search

exonum / exonum

An extensible open-source framework for creating private/permissioned blockchain applications
https://exonum.com
Apache License 2.0
1.24k stars 248 forks source link

Question about transparency #260

Closed Vanuan closed 7 years ago

Vanuan commented 7 years ago

Sorry if it's not a good place to ask, but I couldn't find any other public forum.

I have a question regarding 2 cases: SETAM in Ukraine and NAPR in Georgia.

There's a statement that one can verify immutability of NAPR records: NAPR

As far as I understand, the registry information isn't public. How can one be sure there's no modification in a chain if it's not public? Where can I read more about it? I found this demo: https://exonum.com/demo/land/#!/ but it looks like it is from a NAPR officer perspective. Is this Georgia project not publicly available yet?

Regarding SETAM there's this statement:

Any discrepancies between the information stored on the blockchain and stored in the original database (e.g., SETAM) are monitored and audited. In the case of Bitfury's work with the State Agency of eGovernance of Ukraine, both public notaries, auction participants and the highly respected NGO Transparency International can all audit the blockchain.

Is it done yet? Couldn't find such functionality on https://setam.net.ua/ Neither a site of Transparency International has any supporting information on this statement

slowli commented 7 years ago

Hi!

How can one be sure there's no modification in a chain if it's not public?

This is what anchoring is about. Anchoring periodically records a specially constructed hash digest of the block header (which is influenced by the entire blockchain key-value storage) into the Bitcoin Blockchain. Anchoring is publicly verifiable and immutable (just like the Bitcoin blockchain is), but at the same time does not disclose any information. So, absence of modifications via anchoring can be checked by light clients and auditing nodes alike. (Auditing nodes can also detect illegal modifications in real time, because they break the chain of blocks.)

Is it done yet?

No, not yet, it's currently in progress.

Vanuan commented 7 years ago

So, absence of modifications via anchoring can be checked by light clients and auditing nodes alike.

So it still depends on some third-party organization having access to the full data. Did I get that right? Are these organizations already in place?

slowli commented 7 years ago

So it still depends on some third-party organization having access to the full data.

Not precisely; light clients do not need access to full data, but can still verify that the data they have access to (e.g., information about a particular person in the registry) is anchored. This means that light clients create a sort of collective security (like observers on elections) - a single client cannot guarantee the absence of foul play, but together they significantly decrease the probability of it to go unnoticed. (And because Exonum is based on publicly verifiable cryptography, such as public-key digital signatures, if a client notices foul play, it's possible to prove it to third parties.) Of course, auditing nodes help the process, too, but anchoring creates certain security guarantees even without them.

Are these organizations already in place?

Sorry to disappoint you, but the project is currently in progress; understandably, it would be reckless to rush it into production.

Vanuan commented 7 years ago

I see. Thanks