Business process collaboration between independent parties can be challenging, especially if the participants do not have complete trust in each other. Tracking actions and enforcing the activity authorizations of participants via blockchain-hosted smart contracts is an emerging solution to this lack of trust, with most state-of-the-art approaches generating the orchestrating smart contract logic from BPMN models. However, as a significant drawback in comparison to centralized business process orchestration, smart contract state typically leaks potentially sensitive information about the state of the collaboration. We describe a novel approach where the process manager smart contract only stores cryptographic commitments to the state and checks zero-knowledge proofs on update proposals. We cover a representative subset of BPMN, support message passing commitments between participants and provide an open-source end-to-end implementation. Under our approach, no party external to the collaboration can gain trustable knowledge of the current state of a process instance (barring collusion with a participant), even if it has full access to the blockchain history.

翻译：独立方之间的业务流程协作可能具有挑战性，尤其当参与者之间缺乏完全信任时。通过区块链托管的智能合约跟踪操作并强制执行参与者的活动授权，是应对这种信任缺失的新兴解决方案，当前大多数先进方法会从BPMN模型生成编排智能合约逻辑。然而，与中心化业务流程编排相比，其显著缺陷在于智能合约状态通常会泄露关于协作状态的潜在敏感信息。我们提出一种新方法：流程管理器智能合约仅存储状态加密承诺，并在更新提案上验证零知识证明。该方法覆盖BPMN代表性子集，支持参与者间的消息传递承诺，并提供开源端到端实现。在该方法下，任何协作外部方（除非与参与者合谋）即便拥有区块链完整访问权限，也无法获得流程实例当前状态的可信知识。