Introduction

It has been a little over a year since we announced Project Bletchley, and since that time we have been working directly with our partners and customers to understand how the cloud can help developers build a new generation of modern applications with blockchain as a core data layer.

Our initial goal for “Blockchain as a Service” was to make it easier for developers to set up a lab environment, get their hands dirty, and build something useful for the enterprise using a blockchain. Microsoft Azure makes it ridiculously easy to spin up the blockchain of your choice, including leading platforms such as Ethereum, Quorum (EEA), Hyperledger Fabric, R3 Corda and Chain Core – we’ve made great progress against those initial goals.

Easing the deployment of this “plumbing” exposed perhaps an even larger challenge: how to build applications for these new environments. Our customers and partners often say to us, “Ok, you’ve made it easy for me to stand up these blockchain networks, but what do I do now?”

This echoes the mid-to-late 1990s when just getting connected to the internet was made much easier with TCP/IP and a web browser included in your operating system for “surfing” the web. The early “surfing” experience, however, was limited to a small set of static web pages and basic email. There was a long way to go from Windows 95 to the .com craze, as the early software development platforms and tools were simply not designed for the web. The result: it took a lot of learning and iterative innovation before you could stand up a viable e-commerce site. Blockchain platforms are in a similar position today: Azure makes it easier to get connected to the “network,” but you can’t do much with it yet.

So, we took a step back to consider what customers truly wanted to build. We learned from early adopters across industries that the business processes most interesting for blockchain were shared. Processes that cross both organizational and trust boundaries. Managing interactions with semi-trusted parties means clearly articulating each parties’ obligations, rules on how to meet them and penalties for failing to meet them. In short, a contract.

The introduction of Smart Contracts in 2015 was largely responsible for the explosion of interest in the enterprise for blockchains. However, the first versions of “Public Smart Contracts” were not designed for enterprise use and cannot deliver against the requirements of the enterprise.

Enterprise Smart Contracts are “what’s next” in the blockchain revolution.

Enterprise Smart Contracts decompose the “Public Smart Contract” approach, reflecting on both “contract” and technology evolution to provide a model for delivering on the promise of blockchain in the enterprise. A critical first step was to introduce separation of concerns in implementation, which modularizes data, logic, contract participants and external dependencies. What Enterprise Smart Contracts deliver are a set of components that can be combined to create contract templates that when executed, provide the privacy, scale, performance and management capabilities expected in the enterprise.

Enterprise Smart Contract Components

What exactly is an Enterprise Smart Contract? Let’s look at the major components:

Schema – the data elements required for the execution and fulfillment of contract obligations between counterparties and the cryptographic proofs needed to maintain the integrity and trust across counterparties and observers such as auditors or regulators.

Logic – business rules defined in the schema and agreed to by the counterparties and observers. Cryptographic proofs required for the execution, versioning and integrity of both the code and its results are persisted to the blockchain as defined in the schema.

Counterparties – identities of participants (people, organizations and things) agreeing to the terms and execution of the contract, authenticated through cryptographic primitives such as digital signatures.

External Sources – external input of data or triggers required to fulfill the execution requirements of the contract. These external sources and conditions for interaction are agreed to by the counterparties and observers. As with the others, cryptographic proof is required to prove authenticity and establish trust in the external sources.

Ledger – the immutable instance of a contract on a distributed ledger (blockchain) containing the data items in the schema to record all contract activities and proofs. This can be either a public “distributed trustless database” or a “shared, permissioned, semi-trusted, discretionarily private database.”

Contract Binding - A Enterprise Smart Contract Binding is the composition of these parts creating a unique instance of an Enterprise Smart Contract. It is created when a contract begins negotiation between counterparties and becomes versioned and locked when each counterparty signs the contract. Once signed and locked the Enterprise Smart Contract begins the execution of the terms and conditions that lead to fulfillment.

Implementing Enterprise Smart Contracts

Now that we have defined what makes up an Enterprise Smart Contract, it’s time to implement them. The cloud is the perfect companion to distributed ledger systems implementing Enterprise Smart Contracts. Since blockchains are comprised of distributed nodes that maintain the database, a globally-distributed, highly-available public cloud provides a great companion platform for services supporting these networks.

“Public Smart Contracts” execute or run every single transaction on every single computer on the network. This is by design and necessary for trustless networks. However, this need not be true for the enterprise. One of the benefits of Enterprise Smart Contracts is the ability to execute terms and conditions “off-chain,” allowing for vastly more flexible performance, scalability, privacy, versioning and an enterprise friendly architecture and development environment. The cloud can provide a shared logic execution platform for Enterprise Smart Contracts at massive scale, while sharing the true cost of running them only between counterparties. I call it “splitting the check.” When two or more people share a contract (dinner) with each other, the bill arrives, you simply split the check. Actually, we can be more discerning than that, but you get the picture. Sharing cloud resources with your counterparties makes “splitting the check” possible while not getting mired in whose datacenter the logic for your contract will execute.

Depending on the underling blockchain, transactions may or may not be private. Meaning, unless your blockchain supports an authorization framework that only allows certain identities to read certain data properties or encrypts data such that only certain identities can decrypt the data, your data is in the clear. If you use encryption to encrypt your data AND execute your Smart Contract logic on the blockchain, then every node on that network needs to be able to decrypt that data in order to be able to compute against it. Some platforms like Quorum and Hyperledger Fabric support these using various ways.

However, executing your logic in an Enterprise Smart Contract means that you can keep not only your data private between counterparties, but your logic as well. The resulting outputs of your logic can be encrypted before posting to the ledger creating a more discrete and flexible privacy model.

This also creates a multi-trust model where Enterprise Smart Contracts can implement different privacy measures based on the blockchain underneath, utilizing privacy features that may be available for certain blockchains. Without Enterprise Smart Contracts, you are limited to the trust model of the blockchain platform only.

Azure – The Enabler

The Microsoft Azure platform provides the building blocks needed to deliver the core technical capabilities for implementing Enterprise Smart Contracts. However, composing them together is a complex undertaking. Last year, when the concept of Cryptlets was introduced, the benefits of separating the logic from the data while using the same cryptographic properties of blockchains was the primary focus. However, it is not enough to just share the same cryptographic primitives as blockchains. You need a platform and a framework that provides the infrastructure for creating Enterprise Smart Contracts. This is not something each counterparty in the network should have to build and maintain. A shared platform and framework for building Enterprise Smart Contracts or PaaS performs the difficult bits like:

Key Management

Secure integration of enterprise identity to secrets/private keys to allow “on-behalf of” transactions

Cryptographic proof generation across cipher suites (ECC, RSA, etc.) and shared infrastructure for expensive operations like Zero Knowledge Proofs, Ring Signatures and Threshold or Homomorphic encryption

Abstracted integration into any blockchain or distributed ledger so logic is portable across platforms

Enable blockchain to blockchain interoperability scenarios like an Enterprise Smart Contract using multiple different blockchains at the same time like recording a transaction proof on a public network for a private transaction. Also, the potential to create Enterprise Smart Contracts that can perform asset transfers from one network to another.

Open APIs for abstracting underlying blockchains for a common way of invoking Enterprise Smart Contracts as well as surfacing blockchain events and data to external systems.

Common enterprise development environments like .NET and Java (CLR, JVM) and newer functional languages and DSLs.

Extensible Data Services plugins to digest and make sense out of blockchain transactions with data lakes, warehouses, BI/Analytics and AI/Machine Learning.

Enterprise Operations and Management tools

Using a combination of enabling technologies in the Azure cloud like Key Vault and Azure Active Directory along with a code attestation engine, which we will detail later, the foundations for this development framework are in place.

Enterprise Smart Contracts - Framework

The Enterprise Smart Contract Framework provides the infrastructure and tools to build on this platform allowing you to harness existing enterprise investments in infrastructure and development skills. This framework is comprised of four major components.

Secrets, Control and Configuration – authorizes access to secrets stored in Azure Key Vault for specific identities (people, cryptlets, IoT devices, etc.) authenticated via Azure Active Directory. Manages the bindings for Enterprise Smart Contracts.

Runtime Environment Services – provides attested execution for Cryptlets and abstracts underlying identity mapping and key management. This allows for developers to write Cryptlets in the language of their choice focusing on Enterprise Smart Contract logic and not the underlying “infrastructure.” The services dynamically create attested execution environments for Cryptlets to run in, securely provision secrets to these environments, and generates cryptographic proofs automatically.

Transaction Builder and Router – marshals and formats Cryptlet Messages into blockchain specific formats and routes these transactions to the appropriate blockchain with reliable delivery.

API – exposes a secure, authenticated message-based API for sending messages to and receiving messages from Enterprise Smart Contracts at massive scale.

Summary

Enterprise Smart Contracts and Microsoft Azure provide the infrastructure required to usher in “real world” enterprise applications to be built on blockchain networks. Cryptlets and the framework provide architects and developers a middle tier platform where existing skills, tools and components can be integrated.

The framework allows enterprises to build blockchain based applications with diverse capabilities:

Publishing of attested data to and from external sources.

Integration point for existing enterprise systems like ERP and CRM.

Logic and behavior for all types of contracts, financial products: derivatives, bonds, insurance policies.

Logic for license contracts: government issued business licenses, certifications, etc.

IoT Integration through Azure IoT suite

Cross blockchain coordination: asset or token transfer between different networks and platforms, e.g. Hyperledger Fabric to Enterprise Ethereum, record private proofs on a public blockchain.

Token or Coin "minter" using off-chain integration, proofs and advanced coinbase behavior.

Personal bot agent for "on behalf of" use cases.

Distributed transaction support between blockchains and other enterprise systems, ledger resource compensation, two-phase commit, etc.

Enterprise Smart Contracts enable these capabilities by providing a secure, confidential, distributed, multi-party application platform for running shared business logic, with a cryptographic proof system that natively integrates with multiple blockchains. Enterprise Smart Contracts and Azure provide this platform that will allow the distribution of costs, risk, identity and more for building next generation distributed applications. These capabilities help unlock the power of blockchain based applications, while taking advantage of the flexibility and power of the cloud, in a way that works in modern enterprise environment.

You can learn more about our Enterprise Smart Contract framework in our technical whitepaper.