2

I've learned about permissioned block chains here. Is it possible to filter transactions to the contract's methods based on the sender's address. Something the lines of:

contract FilterByAddress {
    address[] addrs =  [0x36eaf79c12e96a3dc6f53426c, 0xf235aa56dd96bda02acfb361e];

    address controlAddr = 0x36eaf79c12e96a3dc6f53426c;

    function getSensitiveData() public return (string) {
         uint i = 0;
         for(i = 0; i < addrs.length; ++i) 
            if(msg.sender == addrs[i])
               return "You got the secret";
            else 
               return "You got nothing";
    }
}

Where the secret is a value encrypted with a key obtained through a secure channel.

Would it be also possible to control the list of allowed peers by their address? For example,

function addAddress(address addr) public return (uint) {
    if(msg.sender == controlAddr) {
        addrs.push(addr);
        return 1;
    } else      
        return 0;      
}

Now this isn't a fully permissioned block chain as any may sync with it and see the contract's contents and it's still susceptible to the 51% attack.

Will the contract's state change (the address filtering list) when updated from the controlAddr?

Community
  • 1
Sebi
  • 5,294
  • 6
  • 27
  • 52

1 Answers1

2

The direct answer to your question is that yes, the address filtering list will change when you send it a new address from controlAddr.

However,

1) What I think you're trying to do with getSensitiveData() won't work. If the non-permitted user has access to the blockchain (which I assume they do or they couldn't call methods against it) they can get at any data you store in the blockchain. Either the encryption is all handled outside the blockchain, and you don't need the access control in the contract, or the secret or the encryption key is stored on the blockchain, and anyone can read it.

2) This isn't usually what's meant by a permissioned blockchain. The "permissioned" there usually refers to the ability to validate blocks, unlike say a traditional proof-of-work blockchain where anybody with CPU power can show up and start validating.

Edmund Edgar
  • 16,897
  • 1
  • 29
  • 58
  • The encryption is done off-block chain. What I was trying to do is restrict a number of users from interacting with the contract since I do not plan to keep sensitive data permanently in the block chain. The only data that is persistent across calls would be the list of addresses modified by the control address. I'm not entirely sure but are local variables stored inside the block chain upon contract method execution? – Sebi Jul 15 '16 at 08:09