Ask HN: Can we program a validation that foo happened at a specific past moment?
There are many scenarios to explore this, but let's say we're a presidential department tasked with recording a meeting in a way that can be later verified. (We could also look at evidence gathering where the person gathering has the legal right and technological ability to do anything. They're fundamentally the same problem)
We can't rely on internet access (that would be too easy because we could just send a request to a server).
We can't rely on standard file metadata because it can be forged.
["Mains hum"](https://en.wikipedia.org/wiki/Mains_hum) has been helpful for some things, but since the data is public someone could fake it by adding the expected hum later.
The only thing I can think of is to have a reasonably up-to-date blockchain on-device, then add a file's hash as a transaction. I still don't think it could store timestamp in a verifiable way but it would at least tell you the sequence that files were added (which is hopefully the sequence they were taken)
Has anyone actually solved this problem?
5 comments
[ 3.0 ms ] story [ 22.0 ms ] threadSo basically, you meet up, check your code, write it down, xerox it and hand it out. This works for arbitrary number of people. Doesn't require any real new algos; and should already fit 2FA schemas.
Blockchain is a buzz word.
In terms of the threat of having a single “signer” fake it: does anything prevent them from generating “old” codes by setting the clock back?
The simplest solution is to have a centralized clock that everyone trusts to digitally sign the document that it was created at x time. This can be verified offline with the clock's public key. If you need to be offline at the time of creation, then blockchains won't help you. Best you can do is have every participant sign the document that it was created at x time.
For the sake of the challenge let’s say we don’t trust the person (or people) creating the document. Let’s also assume they have a vested interest in proving that a thing happened when it did not.
In the case of the scenario above: The person in charge of the records is a traitor and if they can “prove” that the meeting took place on a specific day the president will be impeached.
What we do trust is the servers that are used when a document is submitted, but all we can be sure of is the time of the submission (and the fact that it’s signed by the document creator, but we don’t trust them)
Since the document creator could be offline for an extended period for non-suspicious reasons, we can’t use submission date as creation date.