To trust application data, and make sure they are not tampered with, many companies employ audit trails with log data of their applications. However, if this audit trail is saved in the same way as the application data, it is as vulnerable to tampering. To solve this, we researched the use of blockchain as a way to validate that the data inside these audit trails are correct.

In this session, we discuss the fundamentals of blockchain, and how it can achieve data integrity. Next, we discuss the challenges of using a public blockchain to validate these confidential audit trail data, most importantly the challenges of data confidentiality and transaction limits/costs.

We describe two different methods to overcome the concern of data confidentiality: one based on hashing, and one based on encryption. We then explain why the encryption method is not able to realistically scale in terms of transaction costs, and why the hashing method is able to do so.

With this in mind, we explain how we created an Ethereum smart contract based on this method and integrate it with an application audit trail. We show how this audit trail connects with the smart contract we created and how the audit trail can be validated against this smart contract.

We show the strengths and weaknesses of this method and we explain what it offers over a regular audit trail and what the trade-offs are. Since this implementation is only a proof-of-concept, we also explain what still needs work before this can be realistically used in production environments.