How Bitcoin Timestamping Works

Bitcoin-based timestamping is a cryptographically secure, independently verifiable, and essentially free way of proving that a document existed at a certain point in time.

Posted by Brandon Wong on 25th Mar 2020

What Is It?

"Timestamping" is a way of providing evidence that a certain thing (ie: a document) existed at a certain time.

There are many ways of doing this. If you take a photo of yourself holding the front page of today's newspaper, that is essentially a form of timestamping. A more common way is having a document notarized. This way, you rely on the impartiality, legal status, and reputation of the notary to testify that a certain document exists at a certain time. Different methods have different utility, effectiveness, and cost.

In 2012, Peter Todd, one of the contributors to the Bitcoin project, realized that Bitcoin itself could be used to timestamp documents in a way that was cryptographically secure, independently verifiable, and essentially free. Take a look at his whitepaper, which goes into more technical depth than I do here.

How Does It Work?

An explanation of how Bitcoin works requires at least a separate article, but there are two principles you need to understand about how Bitcoin works in order to then understand how bitcoin timestamping works.

First, Bitcoin is made up of a blockchain. There are many computers throughout the world called "miners", who collect and validate all the potential Bitcoin transactions that people want to execute. These transactions end up on a long list. Every ten minutes, the miners stop adding to the list, and whatever transactions made the cut are considered a "block". This block is cryptographically linked to the previous block (from ten minutes ago), and then sent to all the computers on the Bitcoin network around the world. At this point, all the transactions in the block are considered "confirmed". The miners then start forming a new block with the new transactions that have come in since the previous block was confirmed. Because each block is sequentially linked to the previous one (all the way to the first block formed in 2009), we call it a "blockchain". At the time of writing, the Bitcoin blockchain is somewhere between 250 and 300 GB. That means if you have a laptop with a large enough hard drive, you can download the blockchain and validate transactions yourself. All the "nodes" (or computers) connected to the Bitcoin network must have a copy of the entire blockchain in order to be certain that each transaction is valid.

Second, transactions in Bitcoin are technically little bits of code. Each transaction is, in essence, a one-line program explaining what needs to be done. Most of the time, it's something like, "transfer 0.57 Bitcoin from Alice to Bob", but it doesn't have to be. There are a number of possible commands in the Bitcoin programming language.

A third thing to understand - not directly related to Bitcoin - is hashing functions. A hash function will take any digital document, and produce a cryptographic fingerprint for it. This digital fingerprint (usually called a "hash") is reproducible, unique, and quick to perform - much like a human fingerprint. It's also small - a string of a few dozen numbers and letters (a hexadecimal number).

The way Bitcoin timestamping works is by combining these three concepts. First, a hash function fingerprint of a document is created. With this hash, a zero-bitcoin transaction is created using one of the special commands in the Bitcoin scripting language. This transaction says, "don't transfer anything; oh, and by the way, here's the hash of something". This transaction is sent to a miner, who adds it to the pending block. At the end of the ten minutes, the block is locked and added to the blockchain. Once it has been confirmed by the rest of the network, the hash in that transaction in that block will stay there forever. Because each new block is created approximately every ten minutes, all the nodes can verify the time which the hash was inserted.

When it comes time to prove the existence of your document, you provide the document, as well as the transaction in the blockchain which contains the hash. The person verifying can independently run your document through the hash function, and anyone with a copy of the blockchain can confirm that the block in which the transaction is found was created at the time in question. Then it's a simple matter of matching the hash from the document with the hash in the transaction.

Limitations

There are a number of limitations or intricacies to this system, but most of them aren't really problems at all.

Bitcoin timestamping does not guarantee an exact time. Bitcoin miners are calibrated to create blocks approximately every ten minutes. However, because of the way their protocol works, this is only an average. It could be two minutes, or fifteen. This means that the time given by a timestamp is only precise to within a range of a few hours. For most use cases, this is not an issue, since getting the date right is more important than the minute or second.

Transactions in Bitcoin are technically not free - you must pay a fee (in Bitcoin), even if your transaction doesn't transfer any Bitcoin. With a couple of exceptional times in history, fees in the Bitcoin network have always been very low. Also - as I'll mention later - there is an easy way of timestamping absolutely for free.

I should mention that the act of inserting non-transactional data in the blockchain is a disputed practice. As I mentioned earlier, the blockchain is now approximately 300 GB, and it can only get bigger. Some people believe that adding data not directly related to Bitcoin's true purpose - managing transactions - needlessly bloats the size of the blockchain, and should not be allowed. I am in favour of reducing bloat (including a restriction now in the protocol to limit the size of the data you can insert), but I think that timestamping is an acceptable "secondary purpose" for Bitcoin, which opens the door to a lot of potential applications, and which promotes the use of Bitcoin.

This brings up another potential issue, which is that the timestamp is only as strong as Bitcoin itself. If everyone suddenly stops using Bitcoin, and all copies of the blockchain are deleted, then obviously the timestamp cannot be verified.

Because of the data size limitation just mentioned, this timestamping system does not store the document itself. The document is not in the blockchain, only a hash of the document. This is actually good, since the blockchain is open for anyone to inspect, and your document is probably private. It does mean that you have to store the document independently (and the exact same version of the document, in case it has been later modified), but chances are, if it's important enough to timestamp, it's important enough to store somewhere.

You also have to store somewhere the exact ID of the block and transaction containing your hash. Since the blockchain is very large and highly compressed, it's difficult (but not impossible) to search through the entire blockchain for your hash - it's best to record its location somewhere where you can remember it.

Finally, will a Bitcoin timestamp hold up in court? No one knows - yet. The mathematics of the cryptography is rock-solid, and you can take it to the bank (Bitcoin itself certainly has!). Despite this, it has never been disputed as far as a court of law, and it remains to be seen if a Bitcoin timestamp will be accepted by a judge. Bitcoin's seeming complexity in most people's eyes has certainly held back its wide adoption as money. It's possible that the same cryptography which secures the timestamp's guarantees will have enough "mystery" about it as to be rejected.

How Can I Use It?

The easiest application of Bitcoin timestamps is a program called opentimestamps, created by Peter Todd himself. No registration is required, only a small client program which you download onto your computer. You can do it directly on their website, but you should use the client for any serious use - and it's just as easy. For whatever file you choose to timestamp, the procedure is the same. Execute the following command:

> ots stamp my-new-invention-specs.pdf

The program will take whatever document you give it - whether a PDF, or a large video, etc - hash it, and send the hash to their servers. The servers will aggregate many hashes from many clients within a certain period of time (using a cryptographic structure called a Merkle tree) into a single transaction. You will then receive a small.ots file which acts as a temporary placeholder, called an "incomplete timestamp", while the block is confirmed.

-rw-r--r--  1 b2c b2c 129249 Mar 16 00:52 my-new-invention-specs.pdf
-rw-r--r--  1 b2c b2c    433 Mar 17 12:50 my-new-invention-specs.pdf.ots

After that, you will have to "upgrade" your incomplete timestamp into a complete one. Unfortunately, the amount of time you have to wait is not fixed. Because Bitcoin block times are not deterministic (approximately every ten minutes), and because the aggregation may delay until a block or two later, you may have to try a couple times a few minutes apart.

> ots upgrade my-new-invention-specs.pdf.ots

Upon a successful upgrade, you will receive a slightly larger (but still under 5KB) file which stores the IDs of the block and transaction, as well as instructions on how to disaggregate your particular hash. This file is your timestamp. Simply store this file along with the original document. At this point, the server is no longer needed. Anyone who has both the original file and the complete timestamp file can independently verify it. Note that the client renames the incomplete timestamp file, adding a .bak extension, and give the complete timestamp the old .ots filename. Assuming the upgrade succeeded, the .bak file can be deleted.

-rw-r--r--  1 b2c b2c 129249 Mar 16 00:52 my-new-invention-specs.pdf
-rw-r--r--  1 b2c b2c   3213 Mar 17 13:20 my-new-invention-specs.pdf.ots
-rw-r--r--  1 b2c b2c    433 Mar 17 13:20 my-new-invention-specs.pdf.ots.bak

Actual verification requires access to a Bitcoin node, or it can be done on the website. You can also inspect the contents of the timestamp file using the client info command. You'll see a list of the file hash, the server(s) which performed the timestamp, the Bitcoin block and transaction, and the exact path in the aggregated Merkle tree.

> ots info my-new-invention-specs.pdf.ots

Because the server only receives a hash, your privacy is maintained. Because hundreds or thousands of people's hashes are aggregated into one transaction which has a fee of a few cents each, they absorb the cost, and the servers are offered as a public service.

The client is free and open-source. You can download it and find links to the source code at https://opentimestamps.org.

Conclusion

I mentioned in another post that I use opentimestamps to track notes that I take. I actually try to use it everywhere I can. As an example, all the photos I take on my phone, as soon as they are uploaded to my personal cloud, are automatically timestamped. Lately, I've been trying to integrate it into my git workflow so I can timestamp my code. All my articles here are timestamped. Whether it's for your homework assignment, or your million-dollar idea, I suggest you give it a try.

Disclaimer: I learned about opentimestamps during my time working at Catallaxy, which has contributed server resources to the opentimestamps network. However, I gain nothing by my recommending that you try it. Also, the opinions I expressed here are not necessarily reflected by Catallaxy.

Title image by Ginette Guy and Nathan Wong, used with permission