Timestamping means publishing at a certain date a number that cannot however be guessed, for instance a cryptographic hash of a picture or document. In so doing, the user expects to obtain a proof in the future that since he owned the hash, he owned the original, at that given date.


Blockchains are the public ledgers maintained by the community of miners for cryptocurencies. Details can be found here on wikipedia for instance.

The Blockchains as a write once device

One key property of such ledgers is that they offer a write once functionality: every single transaction written on a blockchain will be stored forever. The choice of a specific currency falls beyond the scope of this post: the miners neeed an incentive to invest power and resources in operating the network, so purely pragmatic and economic criteria will help the future decide for which currency to use. For simplicity in the sequel we'll use Bitcoin as a generic name, because Bitcoin today has the most active network.

Write once is a key functionality to timestamping, as well as the relative accuracy of the date and time information monitored by a peer to peer network whose servers must all agree over an accurate time range. Any transaction, like say (a random pick) this one, has a date and time.

Timestamping using payment addresses

Most frequent options for timestamping over the blockchain expect to make the hash explicit in the transaction structure, either by splitting the big number into smaller units that can be encoded as amounts to be paid or as comments or auxiliary data in the transactions.

However, the Bitcoin core devs are strongly reluctant to allow users to use the blockchain as a data store, and they even recently reduced the max size of the OP_RETURN statement to 40 bytes.

Do we need transactions to timestamp? No, because since the hash computation is useful precisely because it is irreversible, the timestamped hash needs not be explicit, if it can be recomputed from the original.

Any data can be used to generate a bitcoin payment address. The process simply involves generating a hash (sha256) of the data, then derivating a bitcoin private address from that. This forms what is called a brainwallet.

So we come out with a very simple and straightforward timestamping process;

  1. compute a hash H of some data D, or use the raw data D if feasible
  2. create a bitcoin address pair @1 from that resulting 'brainwallet' H or D
  3. make a payment from a personal address @0 to the public @1: this timestamps @1, hence D, on the bitcoin ledger forever.
  4. make a payment back from @1 to the public @0 or another address of yours: this proves that you know D, since only knowing D allows you to know the private part of @1 required for paying.

In the future, in case of a contestation, you will be the only person able to reveal D. You may also be able to prove by signing a message using @1 that you own @1 without needing to expose D.