I also don't really understand WHY you need all that massive expenditure of energy for a distributed timestamp server to work.
All you need is a network of computers that agree to run timestamp services, and then sign any info with enough timestamps from enough computers. That will give an uppsr bound on the time something was signed. The lower bound is trivial to provide by the transaction originator - simply sign something using enough timestamp services values as a salt.
A timestamp service simply outputs a random number for each previous minute and is available to sign things using the next number.
In order to defeat this scheme, an attacker needs to execute a Sybil attack against all the timestamp servers. The only time you really NEED to make something really expensive is to be let in as a timestamp server. This can be done on a reputation system, essentially proof of stake for new miners only. But not for each transaction!
All you need is a network of computers that agree to run timestamp services, and then sign any info with enough timestamps from enough computers. That will give an uppsr bound on the time something was signed. The lower bound is trivial to provide by the transaction originator - simply sign something using enough timestamp services values as a salt.
A timestamp service simply outputs a random number for each previous minute and is available to sign things using the next number.
In order to defeat this scheme, an attacker needs to execute a Sybil attack against all the timestamp servers. The only time you really NEED to make something really expensive is to be let in as a timestamp server. This can be done on a reputation system, essentially proof of stake for new miners only. But not for each transaction!