Verification Strategies
Wayfinder includes verification mechanisms to ensure the integrity of retrieved data. Verification strategies offer different trade-offs between complexity, performance, and security.
| Verifier | Complexity | Performance | Security | Description |
|---|---|---|---|---|
RemoteVerificationStrategy | Low | Low | Low | Checks the x-ar-io-verified header from the gateway that returned the data. If true, the data is considered verified and trusted. |
HashVerificationStrategy | Low | High | Low | Computes the SHA-256 hash of the returned data and comparing it to the hash of a trusted gateway (recommended for most users). |
DataRootVerificationStrategy | Medium | Medium | Low | Computes the data root for the transaction (most useful for L1 transactions) and compares it to the data root provided by a trusted gateway. |
SignatureVerificationStrategy | Medium | Medium | Medium | - ANS-104 Data Items: Fetches signature components (owner, signature type, tags, etc.) from trusted gateways using range requests, then verifies signatures against the data payload using deep hash calculations following the ANS-104 standard. - L1 Transactions: Retrieves transaction metadata from gateway /tx/<tx-id> endpoints, computes the data root from the provided data stream, and verifies the signature using Arweave's cryptographic verification. |
RemoteVerificationStrategy
This strategy is used to verify data by checking the x-ar-io-verified header from the gateway that returned the data. If the header is set to true, the data is considered verified and trusted.
This strategy is only recommended for users fetching data from their own gateways and want to avoid the overhead of the other verification strategies.
import { Wayfinder, RemoteVerificationStrategy } from '@ar.io/wayfinder-core';
const wayfinder = new Wayfinder({
verificationSettings: {
// no trusted gateways are required for this strategy
enabled: true,
strategy: new RemoteVerificationStrategy(),
},
});HashVerificationStrategy
Verifies data integrity using SHA-256 hash comparison. This is the default verification strategy and is recommended for most users looking for a balance between security and performance.
import { Wayfinder, HashVerificationStrategy } from '@ar.io/wayfinder-core';
const wayfinder = new Wayfinder({
verificationSettings: {
enabled: true,
strategy: new HashVerificationStrategy({
trustedGateways: [new URL('https://permagate.io')],
}),
},
});DataRootVerificationStrategy
Verifies data integrity using Arweave by computing the data root for the transaction. This is useful for L1 transactions and is recommended for users who want to ensure the integrity of their data.
import { Wayfinder, DataRootVerificationStrategy } from '@ar.io/wayfinder-core';
const wayfinder = new Wayfinder({
verificationSettings: {
enabled: true,
strategy: new DataRootVerificationStrategy({
trustedGateways: [new URL('https://permagate.io')],
}),
},
});SignatureVerificationStrategy
Verifies signatures of Arweave transactions and data items. Headers are retrieved from trusted gateways for use during verification. For a transaction, its data root is computed while streaming its data and then utilized alongside its headers for verification. For data items, the ANS-104 deep hash method of signature verification is used.
import { Wayfinder, SignatureVerificationStrategy } from '@ar.io/wayfinder-core';
const wayfinder = new Wayfinder({
verificationSettings: {
enabled: true,
strategy: new SignatureVerificationStrategy({
trustedGateways: [new URL('https://permagate.io')],
}),
},
});How is this guide?