Ethernalizer - A Blockchain Enhanced Non-Repudiation Solution
Even with the best possible auction design and software that runs smoothly and reliably, an auction can only be called a success if the determined results are accepted by all parties and subsequently implemented. For example, a legal challenge by an unsuccessful bidder can drag on for a long time and delay the efficient use of a scarce resource (such as spectrum). At Innovative Auctions, we strive to help our clients ensure that the entire auction process, from design to implementation, is successful. Therefore, we use technology not only to enable our clients to run an auction, but also to preemptively address potential legal challenges of the auction process after the fact.
First and foremost, it is crucial to have a detailed documentation of the auction process to make it possible to audit the process and its results after the auction has completed. This provides a way to respond to potential challenges and/or claims made by any party after conclusion of the auction. For this very reason, Innovative Auctions' software has since its first verion included an audit log, detailing all interactions users had with the auction system and all steps executed by the auction system to calculate results. For example, the audit log records anything from failed and successful login attempts to the submission of bids. With this complete record of the entire auction process at hand, challenges or claims can be effectively refuted. For this very reason, Innovative Auctions' software has since its first verion included an audit log, detailing all interactions users had with the auction system and all steps executed by the auction system to calculate the results. For example, the audit log records anything from failed and successful login attempts to the submission of bids. With this complete record of the entire auction process at hand, challenges or claims can be effectively refuted.
However, there is still the risk that the integrity of the audit log and potentially other auction data files is questioned. While we can prove that the audit log created by our software is 100% correct by pointing to our source code, it could still be questioned whether the audit log has been modified by someone since its creation. If the burden of proof lies with our client, this can be problematic. How can you prove that a file hasn't possibly been modified since its creation?
We at Innovative Auctions have harnessed the power of blockchain technology to address this very issue. Our solution is called Ethernalizer - a blockchain enhanced non-repudiation solution for our audit log files. Ethernalizer makes it possible for our clients and us to prove that the audit log and other auction data files have not been modified since their creation.
In the following, we provide a brief conceptual description of Ethernalizer. We are happy to provide a more detailed technical description upon request.
To ensure that the bidding data and audit log data cannot be tampered with after it is generated, we implement a blockchain based non-repudiation approach, in which checksums of the encrypted data will be stored periodically in a blockchain. This will make it provably impossible to modify the data after the auction. To see why, one first needs to have a basic understanding of the three key components of Ethernalizer: encryption, checksums and the blockchain.
- Encryption: Rather than dealing with data files directly, we work with encrypted files. This ensures data privacy and reduces the group of people that can access and potentially modify data.
- Checksums: Checksums are one-way functions. They work as follows: Based on some input data a short output string, the checksum, is generated. Rather than comparing the two pieces of data directly, you can just calculate and compare the much shorter checksums of the two. If the checksums match, you can be sure that input data are identical. (Saving a checksum rather than other information on the data has the additional advantage that it increases data privacy. While you can easily compute the checksum of an input, it is virtually impossible to compute the input from the checksum.)
- Blockchain: A blockchain is essentially just a distributed record-keeping system. Something that is stored on a blockchain cannot be changed anymore and is publicly accessible to anyone. Importantly, whenever something is stored on the blockchain it is assigned an immutable timestamp.
We use these three components in the following way: At regular intervals during the auction (e.g. at the beginning and end of every round), the system makes a copy of the current audit log. To achieve provable non-repudiation, the system then takes the following steps:
- It produces a package of encrypted and signed audit log and relevant metadata.
- It securely stores the package on the auction servers.
- It calculates the SHA – 256 checksum of the package.
- It stores the checksum in a transaction on the (Ethereum) blockchain.
If any modifications are made to the package or any of its contents at a later time, the checksum of the file will be different, so that the change can be detected and proven. Note that due to the design of the blockchain, it is impossible to also retroactively modify the checksum that has been stored previously. The figure below visualizes this process and the three key components.
Should there be a challenge of the integrity of the audit log, we will deliver a package containing the latest encrypted audit log file. To verify integrity, one just needs to undertake the following steps (detailed description can be found in a user guide):
- Calculate the (SHA - 256) checksum of the received, encrypted file.
- Look up the corresponding transaction in the (Ethereum) blockchain (contains a checksum).
- Compare checksums. If the cecksums match, the file has not been modified since the transaction was processed.
Ethernalizer in Practice
We have successfully used Ethernalizer in several high-stakes auction projects over the last 6 years. Most notably, in an auction project with over 100m USD of auction revenue, Ethernalizer helped convince a team of auditors from KPMG, which was hired to do a full audit of the auction system, that the auction results were non-repudiable.
So far, we have exclusively used the Ethereum blockchain to implement Ethernalizer. But we are continuing to innovate in this area and are exploring the use of other chains or protocols.