IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
gradido/docu/other/system-notes.md
Ulf Gebhardt 610971f5d3
included existing docu 
transformed a lot of odt & txt files to md format
2021-04-16 22:08:51 +02:00

89 lines
4.4 KiB
Markdown
Raw Blame History

- understanding of the system
- abstract, conceptual model
- levels
- a ledger with user transfers (userA, userB, amount) and money
creations (user, amount)
- each ledger has certain rules (for example, transfer cannot
happen if sender doesn't have enough funds; or creation sum for
single user cannot exceed certain amount); by applying those
rules all transfers in the ledger can be replayed and ledger can
be deemed "plausible"
- this alone is NOT enough to confirm that transfers actually
happened, there has to be more to that (transfers have to be
authorized in one or another way)
- multiple such ledgers (blockchains, groups), each maintaining set
of users inside group
- groups can befriend each other, allowing cross group transfers
between users
- users can migrate from group to group
- so, a set of rules exist for a group (for example, user has to
be inside of the group to participate in that group's transfer;
groups have to be friends for cross-group transfer to happen;
etc.); this allows full replay and checking if ledger is
plausible
- such model could be implemented in various ways, for example, single
server, single thread database application, or even with hand-written
ledger, served by an accountant
- idea is to put that together with concept of distributed network,
with nodes, messages, etc.
- from that comes choice to use Hedera, then Protobuf, C++
- any solution should involve user authentication of some sort;
public/private key signatures is a convenient choice
- hedera: pros and cons
- pros (some are essentially needed features):
- ordering of transactions
- transaction sender is authorized
- defense against flood with help of HBARs (their currency)
- transactions are distributed
- emerging industry standard
- cons:
- risk of sudden changes; for example, if Hedera decides to use
different running hash calculation algorithm without prior notice,
all network goes down
- not all features are good, some are missing
- their server uptime is not guaranteed
- future is not guaranteed as well; what if after 5 years Hedera is
shut down?... at that point there could be million transfer
blockchains, built on top of it
- that could be solved, though, by replaying transfers into new
ledgers, etc.; still worth to consider
- when connecting to hedera network only way to get current sequence
id and running hash is to use getTopicInfo() call, which costs
HBARs
- gradido node
- hosts ledger data, therefore most important part of the system
(kind of backend database)
- performs data checks before insert, replays blockchains on restart
- exchanges information with other nodes, requesting and sending
blockchain data when necessary
- provides blockchain data in convenient way for node users
- listens to transaction data coming via Hedera network
- all transactions are therefore stored in blockchain, regardless if
they are possible and correct or not; hedera message sequence id
list won't have holes in it
- calculates fields when it is necessary (such as transaction result
or "verdict"; for example, transfer may fail if user doesn't have
enough funds
- in its validation procedures implements all blockchain rules
- transaction format allows format / rule versioning
- can host multiple blockchains
- actually, needs to host multiple blockchains for cross-group
transfers
- expects node user to provide other node endpoints and list of
blockchains to maintain
- otherwise, not conceptually strongly bound to user; it can be
anything, for now there are two services, login server and
community server
- data is kept on hdd in a binary, yet simple, struct-like format;
it is split in same sized blocks; all records have same length
- problems
- user authentication
- if a user can have more than one account, it opens way for creating
of bot networks, essentially robbing honest players
- user migration and cross group transfers would allow many ways
to create bots
- on the other hand, hardcore user authentication may scare off
people
- conclusions
- set of rules, allowing blockchain to be replayed, has to be very
clearly defined (and considered)
Reference in New Issue View Git Blame Copy Permalink