How can anyone check the authenticity of my University Certificate on the Blockchain ?


Context

This Spring 2016, I attended a University course over the Internet (MOOC = Massive Open Online Course) about “Introduction to Digital Currencies” from the University of Nicosia in Cyprus. After 12 weeks of lectures, exercises and quiz, I passed with success the exam and thus, I have been eligible for a Certificate (I take this opportunity to thank our two outstanding professors : Andreas Antonopoulos @aantonop and Antonis Polemitis @polemitis)

As we live in the Digital age, I received my Certificate by email, in the form of a PDF file (Figure 1).

Figure 1 : Certificate of Accomplishement, received by email, as a PDF file

Of course, most of you will say that such Certificate has no value, as anyone could create one for himself, using photoshop, based upon the above picture.

However, this Certificate has been “registered” in the Bitcoin Blockchain and anyone can check whether my Certificate is valid (i.e. genuine and coming from the University of Nicosia) or not.

The goal of this Post is to show, step by step, how anyone can check on the Blockchain the validity of such Certificate.

Hashing concept

Before presenting the validation/checking process on the Blockhain, one has to explain the concept of the Digital Signature of a Digital document (also called “Hash”). If you know this concept, directly go to the next section.

Any Digital object (it can be your social security number, a PDF file, a JPEG picture, an Excel sheet, a Zip file of 500 MB, …) has a unique Digital signature (also called a “Hash”), which can be computed using publicly available algorithms. The calculation of a Hash is very quick (and can be done on any computer, phone, tablet, …), however, it is impossible, from the Hash to go back (or to guess) the original Digital document.

One widely used Hashing algorithm is called “SHA-256”. Such algorithm is available in many different forms. For instance, the following web site (link) is allowing you to compute the SHA-256 Hash/Signature of any text or any document. A SHA-256 Hash corresponds always to a 64 Hexadecimal characters string. If the Digital object for which you are calculating the SHA-256 Hash is modified (even a very tiny modification of a single bit), the resulting Hash will be totally different from the original one.

In order to illustrate the above, let’s compute the SHA-256 Hash of the following string of characters (without the quotes), using this link :
If you change a digital document, its hash will be totally different
The result will be the following 64 characters:
d88c1962f7bbdc12a5e23c18f5c233d74febeaa77a1129cd5fea579f30acd707

If now we compute the Hash of the same string, but we omit the comma in the middle of the sentence :
If you change a digital document its hash will be totally different
The result will be totally different (but always 64 characters) :
bf97c2336f874bb1ec1e2e8d3e4ab82734e827fe5bb994bb96aadb61b4c7325f

Figure 2 is showing Hashes of different types of documents.

Figure 2 : SHA-256 Hash of different Digital Documents (“TXT file”, “PDF file”, “JPEG picture”)

Now that the Hashing concept is known, it is possible to see how it is used in the “certification” of Digital documents in the Blockchain (see next Section).

Preparation of a “Genuine Certificate”

When I received my PDF Certificate by email, I received together from University of Nicosia a second PDF file, with some instructions/information, as well as a list of Hashes. This second PDF document contains the “Index” of the Hashes of all the Certificates which were awarded at the end of this Spring 2016 session, together with the instructions about how to validate the authenticity of a given Certificate. The first page, as well as the beginning of page 2 of this Index document is reproduced in the figure 3.

Figure 3 : Index file of the Hashes of the awarded Certificates, together with Instructions

This means that when the University of Nicosia created all the Certificates (as PDF files), they have computed the SHA-256 Hash of each one. Then, they have listed all these Hashes in a single document (that we will call the “Index PDF File” in the rest of this post) which is shown in Figure 3 above. A copy of this “Index PDF File” can be found on the University of Nicosia website, under the following link. They have then computed the SHA-256 of the PDF document of this “Index PDF File”, which corresponds to :
1ec3cc7497ee0fed85a095775a7e6bf2ada83da6e5c0d127eb9abd9aaeaf00b4

Then, the University of Nicosia has created a Bitcoin Transaction in which the above Hash (i.e. the Signature of the “Index PDF file”, 1ec3cc7497ee0….) has been included (using the “OP_RETURN” option in the Output Scripts of a Transaction in the Bitcoin Blockchain), together with a Prefix “UNicDC ” (554e6963444320 in hex encoding) for a more easy identification in the Blockchain.

This Bitcoin transaction (for a symbolic amount of 0.001 BTC, i.e. less than 1 US$), has been launched on the Bitcoin Blockchain on June 28, 2016, originating from the Bitcoin address 12wFAkd28zprJdmmXR69ek3AnzRbKLd5NC

Based upon the above information, it is possible now to validate on the Blockchain whether my PDF file (corresponding to my Certificate) is well genuine (and thus valid) or not.

Certificate Validation

The first step is to compute the SHA-256 of the PDF file of my Certificate. The result is the following :
94dfbabefc05247d1f5e3d2f2362be2f08d08334295ee9f1b5577339fb9822e9

The second step is to verify in the “Index PDF file” that this Hash is well present. On page 3 of the Index PDF File, I indeed found the corresponding Hash (see Figure 4).

Figure 4 : Page 3 of the “Index PDF file”, with the Hash of my PDF Certificate

We need now to check that the above “Index PDF File” is indeed the genuine one which has been “time-stamped” on the Blockchain. If yes, it means that my Certificate is indeed genuine.

To do so, we should find in the Bitcoin Blockchain (in a Block which has been created on June 28, 2016) a Transaction which contains (in the form of an OP_RETURN in the Output Scripts) both :
- the String “UNicDC ” or its hexadecimal equivalent “554e6963444320
and
- the Hash of the “Index PDF document”, i.e. 
1ec3cc7497ee0fed85a095775a7e6bf2ada83da6e5c0d127eb9abd9aaeaf00b4

In addition, we know that these information are in a transaction which has originated in the Bitcoin address 12wFAkd28zprJdmmXR69ek3AnzRbKLd5NC

Two different methods will be shown to find the above information in the Bitcoin Blockchain:

  • Analysis of the Blockchain content using a “Blockchain Explorer”
  • Direct analysis of the Blockchain itself, using the “Bitcoin core” application

Blockchain Explorer Approach

The content of the Bitcoin Blockchain can be viewed and analyzed by anybody using a “Blockchain Explorer” like “Blockchain.info”.

As the Transaction of interest has originated from the Bitcoin address : 
12wFAkd28zprJdmmXR69ek3AnzRbKLd5NC, one can search for this address directly in Blockchain.info (you can do it directly by clicking on the above Bitcoin address, or on this link). Figure 5 is showing the display in Blockchain.info of this Bitcoin Address.

Figure 5 : Display, in blochain.info, of the Bitcoin address 12wFAkd28zprJdmmXR69ek3AnzRbKLd5NC

We can see in Figure 5 that several transactions are attached to this Bitcoin address. We know that the transaction that we are looking for has been made on June 28, 2016. We can see that two transactions have been made at this date, but only the first one has “Output” from this Bitcoin Address. This corresponds to the transaction that we are looking for, which has the following Transaction ID:
58c5b82adb82a7c81cb0a9b666b80cb0b7b772e2e8602b3c3daaa2aa7c8fbb73

We can now search the above Transaction ID in Blockchain.info, by clicking on it or by using the following link. The result is shown in Figure 6.

Figure 6 : Display, in blochain.info, of the Transaction ID 58c5b82adb82a7c81cb0a9b666b80cb0b7b772e2e8602b3c3daaa2aa7c8fbb73

On the bottom of Figure 6, we have the “OP_RETURN” information. With a closer look at it (see the zoom in Figure 7), we can find the “UNicDC “ string (highlighted in blue), with it hexadecimal counterpart (highlighted in red), as well as the Hash of the “Index PDF file”, starting by 12c3cc7497… (highlighted in green).

Figure 7 : Details on the “OP_RETURN” script, with the information that are prooving the validity of the original “Index PDF file” on the Blockchain

The above information (shown in Figure 7) are the proof on the Blockchain that the “Index PDF document” is indeed the genuine one and thus my Certificate is also genuine. In this way, the integrity of any Digital document, that has been “time-stamped” on the Blockchain, can be demonstrated.

Bitcoin Core Approach

In the previous section, we have accessed to the Blockchain content through a Blockchain explorer, via a Web browser. Doing so, we don’t have the control of whether the Blockchain file which has been used is really the right one. Of course, the same operations can be repeated with different Blockchain explorers (like blockexplorer.com, blockr.io, blockcypher.com, …) and one will see that the same result is obtained in all cases.

However, there is another method which is even more reliable, with no third party, which consist of reading directly in your own copy of the Bitcoin Blockchain. To do so, you need to become one “node” of the Bitcoin Blockchain, by using the “Bitcoin Core” (or bitcoind) software and executables (see Figure 8). In such case, you will have the complete Bitcoin Blockchain synchronized on your computer (or on an external USB disk), which allows you to browse directly into it, being on-line or off-line.

Figure 8 : Bitcoin core software which has been used to “participate” to the Bitcoin Blockchain, by becoming a node of the Blockchain. The software can be downloaded on the bitcoin.org site

This section will explain how to check the integrity of my Certificate, by looking into my copy of the Bitcoin Blockchain (please note that this copy is constantly synchronized with the new blocks, as soon as I am connected to the network — this copy is one out of the thousands of copies of the Blockchain and I can at all time check the integrity of my copy).

As we have seen in the previous section, we should look on the Blockchain at the following Transaction :
58c5b82adb82a7c81cb0a9b666b80cb0b7b772e2e8602b3c3daaa2aa7c8fbb73

To do so, in the “Console”, run the command “getrawtransaction TxID” where “TxID” is the transaction ID shown above (starting by 58c5b82a…). To get the console in the Bitcoin core, go to the “Help” menu, then “Debug window” and select the “Console” tab.

Then, run the command “decoderawtransaction” with the result of the previous command. Figure 9 is showing the output of these two commands.

Figure 9 : Direct reading in the Bitcoin Blockchain, using Bitcoin core

As it can be seen in Figure 9, the “UNicDC” text (in Hexadecimal format, highlighted in red), as well as the Hash of the original “Index PDF file” (highlighted in green) have been found in my copy of the Bitcoin Blockchain, thus validating the fact that my Certificate is genuine and thus valid.

Comment

The above demonstrations have shown how the integrity of Digital documents can be proven, with the help of the Blockchain. One should note that the process is still cumbersome and that it cannot be accessible to anyone, without a minimum of competences and understanding in Blockchain technology. We should however remember that the Blockchain technology is very new (although it has been launched in October 2008, it has become “popular” since only 1–2 years) and that important progress still need to be made, especially in the field of user friendly Apps.

Interesting Apps

Today, the application “ProofOfExistence.com” allows to very easily record the Hash of any digital document in the Bitcoin Blockchain and in the same way to check whether a given document has been time-stamped in the Blockchain or not. It is very important to note that in this application, as well as in the example shown in the Post, the Digital document is not stored on the Blockchain, but only its Hash/Signature. This means that the original Digital document is never disclosed to anybody (and it is never leaving your computer). Only its Hash/Signature is visible to the whole community (however, it is impossible, from the Hash to go back to the original document). This means that the confidentiality of the document is fully preserved.

The Applications “uproov” or “BlockNotary” allow also to secure documents on the Blockchain, even from your SmartPhone.

Conclusion

Blockchain technology is opening unlimited new perspectives, as it allows to generate Trust in the Digital world.


Reference Book

Andreas Antonopoulos, Mastering Bitcoin, O’Reilly Media Inc., 2015 (@aantonop)