Pages:
Author

Topic: Using bitcoin for trusted timestamping? - page 2. (Read 8008 times)

full member
Activity: 141
Merit: 101
Security Enthusiast
November 30, 2011, 11:41:07 AM
#14
I forgot about the concept of Block chain pruning.  You are right, it might be best to send something to it.

Although, I don't think that a transaction with 0 outputs and a fee would be pruned.  Then the fee would be lost.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 30, 2011, 11:20:34 AM
#13
For the record, you don't actually need to send ฿0. You can send ฿100, and then retrieve it later. Of course, don't release your document to the public before retrieving your money.

How?  The address is non-existent.  You are sending BTC to an address which is simply a hash of the document.  There is no corresponding private key. Any funds sent there are irrecoverable.
I was assuming the hash was used as a private key. The address can then be generated from the private key. When you release the document to the world, others can verify that it hashes to a private key which encodes the address.
Your way is better.

Note: You probably don't want to send ฿0 to it, because then it might get pruned when blockchain pruning is implemented.

To be "genius" it needs to be both good and novel. This application (using the block chain to prove that a piece of information existed at a given point in time) is good but well-known.
Yes, I've been told so since. I wasn't aware of this concept, but I guess it makes sense. (Putting an advertisement in a newspaper with a hash, or something similar.)
donator
Activity: 1218
Merit: 1079
Gerald Davis
November 30, 2011, 11:01:26 AM
#12
For the record, you don't actually need to send ฿0. You can send ฿100, and then retrieve it later. Of course, don't release your document to the public before retrieving your money.

How?  The address is non-existent.  You are sending BTC to an address which is simply a hash of the document.  There is no corresponding private key. Any funds sent there are irrecoverable.
donator
Activity: 2058
Merit: 1054
November 30, 2011, 10:39:38 AM
#11
This is genius and deserves a bump.
To be "genius" it needs to be both good and novel. This application (using the block chain to prove that a piece of information existed at a given point in time) is good but well-known.

Also it can be done much simpler than in the OP. Since you don't need to be able to actually redeem any sent coins, you can skip the private key completely and simply include the document hash as an address.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 30, 2011, 05:05:42 AM
#10
For the record, you don't actually need to send ฿0. You can send ฿100, and then retrieve it later. Of course, don't release your document to the public before retrieving your money.
full member
Activity: 141
Merit: 101
Security Enthusiast
November 29, 2011, 11:50:45 PM
#9
I agree.  Without reading the post that Bimmerhead linked to, I think I remember there being a few hours leeway in the timestamp.  I'll have to check to be sure.  Surely though it isn't enough leeway to change the day the document was signed on.

EDIT:
Read the linked to post, it seems that there is 2 hours leeway.  So as long as you only need to be accurate within a few hours, you are alright.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
November 29, 2011, 08:29:54 PM
#8
This is genius and deserves a bump.
legendary
Activity: 1291
Merit: 1000
November 23, 2011, 08:41:32 PM
#7
Apparently there is quite a bit of leeway in the timestamp:

https://bitcointalksearch.org/topic/m.581628
full member
Activity: 129
Merit: 119
November 23, 2011, 07:27:38 PM
#6
cbeast: Exactly what im talking about.
This could be even included as a patch to the original client, since no changes in protocol is needed (you don't even need to disable IsStandard check), simply a button/menu alternative "Let bitcoin network notarize any document", and you get a large textbox to paste anything you want to notarize.

When a block gets confirmed, we have a time window of 10 minutes, where the notarized document will appear.

Combine this with a "real" notarizing service like: http://www.timemarker.org/en/ and you get second precision in the service.

The "timemarker.org" service then makes second precision, but timemarker.org would not be as trustworty as you think since they don't have many users, so even if you dont cheat, a verifyer can say that you cheat and you cannot prove you don't cheat.
You then combine this with a 0BTC transaction on bitcoin, and get both very high security, since bitcoin is really hard to cheat, but also get second precision for the timestamp.

What you could do, is simply timestamping (0BTC:ing) the hash of timemarker.org signature including the timestamp data, using the timestamp from timemarker.org as transaction timestamp, and including both in your data that was timestamped.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
November 23, 2011, 06:22:55 PM
#5
This could even become an automated 'notary' service. I'm sure this has been discussed before.
administrator
Activity: 5222
Merit: 13032
November 23, 2011, 05:57:43 PM
#4
But what about transaction fees? If we send 0BTC into a adress, it would never make it into a block unless a miner is honoring non-fee'd low transactions.

You can put a fee on a transaction with a 0BTC output.
full member
Activity: 129
Merit: 119
November 23, 2011, 05:47:46 PM
#3
But what about transaction fees? If we send 0BTC into a adress, it would never make it into a block unless a miner is honoring non-fee'd low transactions.
administrator
Activity: 5222
Merit: 13032
November 23, 2011, 05:30:37 PM
#2
It's much easier than that:
There's a very easy way to do this without any program:

First, SHA-1 the data you want to timestamp (or RIPEMD-160, or SHA-256 and truncate to 160 bits). Then use this to turn it into an address:

http://blockexplorer.com/q/hashtoaddress/putHashHere

Then, send any amount of BTC to the returned address. (If you modify Bitcoin, it's actually possible to create a transaction that sends 0 BTC to an address, which would also work. Then you don't have to destroy BTC.)

Finally, you can see the timestamp here:

http://blockexplorer.com/q/addressfirstseen/timestampAddress

How accurate is bitcoin timestamps and how can they be manipulated?

You need more than around 50% of the network's computational power in order to get the timestamp off by more than a few hours.
full member
Activity: 129
Merit: 119
November 23, 2011, 05:02:38 PM
#1
What about using bitcoin for trusted timestamping?

Found out this: https://en.bitcoin.it/wiki/Mini_private_key_format

Apparently, anything can be used as private key (like SHA("haha") as private key, and then a public key can be generated out of this).

Then, if I take a document, lets say a legal document, some important server logs, bookkeeping records in a company, or anything else that needs a trusted timestamp. Then I take SHA() of the document.
Then I use the result of SHA() as private key (appending zeroes if its too short, and truncating if too long), generate a adress and publickey out of this, transfer X number of BTC (high enough to avoid any transaction fees), to this adress.

Then I use the SHA() private key to transfer the funds back.

After this, I publish the timestamped document along with a link to blockexplorer to verify it.


Now I have created a record in the blockchain, that, anyone having access to the document in question, can check the timestamp in this way:
SHA() of the document in question. Then create public key out of this private key, then make a adress out of this. Check with blockchain which are the *earliest* entry of this adress. The timestamp of that entry is the timestamp of the document in question.

Since the address is empty since we transferred the funds back, theres no funds to be able to withdraw from someone that has the document in question and can generate the private key.


How accurate is bitcoin timestamps and how can they be manipulated?
(either by the one timestamping the document, in effort to defraud someone with a future/history marked document, or some external adversary in order to gain any fraud convience, like manipulating timestamp so a important document seems to be issued after a identy theft credit block is ordered on a specific social security number in order to invalidate the document?)
Pages:
Jump to: