Signature anchoring on Bitcoin

Signing data and anchoring signatures in the Bitcoin blockchain



Vincent Barat — Woleet CTO

What is data anchoring?

Data anchoring is the process of creating timestamped proofs of existence of data by leveraging blockchain technologies. As of writing, several SaaS platforms are available off the shelf to anchor data. Woleet and Opentimestamp being the most significant actors in this space.

Proofs of existence generated by the anchoring process are usually small JSON files conform to the Chainpoint format (OpenTimestamp uses a similar binary format). Those proofs, also called « proof receipts » can be verified independently from their creator: some open source tools exist to perform this simple operation.

Being able to prove the existence of some data at some point in time (aka proof of anteriority) allows for new use cases like Intellectual Property Protection and data integrity verification at low cost, and without intermediaries.

What is missing to data anchoring?

Data anchoring is also often claimed as being able to address the problem of authenticating or certifying data, which ultimately consist of being able to reply to the questions « who is the creator of this data? » or « who approved this data? »

This claim is wrong at a practical level. Let’s see why. In order to authenticate or certify some data using only data anchoring, the creator or certifier of the data would need to create the anchoring transaction by himself, using his own Bitcoin address and paying the fees with his own bitcoins: he could thereafter prove he was the author of the transaction.

Because transaction fees are expensive (a few dollars for Bitcoin transactions as of writing) all platforms factorize as much anchors as possible into one transaction obviously signed by the platform and paid using the platform’s bitcoins.

So, YES, you can prove that the data existed at a given point in time with data anchoring, but NO, you cannot know who actually anchored the data (the owner of the transaction will always be Woleet or Opentimestamp).

What is signature anchoring?

Signing a file using a Ledger Nano S on Woleet’s platform

To address this limitation, and allow a new set of use cases, Woleet proposes an evolution of data anchoring: signature anchoring on Bitcoin. The functionality is available on the Woleet platform and the specification is open (described here and in the Woleet API documentation). Anybody is free to implement a similar functionality in a different way, but of course everyone would benefit from a standardisation and interoperability of proofs of signature (which is the case for Chainpoint based proofs of existence).

The process of signature anchoring is actually similar to data anchoring, except it creates a timestamped proof of signature of the data. With such a proof, not only you can prove that some data existed at a given point in time, but additionally that it was signed by an actor (eg. the creator of the data of any other actor wanting to « put his mark » on the data).

The same data can be signed by any number of actors, at any point in time. Each signature generate a new proof and never modify the source data. This allow for a set of new use cases:

Remote signing of documents
one can send a file to a set of signers and ask them for a proof of signature: the file doesn’t need to follow a workflow and is never tampered

Signature timestamping with no intermediate
legacy signature solutions are either not timestamped, or use a centralized authority to prove signature timestamp, while timestamping is inherent to signature anchoring

Data provenance verification
* IoT sensors can emit data along with a signature proof to prove data origin and creation time
* schools can certify the diploma they deliver
* any document used as a proof (like utility bills) can be signed by their emitter to eradicate forgery

Data certification verification
within a data processing workflow, a certification authority can sign some data to prove it certified it at a given date

How does signature anchoring manage signer identity?

Signature anchoring uses Bitcoin’s legacy signature scheme. Thus, a signer is identified by his Bitcoin address (a cryptic number like 10cbJgAXivkAMXwfckMKSrTSrHWk3UCQWh). While sufficient for most use cases, it is not human friendly, and there is a need to know for sure who owns a given Bitcoin address.

Decentralized identity management on the blockchain is not mature: some open solutions start to emerge (like DIF) but there is not yet any consensus, and none of them is widely used.

Signature anchoring may benefit from using decentralized identity management systems in the future. Meanwhile, Woleet has chosen to leverage a currently available, well proven and widely used identity verification source: the Certification Authorities. They are the trusted third parties issuing the TLS certificates used to secure the web. Thanks to these certificates, you can securely surf the web and be sure you are talking with Google, with your bank or with your energy utility company.

Wherever the identity of a signer needs to be verified, an identity URL can be added to the signature proof: this URL, hosted by the signer and protected by his TLS certificate (bought by the signer from a Certificate Authority that will verify his identity) allows to verify that the owner of the certificate also controls the Bitcoin address used to generate the signature, by asking to sign some random data using the same Bitcoin address. Of course, this process requires the signer to host a web service, but Woleet provides a ready to deploy open source server implementing such a service (and more): Woleet.ID Server.

How does signature anchoring work?

Signature anchoring is similar to data anchoring, except that the anchored data is not the original data itself (ie. the one that is signed) but instead the signature of the original data (produced by the signer).

A signature anchoring receipt is a Chainpoint compatible receipt with an additional signature property containing 3 mandatory sub-properties, and 1 optional:

signedHash: the SHA256 hash (ie. the fingerprint) of the original data (this hash is what is actually signed)
pubKey: the Bitcoin address of the signer
signature: the signature of the content of « signedHash » using the « pubKey » Bitcoin address of the signer
identityURL: optional web hook to be called whenever the signer Bitcoin address has to be verified

Note also that the targetHash property of the Chainpoint receipt is the SHA256 hash of the signature instead of the SHA256 hash of the data. Consequently, verifying a signature anchoring receipt using the regular Chainpoint verification process proves that the signature (and by transitivity the data) existed at some point in time: a signature receipt is thus an improvement over an anchoring receipt.

The verification process is completed by a signature verification step: this step checks that the signature provided is a valid signature of the hash of the original data produced using the signer’s Bitcoin address.

Optionally, if the identityURL property is provided, the verification process is completed by an identity verification process (described in the previous part).

Concretely, how can I sign my data and create a proof of signature?

A Ledger Nano S

For end-users, signing and creating signature anchors is a simple drag&drop operation using Woleet ProofDesk web application. Signing can be done with a single click (using Woleet as the trust provider) or can use a Ledger Nano S Bitcoin hardware wallet or the Woleet.ID mobile application to sign, for those who can to control their signatures keys:

  • Ledger’s hardware wallets are the most secured on the market: your private key cannot leak outside the hardware, even if you connect it on a compromised computer. If you lose your device or someone stole it, you will be able to regenerate your private key. Note that Google Chrome or Opera are currently required for communicating with the Ledger device (other browsers are about to integrate the required U2F API).
  • The Woleet.ID mobile application provides you with a Bitcoin identity (a bitcoin address and a private key to sign using this address) that you can backup and restore in case you lose or reset your device. Signing is as simple as scanning a QRCode.

For backends wanting to automatically sign high volume of data with no human intervention, the Woleet API is available. Any Bitcoin compatible signature software can be used to sign data (eg. a Bitcoin full node or a Ledger HSM module or a Woleet.ID Server).



Editor for

Latest news and opinions @Woleet, a blockchain start-up. Go to @Woleet_France for french articles