Pages:
Author

Topic: When was a message signed. (Read 278 times)

legendary
Activity: 2464
Merit: 6687
be constructive or S.T.F.U
January 04, 2024, 08:15:24 AM
#24
Quote
There should be some creative ways that won't be straightforward
The main idea behind it is simple: you post a transaction on-chain, and then, it is possible to refer to that later.

I understand your idea, it's basically a commitment scheme that consists of two phases, commit and reveal, it's like writing a letter and putting it in a locked box, only to come in the future and reveal the key to that box, given that box has been there since 2012 for everyone to see, it's only becomes a matter of giving someone the keys so they can verify what is/was inside the message which you couldn't have changed since the box was put in place you can't access (in your example the transaction on the blockchain)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 04, 2024, 05:51:54 AM
#23
There is no parameter in the bitcoin signed message that will tell you exactly when it was signed. ECDSA does not have such a capability, and that's really all a signed message has. Like others said, the best you can do is add a date yourself, or a blockhash, or something else that could only be known at the time it was signed, to prevent backdating.
copper member
Activity: 909
Merit: 2301
January 04, 2024, 04:33:36 AM
#22
Quote
There should be some creative ways that won't be straightforward
The main idea behind it is simple: you post a transaction on-chain, and then, it is possible to refer to that later. Which means, if there is some transaction from 2012, that is confirmed on-chain, which contains R-value, matching your commitment, then it is impossible, to change it now (in 2024), without re-mining all of those blocks, and changing R-value of that signature today.

Note that you don't have to make another payment, just to confirm some message, if you don't want to. It can be outsourced, one transaction is sufficient to confirm all pending commitments, regardless of their size, which means if it would be enforced on the protocol level, then mining pools can just be responsible for that, and provide that kind of service (and it would cost them zero additional on-chain bytes, because commitments could be stored by users, and they could provide just some 256-bit hashes, to be committed).
legendary
Activity: 2464
Merit: 6687
be constructive or S.T.F.U
January 03, 2024, 08:39:12 PM
#21
So, how can people who see the message after that 100th block verify it was signed before it?

Oh, past that 100th block in your example this approach is no longer viable, if it's just a random message someone checking there would be no way to know the upper bound of the message, we would need a completely different approach to prove that after block 101 a message was indeed signed in block 50.

There should be some creative ways that won't be straightforward, maybe something like the above suggestion by vjudeu which I would need to evaluate in the time (3 am here)
copper member
Activity: 909
Merit: 2301
January 03, 2024, 06:26:19 PM
#20
Quote
So, how can people who see the message after that 100th block verify it was signed before it?
Because you can write a double-spend. Which means, things are locked in, and you cannot modify something, which was committed on-chain. If you created a double-spend intentionally, and committed it into one of your signatures, then you can later reveal that commitment.

Maybe I should show you, how the whole proof could look like, if you use commitments. Getting it "technically correct" on some test network will take some time, so here is the draft:

1. Current block hash: 00000000000000000003a9044d0dffa7630a2b63b7631412cb5598eef7781488

This is easy, and can prove, that this message was written on 2024-01-03 23:09 UTC (or later, but not before that).

2. Transaction hash: 576a95899c537e861cac07d294228b703297938310b9d780aaef2bf28a6ab8bf

Then, you make sure, that this transaction is present on-chain, it is valid, and confirmed. You find my signature, and extract it:
Code:
30440220
1a8615561a18fbc274b51d84f29e311ee93dd2242d5710149b816286bb18990d //r-value
0220
6507ca5cd1ea2a0b17b6b5f35d3ce0e9a3e536b98cb4469fb57b07da5e47bca5 //s-value
01
And then, you look at R-value of that signature, and convert it into Taproot address: bc1pr2rp24s6rrauya94rkz09833rm5nm53y94t3q9yms93gdwccnyxsxseupy

Then, if I can provide you any matching TapScript, in that case I can include any proof. Which means, if that R-value was random, then I would be able to spend by key, but not by TapScript. But if I prepared it intentionally before, then I could reveal a TapScript, for example with 'OP_RETURN "Here is my proof"'. In that case, it would be impossible to abuse it, and post that commitment on-chain (because it starts with OP_RETURN), but at the same time, it would be possible, to prove later, that I didn't generate that message in 2028, because it would require going back into 2024, and modifying R-value of that specific transaction.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
January 03, 2024, 04:31:34 PM
#19
- I include the txid for a time-locked transaction that only unlocks tomorrow night which has not been included in a block yet (this proves I did not sign the message after tomorrow)
How does this prove you didn't sign the message after tomorrow night?

Let me confirm your thought:

  • Include the current block hash to the message. This ensures you can't have signed it prior the current block's time.
  • Create a transaction that cannot be mined until the next 100th block.
  • Include its TXID to the message.
  • Sign the message and tell everyone to wait up until that block.

So, how can people who see the message after that 100th block verify it was signed before it?
legendary
Activity: 2464
Merit: 6687
be constructive or S.T.F.U
January 03, 2024, 04:08:50 PM
#18
How to verify to a court when was a bitcoin message signed any thing that proofs?

You can, but only if you plan a head before signing the message, otherwise, it's not possible.

these are timeless operations. You can only prove that a message was signed after a certain date.

You can use time-locked transaction to prove that you signed a message between two time intervals.

Say I have to sign a message tomorrow (not earlier and not later than tomorrow)

1- prove the lower bound on the signing time:

- I include the block hash of the first block tomorrow (this proves I couldn't have signed the message earlier than tomorrow)

2-prove the upper bound on the signing time

- I include the txid for a time-locked transaction that only unlocks tomorrow night which has not been included in a block yet (this proves I did not sign the message after tomorrow)

Given that not every node's clock is synced well with the rest, you are going to count on 'Bitcoin's Median Time Past', so this can't be narrowed down to the exact second, but is somewhat accurate.
copper member
Activity: 909
Merit: 2301
January 03, 2024, 02:12:39 PM
#17
Well, maybe not everything is lost. If you used some HD wallet (BIP-32 was created on 2012-02-11), or if you can gather the source of entropy, which was used to generate some transactions back then, in 2012, then this could be enough to prove, that your node generated a given transaction or address in the past. But I guess it is not easy, to recover that kind of information.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
January 03, 2024, 01:10:33 PM
#16
I can sign a message like this right now with 2012 details. It still doesnt confirm it was signed in 2012. The point is the blockchain doesnt show when this message was signed or there was btc contract call to sign in a specific date.
You cannot know when a message was signed, for the same reason you cannot know when key pairs (public key, private key) were generated; these are timeless operations. You can only prove that a message was signed after a certain date.

However there is a simple non technical solution, just post half of the signature on a social media, or post on forum asking someone to quote it for you, plus many other ways, but I'm guessing this is related to puzzles, right?
This does not preclude the possibility that you might have signed the message years before and are now publishing the signature.
copper member
Activity: 1330
Merit: 899
🖤😏
January 03, 2024, 12:18:25 PM
#15
You would need a reference regardless, to show as the proof, either it could be a third party, which would require that third party to be trusted to vouch for the time it saw your message or you could use crypto-mojo as mentioned by our friends.

However there is a simple non technical solution, just post half of the signature on a social media, or post on forum asking someone to quote it for you, plus many other ways, but I'm guessing this is related to puzzles, right?
copper member
Activity: 909
Merit: 2301
January 03, 2024, 11:40:09 AM
#14
Quote
Just sign an encrypted message.
It is better to tweak R-value of the signature, because then, nobody knows, if any commitment is included to a given transaction, or not.
newbie
Activity: 6
Merit: 3
January 03, 2024, 11:26:14 AM
#13
Thank you i will be careful next times
hero member
Activity: 560
Merit: 1060
January 03, 2024, 11:21:43 AM
#12
Regarding broadcasting a message does it reveal it to the public anyone can see it without providing him the details of it? If yes its a problem. It should remain private but only expose when needed.

Just sign an encrypted message. It will be broadcasted on the blockchain and nobody will read it. Once the time has come, just give us the decryption key. And we will read it then.

There is no way to alter the blockchain. And this is why Bitcoin is strong and secure Smiley

Edit: what vjudeu said does exactly what you want.
copper member
Activity: 909
Merit: 2301
January 03, 2024, 11:19:33 AM
#11
Quote
Regarding broadcasting a message does it reveal it to the public anyone can see it without providing him the details of it?
You don't need to include the message explicitly. All that is needed, is just replacing one random signature, with another random signature, with some offset. Then, it will be possible later to prove, that a given data is connected with a given signature, without revealing that data as a plain text, in the moment of creating it.

Which means, you can create a TapScript, with the content of "OP_RETURN ", and then convert your Taproot address, into R-value of your signature, and sign it. And because R-value of each signature, is just some public key, you can do so, with any address type you want, including P2PK.
newbie
Activity: 6
Merit: 3
January 03, 2024, 11:18:03 AM
#10
Yes, that is exactly what i want to do. Impossible as you said.

But again, you say it should be added to the code. How? I mean it existed in the code back then, but you didn't do it. I don't blame you, I just say that I don't think it's bitcoin's malfunction. The way blockchain works, as vjdue said, you would need to re-mine all these blocks. But these blocks have thousands of validations and confirmations... So...
Regarding broadcasting a message does it reveal it to the public anyone can see it without providing him the details of it? If yes its a problem. It should remain private but only expose when needed.
hero member
Activity: 560
Merit: 1060
January 03, 2024, 11:14:22 AM
#9
Yes, that is exactly what i want to do. Impossible as you said.

But again, you say it should be added to the code. How? I mean it existed in the code back then, but you didn't do it. I don't blame you, I just say that I don't think it's bitcoin's malfunction. The way blockchain works, as vjdue said, you would need to re-mine all these blocks. But these blocks have thousands of validations and confirmations... So...
newbie
Activity: 6
Merit: 3
January 03, 2024, 11:08:48 AM
#8
I can sign a message like this right now with 2012 details. It still doesnt confirm it was signed in 2012. The point is the blockchain doesnt show when this message was signed or there was btc contract call to sign in a specific date.

Something like this must be added to the btc code.

Signing and Broadcasting are 2 completely different actions. Signing means you prove that you own a message. If you want to let people know when the message was signed you need to include it in the blockchain and broadcast it in a block.

At the same time, I don't understand what you wanna do. Did you sign a message in 2012 and you want to prove now that you signed it back then?

Because if so, you need to include it in a block mined in 2012. Which is impossible.
Yes, that is exactly what i want to do. Impossible as you said.
hero member
Activity: 560
Merit: 1060
January 03, 2024, 11:05:52 AM
#7
I can sign a message like this right now with 2012 details. It still doesnt confirm it was signed in 2012. The point is the blockchain doesnt show when this message was signed or there was btc contract call to sign in a specific date.

Something like this must be added to the btc code.

Signing and Broadcasting are 2 completely different actions. Signing means you prove that you own a message. If you want to let people know when the message was signed you need to include it in the blockchain and broadcast it in a block.

At the same time, I don't understand what you wanna do. Did you sign a message in 2012 and you want to prove now that you signed it back then?

Because if so, you need to include it in a block mined in 2012. Which is impossible.
copper member
Activity: 909
Merit: 2301
January 03, 2024, 11:03:40 AM
#6
Quote
I can sign a message like this right now with 2012 details. It still doesnt confirm it was signed in 2012.
Oh, so what you want, is not a signature, but rather a commitment. Which means, you should instead point to your old transaction, for example from 2012, and reveal the data, that will match R-value of the public key, used in your signature.

And in that case, you can do that today, but not in 2012, because you would need to re-mine all blocks from 2012 to this date, to fake that kind of proof.

And yes, commitments cost money, but you can also ask someone to include a commitment to his transaction, because it would take zero additional on-chain bytes, because it is just about replacing one 256-bit number with another 256-bit number, so the size of the transaction stays the same.
newbie
Activity: 6
Merit: 3
January 03, 2024, 10:59:35 AM
#5
You can sign a message today that shows it was signed years ago. This means there's no any kind of proofs to prove q date of an old signed message?

Just sign something like this:

Code:
My name is X and I sign this message today on 2024-01-03 at 17:55. Last block hash is 0000000000000000000044ad2c3a48f04170cf1bdeec82b0c184bb683ec9985b.

I can sign a message like this right now with 2012 details. It still doesnt confirm it was signed in 2012. The point is the blockchain doesnt show when this message was signed or there was btc contract call to sign in a specific date.

Something like this must be added to the btc code.
Pages:
Jump to: