Is there a way to digitally sign documents to prove they existed at a certain point in time

Question

I'm curious if there is way to digitally sign documents (technically any piece of data), such as contracts or photos, so that 10 years from now, it can be proven that they are from this time, not forged 9 years from now.

For example, I could write a prediction of the future and sign it with convential means to prove that I wrote it, then timestamp-sign it so that when it comes true, I can prove I predicted it.

One way I thought of is that there could be a timestamping authority. You send them the data, they make a hash of the data + timestamp and encrypt the hash with RSA using their private key. A signed document thus exists of: data, timestamp, encrypted hash.

10 years from now, I hash the data + supposed timestamp, and check if it matches with the encrypted hash that I decrypt using the authority's public RSA key (which I trust). If it does, I known the timestamp is valid.

I can see 2 problems with that though:

• An external authority is needed
• The authority's private key would need to be kept extremely secret, because if it's revealed, all documents signed with it turn invalid.

Can you think of a solution without (one of) these problems?

Answer 1

Yes, you can do this with ProofOfExistence.com or Poex.io, which puts a hash of your document on the Bitcoin blockchain.

^{(cf. this)}

Answer 2

RFC 3161 compliant timestamp service can be used, it is a standard and must give enough evidence that a particular document existed at a certain time. Better idea would be to change a document to PDF and then digitally sign and timestamp it, in a PDF anyone can clearly see the timestamp and other properties of a signature or timestamp. Check tecxoft tsa, you can also test pdf digital signatures here.

Answer 3

So long as you aren't looking for something that lasts a really long time:

Encrypt the document and post it to one of the Usenet binary groups. Anyone can check the headers and see when it was received, you can decrypt the file (or provide the key as the case may be) and prove that it really is the data in question.

Since you don't control the file once it's posted games like only revealing the prediction that worked aren't possible.

Answer 4

Here is a timestamping service that has been in continuous operation since 1995.

http://www.itconsult.co.uk/stamper/stampinf.htm

You send your data (or a hash of your data) by email, and get back a signature of your data plus a timestamp with a serial number. The detached signatures (but not the data itself) are posted publicly, and anyone can archive them for themselves, so that if the site operators ever tried to tamper with the timestamp record, people would know. So in principle, you don't have to place much trust in the service itself.

Answer 5

Check out easytimestamping.com. Timestamps (based on RFC3161) are issued by a Qualified Certification Authority accredited in the European Union, so that, in most EU countries, the timestamp has a guaranteed legal validity.

The authority's private key would need to be kept extremely secret, because if it's revealed, all documents signed with it turn invalid.

Qualified CA's are certified to comply (at least) with the standard ETSI TS 102 023 that imposes a variety of physical and software security measures for guaranteeing the protection of the private key.

PS: I am affiliated with easytimestamping.com

Answer 6

RFC3161 is not the only way of secure timestamping.

A current area of research is to develop schemes where you have to put less trust in the third-party authority issuing the time stamps. With RFC3161-based timestamps you are more or less required to completely trust the authority. This presentation gives an overview of alternatives, most based on linking schemes. The idea is quite attractive because the timestamps would be under public scrutiny and there's no secret key involved that could possibly be leaked, thus providing inherently better security than today's standard RFC 3161 timestamps.

Answer 7

This is called timestamping. The most widely used mechanism is defined in TSP specification (RFC 3161) and some others. The alternative method is used in MS Authenticode, but it's not documented and is not compatible with TSP.

TSP is used as a supplementary function in several encryption and digital signature standards, such as PDF, XAdES, CAdES, PAdES (AdES stands for "Advanced encryption standard"). PDF, XAdES and PAdES standards are applied to certain type(s) of data. CAdES is univeral format (as it can be applied for any generic data).

RFC 5544 offers a way to apply TSP to any generic data without signing this data.

TSP specification makes heavy use of PKI and X.509 certificates.

Timestamping services are provided by certificate authorities as a supplementary service. There also exist independent timestamping services.

You can run your own timestamping service, however timestamping requires use of special certificate (its key usage extensions are to be set in a specific way), so regular SSL or code signing certificates won't work.

Talking about "timestamping authorities" - you send them a hash (calculated during signing) and they sign this hash using their certificate. It's their business to keep the private key protected, and they usually charge for it.

The idea about third-party authority is that it certifies time. If you sign the data, you can put any time to the signature, and there's no way to check if it's correct or you have forged it. Only trusted third-party authority can be a proof of correctness of the timestamp.

Answer 8

In times past, I would have said 'lookup PublicTimeStamp.org', but it has had a somewhat chequered past. It still seems to be running - but the website is only barely working. If you got to http://PublicTimeStamp.org/ptb you will find recent values (today). But other parts of the system are not visible.

Answer 9

Yes, there are commercial services that would securely timestamp documents or software.

There's an article in Wikipedia explaining this. Google quickly revealed one such service (I am not affiliated), I'm sure there are many more. There used to be a free one as well, but it's all a question of trust (i.e. whether the courts would trust "someone on the internet" vs. VeriSign).

Answer 10

Back in the day, people kept unopened sent documents sent through certified mail and called it a "poor man's copyright". I imagine you could do the same with any major, respected email site. Send yourself a copy of the document via Gmail or Hotmail or whatever, and keep the copy in your account -- the date/timestamp on the email should come from the service provider (not from your computer), so that would be pretty solid evidence I imagine.

Answer 11

I guess that depends on your controls. An external authority would work, but it's the same thing as certifying it internally, technically speaking. It just depends on who you trust. Are you looking at preventing users from falsely certifying documents, or your developers?