Proof for a creation date

[Glenn Rempe]

On 12/5/16 4:11 AM, Bertram Scharpf wrote:
> I might resume it to two possibilities to accomplish the task:
> 
>   - Post a digest to a site where you cannot withdraw it
>     ever and where it can be retrieved by everybody. This
>     could be a Github issue, on Reddit or Twitter or maybe
>     even on the GnuPG mailing list.

Posting on a forum or github issue does not provide immutable and
cryptographically verifiable proof that a digest existed at a specific
point in time. It is very weak from that standpoint.

>     
>     The disadvantage is that you are dependent on the
>     provider of the site to continue the service and that
>     your information can be found there. This could most
>     notably become a problem because the post is, in the
>     end, an abuse of the forum.

If you use one of the services that implants your digest on the
blockchain it is guaranteed to be immutable once transactions are
layered on top of it (within minutes to hours).

This approach does NOT require the service that originally posted this
digest to continue to exist past that point in time as you can
independently verify either the digest or the merkle tree root digest
that you posted using open source software.

As an example, I wrote a Ruby wrapper for the Tierion API and this Ruby
code does not require Tierion to continue to exist past the point when
you retrieve a receipt (which are the merkle tree root verification
instructions that the code can follow). You can verify that a hash
exists in the merkle tree independently and for as long as the
blockchain exists (or as long as you keep your own independent copy of
it). This also provides consensus from thousands of miner machines as to
the rough time when a transaction containing your digest was submitted
since all transactions contain the hash of the prior transactions.
Changing and earlier hash would also require rebuilding all hashes on
top of it which is considered computationally infeasible. This is
similar to how a chain of git commits work, but distributed with real
monetary value on the line. It usually takes about 10-30 minutes from
when you submit the hash to when it is permanently and immutably
embedded in the blockchain.

Tierion is free to use, but requires you to calculate the merkle tree
proof to verify it later (not hard with open source software that is
available). www.proofofexistence.com directly submits your digest on the
blockchain (no merkle tree, your transaction is not shared with other
digests), so it is a bit easier to prove later, but you need to pay them
in BTC to cover the transaction costs and their costs at the time you
make the API call. I think its a couple of dollars worth of BTC.

See
https://github.com/grempe/tierion
https://tierion.com/docs#blockchain-receipts
http://www.chainpoint.org
https://en.wikipedia.org/wiki/Merkle_tree
https://tierion.com/docs/hashapi
https://www.proofofexistence.com

>   - Let one or more people sign your document and provide
>     the signatures yourself.
> 
>     The weak point is how to find these people and to make
>     them do what you want. The service
>     <http://www.itconsult.co.uk/stamper.htm> makes
>     signatures in a format that is no longer supported.

Not only does itconult.co.uk provide signatures from a key that is no
longer importable in modern GnuPG, you are also relying on the fact that
their system clock is accurate and can never be changed maliciously or
through error. This is not an assumption you can make. There is also no
immutable storage of the hash only a signature that was claimed to be
made at a certain time. A claim that cannot be verified later since it
is lacking context.