Building Decentralized Applications – Dapps – on Blockchain
Co-author : Arati Baliga
Decentralized applications (or Dapps) are server-less applications that can be run jointly on the client side and within a blockchain based distributed network, such as Ethereum. The client device manages the front-end and user credentials, while the back-end runs within a distributed network of computers that provide for the processing and storage requirements. Business logic is stored in this distributed blockchain network, thereby providing clear transparency and auditability of client generated interactions with the Dapp. Data is stored in decentralized file systems, such as Inter-Planetary File System(IPFS) or Swarm. This new model has several interesting features that can be immensely useful to a large range of applications.
Some prominent features of Dapps are:
Stronger security: The Dapp pushes the GUI and the user credential management on to the client side, making server side data breaches of user credentials, a thing of the past. The Dapp can authenticate the user by storing his public keys, and verifying signatures by employing a challenge response protocol. The private key is stored securely in a user wallet on the client device, encrypted with a user-supplied password. Data is stored in an encrypted form within the distributed cloud based storage, such as Inter-Planetary File System (IPFS), Swarm or other cryptocurrency based, incentivized storage alternatives, such as Storj. Since the user-data and credentials are both distributed and encrypted (with user-generated keys) it creates a very sparse and challenging attack surface. A hacker now has to breach each user individually.
Resilience: Dapps run partly on the client side and partly on the entire distributed blockchain network, constituting of thousands of machines. The Dapp logic and data is replicated, as a smart contract, across a large number of nodes participating in the blockchain network. Replication and distributed operation provide the availability and reliability for the Dapp.
Decentralized control: The decentralized nature of a Dapp means it is resistant to censorship. Censorship resistance comes from the fact that the smart contract can only be shutdown by the original entity that deployed it (or whoever has their private key). Also, decoupling the user interface from the business logic allows for development of alternative interfaces for the same app thereby encouraging innovation.
Auditability and transparency: Embedding business logic in smart contracts allows for code scrutiny and verification by competent users or authorized third parties to verify the code implementing the business logic. This adds transparency and verifiable trust model to Dapps.
The Digital Locker Dapp:
While familiarizing ourselves with Dapps we decided to build a decentralized digital document locker for individuals on the Ethereum platform. Individuals can use it to store and securely share documents with each other or in some cases businesses and government, as they wish. This is similar to the Government of India initiative called DigiLocker, which frees up the end-user from having to make physical copies of key documents while submitting applications to various organizations. Having such a locker on a central web service (as currently provided by Govt. of India), requires users to have a trust in the service. A server side security breach, or an insider attack can compromise confidential user data. Even if this data is kept encrypted, it is vulnerable to having the one central private key being stolen by the hacker.
A better alternative is to implement the digital locker as a Dapp, where confidential data and keys are solely under the control of the user.
The Digital Locker Dapp has an app on the user device that securely stores the public/private key pair encrypted with a password. On the Ethereum ecosystem, the keys are stored within the Mist browser (which has an accompanying wallet). The Dapp allows users to select and upload documents that he wants to store in the digital locker and accept or reject requests for sharing documents. The digital locker backend itself is implemented as a smart contract on the Ethereum blockchain. The smart contract stores the hashes of the documents contained in the digital locker and document encryption keys (in encrypted form). The documents themselves are encrypted and shards of the encrypted document are stored within distributed storage system called IPFS.
When a document is to be shared with someone (either another individual or organization), the owner shares it through an action within the Dapp. This sends a message to the locker smart contract, which responds by creating a shareable copy of the file and storing it in the distributed file system after encryption with a newly generated key specific to this sharing instance. It then shares the URI of the file, its hash and the key used to encrypt it, with the recipient. The recipient can fetch the requested document directly from the file system and decrypt it.
Using Dapps, we can design a platform that is fully decentralized and gives more control to the document owner. At every request and response it also maintains a tamper-proof audit trail from the moment a document is uploaded to it being requested and received by any recipient that the owner permits.
Dapps act as an enabler for new kinds of applications providing decentralized scalability, strong security, resilience, and availability. We believe they are ushering in a computing paradigm that offers significant control to end-users on their credentials, data, and communications and hence will create a major shift, particularly in consumer applications.