The Industrial Internet Consortium (IIC) is one of the world’s leading IoT consortiums, consisting of the world’s premier technology organizations.

Each quarter, the IIC membership of 300+ global technology leaders meets to share new research, use cases, and product development frameworks. During the Q2 Member Meeting held on June 22–26, IoTeX participated in four sessions to share our latest work to the IIC membership.

The main highlight for IoTeX was our Pantheon presentation to the IIC’s Blockchain Working Group, of which IoTeX is a Co-Chair along with Amazon & Huawei. In this presentation, we explain what a consortium blockchain is, how Pantheon differs from other consortium blockchains, Pantheon’s unique tech stack and architecture, and much more.

In the rest of this blog, we share the video recording and written transcript of our Pantheon presentation — we hope you enjoy!

Presentation — Video Recording

Presentation — Written Transcript

Hello everyone! I’m Xinxin Fan, Head of Cryptography at IoTeX. I’m also the Co-Chair of the Blockchain Task Group. Today I’m happy to present Pantheon, an enterprise-oriented consortium blockchain for IoT.

Like we all know, the IoT is all about making business decisions based on data collected by smart devices. We basically have three blocks here: 1) all kinds of smart devices collecting data from the physical world, 2) all of this data will be transferred to the backend for storage, processing, etc. and 3) data visualization and analytics. Data trustworthiness is essential for the success of IoT, whether the data you provide is to your customers is trustworthy will determine how much value you bring to your customers.

A natural question is how do we ensure data trustworthiness in IoT? This is a very hot topic which has been discussed for a while in the Security Working Group in past years. Briefly speaking, we should introduce the concept of the Internet of Trusted Things (IoTT) — basically we need to cover the entire data life cycle for the IoTT in order to ensure the trustworthiness along this process. We need to consider data collection, data in-transit, data at-rest, data processing, as well as data retention. Basically you will cover from the device, once they start collecting data, and secure the communication when the device sends data to the backend. Also securely store the data and do the processing in a secure manner.

Why does blockchain matter here? So firstly, let’s briefly look at the blockchain — this is a definition given by NIST. Blockchain, as the name indicates, is a chain of blocks and each block includes a bunch of transactions. This network is maintained by a group of nodes in a peer-to-peer manner. The blockchain basically provides you a tamper-evident and tamper-resistant digital ledger and this digital ledger relies on distributed nodes to run it without any centralized authorities.

There are two types of blockchains that have been widely used in the industry. The first one is permission-less blockchain, basically a public blockchain. In this type of blockchain, anyone can join the network and anyone can read the ledger data and validate transactions. This type of ledger replicates a high degree of trust. The other type is permissioned blockchain, which have been discussed a lot in the industry. This type of permissioned blockchain are usually formed by a set of known transacting parties or institutions. They come together to run this ledger. So the validation is usually controlled by a select set of nodes determined by all of the participating parties. And this type of ledger replicates a high degree of transparency and accountability.

While I believe public blockchain is the future, permissioned blockchains still have high value in this transition period from centralized solutions we use almost every day to a fully decentralized world. Permissioned versions still give you a good example and helps people further understand the value of this technology and how it works in practice.

So one topic we need to first emphasize is “what properties does a blockchain bring into IoT systems?” Here are five properties that are key features provided by the blockchain. First is decentralization — which means blockchain removes the ‘single point of failure’ embodied in a trusted central authority. In a blockchain setting, this network is maintained by a group of nodes instead of a trusted centralized authority. The second property is immutability — blockchain uses cryptographic hash functions to link all of the blocks together, which means once information gets into a blockchain, it’s very hard to change that. Third one is transparency — blockchain provides a fully auditable and valid ledger of transactions so every participant in the system can see that. The fourth one is about security and resilience — blockchain uses public-key cryptography and digital signatures to prove ownership of data, which means once you send something to the blockchain, the thing you prove is you are holding the corresponding private key. This also allows ownership to be transferred, which means if you transfer a certain asset from one entity to another party, you can use your private key to do that. Since the nature of the blockchain means information is widely available across the entire network, this means if some nodes go offline that’s fine and your information is still widely available. The last one is automation — blockchain provides a very useful tool called smart contracts, which is a piece of code deployed on the blockchain. You write your business logic in a certain programming language and the main purpose is to streamline complex business processes. So these processes usually involve multiple intermediaries in the real world. The smart contract can help you to streamline complex processes. These are all of the key features that blockchain can bring to IoT.

So why are we working on another enterprise blockchain? Considering there are a number of consortium blockchains that exist such as Hyperledger, Ethereum for Enterprise, R3 Corda, the recently emerged Baseline protocols, and also Cloud providers like Amazon and Microsoft Azure that offer Blockchain-as-a-Service to give people that are familiar with Cloud computing a similar experience when using blockchain. So why do we want to work on another one? All of the existing solutions here, most of them are very generic solutions where you can build many types of applications on top of them. Some consortium blockchains are more specialized; for example, Corda is mainly used in the banking industry for payment purposes, and Amazon and Microsoft manage their own Blockchain-as-a-Service. The reason we want to work on a new one is we realize there is not a good one dedicated and designed for IoT purposes. So we are trying to build a new one to include all of the services related to IoT applications and eventually provide end-to-end security.

That’s why we are working on Pantheon, which is an enterprise-oriented consortium blockchain dedicated and designed for IoT. This is a high-level tech stack we are envisioning. We have the IoT device layer to support different kinds of IoT devices and communication protocols. The second layer is a hybrid layer with consortium blockchain and Cloud. Building on the second hybrid layer, we have the core IoT services, including user management, device management, storage management, etc. And above this is the application layer so users can develop all kinds of IoT-related applications. Pantheon is completely open source — you can access our repository here. We are going to provide core IoT services to cover different IoT applications. The goal is to enable end-to-end security from the device to the backend. Our initial release is mainly focused on user management and other core services are being actively developed by our development team and will be gradually added to this technical stack.

Regarding the system architecture, this is what Pantheon looks like. We have a number of institutions which coordinate to run this consortium blockchain. We have the blockchain node API gateway to access all of the functions inside this blockchain system. We have a consensus group list, which is a number of institutions who are running a consensus algorithm. Here we give an example flow: a user wants to query data from the blockchain. For example, they will will query the API gateway to get the hash of the data they are trying to access. They will query a data access proxy to retrieve the data from the off-chain database. So the data access control policy in the database will check if the user has certain permissions to access this data. If the permission is granted, the user can retrieve the data from the database and compare with the hash they receive from the blockchain. This is just a simple example flow to show how data integrity can be ensured using our consortium blockchain system.

You can use our blockchain explorer to check what is the last block, all the transactions, and the nodes who are maintaining the blockchain system.

The institution registration is handled by a smart contract in our system and all of the current institutions can vote on a new institution’s participation. They will decide if they would like to bring a new institution into the consortium. An institution can run multiple block operators — they will decide who is able to be a block operator within their institution. And they will manage their own operators separately.

So here this screenshot shows we have multiple institutions here — each institution can manage multiple operators.

In terms of user management, this is conducted off-chain by each institution. We have this hierarchical structure where each institution will manage their own users and corresponding permissions. Users and permissioned data are securely stored in an encrypted database. We also have an administrator here which will specify how to create users and specify their permissions with an access policy list. Users can also be organized in user groups and they can be managed by user group.

So the first time you log into this system, you will create an account like you usually do, and then you can add multiple users as well as specify which group you want to put this user into.

Within the group, you may have regular users and admins can create or add new users and new groups and put users into different groups and assign the permissions.

All of the blockchain access is permission-based in the consortium setting. A user and service will be issued an auth token after they login — this auth token is basically a JWT. this token contains permission data. Currently we are supporting read-write permissions on all of the chain APIs. The token can be configured to expire and each time you query an API you need to attach your auth token together in order to request to a chain node. The auth token will be validated on the node gateway as we showed in our architecture.

We also can handle Layer 2 scalability in Pantheon. The idea is your Layer 2 service, if you have a high load of requests, you can batch them together using a Merkle tree. We only commit the Merkle root to the first layer of the chain. In this way, we can improve the overall throughput.

Lastly, I would like to encourage you to try Pantheon yourself. Basically it’s just a few simple steps. You can install Docker first, and clone our repository. Make sure the following ports are available in your system. Then you just run a very simple script — this will pull all of the Docker images from Docker hub and bring up the service. Later on, you can open up a browser and visit this local host in this port like I did here. It has different options you can choose — you can use the Playground to send a query to the API gateway, it’s a GraphQL query. Then you can return all of the different results. From the dashboard, you can see all of the blocks. If you click a certain address you can see all of the hashes, who is the sender, and other information as well.

We also provide a Grafana-based monitoring tool to facilitate the monitoring of your blockchain systems. Like the block height, if something happens, you can go here to figure out what’s wrong with your system.

That’s all for my presentation — it’s a brief introduction to this solution. If you have any questions, you are welcome to contact us. Thank you!

About IoTeX

Founded as an open source platform in 2017, IoTeX is building the Internet of Trusted Things, an open ecosystem where all “things” — humans, machines, businesses, and DApps — can interact with trust and privacy. Backed by a global team of 30+ top research scientists and engineers, IoTeX combines blockchain, secure hardware, and confidential computing to enable next-gen IoT devices, networks, and economies. IoTeX will empower the future decentralized economy by “connecting the physical world, block by block”.

Learn more: Website | Twitter | Telegram | Medium | Reddit