Business process collaboration between independent parties can be challenging, especially if the participants do not have complete trust in each other. Tracking actions and enforcing the activity authorizations of participants via blockchain-hosted smart contracts is an emerging solution to this lack of trust, with most state-of-the-art approaches generating the orchestrating smart contract logic from BPMN models. However, as a significant drawback in comparison to centralized business process orchestration, smart contract state typically leaks potentially sensitive information about the state of the collaboration. We describe a novel approach where the process manager smart contract only stores cryptographic commitments to the state and checks zero-knowledge proofs on update proposals. We cover a representative subset of BPMN, support message passing commitments between participants and provide an open-source end-to-end implementation. Under our approach, no party external to the collaboration can gain trustable knowledge of the current state of a process instance (barring collusion with a participant), even if it has full access to the blockchain history.
翻译:暂无翻译