Tessera supports operations related to Hyperledger Besu privacy groups and resident groups for GoQuorum multiple private states (MPS), such as managing privacy group data and handling transactions intended for a privacy group.
Behavior may differ depending on which
mode Tessera is running on.
The types of privacy group are:
privacyGroupId is used to identify individual privacy groups. For private transactions sent to a privacy group, the corresponding
privacyGroupId is stored alongside the transaction.
Once created, you can't change the members of a privacy group. To add or remove members, you must create a new privacy group.
The following is an example of a privacy group and its related data:
"description": "A description of this group",
Privacy group types
Tessera automatically creates a legacy privacy group when a private transaction is sent to a list of recipient public keys using
When returning private transaction data to a Besu client (as part of a
/receive response), the legacy
privacyGroupId is also returned.
privacyGroupId is generated by hashing the list of recipient keys. For a given set of recipients, there can be only one legacy privacy group.
Besu and Tessera generate the same legacy
privacyGroupId from the same list of recipients.
Tessera supports API methods that enable the creation of pantheon privacy groups from a compatible blockchain client (for example, Besu).
Upon creation, the privacy group is distributed to all members ahead of transaction processing.
When a private transaction contains a
privacyGroupId, the transaction payload is distributed to all the members of the privacy group.
privacyGroupId is generated by hashing the list of recipient keys plus a random seed. This means that for a given set of recipients, there can be many pantheon privacy groups.
Resident privacy groups, or resident groups, are part of GoQuorum MPS and multi-tenancy. A resident group contains a list of member keys that are locally managed, and those members share the same private state.
Configure resident groups to use multi-tenancy.
Key differences between a resident group and other types of privacy group include:
- A resident group can only contain local keys, not remote keys.
- The name of the resident group is the group identifier.
- Resident groups can be configured in the Tessera configuration file.
A node running a version of Tessera that doesn't support privacy groups can't understand requests containing
privacyGroupId. This can cause inconsistent persisting of data on different nodes.
In API version 3.0, Tessera includes the privacy group in the encoded payload in
/push to only those recipients supporting a correct version, otherwise the transaction fails with
Privacy group APIs
Privacy group compatible blockchain clients (for example, Besu) can be used to create, delete, find, and retrieve privacy groups. Tessera's
Q2T API adds support for these operations.