Microsoft takes aim at new blockchain initiative

CoCo Framework looks to serve as trusted framework for distributed ledger technology.


Executives at healthcare organizations and in other industries are beginning to consider ways that they can use blockchain technology—the basic idea of an immutable, distributed ledger where one version of a set of data is shared among several parties, with no need for middlemen.

The technology holds promise to answer a variety of problems. For example, banks see a way to save money and have fewer disputes, more transparency, faster agreement on and execution of contracts, and better traceability. Healthcare organizations see more opportunities for better interoperability and improved data security.

But these organizations also have a long list of concerns and demands that such technology would need to meet to be acceptable in heavily regulated industries—these include security, data privacy, reliability, speed, control, performance and scalability, among others.



Microsoft announced last week that it’s seeking to provide these missing pieces around distributed ledger technology. It’s called Coco Framework—the name Coco stands for confidential consortium—and it will be posted to Github as an open source project in early 2018.

Also See: Blockchain to pair with other technologies to find healthcare uses

Redmond, Wash.-based Microsoft thus joins a host of vendors and organizations—including IBM, R3, the Hyperledger Project, and Digital Asset Holdings—that have been working to produce a version of distributed ledger technology that industries could feel comfortable using.

Microsoft wants to be perceived as a thought leader in this space. And though blockchain nodes run by Coco don’t have to run in Microsoft’s Azure, they can, so Microsoft hopes Coco will give its cloud computing business a boost.

Significantly, JPMorgan Chase—an early innovator in this space that’s developed its own Ethereum-based blockchain, Quorum—Intel, bank-backed distributed ledger company R3 and supply chain company Mojix (which has blockchain technology for the retail and supply chain industry) are supporting Microsoft’s efforts. Work has already been done to integrate the public Ethereum blockchain with it, as well as Quorum, R3's Corda, and the Hyperledger Sawtooth.

"Information sharing is what powers business at this point," said Amber Baldet, executive director and blockchain program lead at JPMorgan Chase. "We see a lot of opportunity in mutualization of infrastructure and being able to share information not only quickly but with a high degree of security and trust in the veracity of that information. Blockchain and distributed ledger help us do that.”

The Coco Framework creates a trusted network of distributed nodes, a little like bitcoin’s mining nodes but without the electricity-guzzling process of mining. This network maintains a distributed key value store, using the RAFT protocol. Communication between applications and nodes and between nodes are secured with Transport Layer Security authentication.

At the heart of the Coco Framework is what Microsoft calls a Trusted Execution Environment (TEE)—a secure container of sorts for code, data and transactions that can be based on hardware (such as Intel’s Software Guard Extensions) or software (such as Microsoft’s Virtual Secure Mode). Members of a Coco network run validating nodes in which instances of the blockchain are run within a protected enclave of the TEE.

The Coco Framework also provides a constitution, meaning a complete expression of network policies—which members are allowed to use it, a list of members in this network, what are the nodes in the network, what versions of software could be running on the Coco Framework. The constitution is managed through distributed voting.

Microsoft and its partners set out to address several perceived shortcomings of the bitcoin blockchain that its clients had noted. One is speed, or more correctly, the lack of it. Throughput on the Ethereum blockchain is around 10 to 20 transactions per second. Large organizations often need to process thousands of transactions per second, pointed out Mark Russinovich, chief technology officer for Microsoft Azure. And latency, or data transmission delays, in the Ethereum blockchain can be tens of seconds or even minutes—that’s too long for many businesses to tolerate. The slowness and delays on Ethereum are caused by the distributed consensus algorithms, according to Russinovich.

"No party trusts anybody else, so that requires a very distributed consensus algorithm to take place and it requires the parties to prove they're trustworthy," Russinovich said. To speed things up, the Coco Framework abandons the concept of mining and the distributed consensus algorithm. "All the parties trust the code that's in the trusted execution environment and trust the TEE to protect the confidentiality of that code and data," Russinovich said. "They can achieve centralized database levels of transaction latency and throughput."

The second challenge they addressed was confidentiality. Banks and healthcare organizations, for example, don't want their peers to see all the transactions being processed on a shared ledger.

"On today's blockchain systems, it's very difficult to provide that kind of confidentiality," Russinovich noted. "People have to implement very complex systems of cryptography to try to hide what's behind the transactions. What you've got running inside the TEE is not visible to anybody outside, and so once you put the code and data inside that with the system around that, confidentiality becomes just an access control problem—who's authorized to see the decrypted data?” Russinovich said.

A third aspect of blockchain technology that businesses balk at is the way members are allowed in. Anyone can use a public ledger. However, the Coco Framework leverages code inside the TEEs to provide governance for the network, including voting new members in.

According to Rick Echevarria, vice president of the software and services group and general manager of platforms security at Intel, the key thing Coco provides is trust.

“Most people base the business case for blockchain on the pure efficiencies this type of model can enable,” Echevarria said. “But for you to do that, you have to build something called trust — a lot of people in the industry call blockchain the equivalent of a trust protocol. How do you make trust happen? Data governance and confidentiality.”

Baldet at JPMorgan acknowledged that some industries, such as financial services and healthcare, still have a ways to go before they’re ready for blockchain.

“Enterprise adoption and transformation of existing industries doesn't happen just because a technology falls in people's laps,” she said. “We're spending more time thinking about what market transformation means. The first things we see move to production will probably be more lift-and-drop of existing market models leveraging the new technology to achieve additional efficiency.

“Within a highly regulated industry like finance or healthcare, those changes are going to be relatively slow,” she said. “We can build demos and prototypes, but it’s not just winning hearts and minds; you need to also engage with regulators and lawyers and your peers in the market to agree on a solution, and that takes time.”

This article originally appeared in American Banker.

More for you

Loading data for hdm_tax_topic #better-outcomes...