Coco Framework

Microsoft COCO Framework.

Right now I’m in the back of a BA Airbus A380 on the way to an LT meeting in Miami, so what better to do than to watch some videos on blockchain? Before I left I managed to download a bunch of content from Channel 9, one of the Microsoft training sites. One particular mini series is a couple of videos where Mark Russinovich introduces blockchain.

The first video runs through many of the basics of how blockchains actually work, and in particular covers some good clear diagrams of the hashing process so you really can get a good idea of how the whole things hangs together and avoids the double spend issue. However, the second in the series takes you through the enhancements that Microsoft has made available with the COCO Framework.

Right now in business to business scenarios, like supply chain, or financial institutions, or even within large corporations between departments, there is very often a need for organizations to transact with each other. After all, that is what drives global commerce. However, how that happens is often inefficient and frequently requires a trusted third party to arbitrate. Think for example, SWIFT, that sits between the major banks processing payments. Now a blockchain has the potential to get rid of this overhead, because it can achieve transactions between non trusted entities via the distributed ledger. However, that doesn’t get rid of the need for those organization to be able to agree how to work together and codify that in some way. It also doesn’t solve the issue of privacy, as the nature of blockchain is that everyone can see all the transactions to be able to validate and achieve the trust-less transactions. Lack of privacy is not ideal where competition between suppliers or where financial transactions are concerned in general. Finally it doesn’t solve the issues that many blockchains (i.e. Ethereum) have with the ability to process a large number of transactions at speed. Right now Ethereum can process 15-20 transactions per second and often has a latency measured in tens of minutes. On top of that, all the mining energy required to process the hashes that keep the integrity of the chain and process the smart contracts is a massive waste of energy as validation happens across all mining nodes.

COCO is an answer to these problems. It’s not a blockchain in its own right, instead it integrates with blockchains to provide an enterprise trust and governance model. Essentially it provides the capability for a group of participants to agree on a set of rules by which the blockchain should operate. It also starts to solve the latency and bandwidth issues. Ethereum integrated with COCO can achieve 1500+ transactions per second, getting closer to the 2000-5000 that the VISA network processes. In addition because of the way it operates it cuts out the need for mining and smart contract validation on each node, as each node is trusted and thus each transaction once validated on one node is accepted by all others.

You might be wondering how this all works in practice. Well, as always there are layers. At the bottom we’ve got the TEE or trusted execution environment. This can be either hardware or software, but essentially is a place where we can place data and code which is encrypted and which cannot be accessed from the outside. It’s a black box, which can receive input and send outputs, but can’t be directly accessed. This is either implemented in a hardware module like SGX from Intel or the VSM (virtual secure module) built into Windows Server 2016 and protected by the Hypervisor.

The next layer up is the COCO framework. It is the glue which holds things together and also allows the governance rules to be put in place in something called the Constitution. For example, you might agree and implement rules that govern how another party might be added to the network. If you agreed that a majority of agreement was needed, then one entity could propose, via a special admin transaction, that another party be added. Then all others would vote (also by transactions) and the result would be implemented based on the constitution. The COCO framework allows participants to agree on what code runs within the TEE and these governance rules and thus what you have to comply with to be part of the blockchain. If there are any changes to anything within your TEE you are automatically excluded, so there is no chance to break into the network.

Of course on top of the COCO framework runs the blockchain, for example a modified version of Ethereum or others. Microsoft is working to make COCO open source and is partnering with various chains (like JPMC Quorum and Intel Sawtoothlake) to provide integration.

The final piece of the puzzle (for now at least) is that each node member can place ACLs on a transaction, so party A and C can transact without B being able see the content of the transaction. This solves the issues with a single blockchain being used by multiple competitors.

This all sounds pretty interesting, so the next step for me will be to figure out how to set it up in an environment. It can run either fully on prem with Windows Server 2016 or in Azure, so that’s the starting point. I will look into it, and hope to post more here soon.


I did wonder whether NEO is integrated with COCO… as MSFT is running a whole bunch of DAPP (distributed application) competitions with the NEO team I guess it might be, but will find out more and update this.