Registering a document in the blockchain... and verifying it

The book has been registered in the blockchain. This post will explain the process followed to register a document in the blockchain and to verify it.

Note that in the case of legal notaries a copy of the full document is kept in archival. In principle this could also be done in the blockchain: a whole document could be split into small chunks (40 bytes size each) and stored in the blockchain. This, however poses two problems.

First, the amount of data to store in the blockchain would be quite big. Storing all this data would inconvenience nodes participating in the Bitcoin network as they would have to store a full copy of our document (plus auxiliary information in the transactions that register this information). This inconvenience has a cost, and the user causing it has to pay for it in the form of transaction fees. Consequently, storing a large document in the blockchain would cost a lot of money.

Second, sometimes we do not want the full document to become public. This is the case here, where we just want to register the existence of such document at a specific point in time.

We can solve these two problems at the same time by first computing a hash (digest) of the document, and then only storing this hash in the blockchain. Several cryptographic hash functions can be used to compute it. One of the most popular is SHA256, the same hash function used in Bitcoin's proof-of-work.

Registering the book in the blockchain

To register the book on the blockchain, the hash of the pdf of an early version of the manuscript is computed:

$ sha256sum understandingbitcoin.pdf

1324585ce12bdf2c16995835e1ba1a04246592e7755c6c1933419fe80f97f10e

The result is the hash of the pdf. This hash is a 256-bit  (32 bytes) number. Encoded in hexadecimal, it results in a 64-character string of numbers and the letters a-e (shown above). This 32-byte number was included in an OP_RETURN transaction that was published in the blockchain. The hash for this transaction (kind of the id of the transaction) is:

e144275426185d0a0b85e7bdcfdfbbaa6f7f750a522007aeaae6f0f8708838bb

Building the OP_RETURN transaction and sending it to the blockchain can be done with one of several Bitcoin wallet clients. This, however, is usually a manual process. However, there are already services that, for a fee, perform these tasks for their users. To register the book I have used  the excellent www.proofofexistence.com. Using it is as easy as dragging and dropping the file to register (the pdf with the manuscript) on the browser and then paying the small bitcoin fee.

Verifying that the book is registered

Once the book is registered, the party interested to demonstrate that the registration took place should provide the verifier a copy of the pdf and a link to the transaction in the blockchain. The verifier would first hash the pdf and check that the result matches the provided hash. In the case of the book, you would have to trust me here that the hash of the pdf is the one above.

Then the verifier would check that this hash is indeed included in the blockchain in the transaction indicated. To do this the verifier would need to have a copy of the blockchain that she trusts. She can then query the blockchain, for instance using the Bitcoin Core Server (bitcoind). The result is:

$ bitcoind getrawtransaction e144275426185d0a0b85e7bdcfdfbbaa6f7f750a522007aeaae6f0f8708838bb


0100000001abf2ec413b4a8b8f38476350ac0246f93fe355976efaa2cfe2014cad297e9e3a8c0000008b4830450221008bb8d36cba5b2b9c54cb8adaf799df6f336d7a93aaf6f6bda261512b45415d1a022075a8a700a9ebeb863ce10bd62ffe28da986fe608df9b963572e5fb3e11fd247a014104bd184b34e4e20698a7670854e16f68c4ca2f9326572342998bdf1b1c4685644c2374e40c19ca20eeb3439e3255d468d3e92aa32f577df99bdb409c8f064462f7ffffffff0100000000000000002a6a28444f4350524f4f461324585ce12bdf2c16995835e1ba1a04246592e7755c6c1933419fe80f97f10e00000000

This is the hex encoding of the transaction, and it contains all the information that Bitcoin nodes need to accept the transaction as valid (including a valid signature from the address sending it). It has a fair amount of information, but the relevant part is highlighted in bold: this is exactly the hash of the pdf. Thus, the hash of the pdf is secured in the blockchain.

If the verifier does not have access to a copy of the blockchain, the transaction could be viewed using one of the blockchain explorer services available. However, in this case the verifier could be potentially subject to a Man-in-the-Middle attack on her browser, whereby the transaction provided by the online blockchain explorer website is swapped before being presented to the user in her browser. This could allow an attacker to trick the verifier into believing that a particular hash is stored in a certain block in the blockchain, when in reality it is not.

How secure is this proof?

Very. The security of this proof rests on two pillars. First, the pre-image resistance of the SHA256 hash function. This property states that given a hash value it is computationally very difficult to find a pdf such that it hashes to it. This assures us that the pdf is indeed linked to the hash value, as no other pdf can be generated such that its hash is the same.

Second, the security of the blockchain itself. The transaction containing the hash is included in block 310,910. As of the time of writing, this block has 10,074 confirmations, meaning there have been a total of 10,074 blocks mined on top of this block. Imagine a cheater wants to include the hash of a pdf that has been recently generated. That is, the cheater wants to include the hash of the pdf in the blockchain a posteriori. She would have to mine 8,505 blocks and catch up with the blocks mined by the rest of the network. The amount of hashing power required to pull off this feat is in the order of tens or hundred of millions USD (depending on the time-frame under which the cheater operates). Too much hassle to break the proof-of-registry of a humble book.




Disclaimer: products and services mentioned in this post are for illustrative purposes only, and their inclusion does not constitute and endorsement by the author. This material is intended for general information purposes only and does not constitute investment, legal or tax advice.