Skip to main content

Use flexible privacy groups (Deprecated)

caution

Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this blog post for more context on the rationale behind this decision as well as alternative options.

Use the web3js-quorum library to create and update membership of flexible privacy groups.

tip

Because group membership for flexible privacy groups is stored in a smart contract, flexible privacy groups are also known as onchain privacy groups.

info

Flexible privacy groups are an early access feature. Don't use in production networks.

The flexible privacy group interfaces may change between releases. There might not be an upgrade path from flexible privacy groups created using v1.5 or earlier to enable use of flexible privacy group functionality in future versions.

We don't recommend creating flexible privacy groups in a chain with existing offchain privacy groups.

Enable flexible privacy groups

Use the --privacy-flexible-groups-enabled command line option to enable flexible privacy groups. When flexible privacy groups are enabled, the priv_createPrivacyGroup, priv_deletePrivacyGroup, and priv_findPrivacyGroup methods for offchain privacy groups are disabled.

Simple flexible privacy group example

To create and find a flexible privacy group using the web3js-quorum library:

  1. Update the example/keys.js file to match your network configuration.

  2. Run:

    cd example/onchainPrivacy
    node simpleExample.js

    This script creates the flexible privacy group with two members. findPrivacyGroup finds and displays the created privacy group.

tip

The Tessera logs for Tessera 1 and Tessera 2 display PrivacyGroupNotFound errors. This is expected behavior because private transactions check offchain and onchain to find the privacy group for a private transaction.

Add and remove members

To add and remove members from a flexible privacy group, use the addTo and removeFrom methods in the web3js-quorum library client library.

note

When adding a member, Besu pushes all existing group transactions to the new member and processes them. If there are a large number of existing transactions, adding the member may take some time.