Proof for a creation date
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Dec 2 05:49:38 CET 2016
On Thu 2016-12-01 21:12:50 -0500, Bertram Scharpf wrote:
> I want to make evidence that I created a document _before_ a certain
> point of time.
One approach i've seen recommended is to create a
cryptographically-strong digest of the signed document in question and
then post it to a public, append-only log somewhere.
For example, take the SHA256 digest of the document, pretend that value
is the address of a bitcoin wallet, and throw a little bit of bitcoin
into it (this value will never be recoverable because no one knows the
corresponding secret key). This puts the digest into the blockchain at a
acertain date for anyone to see.
Your subsequent argument is that one of the two possibilities must hold:
(a) you have some ability to perform a collision attack against
SHA-256, or
(b) the signed document existed at some point before the bitcoin
transaction was publicly logged.
since most people won't believe (a), (b) looks pretty likely.
You could use any other globally-visible log that allows for injection
of a bitstring long enough for a strong digest (32 octets is probably
sufficient), it doesn't have to be the bitcoin blockchain. for example,
if you can get something into a public X.509 certificate, you could post
it to one of the certificate transparency logs.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20161201/38370eae/attachment.sig>
More information about the Gnupg-users
mailing list