Blockchain Tech to be tested by UK National Archives

The National Archives (TNA) - UK government’s official record-keeper, is to use blockchain technology to create a way to verify the accuracy of archived docs
09 June 2018   1111

Named ARCHANGEL, the project is one of 3 blockchain ideas that the University of Surrey has won, the other 2 being voting and healthcare. Digital archiving is a rather complicated subject as computer files continuously change and become obsolete, the National Archives blog mentioned.For instance, a digital file from the late 1990s, will demand moving the content to a new file format in order to make it available in the future.

Supported by the University of Surrey and financed by the UK Open Data Institute and The National Archives, the ARCHANGEL uses blockchain technology to let  archives to register hashes of documents onto a approved blockchain. Changes to the blockchain would only be made by authorized parties.

Although ARCHANGEL is completely functional, it stays a prototype constructed over the Ethereum infrastructure, according to a summary of the project in the Cornell University Library. The content hashing is presently done using standard binary hashing (for example, SHA-256).

As noted by the project developers in the Cornell summary, there is a concern in specialized hashing to specific document types like PDFs, images and video. Video suggests the ability to extract content-aware hashes of scanned documents sensitive to tampering but immune to factors such as imaging device or illumination. 

The team is also deciding about integrating the W3C offered PROV standard for document version management since blocks can be supplemented only to supersede prior content from a blockchain. Currently the project uses smart contracts to write to the blockchain, but not to search or checking. Such opportunities can be explored in the future.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   982

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.