Verifiable data hashes in blockchain

Image for post
Image for post
An example of a hash value. Note the extra . but the same but totally different 56 character hash length.

REQUIREMENT
Store and lookup (encrypted) hashes of data in blochckains like Bitcoin and Cardano.

PROBLEM
Sometimes we want to be sure when a file or a piece of data was created and that it was not modified afterwards.

The more security measures we take, the more certain we are that data was not modified. Threats can come from sources like flawed software, malware, hackers, employees, etc.

Security measures can be: screening of employees, firewalls, identity and access management, logging and monitoring, anti-malware, code review, etc.
The more measures are taken, the higher the costs.
If the verification of the integrity can be guaranteed, then the level of security could possibly be lowered. Securing the integrity should always be in place, but in this case the focus could be leveraged between preventing and detecting.

IDEA
Create a hash of a file or piece of data and store the hash in a blockchain.
A hash function is any function that can be used to map data of arbitrary size to data of a fixed size.

Storing the hash in both the Bitcoind and Cardano blockchain can increase the level of trust. Encrypting the hash before storing it will guarantee confidentiality. In some cases you don’t want to expose on a public blockchain that a specific (public) file (hash) was in your possession (at an early date).

EXAMPLE
In this (non blockchain) example a proposal made by the EU was finalized in januari 10 2017 as stated in this PDF:
http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241

Image for post
Image for post
A (non-blockchain) example of a SHA-1 hash value from a pdf file.

I uploaded and stored the hash in virustotal on october 5 2018.
https://www.virustotal.com/#/file/e97bab9e3b083390fdab0f18ca04129864b8cf76219f0772314395d1ca55f773/details

We cannot guarantee that the file has been changed between januari 10 2017 and october 5 2018. But by verifying the hash everyone can verify that that exact file on europa.eu has not been changed since october 5 2018. Verification can be done by everyone by checking the pdf against your own tool like https://www.fileformat.info/tool/hash.htm and verify it with the public ledger at virustotal (the non blockchain example).

POSSIBLE PRODUCT INNOVATIONS
Here are two lists of possible products which can be innovated by adding capabilities to write their hashes in one or more blockchains:
https://en.wikipedia.org/wiki/File_integrity_monitoring
https://en.wikipedia.org/wiki/Category:Document_management_systems

Additionally someone could create a website where customers can upload their files manually. Like the virustotal example, but then on a blockchain like Bitcoin and Cardano.

VARIATIONS
One variation could be to store the hash of every file/log entry/dataset in a blockchain.

Additionally the product could combine some hashes into one other hash which will be stored in the blockchain. This will save transactions (costs) on the blockchain.

CODE EXAMPLE
“The simplest way would be to define a contract with two attributes, an address used for access control (so that only an account that you control can write to the contract) and a byte array for the actual storage container:”
contract Storage {
address owner = 0xdeadbeef…; // <= define the address you control (have the private key to)
bytes32[] storageContainer;
function pushByte(bytes32 b) {
storageContainer.push(b);
}
}
Source: https://ethereum.stackexchange.com/questions/7842/storing-document-file-in-blockchain

The next step would be to program the software to (periodically) check the hashes or provide the hashes to another integrity monitoring program.

Hope
My hope and believe is that information security will increase by adopting innovations like blockchain.

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store