DataRootVerificationStrategy

Overview

The DataRootVerificationStrategy provides the highest level of data integrity verification by validating data using Arweave's Merkle tree proofs. This strategy ensures maximum security by verifying that the data matches the cryptographic data root stored in the transaction, providing mathematical proof of data integrity.

Important

Verification methods require that the gateway being used has the relevant transaction data indexed locally. Gateways cannot proxy out verification requests to other sources, as this would compromise the security and reliability of the verification process. If a gateway doesn't have the required data indexed, verification will fail.

How It Works

  1. Compute Data Root: Chunk the received content and build a Merkle tree
  2. Calculate Root Hash: Compute the root hash of the Merkle tree
  3. Fetch Trusted Root: Get the data root from trusted gateways via /tx/{txId}/data_root
  4. Compare Roots: Verify the calculated root matches the trusted data root
  5. Result: Pass or fail based on data root validation

Important Limitation

ANS-104 Data Items Not Supported: This strategy currently only works with regular Arweave transactions, not ANS-104 bundled data items. If you attempt to verify an ANS-104 data item, it will throw an error.

Configuration

Basic Usage

import { DataRootVerificationStrategy } from '@ar.io/wayfinder-core'

const strategy = new DataRootVerificationStrategy({
  trustedGateways: [new URL('https://arweave.net')],
})

Advanced Configuration

const strategy = new DataRootVerificationStrategy({
  trustedGateways: [
    new URL('https://arweave.net'),
    new URL('https://permagate.io'),
  ],
  maxConcurrency: 2, // Process multiple gateway requests concurrently
  logger: customLogger, // Optional custom logger
  classifier: customClassifier, // Optional data classifier
})

Parameters

← Swipe to see more →
ParameterTypeDefaultDescription
trustedGatewaysURL[]Required

Array of trusted gateway URLs for data root fetching

maxConcurrencynumber1Maximum number of concurrent requests to gateways
loggerLoggerdefaultLoggerCustom logger instance for debugging
classifierDataClassifierGqlClassifierData classifier to determine transaction type
← Swipe to see more →

Integration Examples

With Wayfinder

import { Wayfinder, DataRootVerificationStrategy } from '@ar.io/wayfinder-core'

const wayfinder = new Wayfinder({
  gatewaysProvider: gatewaysProvider,
  verificationSettings: {
    enabled: true,
    strategy: new DataRootVerificationStrategy({
      trustedGateways: [new URL('https://arweave.net')],
    }),
    strict: true,
  },
})

// Maximum security verification happens automatically
const response = await wayfinder.request('ar://transaction-id')
const data = await response.text()

With Event Monitoring

const wayfinder = new Wayfinder({
  gatewaysProvider: gatewaysProvider,
  verificationSettings: {
    enabled: true,
    strategy: new DataRootVerificationStrategy({
      trustedGateways: [new URL('https://arweave.net')],
    }),
    events: {
      onVerificationSucceeded: (event) => {
        console.log('✅ Data root verification passed:', {
          txId: event.txId,
        })
      },
      onVerificationFailed: (error) => {
        console.error('❌ Data root verification failed:', {
          error: error.message,
        })
      },
    },
  },
})

Standalone Usage

const strategy = new DataRootVerificationStrategy({
  trustedGateways: [new URL('https://arweave.net')],
})

// Manual verification
try {
  await strategy.verifyData({
    data: dataBuffer,
    txId: 'transaction-id',
  })
  console.log('Verification passed!')
} catch (error) {
  console.error('Verification failed:', error.message)
}

How Merkle Tree Processing Works

The strategy uses Arweave's standard Merkle tree implementation:

Chunking Process

  1. Chunk Size: Uses Arweave's standard chunk sizes (MAX_CHUNK_SIZE and MIN_CHUNK_SIZE)
  2. Smart Chunking: Automatically adjusts chunk sizes to avoid small remainder chunks
  3. Sequential Processing: Processes data streams chunk by chunk

Merkle Tree Construction

  1. Generate Leaves: Creates Merkle tree leaves from data chunks
  2. Build Layers: Constructs the full Merkle tree structure
  3. Compute Root: Calculates the final root hash

Data Root Fetching

  • Fetches data root from trusted gateways via /tx/{txId}/data_root endpoint
  • Uses concurrent requests with configurable concurrency limits
  • Returns first successful response from any gateway

Use Cases

Maximum Security Applications

Perfect for applications requiring the highest level of verification:

const strategy = new DataRootVerificationStrategy({
  trustedGateways: [
    new URL('https://arweave.net'),
    new URL('https://permagate.io'),
  ],
  maxConcurrency: 2, // Use multiple gateways for reliability
})

Legal and Financial Documents

Critical document verification:

const legalStrategy = new DataRootVerificationStrategy({
  trustedGateways: [new URL('https://arweave.net')],
  logger: auditLogger, // Detailed logging for compliance
})

Production vs Development

// Production - multiple gateways for maximum reliability
const prodStrategy = new DataRootVerificationStrategy({
  trustedGateways: [
    new URL('https://arweave.net'),
    new URL('https://permagate.io'),
  ],
  maxConcurrency: 2,
})

// Development - single gateway with debug logging
const devStrategy = new DataRootVerificationStrategy({
  trustedGateways: [new URL('https://arweave.net')],
  logger: debugLogger,
})

Error Handling

ANS-104 Data Items

try {
  await strategy.verifyData({
    data: dataBuffer,
    txId: 'ans104-data-item-id',
  })
} catch (error) {
  if (error.message.includes('ANS-104 data is not supported')) {
    console.log('This is an ANS-104 data item, use a different strategy')
    // Fall back to signature verification or hash verification
  }
}

Data Root Mismatch

try {
  await strategy.verifyData({
    data: dataBuffer,
    txId: 'transaction-id',
  })
} catch (error) {
  if (error.message.includes('Data root does not match')) {
    console.error('Data integrity verification failed:', {
      computedDataRoot: error.cause?.computedDataRoot,
      trustedDataRoot: error.cause?.trustedDataRoot,
    })
  }
}

Best Practices

  1. Use Multiple Trusted Gateways: Increases reliability for data root fetching
  2. Set Appropriate Concurrency: Balance between performance and gateway load
  3. Monitor for ANS-104: Check transaction types before verification
  4. Handle Large Files: Be aware that Merkle tree computation can be resource-intensive
  5. Use for Critical Data: Reserve for applications requiring maximum security

Comparison with Other Strategies

← Swipe to see more →
AspectData Root VerificationHash VerificationSignature Verification
SecurityHighestHighVery High
PerformanceSlowerFastestFast
ANS-104 Support❌ No✅ Yes✅ Yes
Best ForProduction applicationsHigh-throughput applicationsFinancial or legal documents
← Swipe to see more →

The DataRootVerificationStrategy provides the highest level of security by using Arweave's native Merkle tree structure. It's ideal for applications where data integrity is absolutely critical and performance is secondary to security. However, note that it currently only supports regular Arweave transactions, not ANS-104 bundled data items.

Was this page helpful?