[HN Gopher] Ask HN: What are some good methods to prove current ... ___________________________________________________________________ Ask HN: What are some good methods to prove current time? I know I can film a current newspaper to prove one side, how do I prove the other side? In other words how can I prove the current time of message? I think this should be possible but every idea I come up with, it seems to be possible to fake in the future tense. Is live streaming the only true method? Or am I missing something? Author : sigmaprimus Score : 50 points Date : 2020-10-11 08:44 UTC (14 hours ago) | yencabulator wrote: | https://blog.cloudflare.com/roughtime/ | | https://github.com/Merovius/notary | wsh wrote: | To show that a message existed at a particular date and time, you | could use a time-stamping service operated by a trusted third | party, in which they digitally sign a timestamp and the | cryptographic digest of your message. | | Several public certification authorities offer these services, | described in RFC 3161, at no charge, because they're used by code | signing schemes, to prove that a digital signature on an object | file was made during the validity period of the signer's identity | certificate. Here's Microsoft's explanation: | | https://docs.microsoft.com/en-us/windows/win32/seccrypto/tim... | | You don't have to use an identity certificate, however; OpenSSL, | for example, can work work with timestamps directly: | | https://www.openssl.org/docs/manmaster/man1/tsget.html | | https://www.openssl.org/docs/manmaster/man1/openssl-ts.html | | Some examples of time-stamping servers: | | https://knowledge.digicert.com/generalinformation/INFO4231.h... | | https://www.entrust.com/knowledgebase/ssl/time-stamp-url | | https://sectigo.com/resource-library/time-stamping-server | | Whether such a timestamp would be acceptable proof, on its own or | accompanied by an explanation from an independent expert, would | depend on the audience and the situation, of course. | yangl1996 wrote: | A system like Bitcoin has this functionality. "Time" is | essentially represented as "depth" of a block, and a block can | only be buried deep into the chain with sufficient time (due to | the nature of proof-of-work). A cryptographic primitive called | "verifiable delay function" provides a good abstraction for this | problem. | | Specifically, you may put the hash of your message into a bitcoin | transaction, and submit this transaction. If you later want to | prove its age, just point to the bitcoin block containing your | transaction. The guy verifying it is sure that you have got this | message before the block is mined, because otherwise you would | not have the hash of the message at that time and successfully | embed it into a block. | sillysaurusx wrote: | I found the problem statement and every reply remarkably | confusing, because I am not smart. I'd like to give an answer to | help fellow not-smart people. | | The goal is to prove that you did something in the past -- for | example, that you proved a theorem, or that you predicted that | COVID would become an issue way back in 2018. | | Interestingly, patio11 solved this for COVID: He published a hash | of his article, calling out COVID in Japan, to Twitter, which has | no edit button. Then a month or so later, he published the | article itself, proving that he did in fact write that article. | | It's an old solution, not his. But that's the general idea here. | avmich wrote: | http://surety.com/ | remram wrote: | You can do the opposite, include your message (or a digest of it) | in a medium that is hard to alter, for example a newspaper, | notaries, Twitter, a blockchain, etc (or preferably a combination | of those). Some of those solutions don't prevent you from | publishing multiple versions of the message and only revealing | one however. | | On the other hand if you're trying to show that you _did | something_ (not just authored a message) at a given time, it 's a | bit harder, because you can always notarize the video long after | it has been recorded. The best way to deal with this one (in the | absence of trusted parties that might attend in-person) might be | to do it in a public place e.g. in the library while a specific | event is happening, on the street while some specific work is | being done, in front of a newspaper stand in a shop etc. However | I can see any of those faked using video editing. | gitgud wrote: | That's a good idea, the time could be trusted if multiple | sources could confirm it was done in public. | | CCTV footage, news footage, snapchat stories, instagram... all | independently verifiable and hard to fake all of them. | TeMPOraL wrote: | The hash trick should work for a video of your act too; you can | post a tweet with a hash as soon as you finish recording and | are able to compute it. | umvi wrote: | In the far future though hash digest might be broken (i.e. | you could alter the video but make it have the same hash) | kens wrote: | Back in 1990, Bellcore researchers Haber and Stornetta set up a | system (surety.com) where documents were hashed and then the hash | value was published as a classified ad in the New York Times | every week. This provided a solid proof that the document was | published as of that date. (Unless someone visited all the | world's libraries and swapped in fake New York Times copies.) | | An article showing one of the classified ads: | https://www.vice.com/en/article/j5nzx4/what-was-the-first-bl... | a-dub wrote: | this is cool. i've heard of this as a theoretical way, but | didn't know anyone was actually publishing hashes in a real | newspaper! | masklinn wrote: | I've seen it happen several times on twitter. | sokoloff wrote: | "Our" own patio11 has done it at least once recently. | maddyboo wrote: | Speaking of stealing newspapers to suppress the truth... | | https://threadreaderapp.com/thread/1315314371560579073.html | dutchbrit wrote: | Blockchain would be your best bet, but even that could be | scheduled for the future, all depends on context. | coldtea wrote: | > _In other words how can I prove the current time of message?_ | | In many countries you can have a statement you wrote signed, | dated and stamped by the state authorities that verifies not the | truth of the content, but that _you_ wrote it (and the specific | time). You need to fill a form, take it to a state office, and | present your ID to them for them to stamp and approve it. | | In the US I find that this is called a "statutory declaration": | | A statutory declaration is a document that formalizes matters to | be made known publicly. It is a solemn statement made by | plaintiff or witnesses instead of the oath, but equally binding. | | Statutory declaration is a legal document based on statute law as | to their format and content requirements. Statutory declarations | are of the same force and effect as if sworn under oath or | affirmation. | ruffrey wrote: | I believe having a document "notarized" costs about $10-$20 and | accomplished something similar. | jamieweb wrote: | I looked into this a few years ago[1]. The solution I came to | involves putting the hash of the most recent Bitcoin block in | your document, and then signing the hash of your document into | the Bitcoin blockchain. | | This cryptographically proves that the document was | created/published within those two time bounds. | | This of course doesn't help in all cases, i.e. you could edit an | old document to make it look newer, but I'm not aware of any way | to properly solve that particular problem without a trusted | third-party. | | [1] https://www.jamieweb.net/blog/proof-of-timestamp/ | Nurdok wrote: | You can ask the person you wish to prove current time to, to | provide a "challenge" that you will film ("put two fingers up", | "hold up a USB cable"). | dosshell wrote: | I don't understand how this proves anything? What is stopping | me from holding up the USB cable two years later? | Apreche wrote: | You are live streaming. Someone asks you to do something, but | you don't know what they are going to ask. You do the thing | that they have requested live on stream, e.g.: Holding up a | USB cable. That person who made the request knows that you | did not know what they were going to request, so they know | that they are watching a live stream and not a recording. | | However, third parties watching the stream have no proof that | this wasn't a coordinated trick prepared in advance. | pi-rat wrote: | You're looking for: https://opentimestamps.org | | It builds a Merkle tree of hashed documents, timestamps it, and | puts it on the blockchain. | petertodd wrote: | The easy thing to do is prove a message existed prior to some | point in time. That's a timestamp, you can do that easily for | free with my OpenTimestamps project, which uses Bitcoin for the | timestamp proof: https://opentimestamps.org/ | | The way it works is pretty simple: your message is hashed with a | series of cryptographically secure hash/append/prepend | operations, leading to a Bitcoin block. Since they are one way | hashes, your message must have existed prior to that Bitcoin | block. | | The hard part is actually proving a message existed _after_ some | point in time. To do that, you need a random beacon: a large | number (also known as a nonce) that we know was created at some | point in time, and prior to that point in time, was impossible to | predict. Newspaper headlines are a weak form of random beacon, as | it 's hard to predict the news in advance. Bitcoin block hashes | are even better, as the proof-of-work ensures that even trying to | force a single bit of the block hash is extremely expensive. I | also run a project to inject other random beacons into the | Bitcoin blockchain, such as the NIST Random Beacon: | https://github.com/opentimestamps/nist-inject | | But in the age of deep fakes, what does any of this actually | prove? See, while a timestamp proof mathematically depends on | your message, with a random beacon it's the opposite: your | message needs to depend on the random beacon. For human | meaningful messages that's not easy to achieve. A photo can be | photoshopped, a video deepfaked, etc. | | The best you can do _in general_ is try to make the random beacon | time, and the timestamp, be as close together as possible to make | it as difficult as possible to do a photoshop, deepfake, etc. But | deepfakes are good enough these days that IMO that 's dubious | security. | | Probably the best approach here is to actually think about what | exactly you are trying to achieve - are you kidnapping someone? | proving you've recovered from the plague? launching a | cryptocurrency? There isn't a one-size-fits-all solution to this | problem. | marketingPro wrote: | Holy crap I've been saying this about Bitcoin (along with it's | voting and currency mechanisms) are useful. | | But I've been saying that it could be used for races or world | records or predictions. | | Neat to see someone actually wants it. | kuratkull wrote: | Very good question. I have also occasionally wondered about this | and haven't come up with a satisfying solution. I guess it boils | down to 1) reference in your message something that didn't exist | before your point-in-time 2) let a trusted third party publish | the hash of the message you compiled. A third party seems | necessary because time isn't a technical concept, but time can be | described as a sequence of events - so some trusted event needs | to reference your event/document(its hash or equivalent). As a | comment here mention, blockchain could be used as a solution. | Really interested to see other solutions in this thread. | senstax wrote: | Many are mentioning digital timestamps. There's a pretty | universal physical one, too -- a postmark. So enclose your | message and a newspaper front page in an envelope addressed to | yourself and sealed in a trustable way, and drop it in the mail. | But then opening it can only happen once and has to be witnessed. | rthille wrote: | You just mail the unsealed envelope, add the content later and | you've forged the time. | choeger wrote: | I think there is an inherent asymmetry to the problen. You can | prove that something (a headline) exists when you do your | message, but you cannot easily prove that it does not yet exist. | You could, theoretically, use something that one day will cease | to exist to show that you signed your message _before_ that | point. However, digital things (information) normally do not | cease to exist. | | Assuming you don't want to involve any third party, things get | difficult. To be honest I think there is always a way to make a | message look older. | m-p-3 wrote: | Considering the extent of our abilities to modify videos after a | recording is made (After Effect, Blender and all those post- | editing softwares out there), it's hard to prove in-video other | than a livestream as you mentioned. | | The only solution I can see would be to use an impartial third- | party with legal weight to attest the current time to be as | declared on video and on paper. | | Another idea would be to make and film a transaction on a public | system (Bitcoin blockchain?) with a proof of the transaction and | its timestamp? | pdevr wrote: | Rephrasing and reframing: You want to prove that you did | something before and after certain points of times, and you have | solutions for proving that you did something after a certain | point of time (filming current newspaper or other similar | methods). So you want to prove "the other side": That is, you | want to prove that you did something BEFORE a certain point of | time. | | Here are two low-tech solutions almost anyone can do: | | 1. Record yourself standing under a well-known landmark, which | has a digital or analog display of time and date. Movie theaters | have displays showing time and date. Malls have them too. | | 2. Record yourself doing a Google search for "time now" and | record the search result showing the time. | JulianWasTaken wrote: | Both of these seem easy to fake. Though I guess to be honest | anything these days will be easy to fake for suitable | definition of "easy". | pdevr wrote: | They are similar in accuracy to filming yourself with the | current newspaper, which is what the person who asked the | question accepted as a solution to "one side". The question | was about the "other side", so I proposed a solution of | similar accuracy. ___________________________________________________________________ (page generated 2020-10-11 23:00 UTC)