Ledger¶

Note

See the Ledger and Snapshots section to find out more about how ledger files are generated by CCF nodes and how they should be managed by operators.

The entire service and application state is contained in the ledger (including both governance and application transactions). The ledger contains regular signature transactions (public:ccf.internal.signatures map) which sign the root of the Merkle Tree at the time the signature transaction is emitted.

Tip

Use the read_ledger.py utility available as part of the Python Library to read the public content of a CCF ledger.

Ledger Format¶

The ledger is split into multiple files (or chunks). Each ledger file starts with an 8-byte offset pointing to the end of file where a vector of positions is stored for fast fetching of transactions (only set when a file is complete, internal use only).

The serialised transactions follow the 8-byte offset, as described in Transaction Format.

Note

A complete ledger file always ends on a signature transaction.

Transaction Format¶

The following table describes the structure of a serialised transaction as it is stored in the ledger.

Note

These serialised transactions in CCF currently describes only the final write set rather than the internal execution path of a transaction; writes are reordered, only the final writes are present, and reads are omitted (read count will be 0).

	Field Type			Description
Header	Transaction Header			- Version (1 byte) - Flags (1 byte) - Entry size (6 bytes)
	AES GCM Header			IV and tag fields required to decrypt and verify integrity
	uint64_t			Length of serialised public domain
Public Domain	`ccf::kv::EntryType`			Snapshot, or a WriteSet variant
	`ccf::kv::Version`			Transaction version
	`ccf::crypto::Sha256Hash`			User-defined claims digest, when entry type is WriteSetWith.*Claims
	`ccf::crypto::Sha256Hash`			Commit evidence digest, when entry type is WriteSetWithCommitEvidence.*
	`ccf::kv::Version`			Unused, reserved for compatibility
	Repeating [0..n]			With `n` the number of maps in the transaction
		std::string		Name of the serialised `ccf::kv::Map`
		`ccf::kv::Version`		Read version
		uint64_t		Read count
		Repeating [0..read count]
			uint64_t K Ver	Key length Key Version
		uint64_t		Write count
		Repeating [0..write count]
			uint64_t K uint64_t V	Key length Key Value length Value
		uint64_t		Remove count
		Repeating [0..remove count]
			uint64_t K	Key length Key
Private Domain	Optional \| Encrypted serialised private domain blob.

Transaction Encryption¶

Each entry in the ledger corresponds to a transaction committed by the primary node.

When a transaction is committed, each Store::Map containing writes is serialised in different security domains (i.e. public or private), based on the name of the Map when it was created (default is private). A public Store::Map (i.e. one whose name starts with “public:”) is serialised and stored in the ledger as plaintext while a private Store::Map is serialised and encrypted before being stored.

Ledger entries are integrity-protected and encrypted using a symmetric key shared by all trusted nodes (see Cryptography). This key is kept secure inside each enclave. See Rekeying Ledger for details on how members can rotate the ledger encryption key.

Note that even if a transaction only writes to a private Store::Map, unencrypted information such as the sequence number is always present in the serialised entry.