Exploiting Special Properties of Bitcoin For Uses Other Than Currency

[grondilu]

In this case you don't rely on the timestamp, but the sequence number, and you pay a high price by discouraging other people from using bitcoins.  Just read the other comments here.  There are so many other ways of doing what you describe in standard ways, free, accepted by courts, etc, and with precision allowing you to release the file a second later, that you should pause and ask yourself if this is a brilliant way to waste a good currency.

Using publications, blogs and so on are not that good.  It's not as robust as bitcoin would be.  Because it depends on the assumption that the used public editor wouldn't care enough to take advantage of his status.  Basically an agreement could be secretly done between one of this editor and a wanna-be counterfainter.  So essentially this method is good as long as it is not too much generalised and that it doesn't catch too much attention.  Also, such methods are not systematic.  You basically need to find a good source of digital entropy, and hope that it is reproduced enough in the cyberspace, so that you can make sure that your added data will be preserved there.  It's not systematic, and requires quite some human work.

I also don't understand why you consider using bitcoin for timestamping would "waste" the currency.  It's fondamentaly the same function that is used, only for different purpose.  Anyway I very much doubt the volume of timestamping transactions would be large enough to disturb the network.  As I see it, monetary purpose would be way larger than timestamping.

Btw, your hash isn't worth much if the hashing algorithm is broken.  You better sign and post the entire file, not the hash of it.  At least post more than one kind of hash of the file, if it is important to you.  The blockchain in Bitcoins make it impossible to change your hash, but your hash itself may be worthless because someone can claim that you have changed their work in subtle ways to make it match your hash.

Well, if you question the security of the hash algorithm, then you question everything.  This is way too much a big hypothesis.  Especially if you consider the possibility of a collision, as you seem to do.

All of this can be done out of the blockchain or in a separate blockchain if you insist on connecting it to Bitcoins.  Perhaps another blockchain demanding accurate timestamps, if what you want is timestamps.

Doing a separate block chain specialised in timestamping of signed documents could be a possibility, indeed.  But I doubt their would be enough nodes to keep it running.  What would be the intencive for those nodes to mine ?  It is way much simpler to just use the current bitcoin network.

[1714191016]

1714191016

[1714191016]

1714191016

[1714191016]

1714191016

[FreeMoney]

I dont get why people want to introduce incidental things into the currency chain.
If you want a different purpose start a new project.

I don't get why someone wouldn't. If everything is set up and nothing can prevent it, why build a new one that will be weaker? Even if it did damage bitcoin that isn't an incentive that will keep people from doing it. If this is a problem for bitcoin then bitcoin isn't that good since it gives incentives, apparently, for exactly this kind of use.

I'm not saying that I think it will be a problem for bitcoin. I'm saying that problems for bitcoin are not an effective deterrent and you either need to consider that a weakness of bitcoin or simply not a problem. I can't make up my mind, but I'm leaning towards "not a problem".

[grondilu]

I'm not saying that I think it will be a problem for bitcoin. I'm saying that problems for bitcoin are not an effective deterrent and you either need to consider that a weakness of bitcoin or simply not a problem.

Very true.


Satoshi has created some kind of a decentralised giant clock.  It's ticking at an approximative rate of 6 ticks an hour.  Such a clock that can't be controlled by no one in particular will necessarly have some use in the future.

[sturle]

In this case you don't rely on the timestamp, but the sequence number, and you pay a high price by discouraging other people from using bitcoins.  Just read the other comments here.  There are so many other ways of doing what you describe in standard ways, free, accepted by courts, etc, and with precision allowing you to release the file a second later, that you should pause and ask yourself if this is a brilliant way to waste a good currency.

Using publications, blogs and so on are not that good.  It's not as robust as bitcoin would be.

Then don't use publications, blogs, etc.  Use e-mail, wikis, facebook, IRC (logged channel), snailmail, public syslog servers, fax via internet fax services, Twitter, etc.  There are limitless possibilities, and many are well suited to post the work in full.

I also don't understand why you consider using bitcoin for timestamping would "waste" the currency.  It's fondamentaly the same function that is used, only for different purpose.

No, it isn't.  The timestamps in the blockchain are not ment for timestamping Bitcoin transactions, just the blocks.

Btw, there is a race condition in your plan to post a hash of something in a transaction.  Someone who picks up the hash from your transaction can send a new transaction with the same hash embedded.  If both make it in the same block, you have no way of knowing who was first.  If the other one makes it into a hash before you, possibly by paying a higher fee, then you lost the race completely.  You have to encrypt your message to make it unreadable for others.

Anyway I very much doubt the volume of timestamping transactions would be large enough to disturb the network.  As I see it, monetary purpose would be way larger than timestamping.

Timestamping transactions?

Btw, your hash isn't worth much if the hashing algorithm is broken.  You better sign and post the entire file, not the hash of it.  At least post more than one kind of hash of the file, if it is important to you.  The blockchain in Bitcoins make it impossible to change your hash, but your hash itself may be worthless because someone can claim that you have changed their work in subtle ways to make it match your hash.

Well, if you question the security of the hash algorithm, then you question everything.  This is way too much a big hypothesis.  Especially if you consider the possibility of a collision, as you seem to do.

Collision attacks on MD5 are well known.  Find bits which can be flipped without changing the hash, flip, repeat.  The first collision attack on SHA-1 was published in 2005, and found a collision in only 2^63 operations.  Those attacks do not change everything, and the blockchain is immune to simple collision attacks due to it's length and the merkle hash on top.  The single hash you put in there as "proof" of something is not, since you don't need to change that hash.

All of this can be done out of the blockchain or in a separate blockchain if you insist on connecting it to Bitcoins.  Perhaps another blockchain demanding accurate timestamps, if what you want is timestamps.

Doing a separate block chain specialised in timestamping of signed documents could be a possibility, indeed.  But I doubt their would be enough nodes to keep it running.  What would be the intencive for those nodes to mine ?  It is way much simpler to just use the current bitcoin network.

You could pay the nodes mining the other chain with bitcoins for transactions.  Thereby using bitcoins as a currency, as it was always ment to be.

[grondilu]

Btw, there is a race condition in your plan to post a hash of something in a transaction.  Someone who picks up the hash from your transaction can send a new transaction with the same hash embedded.  If both make it in the same block, you have no way of knowing who was first.

That's what I thought : you don't really understand how it works.

You are supposed to post a hash of the SIGNED file (in other words, the signature).   There's no point sending a hash of a file signed by someone else.

[sturle]

Btw, there is a race condition in your plan to post a hash of something in a transaction.  Someone who picks up the hash from your transaction can send a new transaction with the same hash embedded.  If both make it in the same block, you have no way of knowing who was first.

That's what I thought : you don't really understand how it works.

You have a something that works now?

You are supposed to post a hash of the SIGNED file (in other words, the signature).   There's no point sending a hash of a file signed by someone else.

This is not what you wrote here:

Imagine I make a nice audiovisuel file (movie, song, whatever).  I can sign and timestamp the hash of this file, and now all I have to do is to wait at least a few hours before releasing the file.  Then there is no way anyone could sign my file and timestamp it inside a previous block.  It's just as much impossible as it is impossible to steal some bitcoins from the block chain.

I assumed you signed it by your transaction (a key in your wallet) and timestamped it by the timestamp in the block it made it into.  This is the simplest explanation.  If you have a clear understanding of how this works which is more complex than what you wrote, I suggest you write it here instead of harassing people who read your posts.  Am I correct in that you want to use the timestamp in the block, or do you want to timestamp the hash in some other way?

I still don't understand why you want to discourage bitcoin users and make Bitcoins less efficient by putting junk in the block chain.

[casascius]

What happens when your timestamp gets pruned off the blocks' merkle trees?  Then it is useless.

[grondilu]

This is not what you wrote here:

Imagine I make a nice audiovisuel file (movie, song, whatever).  I can sign and timestamp the hash of this file, and now all I have to do is to wait at least a few hours before releasing the file.  Then there is no way anyone could sign my file and timestamp it inside a previous block.  It's just as much impossible as it is impossible to steal some bitcoins from the block chain.

I assumed you signed it by your transaction (a key in your wallet) and timestamped it by the timestamp in the block it made it into.  This is the simplest explanation.  If you have a clear understanding of how this works which is more complex than what you wrote, I suggest you write it here instead of harassing people who read your posts.  Am I correct in that you want to use the timestamp in the block, or do you want to timestamp the hash in some other way?

I thought is was clear since we've already talked about that in an other thread.

I was obviously talking about a GPG signature.  But indeed a ECDSA signature would do.

So I make a signature of my text, compute the sha256 hash of this signature, turn it into a valid bitcoin address(there is a function to do that somewhere), and finaly I send 0.01 bitcoin to this address.

It doesn't cost the network more than a ordinary transaction would.


PS.  The thread where this has been discussed :
http://bitcointalk.org/index.php?topic=2077.msg28775#msg28775

[davout]

What happens when your timestamp gets pruned off the blocks' merkle trees?  Then it is useless.

You don't seem to know what you're talking about

[Stephen Gornick]

http://en.wikipedia.org/wiki/Steganography

Though if I sent to you the following:

0.66 BTC
0.73 BTC
0.84 BTC
0.69 BTC
0.32 BTC
0.77 BTC
0.69 BTC
0.33 BTC

I would have failed -- not just because it cost me over 5 BTC (even before any transaction charges) just to send a lousy 8 bytes of data, but it would be easy to tell that I was sending data.  But as a channel for sending a message, in a pinch it might be useful.

[grondilu]

http://en.wikipedia.org/wiki/Steganography

You don't get it.  It's not steganography at all.  You don't really send any data to the network.  It is the same amount of "data" injected, whether you timestamp a "hello world" or a 1Go tarball !


It seems that I have to make an example to make it really clear.

So, I'm going to time stamp the tarball version of bitcoin, version 0.3.19.

First, I make a GPG signature of it :

$ gpg -s bitcoin-0.3.19.tar.gz

This creates a bitcoin-0.3.19.tar.gz.gpg file, whose sha256 sum is :

$ sha256sum bitcoin-0.3.19.tar.gz.gpg
9e3d69700386772814b0e8c9723d8162c8d88c94479dbd24f18f280b

I turn this hash into a bitcoin address using the convertor in bitcoin block explorer

$ wget -O - -q http://blockexplorer.com/q/hashtoaddress/9e3d69700386772814b0e8c9723d8162c8d88c94479dbd24f18f280b
1BehjJ4trLTY1G148PntLkzb99UYYg5qWEotEAGudWXaW

Finally, I send 0.01 BTC to this address.

$ bitcoind sendtoaddress 1BehjJ4trLTY1G148PntLkzb99UYYg5qWEotEAGudWXaW 0.01

Hum...  bitcoin tells me it's an invalid address.  There must be a bug, but you get the idea, right ?

[theymos]

Hum...  bitcoin tells me it's an invalid address.  There must be a bug, but you get the idea, right ?

You need to use a 160-bit hash. SHA-1 or RIPEMD-160, for example. You could also truncate the SHA-256 hash to 160 bits -- this generally gives nearly as much security as using the entire hash. Ensure that you give /q/hashtoaddress exactly 40 hex characters in order to receive a valid address.

For Bitcoin addresses, Bitcoin first does a SHA-256 hash and then does a RIPEMD-160 hash on the output.

[Stephen Gornick]

http://en.wikipedia.org/wiki/Steganography

You don't get it.  It's not steganography at all.  You don't really send any data to the network.  It is the same amount of "data" injected, whether you timestamp a "hello world" or a 1Go tarball !


It seems that I have to make an example to make it really clear.
[...]

I guess I should have included Jimbobway's message to indicate what my reply was a response to:

[...]
Please brainstorm how to use bitcoins in new ways and post your ideas here.  

I've decoded the ASCII character that represents the amount sent in each of those 8 transactions:
0.66 BTC  = B
0.73 BTC  = I
0.84 BTC  = T
0.69 BTC  = E
0.32 BTC  = [space]
0.77 BTC  = M
0.69 BTC  = E
0.33 BTC  = !

That is steganography, no?  And that is using bitcoins in a new way?

[Anonymous]

http://en.wikipedia.org/wiki/Steganography

You don't get it.  It's not steganography at all.  You don't really send any data to the network.  It is the same amount of "data" injected, whether you timestamp a "hello world" or a 1Go tarball !


It seems that I have to make an example to make it really clear.
[...]

I guess I should have included Jimbobway's message to indicate what my reply was a response to:

[...]
Please brainstorm how to use bitcoins in new ways and post your ideas here.  

I've decoded the ASCII character that represents the amount sent in each of those 8 transactions:
0.66 BTC  = B
0.73 BTC  = I
0.84 BTC  = T
0.69 BTC  = E
0.32 BTC  = [space]
0.77 BTC  = M
0.69 BTC  = E
0.33 BTC  = !

That is steganography, no?  And that is using bitcoins in a new way?

+10

[mestar]

It would be enough, and much easier to mail it to someone.  Use a gmail address or something, and you will have your timestamps accurate to the second, at least, on many external locations. 

So you would have a timestamp that can be changed if you have access to the server.  No central authority is needed for Bitcoin timestamps.

[mestar]

If I wanted to timestamp a hash in a publicly obvious way to prove later that I had known an idea at a certain date... I don't need Bitcoin.

I would merely go put the hash on my user page over at Wikipedia, and then perhaps remove it so it is visible only in the history.  The edit history is visible to the world, probably will never get erased, will get mirrored a ton

And again, somebody with access to the server could change the time on the page.  Bitcoins solve the problem of what came before with no central authority needed. 

[Stephen Gornick]

Please brainstorm how to use bitcoins in new ways and post your ideas here.  

Or, how about this one ....

To facilitate Anonymous Voting

It wouldn't work where one person gets only one vote, but for popularity type voting, casting votes by way of Bitcoin would be an quick and easy way to hold a secret ballot vote.

Setting a specified minimum amount (e.g., 1 BTC) would give a disincentive for submitting too many votes.

e.g.
Those supporting plan A send to [bitcoin address A]
Those supporting plan B send to [bitcoin address B]

[grondilu]

Setting a specified minimum amount (e.g., 1 BTC) would give a disincentive for submitting too many votes.

e.g.
Those supporting plan A send to [bitcoin address A]
Those supporting plan B send to [bitcoin address B]

Personnaly I'd be ok with that but I'm pretty sure most people won't.   Ploutocracy hasn't been moraly accepted since ancient greece.

[FreeMoney]

Please brainstorm how to use bitcoins in new ways and post your ideas here.  

Or, how about this one ....

To facilitate Anonymous Voting

It wouldn't work where one person gets only one vote, but for popularity type voting, casting votes by way of Bitcoin would be an quick and easy way to hold a secret ballot vote.

Setting a specified minimum amount (e.g., 1 BTC) would give a disincentive for submitting too many votes.

e.g.
Those supporting plan A send to [bitcoin address A]
Those supporting plan B send to [bitcoin address B]

Winners' money is given to the losers as compensation imo.

[mimarob]

Maybe this is not a new use of bitcoins, but I thought before of using stamps for emails. (Stamps as in old-fashioned letter stamps).

If we could have our emails stamped in some way with bitcoins, then one could configure ones mail reader to show stamped (and payed for) emails with a priority.

Suppose we payed maybe only a fraction of a cent per email, that would make it more expensive for spammers to reach out.

(You could still send your emails free but that would mean it would end up in the junkmail folder of the receiver)

Having a few billion emails stamped a year would mean a huge turnaround for the bitcoin systems.

As said before, this is not a new use, but the cheapness of bitcoin transactions might make it practical and possible.