Privacy groups
Tessera supports operations related to Hyperledger Besu privacy groups (versions earlier than 25.1.0) and resident groups for GoQuorum multiple private states (MPS), such as managing privacy group data and handling transactions intended for a privacy group.
Behavior may differ depending on which mode
Tessera is running on.
The types of privacy group are:
A unique privacyGroupId
is used to identify individual privacy groups. For private transactions sent to a privacy group, the corresponding privacyGroupId
is stored alongside the transaction.
Once created, you can't change the members of a privacy group. To add or remove members, you must create a new privacy group.
The following is an example of a privacy group and its related data:
{
"privacyGroupId": "jufzisK63xbXDciV0FW1uAi3vXFDNNJpf/M3lUhMiU0=",
"name": "groupA",
"description": "A description of this group",
"type": "PANTHEON",
"members": [
"98FhPni7u6YspDGcOLl/LgQQwwGPGY4ddm3hmogsqF8=",
"dzkrEhkHZ/IjHEaQ6teVTU/kMjiwXTI6Ooljcb56w1M="
]
}
Privacy group types
Legacy
Tessera automatically creates a legacy privacy group when a private transaction is sent to a list of recipient public keys using privateFor
.
When returning private transaction data to a Besu client (as part of a /receive
response), the legacy privacyGroupId
is also returned.
The legacy privacyGroupId
is generated by hashing the list of recipient keys. For a given set of recipients, there can be only one legacy privacy group.
Besu and Tessera generate the same legacy privacyGroupId
from the same list of recipients.
Pantheon
Tessera supports API methods that enable the creation of pantheon privacy groups from a compatible blockchain client (for example, Besu).
Upon creation, the privacy group is distributed to all members ahead of transaction processing.
When a private transaction contains a privacyGroupId
, the transaction payload is distributed to all the members of the privacy group.
The pantheon privacyGroupId
is generated by hashing the list of recipient keys plus a random seed. This means that for a given set of recipients, there can be many pantheon privacy groups.
Resident
Resident privacy groups, or resident groups, are part of GoQuorum MPS and multi-tenancy. A resident group contains a list of member keys that are locally managed, and those members share the same private state.
Configure resident groups to use multi-tenancy.
Key differences between a resident group and other types of privacy group include:
- A resident group can only contain local keys, not remote keys.
- The name of the resident group is the group identifier.
- Resident groups can be configured in the Tessera configuration file.
API versioning
A node running a version of Tessera that doesn't support privacy groups can't understand requests containing privacyGroupId
. This can cause inconsistent persisting of data on different nodes.
In API version 3.0, Tessera includes the privacy group in the encoded payload in /push
to only those recipients supporting a correct version, otherwise the transaction fails with PrivacyGroupNotSupportedException
.
Privacy group APIs
Privacy group compatible blockchain clients (for example, Besu) can be used to create, delete, find, and retrieve privacy groups. Tessera's Q2T
API adds support for these operations.