Hyperledger Fabric is a modular and extensible open-source system for deploying and operating permissioned blockchains, one of the Hyperledger projects hosted by the Linux Foundation. It is the first truly extensible blockchain system for running distributed applications, supporting modular consensus protocols and allowing the system to be tailored to specific use cases and trust models. Fabric is also the first blockchain system that runs distributed applications written in standard, general-purpose programming languages without systemic dependency on a native cryptocurrency. This contrasts with existing blockchain platforms that require smart contracts to be written in domain-specific languages or rely on a cryptocurrency. Fabric realizes the permissioned model using a portable notion of membership, which may be integrated with industry-standard identity management. To support flexibility, Fabric introduces an entirely novel blockchain design and revamps the way blockchains cope with non-determinism, resource exhaustion, and performance attacks. The paper describes Fabric, its architecture, the rationale behind various design decisions, its most prominent implementation aspects, as well as its distributed application programming model. It further evaluates Fabric by implementing and benchmarking a Bitcoin-inspired digital currency, showing that Fabric achieves end-to-end throughput of more than 3500 transactions per second in certain popular deployment configurations, with sub-second latency, scaling well to over 100 peers. Fabric introduces a new blockchain architecture aiming at resiliency, flexibility, scalability, and confidentiality. It is designed as a modular and extensible general-purpose permissioned blockchain, supporting the execution of distributed applications written in standard programming languages, allowing them to be executed consistently across many nodes. This makes Fabric the first distributed operating system for permissioned blockchains. The architecture of Fabric follows a novel execute-order-validate paradigm for distributed execution of untrusted code in an untrusted environment. It separates the transaction flow into three steps: (1) executing a transaction and checking its correctness, thereby endorsing it; (2) ordering through a consensus protocol, irrespective of transaction semantics; and (3) transaction validation per application-specific trust assumptions, which also prevents race conditions due to concurrency. Fabric's architecture combines passive and active replication, allowing it to respect application-specific trust assumptions according to the transaction endorsement. The ordering of state updates is delegated to a modular component for consensus, which is stateless and logically decoupled from the peers that execute transactions and maintain the ledger. Since consensus is modular, its implementation can be tailored to the trust assumption of a particular deployment. Fabric contains modular building blocks for each of the following components: an ordering service atomically broadcasts state updates to peers and establishes consensus on the order of transactions; a membership service provider is responsible for associating peers with cryptographic identities; an optional peer-to-peer gossip service disseminates the blocks output by the ordering service to all peers; smart contracts in Fabric run within a container environment for isolation; and each peer locally maintains the ledger in the form of the append-only blockchain and as a snapshot of the most recent state in a key-value store.Hyperledger Fabric is a modular and extensible open-source system for deploying and operating permissioned blockchains, one of the Hyperledger projects hosted by the Linux Foundation. It is the first truly extensible blockchain system for running distributed applications, supporting modular consensus protocols and allowing the system to be tailored to specific use cases and trust models. Fabric is also the first blockchain system that runs distributed applications written in standard, general-purpose programming languages without systemic dependency on a native cryptocurrency. This contrasts with existing blockchain platforms that require smart contracts to be written in domain-specific languages or rely on a cryptocurrency. Fabric realizes the permissioned model using a portable notion of membership, which may be integrated with industry-standard identity management. To support flexibility, Fabric introduces an entirely novel blockchain design and revamps the way blockchains cope with non-determinism, resource exhaustion, and performance attacks. The paper describes Fabric, its architecture, the rationale behind various design decisions, its most prominent implementation aspects, as well as its distributed application programming model. It further evaluates Fabric by implementing and benchmarking a Bitcoin-inspired digital currency, showing that Fabric achieves end-to-end throughput of more than 3500 transactions per second in certain popular deployment configurations, with sub-second latency, scaling well to over 100 peers. Fabric introduces a new blockchain architecture aiming at resiliency, flexibility, scalability, and confidentiality. It is designed as a modular and extensible general-purpose permissioned blockchain, supporting the execution of distributed applications written in standard programming languages, allowing them to be executed consistently across many nodes. This makes Fabric the first distributed operating system for permissioned blockchains. The architecture of Fabric follows a novel execute-order-validate paradigm for distributed execution of untrusted code in an untrusted environment. It separates the transaction flow into three steps: (1) executing a transaction and checking its correctness, thereby endorsing it; (2) ordering through a consensus protocol, irrespective of transaction semantics; and (3) transaction validation per application-specific trust assumptions, which also prevents race conditions due to concurrency. Fabric's architecture combines passive and active replication, allowing it to respect application-specific trust assumptions according to the transaction endorsement. The ordering of state updates is delegated to a modular component for consensus, which is stateless and logically decoupled from the peers that execute transactions and maintain the ledger. Since consensus is modular, its implementation can be tailored to the trust assumption of a particular deployment. Fabric contains modular building blocks for each of the following components: an ordering service atomically broadcasts state updates to peers and establishes consensus on the order of transactions; a membership service provider is responsible for associating peers with cryptographic identities; an optional peer-to-peer gossip service disseminates the blocks output by the ordering service to all peers; smart contracts in Fabric run within a container environment for isolation; and each peer locally maintains the ledger in the form of the append-only blockchain and as a snapshot of the most recent state in a key-value store.