Please Believe My Database
I was reading Matt Levine’s Money stuff today and was struck by a thought. He writes:
“A national customs agency, for instance, might be happier approving shipments on an auditable open blockchain than in the proprietary database of a particular shipping company.”
This is interesting, but I want to take it one step further. Blockchain or not, a record of events that have been cryptographically digitally signed, with references to previous transactions could be very useful.
If you are a company, and a regulator or agency asks you for your view on what happened, and you give the regulator an Excel spreadsheet or a normal database extract saying “Here’s what happened, I promise”, this is very weak evidence and can be tampered easily by deleting rows, or removing key words like the names of sanctioned countries, etc.
However, if you give the regulators a list of recorded events that have been digitally signed by the parties involved (with the authentication, integrity, and non-repudiation guarantees that come with digital signatures), and with timestamps that have been agreed, or validated by more than one party, then this is a stronger form of proof and the regulator or agency should be more willing to believe that that this was in fact the course of events, and the data hasn’t been “sanitised”. And if the events link to each other, forming some sort of chain of events, then the regulator can be confident that you haven’t deleted any events, else the chain would be obviously broken.
This data doesn’t need to have been widely replicated and validated by thousands of computers like with public blockchains, it just needs a couple of ingredients:
- Digital signatures (preferably a transaction or event is signed by all relevant parties eg both the sender and receiver, if it’s a financial transaction, rather than just the sender, which is the case in Bitcoin and Ethereum); and
- Chains where events (transactions) refer to previous events (transactions) so that you can prove that this is the complete list of events and nothing has been removed
R3’s Corda (note: I work at R3) meets these criteria and perhaps this is why Corda is being increasingly explored for non-financial use cases, as well as the financial use cases it was originally designed for.
So, just something to think about. What else could this be used for? In what other situations is it useful to be able to prove beyond a doubt that the data you are providing hasn’t been tampered? Any what new business models or processes might this unlock?
This is a brilliant idea. I hope someone comes along with a user friendly version of blockchain input software.
So you are suggesting some kind of private system which resembles a permissioned blockchain (Corda kind of is, right?). Tampering here is hard, but still possible (imagine two party context).
What arguments holding up against using a public protocol through an API without the need to set up validating nodes and the whole system?