OriginStamp Docs

# Frequently asked questions (FAQ)

# General Questions

# What is OriginStamp?

OriginStamp is a trusted timestamping service for digital content. You can use our service to prove that you were in possession of an information or a file, e.g., PDF, image, video, at a specific time. It can be used manually via our dashboard, or automatically via our API. For a limited usage OriginStamp is free of charge.

# How is the timestamp calculated?

The timestamp represents date and time when a cryptographic fingerprint (hash) of your submitted file was included in the blockchain. For technical details, please refer to our whitepaper (opens new window).

# What is a blockchain-based timestamp?

A blockchain-based timestamp is a timestamp that is stored by thousands of computers distributed around the globe. This property makes blockchain-based timestamps extremely secure and independent of a trusted third party.

# How is a timestamp created?

A timestamp is created in several steps. The steps are almost the same as for verifying a timestamp (GitHub Repository (opens new window)).

  1. The SHA-256 hash of the original file is created.
  2. The hash of the original file is combined with many other hashes in a Merkle Tree for a certain time interval.
  3. The root of the Merkle Tree now represents all hashes of all original files. The root is defined to be a private key.
  4. From the private key a public Bitcoin address is derived.
  5. Finally, a small amount is sent to that Bitcoin address. The time of the transaction is the time of the timestamp of the original file.

# Do I need a credit card?

For the creation of a free account, no credit card is required. Upgrading your account requires a credit card though.

# How do I verify a timestamp with OriginStamp?

To verify a timestamp with OriginStamp requires only the original file. Then, there are two options:

  1. By sending the hash of the original file to us, we will return the blockchain-based timestamp that is known to us for that hash.
  2. By sending the hash of the original file to us, we can also return the proof of the timestamp for that hash. Then you can proceed to verify the timestamp for that hash without OriginStamp.

# How do I verify a timestamp without OriginStamp?

To verify a timestamp without OriginStamp requires the original, unaltered file and the proof of the timestamp for this file.

This would only affect the creation of new trusted timestamps with OriginStamp. For the verification of already created timestamps you don't need us. What you need is:

  1. Keep your original files and the seed text
    • Calculate the SHA256 fingerprint of your original source.
    • Check the seed if it contains your hash fingerprint.
    • Calculate the SHA256 hash of the seed.
  2. Calculate the Bitcoin address
    • Use the determined SHA256 hash of the seed as private key and convert it to uncompressed Base58 encoded bitcoin address. See Mastering Bitcoin (opens new window) by Andreas Antonopoulos.
  3. Verify transaction
    • To verify the transaction and address acccess the Bitcoin blockchain.
    • An overview of our Bitcoin transactions can be found here (opens new window)

Tamper-proof timestamp

Please keep in mind that you can only verify a timestamp made with OriginStamp after the hash has been submitted to the Bitcoin blockchain (happens every hour). The existence of the hash fingerprint on our website alone isn't the final proof yet.

Keep Your Original

Always keep and archive your original sources and the whole seed. With this combination (your original + seed) you can always recreate the hash fingerprint and prove that your data was part of a specific Bitcoin transaction.

Do not Alter

Never alter your original! Any change, including changing a single space, or editing any of its metadata, will alter the hash that is unique to your original file.

For the detailed instructions on the manual timestamp verification check this GitHub Repository (opens new window).

# How is the integrity of the blockchain guaranteed?

The easiest way to tell is by the giant market capitalization of Bitcoin, which represents a constant bounty for finding security holes. Any manipulation of the blockchain would be clearly detectable, since it would immediately render Bitcoins worthless. For further information take a look at our article on what makes the blockchain secure (opens new window).

# How is OriginStamp different from a traditional timestamping authority?

Traditional timestamping services are based on trust. In the event of a dispute, the timestamping service serves as a witness. In contrast, the timestamps created with OriginStamp are anchored in public blockchains and can therefore be checked by anyone at any time, independent of OriginStamp. This has several advantages:

  1. OriginStamp uses a consensus that is accepted worldwide and not just in a few countries.
  2. If OriginStamp stops existing, all timestamps remain valid.
  3. OriginStamp can't be bribed. Even if you would offer us 1 billion USD today, we could not date back a timestamp.
  4. All timestamps generated by OriginStamp are unlimited in time.

# Why is OriginStamp climate-friendlier than a standalone blockchain solution?

Today, Blockchains consume plenty of energy due to the high energy consumption of the blockchain mining process. This is terrible for the environment. At OriginStamp, we put a high emphasis on researching and implementing solutions that reduce the environmental impact. Today, our system can create thousands of timestamps while only requiring the energy consumption of one blockchain transaction.

# Aren't you another trusted third party?

Absolutely not. You can verify a timestamp independently and without relying on us. However, this requires a timestamp certificate. Please log in (opens new window) or sign up (opens new window) to download a timestamp certificate.

# Do I have to disclose the original file?

No. The content of your files is never shared with us. The necessary hash is calculated directly in your browser on your machine. Alternatively, you can enter the SHA-256 hash (opens new window) of your document.

# What happens if OriginStamp stops existing in the future?

If OriginStamp stops existing, no new timestamps can be created. Since all timestamps are independent of OriginStamp verifiable, all timestamps that have been created in the past are still valid and verifiable (read also 'How do I verify a timestamp without OriginStamp?').

# What is a media blockchain?

Newspapers are distributed in the physical world like blockchains are in the digital. OriginStamp publishes the root hash of the Merkle Tree in different newspapers so that all potential newspaper readers become witnesses of the timestamp. Moreover, the root hash of today is a leaf hash for tomorrow, which means that the two Merkle Trees are linked and subsequent newspaper editions form a chain. The security and reliability of a media blockchain relies solely on the number of archived copies of each edition.

# What is a hash?

Like a fingerprint represents a person, a hash represents a dataset. If the dataset is changed even slightly, its hash changes in a completely unpredictable way. Furthermore, the original dataset cannot be calculated from the hash. For this reason, OriginStamp can also be used to timestamp sensitive data.

# What does the hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 mean?

The above string is the SHA-256 hash value of an empty input. To get more information about hashes and lean how it is calculated, check out hashing (opens new window).

# What is the pricing?

The pricing depends on the number of timestamps and certificates you generate. For an offer, or a free test API key, please contact us at mail@originstamp.com. We charge a certain amount of credits (see next FAQ item) for each action you perform.

# What are the payment options?

Currently, we accept payments via credit card. There will be other payment options in the future. For a free basic account, you do not need to provide any payment details.

# When can I cancel my subscription?

You can cancel your subscription anytime. It will end with the end of your monthly subscription interval.

# What are credits?

Every action you perform using either the OriginStamp Dashboard or the OriginStamp API consumes a certain amount of credits. An overview of credit consumption of each possible action can be found at here (opens new window).

# How many credits are charged for a certain action?

Request Type Condition Action Credits
Submission file / hash without existing timestamp submitted timestamp will be created 1.0 credit
Submission file / hash with existing timestamp submitted timestamp information is returned 0.3 credits
Status timestamp information not yet available error message is returned 0.3 credits
Status timestamp information available timestamp information is returned 0.3 credits
Proof timestamp prove not available error message is returned 0.1 credits
Proof timestamp proof available return path through Merkle Tree as proof 3.0 credits
Proof old timestamp proof available return seed file as proof 3.0 credits
Proof timestamp proof available return PDF proof certificate 5.0 credits
Notification hash without existing timestamp submitted webhook notification 1.5 credits
Notification hash without existing timestamp submitted email notification 5.0 credits
Notification hash with existing timestamp submitted trigger webhook for development purposes 0.3 credits

# Is a blockchain timestamp legally binding?

It depends on the country. In general, an independent expert can, at any time, given a copy of the blockchain, the proof of the timestamp and the original data, verify that the original file has been existent prior to a certain point in time.

In China, a court already accepted a blockchain-based proof (Tweet (opens new window), Original Source on Weixin (opens new window)).

# What is a timestamp "proof"?

A proof contains all information needed to prove a timestamp on the blockchain independently from OriginStamp. Technically, it refers to a path through a Merkle Tree.

TIP

A proof example is part of the sample certificate (opens new window) (starting from page two).

# What is a timestamp "certificate"?

A certificate is a PDF document which contains the timestamp proof and further documentation on how to verify the proof. It is required to prove the validity of a timestamp independent from our service.

TIP

A sample certificate can be found here (opens new window).

# What happens if the value of Bitcoin or any other coin drops to zero?

New timestamps on the Bitcoin blockchain will be invalid, old timestamps on the Bitcoin blockchain will remain valid.

However, we are using more than just the Bitcoin Blockchain, just to be sure.

Why

New timestamps on the Bitcoin blockchain will be invalid since the incentive for mining Bitcoin reduces, and thus the mining difficulty reduces which is why an attacker can date back data to the point where the Bitcoin value dropped to zero. All timestamps on the Bitcoin blockchain that have been created in the past will remain valid for a long time. The reason for this is that an attacker still cannot create backdated timestamps. Doing so would require to mine large parts of the Bitcoin blockchain with a high mining difficulty, which would require vast amounts of energy. Furthermore, it is fair to assume that at least one copy of the Bitcoin blockchain will remain, may it be only for a digital museum.

We always monitor candidate blockchains and include them into our service once we think they fit our security standard.

# Technical Questions

# Why is the timestamp on the OriginStamp certificate different from the timestamp found in my Blockchain Explorer?

This can have several reasons. For one, the time zone might be different. The time zone we are using is stated on our certificates.

Then, some blockchain explorers state the time that our transaction was published in the Bitcoin network. However, the tamper-proof timestamp is the time on which our transaction was included into the blockchain. This is also the time we provide on our certificates.

# Why do I have to calculate the public key in order to verify a timestamp?

The calculation of the public key is just a necessary step to calculate the Bitcoin address.

# Which cryptographic methods are used to calculate the public key and the Bitcoin address when verifying a timestamp?

The involved methods are ECC (Wikipedia: Elliptic Curve Cryptography (opens new window)) and hashing (Wikipedia: Hash function (opens new window)).

Technical details can be found in the Bitcoin Wiki (opens new window).

# Which hashing functions do you support?

Currently, we only support SHA256. However, you might choose to hash a file first with a hashing algorithm of your choice and then with the SHA256 hashing function.

However, this has then to be taken into account when verifying a timestamp.

# What data contains the webhook?

Create, Status and Webhook share the same object. This saves customers additional implementation work, as the requests or data only have to be understood once. The difference is that the webhook is only triggered as soon as a tamper-proof timestamp exists.

# When is a webhook triggered?

The webhook is triggered as soon as the tamper-proof timestamp with the selected crypto currency has been created. You can trigger a webhook manually (opens new window) to experiment with its payload.

# It is possible to receive through the API the following data: Public key, Uncompressed Bitcoin address?

Since the timestamp procedures differ for individual cryptocurrencies, our response object looks like this for each crypto currency. In the case of Bitcoin, the uncompressed address is calculated using the Bitcoin Protocol. We do not currently provide an interface for this, as there are corresponding libraries for the most diverse programming languages, e.g. BitcoinJ for Java. The following examples show how simple the calculation is:

Calculation of an address

String uncompressedAddress = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash,16)).decompress().toAddress(MainNetParams.get()).toString();

Calculation of public key

String publicKeyHex = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash, 16)).decompress().getPublicKeyAsHex();

# Why do I get a Cloudflare error?

We use Cloudflare to protect the service from DDo's attacks, i.e. unwanted traffic is automatically filtered.

To resolve this issue, please set the User-Agent in your request header, e.g.

curl -X GET https://api.originstamp.com/v4/timestamp/05c2422f44ddd24ba3f25848773a8fcb48435f8f966381da4732c40a7255780c\
     -H "Content-Type: application/json"\
     -H "User-Agent: Robins OriginStamp Test"\
     -H "Authorization: XXXX-XXXX-XXXX-XXXX"

More information on Cloudflare errors can be found here (opens new window)