Hands-on decentralized timestamping

Roberto Reale @ Viduo

Our Agenda

  1. Going trustless
  2. Keeping time
  3. From postmarks to blockchain
  4. Enter the Linux kernel: inotify
  5. TimestamPy
  6. Who's Who

Going trustless

Blockchain

  • No central authority in control
  • No need to trust your counterpart to perform their obligations or properly record transactional data
  • Game Theory is used to model incentives
  • Secure by design (cryptography)

A taxonomy

  • Public: Anybody can use it, send transactions, participate, explore (Bitcoin, Ethereum)
  • Consortium: Controlled by a pre-selected set of nodes (R3)
  • Private: Permission management is centralized (MultiChain)

Consensus mechanisms

  • Proof of Work (PoW): Network participants have to solve cryptographic puzzles to be allowed to add new blocks to the blockchain (mining)
  • Proof of Stake (PoS): Network participants must prove ownership of a certain asset in order to participate in the validation of transactions (forging)
  • Others mechanisms: proof of service, proof of elapsed time, proof of capacity, useful PoW

Keeping time

Trusted timestamping

The process of securely keeping track of the creation and modification time of a document.

No one should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.

The blockchain as a TSA

  1. Data is hashed
  2. The hash is incorporated into a transaction stored in the blockchain

Bitcoin network time, 1

Each node internally maintains a counter that represents the network time, based on the median time of a node's peers which is sent in the version message when peers connect.

Bitcoin network time, 2

The network time counter reverts to the system time if the median time differs by more than 70 minutes from the system time.

Bitcoin network time, 3

Nodes reject any block timestamp that is greater than 2 hours from the current network time.

Block timestamps that are earlier than the median time of the past 11 blocks are also rejected.

Scalability problems

  1. Transaction rate
  2. Hash length

From postmarks to blockchain

OpenTimestamps

  1. Trust: Removes the need for trusted authorities
  2. Cost: Scales indefinitely, allowing timestamps to be created for free by combining an unlimited number of timestamps into one transaction
  3. Convenience: Can create a third-party-verifiable timestamp in about a second

Scalability through aggregation

Enter the Linux kernel: inotify

System calls

  • Fundamental source of truth (DevSecCon Singapore 2018)
  • Transit points between user land and the kernel
  • Processes make them all the time, disclosing information about their activities
  • Provide deep insight when aggregated

inotify

  • Linux kernel subsystem
  • Used via a system API call
  • include <sys/inotify.h> or <linux/inotify.h>
  • init(), add_watch(), read(), rm_watch
  • Python adapter

						import inotify.adapters

						def _main():
						    i = inotify.adapters.Inotify()

						    i.add_watch('/tmp')

						    with open('/tmp/test_file', 'w'):
							pass

						    for event in i.event_gen(yield_nones=False):
							(_, type_names, path, filename) = event

							print("PATH=[{}] FILENAME=[{}] EVENT_TYPES={}".format(
							      path, filename, type_names))

						if __name__ == '__main__':
						    _main()
					

TimestamPy

TimestamPy automatically generates a timestamp every time any document is created, modified or moved into a local folder.

  • Written in Python
  • Built upon OpenTimestamps
  • Uses the inotify Linux system calls

						$ pip3 install timestampy
					

						$ timestampy
					

By default, TimestamPy will watch the ~/timestampy folder; each time a file is created and/or moved into it, a timestamp will be created on the Bitcoin blockchain.

Who's Who

reale.me

  • Mixed background (math, CS, economics, a touch of humanities)
  • FOSS contributor
  • Consultant for e-government
  • Enthusiast of technology as an enabler for democracy

viduo.eu

Viduo is an open think tank based in Rome

  • Digital democracy
  • Privacy and data security/protection
  • The Digital Single Market and EU funding
  • Policymaker engagement
  • Institutional and corporate communication

https://timestampy.reale.me/

https://reale.me/hands-on-decentralized-timestamping-2018