Verify the integrity of Azure Confidential Ledger transactions with receipts and application claims
In today's digital landscape, the integrity and confidentiality of transactional data are paramount. Microsoft’s Azure Confidential Ledger offers a robust solution for maintaining the privacy and confidentiality of your data. The service utilizes cryptographic techniques to generate transaction receipts, which serve as immutable evidence of the ledger's state at a specific point in time. These receipts are crucial for businesses that require a high level of trust and transparency in their operations.
Write receipts
The value proposition of Azure Confidential Ledger write receipts lies in their ability to provide a verifiable trail of all write transactions. Azure Confidential Ledger leverages the Confidential Consortium Framework (CCF), which ensures the integrity of transactions by using a Merkle tree data structure to store the hash of all transaction blocks that are added to the immutable ledger.
How write transactions are recorded in the ledger using an internal Merkle Tree data structure in CCF.
When a write transaction is completed, Azure Confidential Ledger users can obtain a cryptographic Merkle proof, or receipt, over the entry created in a Confidential Ledger to check that the write operation was recorded correctly. A write transaction receipt is evidence that the system has committed the corresponding transaction and can be used to confirm that the entry has been successfully appended to the ledger. This ensures that once a transaction has been committed to the ledger, it cannot be altered or deleted without detection.
For more details on Azure Confidential Ledger write receipts, their structure, and how to get a receipt from an active ledger, please refer to this dedicated article.
Application claims
Application claims take receipts a step further by allowing users to attach arbitrary metadata to a transaction, which are eventually reflected in write receipt response payloads. This metadata includes details specific to the transaction's context, such as the collection ID and the input content of a write operation. The application claims of a write transaction ensure that the claims digest is signed securely and stored together with the transaction itself, meaning that it cannot be tampered with once the transaction is committed.
Example of an application claim attached to a write receipt response payload.
Later, the application claims in plain format are shown in the receipt payload for the same transaction where they were added. Using the claims in plain format, users can recalculate the same claims digest (available in the write receipt) that the ledger signed in place during the transaction to verify the claim authenticity. The claims digest can help verify the write transaction receipt, giving an offline way for users to check the authenticity of the recorded claims.
By leveraging application claims, organizations can tailor the ledger to their specific needs, enhancing the utility and relevance of the data stored within receipts. Application claims are currently supported in the Azure Confidential Ledger preview API version 2023-01-18-preview and their current format is documented in this article.
Receipts and claims verification
The process of verifying write transaction receipts and application claims is straightforward and secure. Utilizing cryptographic proofs, users can independently confirm the authenticity and integrity of each transaction offline, without having to connect to the ledger or trust any central authority.
The Azure Confidential Ledger client library for Python offers useful functions to validate receipts of write transactions and calculate the claims digest from a list of application claims in an easy and seamless manner. With this verification utility, any write receipt from a Confidential Ledger service can be verified with ease and any application claims associated with the transaction can be fully authenticated.
How to verify receipts (with optional application claims) using the Azure Confidential Ledger Python SDK.
The decentralized and offline approach to verification bolsters the security and reliability of the system, making Azure Confidential Ledger an ideal platform for applications that demand the highest levels of data integrity. To learn more about the Data Plane Python SDK and its receipt verification utilities, check out this section and the full sample code.
Conclusion
In conclusion, Azure Confidential Ledger's receipts and application claims offer a compelling value proposition for organizations looking to secure their transactional data. With its strong focus on integrity, confidentiality, and verifiability, Azure Confidential Ledger stands out as a leading solution in the realm of confidential computing. Whether you are managing financial transactions, supply chain management, or any other data-sensitive operation, Azure Confidential Ledger provides the assurance that your data remains untampered and trustworthy through transaction receipts and application claims.
Resources
For getting started with Azure confidential ledger write receipts and application claims, please refer to our documentation:
Published on:
Learn moreRelated posts
Episode 397 – Local LLMs: Why Every Microsoft 365 & Azure Pro Should Explore Them
Welcome to Episode 397 of the Microsoft Cloud IT Pro Podcast. In this episode, Scott and Ben dive into the world of local LLMs—large language ...
Integrating Azure OpenAI models in your Projects: A Comprehensive Guide
In the previous blog, we have explored how to install and configure Azure OpenAI Service, now we will be unlocking its potential further by in...
Effortless Scaling: Autoscale goes GA on vCore-based Azure Cosmos DB for MongoDB
We’re thrilled to announce that Autoscale is now generally available (GA) for vCore-based Azure Cosmos DB for MongoDB! Say goodbye to manual s...
Making MongoDB workloads more affordable with M10/M20 tiers in vCore-based Azure Cosmos DB
vCore based Azure Cosmos DB for MongoDB is expanding its offerings with the new cost-effective M10 and M20 tiers for vCore-based deployments. ...
Replacing jackson-databind with azure-json and azure-xml
This blog post explains how azure-json and azure-xml replaced jackson-databind in the Azure SDK for Java. The post Replacing jackson-databind ...
March Patches for Azure DevOps Server
Today we are releasing patches that impact our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customer...
Implementing Chat History for AI Applications Using Azure Cosmos DB Go SDK
This blog post covers how to build a chat history implementation using Azure Cosmos DB for NoSQL Go SDK and langchaingo. If you are new to the...