OpenTimestamps

Last updated
OpenTimestamps
Developer(s) Open
Stable release
0.7.1 [1] / 26 August 2022;11 months ago (2022-08-26) [1]
Repository github.com/opentimestamps/
Written in Python, Java, JavaScript, Rust
Type Decentralized timestamping
License LGPL3
Website opentimestamps.org

OpenTimestamps (OTS) is an open-source [2] project that aims to provide a standard format for blockchain timestamping. [3] With the advent of systems like Bitcoin, it is possible to create and verify proofs of existence of documents (timestamps) without relying on a trusted third party; this represents an enhancement in term of security, since it excludes the possibility of a malicious (or careless) trusted third party to compromise the timestamp. [4]

Contents

OTS defines a set of rules for conveniently creating timestamps and later independently verifying them. Currently, timestamping with Bitcoin is fully supported, however the format is flexible enough to support a variety of methods. [lower-alpha 1]

Anyone could create timestamp with the permissionless blockchain by paying the transaction fees, for convenience OTS built an infrastructure that aggregates timestamp requests from users and packs them into transactions funded by public calendar servers; as a result, users can timestamp for free, in a trust-minimized setting. [lower-alpha 2]

What is a timestamp

A timestamp is a proof that some data d existed prior to a certain point in time. [5]

To create such proof, it turns out that it is not necessary to publish d on the blockchain, which would be expensive, but it is enough to commitd to the blockchain. Such commitment proves that d existed prior to a certain block, in the sense that if d changes, then the proof becomes invalid and hence useless.

The proof consists in a sequence of commitment operations, such as sha256, append, prepend. [lower-alpha 3] These operations are the cryptographic path that proves that d commits to a certain block header. In other words, that d caused the block header to have its value, indeed, if d were different then, due to the mathematical properties of commitment operations, the block header would be different. To verify the commitment, the operations are applied in sequence to the data d, then the result, which should be the transaction merkle root, is checked to be equal to the one observed in the blockchain; if the check goes fine, then one can assert that d existed prior to the block.

For the timestamped file hello.txt, the OTS proof is encoded in a file named hello.txt.ots which contains:

With this information, a challenger can independently verify that hello.txt existed prior to a certain block.

Usage

OTS provides users multiple and easy ways to create and independently verify timestamps:[ citation needed ]

In the following sections it is shown an example of the usage of the Python client.

Timestamp creation

The stamp operation creates the first version of the timestamp. It is applied to the file for which you want to prove its existence (original file).

$ cathello.txt Hello World!$ otsstamphello.txt Submitting to remote calendar https://a.pool.opentimestamps.orgSubmitting to remote calendar https://b.pool.opentimestamps.orgSubmitting to remote calendar https://a.pool.eternitywall.com

The stamp operation calculates the SHA256 hash of the original file, concatenates a random 128-bit nonce to maintain privacy, and recalculates the SHA256 hash, sending this unique value to the calendar servers. Each of the calendar servers will add the received hash to its Merkle tree and return the necessary response to generate the initial OTS file. This OTS file is still incomplete because it does not yet contain the record in the blockchain. [6]

Once a reasonable time has elapsed, the user will run the upgrade operation on the same OTS file. This will communicate with the calendar servers and update the OTS file with the Bitcoin block header attestation. [5] 

$ otsupgradehello.txt.ots Success! Timestamp complete

It is also possible to create timestamps for several different files simultaneously. In that case, the stamp operation will send a single request to the calendar servers with a Merkle root derived from the original files, and later, that same operation will calculate the Merkle tree paths and create the timestamps for each one of the original files.

Timestamp verification

The verification of the OTS proof requires both the OTS file and the original file. The user must also have an up-to-date Bitcoin node [lower-alpha 6] on their own machine to perform the verification without relying on trusted third parties. [7] 

$ otsverifyhello.txt.ots Assuming target filename is 'hello.txt'Success! Bitcoin attests data existed as of Mon Apr 16 01:15:16 2018 CEST

Show timestamp information

The basic structure of a timestamp is divided into three main sections: [6]

  1. File hash
  2. Merkle tree construction
  3. Bitcoin block header attestation

The timestamp is saved in a binary file to save space and avoid problems of interpretation, encoding and compatibility between systems. [6] Generally, this file has a .ots extension and its magic number is \x00 O p e n T i m e s t a m p s\x00 \x00 P r o o f\x00 \xbf \x89 \xe2 \xe8 \x84 \xe8 \x92 \x94. [8]

The info operation presents the content of the timestamp on a human-readable format. In this case, a single attestation of the hello.txt file is shown, which hashes all the way to the Bitcoin block header at block 518387.

$ otsinfohello.txt.ots File sha256 hash: 03ba204e50d126e4674c005e04d82e84c21366780af1f43bd54a37816b6ab340Timestamp:append 72d8a09f54b12580b48c2f7c7dea4ce0sha256 -> append fe0d089c9bfe5289c3ee579904af3551    sha256    prepend 5ad3d92b    append 8fefb42191040403    verify PendingAttestation('https://alice.btc.calendar.opentimestamps.org')    sha256    prepend f0e8b62a519b0b8fad763c33c558e0179a43b8d89cb4130b6dbaa91e3d3252f6    sha256    prepend beca183da3f86784a7d54778bc48e78c570245d51474f32475e6d1851989b140    sha256    append a95879c35c15ace7dc5fd1d2cf0a7d9b0e4110b5b8a74da4c64082835f6f6a2e    sha256    append cf9b259e4506235f97225706f3a675f51ecf2657814639d87e4e6f42d8581ae7    sha256    prepend e3b7ff694e1b14b4420556ca77ea8e9509e44b7fbed0dc9a3b67c00fcf016ca2    sha256    prepend 01000000017230dffb1edd7cae0c8feb3fec7c91c34b33b22fdfac071b83e790ce34254b340000000017160014a4282cbf0f17fd6d51b61da f7cf4d56e32183b60fdffffff02d7c062000000000017a914365c46ff772b9f1da73efeb2c559777e1a2c33b4870000000000000000226a20    append f2e80700    # Bitcointransactionid7e6e5aafa1fc9d933992621a7ac321dc7b9368d0e1baa72ff77665b07b75315f     sha256    sha256    append d67f1615f986694d707d7d044883c7885f3dded2ac9df5f6b9270a5bdda38aa3    sha256    sha256    append e551a80b2bdd88f417fc95014662f7a65d8c0c4d833b6df034bc12f1af35b953    sha256    sha256    append 0902830fc37fde4996c350de40c0ae621c739ce002a7be4b3725d7e281fc02a3    sha256    sha256    append 7ac1e262423598f1477825882f78ededc98b44bf0136f059e438391aa0e7a686    sha256    sha256    prepend 9ee83975bef756160275a336203059109fd4336572e5e47e9a3edadb82a8934c    sha256    sha256    append 7a3229b63fc7a88d4edde4aa5b855416265842120fde246462271e5418f895bd    sha256    sha256    prepend a4c712ca130f63862f329874f11466eb74ee7b505c191344ee11b30d14ca4946    sha256    sha256    append 13bf98cdb708ed3321b8d48ff290c5bdbefa6fb9be34717e97a3f3cfa9b87994    sha256    sha256    prepend d2aec8bd2edf2d6d10606df92f1b8b53a97362d7aba7d3fa15bf55c0aab94e35    sha256    sha256    verify BitcoinBlockHeaderAttestation(518387)    # Bitcoinblockmerklerootb4f71191dc633cfb125543211022b1059d78b42a359408da5958fc15231ef6de

Use cases

Applications include defensive publications. [9]

Notes

  1. As of now, it is possible to timestamp also with Litecoin and Ethereum, although verification is not supported.
  2. The worst thing that a calendar can do is not to timestamp the users data; if that happens, then users can timestamp by themselves.
  3. Note how, by conveniently combining these commitment operations, it is possible to traverse a Merkle tree. Similarly to Bitcoin, OTS makes use of this commitment structure to pack several timestamps in one transaction.
  4. A timestamps is in form of a tree: from the starting hash, multiple branches leads to different attestations. This provides the redundancy that protect users in case a calendar is down.
  5. The website is the easiest method to create and verify timestamps but it is the less secure: differently from the previous ones, users cannot verify independently the timestamp, since the verification is made by a third party.
  6. It is not strictly required a full node, indeed the attestation are on the block header, thus a pruned node is enough to verify a timestamp. Note that a SPV node has the whole block header chain, so, in theory, it could verify timestamps, however it does not verify blocks and thus has a much lower security compared to pruned nodes.

Related Research Articles

<span class="mw-page-title-main">HMAC</span> Computer communications hash algorithm

In cryptography, an HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message.

The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321.

In cryptography, SHA-1 is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard. The algorithm has been cryptographically broken but is still widely used.

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

md5sum is a computer program that calculates and verifies 128-bit MD5 hashes, as described in RFC 1321. The MD5 hash functions as a compact digital fingerprint of a file. As with all such hashing algorithms, there is theoretically an unlimited number of files that will have any given MD5 hash. However, it is very unlikely that any two non-identical files in the real world will have the same MD5 hash, unless they have been specifically created to have the same hash.

In cryptography, Tiger is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit platforms. The size of a Tiger hash value is 192 bits. Truncated versions can be used for compatibility with protocols assuming a particular hash size. Unlike the SHA-2 family, no distinguishing initialization values are defined; they are simply prefixes of the full Tiger/192 hash value.

Hashcash is a proof-of-work system used to limit E-mail spam and denial-of-service attacks. Hashcash was proposed in 1997 by Adam Back and described more formally in Back's 2002 paper "Hashcash - A Denial of Service Counter-Measure".

Proof of work (PoW) is a form of cryptographic proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Moni Naor and Cynthia Dwork in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels.

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

<span class="mw-page-title-main">Merkle tree</span> Type of data structure

In cryptography and computer science, a hash tree or Merkle tree is a tree in which every "leaf" (node) is labelled with the cryptographic hash of a data block, and every node that is not a leaf is labelled with the cryptographic hash of the labels of its child nodes. A hash tree allows efficient and secure verification of the contents of a large data structure. A hash tree is a generalization of a hash list and a hash chain.

<span class="mw-page-title-main">Merkle–Damgård construction</span> Method of building collision-resistant cryptographic hash functions

In cryptography, the Merkle–Damgård construction or Merkle–Damgård hash function is a method of building collision-resistant cryptographic hash functions from collision-resistant one-way compression functions. This construction was used in the design of many popular hash algorithms such as MD5, SHA-1 and SHA-2.

sha1sum is a computer program that calculates and verifies SHA-1 hashes. It is commonly used to verify the integrity of files. It is installed by default on most Linux distributions. Typically distributed alongside sha1sum are sha224sum, sha256sum, sha384sum and sha512sum, which use a specific SHA-2 hash function and b2sum, which uses the BLAKE2 cryptographic hash function.

A hash chain is the successive application of a cryptographic hash function to a piece of data. In computer security, a hash chain is a method used to produce many one-time keys from a single key or password. For non-repudiation, a hash function can be applied successively to additional pieces of data in order to record the chronology of data's existence.

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.

SHA-3 is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.

In the BitTorrent file distribution system, a torrent file or meta-info file is a computer file that contains metadata about files and folders to be distributed, and usually also a list of the network locations of trackers, which are computers that help participants in the system find each other and form efficient distribution groups called swarms. A torrent file does not contain the content to be distributed; it only contains information about those files, such as their names, folder structure, sizes, and cryptographic hash values for verifying file integrity. Torrent files are normally named with the extension ".torrent".

ZPAQ is an open source command line archiver for Windows and Linux. It uses a journaling or append-only format which can be rolled back to an earlier state to retrieve older versions of files and directories. It supports fast incremental update by adding only files whose last-modified date has changed since the previous update. It compresses using deduplication and several algorithms depending on the data type and the selected compression level. To preserve forward and backward compatibility between versions as the compression algorithm is improved, it stores the decompression algorithm in the archive. The ZPAQ source code includes a public domain API, libzpaq, which provides compression and decompression services to C++ applications. The format is believed to be unencumbered by patents.

BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 and BLAKE-224 use 32-bit words and produce digest sizes of 256 bits and 224 bits, respectively, while BLAKE-512 and BLAKE-384 use 64-bit words and produce digest sizes of 512 bits and 384 bits, respectively.

HKDF is a simple key derivation function (KDF) based on the HMAC message authentication code. It was initially proposed by its authors as a building block in various protocols and applications, as well as to discourage the proliferation of multiple KDF mechanisms. The main approach HKDF follows is the "extract-then-expand" paradigm, where the KDF logically consists of two modules: the first stage takes the input keying material and "extracts" from it a fixed-length pseudorandom key, and then the second stage "expands" this key into several additional pseudorandom keys.

<span class="mw-page-title-main">Bitcoin network</span> Peer-to-peer network that processes and records bitcoin transactions

The Bitcoin network is a peer-to-peer network of nodes which implement the Bitcoin protocol. The protocol itself implements a highly available, public, and decentralized ledger. The nodes verify that each update to the ledger follows the rules of the Bitcoin protocol.

References

  1. 1 2 "OpenTimestamps client, latest version". GitHub . Retrieved 26 August 2022.
  2. "OpenTimestamps code repository". GitHub . Retrieved 7 June 2018.
  3. "OpenTimestamps website" . Retrieved 7 June 2018.
  4. Gao, Yuefei; Applications, Hajime (2017). "A Decentralized Trusted Timestamping Based on Blockchains". IEEJ Journal of Industry Applications. 6 (4): 252–257. doi: 10.1541/ieejjia.6.252 .
  5. 1 2 Todd, Peter (September 15, 2016). "OpenTimestamps: Scalable, Trust-Minimized, Distributed Timestamping with Bitcoin" . Retrieved May 5, 2018.
  6. 1 2 3 Weilbach, William Thomas (December 11, 2017). "Practical Application of Distributed Ledger Technology in Support of Digital Evidence Integrity Verification Processes" (PDF). Archived from the original (PDF) on 18 April 2018. Retrieved May 5, 2018.
  7. "OpenTimestamps client repository". GitHub . Retrieved June 7, 2018.
  8. "Header magic definition in python-opentimestamps". GitHub . Retrieved 7 June 2018.
  9. Douglas Heaven (February 4, 2019). Nature (ed.). "Bitcoin for the biological literature". Nature. 566 (7742): 141–142. Bibcode:2019Natur.566..141H. doi: 10.1038/d41586-019-00447-9 . PMID   30718888. S2CID   256769716 . Retrieved February 22, 2019.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.