QR Date, a trusted timestamp for real-time media - 2022-03-03
I came upon a neat concept on twitter: embedding a signed timestamp in media shared in near real time.
This inspired a series of articles; this is the first of several! In total this series will cover:
- Introducing QR Date - You're here!
- A deep dive into Ed25519 Signatures
- Generating QR codes like QR Date with ed25519
- Recommendations and Concerns for QR Date
Before fully introducing it, I would like to point out some prior art.
From long before any of us were born, in the 1660's, researchers wanted to claim they had something first. Without cryptography they obscured hints that their ideas were complete as anagrams to one another.
These days, trusted timestamps are a thing, starting in 1991 by Haber and Stornetta, developing into a standard with RFC3161 in 2001, and now recently as proof of existence on the blockchain for reasons.
These solutions rely on hashing the content and then having a trusted authority sign that hash. The trusted authority never has to receive the content to certify that it had been observed at that time.
In the above graphic, a Time Stamp Authority (TSA) can provide a Time Stamp Token (TST) to certify that a hash had been observed at a certain time. A fundamental requirement is that the TSA never lies about the time.
A TST's use case is to certify that the content existed as early as the timestamp in the token. This is useful for regulatory, auditing, financial, and legal uses. Read more about this topic with the ANSI X9.95 standard.
Like A Time Stamp Authority, QR Date hopes to be a trusted authority for the public to time stamp their media.
Meet QR Date
The author describes QR Date as:
This is QR Date, a signed timestamp inside a QR code that you can use to verify the date in (near-) realtime photojournalism, photo/video uploads and live streams.
We're seeing past events at other locations replayed to our eyes. I have never been to Ukraine, I am not equipped to assess if what I'm seeing is truth or fiction. All I can tell is the media shared is scary, it looks like it happened some where I do not know... and someone on the internet says or suggests it is happening now.
Is there a way to mark images and videos in a way where it would be difficult to replay them later as a real time event? I think this is what QR Date is trying to accomplish.
Here's where the author thinks this technology can be helpful:
- You have a photograph or video you want to make and send to many people, rapidly.
- You need to prove beyond a reasonable doubt that the event or subject you are photographing happened or existed at the moment of capture.
If I want to say that I was truly writing this around 2022-03-02 01:36 UTC, then I can have the QR code in the image media somewhere.
And if you visited this on your phone you'd see something like this:
What if someone made their own QR code with a tampered link to the honest service? If either the signature or the date were modified, the honest service would reject a tampered url. That's where cryptography comes in; it provides message integrity, the message being the timestamp.
QR Date is neat and simple; it is being designed so that another can operate their own instance with their own key.
Additionally, a specification is being created so others can create their own matching implementation. Whether this becomes some sort of web of trust or federated network, I do not know.
I do have some recommendations and areas of concern to point out, but before that I would like to cover how we can build something like this ourselves.
This will come later! Up next is Why Digital Signature Algorithms.