Nowadays more than ever it is important to be as secure as possible when interacting with both trusted and untrusted sources over the internet. Even a once trusted source can be hacked to a variety of malicious activities. One seemingly simple problem is proving that a file you've downloaded (or acquired through other means), is the actual file you think it is. To determine if a file is legitimate you currently have a few options:
- Look at the filename
- Run/open the file
- Get a hash from a trusted source (e.g. posted on their website) and compare it against the hash of the file
The first two options are clearly unsecure and dangerous. The third option seems safe, but all it takes is for a hacker to take over (or modify) the website with a new fake hash. For these reasons we decided to create Provt to solve these issues.
What it does
Provt is a tool that anyone can use to verify the authenticity of their files. All a user needs to do is drag-n-drop a file onto the website and Provt will give the user all of the information about the file (who created it, it's name, description, etc.). Most importantly, all of the information about the files is stored on the Ethereum blockchain thus providing clear proof the file is what is claims to be and no one has falsified any information.
Moreover, Provt has a strong focus on simplicity which allows it to be even easier than comparing a hash (which may be simple to some, but extremely complex to non-technical persons). Simply drag and drop is the only skill you need to prove you files are what they claim to be!
How we built it
We used the following technologies:
- Solidity on Remix
Challenges we ran into
One of the main challenges we ran into was determining when to create smart contracts and when to call/create functions within smart contracts. Being new to Ethereum we found it quite challenging to determine what the best practices are, and when to utilize them.
Accomplishments that we're proud of
We are very proud of how simple and useful Provt has managed to become. We are confident that anyone with access to the internet can use our tool to ensure the validity of their files and "stay safe".
We are also very happy that our tool does not need to transfer any of the file contents (only transfers SHA3-256 hashs). This lets us validate very large files, and also doesn't leak any private information stored in the files.
What we learned
This was our teams first time ever using Ethereum or Solidity so it's safe to say we learned a lot from a variety of stand points. Here is a quick summary of the most important lessons we learned:
- How and when to create smart contracts
- How to call smart contracts from web apps
- How to design and architect applications on the blockchain
What's next for Provt
We have already started working on a variety of very interesting features!
- Vetted users - Let users get marked as "vetted" users thus proving they are who they say they are. We already have architected this solution and created the solidity smart contract for this, would just need to finish up the UI.
- UI/UX enhancements - There are a few things we would have really loved to add with more time. Such as a listing files you've already added into the system or other useful bits of data to enhance the experience.