LOAP - A Versioned Auditing tool based on the MerkleDAG and a Blockchain
The goal of our project is to combine two main technologies and provide a versioned structure to publish files for later auditing. It is designed to solve a practical problem related to the Indirect Tax for Maersk, but it can also be applied to different applications.
This repository contains documents and the code used during and after the Blockchain Summer School 2017 in Copenhagen (and hackathon). This solution has been developed by the Group 1 assigned on the Maersk use case of Indirect Tax.
When files are modified in a chain of changes by a set of untrusted entities, a lot of errors may happen, making an invalid end result. Most of those errors are caused by Human mistakes or data corruption/inconsistency.
We propose a modular solution that can be integrated in existing workflows to reduce the human error when transfering/exchanging data and ensure consistency and immutability over the content that is manipulated in each step of the chain.
The solution is designed so that every time new data is modified, a new MerkleDAG is created. This structure includes:
- The hash of the Previous structure/version (or input of the process)
- The hash of the Original structure/version
- All the hash of the files added/modified.
By using the MerkleDAG and the hash as address of immutable content, we can navigate between versions and obtain a chain of changes. As a version is addressed by a single hash and linked with the other versions, auditors can identify what was changed in one single step of the chain of changes.
By using symmetric cryptography and a PKI to manage authorization, we can easily publish in a Blockchain the hashes of the MerkleDAG. The public key used will allow the auditors to identify and validate who applied changes.
By using a Blockchain that uses hashes of symmetric keys to identify entities, we can use the first MerkleDAG hash generated in the chain as a way to track statuses and updates of the chain of changes.
More details of the idea developed are including a way to reduce human error. Each changes in the chain could be replaced by an automatic and non-human process, that will deterministically generate the changes from one version to the next one. This allows auditors to just validate the steps by re-running them and compare the results' hashes with the one published in the blockchain or in the MerkleDAG versions. This process is not part of the example as it would require more work to create a standard format and software to replace more than 30+ existing entities manipulating the data.
Using a blockchain to store also the data is too expensive in terms of fees per transaction, as existing database and cloud storage solution are not providing an immutable, content-addressed, decentralised storage solution (ex: 404 of any URL).
For this reasons the project is using IPFS and Ethereum blockchain to provide a decentralized solution for multiple parties to: distribute, mantain, obtain an validate the changes applied to files and documents, and as well the MerkleDAG generated for each chain of changes.
IPFS also provides a storage solution that fits the needs of auditors and companies to mantain data for over than 5, 10 or 15 years, as long as all the entity are holding the content generated.
The example implementation does not focus on encryption of the content. Some of these solution are a work in progress, and should be explored separately.
How to run the PoC
The PoC requires the following software installed and running in background:
To run the PoC you need to install the dependencies required: run
yarn to install everything needed.
Once ready, you can start the development server locally and then browse the
URL provided (usually
http://localhost:8080). To do so run:
npm run dev or
yarn run dev.
If you are using MetaMask, remember to use the TestNet. You can also use ethereumjs-testrpc to import accounts and to use it locally.
Contacts and Contributors
The partecipant of hackathon that created and developed this project are: