TonyBai

Mar 14, 2026 · Information Security

How Go sumdb Defends Against Supply‑Chain Attacks with Transparent Logs and Tiling

The article explains how Go's checksum database (sumdb) uses append‑only transparent logs, Merkle‑tree proofs, and a novel tiling algorithm to provide cryptographic existence and consistency guarantees, protecting developers from covert supply‑chain attacks and fork attacks.