How does OriginStamp work?

In short, OriginStamp uses blockchain technology to provide a tamper-proof timestamp irrefutably proving the existence of any digital content at a given time.

Preparation of digital content

First of all, the object the existence of which is to be proven needs to be represented in a fixed digital format, e.g., a digital photo/video, a PDF scan, or just a plain text file with contents My secret. Let file denote this digital representation from now on. In order to provide independence of third parties, OriginStamp does not provide a backup solution, i.e., it is up to the user to make sure that this file will be available in the future if its existence needs to be proven.


The OriginStamp client locally calculates a so-called hash of the file. A hash, more precisely cryptographically secure hash, is a short number which can be trivially obtained from a file, e.g.

sha256("My secret") = 4ffe33264b72e6973eed98070f1118182380ddf287e813ce06d34b04e78824ed

It is computationally infeasible (realistically "impossible") to either reconstruct that file from its hash or any other file with the same hash. Simplified: consider the digit sum of 51, being 6. This could also be yielded by, e.g., 42, thus it is impossible to reconstruct 51, while a more realistic hash also makes it "impossible" even to obtain the 42.

// you can't tell what numbers were added up to 6 if you only know the result
digitsum(51) = 5+1 = 6 
digitsum(42) = 4+2 = 6
// you can't tell what number was used to calculate the hash,
// but the hash is "unique" for each number 
sha256(51) = 031b4af5197ec30a926f48cf40e11a7dbc470048a21e4003b7a3c07c5dab1baa
sha256(42) = 73475cb40a568e8da8a045ced110137e159f890ac4da883b6b17dc651b3a8049

It is crucial that this hash is calculated locally since the actual contents of the file are potentially confidential and shall not be transmitted to any other party, including OriginStamp. Only the hash is transmitted to OriginStamp.

While you can commit an individual hash to a blockchain (even without involving OriginStamp), this can yield high financial costs depending on the number of proofs required. As an example, consider a surveillance camera feed, one frame each minute shall be submitted for proof, 24/7. This yields about half a million hashes per year. Even in April 2019, the cost of a single Bitcoin transaction was around 1$, while it did cost more than 35$ in December 2017[1]. It is therefore highly desirable to reduce the costs for such an ongoing timestamping procedure.

Merkle Tree

The solution lies in so-called Merkle Trees. Since hashes are also just digital content, the concatenation of two hashes can be hashed again to obtain a new hash. Two hashes obtained by this procedure can be concatenated and hashed again to combine four file-hashes and so on. Thus, an arbitrary amount of hashes can be combined into a single hash. In other words, the cost-factor of hashes per second can be reduced to timestamps per second.

// we use a short truncated notation of the actual hash here
sha256("My secret") = 4ffe3326
sha256("Another secret") = 0f548ec4
// resulting combined hash of the two files that can be timestamped
sha256(4ffe3326+0f548ec4) = b3e16d9f

For the camera example above this cannot be directly used: While combining a year's feed into a single hash would reduce the cost by a factor of half a million, this would also mean only one proof per year, defying the purpose of one hash per minute. However, if the camera's feed of one hash per minute is combined with a million other sources of one hash per minute and the costs are shared, the total costs can be halved even further while still benefiting from the one proof per second. This is where OriginStamp comes into play, providing a service to combine the user's hashes with those of others in order to significantly reduce the user's expenses of continuous timestamps.

Blockchain technology

Now how can a timestamp be generated from such a hash? The answer is a blockchain. This is a digital chain of blocks, where each regularly published block encodes so-called transactions (which ultimately also encode the hash to be timestamped), and each block depends on its predecessor in a way such that forgery of this publication history becomes impossible (once again using cryptographically secure hashes). Since such a blockchain must be publicly accessible via the internet, the one missing piece of the puzzle is the question how "the internet" can agree upon the correct blocks to be confirmed without requiring trust in a third party.

There are various concepts (e.g., Proof of Work, Proof of Stake) that boil down to participants of the blockchain's network getting rewarded with digital tokens (e.g., Bitcoin) for investing resources (time, computational power, more tokens) into keeping the blockchain in a uniquely agreed-upon state. The very ownership of those tokens is tracked by this blockchain. Thus it is in their (both future and past) owners' interest to maintain this uncorrupted state.

Hash to private key

The final gap concerns how to put a hash into a blockchain. To that end, a deterministic way to create a private key from a hash is used, and a transaction involving the corresponding public key is submitted to the blockchain. Now a bullet-proof chain from the original file to a tamper-proof timestamp in the blockchain is completed:

  1. Obtain the hash from a file.
  2. (Optional but severely cutting costs) Combine this hash and many others via a Merkle Tree into a new hash.
  3. Create a private key from that hash, and from that a public key / address.
  4. Submit a transaction involving this address. Note: Proving the timestamp, later on, includes revealing (means to obtain) the private key, which in turn permits claiming ownership of any tokens still not transferred away from this address. Therefore two transactions are recommended: One to transfer tokens to the address and another one to transfer them away again.
  5. Once the transaction is properly confirmed by the blockchain network (e.g., after six blocks in Bitcoin), which takes about one hour) the timestamp is irrevocably embedded in the blockchain and can be disclosed at will.

OriginStamp's services

As indicated above, OriginStamp provides the means to distribute timestamping costs across its users, thus making high frequency timestamps affordable. Both complete apps for occasional / private use and an API for regular / commercial use are available.

The big benefit of using our service is that your timestamps are embedded in multiple blockchains. Even if one would go offline in the future, which is highly unlinkely, the probability that all of them go offline is very low.

  1. On 23th of December 2017, transaction cost was at 35.56 $ per transaction. ↩ī¸Ž