You need to trust the data you rely on. Your organisation handles more data every day, and the data helps you make critical decisions. But you need to know that it hasn't been modified or corrupted.
Building with tamper-evident logs means you can cryptographically prove that the data hasn’t been unexpectedly changed. Knowing the provenance, integrity and sequence your data was created means you’ll be able to monitor third-party ecosystems and simplify regulatory compliance. You can trust the data you rely on.
A tamper-evident log stores an accurate, immutable and verifiable history of activity. This is an example of a verifiable system. You could use them to track credits and debits in banking transactions, access logs to sensitive healthcare records, cryptographic hashes of software packages, compliance artifacts of regulated activities, or modifications to a document.
A verifiable ecosystem helps detect misbehaviour of certificate authorities by enforcing that all certificates are in a verifiable log.
A tamper-evident log makes it impossible for a malicious insider to cover their tracks.
A tamper-evident log discourages malicious behaviour by increasing the chance of discovery.
Key Transparency protects users against malicious insiders by making key updates visible.
A tamper-evident log keeps you in control of your audit artifacts and gives auditors confidence.
Regulated industries require companies to collect and retain many types of compliance records. Auditors need to verify the integrity and nonrepudiation of those records.
By using a tamper-evident to store compliance records, you can keep them in one place and simplify presenting them to an auditor. You can cryptographically prove they haven't been tampered with.
A tamper-evident log is a more efficient way of presenting compliance records to an auditor who can easily verify their history and integrity.
A tamper-evident log enables multiple parties to monitor each others' actions.
Where organisations can be required to publish data about their actions, a tamper-evident log can hold a permanent record of this data.
Certificate Transparency discourages misbehaviour of Certificate Authorities by making their actions public.
Tamper-evident logs can frustrate software supply chain attacks by providing a shared, global view of the content of packages.
Often people just put everything in the log and stop there.
For a system to be valuable to you and those that rely on it, you need to identify what’s important to log and who will verify its contents.
We've designed two exercises to help you get started.
Trillian is a log that stores an accurate, immutable and verifiable history of activity. It is an open-source library and powers one of the world’s largest, most used and respected, production crypto ledger based ecosystems, certificate transparency.
Trillian is similar to a blockchain: it's an append-only log for storing records.
As an example, Trillian could be used to create a tamper-evident financial transaction ledger.
The financial ledger app provides an API for storing, retrieving and verifying transactions. It uses Trillian to store the transactions and cryptographically prove the integrity of transactions.
This is a basic example of how to use Trillian to implement the operations needed for a verifiable log.
Employees at your company can post to a public messaging platform ‘Tritter’. Since Tritter doesn’t support multi-login, TritBot uses Trillian to log each message request with the details of the sender in order to discourage abuse.
Trillian is designed to be integrated with existing systems, rather than requiring the ground-up rebuild that a blockchain ledger would need.
Trillian is the foundation for Certificate Transparency, one of the largest production ledgers on the internet. Performs at over 2,000 writes per second.
Released under the permissive Apache 2.0 licence. You have the freedom to use Trillian on your own terms. Benefit from the support of Google Cloud Platform, or deploy it yourself on-premise or cross cloud.
Google developed the most challenging parts of the technology and maths underpinning Trillian. They continue to make engineering improvements to ensure scalability and availability.