Corda's Data Model

Let’s study the data model of Corda in detail.

We'll cover the following

States
Corda transaction
- Smart contract
Corda’s data model for electronic money
Fault tolerance and availability with a Notary cluster
Implications of permissions on Corda nodes and notaries

States

States represent the shared facts between Corda nodes. States are immutable objects which can contain arbitrary data depending on the use case.

Since states are immutable, they cannot be modified directly to reflect a change in the state of the world. Instead, the current state is marked as historic and is replaced by a new state, which creates a chain of states that gives us a full view of the evolution of a shared fact over time. A Corda transaction does this evolution.

Corda transaction

Corda transaction specifies the states marked as historic (also known as the input states of the transaction) and the new states that supersede them (also known as the output states of the transaction).

Of course, there are particular rules to specify the kind of states each state can be replaced by. Smart contracts specify these rules, and each state also contains a reference to the contract that governs its evolution.

Smart contract

The smart contract is a pure function that takes a transaction as an input and determines whether this transaction is considered valid based on the contract’s rules.

Transactions can also contain commands, which indicate the transaction’s intent regarding how the data of the states are used. Each command is also associated with a list of public keys that need to sign the transaction to be valid.

In the above illustration, each state represents an amount of money issued by a specific bank and owned by a specific party at some point in time. We can see that Alice combines two cash states to perform payment and transfer 10 GBP to Bob. After that, Bob decides to redeem this money to get some cash from the bank.

As shown in the above illustration, there are two different commands for each case. We can also guess some of the rules of the associated contract for this Cash state.

For a Spend command, the contract will verify that the sum of all input states equals the sum of all output states so that no money is lost or created out of thin air. It will most likely check that the Spend command contains all the owners of the input states as signers, which need to attest to this transfer of money.

Double-spend problem

In the above example, we can notice that nothing would prevent someone from spending a specific cash state to two different parties who would not be able to detect that. This is known as double-spend.

Preventing double-spend

Double-spend is prevented in Corda via the concept of notaries.

A notary is a Corda service responsible for attesting that a specific state is not spent more than once.

Transaction finalization

In practice, every state is associated with a specific notary and every transaction that wants to spend this state needs to acquire a signature from this notary that proves that the state was not spent already by another transaction. This process is known as transaction finalization in Corda.

Fault tolerance and availability with a Notary cluster

The notarisation services are not necessarily provided by a single node; it can also be a notary cluster of multiple nodes in order to provide better fault tolerance and availability. In that case, these nodes will form a consensus group.

Corda allows the consensus algorithm used by the notary service to be pluggable depending on the requirements in terms of privacy, scalability, performance, etc. For instance:

A notary cluster might choose to use a crash fault tolerant (CFT) consensus algorithm (e.g., Raft) that provides high performance but also requires high trust between the nodes of the cluster.
Alternatively, a notary cluster might choose to use a byzantine fault tolerant (BFT) algorithm that provides lower performance but also requires less trust between the nodes of the cluster.

Implications of permissions on Corda nodes and notaries

Permissioning has different implications on regular Corda nodes and notaries.

In the first case, it forms the foundation for authentication of communication between nodes.
In the second case, it makes it easier to detect when a notary service deviates from a protocol (e.g., violating finality), identify the associated real-world entity, and take the necessary actions.

This means that finalized transactions are not reversible in Corda unless someone violates the protocol.

Note: Corda is in contrast to some other distributed ledger systems where nodes are anonymous and can thus collude in order to revert historic transactions, such as Bitcoin.

As mentioned previously, in some cases, even a limited amount of protocol violation can be tolerated, i.e., when using a byzantine consensus protocol.

Get hands-on with 1400+ tech skills courses.

Before Getting Started

Introduction to Distributed Systems

Basic Concepts and Theorems

Distributed Transactions

Achieving Isolation

Achieving Atomicity

Concluding Distributed Transactions

Consensus

Time

Order

Networking

Security

Security Protocols

From Theory to Practice

Case Study 1: Distributed File Systems

Case Study 2: Distributed Coordination Service

Case Study 3: Distributed Data Stores

Case Study 4: Distributed Messaging System

Case Study 5: Distributed Cluster Management

Case Study 6: Distributed Ledger

Case Study 7: Distributed Data Processing Systems

Practices & Patterns

Communication Patterns

Coordination Patterns

Data Synchronization

Shared-nothing Architectures

Distributed Locking

Compatibility Patterns

Dealing with Failure

Distributed Tracing

Concluding this Course

Corda's Data Model

States

Corda transaction

Smart contract