Goal: design an electronic transaction system with guaranteed integrity, accessible via the HTTP protocol.
Favorite way of working: pairs, so we decided to work in pairs
- Sidi TOURE
- Eric Landry Kotto-Dipanda
and this for both projects:
- advanced system info ==> who is on this git
- Big Data which is on the git of this link ==> BigDataProjet
After completing all the exercises, we will need to obtain a management system for transactions resembling that of blockchain and git. Python environment, conda 3.7
- Eric Landry Kotto Dipanda [email protected]
- Sidi TOURé [email protected]
============= finished version 0 of the project at this level==============
============= debut version 1 ==============
- curl -d '{"person1": "Robert", "person2": "Natalie", "amount":"20"}' -H "Content-Type: application/json" -X POST http://0.0 .0.0:898/save
- click on thelink: http://0.0.0.0:8981/listesTransactions
A3-) Display a list of transactions in chronological order related to a given person (Natalie for example)
- click on the link http://0.0.0.0:8981/mes_transactions/Natalie
- click on the link http://0.0.0.0:8981/mes_soldes/Natalie
NB: the link http://0.0.0.0:8981/ used for each script or test url depends on the one through which your machine launched the code, the port number must correspond to the one with which you launched your code
- curl -d '{"person1": "steve", "person2": "keita", "amount":"10"}' -H "Content-Type: application/json" -X POST http://0.0 .0.0:8981/attack
message return if it works ==> "sums transactions are attacked."
============= finished version 1 of the project at this level==============
============== debut version 2 of Tchai ===========
- choice of Hash function: SHA-2 is a family of hash functions that were designed by the United States National Security Agency, modeled after the SHA-1 and SHA-0 functions, themselves heavily inspired by Ron Rivest's MD4 function ( which gave parallel MD5). In the code, we will use sha224 because it is the simplest of the other SHA-2s with the size of the hash indicated by the suffix: 224 bits for SHA-224
- we will put in place of the "a", the SHA224 hash defined previously
Verify data integrity by recalculating hashes from data and comparing them with previously stored hashes.
- for this, we have set up an API accessible with the url: http://0.0.0.0:8981/integrite
- this API returns a sentence confirming that our database is correct, so we can conclude on the integrity at the same time.
EXERCISE 7. we check that the previous attack no longer works. because the integrity test returns that the data is incorrect after the modifications
- curl -d '{"person1": "Robert", "person2": "Natalie", "amount":"29"}' -H "Content-Type: application/json" -X POST http://0.0 .0.0:898/delete ============= finished version 2 of the project at this level==============
============== early version 3 of Tchai ==========
Change the hash calculation method. Now the value of the hash hi+1 so that it also depends on the hi of the transaction former.
- for this, we will just take into account each addition, the calculation of the hash is done using the last transaction added
To verify that the previous attacks no longer work, we check the integrity of the data (the code must first be modified to take into account the way the hash is calculated). - we notice that the deletion of a line triggers an incorrect data type alert in our database
this question is quickly answered because we can already add transactions in the data without verification by already adding the method that was added in the code to question A1 of exercise 3-).
============= finished version 3 of the project at this level==============
============== early version 3 of Tchai ===========
Read message [4], original paper by Satoshi Nakamoto [5] and subsequent discussion
on the diff list