Motivation: LedgerView aims to bolt the access-control views to permissioned blockchains. So that access to sensitive information in the ledger is limited and concealed from users who do not have proper access permissions. LedgerView is essential for blockchain applications that place overarching concern on data privacy and confidentiality.

Architecture: The LedgerView system architecture is shown in the following figure. Each blockchain node is associated with a view manager, under the same administrative domain of the view owner (dashed box). Transactions with secret data are added to the blockchain and accessed through a view manager. The view contract provides the integrity guarantee.

Key Features: (1) LedgerView allows clients to hide their secret blockchain transaction payloads in ciphered texts from the public. But some users are allowed to access the raw contents of the secret payloads of qualified transactions, as long as they are granted access permission from clients. Qualified transactions are determined by a view predicate.

(2) The blockchain's security guarantees the integrity and correctness of view results. Such correctness can further be broken into Soundness -- no unqualified transactions are returned -- and Completeness -- no qualified transactions are ignored. Technically, LedgerView provides two types of views—irrevocable and revocable, according to whether access to sensitive information can or cannot be revoked. For each type, we also provide two data encryption options, key-based or hash-based.

Github Link: https://github.com/sbip-sg/BlockchainView. We build the LedgerView on Hyperledger Fabric 2.2.