3

As I've been implementing RFC 3161 software components, I got to thinking about running my own TSA and how one really proves the integrity of a time stamp (preferably without violating patents). I researched and considered all of the technical solutions, but then it occurred to me that Facebook and Twitter posts might have been used in legal cases to establish some ordering of events, so I searched and indeed they have.

It would obviously take more than one case to establish general acceptance, but is it possible that we don't have to irrefutably trace the provenance of all time stamps back to an atomic clock, or bury our data inside 50 terawatt-hours worth of blockchain computations? Can we just post a hash to a free social media account or two and trust that the tech companies won't fudge the details?

Chris
  • 31
  • 1
  • 2
    Possible duplicate of [What is the most credible timestamp I can create for a digital file?](http://security.stackexchange.com/questions/57101/what-is-the-most-credible-timestamp-i-can-create-for-a-digital-file) – WhiteWinterWolf Aug 31 '16 at 08:27
  • @GnP The fraud is orthogonal to the trustworthiness of the timestamps. Do you believe he made his bogus, useless predictions at or before the times indicated by Twitter? – Chris Aug 31 '16 at 18:09
  • Last I checked, blockchains do not imply proof-of-work, just proof-of-_something_ – see e.g. Guardtime & Financial Times. – user1686 Sep 06 '16 at 17:00

1 Answers1

3

Probably not. See this for an example of the fragility of such a scheme:

Did the Twitter account Fifndhs predict the exact World Cup results ahead of time?

The account tweeted the components of every possible scenario ahead of time, then retrospectively deleted all the ones inconsistent with reality.

You either need accountability of the authority, verifiability or proof (as in mathematical or cryptographic). I don't think a social network provider has either.

Then again, it might be enough in some contexts.

GnP
  • 2,299
  • 1
  • 15
  • 25