Business process collaboration between independent parties can be challenging, especially if the participants do not have complete trust in each other. Tracking actions and enforcing the activity authorizations of participants via blockchain-hosted smart contracts is an emerging solution to this lack of trust, with most state-of-the-art approaches generating the orchestrating smart contract logic from BPMN models. However, as a significant drawback in comparison to centralized business process orchestration, smart contract state typically leaks potentially sensitive information about the state of the collaboration. We describe a novel approach where the process manager smart contract only stores cryptographic commitments to the state and checks zero-knowledge proofs on update proposals. We cover a representative subset of BPMN, support message passing commitments between participants and provide an open-source end-to-end implementation. Under our approach, no party external to the collaboration can gain trustable knowledge of the current state of a process instance (barring collusion with a participant), even if it has full access to the blockchain history.

翻译：独立方之间的业务流程协作具有挑战性，尤其当参与方之间缺乏完全信任时。通过区块链托管的智能合约追踪操作并强制执行参与者的活动授权，是解决这种信任缺失的新兴方案，当前主流方法均从BPMN模型生成编排智能合约逻辑。然而，与集中式业务流程编排相比，智能合约状态通常会泄露协作状态的潜在敏感信息，这是其显著缺陷。本文提出一种新方法：流程管理器智能合约仅存储状态的密码学承诺，并对更新提案进行零知识证明验证。我们覆盖了BPMN的代表性子集，支持参与方之间的消息传递承诺，并提供开源端到端实现。在该方法下，任何协作外部方（与参与者共谋的情况除外）即使拥有区块链的完整历史访问权限，也无法获取流程实例当前状态的可信知识。