
Show HN: btproof - trusted timestamping on the Bitcoin blockchain - nadaviv
https://www.btproof.com/
======
gojomo
Nice work; I'm glad this exists. (There have been a few others... see for
example the [bitnotar] project.)

Some miners don't like such 'dust' (abandoned micro amounts) living eternally
in their shared datastructure. Their displeasure means it's possible some
future pruning-rules would discard these from the well-replicated eternally
'live' set of recorded values. Still, there might be enough 'orthodox' non-
discarding operators, or historic archives, that such blockchain deletionism
wouldn't harm the usefulness of these timestamps.

For greater efficiency you could batch together multiple timestamp requests
into a hash tree, and just insert the root into the blockchain – giving each
individual document submitted a 'ticket' of the other hashes that can be
combined with theirs to anchor their hash in the blockchain. (They'd then have
to retain that for full proof-of-existence in the future.)

If you're willing to rely on full historic archives of the blockchain, rather
than 'live' balances, for future verification, you can avoid destroying
balances (and creating 'dust'), at the expense of a bit more state, delay and
transaction fees. You mix the (root/document) hash with some salt, to create a
real private key. Send any amount to the corresponding public key. Then, empty
that balance to another address. Finally, reveal the salt and (root/document)
hash to the world/your-users. They can then use the historic record (but not
live balances) to show that their hash existed at the time of the fill/empty
transactions... but no BTC is permanently abandoned.

~~~
nadaviv
> Theirdispleasure means it's possible some future pruning-rules would discard
> these from the well-replicated eternally 'live' set of recorded values.

The block header contains the merkle hash tree of all the transactions,
meaning that the transactions, in their exact original form, are required by
any client that wants to verify the proof of work and validity of blocks.

> or greater efficiency you could batch together multiple timestamp requests
> into a hash tree, and just insert the root into the blockchain

Yeah, I thought about that. If I'll be getting a lot of orders, I'll probably
start doing that.

> you can avoid destroying balances (and creating 'dust'), at the expense of a
> bit more state, delay and transaction fees. You mix the (root/document) hash
> with some salt, to create a real private key...

I originally mentioned that option in the website, but commented it out [1].
Although my reasoning there about future pruning rules isn't quite right (as I
wrote above), I still think the amount is too tiny for it to make a
difference. As I wrote in the website, destroying coins like that to create 1
billion timestamps is equal to 10 BTC being lost due to someone losing his
private keys.

[1]
[https://github.com/shesek/btproof/blob/master/views/index.ja...](https://github.com/shesek/btproof/blob/master/views/index.jade#L78)

~~~
gwillen
I think you are better off working with Peter Todd, a bitcoin developer
working on opentimestamps (github.com/opentimestamps), rather than inventing
your own thing. He's already got Merkle tree hashing, and injects data into
the Bitcoin blockchain using the standard merged-mining protocol, meaning it
doesn't increase the chain size at all (beyond the hit that's already being
taken to allowed merged mining of things like Namecoin.)

~~~
nitrogen
Clickable link for visibility, convenience, GoogleBot, and posterity:
<http://github.com/opentimestamps> (Bitcoin-based timestamps)

------
wayu
Are you really letting people pay with PayPal to send BitCoins to an arbitrary
address?

If it's just 1 satoshi for $3 you might be fine (if PayPal doesn't notice),
but don't even think of doing that with a more reasonable ratio, since you'll
get raped by people cashing out stolen paypal or credit cards using it.

In general, I don't see why you are putting the hash in the address, rather
than putting it in a comment in the transaction script, and sending BitCoin
back to yourself (or perhaps doing a 0-ouput fee-only transaction, but not
sure if that's accepted by clients).

~~~
fryguy
My understanding is that, for $3 the author creates a transaction from some
wallet of N bitcoins under the author's control, that has a distribution of:

    
    
       0.000000001 to <hash of document>
       N - 0.0000000001 - <fee> to owner's wallet #2
       <fee> to miner
    

So the $3 doesn't buy you any bitcoins, since the address that is the hash of
the document isn't a valid bitcoin address since it wasn't generated from a
public/private key that is known.

~~~
nadaviv
You understand it exactly correctly. Also, I'm sending those transactions with
0.01 BTC (~$1.3) in fees, which is roughly half the $3 payment (after credit
card processing fees).

The user can input whatever address they want, so technically they could use
it to buy Bitcoins, but still - the amount is really tiny and insignificant,
and it'll be highly non profitable ($3 for bitcoins worth ~$0.0000013).

~~~
oscilloscope
It's a nice touch that such a large percentage of the Paypal price goes to the
miners.

------
tlrobinson
One of the most exciting things about bitcoin is the innovation it has sparked
in trustless p2p applications. Currencies are just the beginning.

A timestamping/notary is one use. Namecoin (mutable key/value store),
Bitmessage (transient messaging) are others.

I expect we'll see a lot more. It's interesting to think about how you could
combine various properties of different p2p systems like Bitcoin, BitTorrent,
etc.

~~~
meowface
The one disadvantage of such P2P networks is if law enforcement ever cracks
down on it.

Not saying they necessarily will, but if the US outlaws Bitcoin at any point,
then it will be extremely easy for them (or anyone; hypothetical anti-Bitcoin
couch-vigilantes perhaps) to see the IP addresses of American users of the
network, and then serve warrants and take action against them.

Same if Tor ever gets outlawed; Tor relays in the US can be identified and
taken down with ease.

~~~
tlrobinson
I don't see these systems themselves being outlawed in the US and it will be a
dark day if they are. I'm not a lawyer, but I imagine their use falls under
the 1st Amendment. Even if they're used for illegal purposes they're not
inherently illegal.

Also it would be rather ironic for the US gov to outlaw Tor, given that they
help fund it's development.

As long as Tor or similar systems are available other p2p networks can be used
over it (you could even imagine networks that operate as hidden services)

Interesting talk on how governments have tried to shut down Tor:
<http://www.youtube.com/watch?v=DX46Qv_b7F4>

~~~
meowface
I agree, it's highly unlikely it could or would be outlawed. Was just thinking
hypothetically.

------
nadaviv
Hey, I'm the author. I'd love to hear your feedback.

~~~
mikeash
How would this compare to posting the hash in a public and frequently backed
up way such that the date would be generally established by archives? For
example, you could take out a classified ad with the hash in a newspaper, or
post to Usenet so Google Groups archives it, or even submit it as a story to
HN. (Or do all of the above and more at once.) Obviously, those aren't as
technically sweet, but they seem workable. I'd be interested in knowing if
there are more subtle tradeoffs involved.

~~~
nwh
The Bitcoin blockchain will presumably be around for the foreseeable future,
and can't under any circumstance be modified by anyone. That's the main reason
you'd want proof there.

------
nitrogen
I've thought a lot about cryptographically verifiable timestamps as an
alternative to and defense against patents, as I'm sure others have as well.
I'm glad that you and others are looking at P2P solutions to this problem. The
big challenge would be getting expert witnesses to testify in court that the
timestamps are valid, or otherwise convincing the court to accept them.

The switch to first to file might render this moot, though, since it seems
that inventions that are never made public can be "stolen" by someone else
filing a patent at a later date (corrections welcome).

------
j_s
What are the advantages of using this for timestamps rather than the SSL CA
timestamp servers? <http://en.wikipedia.org/wiki/Trusted_timestamping>

I am looking for a way to prove that web content existed -- building a
cryptographically verifiable "Internet Archive" knock-off; timestamping is a
key part of this.

------
tocomment
How does yours compare to this one <http://vog.github.io/bitcoinproof/>

