Eco-friendly timestamping using Bitcoin
Several people (see links below) suggested or released some software to use Bitcoin blockchain to register fingerprints of arbitrary documents. This idea has been around for quite a while under name of “colored coins”, but not many people understand its importance. You probably do not realize what Bitcoin really is about. Its use as a currency is important to make costly mining profitable, but that’s not the goal. The goal is to have a decentralized way for any group of random strangers to come to an agreement. In case of bitcoin-as-currency it is a validity of transactions. We don’t care where a dollar bill was used, but we care if it will be accepted by the next person. Likewise, Bitcoin helps to figure out which transactions will be recognized by others.
But that’s only the start. Blockchain is irreversible and indestructible. It contains timestamps. Everyone on the planet can safely assume that their version of blockchain is exactly the same as anyone else’s (unless your government switched off the Internet and you are unaware of it yet). So if you leave a fingerprint of some piece of information in the Blockchain, anyone else can later verify that you really had this piece of information at some time in the past. This could be a piece of art (to prove that someone stole a tune from you), that could be a bunch of contracts (to prove that you really had certain relationship), a trademark or name registration (“I was the first to take that name”), or anything else where we need to figure out who was the first doing XYZ.
Blockchain is not a cheap or convenient place to store tons of raw data, but we have cryptographic hash functions (SHA, RIPEMD etc.) that allow us to store just a compact fingerprint and keep the data itself somewhere else. It is just astronomically improbable that certain fingerprint appears randomly or there is another version of a document that has the same fingerprint.
So how can we store our fingerprint in the Blockchain? I have three methods on my mind. You may come up with more, I’m sure.
First one is the most straightforward. Since a Bitcoin address is a hash of a public key (RIPEMD160 of SHA256), why not using the hash of the document as an address and simply send some bitcoins there? This was already proposed by many people (it’s very easy to implement), but has unfortunate effect that you lose that amount of money forever. Because your document is not a real public key, you will never be able to find a private key to spend your coin again. At the current price of $130 per bitcoin, the smallest possible amount (0.00000001 BTC) is not that expensive, but still burning money is not very elegant. It also increases amount of “unspent coins” (“unspent transaction outputs”, UTXO, we’ll talk about them later) which increases the size of transaction database. To prevent bloat, some people will not relay or mine transactions with such small amounts. This increases delays and some bitcoin nerds will not like you for that on many grounds (although it’s none of their business). To keep everyone’s happy we should try something better. (A modification of this scheme is to send some amount, but have zero output value, so the miner will fully collect the amount as a fee. But even zero outputs can be technically spent, so it does not solve the problem of bloat.)
Another method is using a SHA256 fingerprint, but this time not as an address, but as a private key. You make a public key and address out of such private key and send some money there. When you release your document, people will be able to figure out that private key and spend that coin. To avoid that you may wait a little and spend it yourself to your private address before releasing any information. Or just use insignificant amount for anyone to pick up if they do it quicker than you. This way you don’t create “dust” outputs that will be stuck forever and make folks angry and still don’t do anything sophisticated. The only problem is that you have to wait and make a second transaction to get your money back. In addition, if you don’t wait long enough you’d have to pay an anti-spam transaction fee.
Third method is slightly more sophisticated, but requires just one transaction and still does not burn any money. Bitcoin transactions have outputs as simple scripts: short pieces of operations that must be performed on certain data to allow that coin to be spent. Usually the script is very simple “check the signature for this hashed public key”, but it can be more complex. For the purpose of timestamping we may use “1-of-2 multi-signature script”. It means that anyone can spend the transaction satisfying any one of two conditions. The transactions will contain two addresses instead of just one and you can use a private key for just one of them to spend it further. One address will be made out of a fingerprint (just like in a very first method) and another one will be a real address with an existing private key in your own wallet. This method is good because you don’t need to make any additional transactions right away and you can use any amount of BTC you want. The only problem is that this transaction is “non-standard” for a time being. This means not many clients will propagate it to miners and not all miners will include it. In other words, it will take longer than usual to get in the blockchain. But once it’s in the blockchain, everyone can see it and validate without a problem.
Hopefully, people will recognize that using blockchain for timestamping is not a hack, but its biggest feature. And that it is also possible to use that feature without making anyone feel uneasy about it.
Links:
- BitCoin is a public ledger: https://news.ycombinator.com/item?id=5796935
- btproof, timestamping tool: https://news.ycombinator.com/item?id=5790382