On Coinmonks, the innovator described how he sent the image via IOTA. He converted it to a Base64 string. Then, the text strings were sent attached to 53 transactions in 10 minutes to the recipient’s address. On Reddit, he got predictable feedback which the main point was: the IOTA was not created for that use case.

Do not use IOTA as a file storage

The same inconvenient ways are offered on forums for Bitcoin, Ethereum, Hyperledger, and other DLTs.

On the other hand, there are distributed file storage systems, such as IPFS, Storj, Sia, FileCoin. They replicate documents for safety and encrypt data for confidentiality. In the IPFS network, the document address matches its hash. This protects the document from modifications: after any edits, the new document will be released with a new hash at the new address. Documents are distributed uncontrollably across such file systems, so it is usually difficult to remove them. In general, the functions of file storage systems are limited: you cannot specify access rights, to automate the document processing or to collect statistics.

For what practical purposes may need to combine blockchain and decentralized file storage? The integration of these technologies is required to create an automated decentralized workflow. New forms of business relationships with other organizations and with communities around it become possible. For example, transparent systems of interaction with contractors, allowing track changes in tasks and payments. Or ecosystems of brand partners and ambassadors who develop the community and get rewarded for their efforts.

Let’s explore what tasks distributed workflow systems can perform.

File storage in blockchain systems

Authenticity and validity of documents

A simple operation that blockchain cannot perform without file storage is to prove the authenticity of the document. To prove the authenticity of the document, you need to generate its hash value. If the document has not been edited, the hash remains the same as of a genuine document. To store documents and generate their hashes, blockchain developers use third-party services, for example, IPFS.

In the file-based blockchain, data is stored directly in the nodes, so a connection to third-party services is not required. The following scenario is possible, for example. The document was agreed by the partners at the meeting and uploaded to a distributed workflow system based on a private blockchain. Also, the secretary sent the document to whom it concerns. Now anyone who received this document via email can verify its authenticity through this system.

Another scenario: the customer uploaded the project documentation to their corporate file storage and gave access to the contractor. After a while, the customer made small edits to the specification, deleted the earlier version of the file from the shared storage, but forgot to notify the contractor about updates. When the contractor completed the task, the original version of the document could no longer be found because it had been removed from the system.

Even if the customer used a decentralized IPFS system, it would not help to investigate the issue: in IPFS, an old abandoned document disappears after a while. Therefore, a more complex system is needed. You can set a variety of usage scenarios in file-based blockchain, including the permanent storage of ever uploaded documents. Thus, the initial version of the specification can be stored by all users of the distributed system. Moreover, it would be possible to avoid the incident by setting up a notification for changes in the document folder.

Data access control and monitoring

In business systems, you usually assign roles to users, limiting their access to data. Let’s say an employee has left the company and no longer can access data in centralized corporate storage. How to block his access to files stored in a decentralized system?

To do this, you need to set an encryption system from the very beginning. All files stored on a distributed system must be cryptographically protected when uploaded. A multi-signature system has to be developed to access them. For example, it is required 2 signatures to access documents: the employee’s and the system’s that checks a centralized employee permission directory.