Replying to Avatar code monkey

Hey Peter, this might be a dumb question but are there any projects similar to OpenTimestamps, or that could couple with it to provide a device-specific signature in addition to the timestamp data? Like a device fingerprint, so you can reasonably prove data was created by a specific device before the given time?

I've always thought this would be super useful, but I'd be somewhat surprised if it didn't already exist.
Avatar
Peter Todd 9mo ago

Basically no. That is a _much_ harder problem than time-stamping...

Reply to this note

Please Login to reply.

Discussion

Avatar
code monkey 9mo ago

Assuming you could easily generate unique keys for any device, can you explain the difficulty? Wouldn't it just be like the earliest device has the strongest claim to authenticity?

I didn't realize it'd be that much harder, but I've probably missed the obvious. Thanks for your time.

Avatar
Peter Todd 9mo ago

The thing is with keys alone you're not proving that data was created by an _device_. But rather, just by a key. That by itself doesn't mean anything. To actually prove something about a device is a difficult key validation problem.

Avatar
code monkey 9mo ago

I really appreciate your reply.

I was thinking about it as the device fingerprint being essentially the seed for the key but I can see how that could be an issue if you cannot guarantee uniqueness of the seed, or if the private key is compromised (or can't be proven that it was never compromised), spoofing a device fingerprint, etc.

Anyway, I won't take more of your time but I like learning what I can. Have a good one! 👍