search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
902 stars 37 forks source link

Proposal: proof of existence system using sigchains #2093

Open darwin opened 8 years ago

darwin commented 8 years ago

One can use services like https://proofofexistence.com to permanently record a document hash to be able to later prove its existence at given date.

Since keybase state is recorded in the Bitcoin blockchain, we could achieve similar feature by recording the document hash in user's sigchain.

I believe implementation would be quite easy by adding a new sigchain link type (something along these lines):

{
    "type": "proof_of_existence",
    "docs": [{"mhash": "multi-hash", "title": "optional title"} ...]
}

Why this would be more convenient than proofofexistence.com?

First, I don't believe in future viability of recording proofs directly into blockchain. It could be too spammy/costly. Recording checkpoints of some shared "proofs" chain will be needed. And keybase has been doing exactly this.

Second, with proofofexistence.com, I still have to store the document somewhere safely. With kbfs, I could do signing, store encrypted documents and prove its existence all just using keybase.

A typical workflow:

Alice and Bob have keybase identities and want to sign a document. Prior signing they look at the Bitcoin blockchain and include hash (H1) of current block (or few blocks back). Then they both sign the document.

Alice wants to store signed document with proof-of-existence using keybase. She encrypts the signed document by putting it into her private kbfs. Then she can create proof_of_existence of the encrypted file in her sigchain. Once that sigchain update gets baked into Bitcoin blockchain (H2) she has strong proof of existence. The document was provably signed not before H1 and not after H2.

Note: I'm not familiar with kbfs implementation. It may be the case that similar proof-of-existence of private documents could be achieved automatically, because state of kbfs is somehow accumulated in the merkle_root anyways.

[1] https://proofofexistence.com [2] https://github.com/jbenet/multihash

strib commented 8 years ago

Great idea! Have you seen section 5 of https://keybase.io/docs/crypto/kbfs? It may be that we're already working on something good enough. Our motivation is to be able to tell that a version of a folder was signed by a key before that key was revoked. But a side-effect will be that all folders get hashed in the keybase-wide merkle tree, and then put into the block chain, about once an hour. With the right API into KBFS data structures, we might be able to show that a particular file existed at a particular point in time. There would be some details to work out though. . .