Maintaining Data Integrity at Arbol

June 19, 2019
Computer security screen. Photo credit: Pixabay.Computer security screen. Photo credit: Pixabay.

A common question we receive about Arbol, and a common objection to blockchain applications in general is, “What about the Oracle Problem?”

For those who don’t know, the “oracle problem” is a common issue with blockchain apps whereby bulletproofness, trustlessness and unstopability are undermined by the lack of a secure data source, or “oracle.”

For blockchain applications where there is no external data source (for example, a dice game where the only oracle is random number generator) there is no oracle problem. These blockchain apps do not rely on an off-chain resource that is susceptible to attack and manipulation.

In the case of Arbol, we rely on a complex global network of weather stations and satellites to accurately report rainfall, temperature, wind speed, and other measurements. It is important that attackers not be able to manipulate this system for illicit gain. Digitally signed measurements, “blockchain enabled” IoT, and AI-powered data obfuscation techniques are all important links in a secure chain of reporting that we see as a part of a long-term strategy, and are crucial as we slowly open up the use of our platform to un-vetted users. However, a relatively low-hanging fruit is the idea of posting verified weather readings to IPFS in order to “lock in” the integrity of a resource once it has been determined to be valid. This way, once a dataset has been greenlit for use by smart contracts, it can never be manipulated. But how can we achieve this?

Enter IPFS. IPFS, short for InterPlanetary FileSystem, is a decentralized, peer-to-peer file system similar to BitTorrent. Although most commonly associated with digital piracy, BitTorrent is actually also used by the scientific and open source communities to quickly share large files. It is not a mere plaything of pirates and does have valid uses. If we can suspend our negative associations with BitTorrent for a moment longer, the fact that it is still used to illegally pirate content despite effectively every legal authority trying their best to take it down speaks to the usefulness of peer-to-peer protocols — they are exceptionally robust and immune to attack. This is important.

IPFS also has some interesting benefits when it comes to data integrity. Let’s say we were hosting weather data on a traditional server. If an attacker were to penetrate our server, they might be able to alter weather data to affect the outcome of weather contracts. We might not even ever know that this happened. This would be disastrous for our users.

With IPFS, such an attack is impossible. Whenever a piece of content is posted to IPFS, the entire piece of content (even if it is multiple terabytes) is hashed and used as the URL for that piece of content. Hashing is a cryptographically secure algorithm that outputs a short, unique string of characters for a given input. Think of it as a “tautological ID.” A given hash will always map back to the content it was hashed from via the hashing algorithm, and if the content is changed, the hash will no longer map back to it.

If a smart contract has the correct IPFS-generated hash, it will always get unmanipulated weather data. If the IPFS node where the content is hosted is attacked and the data is manipulated, the smart contract’s hash will simply no longer map to that content, and the URL will no longer work. The peer-to-peer part fills in the rest — if you have multiple IPFS nodes hosting the same IPFS content, it eventually becomes impossible to break them all. Both integrity and availability of the data are thereby ensured. Thanks, IPFS!

Arbol’s smart contracts rely on decades of weather data to evaluate payouts since weather agreements are made based on deviation from historical averages (e.g., a farmer gets paid if rainfall levels are 60% or below the 30-year historical average). Most of these weather datasets amount to multiple terabytes spread out over tens of millions of files.

Hosting content of this nature is currently at the bleeding edge of what IPFS can do. Few are dealing with data on this scale. We have partnered with Pinata ( to set up a network of nodes with a custom hosting configuration and data pipeline to help meet our unique requirements.

By leveraging IPFS and meeting the challenges of large datasets, Arbol’s secure data infrastructure is currently at the forefront of human capability. We believe deeply in the power of new technologies to disrupt and innovate. Data hosting is just another one of the ways we are building the future of weather hedging to bring about a world where people can grow their businesses without disruptions from weather events.

If you have any questions or comments about IPFS, feel free to reach out to us on Twitter (@ArbolMarket), or give the good folks at Pinata a shout on Slack (


Continue reading