Skip to content
— CH. 1 · INTRODUCTION —

Trusted timestamping

~5 min read · Ch. 1 of 6
6 sections
  • Trusted timestamping is the process of securely recording when a document was created or changed, in a way that even the document's own owner cannot alter after the fact. It sounds like a bureaucratic detail, but the problem it solves is ancient. How do you prove you knew something at a specific moment in time, without revealing what you knew?

    Robert Hooke faced exactly this problem in 1660. He had discovered his law of elasticity, but did not want to publish it yet. So he hid it inside an anagram: ceiiinosssttuv. Anyone could see he had written something. Nobody could read it. Years later, he revealed the translation: ut tensio sic vis, Latin for "as is the extension, so is the force." The anagram was his timestamp. Galileo did the same with his discovery of the phases of Venus.

    What happens when the stakes are not scientific priority but legal evidence, financial transactions, or medical records? The question of who can be trusted to vouch for a moment in time becomes considerably harder to answer.

  • In 1677, Isaac Newton received questions from Leibniz and responded with a letter that contained a remarkable piece of concealment. Rather than explain his "fluxional technique" directly, Newton buried its foundations in an anagram: 6accdae13eff7i3l9n4o4qrr4s8t12ux. He wrote plainly that the foundations were "evident enough, in fact" but that he preferred to conceal them for the time being.

    Newton's letter is not just a curiosity in the history of calculus. It is an early example of the same instinct that drives trusted timestamping: establishing priority without disclosure. The anagram proved he possessed the knowledge at a given moment without surrendering it to a rival. Stuart Haber and W. Scott Stornetta were the first to formally discuss trusted digital timestamping in the published literature, carrying this centuries-old instinct into the age of computers.

  • The modern technique rests on two mathematical tools: digital signatures and hash functions. A hash function takes any document and produces a fixed string of bits that acts as a digital fingerprint. Change even a single character in the original document and the hash changes entirely. This property makes hashes useful as proxies for the document itself.

    When a user wants a trusted timestamp, they send only the hash to a Time Stamping Authority, which the RFC 3161 standard calls a TSA. The TSA appends the current time to the hash and then calculates a new hash of that combined value. It signs this second hash with its own private key and returns the signed package to the requester. Because the hash function runs in only one direction, the TSA never sees the original document at any point. This matters enormously for confidential material such as legal contracts or research data: the document never leaves the owner's hands, yet the timestamp still holds.

  • Checking a timestamp later is a mirror image of creating one. Anyone who trusts the TSA can take the original document, recompute its hash, append the timestamp the TSA issued, and hash that combination. Call the result hash A. Then they decrypt the TSA's digital signature using the TSA's public key to recover hash B. If A equals B, the document and timestamp are unaltered and were genuinely issued by that authority.

    The RFC 3161 standard governs this process. The newer ANSI ASC X9.95 Standard builds on RFC 3161 by adding data-level security requirements tied to a reliable time source, verifiable by any third party. That standard has been applied to financial transactions, regulatory compliance, and legal evidence. Using multiple TSAs can further reduce vulnerability and increase reliability, since no single point of failure controls the record.

  • Not all timestamping systems work the same way, and the field has produced several distinct approaches. PKI-based schemes protect the timestamp token with a public key infrastructure digital signature. Linking-based schemes generate each timestamp in a way that connects it mathematically to those around it. Distributed schemes spread the work across multiple cooperating parties so no single authority holds all the power.

    The transient key scheme is a variant of PKI that uses short-lived signing keys, reducing the window of exposure if a key is compromised. The MAC scheme uses a simple shared secret key and appears in the ANSI ASC X9.95 Standard. Database schemes store document hashes in a trusted archive and offer an online lookup service for verification. The linked-and-signed hybrid is the approach most widely used in practice. Masashi Une's published work provides a systematic classification and evaluation of these competing schemes for those who want the full comparison.

  • With the arrival of cryptocurrencies, a different approach became possible. A user can hash digital data and embed that hash directly into a blockchain transaction. For proof-of-work blockchains, the security comes from the enormous computational effort that accumulates after the hash is recorded. Altering a timestamp would require more computing power than the entire rest of the network combined, and the attempt could not go unnoticed in an actively maintained chain.

    Bitcoin in particular has a known weakness on this front. Its design allows timestamps up to two hours in the future, and it accepts new blocks whose timestamps are earlier than the block before them. That window of manipulation limits how precise a Bitcoin-anchored timestamp can be. The approach has found use in areas beyond finance: dashboard cameras have used blockchain timestamping to protect the integrity of video footage at the moment of recording, and the same technique has been applied to establishing priority for creative work shared on social media platforms.

Common questions

What is trusted timestamping and how does it work?

Trusted timestamping is the process of securely recording the creation or modification time of a document so that neither the owner nor anyone else can alter it after the fact. A user sends a cryptographic hash of their document to a Time Stamping Authority, which appends a time value, signs the combined hash with its private key, and returns the signed token. Verification is done by recomputing the hash and comparing it against the TSA's signed record.

Who first discussed trusted digital timestamping in published literature?

Stuart Haber and W. Scott Stornetta were the first to discuss trusted digital timestamping in the published literature.

What standards govern trusted timestamping?

The RFC 3161 standard defines the core trusted timestamp framework, including the role of the Time Stamping Authority. The ANSI ASC X9.95 Standard builds on RFC 3161 by adding data-level security requirements tied to a reliable time source, and has been applied to financial transactions, regulatory compliance, and legal evidence.

How did Robert Hooke use an early form of timestamping in 1660?

In 1660, Robert Hooke concealed his discovery of the law of elasticity inside the anagram ceiiinosssttuv rather than publishing it immediately. He later revealed the translation ut tensio sic vis, proving he had made the discovery before anyone else while protecting the details in the meantime.

What are the different types of trusted timestamping schemes?

The main schemes are PKI-based, linking-based, distributed, transient key, MAC, database, and hybrid. The linked-and-signed hybrid is the most widely used in practice. Masashi Une's published work provides a systematic classification and evaluation of these approaches.

Can blockchain be used for trusted timestamping and what are its limitations?

Blockchain can be used for timestamping by embedding a document hash into a transaction, with security derived from the computational effort accumulated after the hash is recorded. Bitcoin in particular allows timestamps up to two hours in the future and accepts blocks with timestamps earlier than the preceding block, which limits the precision of Bitcoin-anchored timestamps.