Repository files navigation

Chronicle is a self-hostable microservice, built withSlim Framework,which enables authorized users to commit arbitrary data to an immutable,append-only public ledger.

Chronicle is superior to "blockchain" solutions for most real-worldtechnical problems that don't involve proofs-of-work or Byzantine faulttolerance.

More precisely, Chronicle is a self-hostable microservice exposing an append-only,cryptographically-secure hash chain data structure that accepts arbitrarydata from authorized clients through an HTTP API, secured bySapient,that can be used as a building block for building a cryptographic audit trailsimilar toCertificate Transparency.

Chronicle will make you question the need for blockchain technology.

Chronicle was developed byParagon Initiative Enterprisesas part of our continued efforts to make the Internet more secure.

• Instructions for Installing Chronicle
• How to write (publish) to your Chronicle
• How to setup cross-signing to other Chronicles
• How to replicate other Chronicles
• Concurrent Instances
• Configuration
• Internal Developer Documentation
  • Design Philosophy
  • SQL Tables

• Gossamer - PIE
  • gossamer-server
  • libgossamer
• Herd - PIE
• Quill - PIE
  • Monolog-Quill - PIE
• Chronicle-API -Lukáš Unger (@lookyman)

Chronicle allows trusted clients to send data to be included in an immutable,auditable, cryptographic permanent record.

Furthermore, Chronicle has cross-signing and many-to-one replication built-in,which, when used, greatly enhances the auditability and availability of thedata written to your local Chronicle instance.

If you have sensitive information, you can write metadata about client accesstimes to a private Chronicle in order to have verifiable, tamper-resistantproof that specific records were accessed by specific user accounts at aspecific time.

By inserting an encrypted message and then revealing the key at a later date,you can provide strong evidence of prior knowledge.

For building asecure code delivery system,committing some metadata and a SHA256 or BLAKE2 hash of each update file toa publicly verifiable Chronicle allows users to compile a whitelist of knownupdate files to help block trojan horse malware (in the event of a compromisedupdate server).

For best results, combine with cryptographic signatures (which may also beregistered in the Chronicle) and reproducible builds.

Because of Chronicle's cryptographically assured append-only properties, andits use ofmodern elliptic curve digital signatures,Chronicle is a good fit for integrating with SIEM solutions and internal SOCs.

All communications are secured withSapient.Sapient ensures that all published messages are signed with Ed25519. All messagesare committed to a hash chain data structure backed by BLAKE2b, which we callBlakechain for short.

There are two hashes for each message:

1. The hash of the current message, whose BLAKE2b key is the previous message'sblock. This is just calledcurrhash internally.
2. The summary hash, which is a BLAKE2b hash of all message hashes to date,concatenated together in order. This is calledsummaryhash internally.

The rationale for using the previous message's hash was to add a degree of domainseparation in the event that a BLAKE2b collision attack is ever discovered. Thekeying should reduce the likelihood of any practical attacks, especially if thechain is updated rapidly.