[HN Gopher] Ask HN: What are some good methods to prove current ...
___________________________________________________________________
Ask HN: What are some good methods to prove current time?
I know I can film a current newspaper to prove one side, how do I
prove the other side? In other words how can I prove the current
time of message? I think this should be possible but every idea I
come up with, it seems to be possible to fake in the future tense.
Is live streaming the only true method? Or am I missing something?
Author : sigmaprimus
Score : 50 points
Date : 2020-10-11 08:44 UTC (14 hours ago)
| yencabulator wrote:
| https://blog.cloudflare.com/roughtime/
|
| https://github.com/Merovius/notary
| wsh wrote:
| To show that a message existed at a particular date and time, you
| could use a time-stamping service operated by a trusted third
| party, in which they digitally sign a timestamp and the
| cryptographic digest of your message.
|
| Several public certification authorities offer these services,
| described in RFC 3161, at no charge, because they're used by code
| signing schemes, to prove that a digital signature on an object
| file was made during the validity period of the signer's identity
| certificate. Here's Microsoft's explanation:
|
| https://docs.microsoft.com/en-us/windows/win32/seccrypto/tim...
|
| You don't have to use an identity certificate, however; OpenSSL,
| for example, can work work with timestamps directly:
|
| https://www.openssl.org/docs/manmaster/man1/tsget.html
|
| https://www.openssl.org/docs/manmaster/man1/openssl-ts.html
|
| Some examples of time-stamping servers:
|
| https://knowledge.digicert.com/generalinformation/INFO4231.h...
|
| https://www.entrust.com/knowledgebase/ssl/time-stamp-url
|
| https://sectigo.com/resource-library/time-stamping-server
|
| Whether such a timestamp would be acceptable proof, on its own or
| accompanied by an explanation from an independent expert, would
| depend on the audience and the situation, of course.
| yangl1996 wrote:
| A system like Bitcoin has this functionality. "Time" is
| essentially represented as "depth" of a block, and a block can
| only be buried deep into the chain with sufficient time (due to
| the nature of proof-of-work). A cryptographic primitive called
| "verifiable delay function" provides a good abstraction for this
| problem.
|
| Specifically, you may put the hash of your message into a bitcoin
| transaction, and submit this transaction. If you later want to
| prove its age, just point to the bitcoin block containing your
| transaction. The guy verifying it is sure that you have got this
| message before the block is mined, because otherwise you would
| not have the hash of the message at that time and successfully
| embed it into a block.
| sillysaurusx wrote:
| I found the problem statement and every reply remarkably
| confusing, because I am not smart. I'd like to give an answer to
| help fellow not-smart people.
|
| The goal is to prove that you did something in the past -- for
| example, that you proved a theorem, or that you predicted that
| COVID would become an issue way back in 2018.
|
| Interestingly, patio11 solved this for COVID: He published a hash
| of his article, calling out COVID in Japan, to Twitter, which has
| no edit button. Then a month or so later, he published the
| article itself, proving that he did in fact write that article.
|
| It's an old solution, not his. But that's the general idea here.
| avmich wrote:
| http://surety.com/
| remram wrote:
| You can do the opposite, include your message (or a digest of it)
| in a medium that is hard to alter, for example a newspaper,
| notaries, Twitter, a blockchain, etc (or preferably a combination
| of those). Some of those solutions don't prevent you from
| publishing multiple versions of the message and only revealing
| one however.
|
| On the other hand if you're trying to show that you _did
| something_ (not just authored a message) at a given time, it 's a
| bit harder, because you can always notarize the video long after
| it has been recorded. The best way to deal with this one (in the
| absence of trusted parties that might attend in-person) might be
| to do it in a public place e.g. in the library while a specific
| event is happening, on the street while some specific work is
| being done, in front of a newspaper stand in a shop etc. However
| I can see any of those faked using video editing.
| gitgud wrote:
| That's a good idea, the time could be trusted if multiple
| sources could confirm it was done in public.
|
| CCTV footage, news footage, snapchat stories, instagram... all
| independently verifiable and hard to fake all of them.
| TeMPOraL wrote:
| The hash trick should work for a video of your act too; you can
| post a tweet with a hash as soon as you finish recording and
| are able to compute it.
| umvi wrote:
| In the far future though hash digest might be broken (i.e.
| you could alter the video but make it have the same hash)
| kens wrote:
| Back in 1990, Bellcore researchers Haber and Stornetta set up a
| system (surety.com) where documents were hashed and then the hash
| value was published as a classified ad in the New York Times
| every week. This provided a solid proof that the document was
| published as of that date. (Unless someone visited all the
| world's libraries and swapped in fake New York Times copies.)
|
| An article showing one of the classified ads:
| https://www.vice.com/en/article/j5nzx4/what-was-the-first-bl...
| a-dub wrote:
| this is cool. i've heard of this as a theoretical way, but
| didn't know anyone was actually publishing hashes in a real
| newspaper!
| masklinn wrote:
| I've seen it happen several times on twitter.
| sokoloff wrote:
| "Our" own patio11 has done it at least once recently.
| maddyboo wrote:
| Speaking of stealing newspapers to suppress the truth...
|
| https://threadreaderapp.com/thread/1315314371560579073.html
| dutchbrit wrote:
| Blockchain would be your best bet, but even that could be
| scheduled for the future, all depends on context.
| coldtea wrote:
| > _In other words how can I prove the current time of message?_
|
| In many countries you can have a statement you wrote signed,
| dated and stamped by the state authorities that verifies not the
| truth of the content, but that _you_ wrote it (and the specific
| time). You need to fill a form, take it to a state office, and
| present your ID to them for them to stamp and approve it.
|
| In the US I find that this is called a "statutory declaration":
|
| A statutory declaration is a document that formalizes matters to
| be made known publicly. It is a solemn statement made by
| plaintiff or witnesses instead of the oath, but equally binding.
|
| Statutory declaration is a legal document based on statute law as
| to their format and content requirements. Statutory declarations
| are of the same force and effect as if sworn under oath or
| affirmation.
| ruffrey wrote:
| I believe having a document "notarized" costs about $10-$20 and
| accomplished something similar.
| jamieweb wrote:
| I looked into this a few years ago[1]. The solution I came to
| involves putting the hash of the most recent Bitcoin block in
| your document, and then signing the hash of your document into
| the Bitcoin blockchain.
|
| This cryptographically proves that the document was
| created/published within those two time bounds.
|
| This of course doesn't help in all cases, i.e. you could edit an
| old document to make it look newer, but I'm not aware of any way
| to properly solve that particular problem without a trusted
| third-party.
|
| [1] https://www.jamieweb.net/blog/proof-of-timestamp/
| Nurdok wrote:
| You can ask the person you wish to prove current time to, to
| provide a "challenge" that you will film ("put two fingers up",
| "hold up a USB cable").
| dosshell wrote:
| I don't understand how this proves anything? What is stopping
| me from holding up the USB cable two years later?
| Apreche wrote:
| You are live streaming. Someone asks you to do something, but
| you don't know what they are going to ask. You do the thing
| that they have requested live on stream, e.g.: Holding up a
| USB cable. That person who made the request knows that you
| did not know what they were going to request, so they know
| that they are watching a live stream and not a recording.
|
| However, third parties watching the stream have no proof that
| this wasn't a coordinated trick prepared in advance.
| pi-rat wrote:
| You're looking for: https://opentimestamps.org
|
| It builds a Merkle tree of hashed documents, timestamps it, and
| puts it on the blockchain.
| petertodd wrote:
| The easy thing to do is prove a message existed prior to some
| point in time. That's a timestamp, you can do that easily for
| free with my OpenTimestamps project, which uses Bitcoin for the
| timestamp proof: https://opentimestamps.org/
|
| The way it works is pretty simple: your message is hashed with a
| series of cryptographically secure hash/append/prepend
| operations, leading to a Bitcoin block. Since they are one way
| hashes, your message must have existed prior to that Bitcoin
| block.
|
| The hard part is actually proving a message existed _after_ some
| point in time. To do that, you need a random beacon: a large
| number (also known as a nonce) that we know was created at some
| point in time, and prior to that point in time, was impossible to
| predict. Newspaper headlines are a weak form of random beacon, as
| it 's hard to predict the news in advance. Bitcoin block hashes
| are even better, as the proof-of-work ensures that even trying to
| force a single bit of the block hash is extremely expensive. I
| also run a project to inject other random beacons into the
| Bitcoin blockchain, such as the NIST Random Beacon:
| https://github.com/opentimestamps/nist-inject
|
| But in the age of deep fakes, what does any of this actually
| prove? See, while a timestamp proof mathematically depends on
| your message, with a random beacon it's the opposite: your
| message needs to depend on the random beacon. For human
| meaningful messages that's not easy to achieve. A photo can be
| photoshopped, a video deepfaked, etc.
|
| The best you can do _in general_ is try to make the random beacon
| time, and the timestamp, be as close together as possible to make
| it as difficult as possible to do a photoshop, deepfake, etc. But
| deepfakes are good enough these days that IMO that 's dubious
| security.
|
| Probably the best approach here is to actually think about what
| exactly you are trying to achieve - are you kidnapping someone?
| proving you've recovered from the plague? launching a
| cryptocurrency? There isn't a one-size-fits-all solution to this
| problem.
| marketingPro wrote:
| Holy crap I've been saying this about Bitcoin (along with it's
| voting and currency mechanisms) are useful.
|
| But I've been saying that it could be used for races or world
| records or predictions.
|
| Neat to see someone actually wants it.
| kuratkull wrote:
| Very good question. I have also occasionally wondered about this
| and haven't come up with a satisfying solution. I guess it boils
| down to 1) reference in your message something that didn't exist
| before your point-in-time 2) let a trusted third party publish
| the hash of the message you compiled. A third party seems
| necessary because time isn't a technical concept, but time can be
| described as a sequence of events - so some trusted event needs
| to reference your event/document(its hash or equivalent). As a
| comment here mention, blockchain could be used as a solution.
| Really interested to see other solutions in this thread.
| senstax wrote:
| Many are mentioning digital timestamps. There's a pretty
| universal physical one, too -- a postmark. So enclose your
| message and a newspaper front page in an envelope addressed to
| yourself and sealed in a trustable way, and drop it in the mail.
| But then opening it can only happen once and has to be witnessed.
| rthille wrote:
| You just mail the unsealed envelope, add the content later and
| you've forged the time.
| choeger wrote:
| I think there is an inherent asymmetry to the problen. You can
| prove that something (a headline) exists when you do your
| message, but you cannot easily prove that it does not yet exist.
| You could, theoretically, use something that one day will cease
| to exist to show that you signed your message _before_ that
| point. However, digital things (information) normally do not
| cease to exist.
|
| Assuming you don't want to involve any third party, things get
| difficult. To be honest I think there is always a way to make a
| message look older.
| m-p-3 wrote:
| Considering the extent of our abilities to modify videos after a
| recording is made (After Effect, Blender and all those post-
| editing softwares out there), it's hard to prove in-video other
| than a livestream as you mentioned.
|
| The only solution I can see would be to use an impartial third-
| party with legal weight to attest the current time to be as
| declared on video and on paper.
|
| Another idea would be to make and film a transaction on a public
| system (Bitcoin blockchain?) with a proof of the transaction and
| its timestamp?
| pdevr wrote:
| Rephrasing and reframing: You want to prove that you did
| something before and after certain points of times, and you have
| solutions for proving that you did something after a certain
| point of time (filming current newspaper or other similar
| methods). So you want to prove "the other side": That is, you
| want to prove that you did something BEFORE a certain point of
| time.
|
| Here are two low-tech solutions almost anyone can do:
|
| 1. Record yourself standing under a well-known landmark, which
| has a digital or analog display of time and date. Movie theaters
| have displays showing time and date. Malls have them too.
|
| 2. Record yourself doing a Google search for "time now" and
| record the search result showing the time.
| JulianWasTaken wrote:
| Both of these seem easy to fake. Though I guess to be honest
| anything these days will be easy to fake for suitable
| definition of "easy".
| pdevr wrote:
| They are similar in accuracy to filming yourself with the
| current newspaper, which is what the person who asked the
| question accepted as a solution to "one side". The question
| was about the "other side", so I proposed a solution of
| similar accuracy.
___________________________________________________________________
(page generated 2020-10-11 23:00 UTC)