1

How do I acquire the means to prove in the future that I had possission of a file now, without relying on the integrity of a single entity? (I believe one way of doing it would be to put the file through SHA1, and send a minimal amount of Ether (0.001) to the resulting Ethereum address (both SHA1 hashes and Ethereum addresses being 40 hexadecimals). But perhaps there are cheaper and more secure ways of doing it? Would this sort of proof be practical in a court of law? (I suppose a ``computer expert'' would have to testify.) I see time-stamping services being mentioned; but these seem to have 2 problems I'd like to avoid: (1) they require trust in a single entity; (2) they only work as long as the service is maintained.)

(This post has been edited after some of the answers and comments were made.)

Improve this question
13
  • 1
    Timestamping services exist for this reason. Symantec has(had?) a timestamping server that you could use to cryptographically timestamp hashes in order to prove existence of it at that time. Commented Apr 4, 2022 at 14:07
  • 1
    Do you want proof that a file existed at a certain time, or are you looking for validation of this specific and highly contrived process? Some people just attach the file to an email and send it to themselves. Then they forward the email to whomever wants proof... Why are you focused on ethereum, or cryptocoins, or blockchain? There are very simple and free ways to accomplish your goal. Commented Apr 4, 2022 at 14:54
  • 2
    So, you've set up an XY Problem. If you don't care about your specific implementation, then don't include it. Describe what you want to achieve, your resources, constraints, and context. Who needs the proof? What's an acceptable level of proof? How can this proof be delivered? Commented Apr 4, 2022 at 15:52
  • 1
    I still don't know why you are holding on to this Ethereum implementation. I would simply say "put the file and its hash on the blockchain" and bypass the analysis of the minutia of the specific of your side idea. Commented Apr 4, 2022 at 16:18
  • 1
    @schroeder, i thought an example would make it clearer what i mean Commented Apr 4, 2022 at 16:20

4 Answers 4

Reset to default
4

As @user mentions, there have been public services for this pretty much since the beginning of the internet; they are called Time Stamping Authorities (TSAs).

From a quick google search shows that there's a bunch of free and commercial TSAs.

TSAs are an important part of the Windows code signing ecosystem. Open any signed binary and you'll see that part of the code signature is a timestamp showing that the binary has not been modified since the date shown.

firefox.exe signature timestamp

So I think you have re-invented a technology that has existed basically since the beginning of modern computing.

Improve this answer
4
  • but this requires trust in a single ``authority'', right? the advantage of the blockchain method is that it doesn't rely on the integrity of a single entity. moreover, what guarantee is there that these services will remain in existence? Commented Apr 5, 2022 at 7:24
  • @Callaeschrus The services don't need to stay up: once a timestamp signature is produced, it can be validated offline even decades later (which makes sense for code signing since the machine you're installing it onto might not have internet access, or you may be installing a driver necessary for accessing the internet). Commented Apr 5, 2022 at 20:34
  • As for distributed trust: it's true that this is not the fully decentralized blockchain, but notice in the screenshot that the timestamping Countersignatures field is a list? So even Microsoft expects that people will want to distribute trust over multiple timestamping authorities run by different operators. Commented Apr 5, 2022 at 20:36
  • 1
    This is the cheapest, and most reliable way to do this. You just need a list of TSA’s you sign it with, not just a single one. The block chain doesn’t add anything to the problem…. Since it’s just a distributed ledger, that is slow and quite expensive to add data to. (By design). Basically it’s a thirst model with either known parties or unknown parties, and the known parties obviously have a higher trust value. (Blockchain has the unknown parties). In both cases there should be transparent and public records (Certificate Transparency for the TSA and the Block chain for any Cryptocurrency. ) Commented Jul 7, 2022 at 8:41
0
  1. The collision resistance of SHA1 is under attack. So yes, it is a problem for this usage. Maybe not this week. I wouldn't, without a data center of GPUs, claim I can find a collision for a SHA1 hash. But on a long enough timeline I don't expect this proof to stand, esp with no metadata.
  2. I feel as though any data can be put in the payload of ETH. It will just cost more gas. So I don't understand the SHA1 limit. 100 bytes (typical ETH submission size) is enough for filename, SHA3-256/512, file size and checksum. The increased hash length and metadata greatly limits the possibility of a collision. Depending on file size, possibly to zero.
Improve this answer
2
  • would it be enough to create a collision; wouldn't one have to be able to generate a file with a given hash, so that one could claim that the file in question were modified to fit the hash after the time of the stamp? Commented Apr 5, 2022 at 8:01
  • You seem to be alluding to the usefulness of a collision. Without knowing what you're trying to do I'll guess some sort of magic trick. "I can tell the future, I commit to this prediction by it's hash." With an infinite amount of data there is probably a file with the opposite prediction and most likely some junk data elsewhere in the file. The junk could be hidden in metadata so it doesn't look weird to a verifier. Sha-1 has a pretty nasty chosen-prefix collision attack known ($100K USD attack today) so I would not expect this to stand for any real period without mitigation. Commented Apr 5, 2022 at 14:02
0

We have a finished product for this use case. (Not exactly with Ethereum because this would just be way too expensive. You can find it at desktop.bc2ip.com). We're hashing the file, storing it onto a blockchain (an ARK sidechain) and creating a proof file, which contains everything you need to prove the existence of your file at any point in time in the future, even a copy of the file itself.

If you look for an actual solution you might check this tool out - if besides the solution you are looking for a technical point of view on this topic, you should consider checking out the Ethereum Attestation Service; this is an open protocol for creating various standardized forms of attestations.

Improve this answer
1
  • This is a much better answer. Commented Nov 8, 2023 at 9:59
-1

If my answer is in line with your context. You need a way to validate and prove that you had a file at a set time. If a computer expert can testify as you say then you can do full system image as backup of your drive. And as such you can keep the hashes of the file as evidence. Most like computer forensics knowledge will be needed.

Sha256/sha512 would be better in this case.

Improve this answer
3
  • Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. Commented Apr 5, 2022 at 7:28
  • 1
    Any data gathered by system forensics can also be altered by system forensics ... Commented Apr 5, 2022 at 13:20
  • I don't undermine the fact that a computer forensics can alter evidence as required that it why it would be wise for the user to keep hash of the original image for authenticity (without relying on the integrity of a single entity). Commented Apr 5, 2022 at 14:11

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.