Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Features
Published | Updated

Microsoft Unveils Coco: An Open-Source Blockchain Framework

Up to this point in its evolution, blockchain's potential for business has been largely hypothetical. Beyond the public blockchains underlying Bitcoin, Ether, and other cryptocurrencies, blockchain's decentralized network and immutable ledger technology has attracted lots of enterprise interest and development across the financial sector, all the big-name tech giants, and a host of other industries. What we haven't seen is many blockchain deployments in production. As expected, this is because the nascent tech hasn't been ready yet.

Blockchain transaction speeds are too slow, and making consensus changes to the underlying software is difficult. Another challenge is that the shared transaction history between parties also requires layers of additional obfuscation and encryption to keep data confidential. That's a lot of obstacles, but Microsoft wants to help the blockchain space jump all of these hurdles at once with the release of its Coco Framework, a new open-source foundation for enterprise blockchain networks.

Coco (short for Confidential Consortium) is an open-source framework Microsoft plans to release on GitHub in 2018. The company also published a manifesto-sized white paper this morning. Coco gives enterprises a distributed governance model for blockchain networks built into the software, allowing networks to configure their own voting rules and vote on upgrades or new members in the same fashion as validating a transaction. The framework also introduces a construct called a Trusted Execution Environment (TEE), which you can think of like a trusted black box for data. Using Coco, each node in an enterprise blockchain network would have a confidential computing environment. Through the TEE, each node controls the encrypted data coming in and out for different transactions, smart contract agreements, and data exchanges between distributed applications (DApps) built on the blockchain.

"We think blockchain is going to potentially transform just about every industry," said Mark Russinovich, Chief Technology Officer (CTO) of Microsoft Azure. "But for enterprises to process transactions in today's blockchain systems, there's high throughput and latency, and a lack of confidentiality requiring complex cryptography to obfuscate transactions. In supply chain, for instance, you don't want suppliers to be able to see each other's inventories and orders. Coco gives you configurable constitutions to govern membership, and Trusted Execution Environments to get rid of today's distributed consensus algorithms and the mining requirements where latency is mixed in."

More From PCmag

Eyeing a Side Job, But Don't Have Wheels? Try Maven Gig
Disney to Ditch Netflix, Start its Own Streaming Service
Why Blockchains Fork: A Tale of Two Cryptocurrencies
How to Buy a Business Laptop

Coco integrates with existing blockchain networks and protocols, including Ethereum, JPMorgan Chase's Quorum platform, the R3 consortium's Corda financial ledger, and Hyperledger Sawtooth. The framework essentially adds a new trust layer underneath permissioned or private blockchains. According to Russinovich, this eliminates the need for blockchain's compute-intensive Proof of Work model, giving enterprises the ability to manage confidential data on a blockchain while speeding up performance to more than 1,600 transactions per second.

"Processing transactions inside the TEE, in which all parties trust that code, can help a distributed network achieve centralized database levels of latency and throughput while handling votes directly in the blockchain," said Russinovich. "Votes are transactions. New members are transactions."

Inside Microsoft's Enterprise Blockchain Pipeline

Microsoft has been developing enterprise blockchain tech for the past several years, but the company built out its blockchain infrastructure in stages atop its Microsoft Azure cloud platform. By using tools such as Azure Resource Manager (for creating complex cloud apps) in combination with its Blockchain-as-a-Service (BaaS) platform, the company built an environment designed to make it easy for enterprises to spin up their own blockchain networks, and then develop, test, and deploy cloud apps on top of them.

Then Microsoft added more identity and security features, integrating its BaaS platform with Microsoft Azure Active Directory, introducing new secure interoperability components called Cryptlets, and layering on network monitoring capabilities to watch out for anomalies and outages as well as monitor transactions and node health.

Russinovich told PCMag that the goal is to create fully managed networks that are turnkey: ready-made private blockchain networks for use cases from finance to supply chain management and beyond. But he also said that blockchain has limitations. The Coco Framework is the next step in that blockchain tech stack.

The open-source framework will be freely available on GitHub in 2018, but Russinovich said Microsoft's BaaS platform will also include the ability to create TEEs hosted on its cloud infrastructure. It's all part of that new "trusted network" facilitating permissioned transactions on a distributed ledger.

"Coco is independent of Azure. But because of the distributed nature of the blockchain, somebody's going to have a Coco node on Azure, another will be in their own on-premises data center, etc.," explained Russinovich. "It's effectively creating a trust network between the nodes."

As for what exactly these TEEs are, one example is Microsoft's Virtual Secure Mode (VSM). Microsoft has also worked with Intel to support the company's Software Guard Extensions (SGX) as another TEE, and will work to support more of these confidential computing "enclaves" going forward.

"Software Guard Extensions allow an application to create a protective enclave that's only accessible to that application," said Rick Echevarria, VP of Intel's Software and Services Group and GM of Platforms Security. "The processing is encrypted, the memory is encrypted, and there's no other process in your compute: no operating systems, nothing else within that environment that can access the enclave. You bring data and compute into the TEE to keep it confidential while enabling that trust."

Each member or node in a blockchain built by using Coco would have a TEE. For blockchain to achieve mainstream commercial adoption, Russinovich said it needs not just greater speed and scale but better distributed governance and data confidentiality in how the network achieves consensus and verifies transactions. Coco introduces a number of innovations, but the TEEs and distributed governance model exemplify how the framework approaches and modifies one of the fundamental tenets of blockchain: Proof of Work.

What Is Proof of Work?

Proof of Work is one of the core consensus rules pioneered by the Bitcoin blockchain. Bitcoin mining is a competitive process, one which plays out like a lottery every time a new block is created. Every 10 minutes or so, one of the decentralized nodes is randomly selected as a block validator and will receive the reward (Bitcoin) for mining a new block. For the Bitcoin miners competing to create and validate new blocks of transactions, Proof of Work, a mechanism that measures compute cycles expended when a miner generates a hash, is the miner's lottery ticket.

"If you want to participate in new block creation, you have to prove that you've consumed resources to enter what's basically a lottery selecting the block validator for a given period," said Peter Van Valkenburgh, Director of Research at Coin Center, a nonprofit organization focused on the policy issues facing cryptocurrencies. "Because it's decentralized, you need a fair and meaningful way to pick one computer on the network to set the canonical record that wouldn't invoke a centralized authority or identification system."

"Proof of Work means that anyone who wants to be chosen for a period of time to validate a block and get the mining reward will be chosen randomly, like a lottery. But the problem with a lottery is, you can buy one ticket or a thousand. So, in a consensus network like a blockchain, you need to make these lottery tickets expensive," said Valkenburgh. "They can't cost dollars, so the innovation is to make it cost through compute cycles; running this algorithm with random data to generate a hash. One Proof of Work equals one lottery ticket."

This mechanism is key to the success of Bitcoin and countless other blockchain networks, core to maintaining distributed consensus and independent verifiability. The issue with Proof of Work from a business viability perspective, as Microsoft's Russinovich explained, is that it's very inefficient. Coco re-imagines Proof of Work as we know it, eliminating the need for traditional mining and distributed consensus algorithms by providing that trusted environment underneath. Without the compute-intensive mining process, you get much faster transaction speeds.

"Proof of Work is great for a network where no one trusts anyone else, and you prove that trustworthiness with a lot of computing work in the way transactions are transmitted and verified on the Bitcoin or Ethereum network," said Russinovich. "What the TEE does—if you trust the environment and the code it's going to produce—is establish that trust for this consortium network, and it's configurable for any given batch of transactions where you decide what data you want to share or make public."

Coco in Action

Coco's architecture breaks down into a couple different layers. At the base is that trust network made up of TEE nodes. Above that, the distributed governance and configurable transaction mechanisms provided by the Coco Framework itself. Atop this foundation is where the blockchain networks themselves come in (Ethereum, Corda, Quorum, Hyperledger Sawtooth, and others). Finally, running on top of those are smart contracts and decentralized apps enabled by blockchain tech.

To test whether Coco actually accelerates transaction speeds to enterprise-grade levels of throughput and latency, Microsoft ran a demo of a blockchain network running on the Coco Framework against one using a private Ethereum blockchain. There was also another demo featuring Mojix, a partner company using RFID and Internet of Things (IoT) tech for the retail supply chain and inventory management. The demo involved a smart contract transaction sending a purchase order from a retailer to a supplier.

Microsoft said it's optimizing the framework for consortiums of several hundred nodes, based on the number of parties that might make up a private enterprise blockchain network.The goal was to process 2,000 transactions per second.

There were a few stops and starts in the demos, but the end results were successful blockchain apps deployed in production: purchase orders sent and verified in minutes via smart contract, and more than 1,700 transactions processed on the Coco network compared to 15 on Ethereum (using a batch of actual transactions from the public Ethereum blockchain). Average latency was reduced from more than 68,000 milliseconds (ms) on the Etherum network to a shade below 117 ms using Coco.

Amber Baldet, Executive Director, Blockchain Program Lead for JPMorgan Chase, said Coco's cross-blockchain compatibility, trust and confidentiality innovations, and transaction acceleration are significant. Baldet is also the banking chair of the Enterprise Ethereum Alliance, and attended the Coco briefing representing Quorum.

"Broadly across industries, information sharing is what powers business," said Baldet. "We see a lot of opportunity in mutualization of infrastructure and being able to share information not only quickly but with a high degree of security and trust in the veracity of that transaction. Blockchain and distributed ledgers help us do that. Specifically in financial services, there's the added opportunity to transfer value within these systems, which could completely revolutionize capital markets and wholesale banking work in the future."

Baldet sees Coco as another piece to layer additional degrees of security and performance on top of what Quorum, Corda, Hyperledger Sawtooth, and other enterprise blockchain protocols are already doing. The next hurdle, she said, will be integrating blockchains with legacy systems. Coco isn't an interoperability framework—you can't send transactions from one blockchain to another—but with the framework and TEEs as a foundation, she said Coco has potential not only in legacy integrations but with cross-chain information transfer.

For Microsoft's Russinovich, Coco represents a shared resource to get enterprise blockchain distributions to that production-ready stage. Regardless of the ledger, be it Ethereum, Quorum, etc, Russinovich said solving for confidential data control and distributed governance is the key to blockchain's future in business.

"Coco and the TEEs turn confidentiality into an access control problem. You can make it so parties in a bank or consortium can't see any transaction but their own, but an auditor can come in and oversee the entire transaction log," said Russinovich. "Coco is the flexibility for multiple ledgers to integrate these capabilities. For Ethereum, we only had to make minor tweaks to the open-source code for existing smart contracts and DApps. This, we believe, will be the foundation of blockchain for businesses."

This article originally appeared on PCMag.com.