62 comments

[ 2.3 ms ] story [ 118 ms ] thread
Neat. Trusted timestamping (which this provides) is a useful primitive.
It's actually surprising to me that there isn't already some established service for doing this. Situationally useful, but still a pretty cool way to handle things like dating a trade secret without revealing it.
Reading the https://proofofexistence.com/about is really helpful, because I really didn't understand this at all.

While this is interesting, is there any concern about over use of the bitcoin blockchain? It's currently 65GB in size[0], which means it's fairly usable, and with a big enough system you could still store the entire thing in memory. What happens when it's 65TB? 65PB? Won't using it for lots and lots of things cause issues long term? Or am I missing something here?

[0] https://blockchain.info/charts/blocks-size?timespan=all

Eventually you'll be able to trim some parts, and only full nodes will need to store everything. The code is not quite ready yet, though. I believe there were plans to include a hash of the unspent transactions set in each block, so you could have effectively the same security by only verifying the block headers up to the latest block, and the unspent transactions set. Not sure if they ended up including that, though.

There were a couple other interesting proposals along the same lines as well.

You can already tell the bitcoin client to prune old blocks, because theoretically you don't need to keep any blocks more than a few hours old as long as you maintain a database with the last known ownership of every coin. In the future you could expect a setting to have the client ignore coins you don't control and crunch the entire db down to less than 1 GiB.
Yeah, but you still need to download all of them at least once to ensure there aren't missing transactions. The proposal with the UTXO set would allow you to only download headers+UTXO.
Yes, you do currently have to download the whole blockchain at least once. I can't remember if you have to save the whole thing before pruning begins or if it can prune as it goes along. Hopefully the headers+UTXO proposal will be implemented soon, as the total size of the headers is only 32 MiB (80 bytes per block) and the total size of the UTXO set is only 1.2 GiB. We've already dramatically reduced the bandwidth requirements with Xtreme Thinblocks, so storage cost is the major limiting factor for running a node.
Of every address. There is no such thing as a bitcoin.
Sorry, I have a bad habit of using "coin" to mean UTXO. You actually don't care about every address, only the ones with balance.
This service only stores the hash of the document in the blockchain, so it only increases the size of the DB marginally. The tendency for the blockchain DB to grow is in part limited by that storing anything in the blockchain requires a transaction, and transactions cost money, which goes to the miners, who in turn bear the expenses of storing the DB as part of their mining equipment.
two years ago I tried to store the hashes of everyone's unique DNA in the blockchain in a parseable format

even compressed it was completely untenable space-wise due to the amount of people this would need to support and secondly the amount of transactions the network supports

so........ you're wrong.

I think proofofexistence.com existed at that time as well so why is this even news? bitcoin's been around for a whiiiiiiile

Yes but the bitcoin blockchain isn't just used for storing doc hashes
That "About" page was frustrating to read. It talks about "common uses" without talking about actual use cases. Like, no realistic scenarios where this thing would come in handy. What industries would it be particularly useful in? Legal? Real estate? Logistics?

The press releases at the bottom talk about it having potential to be used as a notary service, but even those are lacking detail.

edit: getting downvoted by bitcoin fanboys. should have seen that coming!

The only obvious use I could think of is proof of invention of some idea. Like the old "Mail a letter to your self and don't open it proof".
Exactly the same as my first thought.
Funny, for me the page actually mentions two applications. (But without any evidence that it would actually hold up in court, which tends to be the thing that matters in such cases)
Well, it's mathematically provable, so...Just need a judge who permits logic in court. Good luck with that.
Did you really have no ideas of your own of realistic scenarios after reading that page? I find that not entirely surprising, I guess, but your tone certainly is.
I'm building a fun little service based on storing the hash of a document created by user input. I think it can be very useful and even fun if presented the right way.
Intellectual property comes to mind. A draft of a book, a screenplay, a scientific discovery found by a corporation that they want to keep a trade secret.
I like this. Would have been amazing if this existed before the social explosion of the web. Where everyone is constantly stealing everyone elses work.
Why is this better than archive.org?
It's computationally difficult for anyone to forge it. While the operators of archive.org could easily forge an old timestamp.
Computationally difficult is a bit of an understatement. It is not possible to alter the bitcoin blockchain once a block is added and confirmed. With limitless resources, you could perform a withholding attack to modify the most recent half-hour to one hour's worth of transactions, but that would take tens of millions of dollars in hardware and only be temporarily successful.
You could go back in time indefinitely with unlimited resources. Would require a big reorg, but still possible.
For the purposes of proving that a document exists no, you really couldn't go back in time, if this were to happen it would be a monumental time for bitcoin, and the old blockchain would be well known & referenced.

So for the purposes of proving that you wrote that document it really doesn't matter if that were to happen.

Depends who you're proving it to; if you can isolate them, it still works.
You can sign (and thus prove its existence) any file that isn't necessarily on the open web.
So do I understand right that whoever hosts this service is paying 0.0001 BTC (4 US cents) for each document as the transaction fee?
I don't know for sure, but they are charging 5 mBTC. So if you're right, they could be earning quite the margin!
I wonder what Descartes would say to this.
Kinda cool, but how is this any better than just gpg signing? Is it because you could fake a timestamp with gpg but not with this?
Right, the GPG timestamp is trivial to fake. There is also RFC 3151 timestamp protocol, but it uses a trusted third party rather than distributed trust.
Is this Bitcoin time stamping thing the only alternative, or are there other ways to securely time stamp a document?
Depends whether you are willing to consider a solution relying on a trusted third party "secure".
It is good to compare with the legibility of a proof of existence Ethereum contract: https://github.com/maran/notareth/blob/master/contract.sol
To be clear, you're comparing this to the Bitcoin script used by this website?

   OP_RETURN <hash of document>
That is not the only part of the story and probably you know this and you are hiding it to the general audience that doesn't know about Bitcoin internals.

You don't have a global getter on bitcoin transactions to get the hash of every document, so querying all the documents persisted on the Bitcoin blockchain you should build a database outside the Bitcoin blockchain to obtain them.

And don't forget the strict buffer limitations in the OP_RETURN that makes difficult to add more data and require to span the buffer within multiple transactions.

They should have called this Satoshi As A Service (SAAS)
You win the internets today.
I let out an audible "wow" when I read the about page. So freaking cool. The implications and uses for this are incredible.
Let me see if I'm thinking on the right track about potential applications here.

First thing I thought of was proactive defense against someone patenting an idea by proving your prior art without necessarily divulging the information (or divulging it, while proving its chronologically prior existence).

After that, my mind jumped to media, such as the ability to be provably certain a given piece of media hasn't been altered after the fact (docs, images, contracts, video, audio, etc.), and that it provably existed when a party claims it did.

A bit on the nefarious side, I thought of being able to prove the existence of certain media a party wishes to use for blackmail or some other purpose.

Maybe applicable to the HN/YC crowd—especially given a certain case that recently made news here about a YC alum—a means of proving the existence of, say, founder agreements when establishing a company, so that protracted legal disputes over ownership could be aided and possibly shortened by irrefutable proof those agreements existed at a particular point in time.

Disclaimer: not a Bitcoin user, and know practically nothing substantial about it.

ryan-c beat me to it. Trusted time-stamping is probably better given there's reputable businesses that have existed for a long time and probably court precedents for their models. Their model is also way more efficient than Bitcoin as alternatives often are. Link here:

https://en.wikipedia.org/wiki/Trusted_timestamping

Here's a few companies specializing in it with various tradeoffs:

http://www.surety.com/digital-copyright-protection/prove-own...

http://www.proofspace.com/timestamping/

https://www.digistamp.com/

Here's a paper on fast, decentralized security via witnesses that has timestamping at 120,000 requests a second with 4,000 witnesses:

http://arxiv.org/pdf/1503.08768.pdf

Until those companies tanks. Hopefully it wouldn't happen too fast, but the blockchain isn't dependent on a gatekeeper.
It can't be sabotaged by the developers or big mining pools? I keep seeing articles worrying about both.
> but the blockchain isn't dependent on a gatekeeper

Apart from a tiny group of devs and mining pools engaged in non-stop bickering and infighting

Whereas the companies I mentioned are about and currently practice long-term stability to provide a return on their investment. The infrastructure they need is also already built. So, their main incentive is to keep letting the money flow in doing something useful.

Whereas, with issues you cited, I have no clue what the status or goals of Bitcoin will be in even 5 years.

Similar is OriginStamp http://www.originstamp.org/ which is free; it does this by batching up a day of hashes into a single master hash which is then timestamped by Bitcoin.

I've written up some shell and Git scripts you can use to very easily timestamp stuff: http://www.gwern.net/Timestamping Timestamping has come in handy for me in the past; you rarely need a cryptographically strong timestamp but when you do, it's important.

I've seen people post SHA-1s on Twitter for things (like proof of an iOS jailbreak) that they aren't ready to release yet. I suppose this is a more reliable method for that.
It only takes one person at Twitter the corporation to edit their tweet database and change the sha1. The Bitcoin blockchain is nearly impossible to tamper.