
Proof of Existence: Storing Hashed Files in the Bitcoin Block Chain - CrunchyJams
http://www.proofofexistence.com/about
======
icebraining
Discussion from yesterday's submission, with 75 comments:
[https://news.ycombinator.com/item?id=6809929](https://news.ycombinator.com/item?id=6809929)

------
rdtsc
This makes me think of another thing I was wondering about -- can some entity
that doesn't like having Bitcoin around for whatever reason, DDoS it by
filling it with meaningless transactions.

Maybe just setting up 100 addresses and constantly transferring small payments
between them, filling the transaction history with garbage. Is that possible,
and is there any protection against that?

~~~
mortehu
Transaction prioritization[1] and transaction fees already rate limit stuff
like that, and patches to the clients used by major mining pools may be able
to fix it permanently.

1\. priority = sum(input_value_in_base_units * input_age)/size_in_bytes

~~~
rdtsc
What determines the size_in_bytes value?

In general, let's say a govt agency get assigned an $18.5m budget to break the
Bitcoin currency as much possible, what could their plan of attack be, i.e.
spend that money in the most efficient way possible? Create a large ring of
wallets and send tiny payment around the ring? Create less wallets but send
large payments between them?

~~~
infruset
Why $18.5m?

~~~
ChikkaChiChi
That does seem oddly specific.

------
mathretardthrow
There is absolutely no proof that one-way functions exist: therefore this is
not a 'proof' of existence of files at a certain date.* It is just a strong
indication of it.

* that is, at some future date (or secretly, today) an algorithm could be discovered breaking the one-way function used to generate these hashes. Then a collision could be found, perhaps with chosen-prefix. Meaning an arbitrary file could be suffixed so that it looks as though that is what was hashed today. In the past, many hash algorithms thought to be strong were weakened in this way.

------
drakaal
Adding lots of data to the transaction logs is one easy DDoS. Do so many
transactions that the logs get to be larger than fit on most systems. With
multiple Gigs of data already required, if someone was evil they could up the
volume and keep people out of the game by making sure that that there were
over a terabyte of transaction logs. Most machines won't have that kind of
storage and would "fall off" the network.

Patient0 mentioned before I got to post this, the other attack I know would
work. Destroying tokens. But it is a bit more complex than he mentions, but
you can actually generate ECDSA key's that will work for one transaction, and
then never again. A one time spend token that then self destructs for the
person you paid.

I haven't been able to build anything that would work for two transactions.
Which would be the most useful since you'd have a delayed "poison coin" but I
don't see any reason it isn't computationally possible.

~~~
alexwright
Bitcoin doesn't work by passing tokens around to represent the value. In a
Bitcoin spend the value is simply added to the wallet/address's balance. Any
further spend is deducted from the wallets balance.

The "coin" is not a single token that lives on and is broken apart to be
spent, so there's no way a coin could self destruct after being transferred.

~~~
drakaal
You keep telling yourself that.

I understand fractional coins. I was over simplifying for brevity. I'll give
you a hint. You have to move the coins between two wallets you own before you
create a coin that will "break" when it goes in to the third's wallet. The
Third wallet accepts a coin that no one will take afterwards. The coin becomes
undependable.

~~~
drakaal
unspendable. Damn you Autocorrect.

------
notacoward
I'm not exactly a big Bitcoin booster, but I love the way techniques and
structures developed for it are being adapted to uses like this.

Given that this seems very similar to el33th4xor's Virtual Notary, how would
one distinguish between the strengths or use cases of the two?

[http://hackingdistributed.com/2013/06/20/virtual-notary-
intr...](http://hackingdistributed.com/2013/06/20/virtual-notary-intro/)

~~~
socrates1024
Technical differences aside, proofofexistence.com predates the Cornell team's
blogpost by a couple of months.[2] I am not surprised that the Cornell team
did not cite the bitcointalk forum post (given the recent frenzy of their
Selfish Mining paper, where they neglected to cite a fairly closely related
forum post from two years earlier). However, a published paper, CommitCoin,[1]
predates both of these by about a year.

I don't believe there is any meaningful technical difference among these.

[1] Clark, Jeremy, and Aleksander Essex. "CommitCoin: Carbon dating
commitments with bitcoin." Financial Cryptography and Data Security. Springer
Berlin Heidelberg, 2012. 390-398.

[2] www.proofofexistence.com - Upload a document and have it certified by the
Bitcoin blockchain bitcointalk user: maraoz
[https://bitcointalk.org/index.php?topic=212701.0](https://bitcointalk.org/index.php?topic=212701.0)

~~~
emin-gun-sirer
Timestamping services are not novel and date way back before 2012. The
earliest work I know of is from AT&T back in the 80's, where they proposed to
publish the hash in the NYT. The idea was so well established that there is
even an RFC [1] from 2001. And by the way, virtual-notary.org was online for
several months or perhaps even a year before the blog post.

But the important differences are actually technical. Virtual Notary is a much
more general service, offering to attest to any kind of online factoid. Let's
elevate the discussion here -- it doesn't matter who was there first (because
the AT&T folks were there two decades before both services), what matters is
who offers the most useful service [3].

As for the previous work on selfish mining, see here [2].

[1] [http://www.ietf.org/rfc/rfc3161.txt](http://www.ietf.org/rfc/rfc3161.txt)

[2] [http://hackingdistributed.com/2013/11/09/no-you-
dint/](http://hackingdistributed.com/2013/11/09/no-you-dint/)

[3]
[https://news.ycombinator.com/item?id=6819835](https://news.ycombinator.com/item?id=6819835)

------
Patient0
"This is why the bitcoins sent in this special transaction are unspendable, as
the addresses are being generated from the document's hash fragments instead
of from a private ECDSA key."

I hadn't realised before that this means that you can provably "destroy"
bitcoins. That is, you can "prove" that a certain bitcoin amount will never be
spent again by anyone including yourself...

~~~
jawr
Yeah, the fact that bitcoins can be permanently destroyed is a little bit
worrying, one of BTC's benefits is it's cap. What's the economical
consequences of these coins being destroyed?

~~~
alexwright
You can burn fiat cash, and fire gold bars into space. What are the
consequences of those actions? Other coins are presumably worth more because
there are now fewer of them.

~~~
JoeAltmaier
I would think in a 'tulip bulb' bubble supply is not entirely the important
variable. Growing demand would be the driving force behind valuation. Losing a
few coins would matter not at all. Maybe even a lot of coins.

------
daviddoran
I've been interested in the benefits of something like
[http://www.guardtime.com/](http://www.guardtime.com/) for a while. Using a
distributed network like Bitcoin seems perfect.

------
Thiz
Can a coin survive without a ledger? I rather see a coin with proof-of-
exchange without a ton-of-gigs blockchain at all.

~~~
brainburn
Then how will I prove i possess a certain amount of this coin?

------
JulianMorrison
Bitcoin would be an awesome "dead drop" for untraceable communication of small
data.

~~~
drakaal
Except you'd have to spend some money, so the origin would always be known.

~~~
icebraining
There are still some Bitcoin Faucets open, such as FreeCoins[1]. They give out
almost nothing, but it's enough to make transactions just for the
registration, and you don't need to provide any information.

[1] [http://freecoins.herokuapp.com/](http://freecoins.herokuapp.com/)

