I wonder why we don't have better (widely trusted and used) timestamping services. It has always been easy to prove that something happened after a certain time: take a photo of today's newspaper, mention stock prices, etc.
But proving that an event happened before a certain time, like in the article, is a lot harder. You can send someone an email through a trusted gateway, but people can only check by having access to that mailbox, or trusting the person who has access. And I know about PKI timestamping, but I've never seen them used for legal cases, maybe because the complexity erodes trust.
Are there any good solutions that would convince a non-technical judge?
Edit: I remember Twitter[1] being used for this purpose, but I don't know if today I'd trust a hash dropped there, given how much it's evolving and/or struggling.
> Are there any good solutions that would convince a non-technical judge?
The judge in this case is actually very technical so that's not a problem.
Regardless, the easiest and most direct way to timestamp something is to use the standard RFC 3161 timestamping servers. There are many, located in different countries and run by different people, and the format is straightforward and standardized. Support is built in to products like Acrobat. You can attach multiple timestamps from different sources to a single file. They are free. It can be explained to non-technical people in a not extreme amount of time, and courts / law firms in any country can easily find expert witnesses who can verify such timestamps and testify to the court as to their veracity.
For emails there's also DKIM, which signs email including the date header. Again, plenty of people who can verify those signatures, so emailing something to someone else and then getting a copy of the raw email will do it (don't email to yourself, that skips the signing process).
Disclosure: I took part in this trial as a witness and testified against Wright.
Note that DKIM does not necessarily sign the message contents. [1] DKIM is only really (in a general sense) intended to provide cryptographic proof that the originating server is permitted to send it. If you need a non-reputable, dated message, you really should use time stamping servers.
Yeah it's odd to see a bunch of people proposing ideas for cryptographic timestamps (on the blockchain!) when anyone who has worked with digital signatures should know about RFC3161.
Of course for verification it's important that the timestamp countersignature comes from a reputable CA and not some random server you set up.
Don’t know how convincing it’d be in court, but Open Timestamps[1], a free service that operates by publishing Merkle tree hashes to the Bitcoin ledger and can give you independently-verifiable proofs after a while, still exists even if it doesn’t seem to be under active development. (I think Keybase tried something like that some time ago as well, they already had most of the parts in place, but then they decided to use their own something-or-other-coin and I stopped paying attention.)
A good example of using bitcoin for something that was entirely possible with regular old public key cryptography. Matthew Richardson's Stamper has been running since 1995.
In the end both are just digital signatures, and so are "entirely possible with regular old public key cryptography" as you say. You can achieve a similar effect by sending a gmail message to yourself with an sha256 of the document in the subject. The subject and date are included in the gmail DKIM signature. The cryptographic primitives used by Stamper, gmail DKIM and bitcoin are equally secure as a first approximation.
That means the security ultimately rests on the security of the key used to sign it. So do you trust Matthew Richardson to keep is gpg key secure, or Google to keep their DKIM secure, or the difficulty imposed by a proof of work where the amount of work is equal to a nation states electricity supply? I know which I'd choose out of those three, and that's the key differentiator of bitcoin. It is not the cryptographic primitives used.
Stamper signs and automatically publishes hashes of its history. It is a "block chain" in that sense: If Richardson decided to use the keys to backdate something to two years ago, he would have to fake two years of history, and risk being exposed if even one person came forward with a hash he'd signed contradicting his new fake history.
That is presumably one of the reasons that hasn't happened in the roughly 30 years the service has been ticking along.
There used to be a service that published your hashes in the New York Times. Satoshi must have known about it because it is mentioned in the Bitcoin paper.
For most purposes, mailing something to yourself for the postmark and keeping the envelope sealed would probably be adequate. It's possible to forge, but tricky enough.
You put postage on the letter, and the post office stamps the postage (to invalidate the postage). The stamp contains a date. You can't stamp something after having mailed it, that happens as part of the mail submission.
OK, I suppose this could be arranged. The seal has to be over the whole of the "back side" of the envelope, where the flap is. Then put the address and the postage over that, and the post office stamps it.
What confused me was how you would achieve post office stamping over a seal that's on the wrong side of the envelope, where the flap is.
> Are there any good solutions that would convince a non-technical judge?
I feel like the best you can do is either to publish a cryptographically secure hash or to publish something encrypted and share the key/password when you want to reveal the secret.
- Immutable (or at least with edits marked as such).
- Widely trusted (or too big to be bribed in small cases, e.g., Google).
- And keep those features for many years.
Twitter was surprisingly good at that in the past, but no more. Blockchains, as mentioned in other comments, give excellent immutability; but the field is such a minefield that I'd struggle to find a trustworthy blockchain explorer.
Why would you trust only one Blockchain explorer? You'd trust the blockchain by using several explorers, and by confirming that they all agree on the same value, to assuage any fears you have about any one particular blockchain explorer lying to you. Write your own, even, if your level of confidence needs to be that high.
I'm repeating what I said above, but just send yourself an gmail with the hash in the Subject. Gmail will kindly timestamp it and provide a DKIM signature. Publish the mail headers gmail includes in the signature (which includes the timestamp and subject, but not the contents), the signature itself, and a link to hashed the document and you're done.
This is only true if Google never release old private keys for DKIM signatures, which various people have been campaigning for them to do in order to provide long-term deniability around DKIM-signed mails.
> This is only true if Google never release old private keys for DKIM signatures, which various people have been campaigning for them to do in order to provide long-term deniability around DKIM-signed mails.
> Are there any good solutions that would convince a non-technical judge?
Judges can be aided by expert reports.
And not all judges are non-technical.
The fact that you can defend your documents with timestamps is often enough: the other side won't challenge them knowing that they are likely to lose the challenge.
If you can prove the existence of the encrypted thing before some point in time than you could prove the existence of the unencrypted thing before some point in time.
There isn't any way to do this without one or more trusted third parties. Traditionally that would involve someone like a public notary or a lawyer.
I was amused to find that there is a service that cryptographically timestamps things over email via PGP that has been running since 1995:
We would need to admit no such thing. In fact, it's possible that it's simultaneously not a scam, not practically useful, and also suitable for this purpose.
Stuff on the block chain has a problem asserting anything that's not on the block chain, which is what a lot of people want to use it for. In this case, it's a bitcoin solution to a bitcoin problem. It's all in-universe so to speak.
But proving that an event happened before a certain time, like in the article, is a lot harder. You can send someone an email through a trusted gateway, but people can only check by having access to that mailbox, or trusting the person who has access. And I know about PKI timestamping, but I've never seen them used for legal cases, maybe because the complexity erodes trust.
Are there any good solutions that would convince a non-technical judge?
Edit: I remember Twitter[1] being used for this purpose, but I don't know if today I'd trust a hash dropped there, given how much it's evolving and/or struggling.
[1] https://news.ycombinator.com/item?id=26609183