Screen.Recording.2025-03-16.at.8.00.36.AM.mov
This project implements a quantum-resistant healthcare information exchange platform using Hyperledger Fabric and Hedera Hashgraph, with post-quantum cryptography (PQC) integrated throughout all communication layers.
The system connects healthcare organizations (Hospital A and Hospital B) via multiple secure communication channels:
- Hyperledger Fabric - Enterprise blockchain for storing verifiable healthcare records
- Hedera Hashgraph - For additional consensus and immutable timestamping
- Asterisk PBX - For secure voice/video communication with quantum-enhanced SRTP
- MQTT - For secure messaging with quantum-resistant encryption
- Libp2p - For peer-to-peer networking between organizations
The system implements two quantum-resistant algorithms:
- Falcon-1024 - For digital signatures, replacing ECDSA
- Kyber-512 - For key encapsulation, replacing RSA/Diffie-Hellman
| Service | Description | Port(s) |
|---|---|---|
peer0.Hospital_A.example.com |
Fabric peer for Hospital A | 7051 |
peer0.Hospital_B.example.com |
Fabric peer for Hospital B | 7061 |
orderer.example.com |
Hyperledger Fabric orderer | 7050 |
couchdb |
State database for Fabric | 5984 |
asterisk |
Quantum-enhanced SIP/VoIP server | 5060-5062, 8088, 8089 |
quantum_sip |
SIP service with quantum security | 8000 |
quantum_srtp |
Secure Real-time Transport with quantum enhancements | - |
quantum_mqtt |
MQTT client with quantum security | - |
mqtt |
MQTT broker | 1883, 9883 |
wallet-service |
Hedera wallet operations | 3000 |
hedera-bridge |
Bridge between Hyperledger and Hedera | - |
libp2p-bridge |
P2P networking between organizations | 4001, 8085 |
minio |
Object storage | 9000, 9001 |
timescaledb |
Time-series database | 5432 |
- HybridSecuritySystem - Combines quantum and classical cryptography
- PostQuantumSessionSecurity - Session management with quantum resistance
- QuantumEnhancedSRTP - Secure Real-time Transport Protocol with quantum key exchange
- EnhancedEncryption - Encryption layer with quantum entropy
- SecureKeyManager - Manages Falcon and Kyber keys
- Docker and Docker Compose
- Python 3.9+
- Hyperledger Fabric binaries (cryptogen, configtxgen)
- Network access for Hedera integration
-
Clone the repository:
-
Build the Docker images:
docker-compose build
-
Generate cryptographic materials:
./init-quantum.sh generate
-
Start the network:
docker-compose up -d
crypto-config.yaml- Organization and cryptographic setupdocker-compose.yml- Container configurationnetwork_config.yaml- Fabric network configurationconfigs/asterisk/*.conf- Asterisk configuration files
The orderer requires proper quantum key configuration:
-
Ensure orderer keys are generated:
# Check if orderer keys exist ls -la crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/quantum_keys/ # If missing, run python quantum_cryptogen.py generate --config=crypto-config.yaml
-
Update orderer environment in
docker-compose.yml:orderer.example.com: environment: # Add these specific configurations - ORDERER_GENERAL_QUANTUM_ENABLED=true - ORDERER_GENERAL_QUANTUM_KEYSTORE=/var/hyperledger/orderer/quantum_keys - ORDERER_GENERAL_QUANTUM_KEYTYPES=["Falcon","Kyber"]
Possible fixes for Hospital B handshake issues:
-
Check TLS certificates:
# Verify certificates exist ls -la crypto-config/peerOrganizations/Hospital_B.example.com/peers/peer0.Hospital_B.example.com/tls/ -
Ensure quantum keys are properly generated:
# Check quantum keys ls -la keys/Hospital_B.example.com/ -
Check network connectivity:
# From Hospital A container docker exec -it peer0.Hospital_A.example.com ping peer0.Hospital_B.example.com # Test TLS connection docker exec -it peer0.Hospital_A.example.com openssl s_client -connect peer0.Hospital_B.example.com:7061
-
Update SIP configuration in
configs/asterisk/pjsip.conf:[Hospital_B_endpoint] type=endpoint transport=transport-tls context=from-external disallow=all allow=ulaw allow=alaw aors=Hospital_B_endpoint auth=Hospital_B_auth direct_media=no trust_id_inbound=yes
To fix Asterisk auto-start issues:
-
Update entrypoint script permissions:
chmod +x entrypoint_asterisk.sh
-
Check Asterisk module:
# Verify module exists ls -la asterisk_modules/res_quantum/res_quantum.so # Ensure module is loaded in config grep "res_quantum" configs/asterisk/modules.conf
-
Update
modules.conf:[modules] autoload=yes load => res_quantum.so -
Fix directory permissions in Docker startup:
# Add to entrypoint_asterisk.sh chmod -R 750 /etc/asterisk chown -R asterisk:asterisk /etc/asterisk
To resolve Libp2p connection issues with Hospital B:
-
Check libp2p configuration in docker-compose.yml:
libp2p-bridge: environment: # Update peer addresses with correct port - PEER_ADDRESSES=Hospital_B:7061 # Ensure TLS is properly configured - USE_TLS=true
-
Check network connectivity:
# Test connectivity to Hospital B libp2p port docker exec -it libp2p-bridge ping peer0.Hospital_B.example.com docker exec -it libp2p-bridge nc -zv peer0.Hospital_B.example.com 7061
-
Check for proper certificate setup:
# Verify TLS certificates ls -la certificates/Hospital_B.example.com/
After resolving configuration issues, test the full integration:
-
Initialize the blockchain with test data:
docker exec -it cli ./entrypoint.sh -
Test SIP connectivity:
# From Hospital A to Hospital B docker exec -it asterisk asterisk -rx "pjsip show endpoint Hospital_B_endpoint"
-
Test Hedera integration:
# Submit test transaction docker exec -it hedera-bridge python3 -c "from hedera_bridge import HederaFabricBridge; bridge = HederaFabricBridge('Hospital_A'); print(bridge.check_health())"
For assistance, please contact meka.lindquist@mirrorwell.io