IBM Z and LinuxONE MEA - Group home

Blockchain & LinuxOne Harmony


We explained what is Blockchain and why LinuxOne is the perfect infrastructure for Blockchain with my colleague @Mustafa Mert Askaroglu . Hope you enjoy it and please feel free to ask questions afterwards.


Blockchain is one of the trending technologies in recent days. Especially with the introduction of the bitcoin and cryptocurrencies, it became more and more popular over time. However, this popularity brought some irrelevant and misleading information also. Since even the people who don’t know anything about Blockchain and its capability are talking about it. This situation makes the technology seem overrated and it is damaging the reputation. First we will talk about the purpose, components and use cases of the technology to clarify what Blockchain is and how it works. Afterwards, you will understand that the systems which Blockchain run on also are very significant to take advantages of the technology. Moreover, we will discuss what is LinuxOne and how it can help improve Blockchain solutions. This post will contain technical information in simple language thus don’t afraid when you encounter with technical words.

What is Blockchain

Blockchain is a very simple technology which aims to do very simple job. It is storing the data in a secure, transparent and reliable way. Let’s explain it in a basic example. Assume that we have two stakeholders named OrgA and OrgB which have separate databases and they want to transfer money between each other. OrgA sent 100.000$ to OrgB, yet OrgB database store this transaction amount as 50.000$. How they can decide which stakeholder is right? If they don’t use blockchain, probably they need to trust third party organization which is responsible to store transaction data between OrgA and OrgB. What if they can’t trust third parties anymore or they don’t want to pay transaction fee? In this case, blockchain can be a perfect solution, since blockchain will enable these organizations to have separate but integrated data storage. Blockchain guarantees that they will store the same transaction data simultaneously and any stakeholder will not be able to change. It enables us to create environment of trust.

How It Works

Before explaining the how Blockchain is working, I want to state that Blockchain networks can be categorized under two different headlines which are public and permissioned blockchain networks. In public blockchain there is no need to invitation to participate the network and participants are not vetted, whereas there are digitally identified participants in permissioned blockchains. In this post, we will focus on permissioned blockchains working mechanisms. In order to understand how blockchain works, we should understand what ledger, smart contract and consensus is;

Ledger: As far as we mentioned above the main goal of the blockchain is storing data as a secure, reliable and transparent way. Ledgers are just the where data storage is happening in the blockchain network. In ledgers we have two types of data storage which are World State and Transaction History. In world state current value of the assets are kept and transaction records are stored in the immutable transaction history.

Let’s explain these two concepts in an example. Assume that we want to trade a car in a blockchain based car trade network. When a trade is happened, you can query the world state to display current owner of the car. However when you check the transaction history, you can display the previous owner of the car and all transactions. Moreover no transaction can be deleted or changed in a blockchain network which means high transparency and easy detection of the data manipulation.

Smart Contract: Smart Contracts are basically executable code segments which is defined according to agreed business logic upon by stakeholders of the network. In addition, smart contracts are the only way of updating data on the ledgers. It means that all data updates are agreed in the network. Smart Contracts can be easily implemented by using various languages(Java, Node JS, Go) in Hyperledger Fabric framework and it is called chaincode.

Consensus: We stated that the aim of blockchain network is updating data on the ledgers and executing a smart contract is the only way. However, it doesn’t mean that every smart contract execution is able to achieve this. There are procedures to make smart contract executions valid which is called consensus. When a smart contract request come to network, system checks whether digital signature of the all associated participants exist and order of the smart contract is right. If these conditions are satisfied, it means that consensus is achieved and smart contracts is verified.

It is very possible to have some question marks in your minds while you are reading digital signing of the contracts. Many people think that participants of the networks have some screen which has sign or don’t sign buttons to accept smart contract requests. Of course it is not true, yet I understand why people are thinking like this. Digital signing is happening automatically in the network and if a smart contract has all of the signatures of the participants, it means that every stakeholder is ready to update their ledgers and data integrity of the distributed ledgers can be reached.

Blockchain Network Structure

In this part the main network components of the blockchain are explained;

Organizations: Organizations are basically stakeholders of the business logic. They have digital signatures to verify transaction requests and they can store verified transactions into their own data storage(Ledger).

Peers: Peers are located in Organization nodes. They store ledgers and chaincodes(Smart Contract’s implementation). Peers can be categorized under two different headlines which are anchor peers and endorser peers. Anchor peers can be discovered by other peers in the network and they are responsible for providing communication. Endorser peers are responsible for executing smart contracts and converting executed transactions into blocks.

Orderers: Orderers are where transaction requests are stored and where endorsement policies are applied. It orders the transaction requests and checks whether all of the required digital signatures exist. If these conditions are satisfied it validates the smart contracts.

Channels: Channels allow data isolation. Some organizations can’t be part of sub business logics thus they sometime shouldn’t store the transaction data in their ledgers and they shouldn’t be a part of some consensus process. Therefore, we can create different channels which can be joined by different organizations to create isolated transaction processing environment.

Blockchain Architecture

Further Information

Blockchain is foremost technology to provide transparency of the transactions, yet it is also resource intensive because lots of encryption and decryption process is required. Therefore before using blockchain solution, you should be sure about you need this technology. After this step, you should design feasible blockchain network and system infrastructure. If you don’t design your solution well and don’t choose the right infrastructure, it is very possible to fail. Now, we will talk about how LinuxOne can be a great choice for infrastructure.

The ONE for All

As we discussed on the previous part, Blockchain is a prominent technology which is distributed, transparent and traceable. However, as been discussed on previous part, even if the data inside the Blockchain network is secured, environment of the network is the most crucial part for a permissioned Blockchain.

So, you might ask on which environment a permissioned Blockchain is efficient and secure. Well, even with PCs a Blockchain network could be deployed. However, management-wise the network would be a nightmare. First of all performance will be a huge issue because of the poor processor utilization. Especially if the network has numerous organizations and peers with high transaction rates. Also, because of the Blockchain’s requirement of hefty hashing and encryption algorithms, would be seriously weight on the processor. In addition to that, permissioned Blockchains are most vulnerable from the cyber-attacks which aim to hijack the private keys. In order to prevent these attacks, high security standards and strong encryption algorithms must be implemented.

Sure, network could be implemented on a distributed systems to utilize the high throughput. However, there is an alternative system called LinuxOne. If you’re familiar with IBM Z Systems, LinuxOne is almost the same but lacks the z/OS and z/OS specific technologies. So what will you get from these machines;

First of all, even if the Blockchain secures the data in the network, if the network wouldn’t be secured from external interference, the data would be unreliable. In order to secure the network, encryption algorithms must be implemented on the system. However, some questions must be asked on this step like;

  • Which encryption algorithm would be feasible for the system?
  • Which data needs to be encrypted?
  • How much would the encryption affect the system?

Well, encryption algorithms use significant amount of processing power, which might affect the Blockchain network’s performance and choosing the data to be encrypted is risky. However, on LinuxOne, there is a technology called “Pervasive Encryption”. Pervasive encryption enables the data on LinuxOne to be encrypted both in-flight and at-rest. Thus, securing the Blockchain network from cyber-attacks.

You might think, if LinuxOne is encrypting each and every bit inside of the system, what would be the cost to the performance. On Z Systems there are coprocessors called Crypto Express Card. Whole purpose of this card is to help with encryption and decryption, thus providing better throughput. Additionally, there are instruction sets on all CPs (Central Processor) called CPACF (CP Assist for Cryptographic Functions) to deliver support for encryption algorithms and hash algorithms. With these, you don’t have to worry about both performance and security of the Blockchain network.

As mentioned above, if someone captures the private keys, the Blockchain network would be conquered. Because, the transactions are signed via these private keys, so if you have the private keys you can cast new malicious blocks to network. In order to prevent the containment of the network, private key security is crucial. Well, LinuxOne has a solution for this too. If the Crypto Express Card is configured, the card will support HSM (Hardware Security Module), which will store the master keys, and if the module tampered in any way keys will be deleted permanently. Even if the security of the machine compromised, the Blockchain network would be secured.

The most severe and dangerous attacks are the inside ones. Even if the system is set up to defend against the outsider attacks, an insider attack could bypass the defenses and potentially give unmeasurable damage. To prevent the insider attacks, measures have to be taken. On LinuxOne there is a technology called SSC (Secure Service Container), which is a software solution hosts container-based applications. Once the source code of the application is started to install, SSC blocks any interaction with itself. Additionally, when the application is up and running, admins can only manage application with limited APIs. Thus, limiting the system admins’ authority significantly. Also, every action on SSC could be logged via API. Additional to all of these, if the system detects that it’s being tampered, SSC becomes unreachable from the outside to prevent hijacking and destroys the data inside to prevent stealing.

On paper, LinuxOne and Blockchain have a great harmony together. However, probably the single negative aspect of the LinuxOne is the initial cost of the machine. If the planned Blockchain network has few organizations and peers, LinuxOne would probably not feasible. On the other hand, if the network will have many organizations and excessive amount of transactions per second, LinuxOne is the best choice in my opinion. Since majority of the largest banks wouldn’t be trusting IBM Z Systems to store significant amount of world’s money.