I found an amazing website that does a brilliant job of using a a couple simple concepts to combine for an incredibly useful tool. OriginStamp.org is a true gift to the world by developers André Gernandt and Bela Gipp. In conversation with them they told me, “We started this project just for fun and didn’t expect so many people to use it.”
The site’s popularity doesn’t surprise me — it’s awesome! They have created a FREE service that allows anyone to prove they possessed any type of electronic file before a specific date. The electronic file could be as simple as a string of text, or as massive as a movie file.
I’ll dive into the technical details later, but consider a couple basic applications:
- Someone has written an amazing script and wants to have it logged as their work, before sharing with a publisher.
- Someone moves into a new rental property, and takes extensive video of the condition of the property, which they want to archive on the day of their move-in. By archiving the footage, the landlord cannot argue that the video was taken on the move out date.
- Someone wants to log a text prediction. Example would be if I said, in 2015, “I, PG CodeRider, predict the Cubs will win the 2016 World Series in a game 7 thriller against the Indians!” it would be pretty impressive!
Without OriginStamp, creating verifiable proof of a file’s existence, before a certain date is difficult (having a “saved as” date with the file doesn’t count). Users would likely have to defer to a third party to provide proof of ownership. This lends itself to the following problems:
- The third party site likely costs money.
- The third party site may disappear.
- The third party site may not remain credible to the rest of the world.
- The third party site might experience a server crash, hack, or accidentally delete your file.
OriginStamp avoids all of these problems. The simplicity of their approach, combined with their robust method of validation, makes it truly an elegant creation. The site ingeniously leverages the bitcoin blockchain as a point of reference. Because the blockchain is a decentralized entity with literally thousands of people monitoring its integrity, it is impossible to manipulate historical entries. Additionally, due to this same decentralized nature of the blockchain, it is difficult to imagine a scenario where the Blockchain would suddenly cease to exist. Thus a user can rest assured knowing their claim is verifiable so long as the internet remains functional and Bitcoin continues to have even a small percentage of people using it.
How You Can Use This Tool (without actually understanding it)
For those of you that just want to “trust me” and believe this works, without understanding why, here’s a step by step guide of how you can use it:
1) Create a FINAL VERSION of a file or text that you want to verify. It is critical that not a single change occurs in your file, or it won’t be verifiable in the future. Example is if you write a million word novel, once you submit it, you can only reference that version you submitted. A change to a single character will make the entire file incapable of being proven to be your file at the time of the transaction.
- I’m going to go through this process by validating a screenshot I created with my 2016 presidential predictions. Again, the “Final Version” is very key, and it’s easy to overlook how it’s possible to accidentally alter. In my case, I cannot simply post a copy of the JPG file of my prediction and maintain the integrity, because when a user downloads the file, certain attributes such as the “saved date” would be different than the original. Thus I have posted a zipped version of my jpg file, which if someone were to download and extract the jpg file, would ultimately be my FINAL VERSION.
- It’s also important to note that you include something that references you as the creator in the file, so that no one else can claim it as their work. My file has my name in the screenshot.
2) Go to OriginStamp and submit it by clicking the create stamp, and then clicking on the Drop files icon. I’m usually pretty careful with posting private data to sites, but I would have no problem running most of my information through their submission site. What they claim they are doing (and I sincerely believe) is conducting an SHA-256 hash calculation on your file. This will generate a 40-60 digit length of letters and numbers. There are many sites that can conduct this calculation for you that should all result in the same answer. A couple I just found doing 20 seconds of research are Xorbin.com or Filformat.info.
- In my example, the exact SHA-256 hash of my FINAL VERSION is: 3742fd0fcebd60f38995429e736a1e2f3f040ea367c21ce87cb1b9bcd89e5d89
- If you aren’t certain you’ve hashed correctly from a 3rd party site, you could cross check with a single letter of text “a” which should result in: ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
- Make sure you have a copy of your hash, as well as the original copy of your file.
3) After submitting your file, you will get a notification saying your hash has successfully been created. Note that OriginStamp will not “submit” it to the blockchain until about 7PM East Coast time. They only submit free submissions once a day, to keep their costs down, and depending on how busy the blockchain is it may take up to 2 days to register. If you’re in a hurry to get your hash submitted, they offer a premium service to accomplish this where they wallop you with a colossal fee of $1 to get it in right away.
4) If you trust OriginStamp to remain in existence forever, you need not do anything further. When you need verify the date of your file, go to their website, click Verify Stamp, and enter your hash, or drag in your file, and the site will tell you when it was submitted. However if you wish to be able to validate your file without the existence of Originstamp, you’ll need to collect a few more pieces of information. After waiting a day or two, you’ll need to revisit OriginStamp, click Verify Stamp, enter your hash or upload file and it will take you to a confirmation page. On this page, it will list of all the hash submissions as well as the Check Sum hash. You should store both of this with your final version file. The list of all hashes can be a somewhat long now as the site gains popularity.
- Using my hash, I can lookup the transaction on OriginStamp. I can see the entire list of other hashes that were submitted with mine, along with the final hash.
5) When you’re done, you should have either two pieces of data if you trust OriginStamp alone, or 5 pieces of information if you want it under any scenario where Bitcoin exists.
In my example I have:
- The unaltered file, saved as a zipped file
- The hashed text of my file (3742fd0fcebd60f38995429e736a1e2f3f040ea367c21ce87cb1b9bcd89e5d89)
- The list of all the hashed files at end of day
- The check sum of all of the other hashes for the day (1a1034e462e7219f2487330fb77b587db5f4f2d26f36212d156e52f2b8587461)
- Bitcoin address where the transaction was logged: 1PnFSJ6BFYt88DpGk6gypDFeyEe6Am8eq6
Hopefully you would never have to defend the legitimacy of your file, but if you did, you should have a pretty convincing case. Of course, I have no idea how a jury would react to this information, or if it would even be admissible as evidence. However, to illustrate what you have, below is how I would argue the authenticity of my Presidential prediction if someone was accusing me of being a fraud in a court of law
Me: “Your honor, I did in fact create this JPG on 10/31/2016. To prove it I used a site called OriginStamp. This site took my file and hashed it using the SHA-256 method. If you go to OriginStamp, they will confirm this transaction.”
Accuser: “What the heck is OriginStamp?!? Judge, objection! I’ve never heard of this site. How can we trust its validity?”
Me: “Okay forget going to OriginStamp, we can walk through what they did. OriginStamp created an SHA-256 hashed text of my file (see above). OriginStamp then took ANOTHER SHA-256 hash (the Check Sum) of all the other records they received that day. I have a list of these and the SHA-256 hash of these can be conducted on numerous sites.
“As is the nature of SHA-256 hashes, they are relatively easy to calculate in one direction, but impossible to conduct in a reverse manner. Stated differently, I can claim with utmost certainty that no one on the planet can produce any SHA-256 pre-calculation string which results in the same final hash output as any of mine, without using my file or text. Such an effort would take far more than millions of years with today’s computing power.”
Accuser: “So what he has a hash that is unique? What does this prove?”
Me: “It doesn’t prove anything yet, but as a final step, Originstamp used the final Check Sum hash along with Base 58 encoding, to find a Bitcoin address to log a small Bitcoin transaction which cleared on 11/3/2016. This process can also be demonstrated on multiple websites, I have a screenshot from Brainwalletx.Github.io. A user simply needs to enter the Check Sum as the Secret Exponent to generate the address that was used. What this means is that this address was specifically used for this purpose we have outlined. The possibility that this address which comprises a hashed connection to my exact file is incredibly unlikely.”
Accuser: “So you’re saying there’s a chance…”
Me: “Technically yes, but the fact that an active address which I found with my specific JPG hash in it is beyond infinitesimal. There are exactly 2^256 possible bitcoin addresses — that’s far more atoms than there are on earth, sun, and other planets, combined. The likeliness of this series of events happening is less than me playing the Mega Millions Lottery and winning, four times in a row.”
Accuser: “Okay so how do we know you didn’t make the entry after the election?”
Me: “The blockchain’s integrity is maintained by thousands, perhaps millions of computers validating transactions. At the end of Sep 2016, the hash calculation rate per second was 2.6×10^16. This represents far more processing power than any single entity such as the United States government could direct at the blockchain in hopes of manipulating the network. It would be easy for me to find at least a dozen articles on the web, or a computer science professor to testify how unrealistic back-dating entries in the block chain is.”
Accuser: “I still think this is bogus”
Ultimately your argument would likely hinge on testimony of some math expert, but that’s my best effort to simulate how to defend the legitimacy of the transaction. Note the links in the discussion above for reference on how Base58 encoding is conducted.
Anyway, a great tool. Thanks again developers André Gernandt and Bela Gipp.
More Reading On It:
Dashcam Ap (similar tool for time stamping smartphone recordings)