DSR Corporation's PoC of Hyperledger Indy Based on Hyperledger Besu

Highlights

• DSR Corporation, as one of the core contributors and maintainers of Hyperledger Indy, completed the PoC of Indy based Besu. The code is open sourced and available (https://github.com/hyperledger/indy-node/pull/1821).
• The PoC is based on Hyperledger Besu instead of a custom consensus protocol reducing complexity, simplifying maintenance, enhancing performance, accelerating new feature development and improving end-user experience.  
• This initiative can increase adoption of Indy and Besu, and is a logical bridge between the two graduated Hyperledger projects. It can solve real issues and address real use cases requiring a permissioned ledger for decentralized identity. 
• Our goal is to make the new implementation compatible with the old one and have clear and easy-to-use migration guides for existing deployments.

Hyperledger Indy (Indy) is an open-source project under the Linux Foundation's Hyperledger umbrella. It is a decentralized and self-sovereign identity (SSI) management platform designed to give individuals, organizations and devices control over their digital identities. Indy provides the tools and protocols necessary to create, manage and verify digital identities in a secure and privacy-preserving manner. Most Hyperledger Aries frameworks depend on Indy or some API from under their hood.

Indy consists of two main components, ledger and client SDKs: 

• Indy Ledger is a public permissioned blockchain-based distributed ledger to provide a decentralized, secure and tamper-evident infrastructure for managing identities. It's based on RBFT consensus protocol implemented as part of the indy-plenum project. Indy ledger can be used as a verifiable data registry (VDR) with did:indy and did:sov methods. It can also be used as a registry for CL AnonCreds verifiable credentials to publish credential schemas and issuer's credential definition, public keys, revocation registries, etc.
• Indy SDK is a collection of software libraries, tools and APIs that developers can use to build applications and systems that incorporate SSI features based on Indy. It includes the components for communication with the Indy Ledger, managing CL AnonCreds, verifiable credentials, establishing pairwise connections, wallet functionality, CLI, etc. The code is written in Rust and contains wrappers for all popular programming languages and platforms, including mobile.  

Indy is a graduated Hyperledger project since 2019. Indy Ledger has successfully run in production for many years without significant issues as part of Sovrin and other networks.

The DSR team is one of the main contributors and maintainers of Hyperledger Indy. DSR has authored: 

• More than 75% of commits and edited ~70% of lines of code in Hyperledger Indy Ledger repositories (https://github.com/hyperledger/indy-node and https://github.com/hyperledger/indy-plenum)
• Approximately 90% of commits and edited ~90% of lines of code in Hyperledger Indy SDK (https://github.com/hyperledger/indy-sdk) repository during the first year of the project
• More than 65% of total commits

Why Base Indy Ledger on Besu?

Indy ledger is one of the most stable and adopted frameworks for decentralized and self-sovereign identity. It's used in production systems and was one of the first SSI projects that helped a lot in the adoption and popularization of the self-sovereign identity concept. Although Indy Ledger "just works," there is a lack of maintenance and implementation of new features.

Indy Ledger project was started in 2016. At that time, there was not a stable framework for a public permissioned ledger, that's why Indy Ledger contains not only the business logic of SSI-specific transactions, but also the implementation of the auxiliary framework itself (consensus protocol, permissioned logic, ledger, storage, etc.). This makes the Indy ledger codebase large and complex, and maintenance non-trivial.

When the Indy project began, it provided a working implementation of SSI principles before modern SSI standards, such as W3C VC and  W3C DID, were established and finalized. That's why in order to continue being a locomotive of SSI, Indy requires new features and specifications be implemented. 

Although there are multiple options for CL AnonCreds registries besides Indy, e.g., cheqd ledger, Cardano, etc., all of them are based on permissionless proof-of-stake ledgers. The permissionless ledger can be a reasonable option in many cases, but there are certain scenarios where a permissioned ledger, such as the current Indy Ledger, is a better alternative. 

Taking into account the problems of the current Indy Ledger implementation and the need for a public permissioned ledger, DSR proposed this initiative at the Indy Summit in September 2023. 

The main goal of this initiative is to keep agreeable properties of the existing public permissioned Indy ledger while reducing complexity, simplifying maintenance, enhancing performance, accelerating new feature development and improving end-user experience. One of the core enhancements is the elimination of a custom consensus protocol implementation in favor of Besu, a stable and maintained framework so that Indy Ledger can focus on SSI-specific business logic.  

About Indy Ledger based on Besu

Unlike the current Indy Ledger, the PoC has a much more compact and simpler codebase, as the blockchain complexity is encapsulated within Hyperledger Besu framework the new Indy ledger is based on.

 It has the following benefits and advantages for the Indy community, maintainers and users:

• Business logic (transactions) is implemented in Solidity, one of the most popular and adopted languages for smart contracts. Solidity smart contracts are easy and understandable. This will attract new developers, make it much easier to support the code, and add new technologies that are common on the market.
• The new consensus protocol will Significantly increase network throughput and the number of validators. This will make using Indy easier and more convenient for end users.  
• Permissioned mode (proof-of-authority consensus) follows the same principles as the current Indy ledger implementation.
• Hyperledger Besu is part of the Hyperledger family, so it is a logical bridge between two graduated Hyperledger projects.
• The new Solidity-based Indy contracts can be run on a public Ethereum Main Net as an alternative to the permissioned case. 
• There is a possibility to deploy SSI/Indy logic into existing private permissioned deployments based on Hyperledger Besu (for example, to extend supply chain cases).
• A possibility to implement light client solutions.

One of the main goals here is to make the new implementation compatible with the old one (did:sov and did:indy methods), and have clear and easy-to-use migration guides for existing deployments. 

Links

• https://github.com/hyperledger/indy-node/pull/1821
• https://www.hyperledger.org/projects/hyperledger-indy
• https://www.hyperledger.org/projects/besu
• https://github.com/hyperledger/indy-node
• https://github.com/hyperledger/indy-plenum
• https://github.com/hyperledger/indy-sdk
• https://github.com/hyperledger/indy-vdr
• https://github.com/hyperledger/anoncreds-rs
• https://github.com/hyperledger/besu

About the Author: Alexander Shcherbakov, head of DSR's Decentralized Systems business unit, has over 14 years of experience in software engineering and management, and over seven years of experience in self-sovereign identity, blockchain, consensus protocols and distributed ledger technologies. Alexander has a Ph.D. degree in Mathematics and is a speaker at the Hyperledger Global Forum, IIW and other industry conferences. He actively contributes to open-source projects, including Hyperledger Indy, Hyperledger Aries, DIDComm, CSA DCL, Tendermint and others.