XBRLchain = XBRL secured by Blockchain
- Jesus Ruiz, CTO at Alastria Blockchain Ecosystem. firstname.lastname@example.org
- Javier Mora, XBRL senior expert. Javier.Mora@xbrl.org.es
- Ignacio Boixo, Openfiling Association, Founder. email@example.com
Blockchain to secure the integrity and non-repudiation of a document, typically an XBRL instance document containing a business report.
How XBRLchain works?
The document is digested in a unique and secure code with a standard hash algorithm, and this code is indelibly written (notarization) by an authorized party in the blockchain ledger. Checking the validity of a document is done calculating again the code and comparing it with the one in the ledger, also retrieving the authorized party identification. The code provides integrity (report unmodified) and the authorized party identification provides non-repudiation (the authorized party cannot successfully dispute its notarization of the report).
Note than several authorized parties (issuer, auditor, supervisor) can sign independently the same document.
Identification of issuer, type of report, period, and so on is already mandatorily included in XBRL instance documents by the XBRL specification. The only requirement in that the XBRL instance document must by self-containing (not dependant of external references). Other information about authorized party additional identification and timestamp is trivial of implement.
How to notarize a document?
The authorized party invokes a notary webserver authorized to writing in the blockchain. The blockchain system must have a secure interface with the server, and a micro smart contract definition interacting with the ledger.
How to check a document?
Each check webserver with read access to the blockchain can retrieve each code written, with the respective authorized party/ies acting as notary/ies for such code. For demo purposes in this proof of concept, the code is a simple CRC32 concatenated as a XML comment at the end of the file.
Go to www.xbrlchain.info and check the following file examples.
|File name||TESTING CODE?||Valid hash code?||Registered in blockchain?|
|Example_2.xhtml||Yes (2676830881)||No (must be 2676830882)||N.A.|
Who provides the notary web server/s and the check web server/s?
The market. It would be also an inhouse integration of webserver/local service. In this proof of concept it is used testing webservers developed by the authors (see the code below).
Where is the problem to solve?
At the moment, the practical approach for secure a business report is simply download it from the supervisor’s website, as in the case of the SEC. The consumer is therefore secure that the report is the actual report legally declared by the issuer to the supervisor.
However, the report itself lacks of any security feature. Hence, each different consumer must download independently the same report from the supervisor website, being this download the only proof of integrity (report unmodified) and non-repudiation (the issuer cannot successfully dispute its filing [hence authorship] of the report). The supervisor website acts as a web Notary.
See this video describing an approach for the European Financial Transparency Gateway
Why if the issuer simply put its digital signature in the report? For an IT point of view is an optimal solution. BUT (in practical terms) the current digital signatures depends on Certification Authorities, that unfortunately are far away of establishing enough reciprocal trusted relations, hence lacking of interoperability and extensibility for most consumers. Moreover, the digital signature must be published somewhere, well concatendated or well independent of the document.
A Supervisory-based notarization also leaves out relevant non-regulatory reports, as Corporate Social Responsibility, Integrated Reporting , Environmental Impact and so on.
The web page runs in the website www.xbrlchain.info, created and managed by XBRL Spain on a standard web hosting. This web page is open to the public, with testing credentials for Notarization and free for Checking. The website is a Client that invokes an Observer Node of Alastria.
For Notarizing, the Observer Node starts a transaction with the Validator Nodes using the Ethereum Quorum protocol. The Validator Nodes prepare a block with the ordered list of transactions (if any) received each cycle of one second (or less depending on workload). The block is distributed to all the Nodes (following the blockchain architecture), which execute the Smart Contract, confirm the result and update the local Ledger copy accordingly. See diagram at right. At the end of the cycle, a new block has been added to the local Ledger copy existing in all and each one of the Observer Nodes and Validator Nodes as well.
For Checking, the Observer Node simply returns the required information from its local Ledger copy. Note the Ethereum Quorum throughput for reading is several orders of magnitude better than for writing. See more at Introduction to Quorum: Blockchain for the Financial Sector.
Each Node belongs to a different permissioned company, running an independent installation of the blockchain software and storing a local copy of the Ledger. By the blockchain architecture, the network remains fully operational and reliable even up to one third on the Validator Nodes are compromised (i.e. ten or more Validator Nodes captured simultaneously by an undetected attacker). This distributed network architecture provides a very high resilience having not a single point of failure, providing a clear advantage over traditional hierarchical approaches in the financial sector.
More ? See below the minimalistic source code used for:
- ProofOfExistence.sol Smart Contract (Alastria)
- NotarizeServlet.java Notarize (Java XBRL ES)
- CheckServlet.java Check (Java XBRL ES)
- CommonFunctions.java Common (Java XBRL ES)
- poe.py Python interface Java <> Smart Contract
Even more? Consult the authors for further details
Who is who?
Alastria can be summarized as a semipublic, independent, permissioned and neutral Blockchain/DLT network, designed to be accordant with the existent regulation, that enables the 250 associates to experiment this technologies in a cooperative environment.
XBRL Spain is a non-for-profit association for the difusion of technological standards, focused in the eXtensible Business Reporting Language
Openfiling is an open community of practice for filing and XBRL with Open Source.
Copyright (mandatory citation).
The design of the XBRLchain concept, the development of the proof of concept, and the publication of the results are an intellectual property of the authors, dated 2018-10-07, and working in most cases out of business hours and in weekends.
The authors hereby grant a license Creative Commons BY (Creative Commons Attribution 4.0 International License), hence expressly requesting their attribution, as moral authorship right.