.body. If both parameters exist, then we move on. If it shows an error, it means a signature and publicAddress are required.

In the next step, we find the user using publicAddress; if a user does not exist in the database, we create a nonce and save the user using the user.save();

If the user exists, then set the message msg as “nonce” exactly like in the frontend with the user’s nonce.next, we pass this message and signature to the recoverPersonalSignature() method of eth-sig-util. This method will return the public address after verifying the signature.

In the next step, match the stored address with the address found. If the signature is verified, return a JWT token using the jwt sign method. Else return message signature verification failed.

Give our msg (containing the nonce) and our signature; the recoverPersonalSignature() method returns the public address used to sign the msg. If it matches the publicAddress we fetched in earlier steps from the request body, then the user who made the request successfully verified their ownership of publicAddress. We consider them authenticated users.

Ending Words

This article was a short and practical guide to quickly implement a Web3 authentication flow using MetaMask, NodeJS, ExpressJS, and ReactJS with PostgreSQL in your application. If you are facing issues related to Web3 login or its authentication or want to create a Blockchain-based project, get in touch with one of the best Blockchain development companies (Infrablok).

Moreover, if you want to see the complete code, visit at GitHub repo.

Exploring The Different Layers Of Blockchain Technology

Posted on December 29, 2022January 2, 2023 by Monica

In 2021, worldwide spending on Blockchain solutions was predicted to reach $6.6 billion. As Blockchain solutions become more prevalent in the coming years, spending is expected to reach $19 billion by 2024.

Blockchain technology is a decentralized digital ledger created with blocks that form data across a peer-to-peer (P2P) network. Once data is stored on this ledger, it becomes near unattainable to delete, modify and hack. In fact, this unique characteristic of Blockchain has inspired many to build Blockchain-based projects for their businesses.

However, before pondering how the Blockchain can be utilized in your business, you must first understand how it works. To take advantage of Blockchain technology fully, let’s examine Blockchain layers.

The Structure Of Blockchain Layered Architecture

Blockchain technology is built on a layering architecture. It is divided into various layers, where each layer serves a specific purpose. At its core, all the layers work together to provide a secure, reliable, decentralized layered network called Blockchain.

Let’s explore the various layers that make Blockchain technology work –

1. Infrastructure Or Hardware Layer

It is the first layer of the blockchain network that consists of network and data servers. It consists of data servers that securely store the data of the Blockchain. Blockchain follows peer-to-peer (P2P) network architecture where each node is connected to every other node in a network.

But this network is distributed across the globe, making it decentralized. Sharing of data is quick and easy because of this P2P architecture. It is done by following the client-server architecture approach. Thus, a distributed ledger is constructed where a node communicates with another node and is allowed to randomly check the transactional data.

When a blockchain dApp sends a request to the data server for access, it connects with the peer client in its P2P network, letting the exchange of data with each other. The transactions in this network are computed, validated, and recorded in an organized way in a shared ledger creating a distributed database.

2. Data Layer

It is the second layer of blockchain technology and is responsible for storing and organizing data on the Blockchain. It uses a linked list of blocks to arrange the transactions, and when a certain number of transactions are authenticated by nodes, the data is clubbed into a block. This block is uploaded to the Blockchain’s linked list as a new block and linked to the previous block. If it’s the first block in the list, then there can be no linkage to the previous block; in this case, it is known as the genesis block.

Each block in the Blockchain has the Merkle tree’s root hash along with the previous block’s hash, timestamp, nonce, and block version number. This information in each block guarantees the Blockchain’s security, integrity, and irrefutability. All transactions in Blockchain are digitally signed by the private key of the sender’s wallet and are known as finality.

Every transaction on the block is signed digitally with the private key from the sender’s wallet. Since this key is only available to the sender, data can’t be tampered with by anyone. This step is termed “finality”. The data is also protected by the digital signature that protects the owner’s identity, which is encrypted for security reasons.

Layers Present In Data Layer

The layers in the data layer of a Blockchain can be categorized as follows –

Data Storage Layer – This is the layer that actually stores the data on the Blockchain. It can be implemented using various distributed ledger technologies, such as a distributed hash table or a directed acyclic graph. An example of a distributed ledger technology used in Blockchain networks is the Blockchain itself, which stores transactions and blocks in a chain-like structure using cryptographic hashes to ensure the integrity and security of the data.

Data Organization Layer – This is the layer that organizes the data on the Blockchain in a way that is easy to access and retrieve. This can be accomplished using indexing systems or data structures that allow for efficient data storage and retrieval. An example of a data organization layer in a blockchain is the Merkle tree, which is a data structure that enables efficient verification of large amounts of data.

3. Network Layer

It is also known as the P2P layer or propagation layer that does inter-node communication. The transaction on the Blockchain is carried out by nodes. P2P helps nodes in a network detect other nodes to make inter-node communication easy and quick.

Moreover, it lets multiple nodes transmit transactions to settle an agreement on the transaction’s legality. It handles block generation, node detection, and block addition in the blockchain network.

4. Consensus Layer

The most vital layer out of all the layers on the Blockchain is the Consensus layer. This layer holds the major responsibility that is authenticating transactions. If this layer fails to authenticate the transaction or does not do it correctly, then the whole system will fail. It implements the protocol to validate transactions that are based on some complex mathematical formula that needs a certain number of nodes to validate that single transaction.

Thus, several nodes process every transaction when the required number of nodes reach the same conclusion and agree to its legality. Thereafter the transaction is validated, making it a decision based on the consensus mechanism, where no single node has control, therefore, maintaining the decentralized characteristic of Blockchain.

At any given time, multiple nodes are processing transactions, bundling them, & adding them to the Blockchain, which may result in the generation of several blocks at the same time resulting in a blockchain branch. But the consensus layer ensures that only a single block is added at any given time to the Blockchain and addresses all the disputes related to it, enforcing uniformity of the network.

Examples Of Consensus Algorithm

A couple of examples of consensus algorithm used in Blockchain is –

Proof of Work (PoW): This is the consensus algorithm used by the Bitcoin Blockchain. It requires nodes to solve a complex mathematical problem in order to validate new transactions and create new blocks. The first node to solve the problem gets to add the new block to the Blockchain and is rewarded with Bitcoin.
Proof of Stake (PoS): This consensus algorithm allows nodes to “stake” their tokens to validate new transactions and create new blocks. The more tokens a node stakes, the higher the chances of it being chosen to validate a new block.

5. Application Layer

It is the topmost layer of the Blockchain network stack where decentralized applications (dApps), smart contracts, etc., interact with the users via scripts, APIs, user interfaces, and frameworks. Users can perform any action at this layer, like buying or selling a cryptocurrency or NFT, tracking transactions over the network, tracking the supply chain, securely voting, etc.

Additionally, the protocols in this layer are subdivided into application and execution layers. End-users utilize the programs at the application layer to communicate with the Blockchain network. The application layer then gives instructions to the execution layer to execute the transaction, ensuring that the deterministic nature of the Blockchain is maintained.

Examples of applications built on the Application layer are cryptocurrency wallets, decentralized exchanges, and prediction markets, to name a few.

Different Layers Of Blockchain Protocols

Another way to understand Blockchain technology is by knowing the different layers of Blockchain protocols. The blockchain network comprises four layers, as follows –

Layer 0

It is a base of the Blockchain ecosystem on which the rest layers are built and is often referred to as the Blockchain itself. It consists of the network and all its components (physical infrastructure and hardware) that work together to make the blockchain function.

The solutions provided at this layer are compatible with the scaling solutions of Layer 1 and Layer 2. In addition, this layer supports the functionality of cross-chain communication or inter-chain operability. The native token of respective chains belongs to this layer.

Some examples of Layer 0 are Bitcoin, Ethereum, Polkadot, Avalanche, Cardano, Cosmos, etc.

Layer 1

It consists of the protocol or architecture that defines how the blockchain network operates. It carries out tasks like resolving disputes, consensus mechanisms like proof-of-work or proof-of-stake, protocols, and constraints.

Layer 1 can validate and finalize transactions on its own. Blockchains at Layer 1 have their own native token, known as a coin, which is used to pay transaction or gas fees. It symbolized the actual Blockchain.

Tasks that are required to be solved in this layer give rise to the Blockchain’s scalability issue. Any increase in the Blockchain means higher computational power required to solve & add blocks in the Blockchain, resulting in high fees and longer processing times.

Some examples of Layer 1 are Bitcoin, Ethereum, Binance, and Solana.

Layer 2

This layer is also known as the execution layer of the Blockchain. The increase in scalability and, thus, throughput was getting restricted in layer 1, which gave rise to layer 2. It helps in solving the scalability problems of Layer 1 to a certain extent by computing the transactions off-chain.

Moreover, it took off the heavy lifting from Layer 1 by moving those transactions off-chain, which need not be recorded on-chain. This allowed third-party or off-chain solutions on Layer 2 to be integrated with Layer 1.

As this layer sits on top of Layer 1 and exchanges information with it, it adds to the features of Layer 1.

Example – Lightning Network deployed on Bitcoin blockchain or plasma on Ethereum.

Layer 3

This is the application layer or user interface where the users interact with the Blockchain using dApps. It hosts dApps and other protocols that enable users to use other applications over Blockchain. Moreover, it aims to provide ease to the user, enabling intra and inter-chain operability.

Examples of Layer 3 decentralized applications include decentralized exchanges like Pancake swap, wallets like Coinbase, liquidity management protocols like Aave, and payment mechanisms like Tornado cash, to name a few.

Wrapping Up

Blockchain is a layer stack made up of several layers where each layer is dedicated to serving a specific purpose. From setting up of network and servers in the infrastructure layer to letting the users interact with the dApps in the Application layer, all the layers work in conjunction with each other to create a secure, decentralized, reliable network. Understanding all the layers of Blockchain can help understand its core functioning and create better dApps.

If you are interested in building feature-rich dApps for your business vertical, connect with one of the best Blockchain development companies (Infrablok). By doing so, you will get a dedicated development team who will help you form unique and business-centric dApps.

Tutorial To Connect APIs From Ethereum Smart Contracts Using Chainlink Oracles

Posted on December 22, 2022December 23, 2022 by Ashwini Singh

Since Blockchain ecosystems are decentralized, on-chain smart contracts cannot access off-chain data natively. However, Chainlink furnishes a platform for blockchain oracles, which are nodes on the network that serves as a bridge between on-chain & off-chain data. Oracles enable smart contracts to retrieve external data.

Each oracle node can be configured to perform a vast range of chores relying on the adapters it supports. Some of these adapters include HTTP POST, HTTP GET, JSON Parse, Multiply, etc.

In this blog, we will explain how one can call Aviationstack.com API from Ethereum smart contracts using Chainlink’s oracle.

4 Steps To Call Aviationstack.com API From Ethereum Smart Contracts Using Chainlink’s Oracle

Using Chainlink’s Oracles, the latest data can be retrieved by using any REST API call from a smart contract in real-time. The four simple steps stated below will help you know how to call the REST endpoint provided by Aviation Data in Solidity to get real-time flight status, i.e., scheduled, delayed, landed, etc.

Step 1: Add A Testnet To MetaMask Wallet

We will use the goerli TestNet for this example.

Open Metamask and then click on the Networks and choose Goerli test network.
In the remix, select Injected provider Metamask to connect to goerli test network.
Before starting development, add some test coins from the test faucet from here.

Also, get Link tokens from Chainlink’s test faucet.

Step 2: Find The Oracle Address For Your Chain

From https://docs.chain.link/any-api/testnet-oracles/ get the list of different test net addresses of oracles.

We are using goerli test net oracle with the address
0xcc79157eb46f5624204f47ab42b3906caa40eab7

with jobId —7d80a6386ef543a3abb52817f6707e3b

Whenever we request something through the Chainlink oracle, we request that through Chainlink jobs. Simple jobs define when, how, why, etc., that need to be done via Chainlink nodes. This job id (7d80a6386ef543a3abb52817f6707e3b) describes to the oracle that we need to return the response in a String of other jobs. It returns a response in bool, int256, unit 256, etc.

Step 3: Add The Code To Your Solidity Smart Contract

Integrate the following code into your smart contract:

//SPDX-License-Identifier: MIT 

pragma solidity ^0.8.7; 

 

import '@chainlink/contracts/src/v0.8/ChainlinkClient.sol'; 

import '@chainlink/contracts/src/v0.8/ConfirmedOwner.sol'; 

 

contract UseAviationApi is ChainlinkClient, ConfirmedOwner { 

using Chainlink for Chainlink.Request; 

string public flightStatus; 

 

bytes32 private jobId; 

uint256 private fee; 

 

event RequestFulfilled(bytes32 indexed requestId, string indexed data); 

/** 

* Goerli Testnet details: 

* Link Token: 0x326C977E6efc84E512bB9C30f76E30c160eD06FB 

* Oracle: 0xCC79157eb46F5624204f47AB42b3906cAA40eaB7 

* jobId: 7d80a6386ef543a3abb52817f6707e3b 

*/ 

constructor() ConfirmedOwner(msg.sender) { 

setChainlinkToken(0x326C977E6efc84E512bB9C30f76E30c160eD06FB); 

setChainlinkOracle(0xCC79157eb46F5624204f47AB42b3906cAA40eaB7); 

jobId = '7d80a6386ef543a3abb52817f6707e3b'; 

fee = (1 * LINK_DIVISIBILITY) / 10; // 0,1 * 10**18 (Varies by network and job) 

} 

 

/** 

* @notice Request variable bytes from the oracle 

*/ 

function requestFlightStatus() public { 

Chainlink.Request memory req = buildChainlinkRequest(jobId, address(this), this.fulfill.selector); 

req.add( 

'get', 

'http://api.aviationstack.com/v1/flights?access_key=a6656fabf7fbe4fde6e4061f5be7042a&flight_number=611&airline_name=Qantas&limit=1' //aviationstack url 

); 

req.add('path', 'data,0,flight_status'); // parse the json tree 

sendChainlinkRequest(req, fee);  

} 

 

/** 

* @notice Fulfillment function for variable bytes 

* @dev This is called by the oracle. recordChainlinkFulfillment must be used. 

*/ 

function fulfill(bytes32 requestId, string memory data) public recordChainlinkFulfillment(requestId) { 

emit RequestFulfilled(requestId, data); 

flightStatus = data; 

} 

 

/** 

* Allow withdraw of Link tokens from the contract 

*/ 

function withdrawLink() public onlyOwner { 

LinkTokenInterface link = LinkTokenInterface(chainlinkTokenAddress()); 

require(link.transfer(msg.sender, link.balanceOf(address(this))), 'Unable to transfer'); 

} 

}

Open this code in Gist

The breakdown of each component of this contract is as follows –

Constructor: Sets up the contract with the Oracle address, Job ID, and LINK fee that oracle charges for the job
requestFlightStatus function: Builds and sends a request. The request includes fulfillment functions selector – to the oracle. Notice how it adds the get, path, and parameters. These are read by the tasks in the job to perform correctly. ‘get’ is used by HTTP, and ‘path’ is used by JSON Parse.
fulfill function: This is where the result is sent upon the completion of Oracle’s Job.
WithdrawLink Function: This method is used to withdraw the user’s link token from their smart contract.

Note: The calling contract should own enough LINK to pay the fee, which by default is 0.1 LINK.

Step 4: Deploy And Test

Now choose Injected Web3 as your Environment in Remix and deploy your contract to the goerli TestNet.
Next, choose the requestFlightStatus() function, it will then pay the transaction fee, and when the transaction becomes successful, it calls the flightStatus, and the result is displayed as shown below.

Ending Words

Well, if you want to connect APIs from Ethereum smart contracts using chainlink oracles in your existing or new Blockchain-based projects, get in touch with one of the excellent Blockchain development companies (Infrablok). It will help you get a professional who can handle your project from scratch.