Hacker News new | ask | show | jobs
by jeroiraz 1639 days ago
I'll find detailed information in the research paper: https://immudb.io/

Basically a hash value denotes the entire state of the database (including the entire history). This hash may be cryptographically signed and exported from the server. immudb SDKs keeps track of the last verified state, each time a new one is received, it's cryptographically validated.

Whenever a particular entry or transaction is verified, the latest validated hash also used. If the entry was tampered in, hashes won't match.
1 comments
joepie91_ 1639 days ago
I'd have a look at the research paper, if it weren't hidden behind an e-mail wall. I was initially happy to see a 'research paper' link at all, but that e-mail wall definitely compromises my first impression of immudb, because now it looks like I'll be getting a corporate brochure and not an actual technical paper.

> Basically a hash value denotes the entire state of the database (including the entire history). This hash may be cryptographically signed and exported from the server. immudb SDKs keeps track of the last verified state, each time a new one is received, it's cryptographically validated.

Okay, but how do you persist that hash across eg. client restarts? You obviously can't store it in the database. And this does not sound like "zero trust" to me - that's a much higher bar to meet, and would allow for eg. untrusted writers.

As I understand it right now, immudb works more or less the same way that Git does; it's a DAG of database (instead of file) mutations, and you can persist the latest commit hash to ensure that someone hasn't messed with what a branch points to.

Which can be useful, don't get me wrong, but it's not "zero trust" and it's certainly a fairly niche security feature.

Edit: To be clear, I'm very much in favour of what immudb seem to be trying to do - getting enterprises away from ultimately dysfunctional "blockchains" by providing something more sound with nominally the same features/appeal. But it's always important to be very clear about what your tech does or doesn't provide, blockchain or not.

link
jeroiraz 1638 days ago
first of all, thanks for your feedback and discussion :)

if entering an email for downloading the paper is a concern, we'll consider it.

immudb should be used as a traditional database (log, key-value or even a relational store - with limitations of course), so it's up to your deployment to whom you give user credentials with read/write permissions. The key difference is the state being captured by a single hash value.

Given the hash value denoting the entire state can be signed and exported. It's out of control of the server how many copies or when a validation is going to be made. Currently, official SDKs are storing the latest validated hash in a local file, but it's perfectly possible to store the hash in a remote storage, other database, etc. This will ensure data is only added but never changed once written, please note with never changed I mean it's subject to detection when a proof is requested.

immudb does not pretend to provide a complete security solution, but a key component when you deal with sensitive data.

link