[ExI] he said what????

Adrian Tymes atymes at gmail.com
Fri Dec 30 21:22:54 UTC 2016 

On Fri, Dec 30, 2016 at 1:00 PM, John Clark <johnkclark at gmail.com> wrote:
> On Fri, Dec 30, 2016 at 3:34 PM, Adrian Tymes <atymes at gmail.com> wrote:
>>> On Fri, Dec 30, 2016 at 12:17 PM, John Clark <johnkclark at gmail.com>
>>> wrote:
>>> > NASDAQ inserts a digital time stamp from the National Institute of
>>> > Standards
>>> > into its financial transactions and then makes a cryptographically
>>> > secure
>>> > hash out of it, that way anyone can prove when a transaction occurred
>>> > to
>>> > within a fraction of a second. Perhaps not too far from now it will be
>>> > common practice for cameras, even cell phone cameras, to do something
>>> > similar. That way if somebody produces a video of me making silly faces
>>> > I
>>> > can produce an older video without the clowning proving it was altered.
>>
>> Not sure I understand.  What would prevent the faker from just signing
>> their video with the same time stamp (or rather, a hash produced from
>> the same time stamp) as the original?
>
> When I make my non-clowning video I get it timestamped by a trusted party
> like
> the National Institute of Standards
> and then I sign the entire thing
> myself. After that if somebody altered it the alteration would have a later
> timestamp and would be lacking my signature and I could prove which one was
> original, or at least more original, I couldn't prove there wasn't an even
> earlier version out there somewhere. If you can do it for financial
> transactions I don't see why it couldn't be done for video, right now it
> would probably be too expensive but it the demand is high the price would
> fall.

Ah, I think I see the disconnect.

With NASDAQ, the hash is a way of verifying the time stamp they claim.
Of course they also have a plaintext time stamp too.  Most likely, the
time stamp and other crucial info are signed by NASDAQ's private key,
so one can be sure that the communication is what NASDAQ claims -
guarding against man-in-the-middle attacks.

In your example, you could do the same for your videos, proving that
*you say that* you have an older video.  This does not absolutely
prove that you actually had that earlier video, just that you say that
you do.

In neither case does NIST actually sign anything.  NIST provides a
time value, which you and NASDAQ claim to have cited.  But it is
impossible to prove 100% that you or NASDAQ actually got that time
stamp from NIST; you or NASDAQ could have made up an earlier time
stamp.  There's nothing special about time stamps; fundamentally, they
are just a number of time units since an agreed-upon epoch.  That
said, people trust NASDAQ not to deliberately lie; using NIST just
helps them to not accidentally lie (in case their own clock is off).

More information about the extropy-chat mailing list