LOAP: Versioned Auditing Tool using Blockchain (Ethereum) and Immutable Distributed Storage (IPFS)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.readme
app
.babelrc
.eslintignore
.eslintrc
.gitignore
KU BlockChain Summer School - MaerskVATfinal - Group 1 - No Video.pptx
README.md
demo-video.mov
package-lock.json
package.json
truffle.js
webpack.config.js
yarn.lock

README.md

LOAP - A Versioned Auditing tool based on the MerkleDAG and a Blockchain

LOAP

The goal of our project is to combine two main technologies and provide a versioned structure to publish files for later auditing. It is designed to solve a practical problem related to the Indirect Tax for Maersk, but it can also be applied to different applications.

This repository contains documents and the code used during and after the Blockchain Summer School 2017 in Copenhagen (and hackathon). This solution has been developed by the Group 1 assigned on the Maersk use case of Indirect Tax.

Problem

When files are modified in a chain of changes by a set of untrusted entities, a lot of errors may happen, making an invalid end result. Most of those errors are caused by Human mistakes or data corruption/inconsistency.

Proposal

We propose a modular solution that can be integrated in existing workflows to reduce the human error when transfering/exchanging data and ensure consistency and immutability over the content that is manipulated in each step of the chain.

The solution is designed so that every time new data is modified, a new MerkleDAG is created. This structure includes:

  • The hash of the Previous structure/version (or input of the process)
  • The hash of the Original structure/version
  • All the hash of the files added/modified.

By using the MerkleDAG and the hash as address of immutable content, we can navigate between versions and obtain a chain of changes. As a version is addressed by a single hash and linked with the other versions, auditors can identify what was changed in one single step of the chain of changes.

By using symmetric cryptography and a PKI to manage authorization, we can easily publish in a Blockchain the hashes of the MerkleDAG. The public key used will allow the auditors to identify and validate who applied changes.

By using a Blockchain that uses hashes of symmetric keys to identify entities, we can use the first MerkleDAG hash generated in the chain as a way to track statuses and updates of the chain of changes.

More details of the idea developed are including a way to reduce human error. Each changes in the chain could be replaced by an automatic and non-human process, that will deterministically generate the changes from one version to the next one. This allows auditors to just validate the steps by re-running them and compare the results' hashes with the one published in the blockchain or in the MerkleDAG versions. This process is not part of the example as it would require more work to create a standard format and software to replace more than 30+ existing entities manipulating the data.

PoC implementation

Using a blockchain to store also the data is too expensive in terms of fees per transaction, as existing database and cloud storage solution are not providing an immutable, content-addressed, decentralised storage solution (ex: 404 of any URL).

For this reasons the project is using IPFS and Ethereum blockchain to provide a decentralized solution for multiple parties to: distribute, mantain, obtain an validate the changes applied to files and documents, and as well the MerkleDAG generated for each chain of changes.

IPFS also provides a storage solution that fits the needs of auditors and companies to mantain data for over than 5, 10 or 15 years, as long as all the entity are holding the content generated.

The example implementation does not focus on encryption of the content. Some of these solution are a work in progress, and should be explored separately.

How to run the PoC

The PoC requires the following software installed and running in background:

To run the PoC you need to install the dependencies required: run npm install or yarn to install everything needed.

Once ready, you can start the development server locally and then browse the URL provided (usually http://localhost:8080). To do so run: npm run dev or yarn run dev.

If you are using MetaMask, remember to use the TestNet. You can also use ethereumjs-testrpc to import accounts and to use it locally.

Contacts and Contributors

The partecipant of hackathon that created and developed this project are: