Skip to content
/ victor Public

Victor, verifier in cryptography, publicly issues free trusted TIMESTAMP of file hash information embedded into a blockchain.

License

Notifications You must be signed in to change notification settings

rsvp/victor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

victor

Join the chat at https://gitter.im/rsvp/victor

Victor, familiar name in cryptography to denote VERIFIER, serves to publicly timestamp hash fingerprints of files.

We may need to certify that a document existed on a particular date (e.g. for copyright or patent purposes). If the certification process can take place publicly that would certainly add veracity to the matter. GitHub can be used to perform as a trusted timestamping service.

A git repository is designed in such a way that it is impossible to change a single bit of its content without that change becoming apparent in the commit identifiers (SHA-1). The explicit time of a commit is recorded by git, although it relies on the accuracy of the system's local clock.

The victor repository is used as follows:

  • User produces an one-way hash of a document, say, using SHA-256.
  • That hash is posted at a reliable public site ("Marker"), e.g. in a Bitbucket snippet or Twitter tweet with permalink.
  • That joint information is committed under the time/YYYY directory.
  • Anyone can then verify the date and time of said hash via the commit identifier.
  • The commit ID is finally embedded into a distributed ledger, i.e. a public blockchain (e.g. Bitcoin), for another timestamp.

The virtue of this protocol is that the document itself is not stored within this repository. The user does not need to reveal the content of the document (privacy) since the hash digest will cryptographically suffice.

Clearly the repository will not be large in size since the documents themselves are not stored (unless they serve to authenticate the timeline). The data is centrally backed up, but if this repository is distributed among many users, it can be securely reconstituted (not necessarily at GitHub).

If a challenge occurs to a particular timestamp, one could in principle get testimony from originators of the previous and following documents: for the correct time must be sandwiched in-between them. Email addresses are used at GitHub to attribute work done in a repository. However, cross-validation using the URL addresses of where the hash codes were published should serve as evidence against collusion and faked timestamps.

One may think of this repository as a collective union signing the public timeline of hash commits. The strict relative history of commits and git's cryptographic hash of those commits, together with open verification, are the essence of this project.

You can also contribute by periodically adding a hash of victor's last state to a blockchain for another source of independent timestamping. New in v2: every victor commit hash can be embedded into the Bitcoin blockchain automatically by incorporating the post-commit hook posted in bin -- free of charge!

Practical example

Alice has just finished her 404-page novel, and would like to register its date before sending it off to nine publishers for review. There is also a high-resolution image she would like to see on the front cover.

I, Alice Example of Los Angeles, thereby record the 
SHA-256 digest of my novel, Unsolved Disappearances:
d98722c626307fb00e728ba2ff246b7dd91b932a1e872f19a42dedee3058cc8a
and a photo of my college friends:
f9c8cda5be4787626905f39e2d73ca4fe9615aeb607375683921595d3bb21cc0
on this day, Wed Nov  4 16:01:40 PST 2015.

She would like her notice to be posted on some reputable website, so she makes public the following: https://bitbucket.org/snippets/rsvp/bRxRA which will date Alice's notice independently of her stated claim.

To strength the evidence of her authorship and completion date, she goes to Victor and makes a pull request of her original notice with added mention of the Marker site. Alice has been authenticated by GitHub, so Victor merges into the time/2015 directory, resulting in: https://github.com/rsvp/victor/commit/ebe6e6b715089430017a03f2615722f1bb29da49

So now we have two more additional sources for the timeline: Victor's machine and the system time at a central repository. In fact, Alice has even stronger evidence because her commit is sandwiched among other authenticated users with an ordered trail of third-party markers publicly open for verification.

The design of git as version control software places Alice's marker notice in a DAG, directed acyclic graph, with an unique immutable SHA-1 commit identifier: ebe6e6b715089430017a03f2615722f1bb29da49 which will reveal not only various date sources but also the hash signatures of her original works. That identifier would serve as a superb reference code in Alice's communication with her prospective publishers.

As a bonus, Alice had installed the post-commit hook found in Victor's bin -- which embedded her commit timestamp in another blockchain, Bitcoin -- free of charge:

 ::  hooks/post-commit: ebe6e6b715089430017a03f2615722f1bb29da49 to BLOCKCHAIN.
{"hash_sha256":"ebe6e6b715089430017a03f2615722f1bb29da49",
"created_at":"2015-11-05T01:10:15.648Z", 
"updated_at":"2015-11-05T01:10:15.648Z",
"submitted_at":null,"title":null}
 ::  http://www.originstamp.org/s/ebe6e6b715089430017a03f2615722f1bb29da49
[develop ebe6e6b] Add 2015-11-05-example.txt only as illustrative marker

Thus we have another verifiable public marker http://www.originstamp.org/s/ebe6e6b715089430017a03f2615722f1bb29da49 which not only dated Alice's commit in real time, but also will report back hours later on the blocktime, the time of the confirmed Bitcoin transaction embedding her commit identifier.

In effect, Alice's signed work is permanently on the Bitcoin blockchain. And just in case, for all the world to witness, a tweet is automatically posted (discretely) regarding this event: https://twitter.com/OriginStamp/status/662074416113799168 which would constitute the seventh timestamp!

Victor's protocol permits a timestamp to become trustworthy by the chained integrity of multiple independent sources of evidence which are publicly verifiable. Alice did not necessarily have to reveal the full contents of her novel to the world, but the means to authenticate it resides in one string preserved in many backed up copies of the open victor repository.

References

Appendix 1: Standards

Timestamps based on the X9.95 standard can be used to provide [victor comments]:

  • Authenticity: trusted, non-refutable time when data was digitally signed. [victor presumes GitHub and markers use trusted time sources, e.g. NIST. Note that victor does not hash or check the original document itself, that's the committer's responsibility.]

  • Integrity: protection of the timestamp from tampering without detection. [victor relies on the git's hash tree structure for integrity.]

  • Timeliness: proof that the time of the digital signature was the actual time. [victor timeline provides excellent approximation.]

  • Evidentiary trail of authenticity. [A document's hash and a time Marker jointly produces another hash, git's commit identifier.]

"Linked timestamping creates tokens [markers] which are dependent on each other, entangled into some authenticated data structure [git hash tree by GitHub users]. Later modification of issued timestamps would invalidate this structure. Temporal order of issued timestamps is also protected by this data structure, making backdating of the issued timestamps impossible, even by the issuing server itself."

Summary: The issued timestamps from victor are in fact Git commit identifiers. By examining the git log, the secure hash and signatory information of the original document can be recovered along with verifiable date and time of the entries.


Shortcut to this page: https://git.io/victor | Revision date : 2018-01-02

About

Victor, verifier in cryptography, publicly issues free trusted TIMESTAMP of file hash information embedded into a blockchain.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages