Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: CryptoProof – post proofs to the Ethereum blockchain for free (cryptoproof.org)
55 points by flixic on Oct 30, 2018 | hide | past | web | favorite | 27 comments



Hi HN. Quick comments about this project:

* Today is 10 year anniversary to the original bitcoin.pdf release. This pdf is the first document proof I posted, included in the first release: https://cryptoproof.org/release/2018-10-30-09

* I’ve recently left a startup and will try to build a bunch of smaller ideas rather quickly and see if any of them resonate. This one took about 10 days to build, and it’s my first “static Vue.js frontend + a separate backend” project.

* This is not a very advanced project. It simply collects posted hashes, hashes them together to create a “Release”, and posts that one combined hash to the Ethereum blockchain. I have some useful ideas for the future, but until then it’s just a free and (hopefully) a user-friendly way to post timestamped proofs.

* Having a separate API backend means I can offer a developer API quite easily. For now it doesn’t require any authentication, and that probably means it might get DDoSed quickly. Please don’t abuse it. I am interested in building a useful service, so if you have any ideas, let me know!

If you have any feedback, please let me know!


Have you considered using merkle proofs? This way the data you will submit on-chain will be relatively small and stable and you can provide the proofs directly on the front-end / client side.


Merkle proofs sound like a more appropriate tool for the job, but I don't know enough about it. Do you have any tips what to read about for this?


Also of interest are Mountain Merkle Ranges as explained here for instance:

https://github.com/mimblewimble/grin/blob/master/doc/mmr.md

These are append-only trees with height only logarithmic in number of appends.


Sorry for the delay but I'm at Devcon :-)

Perhaps the easiest way to get started is with this npm package: https://github.com/ameensol/merkle-tree-solidity

If you want to learn more about the theory behind merkle trees and its variants, let me know.


Please send my regards to Mr Buterin.

Your profile does not contain any contact information. Is there a channel you prefer to be contacted via if I have some further ideas or questions?


telegram: @decentralised


How do you compare to opentimestamps.org? (other than ETH instead of BTC)


For now, it's very similar. The main difference is that OpenTimestamps is a bit more opaque. Basically, you get a confirmation, and then you can validate stuff on the site.

I try to provide full instructions how to verify everything without CryptoProof site at all, just tracing the transaction.


How is it more opaque?


When submitting, you get a binary .ots file, and no idea how exactly the file is submitted to the blockchain.

The only way to verify is to re-upload the .ots file and get the yes or no response.

Actually tracking the chain of proof is very difficult. Compare:

https://opentimestamps.org/info/?004f70656e54696d657374616d7...

vs

https://cryptoproof.org/release/2018-10-30-09


when you say "hash them together" do you mean concatenate or use a merkle tree ? Merkle tree has the added advantage of being able to prove that a certain hash was part of the root with by a tree traversal.


Currently just concatenate but I will switch to Merkle trees.


What a nice useful easy-to-use service, thanks for this, Jonai :)

A comment (relevant to this site but also a more general ramble towards the direction of "why don't sites which use production-important JS try this more often"): given that the default non-API use case involves users running client-side JS, I wonder if you've considered pinning your "must send only the hash to the server" script code via CSP / script-src: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...

(When JS scripts are "stable" enough, compute their hashes and include those hashes in the source via script-src (a sort of "certificate pinning" thing). I know it's not supported everywhere yet etc etc, I haven't paid close attention re: this but maybe that's the reason as to its limited adoption thus far?..)

Anyway, very smooth and I love the "can prove if service is gone" and "no stupid ICO" parts, obviously.


Thanks for the comment, Kostai!

The entire frontend is a static Vue.js thing built with Vue CLI that uses Webpack behind the scenes. It seems I should be able to automatically add CSP via a webpack plugin. Noted.


You need gas to post your "Release" to Ethereum blockchain and gas costs money. How is it possible to be free?


It costs about 0.8 ETH per year to run, and I’ve personally funded it with 1 ETH. I do appreciate donations: https://cryptoproof.org/support


I’m guessing they are subsidizing it. On the how it works page it says

“Any message, regardless of its original size, only generates a 32 byte content hash and costs about $0.03 to submit to the blockchain.”

Also

“CrypoProof is free to use because instead of sending each content hash as a separate transaction, CryptoProof combines all the hashes posted during the same hour into a Release. The release simply contains all the content hashes posted that hour.”


Quick glance: there doesn't appear to be a way to link to specific messages for verification - I understand it will be difficult for large files, etc. but you can probably squeeze a base64-encoded value in the URL #hash for short messages.

Also HN, are there any other existing services for proofs?


When you submit a message, I locally generate a file you can download (or copy to clipboard), that contains the message, hash and the release it will go to.

For text messages, I could also generate a special link. Good idea!

Edit: to follow up on your other question, I found a bunch of other services like that. Most of them are paid per proof, though.

https://stampd.io

https://proofofexistence.com

https://blocksign.com

https://www.blocknotary.com

https://opentimestamps.org (Free)

https://notary.bitcoin.com


Chainpoint.org


Oh, this is interesting. Somehow I haven't found it in my research.


> Geeky summary: we hash content client-side, collect all the hashes posted in an hour, hash them together and post their combined hash as input in the transaction on the Ethereum blockchain, establishing the chain of proof.

Didn't know that my Greek was so much better than my English ;-)


Very nice.. excellent job on making the copy easy to understand. Would love to link to this project in my ongoing collection of cool blockchain stuff.

Enjoy Devcon.. Also let me know what I can do about those small ideas that you want to implement.Have a couple myself!


Are you planning on open sourcing this? Thanks!


Maybe, but unlikely. I have some future ideas that might become a premium service.

Also, I'm not sure what the OSS community would gain from this being open sourced. The "algorithm" is just "hash a bunch of hashes". The rest is just a neat frontend and a really simple backend.


dope




Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: