Comments (1)
[copying the answer from Slack to the same question here in case it's helpful to someone else coming along later]
Hi Natalia, in a real application there would be (broadly speaking) two roles which would do this checking (for discussion about the roles themselves see here: https://github.com/google/trillian/tree/master/docs/claimantmodel):
- a believer would want to convince itself that a "record" (claim statement) that it holds is present in the log before taking any action based on the contents of this claim, which it would do by requesting an inclusion proof for H(claim statement). If the client got this claim from the log after it had been tampered with, the log would be unable to provide a valid inclusion proof to any consistent log checkpoint
- a claim verifier would be periodically fetching updated checkpoints from the log to learn about new "records" (claim statements) integrated into the log. When it sees a larger checkpoint it'll fetch the new claims which have been added to the log in order to inspect them. Internally, as it scans through these new claims, it would attempt to recreate the root hash from the new checkpoint by incorporating the H(claim statement) into its local "compact representation" of the source log state. Here again, if the entry in the log had been tampered with, the recreated root hash would not match the one in the checkpoint and so the tampering will be detected.
As a log operator, you may choose to implement a "log scrub" type tool which periodically does this checkpoint root hash recreation from log entries process as an early warning of sorts that something is wrong/tampered with.
Ultimately, though, if anyone ever relies on the tampered data in the future it should be detected because no believer or verifier should blindly trust a claim without convincing themselves that it is discoverable by virtue of proving its inclusion in the log.
HTH!
from trillian-examples.
Related Issues (20)
- Dependabot can't resolve your Go dependency files
- Question about Firmware Transparency Design: update client (flash_tool) verifying consistency HOT 2
- Typo in the Firmware Transparency Demo Doc HOT 2
- Re-add map demos removed in #257
- Enhance README.md to have a FT Map story nicely connected with the existing story
- Trillian and syslog centralized ? HOT 2
- [Serverless] Split up witness PR handling HOT 1
- [Serverless] Break out log and distributor roles
- Use YAML for human-written config files HOT 1
- Witness can't recover from invalid proof supplied to TOFU update
- Error while testing HOT 1
- [Witness/Armory] Add some form of durable storage HOT 2
- Update merkle dep, and remove calls to visitor for leaves HOT 2
- Supporting the kernel.org transparency log HOT 5
- Don't pass secrets via flags
- Serverless client inclusion command output not easy to use
- Omniwitness Monolith docker image doesn't run on armv7 HOT 3
- Delete the witness code HOT 1
- Replace deprecated `set-output` command with environment file
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trillian-examples.