Proving ownership of any file by piggybacking on the blockchain

Most people say Bitcoin cannot have smart contracts. Most people are wrong! Here is a clever method – also a form of a DIY smart contract – you can use to prove beyond all doubt ownership of any file at any point in time.

In order to prove ownership of a file at a specified point in time, you need a couple of things: a hash of the file, an indisputable timestamp, and – most importantly – the ability for you and others to verify these without trusting a third party.

Hashes and timestamps, rings a bell, hello? Sounds like a blockchain!

Okay, so say that we need to prove that we controlled the file you can download here on this day (July 10, 2020). How can we accomplish that?

Here is how.

The SHA-256 hash of our file is

fecbb74ad4e93d2e0fe5adc33f407f554d35ca4e4bbc0073284fcc553e6e3bb6

What can you do with a 64 character hexadecimal string? Well, you could use is a private key and derive its private key WIF and native segwit public address:

Private key hex: 0xfecbb74ad4e93d2e0fe5adc33f407f554d35ca4e4bbc0073284fcc553e6e3bb6
Private key WIF: p2wpkh:L5kzz7oaXhWMQEMTEpBXDAgz2adm7iuBcy5BLxvzYEEZBHM9z1o1
Native segwit address: bc1qrgul0qzmwqv9khcmuw74d8t4jk2nyxhjg9d2hl

Then transfer a symbolic sum to that public address, and the same second it is in the mempool, broadcast a transfer of the whole balance back to yourself. This will cost you two transaction fees, which is a fair price – literally in the range of 2 cents.

When the two transactions are included in a block, we have succeeded! From this moment we can forever state we had access to the file on this day by saying:

  • Download the file and calculate its SHA-256 on your machine to verify it matches ours
  • Use the hash as a Bitcoin private key, and calculate its corresponding public address, note that we get identical key pairs
  • Look up this transaction, in which you will find a the expected public address (bonus: from our verified address)
  • We could only have sent to and spent from this address if we knew the hash at the exact point in time, which is now and forever imprinted on the blockchain
  • It this therefore proven that we controlled this file when block 638702 was mined

Be smart! Invent your own smart contracts.

A few remarks

  • You can never use the “proof address” again, as its private key has been exposed
  • There are other ways to push arbitrary data, such as a hash and a timestamp, on to the blockchain, for example this way
  • This method is fail-safe until a collision in SHA-256 is found; this has never happened, and if it one day should do, it is not only the end of this method but the end of Bitcoin

Comments and questions?

One more thing!

Consider the donation address at the bottom of the page. We re-invest all contributions into new projects for btcleak.com. Help us create new content and remain ad-free forever. Thank you.

Leave a Reply

Your email address will not be published.