Provide counterfeit data protection for end users of service – tools?

Question

I need to create a service but i need a help with choice of tools.

Imagine service in which users create some data that have value in historical view (e.g. transactions). Other users can see this data but they need a proof that data are real and not falsified by users or even by service.

Example:

User A creates record with number 42
Couple of months passes
User B see this record and wants to be sure that service can't update this record with any other number 37
Service has trust window with 24 hours: it even can change users data, which were made on this day.

Question: Which instruments can help me to achieve that?

I was thinking about doing public daily backups (or reports?) that any user can download. From each report hash will be calculated and inserted into next backup – thus, a chan of hashes created. If service will change something in past, then hashes in this chain will not converge. Of course, i'll create open sourced tool for easy comparing diff between data and check if chain is valid.

Point of trust: there is one thing that i'm afraid of. Service can use many databases simultaneously and update all backups with all hashes one time (because first backup has no hash of previous one). So, to cover that case too, i think of storing hashes in some place that service can't change at all. For example, in one of the existed blockchains (btc, eth, ...) from official wallet of service. Or, maybe, DAG with some blockchain like IOTA?

1. What do you think of point of trust?
2. Can i achieve my goal with some simpler way (without blockchain)? And which one?
3. What are bottlenecks in this logic?

Answer 1

There are 2 participating variables. These include timestamp at which the record is created and the data.

Solution premise: 

• Tampering proof.
• Data can be changed in the same GMT calendar day without violating the tamper-proof guarantee. 
• No dependence on mechanisms that might be faulty or error-prone.
• Single query verification.

So what is the solution to your question? 

First Create Datatables: 

CREATE TABLE TEST(

ID INT PRIMARY KEY AUTO_INCREMENT,

DATA VARCHAR(64) NOT NULL,

CREATED_AT DATETIME DEFAULT CURRENT_TIMESTAMP()

); 

Then create 'checksum' table to monitor tampering

CREATE TABLE SIGN(

ID INT PRIMARY KEY AUTO_INCREMENT,

DATA_ID INT NOT NULL,

SIGNATURE  VARCHAR(128) NOT NULL,

CREATED_AT DATETIME DEFAULT CURRENT_TIMESTAMP(),

UPDATED_AT TIMESTAMP

);

Then create a trigger on insert of data. 

DELIMITER //

CREATE TRIGGER sign_after_insert

AFTER INSERT 

ON TEST FOR EACH ROW

BEGIN 

-- INSERT VAL 

INSERT INTO SIGN(DATA_ID, `SIGNATURE`) VALUES(

NEW.ID, MD5(CONCAT (NEW.DATA, DATE(NEW.CREATED_AT)))

);

END; //

DELIMITER ;

Then create a Trigger for an update of data: 

DELIMITER //

CREATE TRIGGER SIGN_AFTER_UPDATE

AFTER UPDATE 

ON TEST FOR EACH ROW

BEGIN 

-- UPDATE VALS

IF (NEW.DATA <> OLD.DATA) AND (DATE(OLD.CREATED_AT) = CURRENT_DATE() ) THEN

UPDATE SIGN SET SIGNATURE=MD5(CONCAT(NEW.DATA, DATE(NEW.CREATED_AT))) WHERE DATA_ID=OLD.ID;

END IF;

END; //

DELIMITER ;

Test

Step 1: Insert the data

INSERT INTO TEST(DATA) VALUES ('DATA2');

The signature of data and the date at which it was created, will reflect as the signature in the SIGN table.

Step 2: Update the data

The signature will get updated if the value has changed and it is the SAME DAY.

UPDATE TEST SET DATA='DATA' WHERE ID =1;

Step 3: Validate

Validate the data signature as

SELECT MD5(CONCAT (T.DATA, DATE(T.`CREATED_AT`))) AS CHECKSUM, S.SIGNATURE FROM TEST AS T ,SIGN AS S WHERE S.DATA_ID= T.ID AND S.`id`=1;

Output:

| CHECKSUM | SIGNATURE | | ------ | ------ | |2bba70178abdafc5915ba0b5061597fa |2bba70178abdafc5915ba0b5061597fa

Know more about Blockchain in detail. Enroll in IBM Blockchain Certification now to take that first step.