Crouching Tiger - on Opportunities of the Exonum Framework by Bitfury

23 March 2018


Exonum, a platform for creating corporate blockchains, is securing its positions on the Russian market. The Bitfury Group, the largest mining company outside China, is launching its office in Moscow. The main tasks of this office will be development and promotion of Exonum - an open-source software platform for creating blockchains. Aleksey Sidorov, a Rust developer from Exonum by the Bitfury Group, has explained to our reporter how the new platform functions and what advantages it offers over competitors. Aleksey, what is the Exonum platform?

Aleksey Sidorov: The Exonum platform is an open-source framework. Developers can use this framework to build their own blockchains.

Exonum has a number of features that distinguish it from other blockchain platforms.

Firstly, the Exonum platform is designed for creating private blockchains. It runs exclusively using the computing power of the validator nodes that are interested in the operation of the system and ensure its reliable functioning. The system does not require mining and does not depend on the exchange rate of any cryptocurrency.

Secondly, as a private blockchain, the system offers a high level of performance. The speed of the Exonum blockchain is tens or even thousands times faster than that of its competitors, namely 5000 transactions per second with a latency of 0.5 seconds.

Exonum also has several architectural features. First of all, the framework makes use of a Byzantine fault tolerant consensus algorithm. That is, the system continues to operate correctly even if up to a third of validator nodes are compromised or behave arbitrarily.

Secondly, the framework includes ‘Bitcoin anchoring’. It regularly sends snapshots of the system’s state, that is its hashes, to the public Bitcoin blockchain. Anchoring prevents the possibility of forging the data of the private Exonum blockchain and rolling the system back by a collusion of nodes.

The third key feature of Exonum is its Light Client which enables the end user to easily check presence and correctness of the data the user has sent to Exonum as well as the status of anchoring thereof.

Finally, Exonum uses services which are analogous to smart contracts in competitor systems. However, unlike smart contracts, Exonum services are designed to be more flexible and can be modified to meet the requirements of a particular network. What are the advantages of this platform over its analogs?

Aleksey Sidirov: Exonum enables both private companies and state authorities to implement safe blockchain solutions. The advantages of this platform directly derive from its architectural peculiarities. For example, this technology renders double-entry book-keeping in an organization impossible and protects against falsification of documents whose hashes have been committed to the blockchain. That is, a user hashes a document and stores this hash in Exonum. The user can confirm existence of this document at any point of time by requesting a confirmation from the system.

At the same time, the system withstands high load maintaining efficient performance, which is an advantage when it comes to scaling projects, in particular those which are deployed at the state level. How is the blockchain implemented in the Exonum framework?

Aleksey Sidorov: As already mentioned, the Exonum platform is a framework for developing private blockchains. The platform runs on selected known validator nodes which form a network, where each node stores a copy of the network database. Any atomic changes applied to the database appear as transactions which are combined into blocks by an agreement of nodes and form the blockchain. An example of such an operation can be introducing information on registration of a contract on a transfer of property rights.

A Byzantine fault tolerant algorithm (auth. further a BFT algorithm) is the heart of the technology. This algorithm is mathematically proven and does not require economic guarantees for the correct operation of the network participants; for example, obtaining a reward in the form of tokens, as in the case of proof-of-work and proof-of-stake algorithms and their alternatives.

To disrupt operation of a BFT-consensus-based network, an attacker needs to hack more than 1/3 of the network’s nodes. To obtain the control over such a network, an attacker needs to hack even more than 2/3 of the network’s nodes. In other words, the system is able to correctly generate and commit new blocks until the number of compromised nodes exceeds 1/3 of the total number of nodes in the network.

There is also no notion of a fork in Exonum. That is, the BFT algorithm guarantees that there are no parallel chains. If a transaction is included into a block, it will be persisted therein as long as the blockchain exists. How is such a high level of security achieved?

Aleksey Sidorov: Security is ensured by binding Exonum to the public Bitcoin blockchain. Unlike a private blockchain, a public blockchain can have an unlimited number of participants; anyone can join the network and obtain access to its database. This guarantees the authenticity of data a public blockchain contains, as well as the ability to audit this data at any point of time. Huge energy and financial resources are required to tamper with such a network.

As the number of nodes in a private blockchain is strictly defined and there is an administrator behind each node, users may distrust the honesty of the nodes’ behavior and correctness of the stored data. The hash of the Exonum database is periodically sent as a multisig transaction to the Bitcoin blockchain, that is, the so-called ‘anchoring’ is conducted to prevent administrators of the validator nodes from colluding and rewriting the blockchain and to secure the network from a mass hacking of nodes. The information committed to the Bitcoin blockchain can no longer be forged. If a private blockchain is compromised or simply rewritten from scratch, it will be evident immediately - at the same height, the hash of the ‘new’ state of the Exonum blockchain will not correspond to the one anchored in Bitcoin.

The anchoring service essentially makes a private blockchain as secure as a public one.

The high level of security is also supported by storing data in Merkle trees. This storage format allows a user to receive proofs of existence of any data in the blockchain, including information on the existence of the anchored data in the Bitcoin blockchain. What guarantees the security of the platform?

Aleksey Sidorov: Data security is ensured by the BFT consensus algorithm. At each given height ‘H’ of the blockchain, the process of reaching a consensus can take several rounds. Roughly speaking, the consensus algorithm cycle for committing a new block to the blockchain has two stages. During the first stage, each round a leader node is chosen by a separate algorithm for selecting the leader nodes. The leader node suggests a block (‘proposal’) and broadcasts it to all the nodes in the network. Validators vote for the proposal by broadcasting messages of the ‘prevote’ type. A ‘prevote’ message means that the validator has studied all the transactions inside the proposal and that the proposal does not contain transactions unknown to the validator.

During the second stage, once the validator has received ‘prevote’ messages from more than 2/3 of all the validators in the network, it executes the transactions specified in the proposal and broadcasts a message of the ‘precommit’ type to all other validators. ‘Precommit’ messages contain the result of executing proposed transactions in the form of the hash of the network’s new state (state hash). Said message confirms that its sender is ready to commit the new block to the blockchain but needs to obtain the consent of the majority of other validators in the network. Finally, the new block is committed to the blockchain if the validator receives more than 2/3 ‘precommit’ messages which contain the same state hash calculated from the same proposal. How is registration of transactions implemented from the technical point of view?

Aleksey Sidorov: A new transaction gets into the so-called pool of unconfirmed transactions (memory pool), with the user receiving the hash of the contents of such a transaction. As soon as the transaction is included into the next new block, its hash is saved in the database. It will be impossible to re-execute a transaction with the identical hash in the future. This approach guarantees that, for example, if a transaction transferring funds is intercepted by an attacker, he will not be able to run it repeatedly to, eventually, withdraw all funds from the sender’s wallet. The Exonum platform is written in Rust. What has determined the choice of this programming language?

Aleksey Sidorov: Firstly, Rust is one of the most secure programming languages. At the same time, Rust is a more universal tool in many aspects as compared to Java, C and C++.

Secondly, Rust offers a large amount of utilities. It’s a very convenient package manager, which allows easy launch of any required library.

Thirdly, Rust offers rich code generation capabilities, of which we are actively taking advantage. At the same time, we have no need to apply external utilities.

Rust protects us against many programming errors. For example, from the data race, when several threads try to change the same variable simultaneously. Surely, sometimes we have to struggle against Rust. For example, it often informs us that a certain variable is already being used by someone else and, as a result, we cannot continue writing.

Nevertheless, Rust is a very good friend of ours. If it has accepted some code, it is guaranteed that this code will not fail. Rust will not allow us to use a link to a variable which will disappear some time later. How does the platform work with smart contracts?

Aleksey Sidorov: We roughly call smart-contracts - services. The business logic of these services is written in the same programming language as the Exonum platform itself - Rust. Due to this factor, Exonum smart contracts have higher performance and speed as compared to the competitors’ analogs. Additionally, Rust has a high level of security, therefore, an attacker will not be able to hack the validator through an error in a smart contract. Where is Exonum already used?

Aleksey Sidorov: One of the most well-known projects running on Exonum is a pilot project which introduces the blockchain into the land registration system of Georgia. This project implemented a blockchain-based system for registering property rights for the citizens of Georgia. The projects started in 2016.

A land cadaster pilot project was launched in Ukraine. The blockchain was also successfully applied to the system of electronic auctions of the seized property (auth. SETAM).

Recently, another pilot project was launched for Rosreestr (auth. the Federal Service for State Registration, Cadaster and Cartography in Russia). The first step of this project was implementing the blockchain into the registration process of shared construction participation contracts. A contract is registered only after receipt of a confirmation on the insurance payment to the Fund for the Shared Construction Participants’ Rights Protection. The blockchain is used in the interaction between Rosreestr and said Fund, reducing the time of receiving the confirmation to 3-5 minutes, which is 10 times faster as compared to regular operations.

Another interesting case is applying the Exonum platform at Aricent - a global design and engineering company. A series of pilot projects was created for them to improve the efficiency of the software development process (DevOps). According to the internal research by Aricent, the implementation of the blockchain into the DevOps processes tracking led to an acceleration of the product development cycle by 34%. How do you plan to further develop the platform?

Aleksey Sidorov: At the moment we are focused on devising a convenient solution for further development of the platform. Exonum already demonstrates a high level of performance but reaching this level can be difficult due to strict requirements to the services code.

We are considering splitting the services into various ‘trusted zones’. In such a case, any person using Exonum will have the opportunity to write simple services and load them into the blockchain immediately. However, such services will not achieve high-level performance as they will have limited resources. On the other hand, ‘trusted’ services, which have passed the security check and verification by the validators, will have access to more resources, but the deployment procedure for such services will be more complex. Currently, Exonum includes only the services of the latter kind.

Together with our colleagues from Parity Technologies, we are actively studying WebAssembly. By means of a lightweight WASM virtual machine, we will enable developers to implement services written in various programming languages. It will also be useful for those projects which will choose to apply Exonum in the ‘public-permission’ format: only the validators are able to create blocks, but anyone can use the blockchain.

We’re working in the direction of storing the description of the database in the blockchain. Such a description allows for the automatization of lots of processes which are now implemented manually by developers, for example, customization of the light client for checking proofs. With such a description, the proof check will constitute of calling one function instead of several ones. But more importantly, the same light client will be able to easily connect to multiple Exonum blockchains. Just imagine an automatically updated application that stores all your accounts for working with Exonum!

The original material in Russian is taken from