Payback to Subramaniam Sir

good teacher

My daughter completed 10th standard and has joined 11th standard. I and my daughter started to have casual conversation about her school subjects, as I still remember my basics Maths, physics, chemistry. Earlier childhood, my daughter started to read story books and continue to read school books with the same attention and never went for special tuition or extra classes. When she wanted more clarity earlier, I introduced her to  Khan academy  and how to search for topic on Khan academy  and then she started to research for clarification herself.

If you live in place like Bangalore, 11th class child are under a lot of pressure to study well from your peer students and parents from peer parents.  You have multiple coaching institutes that call parent on the phone asking you to put your child in their school.  There are schools that call parent on the phone and ask you to apply for admission in their school and share their focus for entrance examinations.

I asked my daughter whether she wants to join any classes. She asked me a question “Did you attend extra classes while you were at school”

My answer was Yes. I reminded for Subramaniam Sir (Block-27 Neyveli) whose only classes I attended while studying 12th standard in my school. (different from Block-9 Subramaniam Sir whose classes were attended by lot of my classmates). Here are my memories at times when there is biopic release called Super 30 based on real life Super 30 classes.

Subramaniam Sir was maverick. He does not collect any fees to students and would not entertain fees from students. There was no application form to fill and he just reminded you by name. He worked in good position Neyveli lignite corporation and offered these classes as support to student to learn maths topics well.  I have heard rumor that he had son who expired due to some snake bite or some unavoidable situations.

Admission process: No one get easy admission to Block-27 Subramaniam Sir. If you come wearing t-shirt and request admission, your chance of getting admissions are low. If you come in 4-wheeler with your parents and park in front of his house, your chance of getting admissions are low. You need to humble and simple and show urge to learn and respect to teacher. (not he expects respect).

You cannot move your hair in style or wear jeans to class. You run the risk of being asked to go home and cannot attend the class in future. When students of higher management of NLC come by car to get admission, they have their admission denied and no one can me Subramaniam Sir change his decision.   If students come by 2-wheeler, your admission may be revoked. All of us come to class only by bicycle. You would have bicycle pump at Sir’s home if your bicycle has less air in wheels and you can self-pump air.

Classes:  Block-27 Subramaniam Sir maths classes did not have table and chairs. Students to have sit on the ground along with the teacher and work on the problems. At times on weekends, Sir would sit down in the garden and there will be mats for students to sit around in the garden.

There was Chemistry Sir who would come and teach Chemistry and it was optional for student to attend chemistry classes. The chemistry class monthly fees was Rs 30 and Chemistry teacher would forget to ask for fees, effectively fees was not demanded.  Chemistry class used to happen in open shed with wooden benches. Even when it rains, the students for maths class continue to sit down in Sir’s house living room and study room. (Remember it was D Type Quarters of Neyveli).

Learning: At times, you asked sir for doubt in one maths problem and have attempted and struggle to move forward, he would provide hint to move forward.  I used to study for IIT-JEE entrance examinations in those times. At times, I would have difficulty to solve complex problem and this topic is also in school syllabus. When I asked for clarification, Sir would clarify my doubts and enable me to resolve the same with a word “that this problem is not in schoolbook. Are you preparing for some other exam? “

Internal tests: Block-27 Subramaniam Sir never asked students to take internal tests.  The interest to learn was of the students and Subramaniam Sir played role of coach helping student become better in what she or he wants.

While I stopped going to classed post November 1992, I have heard that Subramaniam Sir helped student to perform night study in his office during exam preparation holidays. He used to be awake through the night with students and his wife would make all of them tea/coffee so that they can be awake and study well and get good marks.

After sharing this story with my daughter, I asked her whether she wants to explore AhaGuru, founded by Balaji Sampath of Chennai and offers online courses for school students. I was privileged as part of MobiSir to interact with Balaji and be part of software development  of the online course of AhaGuru in early years.  She explored AhaGuru and chose the option that allows to access explanatory videos and no online classes.

At this junction, I had mindset to write wrong about how things are today. Then I decided to kindly remember long term thinking of NLC, PSU company.( think all these benefits are still offered to their employees).

  • They used to conduct free entrance class coaching classed for all students after completion of 12th class exams. NLC brought teachers from different part of Tamil Nadu, paid the teacher and made facility for student to study for free or for a nominally low account.
  • Students scoring top marks in different Neyveli schools were provided with scholarship that reimbursed the whole tuition fees across the course duration of their engineering or medical stream. Students whose parents were NLC employees were eligible for this scholarship. NLC continue to reimburse student who completed 12th class in school of Neyveli whose father retires from NLC right after student completes 12th standard
  • Prior to joining my first job, I had my medical examination done at Neyveli hospital for free. All dependent children of NLC employees received free medical facility (I was dependent of my father as college student)

To end, I decided that to mark all my volunteering activities in community and learning program offered by me at my work to be  “Pay Backwards to Subramaniam Sir of Block-27 Neyveli”

 

Advertisements

Testing Blockchain applications

I am not QA engineer. While deploying my block-chain prototypes, I have ensured that my business owners would not have challenges when they show demo.  QA engineer asked my to provide inputs how to start testing blockchain application. blockchain testing

QA engineer needs to learn basics of block-chain application. Here are some simple steps to learn about Ethereum(block-chain) application

  1. Install metamask
  2. Learn to connect with test network of ethereum – Rinkeby, Kovan,Ropsten.
  3. Talk to blockchain developer to learn some basics.(Reach me if required).
  4. Leverage Remix and metamask to understand how to perform following
    1. How to install smart contract
    2. How to set the current user who performs smart contract operation?
    3. How to pass parameters to invoke methods of smart contract?
    4. Where to see the return values?
    5. How to View logs and events.
  5. Any know-how that helps to understand concepts of docker and docker-compose is considered helpful during testing.

QAs need to spend time to understand concept of centralization versus decentralization and  concept of public chain versus private chain versus consortium network.  Decentralization means that app resides on numerous computers and its code can be accessed by anyone. No central server implies that 99% of failures, errors that made to  blockchain cannot be reversed.

Test  solution to ensure that impact of “Garbage-in, Garbage-out” phenomenon are minimal. Given the sheer number of nodes and combinations in blockchain applications, QAs can write test cases with vision  to write automate tests in the near future.

An adventurous QA can attend developer meetup to learn developer jargons. At the end of the session, try to meet the speaker to get more clarity. [ Observed one person doing in Sawtooth event where I was speaker.  Believe that matured blockchain developers spend genuine time with QAs as  solution carries higher risk when  block-chain application is deployed to network(production) without QA. Check  slideshare presentation like link

You are hired by block-chain firm to do QA. Ask  for requirements documents, even though teams may not have one.(Read my blog series SDLC in blockchain solution. to understand the importance of requirement document). Quite possible developers recommended QA to be boarded at release time or business owner got fear hearing in meetup where people lose crypto currency due to lack of testing.

If requirement document does not exist, QA may have to build one. Once you build requirements spec and test cases, ensure that any change in smart contracts or working of block-chain application are modified in newly written document by business owner or functional expert. Ideally, the ownership of the document needs to lie with business owner and functional expert. Read my blog series SDLC in blockchain solution.

You need to have specific test environment for QA. Most of blockchain frameworks offer testnet.  By running test deploying application on testnet helps to avoid losing money and reduce QA costs. As testnet coins are different actual coins, tester get real experience to experiment testing  the application without being worried of breaking the blockchain.

Using docker environment for testing enables easiness around test deployments. Using docker environment that supports shared volume for data and logs enables their persistence when docker instance goes down. When docker does not support shared volume, application data created during  session gets lost with shutdown of docker environment.

Here are some  areas of research for QA to start blockchain testing by starting with hunt for  test cases and test scenarios. [Yet to cover topics related  to gas consumption,  privacy, GDPR, confidentiality ,  tools and performance]

Smart contract testing: Similar to API, we need to test smart contracts (ie) Every smart contract method needs to be validated for its working, boundary conditions and conditional statements. Test both positive(in-scope) and negative(out of scope) conditions  mentioned in  requirement document. As lot of QA testing may happen on test network (cost money to pay for gas on live network), please ensure that code deployed in tes network only gets deployed to live network. Prior to solution goes alive,  QAs needs to emphasize test on live network and plan a budget for production testing. .

Node network testing: As blockchain offers peer-to-peer network across network nodes, it is important to test whether nodes are collaborating properly. Records added successfully via one node is available for verification via another node. Test firewall, network connection  and storage parameters. Does monitoring mechanism notify of failure condition that is caused when config parameters are wrongly updated.
1. Unit testing by QA needs network with at least 2 nodes, While integration testing on pre-production environment by QA is recommended on a network with 3 nodes.
2. Verify that transactions are committed, after passing test of consensus
3. Verify that transactions are failed, when they pass test of consensus.

To fix a bug in a centralized system is relatively straightforward. Some data is corrupt, it is still easier to correct. Remember that company maintaining the application has complete control over the data. In blockchain network, nodes can belong to different companies.  blockchains are immutable ledgers, corrupted data is incredibly hard if not impossible to correct. Becomes more tricky as deploying a fix needs coordination across all node owners of the decentralized network.

Test scenario to evaluate application behavior when one nodes goes offline or gets  shutdown for reasons. Remember that when node comes back alive, node needs to sync storage data with other nodes present in the network.

Security testing of Blockchain
Verify that data is actually present as encrypted in blockchain. Verify that encrypted data is direct transformation of cryptographic process of raw text.
Ensure sufficient testing is done around key management. Key management includes creation of public and private keys, storage of keys, monitoring the usage of keys, replacing the keys on doubt that key has been hacked.
Security testing needs to happens at

  • node level to ensure that communication between nodes follows the security requirements
  • contract level to ensure that contract methods execute only when invoked from address of person in the right role.
  • Consensus level [ tricky to explain]

Validate Inputs
if wrong data is added to blockchain, added data cannot be easily deleted due to immutable property. Verify whether applications perform significant data validation before the data gets added to blockchain. Irrespective of large scenarios. QAs develop  mindset to create explicit test data with both valid/invalid inputs to supply to test cases.

Think What happens with an invalid input? What happens to node based processes when there are varied (valid/invalid) inputs? Are the invalid inputs cause execution faults or does the application handle erroneous behavior

Storage, Backup and migration testing
if there are channels setup, test  whether block-chain data can be backed up and restored with new version. In addition migration testing needs to be performed
1. When data format of the application gets updated. Now similar data is available in 2 formats and entire application including UI needs to verified that this change is handled seamlessly.
2. when blockchain framework version used by the application gets updated. Testing that all nodes upgrade at the same time. if this does not happen, consensus may start failing for transactions.

Domain testing expertise.
Recommend that QAs spend time to education themselves on the domain concepts. Some ways to learn domain concepts include talking to domain experts, trying a free trial of existing application in specific domain(can be non-blockchain application). It is very important for QAs to have regular access to business owners and functional experts to clarify their doubts. et

QAs also need to understand pre-blochain era user experience or business flows. QA need to compare how similar is the user experience of application compared to pre-blockchain application and whether business flow in new application created anxiety and concern in the minds of user. Any concern and anxiety caused adoption to slow down.

No testing matters unless the real-world conditions can be performed by application. A suggestion is to do a joint testing session with subject-matter experts. Promise that this session will help you understand domain well and get a little understanding of expectations from end user perspective.

UI testing
Blockchain transactions may be slow to complete for different reasons. End-user may not be ready to wait for that long. Hence proper messaging has to be done when transaction is in pending state. When the transaction changes to complete state, there shall be some mechanism by which the user interface gets automatically updated.

When the user enters input manually, please show the data to the end user and ask the end user to confirm the data before storing it to block-chain. Remember only the data is stored and consensus is completes, data is immutable. Ensure that the user is not pushed to state of anxiety or concern, as Any concern and anxiety caused adoption to slow down.

Integration testing
Solution designs attempt to have loose coupling between blockchain component and other system components in the application. Effectively, blockchain application may be deployed in multiple environments with various systems integrated. Test whether block-chain application has defensive validation for inputs coming from non-blockchain components, as part of the integration. Do not assume that consuming application would test data send as input to blockchain application. In addition, testing needs to cover performance of the integration and failure in integration with complex system in the mid of workflow. Recommend QA to learn and understand concept related to  Oracle contracts, on-chain permissioning and off-chain permissioning.

Request QA to spend time to understand error log location published by block-chain platform. When you are not able to replicate application error and view error in block-chain blogs, the same can be shared to enable developer to find root cause faster. Identify and remove  bad error message written by developers when  testing staging server.  Invest in QA early in the project as blockchain project ca is risk “things can go wrong fast, then the outcome can be ugly.”

SDLC for BlockChain solution -2

Across each of the three point-of-view in block-chain solution development, I observed play of three different models namely user-persona model, business flow model and Finite State Machine model. Here, Finite State machine model is related more with smart contracts

User-persona model
Conceptualize new system as dynamical systems of interacting users. Aligned more to Computation point-of-view, and helps to capture set of unique users of the system, that encapsulate the behaviors of the various individuals that make up the system, and the execution consists of emulating these behaviors. Capture the behavior of each user through sets of statements in which the behavior becomes explicit

  • Explain persona’s characteristics or attributes
  • What is the user-persona relationship to action here?
    • Are there scenarios for the same user, is the action optional, permitted or denied?
  • What is the action or outcome that the statement regulates in this scenario?
  • What are the contextual conditions under which the statement holds?
  • What are the consequences of non-conformance to the above statement?

This helps to identify inter-dependencies between different human activities in a system. From smart contract perspective, one can try to map from the statements to the skeleton contract. End-user perspective facilitate easy review and feedback from domain experts and non-technical people and also ensure that no crucial functionality is forgotten.

Business Flow model
Conceptualize business workflows that are going to leverage block-chain and help to strengthen specification of smart contract. . Aligned with Computation point-of-view.

Smart contracts are used to address the lack-of-trust problem in collaborative business processes across organizations. Smart contract can be deployed to strengthen trust of business process workflow by providing an automated and immutable transaction history, being a mediator in the process control logic, and facilitate to create an audit trail for the complete collaborative business processes.

  • When one takes business process specification as input and generates smart contract, one may not know which user persona is assigned which role. But the smart contract needs to have this information for instantiating the process.
  • Each Business process needs to iterated through, and for all elements a list of the previous and the next elements needs to be determined. Each element is then translated to Solidity with its respective links.
  • Some business process need to follow a certain pattern but does involve more steps and this needs to be capture.

Finite State Machine model(FSM)

FSM model is more aligned to Platform independent point-of-view.  Smart contracts are considered to act as state machines. A smart contract is in an initial state and a transaction transitions the contract from one state to the next. You also find that Solidity specification describes the possibility of smart contracts as state machines. it helps developers to understand FSM model for smart contracts.

  • Provide a formal model with clear semantics in which smart contracts can be modelled, which decreases the semantic gap and eliminates issues arising from it.
  • The clear semantics allows the connection from its framework to formal analysis tools.
  • Following state diagram enables developers to implement smart contracts with a minimal amount of error-prone manual coding.

An FSM should contain an initial state, a finite set of states, and a set of transitions between these states. The transitions are activated once certain conditions, called guards, are met. Effectively smart contract has states, and in these states, functions allow users or other triggers to change the state

  • This mathematical model of computation can be in exactly one of a finite number of states at any given time.
  • The FSM changes state in response to external inputs or to a specified timed transition. It consists of a list of its states, its initial state, and a collection of conditions for transitions.

Quoting formal definition. An FSM is made up of a set of states and a definition of a set of transitions between these states . A formal definition of the FSM is a tuple (S, S0, T, C), where:

  • S is a finite set of states: A state is a particular moment the FSM can be in. Functions are provided to invoke actions and change between these states.
  • S0 is the initial state: The starting state of the FSM;
  • T is the set of transitions: A transition forces the FSM to take a set of actions if the associated conditions, called guards of the transition, are satisfied.
  • C is the set of conditions: The conditions or guards which are associated to the transitions, which when they are met can invoke the change between states.

Using FSM, the domain expert knows what concepts should be included in the smart contract and the developer has the know-how to translate these domain concepts into technology concepts

Finite state model captures following high-level definitions and also enables review  FSM  and to independently evaluate FSM for correctness and completeness.

  1. Define name of the FSM NAME
  2. Define initial state
  3. Define set of states
  4. Define final state
  5. Define set of transitions

For each transition, FSM model also allows to capture minimal transaction attributes.

  • Identify name of the transition
  • Identify guard conditions of the transition
  • Identify input variables of the transition
  • Identify statements of the transition
  • Identify output of the transition
  • Identify previous state
  • Identify next state

Solidity code that runs in Ethereum allows a smart contract to be a state machine.

  1. Enum, is a user-defined type in Solidity. An enum is used to create a list with the set of states. This enum will be used to keep track of which state the smart contract is in.
  2. The functions, which are used to transition between the states.
  3. Modifiers used to define the conditions for a transition between states. Once Modifiers are defined, they can be reused throughout the contract, allowing for the definition of certain patterns

Sharing some of my observations with respect to smart contracts in Ethereum during software development.

  • The programming of smart contract parallels a lot of characteristics of event-driven programming, in which program  flow is determined by events. Examples of events are for instance user input, variable triggers like elapsed time, or other programs/contracts triggering it.
  • Every node in the network need not permitted to control all functionalities of a contract. Hence transitions (or functions) can be restricted to be only accessible to a certain address. [ access control]. The node deploying contract is marked as owner and has restrictive rights.
  • Risk of undesired loop when a smart contract function is called within another smart contract function. While code reviews can help to detect undesired loop, we explore a principle called locking to handle this vulnerability. It is a modifier which first checks if the contract is locked. If not, it is locked, the transition is executed, and after execution, it is unlocked again. This way, functions in the contract cannot be nested within each other in any way [prevent locking].
  • Due to the decentralized nature, when a user calls a function, invoker is not sure about the state of the contract. This is a challenge for smart contracts, as multiple users may invoke a contract at the same time and the order of the execution of these functions is unknown. To handle this, contract can implement a transition counter, which enforces a strict ordering on function executions.
    • For every invocation of the contract, the user is asked for a transition number as input. This transition number is incremented with one after each function execution. This way the user can be sure that the function executes before any other state change happens. This mitigates against vulnerabilities due to ordering dependence and minimizes exceptions due to unpredictable states.
  • By treating smart contract as a state machine, the timed transition is a transition that may occur multiple times. This transition does not have input or output but do have a number specifying the time.
    • If smart contract has a lot of timed transitions, implement a modifier. This modifier checks before every transition if a timed transition must be executed before the transition. If so, the timed transition will be executed if the time limit has been reached.
  • For every transition, a function is made. There is a check if the contract is in the right state, and hereafter the guards and statements are fired. The guards are the conditions described and need to be fulfilled in order for the function to be executed.

SDLC for BlockChain solution -1

Next in series with my earlier blog SDLC for BlockChain solution. Conceptualizing Block-chain solution needs a deep study in to the problem that you want to focus to solve using block-chain , any token to be offered in the solution to create better adoption and identify/choose block-chain platform that bests suits with needs of the problem space. In my journey, I experience different SE approaches leveraged by me in traditional software development.

To start with, development teams thinking process can start with either
1. A domain-centric approach, where models are used to describe structure and behavior of the system, followed by contract-based design, which serves as input to generate source code for the system.
2. A code-only approach, which is other extreme. There is no usage of models at all, and the focus is solely on the code, hence a code-centric approach

To learn new technology and develop quick early prototypes (for learning), I prefer to start with code, create examples to learn how to  apply technology in a specific problem scenario. Beyond that, either for a paid prototype or development project, I prefer to start with minimal domain understanding, followed by contract-first design, propose/create project structure, prior to writing code. I feel the same needs to be applied for software development stage prior to writing code.

Observe that domain-centric approach had benefits on long term, while there is good amount of effort to be invested up-front. When there is change of requirement later in the development cycle,  domain-centric approach helps me to ask right question to clarify what has change, re-use business knowledge learnt earlier and helps me to effectively rework the code that implements business knowledge. In a code-centric approach, the whole process must be reiterated.

As developing smart contracts is relatively new phenomenon and smart contracts attempts to capture good amount of  business working approaches and constraints, that can change rapidly, I started to feel that domain-centric approach was far more  efficient, instead of a code only approach. While smart contracts act as a novel way to coordinate interaction between independent entities, development team success depends more upon creating unambiguous and correct specification of the smart contract. I played role of domain expert to create a computation-point-of view for business, in consultation and review with business stakeholders.

Understanding problem domain creates a better understanding of the system in terms of models. Model are artefact that maps to an original object or phenomenon and to create abstraction for the model. Models helps to focus on the properties that are most important, enables to identify repeated patterns, lower the level of abstraction, separate components in a system, and effectively reduce system complexity.

Computation point-of-view (CP): This point of view is system independent and it is better to have written artifact created by domain expert to communicate domain knowledge to developer.
• The artifact does not have any details of the system.
• It contains the application’s business functionality and behavior depicted via use case and activity diagrams, and how the actors interact with the application.
• The artifact can serve as a contractual element to be referenced to check whether requirements are correctly fulfilled on completion. [ say by QA engineers]
• Business stakeholders review the document, while development team can review document to understand problem space, ask questions and have better clarity of domain knowledge.
• The artifact can articulate what smart contract should represent regarding behavior. The focus is domain properties and not technical details.

For  smart contracts, CP provide a high-level overview of the smart contract, maps the essential domain concepts in a systematic, structured manner and helps to visualize all possible interactions to be done by different users  with the smart contract. Effectively CP guides the transition of domain knowledge into the specification for a smart contract and does not focus on concerns surrounding the implementation.

With multiple new block-chain platforms emerging and the platforms are in different levels with respect to performance, maturity and reliability, I did not jump to a platform specific design and played role of product architect or system architect creates a platform independent point-o-view.

Creating Platform independent view pushed me to articulate my understanding in language that is easy for domain expert and business to understand. In addition, discussions followed to understand that the problem can be developed leveraging  different block-chain platforms and suggest my recommended block-chain platform for the current problem scenario. These discussions helped all team members to be on the same page.

Platform independent point-of-view (PIP): This point of view identifies models in the system in a way suitable for different block-chain platforms of similar type.

  • While architect is responsible to create and update the artifact, I prefer artifact is owned jointly with domain expert and undergoes a proper review-feedback process.
  • The goal includes identifying logical data, establish dependencies and define workflows
  • Any related computational steps can be expressed as business algorithm, written in terms of business-view to explain dependencies/ constraints of the business scenario.
  • helps QA engineers to better understand about boundary and edge conditions.

It is important to capture enough information as part of PIP to serves as early input to arrive at compute logic that is required in the code. PIP abstracts  the technical details and focus to validate correctness of the model, and think of deployment scenarios.  PIP maintains the functional & behavioral specification, while enabling to map interoperability & integration between platforms using platform independent terms.

While developer views PIP to visualize what the execution of a smart contract will look like, the domain expert views to understand what this execution will be like. Can PIP be detailed enough to enable a developer to model the full functionality? Can PIP be high-level enough to give the domain expert an idea of what the smart contract functionalities are?

Platform specific point-of-view (PSP): The system-view and its specification details are tailored for development using a specific block-chain platform. PSP helps to create project code structure in terms of components, which in turn contains source code.
• You arrive at system-user or end-user categories that encapsulate behavior of various individuals that make up the system, and the execution emulate these behavior.
• There are written set of statements about behavior of the end-user, represented via statements to make the behavior becomes explicit to reader.
• This captures computation steps as software algorithm (source model) that can be reviewed by domain expert, understanding what gets transformed in to code in a programming language (target language).

Platform specific view is less based on requirements and more based on popularity of programming language. For Ethereum, programming language can be Solidity. If other programming languages gain popularity, the transformation rules from  PIP to  PSP need to be evaluated and adjusted. The domain knowledge transformed as PIP continues to hold value even with advent of a new platform or programming language.

Computation point-of-view Capture Business Domain Requirements
Platform independent point-of-view Capture Domain model
Map Domain model to Block-chain solution
Platform specific point-of-view Domain model mapped to Language used to code in the chosen block-chain platform

Across each of the above point-of-view in block-chain solution development, I observed play of three different models namely user-persona model, business flow model and Finite State Machine model. Finite State machine model is related more with smart contracts. This would be as part of my next blog.

Learn – 2 : Smart Contract

Smart contract is a program that runs on the blockchain, follows an if this happens then that structure. The correct execution of smart contract is enforced by the consensus protocol. The main objective of a contract is to fulfill a certain goal and to safeguard against undesirable outcomes, together referred to as contract robustness

Effectively, code that can be stored, verified, and executed on a block-chain is termed as smart contract. The aim of smart contract is to automatically execute terms of an agreement once certain conditions are met. Smart contracts stand out from traditional contracts in the sense that they carry low legal and transaction costs and can lower the bar of entry for users.

[ While attempt it to create generic write-up, the blog is biased towards Ethereum]    On Ethereum the state can be present in two types of accounts. The externally owned end-user accounts, controlled by their private keys, and contract accounts, controlled by their contract code. An externally owned account has no code and can be compared to normal accounts on block-chain with an address and a balance. External account can send messages by creating and signing a transaction.

A smart contract consists of a code, an internal storage, and an account balance.

  • The state of a contract consists of the contract’s balance and the internal storage.
  • The state is updated every time the contract is invoked.

The users invoke  smart contract by sending transactions & data to contract address,

  • Miners treat and handle contract transactions, similar to normal transactions.
  • In the contract code, every time account receives a message its code activates, code is allowed to read and write to internal storage, sent other messages or create contracts.
  • View contract more as an autonomous agent that always executes a specific piece of code when receiving a message, keeping track of its own balance and their key/value store to keep track of persistent variables.

Security measures limit the input and output of external data. For certain smart contracts to function, however, external data is needed. For this reason a distinction between deterministic and non-deterministic smart contracts is made.

  • A deterministic smart contract does not depend on information other than information on the block-chain. A deterministic contract shall always have the same output if the input is not changed.
  • A non-deterministic contract does depend on outside information. This outside information is called an oracle [48]. An oracle provides information from outside the system that the system itself cannot acquire.

A classic example of non-deterministic contract is sports-betting smart contract, in which oracle owns outcome of the game/event. The smart contract pays out funds based on the outcome of a game/event which calls for a trusted party to provide this outcome.

Ethereum supports Turing completeness feature that allows to create more advanced & customized contracts. Turing-completeness means it could theoretically be used to solve any computational problem. The Complexity of contract can be measured as follows and Ethereum falls in to third category.

  • Distributed storage with limited smart contract support
  • Distributed computing with smart contract support based on predefined templates
  • Distributed computing with a Turing-complete smart contract support

in Bitcoin, all transaction requires same amount of computational power. In Ethereum, smart contracts call for different amounts of computational power.

  • To ensure that the miners are rewarded fairly for their computational efforts, an additional fee was added to Ethereum transactions. This fee is called gas.
  • Each instruction in the Ethereum bytecode costs a pre-specified amount of gas.
  • When a contract is invoked, the sender of the transaction must specify how much gas he is willing to provide for the execution of the contract (gasLimit), as well as the price for each gas unit (gasPrice).
  • This way the node who does the computation is rewarded the gasPrice multiplied by the pre-specified amount of gas for the execution of the contract.
    • If this exceeds the gasLimit, the execution is terminated with an exception and it will not be added to the block-chain.
    • Om an exception thrown, the sender still pays the gasLimit he specified to prevent resource exhaustion attacks.

The amount of gas is determined through a summation of the bytecode expressions that are executed in a smart contract. The bytecode is executed on the nodes through the so-called Ethereum Virtual Machine (EVM).

Related to smart contracts, it would good to understand at higher level 3 key technical areas, namely, codifying, security and privacy.

Codifying stands for difficulties writing correct smart contracts, the inability to modify or terminate smart contracts [54], a lack of support to identify under-optimized smart contracts [13], and the complexity of programming languages [55]. These codifying problems jointly with the necessity to do so correctly makes it tricky for developer.

Security issues are more on a technical than a pragmatic level and can vary from a dependence of the order or timestamp of a block to the way exceptions and re-entrancy is handled. The lack of standards and best practices makes smart contract development prone to problematic practices.

To understand privacy, I recommend to read my earlier blog Understand privacy better.  Not covering performance challenges  related to Ethereum that can impact smart contract execution.

Learn – 1 : BlockChain Concepts

Prior to adding more blogs following SDLC for BlockChain solution, I am trying to provides minimal insights in to fundamental concepts of block-chain and smart contracts. This insight in minimal understanding required for all team members who are part of block-chain application development.  The level of depth required for team member depends/varies based on team member’s specific role in SDLC.

A ledger is a combination of two things:

  • a list of accounts who own an amount of something,
  • and a list of transactions from one account to another.

In accounting space, a ledger denotes a proof-of-ownership for a certain good and all the transferals of proof-of-ownership of the goods, which combined can always proof ownership. In computer science, a ledger represents a state transition system in which the blocks denote the transition and transition moves the system from an initial state to the newfound state.  In addition, the state transition approach in ethereum enables to keep track of the balance of a crypto-currency associated with end user accounts.

State_change

Okay, this is ledger.  Who will maintain integrity of the ledger?  In the above diagram

  • transactions are valid only if balance in the initial state is greater than or equal to the transaction amount.
  • If a participant in the network creates invalid transactions and add them, the state would be corrupted.

If this being the case, the problem of reaching consensus about the state among participants in a network arises.

To solve the  above problem, Blockchain combines public-key cryptography, cryptographic hashing, peer-to-peer networking and consensus mechanisms to create a decentralized autonomous ledger.

To maintain integrity and confidentiality of accounts while maintaining availability, a system of encryption and decryption must be applied. Data is encrypted to be unreadable for unwanted parties and decrypted to be shown to the desired parties.

In public key cryptography(asymmetric), user has two keys: a public key and a private key.

  • The user may distribute its public key, because a key only encrypts or decrypts data.
  • The keys work as inverts, so data encrypted by a public key can be decrypted by a private key and vice-versa.
  • Deducing one key from the other, however, is effectively impossible.
  • Data can be safely shared if the sender shares his public key in advance and his private key maintains secure.

Blockchain is more than sending secret messages, so what is role of asymmetric cryptography with block-chain? With the private and public key, a digital signature can be established. This is a mechanism which works as proof that a message originates from a sender.

  • The sender encrypts his data with his private key and sends it to the recipient.
  • The recipient can decrypt the data with public key, which proves it originated from sender.

In a block-chain the public key functions as an address for the person. This address is stored on the block-chain and is publicly available to everyone with access to the block-chain.

The digital signature is used to confirm that the actual address sent a transaction. The hash value of the transaction is encrypted with the private key of the sender. Decrypting this should deliver the same hash value as the hashed transaction, and if not the transaction is invalid. Everyone on the block-chain has access to the public key/address, so everyone is able to verify the transactions.

What is hash function? A hash function maps bit-strings of finite length into bit-strings of fixed length called the hash-value, or simply hash. It must be

  • A one-way function, which means input cannot be deduced from output.
  • collision resistant, which means it is computationally infeasible to find two inputs which produce the same output.

Input will always result in the same output, but a slight change in the input will produce a completely different hash value.

Hash-values can also be hashed. In the block-chain, all transactions are hashed. As it can be time consuming and computationally expensive to check entirety of the hash-list, Merkle trees are used.

  • A Merkle tree is a tree structure and a generalization of the hash list.
  • Each leaf node is a hash of a block of data (in this case a transaction), and each non-leaf node is a hash of its children.
  • The hash of the Merkle tree will alter completely if any data is altered.

This allows for efficient verification. In the block-chain, merkle tress are used to perform quick detection of falsified data, and to guarantees the continuity and creation of block-chain data through proof-of-work

Peer-to-peer networking represents a network of nodes that create an autonomous network wherein data is requested and provided among these nodes on equal footing.

  • A node is a physical/virtual machine that communicates via TCP/IP and UDP with other nodes.
  • The role of a node in this network is not fixed as a client or server.

By not having a client/server structure, some aspects of the network become more complex. For instance, how data is distributed and the method of data transmission between peers is to be considered. Peer-to-peer networking is fundamental to develop distributed network and eliminates a single point of failure and plays a crucial role in the verification and creation of blocks which are added to the block-chain.

In centralized architecture, a single database could be the source of information, which defines the true data. In a block-chain, all the nodes have a copy of the ledger, and together they decide what the true single state of the ledger is. Consensus mechanisms enable  nodes in a network to make decision about ledger state.

In the block-chain, the above decision taking process that  leverages consensus mechanism is called mining and is centered about earning a reward.The reward is an incentive to do computational work in order to verify and control block-chain. To earn the reward, every block is accompanied by a computational puzzle:

  • The data content of the block combined with a nonce must result in hash smaller than a certain value.
  • A nonce is any given value, and certain value depicts the difficulty of the block.
  • A hash function is pseudo-random so it is impossible to deduce the nonce from the data, so the only way to solve the puzzle is to try all nonce values until the right result is guessed.

Solving the puzzle adds a block to the block-chain, which is called mining.

How to ensure that miners check the quality of blocks?

  • A reward can be taken away if someone proves the mined block to be faulty.
  • The quality-reward is an incentive for people to check mined blocks and not flawlessly adopt the latest blocks to earn the speed-reward

If nodes mutually accept a block, collection of transactions in that block gets added to the block-chain, and the mining process restarts for the transactions that were not included in the last block.

Bitcoin block-chain currently runs on the proof-of-work mechanism, which makes an action more costly (means making it harder to do.) As consensus mechanism in block-chain depends on energy consumption due its reliance on computational power, it becomes expensive to mine blocks. This means that transaction fees needs to be raised and energy consumption is very high.  To handle , several consensus mechanisms are proposed.

Consensus mechanism The consensus is based on
Proof-of-Work (PoW) Computational work
Proof-of-Stake (PoS) Ownership of currency
Proof-of-Activity (PoA) Currency discovery
Federated Byzantines Agreement (FBA) Majority voting system

 

SDLC for BlockChain solution

I developed few block-chain prototypes. Lucky to be engaged from scratch to conceptualize block-chain solution with business owner, spec road-map, features and priorities. Then I worked with developers to  develop technical prototype & develop/deliver business prototype. Felt that I invested significant effort during development to enable  developers to identify business needs  to be developed as block-chain application and what  gets coded as smart contract.   Attempt to articulate deep my thoughts  about  SDLC process to develop block-chain application.

Block-chain  immutability means that once a smart contract is appended to the block-chain, it cannot be modified. Hence there is no easy way to patch a buggy smart contract, despite its popularity or how much currency it holds. On way is to reverse the block-chain or relaunch the smart contract. This puts developers under pressure to get code right the first attempt. In addition, when virtual currencies have real value, there is additional pressure on  developers to take measures to safeguard against risk of losing money, when load money or currency is part of a buggy smart contract

Smart contracts are openly accessible nature and may involve large possibility of counter-parties attempting to execute a contract maliciously. This demands that  developer needs to follow a unique defensive thinking to develop smart contracts. How much are developers equipped for this?  Let us lay down some ground realities.

My team non-programmers,(business users, domain experts) find it difficult to express contracts into code. Similar to difficulty of  developers to fully grasp requirements of a contract in the sense that all the domain concepts should be transferred into a smart contract correctly. In addition developer needs to take care of security vulnerabilities.

While I cannot require  unique economic thinking from developer, I observed that application logic errors lead to currency leakage, and its transparency and availability leads to security vulnerabilities. The vulnerabilities are caused due to difference in assumption made by contract writers about underlying execution semantics and assumption of the smart contract system. Effectively, the code does not work the way the writer thinks it is going to work.

i want to view problems in smart contract from two different viewpoints

  • developers viewpoint
  • person experienced in creating contracts,domain expert view point.

While business views advantage of smart contracts in comparison with traditional financial contracts, that smart contracts carry promise of low legal and transactions costs, and can lower the bar of entry for users, there needs to be a lot of gear-up done with development process to develop block-chain applications.  100% motivate by blog How Agile Development and Blockchain technologies require a fresh way of Thinking and Blockchain and Agile. Using strengths from both to improve integration at scale.

Block-chain teams has business users and developers. When domain concepts gets translated to software concepts entirely by mental work of the software developer, there is high probability that it can result in a misalignment of requirements and product.   I started to think of the approach that needs to be taken for transition between domain knowledge and software product in future development work

Assume  developing block-chain application needs following team members: 1. Domain experts, 2. Block-chain Developers(Front-end, Back-end & DevOps), 3. Smart contract developer. Prior to development start date, I assume that all team members have got a good grasp of block-chain concepts including cryptography and consensus.

In future blogs, I want to propose approach to enable team with diverse strengths to collaborate better and develop good block-chain applications.