I am creating a blockchain app in Hyperledger that performs a bidding process for a manufacturing company. The bidding process involves 4 suppliers (Supplier A to Supplier D). The one with the lowest bid wins.
I am able to create the chaincode for this. However, since it is a blockchain, the suppliers can see each other's bid (e.g., by simply looking at the contents of the blocks). In addition, the non-winning suppliers will know who actually won the bidding process.
I want to enforce the following privacy rules in the blockchain:
a. the bid of a particular supplier should be viewable only by the manufacturing company and the supplier itself (e.g., supplier A cannot see the bid of supplier B)
b. only the manufacturing company and the winning supplier knows who won (e.g., if supplier A loses the bid, supplier A only knows that it lost the bid but has no idea who won)
I have looked at the purpose of the transaction certificate, and I think this will address my privacy concerns.
I am able to request for multiple transaction certificates using the REST API. However, I am not sure how to utilize the transaction certificates.
Is it meant to be used outside of the chaincode (e.g., is it is used to encrypt parameters that will be passed to an invoke function)?
Or is it meant to be passed as a parameter to a chaincode function and use it inside the chaincode to encrypt a particular data before storing it in the blockchain?
How do I perform the actual encryption using the transaction certificates?
I am currently using v0.6 of the Hyperledger fabric for my chaincode. For my front end, I'm using Node.JS HFC SDK v0.6.5.
Is there a sample code that I can use as a basis to understand how transaction certificates are used to address privacy?