There is far more to blockchain technology than the price of bitcoin. This post & PoC project will explore a real use case of blockchain technology. While this is just a proof of concept to show what you can do with Xero’s API, it’s possible to implement this feature yourself.

For context: Xero is cloud-based (SaaS) small business accounting software. Business owners use it to manage their business while accountants and bookkeepers use it to provide business advisory & compliance services to their small business clients.

If you’re not aware of Xero, this will give you some context for this blog post

Audit in Accounting:

An audit is a common process within the accounting world. The Australian Taxation Office (ATO) regularly audits businesses to ensure they’ve declared the correct amount of tax. Publicly listed companies (like Xero) are required to conduct regular audits to ensure their financial statements are accurate. Any accusation of fraud or dishonest activity within business will likely lead to an audit. And in many cases, audits are simply performed at random to ensure legal, accounting & regulatory compliance.

Xero’s History and Notes Feature:

Xero has a ‘History and Notes’ feature which records changes made to an accounting document. Each entry contains details on who made the change, the time and date the change was made, and some details regarding what was changed.

An example of the history and notes feature on an invoice

This feature works well for business owners and accountants to easily see when a record was last updated and by whom.

What it doesn’t display is a copy of the transaction at the time of the change — think Github which tracks all the changes to your code base over time. That level of detail might be useful to a 3rd party system conducting an audit.

And it doesn’t provide immutable proof that the document (or it’s history) hasn’t otherwise changed. Ultimately, these history and notes entries are simply entries in a database, they’re not immutable, and they’re not independently verifiable.

An Immutable Audit Trail:

A person can do some research and come to a conclusion regarding their level of trust for an organisation. And determine if they should trust the data they’ve received.

Audits, regulation, public companies, stock markets, rule of law, freedom of the press, and I’m sure you can think of others. These are all mechanisms which assist people to determine who and what to trust, and to what level.

But, all these mechanisms are built, maintained & enforced by people. Software struggles to parse these systems, and the incentives they create for people to follow, or not follow them.

Therefore, it is difficult for software to verify the integrity of data it receives when this datas’ integrity is enforced through such mechanisms.

immutable: unchanging over time or unable to be changed.

Blockchains* create a new set of incentives, which can be verified easily by a piece of software. It’s these incentives that enable an immutable database of entries, which in turn enables the production of an immutable audit trail.

If you’re interested in more details on why it’s so difficult to change entries within a blockchain, this article provides some great examples.

Can data be changed, technically, yes, but such an event would be easily recognised by humans & computers alike. On top of that, participants in the chain are incentivised against changing existing entries.

*Note: I am referring to public blockchains such as Bitcoin & Ethereum. There are many other types of blockchains, which may have different incentives, for different purposes.

Enter Tierion:

Tierion developed the Chainpoint protocol to enable applications to link data to a blockchain. This is commonly called “anchoring”. Each Chainpoint proof lets you verify the integrity and timestamp of information without relying on a trusted third-party.

How does the Chainpoint protocol work?

In order to attach data to a blockchain, first create a SHA-256 hash of the data. The hash of the data can then submitted to a Chainpoint node that is running the Chainpoint protocol.

The Chainpoint protocol bundles up many of these SHA-256 hashes into a Merkle tree. The use of a Merkle tree allows a large number of hashes (representing an event larger amount of data) to be attached a blockchain through a single entry, also known as a “merkle root”.

The Merkle root produced is then anchored to a public blockchain (Currently BTC & Tierion’s internal Calendar — CAL).

Chainpoint returns a proof that contains the SHA-256 hash of the data, and cryptographic proof that the SHA-256 hash is contained in the Merkle root. It also contains the blockchain (BTC & CAL) transactions that anchor the Merkle root to a blockchain, proving it’s existence at the exact point in time.