A simple and secure Blockchain Database API written in Python

GitHub Project Link: Here

When we talk about Blockchain, we always relate it to peer-to-peer network and think that data must be distributed across the network. It will raise concern from people and think that Blockchain would breach the confidentiality of the data.

Actually, the data architecture of Blockchain itself already provides a good solution for securing the data from unauthorized manipulation, given that the server is protected by sufficient controls, such as access control, network and system security control, and better to be in an internal network.

Therefore, I try to build an database based on the data architecture of Blockchain by using Python, Sqlite and RESTful API framework.

Blockchain’s Data Architecture and its Integrity

From the diagram above, each block of the data is consisted of previous hash, nonce and transactions. If you are not sure what is hash, you can read this article first. To simplify, hash value is an unique ID for the previous block. If we use this “unique ID” to verify the previous block, we will know whether the previous block has been modified or not.

What is the implication? This mechanism allows us to ensure that no one is allowed to change the previously created data. If you need to modify the data, you have to create another records to “modify” or “delete” it.

From the above example, Alice wrongly enter the journal entries for 123.4, but it should be 432.1. Alice has to create another records “delete” to reverse the previous entries.

It seems that it is the basic function for most of the accounting system, but we cannot know whether it is simply controlled in the application level, creating a possibility that the data could be changed in database level.

To ensure that no one can change the data from the start point to the end point, I introduce a simple and secure Blockchain Database API.

Database based on Blockchain Data Architecture

Accountability, Confidentially and Integrity

When the user create a transaction record, he encrypts the data with its private key and post the data to Blockchain Database API. Blockchain Database API will decrypt the data with the user’s public key. In this process, the user’s identity has been confirmed. It achieves the objective of accountability and confidentially.

In the next step, Blockchain Database API will calculate the hash value for the transaction with nonce, i.e. random string, and the previous hash. Blockchain Database API will insert the transaction, nonce and hash to the database.

To detect any unauthorized change, Blockchain Database API will re-calculate the hash value based on the information of the previous hash, transaction and nonce. If any change is made, the hash value will change and the API can be notified. Therefore, the integrity of the data will be ensured.

Limitation

Since it is in a centralized architecture, there is a possibility for the attacker, who obtains the administration right, to change the entire database by recalculating the hash value again.

This can be safeguarded by the following solutions:

• Clone the transaction to a secured log server
• Back up the data incrementally (line by line transaction) rather than full backup

How to use the API?

1.Start the Hash API

python hash.py

2.Start the Nonce API

python nonce.py

3.Start the Main API

python main.py

4.Post the Journal Data to Main API http://127.0.0.1:8000/construct and Get back the Response with nonce and hash

data1 = { "journal_id": "JE000001","entry_date" : "2016-11-06","create_time" : "2016-11-06 18:00:00","created_by": "Adam","post_status": "P","account_code" : "100000","amount" : 16453.24,"dr_cr" : "C"

}

5.Post the Response to Main API http://127.0.0.1:8000/insert

data1 = { "journal_id": "JE000001","entry_date" : "2016-11-06","create_time" : "2016-11-06 18:00:00","created_by": "Adam","post_status": "P","account_code" : "100000","amount" : 16453.24,"dr_cr" : "C","nonue" : ".....","hash" : "....."}

6.Verify your transaction by Get http://127.0.0.1:8000/verify?id=1

Special thanks to my colleagues for their fruitful discussion and Simon for his encourage. For any comments, please feel free to leave it here or drop me an email at [email protected] .