12. Definition of terms

Application Programming Interface

In computer programming, an application programming interface is a set of subroutine definitions, and tools for building software. In general terms, it is a set of clearly defined methods of communication between various components. A good API makes it easier to develop a computer program by providing all the building blocks, which are then put together by the programmer.

Read more on Wikipedia.

Blockchain Document Transfer

The core platform on which CargoX Platform is built upon. It's the system of transferring documents with the help of Blockchain and IPFS.

Bill of Lading

A document of title. A bill of lading (sometimes abbreviated as B/L or BoL) is a document issued by a carrier (or their agent) to acknowledge receipt of cargo for shipment.

Read more on Wikipedia.


A blockchain, originally block chain, is a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data.

Read more on Wikipedia.

Distributed Ledger
Distributed Ledger Technology
Shared ledger

A distributed ledger (also called a shared ledger, or Distributed Ledger Technology, DLT) is a consensus of replicated, shared, and synchronized digital data geographically spread across multiple sites, countries, or institutions. There is no central administrator or centralized data storage.

Read more on Wikipedia.

Document of title

Any document where the document represents certain value. Typical examples are Bills of Lading and Bills of Exchange.

Read more on Wikipedia.


Encryption is the act of taking a stream of bytes, mashing it up with a password through a predefined algorithm and getting back another stream of bytes which can be decrypted using (another) password. Encryption output will produce (about) the same number of bytes as encryption input.

There are many encryption schemes and algorithms available and are generally divided into two categories:

  • Symmetric encryption, where the same key is used to encrypt and decrypt the document, and

  • Asymmetric encryption where one key is used to encrypt, and another (inverse) key to decrypt a document. Asymetric encryption is the integral part of public key infrastructure, where one key is kept hidden (called a private key) and another key is made publicly available (called a public key).

Blockchain heavily relies on encryption and PKI to function - the private key is used to sign transactions and public key is used to calculate the user's public address on the network.


Encryption is not the same as hashing. Encryption produces encoded information, which can later be decrypted. Hashing, on the other hand, only provides guarantees of authenticity, nothing else.

Read more on Wikipedia.


Ethereum is an open-source, public, blockchain-based distributed computing platform and operating system featuring smart contract (scripting) functionality. It supports a modified version of Nakamoto consensus via transaction-based state transitions.

Read more on Wikipedia.


Hashing is a system by which an unique (fixed-length) "fingerprint" is calculated from an a stream of bytes. There are different hashing algorithms available, most well known are MD5 and SHA (variants 1, 2 and 3). Most blockchain implementations rely on the SHA-3 algorithm. For an algorithm to be successful, three important features must be satisfied:

  • It must be impossible to reverse the fingerprint back into a stream of bytes.

  • Even a minor change in the incoming stream (such as flipping a single two bytes) must produce a sufficiently different fingerprint (should not "look" similar).

  • It should be (fairly) impossible to "guess" a stream of bytes which would produce the same fingerprint.


As such, hashes (="fingerprints") are not reversible -- it's impossible to get back a stream of original bytes from the hash. Hashes are therefore ideal for integrity checking and can be shared publicly. Anyone with the access to the hash and original bytes (e.g. a document) can verify if the document has been altered or not. This is a stark contrast with encryption, which is two way and involves encryption keys.

Read more on Wikipedia.


Hash-based Message Authentication Code is a specific type of message authentication code involving a cryptographic hash function (hashing) and a secret cryptographic key.

It is used to provide message authenticity. As opposed to regular hashing it provides better protection against length extension attacks. This makes it suitable for "signing" the messages where both parties share the same key. The second party can then calculate the HMAC using the same key and verify the message integrity.


HMAC is suitable in situations where a shared key can be used. The message itself may be encrypted. HMAC does not mandate either way. If full secrecy is needed, two way asynchronous encryption using PKI is more suitable for the task.

Read more on Wikipedia.


Hyper Text Transfer Protocol. The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen. HTTP was developed to facilitate hypertext and the World Wide Web.

Read more on Wikipedia.

Interplanetary Filesystem

InterPlanetary File System is a protocol and network designed to create a content-addressable, peer-to-peer method of storing and sharing hypermedia in a distributed file system. IPFS was initially designed by Juan Benet, and is now an open-source project developed with help from the community.

Read more on Wikipedia.

Javascript Object Notation

In computing, JavaScript Object Notation (JSON) is an open-standard file format that uses human-readable text to transmit data objects consisting of attribute–value pairs and array data types (or any other serializable value). It is a very common data format used for asynchronous browser–server communication, including as a replacement for XML in some AJAX-style systems.

Read more on Wikipedia.


OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Read more on Wikipedia.

Public Key Infrastructure

A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital certificates and manage public-key encryption.

Read more on Wikipedia.

Private blockchain

Private blockchains -- also named permission-based -- are closed blockchains where every node participating in the blockchain transaction needs to be authorized to join. Data on the blockchain is available to member nodes only.

When compared to public blockchains, they are more suited in cases of consortiums: when a number of participants is well known, rarely changes, and when all participants are trusted parties. As opposed to a public blockchain, private ones cannot rely on other entities to host the nodes. Access to a private node is essential to be able to participate in data exchange.

Private key

Private key is one half of the key used to identify you on the blockchain. It is part of the Public Key Infrastructure. Every user on the CargoX platform has its own private (and public) key. The private key must be kept secure, as it is used to sign high-risk transactions (such as sending a document or adding users to an account). Each private key is connected to a public address on the Ethereum blockchain.

A technical description about Ethereum addresses and private keys may be found online.

Public blockchain

Public, sometimes called permissionless, blockchain is a blockchain whose members are free to join or leave at any time, without any restrictions. It is not governed by any single organization or government. It is by default world-wide and accessible to anyone.

It is ideal in the world of international exchange, where trust is implicit and cannot be put in hands of one single entity. Public blockchains are usually run on thousands of nodes, which increases redundancy and reliability as well as it greatly reduces attack vectors.

Compare this to a Private blockchain, where members need to be authorized to join.

Ethereum is a public blockchain.

Representational state transfer

Representational State Transfer (REST) is a software architectural style that defines a set of constraints to be used for creating web services. Web services that conform to the REST architectural style, termed RESTful web services, provide interoperability between computer systems on the Internet. RESTful web services allow the requesting systems to access and manipulate textual representations of web resources by using a uniform and predefined set of stateless operations. Other kinds of web services, such as SOAP web services, expose their own arbitrary sets of operations.

Read more on Wikipedia.


SHA-3 is a subset of the broader cryptographic primitive family Keccak designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche, building upon RadioGatún. Keccak's authors have proposed additional uses for the function, not (yet) standardized by NIST, including a stream cipher, an authenticated encryption system, a "tree" hashing scheme for faster hashing on certain architectures, and AEAD ciphers Keyak and Ketje.

Read more on Wikipedia.

Smart contract

A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. Smart contracts allow the performance of credible transactions without third parties. These transactions are traceable and irreversible.

Read more on Wikipedia.


Transmission Control Protocol / Internet Protocol – the basis of the Internet

Read more on Wikipedia.

URL encoding

Because not all strings are valid in the URL line, this encoding describes how the strings are transcribed into the HTTP request.

Read more on Wikipedia.


Compact 8-bit encoding of for Unicode characters. Allows encoding of any of over 1 million Unicode characters, while still keeping backwards compatibility with ASCII (lower 127 characters). This means than any ASCII text will be readable as UTF-8. Characters with char codes over 127 are encoded with variable-length encoding and can range from one to four bytes.

Read more on Wikipedia.


The web3.js library is a collection of modules which contain specific functionality for the Ethereum ecosystem:

  • The web3-eth is for the Ethereum blockchain and smart contracts

  • The web3-shh is for the whisper protocol to communicate p2p and broadcast

  • The web3-bzz is for the swarm protocol, the decentralized file storage

  • The web3-utils contains useful helper functions for Dapp developers.

Read more on Wikipedia.