3

I have a few git repositories of content that will be updated constantly over the next decade. At some point down the road I anticipate being asked to prove that the content was actually in the state I claim it was based on the commit history. In particular I would like to to tag specific commits (checkpoints) in such a way that someone down the road could verify what date that content first existed on.

All the commits are GPG signed which is a reasonable proof (for my use case) of who the author was, but the timestamps on git commits are arbitrary values that (conceivably) I could forge later with a rebase, sign the commits and pretend the content is older than it actually is.

Is there a cryptographically secure way to validate that content existed at a specific time? Basically I need to show that a SHA checksum was, in fact, generated at a certain time. Can this be done without a third party escrow (e-signature) service? So far the only thing that came to mind is putting the checksum in a transaction on the bitcoin blockchain. Is there some protocol for this sort of thing I don't know about?

Caleb
  • 1,334
  • 11
  • 20
  • I doubt that your problem can be solved cryptographically without involving third parties. – emory Apr 11 '16 at 16:29
  • 4
    While not an obvious duplicate based on the title your question is actually answered in [Is it possible to make a "proof of anteriority" for sites content?](http://security.stackexchange.com/questions/48479/is-it-possible-to-make-a-proof-of-anteriority-for-sites-content) and [What is the most credible timestamp I can create for a digital file?](http://security.stackexchange.com/questions/57101/what-is-the-most-credible-timestamp-i-can-create-for-a-digital-file). – Steffen Ullrich Apr 11 '16 at 18:21
  • 2
    There's digital time stamping services using hash chains, even Git works, but Bitcoin is the only one without central servers. – Natanael Apr 11 '16 at 18:48

0 Answers0