Combining Git and Blockchain for Trusted Information Sharing

We present PineSU, a lightweight system that integrates Git with the Ethereum blockchain for sharing electronic documents, enabling decentralized integrity protection and timestamping. PineSU introduces the concept of Storage Unit (SU for short), which is essentially a Git repository along with some descriptor files needed to interact with the blockchain. SUs can be open or closed. Open SUs serve to secure Git repositories whose content may change in the future. At any moment, users can create a Blockchain Synchronization Point (BSP for short) of their open SUs. This allows for a rigorous integrity and authenticity verification of the corresponding digital documents. Whereas closed SUs are mainly a mechanism to invalidate any change to a Git repository. They are useful when a set of files must be definitively archived and made immutable, while enabling their sharing securely. As shown by a case study on clones of two public repositories on GitHub (owned by the Italian government) containing reports and data about the COVID-19 diffusion, PineSU has proven to be very effective in protecting Git repositories under a few security hypotheses that are easy to guarantee in many circumstances. Furthermore, an experimental and simulated performance evaluation demonstrates that the system scales well for storage units of increasing sizes and structure complexity. Finally, a qualitative comparison with existing solutions shows the strengths of PineSU against state-of-the-art approaches.