HID-Node Codebase
Quick go through the code base of hid-node
Hypersign Identity Network (HID Node) is built on top of Cosmos SDK. This documentation only covers the SSI module and the basic commands of Cosmos SDK modules. It is recommended to have a good understanding of Cosmos SDK. Please refer Cosmos SDK docs here.
The knowledge of Protocol Buffers is also essential.
Project Structure
Following is the high level folder structure of HID Node
Protobuf
The interaction between a client and HID Node happens through RPC, built using Protobuf. The proto files are defined under proto/ssi/v1
. The are two RPC service
namely Msg
and Query
, defined in proto/ssi/v1/tx.proto
and proto/ssi/v1/query.proto
respectively. List of HID Node RPCs are:
Transaction Based
MsgCreateDID
MsgUpdateDID
MsgDeactivateDID
MsgCreateSchema
MsgRegisterCredentialStatus
Query Based
QueryDidDocument
QueryDidDocuments
QuerySchema
QuerySchemas
QueryCredential
QueryCredentials
The generation of Golang code is done by the script scripts/protogenc.sh
. The generated files are present in x/ssi/types
.
DID Document
The DID-Core W3C Specification has been followed to frame the structure of a DID Document. It's proto representation is mentioned in proto/ssi/v1/did.proto
. The message DidDocumentState
is stored on chain.
Schema Document
The proto representation is mentioned in proto/ssi/v1/schema.proto
. The message Schema
is stored on chain.
Credential Status Document
The proto representation is mentioned in proto/ssi/v1/credential.proto
. The message Credential
is stored on chain.
x/ssi
Module
x/ssi
ModuleIn Cosmos SDK, every operations related to blockchain such as staking, delegation, token trasfer, etc are handled by different modules. They are defined in the x
directory of Cosmos SDK (See here). For instance, x/bank
module handles the functionality of token transfer. x/ssi
module lets you store documents such as Decentralised Identifiers (DID), Schema Document and Verifiable credential Status on chain.
Quick Overview
x/ssi/client/cli
: CLI Client for sending SSI-based transactions to and querying data from Blockchain.
x/ssi/keeper
: Interaction with the state of blockchain
x/ssi/genesis.go
: - Initialising and Exporting of genesis variables of x/ssi
module, such as chain_namespace
. - For public mainnet chain, chain_namespace
should be empty. In case of testnet, the name of the testnet should be assigned. If you are running a private network, you can specify your own chain namepsace.
x/ssi/modules.go
: Defines the interface for ssi
module
Keeper
Keepers provides an abstraction to interact with the state of the blockchain. The store is a data structure which persists the state. The Get
and Set
methods of the store are handled by the Keeper. There are Keeper functions defined for each of the RPCs. Transaction-based RPCs share a similar workflow, while Query-based share different workflow similarity among themeselves.
Transaction Based Keepers
Let's take the example of MsgCreateDID
The proto definition of RPC is as follows:
Pseudocode:
Query Based Keepers
Let's take the example of Query RPC QueryDidDocument
The proto definition of RPC is as follows:
Pseudocode:
Store
The Store is a Key-Value structure responsible for persisting the state of chain. The store can have multiple subspaces, which acts as individual KV Stores. The identification of these subspaces, specifically meant for x/ssi
module, are mentioned in x/ssi/types/keys.go
.
Substore Namespace
The following table describes the substores:
DidKey
DID Document Id
DID Document
DidCountKey
[]byte(DidCountKey)
Registered DID Documents Count
SchemaKey
Schema Document ID
Schema Document
SchemaCountKey
[]byte(SchemaCountKey)
Registered Schema Documents Count
CredKey
Credential ID
CredentialStatus Document
CredCountKey
[]byte(CredCountKey)
Registered CredentialStatus Documents Count
DidNamespaceKey
[]byte(DidNamespaceKey)
Chain Namespace
Store Functions
The store functions comprise of operations such as addition to, change from and query by key from the Store. These are defined in the following files:
Consider the Get
and Set
methods related to DID Document:
Get:
Set:
Begin-Block
The status of every Registered Verifiable Credential (VC) is check at the beginning of each block. If the current block datetime is greater than the expiration datetime of a VC, the Status is set to Expired
.
The BeginBlocker function is written in x/ssi/abci.go
Features
Key Management
Key Management is the first that a user need to do, when its about interacting with blockchain. hid-node
supports the following ways to store and manage the public keys:
test
: Public Key information is stored in${HOME}/.hid-node/keyring-test
. This approach is not recommended for production useos
: Operating system specific credential sub-system stores the keys encrypted with a passphrasefile
: It is similar totest
backend, with the exception that the keys are encrypted with a passphrase.
Algorithm
secp256k1
algorithm is used in the generation of keys, and it is the only algorithm supported for wallet key generation.
Address Format
The addressing scheme used is bech32
and the address prefix is hid
Commands
Run the following to generate a key
Save the 24-word mnemonic which is generated in the terminal
If you want to recover a wallet using a Bip39 Mnemonic, append the --recover
flag to the above command
List all the keys present in a keyring backend
Delete a key
Token transfer
The x/bank
module facilitates the transfer of tokens between accounts. The base denomination used in the chain is uhid
, where u
represents the SI prefix micro
. So, 1 HID
represents 1000000uhid
. uhid
also acts as a governance token. The Coin Type is 118
Run the following to transfer uhid
between blockchain accounts
<source-hid-account>
- Source blockchain address<destination-hid-account>
- Destination blockchain address<amount-in-uhid>
- Amount to be transferred. Example -1000uhid
Check the balance of an address
Staking
Governance
PayTx: Pay fee on someone's behalf
If you want to perform any transaction on chain, you have to pay fees in order to execute it. Adding tokens to your wallet isn't a seamless experience, as you first have to trade your fiat currency with a crypto-currency in a centralised exchange, and then transfer those tokens to your non-custodial wallet, such as Keplr.
The x/authz
and x/feegrant
modules work together to enable accounts, having no balance, perform blockchain transactions and have the fee be paid by someone who have granted them authorization.
Performing PayTx transactions from CosmJS will be available from the version v0.29.0
.
Let's consider a scenario with two actors who will be present on the network:
User: They don't possess any
uhid
tokensIdentity Provider (IdP): They possess abundant
uhid
tokens and will pay the fee for User'sMsgCreateDID
transaction.
Lets assume the following:
<user-addr>
: User's blockchain address<idp-addr>
: Identity Provider's address
Steps
Grant
User
authorization to performMsgCreateDID
transaction.
List the authorizations
Specify the amount of tokens
User
is allowed to spend in fees. Once this limit exhausts,User
cannot perform the authorized transaction
List the fee allowances
Generate a
MsgCreateDID
transaction and store it in a json filetx.json
Execute the
MsgCreateDID
transaction with fee paying account being Identity Provider
The 50uhid
is deduced from the Identity Provider account
Cross-chain Token transfer
The cross-chain transfer of tokens between Cosmos-based chains is possible using Inter-Blockchain Communication (IBC) Protocol. Refer the IBC Documentation here.
Run the following to transfer tokens between two accounts located on seperate chains
Architecture
Modes of Operation
The hid-node
can be run in three modes:
Full Node
This node stores the complete state of blockchain. However, it does not actively participate in the validation process. Every connected node, by default, is a full node.
Validator Node
It is a full node, which has a significant stake in the network and activately takes part in the validation process.
Seed Node
It's purpose is to introduce newly connected nodes, to other nodes in the network, and disconnects after doing so.
In order to run in seed mode, set pex = true
and seed_mode = true
in <hid-node config dir>/config/config.toml
Sentry Node Architecture
In order to mitigate DDoS or similar attacks on the validator node, it is recommended to spin a full node, which will be connected to the full node. This architecture is known as Sentry Node Architecture.
The Validator Node is isolated from the outside world, through private subnetting. The Sentry
node is connected to the Validator Node. RPC Endpoint and Node ID of Sentry Node are exposed for everyone to connect with. Sentry Node can be thought of as a reverse proxy.
Last updated