Data privacy for Quorum.
Crux is a secure enclave for Quorum written in Golang.
It is a replacement for Constellation, the secure enclave component of Quorum, written in Haskell.
The best way to start is to run the Quorum-Crux Docker image. This image runs a 4 node Quorum network using Crux as the secure enclave communicating over gRPC.
git clone https://github.com/blk-io/crux.git
docker-compose -f docker/quorum-crux/docker-compose.yaml up
Where the node details are as follows:
Name | Quorum node address | Account key | Crux node key |
---|---|---|---|
quorum1 | http://localhost:22001 | 0xed9d02e382b34818e88b88a309c7fe71e65f419d | BULeR8JyUWhiuuCMU/HLA0Q5pzkYT+cHII3ZKBey3Bo= |
quorum2 | http://localhost:22002 | 0xca843569e3427144cead5e4d5999a3d0ccf92b8e | QfeDAys9MPDs2XHExtc84jKGHxZg/aj52DTh0vtA3Xc= |
quorum3 | http://localhost:22003 | 0x0fbdc686b912d7722dc86510934589e0aaf3b55a | 1iTZde/ndBHvzhcl7V68x44Vx7pl8nwx9LqnM/AfJUg= |
quorum4 | http://localhost:22004 | 0x9186eb3d20cbd1f5f992a950d808c4495153abd5 | oNspPPgszVUFw0qmGFfWwh1uxVUXgvBxleXORHj07g8= |
If you want to make changes to e.g. istanbul-start.sh then build the docker image locally:
docker-compose -f docker-compose-local.yaml up --build
2 Crux nodes example is simple Docker image to just bring up 2 Crux nodes which communicate with each other.
git clone https://github.com/blk-io/crux.git
docker-compose -f docker/crux/docker-compose.yaml up
Where the Crux node keys are the same as quorum1
and quorum2
above, and are listening on ports
9001 and 9002 for gRPC requests.
For those of you who are unable to use Docker, you can run the
7 Nodes Quorum example which is an updated version
of JP Morgan's Quorum 7 Nodes example using Crux as the secure enclave.
The latest binaries for different platforms are available on the release page.
Each Crux instance requires at least one key-pair to be associated with it. The key-pair is used to ensure transaction privacy. Crux uses the NaCl cryptography library.
You use the --generate-keys
argument to generate a new key-pair with Crux:
crux --generate-keys myKey
This will produce two files, named myKey.key
and myKey.pub
reflecting the private and public keys
respectively.
At a minimum, Crux requires the following configuration parameters. This tells the Crux instance what port it is running on and what ip address it should advertise to other peers.
Details of at least one key-pair must be provided for the Crux node to store requests on behalf of.
crux --url=http://127.0.0.1:9001/ --port=9001 --workdir=crux --publickeys=tm.pub --privatekeys=tm.key --othernodes=https://127.0.0.1:9001/
If you'd prefer to run just a client, you can build using the below instructions and run as per the below.
git clone https://github.com/blk-io/crux.git
cd crux
make setup && make
./bin/crux
Usage of ./bin/crux:
crux.config Optional config file
--alwayssendto string List of public keys for nodes to send all transactions too
--berkeleydb Use Berkeley DB for working with an existing Constellation data store [experimental]
--generate-keys string Generate a new keypair
--grpc Use gRPC server (default true)
--grpcport int The local port to listen on for JSON extensions of gRPC (default -1)
--networkinterface string The network interface to bind the server to (default "localhost")
--othernodes string "Boot nodes" to connect to to discover the network
--port int The local port to listen on (default -1)
--privatekeys string Private keys hosted by this node
--publickeys string Public keys hosted by this node
--socket string IPC socket to create for access to the Private API (default "crux.ipc")
--storage string Database storage file name (default "crux.db")
--tls Use TLS to secure HTTP communications
--tlsservercert string The server certificate to be used
--tlsserverkey string The server private key
--url string The URL to advertise to other nodes (reachable by them)
-v, --v int Verbosity level of logs (shorthand) (default 1)
--verbosity int Verbosity level of logs (default 1)
--workdir string The folder to put stuff in (default: .) (default ".")
At present, Crux performs its cryptographic operations in a manner identical to Constellation. You can read the specifics here.
The two main workflows for handling private transactions are the submission and retrieval demonstrated below.
Crux is a constellation located in the southern sky in a bright portion of the Milky Way. It is among the most easily distinguished constellations, even though it is the smallest of all 88 modern constellations. (Source: Wikipedia)
The critical or transitional moment or issue, a turning point.
@patrickmn the original author of Constellation. Crux would not exist were it not for his work.