Block, Inc.
DETECTING ALTERATIONS OF JOURNAL DATA STRUCTURES

Abstract:

Techniques are described for securely managing double-entry account journals provided for use by clients such as businesses and other organizations. Clients may implement their own accounting systems, or other systems that model financial information, which may use the described techniques for maintaining account journals. The described techniques include receiving transaction requests that specify journal entries, and making those entries in the specified account journals. A cryptographic authentication tag is calculated for each journal entry, based on authentication keys of a forward-secure sequence of authentication keys. This allows a service to verify, in response to a client request, that the order of the entries has not been altered after creation of the entries. The transaction requests may be signed by the client and the signatures saved so that the service can also verify that the entries are as provided by the client.