This is the most important concept in our Audit Trail Protection Protocol.
Every file uploaded to the Codel system will first be processed by our upload centre.
Here, the files are burned onto CDRs (or, if the demand is sufficient, eventually to DVDRs). This WORM technology provides us with a platform for integrity as there is no known way to alter the data burned onto such CDRs (unlike ordinary hard disks or CDRWs which are specifically designed to allow alteration). (But see also Attack 5 for further detail)
As the files are burned on, their hash value is calculated. The following details are then recorded in two separate tables on the Codel system:
Filename, File Hash, Timestamp and the name of the CDR onto which the file has been burned. Optionally, we may also store a "source id" if we wish to log where the file came from, or a user derived hash of miscellaneous data they wish to have logged simultaneously.
The first table in which this data is stored is the complete continuous Codel upload log, which records an exhaustive list of all upload activity. The second separate and smaller table - known as the Codel Master Document Table (CDMT) - stores only the details of the uploads recorded on a given CDR. When the CDR is full (or closed for any other reason), the CDMT receives its final entries and is itself closed. It is now burned onto a CDR itself and made available for online searching. Its own hash value is calculated and stored alongside all its matching entries in the codel upload log.
It is this hash value which we call the Master Document Hash as it essentially confirms (or refutes) the integrity of all the hashes of all the files recorded on its source CDR.
This Master Document Hash is then published in a number of reputable journals which both makes the MDH a matter of public record and freezes in time the point at which the MDH and its "daughter" hashes can have been created. Thus, with the publication of a single 40 byte (or 64 if we're using SHA-256) string (20 or 32 characters expressed in hex format), we guarantee the ability to confirm or refute the integrity of every file whose details have contributed to the MDH.
Furthermore, publication in the print media removes the burden of Trust.
Once the MDH is in the public domain, anyone challenging the audit trail of a particular document does not have to rely on the integrity of Codel itself. Even if we have become corrupt, the audit trail cannot be corrupted, by anyone, with any existing technological means, without that corruption being detectable.
