Hyperledger Ursa is a shared cryptographic library that enables people (and projects) to avoid duplicating cryptographic work and increase security in the process. The library is a curated conglomeration of cryptographic libraries with a uniform abstraction layer on top that handles the subtle issues related to each library. The abstraction layer is designed to be misuse resistant.
As Hyperledger has matured, the individual projects within Hyperledger have started to find a need for sophisticated cryptographic implementations. Rather than have each project implement its own cryptographic protocols, we think it would be more desirable to collaborate on a shared library. There are many reasons to do this:
Avoiding duplication: crypto implementations are notoriously difficult to get correct (particularly when side channels are taken into account) and often require a lot of work in order to complete with a high level of security. The library would potentially allow projects to share crypto implementations, avoiding unnecessary duplication and extra work.
Security: having most (or all) of the crypto code in a single location would substantially simplify doing a security analysis of the crypto portion of Hyperledger. In addition, the lack of duplication would mean that maintenance would be easier (and thus, hopefully, security bugs would be less numerous). People might also be less likely to “roll their own crypto” if there are easily accessible implementations.
Expert Review: In addition, the ability to enforce expert review of all cryptographic code should increase security as well. There has already been at least one substantial bug in a Hyperledger DLT platform at a cryptographic algorithm level. We think that having a concentration of cryptographic experts in Hyperledger will help us minimize the risk of this in the future.
Cross-platform interoperability: if two projects use the same crypto libraries, it will simplify (substantially in some cases) cross-platform interoperability, since cryptographic verification will involve the same protocols on both sides.
Modularity: This could be the first common component/module and a step towards modular DLT platforms, which share common components. While we have already outlined most of the advantages this modularity would bring in terms of actual functionality, a successful crypto library could encourage and push forward more modular activities.
New Projects: It would be easier for new projects to get off the ground if they had easy access to well-implemented, modular cryptographic abstractions.
Support for National Standards: The abstraction layer makes it easier for projects that use Ursa to support national cryptography standards such as FIPS, SM (China), and GOST (Russia).
This talk covers the overall architecture and implementation of Hyperledger Ursa as well as some of the difficulties faced when migrating existing projects to the new abstraction layer. Also included is the discussion of the challenges faced with support the different national standards for cryptography.