wolciph (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
 |
August 26, 2011, 04:25:45 PM |
|
The purpose of the following method and script is to permit one to provide a proof of the authenticity of a document, that is prove that a document is the original version, that it has not been altered since it's first publication. This can have several uses, such as proving authorship, or preventing an adversary from spreading disinformation or confusion about for instance the date and location of an event (e.g. if "Anonymous" wishes to coordinate a DDOS attack). Another example which triggered my interest in this is that of Breivik's manifesto of which some decided to spread altered versions in order to make the original message difficult to find and spread. (note: I do not support Breivik; I am merely providing a method that can help all people, regardless of their intention. In the end, this method benefits the Truth.)
The idea is to insert a hash of a document in a block before publishing said document. Then, as the blockchain grows, it becomes increasingly difficult to modify this block and the hash it contains, thus providing a cryptographic proof that this exact document existed at a certain point in time. So, in order to be able to prove a document of mine is authentic I would first have to publish it's hash in the blockchain and then wait a sufficient amount of time for two things: - that the blockchain has grown sufficiently that modifying the block of my hash has become infeasible; - and more importantly, that enough time had elapsed that there would be no doubt in the eyes of my public that the document was not publicly available at the time I inserted the hash. Thus, depending on the situation, waiting weeks or months after insertion of the hash may be necessary before publishing.
Technically, there are several ways of inserting a hash in the blockchain. One would be to send transactions of amounts which, once concatenated, would form the hash. This method is somewhat impractical. Another is to generate a "false" bitcoin address formed from the hash and to send a small amount of bitcoins to it (e.g. one satoshi). This is the method implemented in my script. Yet another would be to instead generate the bitcoin private key from the hash, by using it as seed for the pseudo-random number generator for instance, and later disclosing this private key to enable verification.
|
|
|
|
|
|
The trust scores you see are subjective; they will change depending on who you have in your trust list.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
wolciph (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
 |
August 26, 2011, 04:26:56 PM |
|
I can already hear the screams of "Satoshi intended the bitcoin blockchain for bitcoin transfer only" and the like but once again I am merely providing a tool which you may or may not use at your own discretion. There is also no blockchain more secure than that of bitcoin and I am afraid that a blockchain specifically for the purpose of POA may never catch on and never be secure enough against powerful adverseries. Anyhow, I do not see this method being used on a daily basis by many so it would not pose much risk of overloading the network, especially given the need for transaction fees. Bellow, is a bash script which enables creation and verification of a bitcoin POA. It requires the original bitcoin client running as a daemon for creation of a POA and Gavin Andresen's dbdump.py ( https://github.com/gavinandresen/bitcointools/tree/45f5c0030ac9a121fff504b0ffd27efc27423bde) for verification. #!/bin/bash #bitpoa: Bitcoin blockchain based proof of authenticity #Author: Wolciph #Public domain, use at your own risk set -e
#config: interactive=1 hashAlgo=sha256 amount=0.00000001 fee=0.0001 keyType=pk infoFile='info.poa'
bitcoind=~/bitcoind bitcoinDir=~/.bitcoin/ dbdump=~/bitcointools/dbdump.py
cd "$(dirname "$0")" . addrgen.so.bash #. bitpoa.conf cd - >/dev/null
_tries=5 get_transaction_block() #(txid) { #workaround to access block of transaction: local c=$($bitcoind getblockcount) local b=$($bitcoind gettransaction $1 | grep -m1 '"confirmations" :' | sed -r 's/^.*"confirmations" : ([0-9]*).*$/\1/g'; [[ ${PIPESTATUS[@]} = '0 0 0' ]]) local c2=$($bitcoind getblockcount) if (( $c2 == $c )); then echo $((c - b + 1)) elif (( _tries > 0 )); then ((_tries--)); get_transaction_block else echo "Cannot get stable blockcount. Wait until your blockchain is up\ to date and try again." >&2 return 2 fi } get_field() #(field) { grep -m1 "^$1:" | sed -r "s/^$1:(.*)$/\1/g" [[ ${PIPESTATUS[@]} = '0 0' ]] }
check_pipes() { [[ "${PIPESTATUS[@]}" =~ ^0(\ 0)*$ ]]; }
help="bitpoa Bitcoin blockchain proof of authenticity tool: Examples: These tasks require the bitcoin server to be active: Creation: $0 -cf document.txt -i info.poa -a sha256 -A 0.00000001 Finding the block: $0 -b -i info.poa This task requires the bitcoin server to be stopped: Verifying: $0 -vf document.txt -i info.poa Commands: -c, --create : create and send _amount_ coins to a new address -b, --find-block : find the block in which the new transaction is to complete the info file -v, --verify : verify a POA -f, --file= : file from which to create a hash -i, --info-file= : info file to read or write info for checking the POA -h, --hash : do not hash the file (to use if it already is a hash) -a, --algo= : the hashing algorithm; uses openssl -y, --assume-yes : do not prompt before critical operations, non-interactive -s, --secret-key : use hash in the private key (NOT IMPLEMENTED) -A, --amount= : amount of bitcoins to send (WILL BE LOST FOREVER!!!) -F, --fee= : transaction fee " #------------------
OPTS=$(getopt -o cvbf:i:ha:yA:F: \ --long create,verify,find-block,file:,info-file:,hash,algo:,assume-yes,help,amount,fee\ -n "$0" -- "$@") if [ $? != 0 ]; then echo "Terminating. Use --help for help." >&2; exit 1; fi eval set -- "$OPTS" while true; do case "$1" in -c|--create) action=create; shift;; -v|--verify) action=verify; shift;; -b|--find-block) action=findBlock; shift;; -f|--file) file="$2"; shift 2;; -i|--info-file) infoFile="$2"; shift 2;; -h|--hash) hash=1;; #the file cointains the hash -a|--algo) hashAlgo="$2"; shift 2;; #first round (followed by ripemd160) -y|--assume-yes) interactive=0; shift;; -s|--secret-key) keyType=sk; shift;; -A|--amount) amount=$2; shift 2;; -F|--fee) txfee=$2; shift 2;; --help) printf "%s" "$help" >&2; exit 0;; --) shift; break;; *) echo "Invalid argument: $1. Use --help for help." >&2; exit 1;; esac done [ -n "$1" ] && { echo "Unknown extra argument: $1" >&2; exit 1; } [ -z "$action" ] && { echo 'No action specified (-c|-v|-b)' >&2; exit 1; }
if [[ $action = findBlock ]]; then txid="$(get_field txid < $infoFile)" block=$(get_transaction_block $txid) printf "%s\n" "block:$block" >> $infoFile exit 0 fi
if [[ "$hash" = '1' ]]; then hash=$(cat "$file") else hash=$(cat "$file" | openssl dgst -$hashAlgo -hex; [[ ${PIPESTATUS[@]} = '0 0' ]];) || { echo "Error while hashing using $hashAlgo. Exiting." >&2; exit 1; } fi
if [[ $keyType = pk ]]; then h=$(xxd -p -r <<< "$hash" | openssl dgst -rmd160) address=$(hash160ToAddress $h) else exit 1 #use hash as seed for prng? fi
if [[ $action = 'create' ]]; then printf "%s\n%s\n%s\n" "file:$file" "algo:$hashAlgo" "address:$address" > $infoFile cmd="$bitcoind -paytxfee=$txfee sendtoaddress $address $amount" if [[ $interactive = '1' ]]; then echo "Warning: $amount bitcoins will be lost forever." >&2 printf '%s\n%s\n%s\n' "The following command is about to be sent to the bitcoin daemon:"\ "$cmd" "Make sure it is running. Proceed? (y/n)" >&2 read r [[ "$r" =~ ^y(es?)?$ ]] || exit 0 fi echo -n 'txid:' >> $infoFile eval $cmd >> $infoFile if [[ $interactive = '1' ]]; then printf "%s%s\n" 'You must now wait for the transaction to be '\ "integrated into a new block before launching $0 -b [...]" >&2 fi elif [[ $action = 'verify' ]]; then address2="$(get_field address < $infoFile)" if [[ "$address2" != "$address" ]]; then printf "%s\n" "FAILURE: The address is incorrect (should be $address)!" >&2 exit 5 fi block=$(get_field block < $infoFile) blockInfo="$($dbdump --block=$block)" if ! (grep -m1 "pubkey: $address" <<< "$blockInfo"); then echo "FAILURE: The address is correct but does not appear in the given block!" >&2 exit 6 fi echo "The address is correct and was published in the blockchain at around:" grep -m1 '^Time: ' <<< "$blockInfo" | sed -r 's/Time: (.*) Nonce:.*$/\1/' fi
Usage examples: These tasks require the bitcoin server to be active: Creation: ./bitpoa.bash -cf document.txt -i info.poa -a sha256 -A 0.00000001 Finding the block: ./bitpoa.bash -b -i info.poa (for creation, a second step must be taken to find the block of the transaction in order to speed up verification) This task requires the bitcoin server to be stopped: Verifying: ./bitpoa.bash -vf document.txt -i info.poa
|
|
|
|
wolciph (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
 |
August 26, 2011, 04:30:37 PM Last edit: August 26, 2011, 04:46:44 PM by wolciph |
|
I would like to thank Grondilu for his bash library (I guess we could call it that) for generating bitcoin addresses. Here is a bitpoa info file for the script, that I just made for testing purposes: file:bitpoa.bash algo:sha256 address:1Dga4BiLThvbFeA7b2sxzQx2G85uCk67kr txid:9209f8bfaa967cf2530a6a708ac12b370615ca4e4d5242e8bc28261f12522bce block:142683
You can check it with bitpoa -v -f bitpoa.bash -i bitpoa.bash.poa where bitpoa.bash.poa is this info file. But it may not work if you copy/paste due to tabbing (yes, I know: tabs are evil) and newlines. However, it should work with the file provided in the archive below. (blockexplorer link: http://blockexplorer.com/address/1Dga4BiLThvbFeA7b2sxzQx2G85uCk67kr) Megaupload link to an archive containing the script, grondilu's script and Gavin Andresen's tools: http://www.megaupload.com/?d=BR470E20(sha256sum: 76ee03f4dc494af8fe16d0340679803eeb745394dbb97d1e1e96c8ebe3d5db2a bitpoa.tar.gz) Sorry for multiple posts but I'm having problems sending it all in one chunk.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5040
Merit: 11971
|
 |
August 27, 2011, 04:21:44 AM |
|
There's a very easy way to do this without any program: First, SHA-1 the data you want to timestamp (or RIPEMD-160, or SHA-256 and truncate to 160 bits). Then use this to turn it into an address: http://blockexplorer.com/q/hashtoaddress/putHashHereThen, send any amount of BTC to the returned address. (If you modify Bitcoin, it's actually possible to create a transaction that sends 0 BTC to an address, which would also work. Then you don't have to destroy BTC.) Finally, you can see the timestamp here: http://blockexplorer.com/q/addressfirstseen/timestampAddress
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
ArtForz
|
 |
August 27, 2011, 05:23:30 AM |
|
|
bitcoin: 1Fb77Xq5ePFER8GtKRn2KDbDTVpJKfKmpz i0coin: jNdvyvd6v6gV3kVJLD7HsB5ZwHyHwAkfdw
|
|
|
wolciph (OP)
Newbie
Offline
Activity: 33
Merit: 0
|
 |
August 27, 2011, 05:02:21 PM |
|
I did do a quick search before posting but didn't find anything. Well, anyhow, my implementation still has the advantage of being automated and not relying on trust in blockexplorer I guess.
|
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1006
|
 |
August 27, 2011, 06:06:27 PM |
|
You can do this on your own offline as well.
|
|
|
|
Frozenlock
|
 |
September 11, 2011, 05:57:32 PM |
|
Just so you know, I used this in a real life situation. I just moved in a new apartment. The previous occupant obviously left a window opened and it rained inside. Now part of the floor is ugly.  I told the owner about it, but I still want to keep a proof that I didn't do it. (What if he dies? Did he wrote somewhere the floor is in this state?) Instead of "hoping" nothing bad happens, I took some pictures, zipped them, got the SHA-1 and sent 0.01 BTC to the equivalent address. Here is the official time-stamp that will protect my ass if I ever need to: http://blockexplorer.com/q/addressfirstseen/1Lx3wYgWJJ6Rxj3EyXf8riMFd9SCZNVFzD
|
|
|
|
ElectricMucus
Legendary
Offline
Activity: 1666
Merit: 1057
Marketing manager - GO MP
|
 |
September 11, 2011, 06:05:07 PM |
|
A more automated way to accomplish this would be nice. Lets do this 
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1018
|
 |
March 31, 2012, 09:04:07 PM |
|
A more automated way to accomplish this would be nice. Lets do this  the service could safe-keep the data itself, too (just in case the customer misplaces it) and help with providing expert witnesses for use in court.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
bitcool
Legendary
Offline
Activity: 1441
Merit: 1000
Live and enjoy experiments
|
 |
March 31, 2012, 09:27:18 PM Last edit: March 31, 2012, 09:41:07 PM by bitcool |
|
Just so you know, I used this in a real life situation. I just moved in a new apartment. The previous occupant obviously left a window opened and it rained inside. Now part of the floor is ugly. http://img8.imageshack.us/img8/8408/dsc01021mf.jpgI told the owner about it, but I still want to keep a proof that I didn't do it. (What if he dies? Did he wrote somewhere the floor is in this state?) Instead of "hoping" nothing bad happens, I took some pictures, zipped them, got the SHA-1 and sent 0.01 BTC to the equivalent address. Here is the official time-stamp that will protect my ass if I ever need to: http://blockexplorer.com/q/addressfirstseen/1Lx3wYgWJJ6Rxj3EyXf8riMFd9SCZNVFzDThat 0.01 BTC was sent to hyperspace and even Satoshi can't get it back, correct?
Smart but a more sustainable approach will be better. Edit: Sorry, didn't scroll up far enough to see theymos's comment.
|
|
|
|
mila
|
 |
March 31, 2012, 09:36:26 PM |
|
(If you modify Bitcoin, it's actually possible to create a transaction that sends 0 BTC to an address, which would also work. Then you don't have to destroy BTC.)
I thought it was legal to send 0.00 btc as long as I pay the .0005 fee I like the approach of commit coin. they do not destroy the bitcoins at all, in fact the message is computed from the send to and send from transactions. but could be pruned from blockchain eventually. (unless a satoshi is left in the account, but that could be spend by the attacker and empty address pruned anyway) maybe burning bitcoin is the cost of this
|
your ad here:
|
|
|
|