Frequently asked questions (FAQ)
What is OriginStamp?
OriginStamp is a trusted timestamping service for digital content. You can use our service to prove that you were in possession of an information or a file, e.g., PDF, image, video, at a specific time.
How is a timestamp created?
A timestamp is created in several steps. The steps are almost the same as for verifying a timestamp. (GitHub Repository)
- The SHA-256 hash of the original file is created.
- The hash of the original file is combined with many other hashes in a Merkle tree for a certain time interval.
- The root of the Merkle tree now represents all hashes of all original files. The root is defined to be a private key.
- From the private key a public Bitcoin address is derived.
- Finally, a small amount is sent to that Bitcoin address. The time of the transaction is the time of the timestamp of the original file.
How do I verify a timestamp with OriginStamp?
To verify a timestamp with OriginStamp requires only the original file. Then, there are two options:
- By sending the hash of the original file to us, we will return the blockchain-based timestamp that is known to us for that hash.
- By sending the hash of the original file to us, we can also return the proof of the timestamp for that hash. Then you can proceed to verify the timestamp for that hash without OriginStamp.
How do I verify a timestamp without OriginStamp?
To verify a timestamp without OriginStamp requires the original, unaltered file and the proof of the timestamp for this file.
This would only affect the creation of new trusted timestamps with OriginStamp. For the verification of already created timestamps you don't need us. What you need is:
- Keep your original files and the seed text
- Calculate the SHA256 fingerprint of your original source.
- Check the seed if it contains your hash fingerprint.
- Calculate the SHA256 hash of the seed.
- Calculate the Bitcoin address
- Use the determined SHA256 hash of the seed as private key and convert it to uncompressed Base58 encoded bitcoin address. See Mastering Bitcoin by Andreas Antonopoulos.
- Verify transaction
- To verify the transaction and address acccess the Bitcoin blockchain.
Please keep in mind that you can only verify a timestamp made with OriginStamp after the hash has been submitted to the Bitcoin blockchain (happens every hour). The existence of the hash fingerprint on our website alone isn't the final proof yet.
Keep Your Original
Always keep and archive your original sources and the whole seed. With this combination (your original + seed) you can always recreate the hash fingerprint and prove that your data was part of a specific Bitcoin transaction.
Do not Alter
Never alter your original! Any change, including changing a single space, or editing any of its metadata, will alter the hash that is unique to your original file.
For the detailed instructions on the manual timestamp verification check this GitHub Repository
How is OriginStamp different from a traditional timestamping authority?
In contract to a TSA, OriginStamp is not a trusted third party. OriginStamp only provides a convenient connection to various public blockchains. This has several advantages:
- OriginStamp uses a consensus that is accepted worldwide and not just in a few countries.
- If OriginStamp stops existing, all timestamps remain valid.
- OriginStamp can't be bribed. Even if you would offer us 1 billion USD today, we could not date back a timestamp.
- All timestamps generated by OriginStamp are unlimited in time.
What happens if OriginStamp stops existing in the future?
If OriginStamp stops existing, no new timestamps can be created. Since all timestamps are independent of OriginStamp verifiable, all timestamps that have been created in the past are still valid and verifiable.
What if your service doesn't exist in 20 years?
New timestamps can't be created. However old timestamps remain valid and can be verified (read also 'How do I verify a timestamp without OriginStamp?').
What is a media blockchain?
Newspapers are distributed in the physical world like blockchains are in the digital. OriginStamp publishes the root hash of the Merkle Tree in different newspapers so that all potential newspaper readers become witnesses of the timestamp. Moreover, the root hash of today is a leaf hash for tomorrow, which means that the two Merkle Trees are linked and subsequent newspaper editions form a chain. The security and reliability of a media blockchain relies solely on the number of archived copies of each edition.
What is the pricing?
The pricing depends on the number of timestamps and certificates you generate. For an offer, or a free test API key, please contact us at [email protected]. We charge a certain amount of credits (see next FAQ item) for each action you perform.
How many credits are charged for a certain action?
|Submission||file / hash without existing timestamp submitted||timestamp will be created||1.0 credit|
|Submission||file / hash with existing timestamp submitted||timestamp information is returned||0.3 credits|
|Status||timestamp information not yet available||error message is returned||0.3 credits|
|Staus||timestamp information available||timestamp information is returned||0.3 credits|
|Proof||timestamp prove not available||error message is returned||0.1 credits|
|Proof||timestamp proof available||return path through Merkle tree as proof||3.0 credits|
|Proof||old timestamp proof available||return seed file as proof||3.0 credits|
|Proof||timestamp proof available||return PDF proof certificate||5.0 credits|
|Notification||hash without existing timestamp submitted||webhook notification||1.5 credits|
|Notification||hash without existing timestamp submitted||email notification||5.0 credits|
|Notification||hash with existing timestamp submitted||trigger webhook for development purposes||0.3 credits|
Is a blockchain timestamp legally binding?
It depends on the country. In general, an independent expert can, at any time, given a copy of the blockchain, the proof of the timestamp and the original data, verify that the original file has been existent prior to a certain point in time.
In China, a court already accepted a blockchain-based proof (Read Tweet).
What is a timestamp "proof"?
The proof contains all information that is needed to prove a timestamp on the blockchain independent from OriginStamp. Technically, this is a path through a Merkle tree. Such a proof can be found in the sample certificate.
What is a timestamp "certificate"?
A certificate is a PDF document which contains the timestamp proof and further documentation on how to verify the proof.
What happens if the value of Bitcoin or any other coin drops to zero?
New timestamps on the Bitcoin blockchain will be invalid, old timestamps on the Bitcoin blockchain will remain valid.
However, we are using more than just the Bitcoin Blockchain, just to be sure.
New timestamps on the Bitcoin blockchain will be invalid since the incentive for mining Bitcoin reduces, and thus the mining difficulty reduces which is why an attacker can date back data to the point where the Bitcoin value dropped to zero. All timestamps on the Bitcoin blockchain that have been created in the past will remain valid for a long time. The reason for this is that an attacker still cannot create backdated timestamps. Doing so would require to mine large parts of the Bitcoin blockchain with a high mining difficulty, which would require vast amounts of energy. Furthermore, it is fair to assume that at least one copy of the Bitcoin blockchain will remain, may it be only for a digital museum.
We always monitor candidate blockchains and include them into our service once we think they fit our security standard.
Why is the timestamp on the OriginStamp certificate different from the timestamp found in my Blockchain Explorer?
This can have several reasons. For one, the time zone might be different. The time zone we are using is stated on our certificates.
Then, some blockchain explorers state the time that our transaction was published in the Bitcoin network. However, the tamper-proof timestamp is the time on which our transaction was included into the blockchain. This is also the time we provide on our certificates.
Why do I have to calculate the public key in order to verify a timestamp?
The calculation of the public key is just a necessary step to calculate the Bitcoin address.
Which cryptographic methods are used to calculate the public key and the Bitcoin address when verifying a timestamp?
Technical details can be found in the Bitcoin Wiki.
Which hashing functions do you support?
Currently, we only support SHA256. However, you might choose to hash a file first with a hashing algorithm of your choice and then with the SHA256 hashing function.
However, this has then to be taken into account when verifying a timestamp.
What data contains the webhook?
Create, Status and Webhook share the same object. This saves customers additional implementation work, as the requests or data only have to be understood once. The difference is that the webhook is only triggered as soon as a tamper-proof time stamp exists.
When is a webhook triggered?
The webhook is triggered as soon as the tamper-proof time stamp with the selected crypto currency has been created. In the next days we will also introduce an interface, which allows to start a webhook manually, because this will simplify the development work considerably. Simply check our documentation page from time to time.
It is possible to receive through the API the following data: Public key, Uncompressed Bitcoin address?
Since the timestamp procedures differ for individual cryptocurrencies, our response object looks like this for each crypto currency. In the case of Bitcoin, the uncompressed address is calculated using the Bitcoin Protocol. We do not currently provide an interface for this, as there are corresponding libraries for the most diverse programming languages, e.g. BitcoinJ for Java. The following examples show how simple the calculation is:
Calculation of an address
String uncompressedAddress = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash,16)).decompress().toAddress(MainNetParams.get()).toString();
Calculation of public key
String publicKeyHex = ECKey.fromPrivate(new BigInteger(pPrivateKeyHash, 16)).decompress().getPublicKeyAsHex();
Why do I get a Cloudflare error?
We use Cloudflare to protect the service from DDo's attacks, i.e. unwanted traffic is automatically filtered.
To resolve this issue, please set the user agent in your request header, e.g.
curl -X GET -H "Content-Type: application/json" -H "Robins OriginStamp Test" -H "Authorization: XXXX-XXXX-XXXX-XXXX" http://api.originstamp.com/api/05c2422f44ddd24ba3f25848773a8fcb48435f8f966381da4732c40a7255780c