Making Sense of Merkle Proofs — an Open-source Tool to Provide Transparency in Ethereum
Treum’s Transparency product provides users with no programming knowledge the ability to leverage blockchain for verifiable, mathematical proof that something has happened. Organizations can create a readable claim on the Treum platform and digitally notarize (sign) the data, and Treum will ensure the signed claim is backed by the Ethereum blockchain. Once this claim is submitted to the blockchain, a proof can be generated to validate the claim against its anchor to the blockchain on Ethereum mainnet. So if you’re in the business of proving something digitally, Transparency is for you!
Treum provides an open-source tool that will look up your claim receipt and verify its validity, meaning users can view exactly what organization has certified the claims they see — and when it was certified. Are your raspberries organic? Treum can help you prove that. Is your small-batch quinoa non-GMO? Treum can help you prove that. Are your employees properly certified? Treum can help you prove that, with Transparency. (To learn more about Treum and their supply chain and blockchain offerings, visit treum.io.)
Simple enough, right? So let’s take a look at how we can implement such a feature.
Transparency claims are generated as signable EIP-712 objects, which turns previously-unreadable hex code into a human-readable structure. To build these EIP-712 structs dynamically for Solidity, Treum developer AJ Grubbs created the open-source py-eip712-structs package, which is worth a read if you ever find yourself creating human-readable Ethereum transactions in Python.
In py-eip712-structs, developers can specify Solidity types by using equivalent classes defined in Python. The package allows developers to create domains, define structs, and turn Python objects into signable bytes automatically. As MetaMask puts it, users will “have some way of knowing exactly what they are signing, without having to go through the trouble of reconstructing a cryptographic hash all by themselves.”
After creating this signable claim in the Treum platform, the signing organization can review and sign the EIP-712 data. Both Treum-managed keys and the MetaMask browser extension are supported ways to notarize data.
Transparency scales easily by turning batches of signed messages into a Merkle tree, a data structure that has use cases across the blockchain ecosystem. This method allows Treum to post enough data on-chain to guarantee legitimate claims without the overhead of hundreds of individual transactions.
We use the pymerkle package to build Merkle trees of digital certificates, which are then stored on-chain in a smart contract. The proof data, a digital receipt of sorts, is saved as a JSON object for lookup later.
Using just the proof data, EIP-712 object, and account address of the signing organization, any user can follow the path of the Merkle tree to recreate the root hash. And from a lookup of Ethereum transactions to the Transparency smart contract, users can prove when a claim was posted on-chain. In other words, users can check our work and see for themselves if notarized claims are legitimate. Treum takes traditional claims and allows organizations to notarize them, and with this open-souce tool Treum provides the digital check of the notarization to the consumer. In the end, the consumer can be confident in claims they see on products.
In reality, this verification process is difficult for the end user to take advantage of. It requires experience with programming and cryptography, and it takes time. Our goal is for everyone to enjoy the strength of our technology, not just dedicated developers. Therefore, as my first project as a software engineering intern at Treum this summer, I took the challenge to build an open-source webpage that accepts Merkle proof text, an EIP-712 object, and a signing address to confirm or reject the specific claim.
Starting from Create-React-App, I built a simple front-end to query the Treum Transparency backend for a claim’s signature, timestamp and proof then verify that on-chain. After confirmation that Treum received a request with that unsigned EIP-712 message, we traverse the Merkle tree, working our way up to the root hash. If our recreated root hash matches a root hash stored in the smart contract, we know the claim exists! And if we can successfully recover the user-provided address from the signed EIP-712 bytes, we know the claim was notarized by the signing organization.
Following the principles of Web3 and the decentralized web, of course, the Merkle Proof Verifier App will soon be hosted on IPFS, a distributed file system we can use as web hosting.
Providing greater trust with Treum’s Transparency product was a challenging and motivating first project during my internship at Treum. I worked plenty with web3, became deeply involved with some of Treum’s core technology, and even picked up some front-end experience along the way. I couldn’t have done it without the talented, patient, and friendly mentors on the Treum team who made each day fun, even when the work was challenging. Diving into Ethereum development on the Treum team was an unforgettable experience made accessible by a rewarding first project.
If you’re curious and would like to learn more about the technology or about Transparency, reach out to me and the team at treum.io.