Let's Embrace BTC Trusted Timestamping

[sebastian]

The main idea is not to protect copyrighted work or proof that a idea existed in Before, since you only proof that your work existed at time T, but you cannot proof that anyone other work similiar to your work DID NOT exist at T-x. For that, we would need every work to be timestamped, which would require a law change that states that copyright or patent is invalid without a certified timestamp.

Rather, its to securely proof that data was unchanged at a specific Point of time.


Examples where timestamping can be very useful:
Corporate bookkeeping: For example here in sweden, Bookkeeping requires a software that MUST be closed-source, to be able to proof that data was unchanged at a specific Point of time. If we instead cryptographically proof it, it cant be changed without detection.

Physical contracts: It can be good to have certified time on contracts to proof that the contract was established for example Before a ID-card was revoked/barred/expired. Because if the ID-card was revoked/barred/expired at the Point of establishment, the contract can be invalid per the law. Certifying a contract can be done by for example scanning it, timestamping it and then saving the image file as proof, while still keeping the original.
Signing at "Sign with name and date" is not enough in some cases, contracts can be back-signed (by the issuer by prefilling the date, to be able to establish the contract knowing that the ID-card is stolen) or future-signed (by the signer, to be able to protest the contract after barring the ID-card as stolen). If the issuer timestamp the received signed contract, there will be clear proof that the signer future-signed it, and the signer can easly protest a back-signed contract that lacks a timestamp if all other contracts by the issuer bear a timestamp.

Digital contracts: Here the same thing - but with revoking or expiration of private keys that is the key Point here.

[1714185298]

1714185298

[1714185298]

1714185298

[1714185298]

1714185298

[1714185298]

1714185298

[AsymmetricInformation]

In summary, the amount is so small that you'll never need it back. And if you take it back nevertheless, you'll only create more load on the network. That's why I'm not convenced of that, but maybe I've overlooked something?

What are the real advantages of encoding the SHA-256 in the private key?

Something about Txout that I dont understand. But I am now convinced it should just be Ripmd160(Sha256(*)) and no go through the trouble of importing a key.

Somehow it is possible to send 0 BTC that cant be pruned.

The main idea is not to protect copyrighted work or proof that a idea existed in Before, since you only proof that your work existed at time T, but you cannot proof that anyone other work similiar to your work DID NOT exist at T-x. For that, we would need every work to be timestamped, which would require a law change that states that copyright or patent is invalid without a certified timestamp.

You dont really believe any of that, do you? What earthly system is practical under this requirement? If it is understood that this service exists, people would reasonably ask "why did you not BTC timestamp this?"

[midnightlightning]

2b) I'm not sure if it is technically correct to generate a private key from a random SHA-256. Maybe I just have to refresh my knowledge about elliptic curve asymmetric cryprography, but I'm afraid that multiple SHA-256 sums could lead to essentially the same private key, or at least to the same public key, thus reducing the trust you can put into that kind of timestamping.

Any collection of 256 bits can be a bitcoin private key.  The output from SHA-256 is perfectly suitable.  There is a miniscule chance of creating a weak key with hashing, but you can add a nonce and try again.  You should also play the lottery if that ever comes up.

Okay, so let's assume that using the SHA-256 as private key is doable. What are the benefits?

SHA-256 as ...	Cost for network	Cost for timestamper
public key	1.0 trans.	0.00050001 BTC
private key	1.1 trans.	0.00050000 BTC

In that case, you'd save 0.00000001 BTC but still produce a higher load on the network. That's not very social.

There's two other options that I can see for timestamping into the blockchain, both of which don't burn any coins, and are only one transaction:

Use the amounts sent as the hash: BitcoinTimestamp does this, and is the utility that SatoshiDice used to set their timestamp. Break the hash to be timestamped into 2-byte chunks (0-65,535 in decimal), and translate those into satoshis (max of 0.00065535 BTC cost). Create a multi-send transaction that has outputs that put the hash pieces in order. The BitcoinTimestamp utility uses 16 separate addresses, but I don't think there's any reason why this multi-send couldn't just send all the outputs back to the sending address. Or you could send to one other of your addresses to keep the coins. Zero coins get burned in the process, though the downside is a rather bloated transaction that splits out a chunk of BTC into several "dust" outputs.

Use the Script of a transaction: Currently the Transaction with a message isn't a standard message type, so you'd need a non-standard-friendly miner to get it into a block. However, with 520 bytes available as a single raw value in a Script (that can then be OP_DROP-ped), that's plenty of space for a 256-bit hash (32 bytes). If we could add that sort of transaction Script to the list of "is standard" scripts, associating a separate hash with a transaction is one of several things that could be done with it. It would make the transaction bigger by 32 bytes (or however large the "message" part of the transaction is), however.

[Wilikon]

I was going to post a new thread about using the bitcoin protocol and a way to tie a unique work of (digital) art with it to create a new type of copyright office on a global level, but I feel like maybe this thread is going there already.


I am an artist. Putting up a music track or a photo online is pretty much instant, but I have to send my recording to the Copyright office, http://www.copyright.gov/prereg/help.html#help15. Things are getting faster compared to sending my music for $35 per recording 20 years ago on a cassette via the post office. Obviously France has their laws, so does Germany and so forth.

This is a very naive question but since the protocol found a way to create a unique digital entity, why not use it to attach a unique ID to the name of an artist with all the Data he would love to provide with his creation, but being verified as being posted by him on the bitcoin protocol by all the see on a block chain like site anytime, years from now?
The same concept of transferring the rights to another person could be coded too with a contract built in. The bitcoin could release the right to make the artist creations automatically public domain 15, 20 years after his death, or whatever the artist's will was before his passing. a concept like Creative common could use the protocol too and adopt their open way using a solid foundation that goes across nations and many levels of copyright laws.

I believe pure digital arts should have value as much as a Picasso. Of course a Picasso is unique. Could not this be solve with the bitcoin protocol too? Sure some may make a copy of the art, but only the owner could prove to anyone with his public key he owns the full right of say art to be displayed in a museum for example. The museum could have a contract with the artist to  have his digital art displayed exclusively for a set of weeks or months. Right now this could be a music installation, images or tomorrow it could be some full high resolution holograms.

The other reason I believe this to be VERY important is a way to have the bitcoin protocol to be impossible to be vilified ONLY for its anonymous nature as being cash online. I am sure many thought of using the protocol as a new way to copyright their works before I did, but this concept could accelerate the adoption of the bitcoin protocol and make it legit even faster, beyond being simply "digital cash"

Anyway, should I still post all of this to a new thread?

Thank you for reading.

[phelix]

sweet:
http://vog.github.io/bitcoinproof/

It hashes your data to an address you can destroy some btm on.  Might want to do a first round hash offline so that the server does not see your data. Genius simple.

[phelix]

[copyright timestamping]

With namecoin you could link hashes to a name. Hash data to a namecoin address (like in the post above) and link it with your name.

[Wilikon]

Ok so namecoin's "structure" would be more suitable for my copyright concept than the bitcoin protocol then?

I was more in favor using bitcoin after watching this video from Mike Hearn http://youtu.be/mD4L7xDNCmA

The protocol seems very powerful to evolve into the ultimate digital stamping tool for whatever files using the web. Now that ASICs will be online, could it be that other transaction other than money would be processed faster like contracts/copyright issues, sorting through TB of data to find out who owns what contracts, etc? I could imagine a company building ASICs just for the purpose of managing a sub network of everything not related to the currency part.

[midnightlightning]

This is a very naive question but since the protocol found a way to create a unique digital entity, why not use it to attach a unique ID to the name of an artist with all the Data he would love to provide with his creation, but being verified as being posted by him on the bitcoin protocol by all the see on a block chain like site anytime, years from now?

Bitcoin's fundamental tenant is on anonymity; "attach an ID to an artist" is against the grain of that. You could force it to work, but you may want to try looking at PGP/GPG instead, which is based on giving a unique individual a unique identifier, and then they can sign/encrypt things proving to be themselves.

Bitcoin addresses can be used in this way somewhat, especially since you can now sign a message in such a way that it proves that you own a particular Bitcoin address. So, if you create a new bitcoin address, use one of the discussed ways to create a transaction that's effectively a hash of a digital asset you created, using the new address as destination, you can then create a message and sign it with that address saying "Transaction [ID] is a hash of digital asset [MySong] that I created." Make sure that signed message is public and won't be lost in time. Now you've proven that "MySong" existed at a certain time (due to the timestamp), and is related to a given Bitcoin address, and whoever is able to sign a message from that address is in possession of the private key of that address, and therefore the owner of "MySong". In your will, you can give the private key to whoever the new owner should be, to pass along ownership. This is close to what you're describing, but effectively the bitcoin address "owns" the asset, not an individual person (which may or may not be what you want).

Now that ASICs will be online, could it be that other transaction other than money would be processed faster [...]?

No, transactions will not happen faster; read up on the "difficulty" bar set into the network. Blocks will be generated every 10 minutes. If the hashing power of the miners on the network goes up (e.g. ASICs become available), the difficulty goes up too, so it still takes 10 minutes.

[melvster]

Here's an idea

1. Take a SHA256 of your document

2. Put it into http://brainwallet.org/ passphrase field

3. Send some BTC there

Bingo!  Now the existence of that file is timestamped forever in the block chain and all block chain explorers.

Question is how high should the tx fee be?  You are inviting an attack on bitcoin by parties that may not wish this file to be timestamped.  Although it will probably survive in google and other mirrors.

[phelix]

Here's an idea

1. Take a SHA256 of your document

2. Put it into http://brainwallet.org/ passphrase field

3. Send some BTC there

Bingo!  Now the existence of that file is timestamped forever in the block chain and all block chain explorers.

Question is how high should the tx fee be?  You are inviting an attack on bitcoin by parties that may not wish this file to be timestamped.  Although it will probably survive in google and other mirrors.

brilliant

sweet:
http://vog.github.io/bitcoinproof/

It hashes your data to an address you can destroy some btm on.  Might want to do a first round hash offline so that the server does not see your data. Genius simple.

[melvster]

Here's an idea

1. Take a SHA256 of your document

2. Put it into http://brainwallet.org/ passphrase field

3. Send some BTC there

Bingo!  Now the existence of that file is timestamped forever in the block chain and all block chain explorers.

Question is how high should the tx fee be?  You are inviting an attack on bitcoin by parties that may not wish this file to be timestamped.  Although it will probably survive in google and other mirrors.

brilliant

sweet:
http://vog.github.io/bitcoinproof/

It hashes your data to an address you can destroy some btm on.  Might want to do a first round hash offline so that the server does not see your data. Genius simple.

Oops ... I see what yours does now ... I was originally confused by the timestamp field and thought you filled it in.  I see it is read only now, everything makes sense.

[amincd]

Altcoins could also input hashes of their blocks in the bitcoin blockchain to provide proof of the chronological order of the blocks generated in their chain that can't be tampered through a reorganization of the alt-chain, caused, for example, by a >50% attack.

A small limitation to this is bitcoin's 10 minute block time being longer than some of the bitcoin-alts' block times. If bitcoin moved to a 1 minute block time, then it would be useful as a timestamp server in almost all situations for the existing bitcoin-alts.