3

Example:

Notation data: blockhash@bitcoin.org 000000000000000011d9f6931e65f814c6f3b221736b0c45f25e0365a3d156fa

As seen here: https://sks-keyservers.net/pks/lookup?op=vindex&search=0x7FAB114267E4FA04

In case you are not familiar with bitcoin, the "blockhash" above refers to a particular block of transactions which was mined on the same day the PGP key was created: 2013-10-19 07:11:32

Does this establish a minimum age of the UID? Or some other benefit?

Jonathan Cross
  • 1,548
  • 1
  • 12
  • 25
  • 1
    The OpenPGP key does not only provide a blockhash reference, but also regular mail address user IDs. What about a simply inquire to the key's owner? – Jens Erat May 03 '16 at 20:44
  • Great question. What the heck is going on here? As far as I can tell, that's an ID for [this block in the blockchain](https://blockchain.info/block-index/326983/000000000000000011d9f6931e65f814c6f3b221736b0c45f25e0365a3d156fa). How on earth is that related to ?? Does one of those transactions include the pgp key? – Mike Ounsworth May 03 '16 at 21:22
  • 1
    I added more info about bitcoin block hash and the fact that it is on the same date as the key was created. Also saw that @jens-erat signed this particular key... Hmm... ;-) – Jonathan Cross May 03 '16 at 21:30
  • Did you email the key holder (Peter Todd), or can I? – Mike Ounsworth May 06 '16 at 16:27
  • @MikeOunsworth I'll go ahead and email Peter Todd to ask. – Jonathan Cross May 08 '16 at 19:39

2 Answers2

2

This is a great question, I'm not 100% sure, but my guess is that it's a proof of age that the PGP key is newer than 2013-10-19. My reasoning is as follows:

What makes blockchain mining computationally hard is fiddling with the nonce until the hash of that block has a specific number of leading zeros (16 hex zeros, or 64 binary zeros in this case). Once you find such a nonce for that block of transactions, you can publish the block and claim the bitcoin mining reward.

That hash is 64 hex digits = 32 bytes, or 256 bits. Currently there are 410086 block in the blockchain. That means the chances of guessing a random 192 bit hex value (256 - 64 bits of leading zeros) and having it match the hash of an existing block is about 1 / 10^52. So the fact that he embedded in his key the hash of a block from 2013-10-19 means that this block had already been published by the time he published his key; but there's nothing to stop him from having inserted that retro-actively.

In summary: this proves that the key was published sometime between 2013-10-19 and now.

I also notice that the key was first self-signed on 2012-04-25, but the blockhash wasn't added until 2013-10-19 and then the same blockhash has been carried forward ever since. I'm a little stumped to as to what that's proving. Why would you want to prove that you key is newer than a certain time?

If you want a definitive answer, then email him! I'm sure a bitcoin / PGP nerd would be happy to explain!

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
2

Contacted Peter Todd directly, this is his response:

Basically, you guys are quite right to recognise that this isn't timestamping a PGP signature, but rather weakly proving the signature was created after a certain point in time. But that's a rather weak proof, as what exactly prevents you from recreating the signature with a different blockhash? Not much! Hard to come up with a threat model.

OTOH, I am timestamping Bitcoin itself... and I'm such a trustworthy guy obviously that adds significant confidence to the timestamping Bitcoin provides, above and beyond the hundreds of millions of dollars of electricity burned by miners.

tl;dr: It's a _really_ nerdy joke. :)
Jonathan Cross
  • 1,548
  • 1
  • 12
  • 25