
BitCoin is a public ledger - mazsa
http://erratasec.blogspot.com/2013/05/bitcoin-is-public-ledger.html
======
lukifer
I've seen this "public timestamping" use case before, which is a very
interesting exploitation of BitCoin's mechanic.

It is curious, though, that it bears a micro-cost, even at a thousandth of a
penny. I've often heard it said that BitCoin is unique as a currency in that
the total quantity is inherently fixed; but in fact, it's destined to ever-so-
slowly dwindle over time, whether due to public ledger uses, or the
loss/destruction of private keys.

One-off transactions won't register as a blip, it's possible that some future
use case might run at such a staggering scale (stock market micro-
transactions?) that it leads to a financial tragedy of the commons and
deflation runs rampant.

Not being doom-and-gloom, just an interesting thing to think about. Just as we
now marvel at the naiveté of thinking that 4 billion IP addresses or 64K of
RAM would be more than enough, I wonder if someday we'll look back the same
way on the minimum transaction of 0.0000001 BTC.

~~~
primitur
0.0000001 BTC to store a bit of data, indefinitely, for as long as the BTC
network exists? Methinks there is a Dropbox plugin on its way ..

~~~
lukifer
Is there anything built into the protocol to stop abuse? Bouncing coins around
infinitely in order to store large quantities of data in the transaction
metadata (as opposed to the fake address method described ITA)?

~~~
wcoenen
Yes.

In order for a transaction to enter the block chain, it needs to be relayed by
bitcoin nodes and picked up by a miner who is willing to add it to a block.

Bitcoin nodes have criteria that need to be satisfied before they relay the
transaction. For example, version 0.8.2 of the reference client will not relay
transactions with outputs smaller than 0.00005430 BTC. There are also rules
for calculating a minimum transaction fee, and a 15000 bytes/minute cap to the
amount of free transactions relayed.

If your transaction isn't relayed, you can still circumvent this by connecting
directly to a miner. But the miners have their own rules for prioritizing
transactions and limiting block size.

------
vog
The article recommends to split your SHA256 hash into two pieces. However, one
transaction to one address is sufficient.

You just have to create the address in the same way in which Bicoin generates
an address for a public key:

    
    
      Base58(RIPEMD160(SHA256(public key)))
    

So there's nothing wrong with doing it the same way for your data:

    
    
      Base58(RIPEMD160(SHA256(data)))
    

(That's what I'm also using in Bitcoinproof
<http://vog.github.io/bitcoinproof/>)

Using this hash is not any "less secure" than the plain SHA256 hash, because
the RIPEMD160+SHA256 combination is used by the Bitcoin network itself. So if
this one is broken, the Bitcoin network itself is broken, and your timestamps
would be no longer trustable anyway.

------
hosh
There are more of these kind of transaction types discussed at:
[http://codinginmysleep.com/exotic-transaction-types-with-
bit...](http://codinginmysleep.com/exotic-transaction-types-with-bitcoin/)

But yes. I'm glad this is getting a lot more press. The discussion on the
apparent value or its function as a currency are secondary. With any new
technology, you are not just looking at its current functionality, but also
the the functionality it can do that the old technology cannot.

As an aside: I can easily see this as a great compromise for DRM technologies.
Both IP owner, licensee, and end-user give up a little power and control and
vest that in a decentralized "public ledger".

I expect we'll see more discussions around over the next year or so as more
people wake up to this possibility.

~~~
nazgulnarsil
Yes, the concept of a distributed unforgeable public ledger is brand new in
human history. The monetary use is interesting in that it obviously made
bootstrapping possible, but the long term impact is probably bigger than just
trading bitcoins.

~~~
hosh
One of the more subtle changes with this is, as people use the blockchain
more, people's sense of authority shifts from traditional, centralized
structures (institutions, governments) and more into a peer-to-peer
accountability.

I've been on the sidelines watching a group of people try to hash out trust
networks. Those really have not taken off. And I think they have not because
the tokens used for trading trust don't have purchasing power for material
goods the way Bitcoins does. I'm _guessing_ that, while we may be tempted to
just use the blockchain without the monetary use, the monetary use also makes
each transaction like this matter a lot more. It might be possible that the
very inefficiency is what allows the public ledger system to work at all.

In any case, I see much farther down the road where ... the big issue is not
whether a nation-state actor's ability to issue currency is undermined by
bitcoin, or even its ability to regulate it, but more that many other
functions of government could eventually be expressed with Bitcoin or its
technological successor.

Patents are interesting. What about real estate? Closing and transferring real
estate takes a lot of paperwork, with mortgages enforced by powers of eviction
and repossession.

I talked with a lawyer buddy of mine's about this subject a while ago. He
tells me, the court system will be the last to convert over electronically.
Legal papers have a gravitas associated with authority and control that is
difficult to convert into electronic form.

Ultimately (and maybe not in this generation), wide-spread use of the public
ledger will undermine deep-seated social conventions, emotional attachments,
and notions we have about 'authority' and 'institutions.' Or maybe it'll be
like the Millennials. All the folk who grew up in a time before wide-spread
public ledgers die off; notions of central authorities becoming a quaint
chapter in human history.

------
bluetooth
This is a pretty clever use of the blockchain. However, instead of destroying
the bitcoins you have (wasting coins is bad, no matter how small) you can
simply send bitcoins to yourself and store data in the `coinbase` field. The
resulting transaction will appear in the blockchain permanently, and can
always be referred back to.

There already exists a service to prove the existence of a document before a
certain date (much like the one in the blog post):
<http://www.proofofexistence.com/> Their implementation details are lacking
but it should still be clear enough to get an overview. (Edit: I seem to have
missed this link in the blogpost)

Besides hosting checksums, other types of data have been found in the
blockchain, such as some Wikileaks content
([http://www.thebitcointrader.com/2013/04/25mb-of-wikileaks-
ca...](http://www.thebitcointrader.com/2013/04/25mb-of-wikileaks-cables-
embedded-in.html)) and even links to child porn
(<http://www.btcpedia.com/ped0-links-in-bitcoin-blockchain/>).

~~~
smithzvk
You could also encode the information in the size of a transaction sent to
yourself. Then any money lost would go back to the miners as transaction fees.

------
stevehawk
Just FYI - the article mentions dating your proof of concept / idea / whatever
in case you are late to file a patent.

To my knowledge there isn't any major government left that recognizes 'first
to invent' anymore, only 'first to file'. So you probably haven't saved
yourself anything.

~~~
vog
Yes, it's "first to file", but there is also the concept of "prior art". You
cannot patent something that has been published before you filed that patent.
Although this other person won't get your patent, you won't get it either.

------
meowface
This is a really cool concept. You could easily implement a similar "proof of
[work/submission/event]" with a few lines of code, but there'd still be
central points of failure: whatever server is storing these hashes.

While for Bitcoin, you can have a great degree of confidence that the
blockchain up until now is legitimate. I suppose theoretically a >50% could
take place, but even then, everything before that event could still be
preserved and checked against.

------
vog
It's nice to see that this idea becomes more widespread. Some time ago I
started a small JavaScript tool "Bitcoinproof" which performs the necessary
calculations automatically for you:

<http://vog.github.io/bitcoinproof/>

Unfortunately, it didn't receive much interest from the HN community:

<https://news.ycombinator.com/item?id=5501077>

------
mehrdad
"As another example, let’s say that you have a great idea for a patent, but
it’s not quite ready. Well, write it up into a file, then add the file’s
signature to the block chain. Years from now, if somebody beats you to the
patent filing, you can prove that you had the idea ahead of time."

Go file a provisional patent! the patent regulations have changed since March
2013 from first-to-invent to first-to-file!:D

~~~
cjg
It would allow you to establish prior art for ideas that you didn't want to go
to the expense of patenting.

------
trotsky
Public key encryption invents the notary public, now with 10,000% more energy
use?

~~~
fizx
Back of the envelope math:

Assume that the notary public needs a 70watt light bulb to function (ignoring
food costs, paper, etc). 8 hour day, so about a half kwh. That electricity
with a new asic miner would get you about a half bitcoin, which would let you
send 1000 messages of up to 1kb each, given the transaction fees.

I'm ignoring some things, but at the moment it seems to be quite the net-win.

~~~
oleganza
Don't forget the costs of relying on authority. First, trust can be broken.
Second, if notary is offline or asleep you cannot register your data.

Also: even if you fully trust your notary, it's no guarantee some random
people in Japan, Australia or South America will trust him too. Anyone
anywhere can verify blockchain, though.

~~~
philjohn
Also, the notary is a person, and needs to consume food, which also takes
energy to produce and transport.

------
meunier
I'd be curious as to the consequences of illegal numbers working their way
into the block chain: <https://en.wikipedia.org/wiki/Illegal_number>

~~~
jebeng
There is child pornography in the block chain already unfortunately.

------
vog
There's also an App named "Satoshi Proof" which performs that kind of notary
service for you:

<https://github.com/ligi/SatoshiProof#readme>

------
jasonjei
In theory, couldn't BitCoin be redesigned for an electronic voting system? I
would probably avoid using any system that is electronic, but a public ledger
of votes that could reasonably protect the franchised (and its privacy)
through a public ledger? (RSA founders still state their mistrust of an
electronic voting system)

~~~
DennisP
Given that bitcoin is a public ledger, and you can't let people just create
their own addresses and vote with them, you'd need some authority to hand out
verified but anonymized addresses. If they're doing that, they could make fake
addresses which cast votes the way they like.

However, you may be interested in these simple secure voting methods invented
by cryptographers. (Google cache, site's down.)
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://rangevoting.org/RivSmiPRshort.html)

------
devindotcom
A cool idea, but it seems like a strange tangent for a system that was
intended for storage of transaction information. Surely a lookalike system
built around permanent and crowd-affirmed data would be better?

------
known
Bitcoin is NOT immune to <https://en.m.wikipedia.org/wiki/Pump_and_dump>

