> An irrefutable cryptographic timestamp is just that, irrefutable.
In math, sure, but he specifically asked about a court of law. Irrefutable in math doesn't mean admissible in court. Then there's the 1, 6, 12, or however many random people that decide the case; they likely need the math explained to them, and two sides get turns convincing them the other is wrong.
There was a case in Australia 10 or so years back, where MD5 sums were added to police speed camera photos. This was before MD5 vulnerabilities were well known.
The defence successfully argued that MD5 was not totally reliable -- even though the chance of it being faked was absolutely tiny.
The real irony was that without the MD5, the photos would probably have been accepted just on the police assertion of chain of custody.
(I've been looking for this news story but unfortunately I can't find it at the moment)
Thanks for the link- exactly the sort of thing that I was looking for in feedback. I'm aware it's conjecture, but do you think this sort of precedence would be useful in airing doubts about the trustworthiness of an Ed25519 signature in court? Do you think the wording on the site is problematic in regards to this, or would you have any thoughts on how concerns about this would be best communicated?
Most of cryptography can in theory always be brute-forced or simply guessed. There is no absolute guarantee, though you can get very very close. And there are other ways around it, such as keys getting leaked.
Also, because of lack of expertise courts may simply not want to deal with this kind of proof and thus not acknowledge it.
I believe at that point it's up to the lawyers to argue. It's up to persons with people skills to convince other people that something is not fake, using tools like these as assistance, not as clinchers.
An irrefutable cryptographic timestamp is just that, irrefutable.
Sometimes courts make mistakes, but you can’t expect any useful precedent over something like this.