{"id":13641299,"url":"https://github.com/hyperledger/fabric-private-chaincode","last_synced_at":"2026-01-11T23:59:28.786Z","repository":{"id":38258056,"uuid":"146336278","full_name":"hyperledger/fabric-private-chaincode","owner":"hyperledger","description":"FPC enables Confidential Chaincode Execution for Hyperledger Fabric using Intel SGX.","archived":false,"fork":false,"pushed_at":"2025-04-29T21:59:23.000Z","size":6120,"stargazers_count":166,"open_issues_count":88,"forks_count":93,"subscribers_count":15,"default_branch":"main","last_synced_at":"2025-05-16T05:40:32.561Z","etag":null,"topics":["blockchain","confidentiality","fabric","hyperledger","integrity","intel-sgx","privacy","smart-contract"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hyperledger.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-08-27T18:15:07.000Z","updated_at":"2025-04-29T16:06:41.000Z","dependencies_parsed_at":"2024-01-14T11:13:11.961Z","dependency_job_id":"375e6bb9-974b-4b48-b23c-5fa6b35b1170","html_url":"https://github.com/hyperledger/fabric-private-chaincode","commit_stats":{"total_commits":622,"total_committers":38,"mean_commits":16.36842105263158,"dds":0.6511254019292605,"last_synced_commit":"33fd56faf886d88a5e5f9a7dba15d8d02d739e92"},"previous_names":["hyperledger-labs/fabric-private-chaincode","hyperledger-labs/fabric-secure-chaincode"],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger%2Ffabric-private-chaincode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger%2Ffabric-private-chaincode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger%2Ffabric-private-chaincode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger%2Ffabric-private-chaincode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hyperledger","download_url":"https://codeload.github.com/hyperledger/fabric-private-chaincode/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254478160,"owners_count":22077675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","confidentiality","fabric","hyperledger","integrity","intel-sgx","privacy","smart-contract"],"created_at":"2024-08-02T01:01:19.593Z","updated_at":"2026-01-11T23:59:26.422Z","avatar_url":"https://github.com/hyperledger.png","language":"Go","readme":"\u003c!---\nLicensed under Creative Commons Attribution 4.0 International License\nhttps://creativecommons.org/licenses/by/4.0/\n---\u003e\n# Hyperledger Fabric Private Chaincode\n\nHyperledger Fabric Private Chaincode (FPC) enables the execution of chaincodes\nusing Intel SGX for Hyperledger Fabric.\n\nThe transparency and resilience gained from blockchain protocols ensure the\nintegrity of blockchain applications and yet contradicts the goal to keep\napplication state confidential and to maintain privacy for its users.\n\nTo remedy this problem, this project uses Trusted Execution Environments\n(TEEs), in particular Intel Software Guard Extensions (SGX), to protect the\nprivacy of chaincode data and computation from potentially untrusted peers.\n\nIntel SGX is the most prominent TEE today and available with commodity\nCPUs. It establishes trusted execution contexts called enclaves on a CPU,\nwhich isolate data and programs from the host operating system in hardware and\nensure that outputs are correct.\n\nThis project provides a framework to develop and execute Fabric chaincode within\nan enclave.  It allows to write chaincode applications where the data is\nencrypted on the ledger and can only be accessed in clear by authorized\nparties. Furthermore, Fabric extensions for chaincode enclave registration\nand transaction verification are provided.\n\nFabric Private Chaicode is based on the work in the paper:\n\n* Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza, Alessandro\n  Sorniotti: Blockchain and Trusted Computing: Problems, Pitfalls, and a\n  Solution for Hyperledger Fabric. https://arxiv.org/abs/1805.08541\n\nThis project was accepted via a Hyperledger Fabric [RFC](https://github.com/hyperledger/fabric-rfcs/blob/main/text/0000-fabric-private-chaincode-1.0.md) and is now under development.\nWe provide an initial proof-of-concept implementation of the proposed\narchitecture. Note that the code provided in this repository is still prototype code\nand not yet meant for production use!\n\nFor up to date information about our community meeting schedule, past\npresentations, and info on how to contact us please refer to our\n[wiki page](https://wiki.hyperledger.org/display/fabric/Hyperledger+Fabric+Private+Chaincode).\n\n## Architecture and components\n\n### Overview\n\nThis project extends a Fabric peer with the following components: A chaincode\nenclave that executes a particular chaincode, running inside SGX.\nIn the untrusted part of the peer, an enclave registry maintains\nthe identities of all chaincode enclaves and an enclave transaction validator\nthat is responsible for validating transactions executed by a chaincode\nenclave before committing them to the ledger.\n\nThe following diagram shows the architecture:\n\n![Architecture](docs/images/arch.png)\n\nThe system consists of the following components:\n\n1. *Chaincode enclave:* The chaincode enclave executes one particular\n   chaincode, and thereby isolates it from the peer and from other\n   chaincodes. A chaincode library acts as intermediary between the chaincode\n   in the enclave and the peer. The chaincode enclave exposes the Fabric\n   chaincode interface and extends it with additional support for state\n   encryption, attestation, and secure blockchain state access. This\n   code is executed inside an Intel SGX enclave.\n\n1. *Enclave Endorsement validation:* The enclave endorsement validation\n   complements the peer’s validation system and is responsible for\n   validating transactions produced by a chaincode enclave. In\n   particular, the validator checks that a transaction contains a\n   valid signature issued by a registered chaincode enclave. Iff the\n   validation is successful, it causes the state-updates of the\n   transaction to be committed to the ledger. This code is a normal Fabric\n   transaction, i.e., executed and endorsed on multiple peers as\n   required by the organization trust.\n\n1. *FPC Chaincode Pkg:*\n   This component bundles together the chaincode enclave and the enclave endorsement validation logic into a fabric chaincode.\n   It also includes a shim component which \n   (a) proxies the chaincode enclave shim functionality, e.g., access to ledger, to the fabric peer, and\n   (b) dispatches FPC flows to either the chaincode enclave (via `__invoke` queries) or to the enclave endorsement validation logic (via `__endorse` transactions).\n\n1. *Enclave registry:* The enclave registry (`ercc`) is a chaincode that runs outside\n   SGX and maintains a list of all existing chaincode enclaves in the\n   network. It performs attestation with the chaincode enclave and stores the\n   attestation result on the blockchain. The attestation demonstrates that a\n   specific chaincode executes in an actual enclave. This enables the peers\n   and the clients to inspect the attestation of a chaincode enclave before\n   invoking chaincode operations or committing state changes.\n\nMore design information can be found [here](docs/architecture-design.md)\n\n### Source organization\n\n- [`client_sdk`](client_sdk/go/): The FPC Go Client SDK\n- [`cmake`](cmake/): CMake build rules shared across the project\n- [`common`](common/): Shared C/C++ code\n- [`config`](config/): SGX configuration\n- [`docs`](docs/): Documentation and design documents\n- [`ecc_enclave`](ecc_enclave/): C/C++ code for chaincode enclave\n    (including the trusted code running inside an enclave)\n- [`ecc`](ecc/): Go code for FPC chaincode package, including\n    dispatcher and (high-level code for) enclave endorsement validation.\n- [`ecc_go`](ecc_go/): Go code for FPC Go Chaincode Support\n- [`ercc`](ercc/): Go code for Enclave Registry Chaincode\n- [`samples`](samples/): FPC Samples\n- [`fabric`](fabric/): FPC wrapper for Fabric peer and utilities to\n    start and stop a simple Fabric test network with FPC enabled, used\n    by integration tests.\n- [`integration`](integration/): FPC integration tests.\n- [`internal`](internal/): Shared Go code\n- [`protos`](protos/): Protobuf definitions\n- [`scripts`](scripts/): Scripts used in build process.\n- [`utils/docker`](utils/docker): Docker images and their build process.\n- [`utils/fabric`](utils/fabric): Various Fabric helpers.\n\n\n## Releases\n\nFor all releases go to the [Github Release Page](https://github.com/hyperledger/fabric-private-chaincode/releases).\n\n*WARNING: This project is in continous development and the `main`\n branch will not always be stable. Unless you want to actively\n contribute to the project itself, we advise you to use the latest release.*\n\n\n\n## Getting started\n\nThe following steps guide you through the build phase and configuration, for\ndeploying and running an example private chaincode.\n\nWe assume that you are familiar with Hyperledger Fabric; otherwise we recommend the\n[Fabric documentation](https://hyperledger-fabric.readthedocs.io/en/latest/getting_started.html)\nas your starting point.\nMoreover, we assume that you are familiar with the [Intel SGX SDK](https://github.com/intel/linux-sgx).\n\n\nThis README is structure as follows.\nWe start by [cloning the FPC repository](#clone-fabric-private-chaincode) and explain how to prepare your development environment for FPC in [Setup your FPC Development Environment](#setup-your-development-environment).\nIn [Build Fabric Private Chaincode](#build-fabric-private-chaincode) we guide you through the building process and elaborate on common issues.\nFinally, we give you a starting point for [Developing with Fabric Private Chaincode](#developing-with-fabric-private-chaincode) by introducing the FPC Hello World Tutorial.\n\n### Clone Fabric Private Chaincode\n\nClone the code and make sure it is on your `$GOPATH`. (Important: we assume in this documentation and default configuration that your `$GOPATH` has a _single_ root-directoy!)\nWe use `$FPC_PATH` to refer to the Fabric Private Chaincode repository in your filesystem.  \n```bash\nexport FPC_PATH=$GOPATH/src/github.com/hyperledger/fabric-private-chaincode\ngit clone --recursive https://github.com/hyperledger/fabric-private-chaincode.git $FPC_PATH\n```\n\n## Setup your Development Environment\n\nThere are two different ways to develop Fabric Private Chaincode. \n\n### Option 1: Using the Docker-based FPC Development Environment\nUsing our preconfigured Docker container development environment. [Option 1](docs/setup-option1.md)\n\n### Option 2: Setting up your system to do local development\n\nAs an alternative to the Docker-based FPC development environment you can install and manage all necessary software dependencies which are required to compile and run FPC. [Option 2](docs/setup-option2.md) \n\n## Build Fabric Private Chaincode\n\nOnce you have your development environment up and running (i.e., using our docker-based setup or install all dependencies on your machine) you can build FPC and start developing your own FPC application.\nNote by default we build FPC with SGX simulation mode. For SGX hardware-mode support please also read the [Intel SGX Attestation Support](#intel-sgx-attestation-support) Section below. \n\nTo build all required FPC components and run the integration tests run the following:\n```bash\ncd $FPC_PATH\nmake docker\nmake\n ```\n\nBesides the default target, there are also following make targets:\n- `build`: build all FPC build artifacts\n- `docker`: build docker images \n- `test`: run unit and integration tests\n- `clean`: remove most build artifacts (but no docker images)\n- `clobber`: remove all build artifacts including built docker images\n- `checks`: do license and linting checks on source\n\nAlso note that the file `config.mk` contains various defaults which\ncan all be redefined in an optional file `config.override.mk`.\n\nSee also [below](#building-documentation) on how to build the documentation.\n\n### Intel SGX Attestation Support\n\nTo run Fabric Private Chaincode in hardware mode (secure mode), you need an SGX-enabled\nhardware as well corresponding OS support.  However, even if you don't\nhave SGX hardware available, you still can run FPC in simulation mode by\nsetting `SGX_MODE=SIM` in your environment.\nYou can find more details [here](docs/build-sgx.md).\n\n### FPC Playground for non-SGX environments\n\nFPC leverages Intel SGX as the Confidential Computing technology to guard Fabric chaincodes.\nEven though the Intel SGX SDK supports a simulation mode, where you can run applications in a simulated enclave, it still requires an x86-based platform to run and compile the enclave code.\nAnother limitation comes from the fact that the Intel SGX SDK is only available for Linux and Windows.\n\nTo overcome these limitations and allow developers to toy around with the FPC API, we provide two ways to getting started with FPC.\n\n1) Using the [Docker-based FPC Development Environment](#setup-your-development-environment) (works well on x86-based platforms on Linux and Mac).\n2) FPC builds without SGX SDK dependencies (targets x86/arm-based platforms on Linux and Mac).\n\nWe now elaborate on how to build the FPC components without the SGX SDK [here](docs/playground-nonsgx.md).\nNote that this is indented for developing purpose only and does not provide any protection at all.\n\n### Troubleshooting\n\nThis section elaborate on common issues with building Fabric Private Chaincode that you can read [here](docs/troubleshooting.md).\n\n### Building Documentation\n\nTo build documentation (e.g., images from the PlantUML `.puml` files), you will have to install `java` and download `plantuml.jar`. Either put `plantuml.jar` into\nin your `CLASSPATH` environment variable or override `PLANTUML_JAR` or `PLANTUML_CMD` in `config.override.mk`\n(see `config.mk` for default definition of the two variables). Additionally, you will need the `dot` program from the\ngraphviz package (e.g., via `apt-get install graphviz` on Ubuntu).\n\nBy running the following command you can generate the documentation.\n```bash\ncd docs\nmake\n```\n\n## Developing with Fabric Private Chaincode\n\nIn the [samples](samples) folder you find a few examples how to develop applications using FPC and run them\non a Fabric network.\nIn particular, [samples/application](samples/application) contains examples of the FPC Client SDK for Go.\nIn [samples/chaincode](samples/chaincode) we give illustrate the use of the FPC Chaincode API;\nand in [samples/deployment](samples/deployment) we show how to deploy and run FPC chaincode on the Fabric-samples test network and with K8s (minikube).\n\nMore details about FPC APIs in the [Reference Guides](#reference-guides) Section.\n\n### Your first private chaincode\n\nCreate, build and test your first private chaincode with the [Hello World Tutorial](samples/chaincode/helloworld/README.md).\n\n### Developing and deploying on Azure Confidential Computing\n\nWe provide a brief [FPC on Azure Tutorial](samples/deployment/azure/FPC_on_Azure.md) with the required steps to set up a confidential computing instance on Azure to develop and test FPC with SGX hardware mode enabled. \n\n\n## Reference Guides\n\nYou can find more details related to the Management API, FPC Shim and FPC client SDK [here](docs/referenceguides.md).\n\n\n## Getting Help\n\nFound a bug? Need help to fix an issue? You have a great idea for a new feature? Talk to us! You can reach us on\n[Discord](https://discord.gg/hyperledger) in #fabric-private-chaincode.\n\nWe also have a weekly meeting every Tuesday at 3 pm GMT on [Zoom](https://zoom.us/my/hyperledger.community.3). Please\nsee the Hyperledger [community calendar](https://wiki.hyperledger.org/display/HYP/Calendar+of+Public+Meetings) for\ndetails.\n\n## Contributions Welcome\n\nFor more information on how to contribute to Fabric Private Chaincode please see our [contribution](CONTRIBUTING.md)\nsection.\n\n## References\n\n- Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza, Alessandro\n  Sorniotti: Blockchain and Trusted Computing: Problems, Pitfalls, and a\n  Solution for Hyperledger Fabric. https://arxiv.org/abs/1805.08541\n\n- [Fabric Private Chaincode RFC](https://github.com/hyperledger/fabric-rfcs/blob/main/text/0000-fabric-private-chaincode-1.0.md)\n\n- Presentation at the Hyperledger Fabric contributor meeting\n  August 21, 2019.\n  Motivation, background and the inital architecture.\n  [Slides](https://docs.google.com/presentation/d/1ewl7PcY9t27lScv2O2VaeHMsk13oe5B2MqU-qzDiR80)\n\n- Presentation of at the Hyperledger Fabric contributor meeting\n  November 11, 2020.\n  The design and rationale for FPC Lite (FPC 1.0).\n  [Slides](https://docs.google.com/presentation/d/1KX3_gB70H6PZw5uvYbIPYPOMt8qsh2nLRsGmXEf98Ls/edit#slide=id.ga89b65b885_0_0)\n\n\n## Project Status\n\nHyperledger Fabric Private Chaincode was accepted via a Hyperledger Fabric [RFC](https://github.com/hyperledger/fabric-rfcs/blob/main/text/0000-fabric-private-chaincode-1.0.md) and is now under development.\nBefore, the project operated as a Hyperledger Labs project.\nThis code is provided solely to demonstrate basic Fabric Private Chaincode\nmechanisms and to facilitate collaboration to refine the project architecture\nand define minimum viable product requirements. The code provided in this\nrepository is prototype code and not intended for production use.\n\n## License\n\nHyperledger Fabric Private Chaincode source code files are made\navailable under the Apache License, Version 2.0 (Apache-2.0), located in the\n[LICENSE file](LICENSE).\n","funding_links":[],"categories":["Blockchains","Code Repositories"],"sub_categories":["Library OSes and SDKs","Go"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyperledger%2Ffabric-private-chaincode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhyperledger%2Ffabric-private-chaincode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyperledger%2Ffabric-private-chaincode/lists"}