From ddfa7ea96a81958612936056d2a8cf845c563c6a66e3b7084424d4a529f73b6d Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Wed, 15 Feb 2023 00:00:00 +0000 Subject: Convert refs: future-proof-digital-timestamping --- content/entry/future-proof-digital-timestamping.md | 27 ++++++---------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/content/entry/future-proof-digital-timestamping.md b/content/entry/future-proof-digital-timestamping.md index 24950c4..bf9280b 100644 --- a/content/entry/future-proof-digital-timestamping.md +++ b/content/entry/future-proof-digital-timestamping.md @@ -2,7 +2,6 @@ title: "Future-Proof Digital Timestamping" date: 2021-11-13T00:00:00 draft: false -makerefs: false --- # Synthetic Media The internet will soon face a huge problem. AI-generated media, aka synthetic media, is becoming harder to distinguish from human-generated media. Synthetic articles shared on social media have topped the charts with readers entirely unaware what they're reading is synthetic. The amount of synthetic media posted online keeps increasing every year. Even big tech platforms and DARPA have ramped up their deepfake detection efforts. @@ -21,11 +20,11 @@ I didn't want to use some centralized service to perform the timestamping becaus * It could go offline. * It would have to be trusted. -Then I found OpenTimestamps.[1] It's based on Bitcoin, which I don't like. I've encouraged people to avoid using proof-of-waste cryptocurrencies before.[2] I don't feel great about using software that relies on a planet-roasting cryptocurrency, but there's just no other way I know of to create trustless, decentralized, verifiable timestamps. +Then I found [OpenTimestamps](https://opentimestamps.org/). It's based on Bitcoin, which I don't like. I've encouraged people to avoid using [proof-of-waste cryptocurrencies](/2021/07/18/avoid-using-cryptocurrency/) before. I don't feel great about using software that relies on a planet-roasting cryptocurrency, but there's just no other way I know of to create trustless, decentralized, verifiable timestamps. -Also, OpenTimestamps has an extremely efficient design compared to other Bitcoin timestamping schemes. Thanks to OpenTimestamps' clever use of Merkle trees[3], it can timestamp unlimited data using only 1 transaction. Other Bitcoin timestamping software uses 1 transaction per timestamp, an extremely wasteful, inefficient design. At least OpenTimestamps isn't that bad. +Also, OpenTimestamps has an extremely efficient design compared to other Bitcoin timestamping schemes. Thanks to OpenTimestamps' clever use of [Merkle trees](https://petertodd.org/2016/opentimestamps-announcement#merkle-trees), it can timestamp unlimited data using only 1 transaction. Other Bitcoin timestamping software uses 1 transaction per timestamp, an extremely wasteful, inefficient design. At least OpenTimestamps isn't that bad. -So anyway, I created a timestamped Git commit and tagged it timestamp-1[4]. I wrote the concatenated commit data of the timestamped commit to a file[5] in case you're interested to see what it looks like. The software works in a very elegant fashion. It even maintains compatibility with non-OpenTimestamps Git clients, so GnuPG can still verify the commit signature. +So anyway, I created a timestamped Git commit and tagged it [timestamp-1](https://git.sr.ht/~nicholasjohnson/nicksphere-gmi/refs/timestamp-1). I wrote the concatenated commit data of the timestamped commit to [a file](/resource/timestamp-1.txt) in case you're interested to see what it looks like. The software works in a very elegant fashion. It even maintains compatibility with non-OpenTimestamps Git clients, so GnuPG can still verify the commit signature. The base64-encoded timestamp appended to the commit data includes all the necessary hashes to build the Merkle path from the tagged commit to the merkle root included in the Bitcoin transaction. Using './ots --git-extract ' on any file in the nicksphere-gmi repo present at the timestamped commit, you can extract an ots proof file which you can then verify with './ots --verify '. @@ -33,9 +32,9 @@ Thus future readers of my journal and historians will be able to verify that eac # Caveats ## SHAttered -If you're familiar with Git's crypto, you know it still uses SHA-1, which is SHAttered.[6] Since OpenTimestamps uses the Git commit data for timestamping commits, it also uses SHA-1. Unless you've enabled experimental SHA-2 support, which no code hosting platforms support, then SHA-1 is the best OpenTimestamps can do for Git repos. +If you're familiar with Git's crypto, you know it still uses SHA-1, which is [SHAttered](https://shattered.io/). Since OpenTimestamps uses the Git commit data for timestamping commits, it also uses SHA-1. Unless you've enabled experimental SHA-2 support, which no code hosting platforms support, then SHA-1 is the best OpenTimestamps can do for Git repos. -As it turns out, SHA-1 is still good enough for OpenTimestamps.[7] Since there's no preimage attack against SHA-1, OpenTimestamps is unaffected. Meaning the timestamp I created for this journal still has meaning. Nonetheless I'll eventually redo the timestamp when Git supports SHA-2, just to future-proof it. +As it turns out, [SHA-1 is still good enough for OpenTimestamps](https://petertodd.org/2017/sha1-and-opentimestamps-proofs). Since there's no preimage attack against SHA-1, OpenTimestamps is unaffected. Meaning the timestamp I created for this journal still has meaning. Nonetheless I'll eventually redo the timestamp when Git supports SHA-2, just to future-proof it. ## Bitcoin Falling Out of Favor There's actually another problem with OpenTimestamps: It depends on Bitcoin. Bitcoin was the first cryptocurrency. Don't get me wrong, it was great for its time. But by today's standards, it has several severe design flaws: @@ -51,12 +50,12 @@ Luckily, there's a clever way to preserve the timestamps, even after Bitcoin is Just as timestamping my journal before AI could've generated it proves it was written by a human, timestamping the Bitcoin blockchain before it becomes insecure proves which blocks were really included. If Bitcoin's successor falls out of favor, the process can simply be repeated. This creates a secure chain of timestamps from the most recent distributed ledger all the way back to the timestamp embedded in today's Bitcoin ledger. -All this assumes distributed ledgers stick around. If there's any gap in the timestamp chain where there's no distributed ledger to put the latest timestamp in, then the entire chain is invalidated. This would be bad because Bitcoin timestamps are used to carbon date much of the internet (archive.org)[8]. The timestamps will be extremely useful to future internet historians. +All this assumes distributed ledgers stick around. If there's any gap in the timestamp chain where there's no distributed ledger to put the latest timestamp in, then the entire chain is invalidated. This would be bad because [Bitcoin timestamps are used to carbon date much of the internet](https://petertodd.org/2017/carbon-dating-the-internet-archive-with-opentimestamps) (archive.org). The timestamps will be extremely useful to future internet historians. In order to verify the timestamp chain, you need to know roughly around what time each ledger in the chain stopped being secure. That way you can check that it was timestamped before that date. As long as you stick to widely witnessed ledgers, this shouldn't pose a problem. This whole process can be automated. But it's not yet necessary as Bitcoin still hasn't fallen from grace. ## Quantum Computing -But what about quantum computers? Won't they invalidate the timestamps? No. Timestamp chaining is also quantum-secure, given quantum-resistant ledgers are in use before quantum computing becomes practical. Research on quantum-resistant distributed ledgers has been underway for years[9], so I estimate a very high probability it will be ready. +But what about quantum computers? Won't they invalidate the timestamps? No. Timestamp chaining is also quantum-secure, given quantum-resistant ledgers are in use before quantum computing becomes practical. Research on [quantum-resistant distributed ledgers](https://github.com/insight-decentralized-consensus-lab/post-quantum-monero) has been underway for years, so I estimate a very high probability it will be ready. It doesn't even matter if all the underlying cryptographic primitives of the ledgers in the timestamp chain are broken by quantum computers. As long as the most recent ledger used in the timestamp chain is quantum-secure and there are no gaps in the timestamp chain, timestamps going all the way back to Bitcoin will be verifiable. SHA-256 is the only primitive relied upon for timestamping and it's thought to be quantum-secure already. @@ -66,15 +65,3 @@ This journal's timestamp is not yet future-proof because it still uses SHA-1. Wh Future internet historians will have many methods of verifying when some digital media was created. They probably won't be limited to verifying timestamp chains. While timestamps offer the strongest assurance that media isn't synthetic, it's not like your digital work will necessarily be indistinguishable from synthetic media just because you didn't timestamp it. I just decided to timestamp my journal to create that extra assurance that it's not synthetic. That was the primary reason. The synthetic internet might arrive in 10 years or 50 years. Since I have no way to know, it seemed best to create a verifiable timestamp now, before GPT-4 gets released. - - -Link(s): -[1: OpenTimestamps](https://opentimestamps.org/) -[2: Avoid Using Cryptocurrency](/2021/07/18/avoid-using-cryptocurrency/) -[3: OpenTimestamps Merkle Trees](https://petertodd.org/2016/opentimestamps-announcement#merkle-trees) -[4: Timestamp Tag](https://git.sr.ht/~nicholasjohnson/nicksphere-gmi/refs/timestamp-1) -[5: Timestamp Commit Data](/resource/timestamp-1.txt) -[6: SHAttered](https://shattered.io/) -[7: SHA1 Is Broken, But It's Still Good Enough for OpenTimestamps](https://petertodd.org/2017/sha1-and-opentimestamps-proofs) -[8: How OpenTimestamps 'Carbon Dated' (almost) The Entire Internet With One Bitcoin Transaction](https://petertodd.org/2017/carbon-dating-the-internet-archive-with-opentimestamps) -[9: Post-Quantum Monero](https://github.com/insight-decentralized-consensus-lab/post-quantum-monero) -- cgit v1.2.3