Truestamp has a mission to democratize access to tools and technology that can prove the integrity, timestamp, provenance, and authorship of any data or intellectual property. We can accomplish this by creating cryptographic commitments that link your unique data, metadata, provenance info, digital signature, and other trust signals to Stellar and other public blockchains.
These commitments can be independently verified by anyone in possession of a copy of the original data and a Truestamp Id or commitment JSON file.
We'd love to take this opportunity to take you on a journey through our product offering, customer use-cases, and technology.
As a Software as a Service (SaaS) business, Truestamp will provide multiple, value-priced, subscription tiers of service that customers can subscribe to. This will include a generous free tier for development, exploration, and evaluation and discounts for annual service. It is anticipated that the primary revenue source will be from business customers wishing to protect and verify their data at scale, and who desire the additional features and capabilities offered with the paid plans.
As a developer focused SaaS platform, essential documentation, tools, Software Development Kits (SDK) and clients will be made freely available at launch, many of them released under an approved open source license.
Truestamp stands on the shoulders of giants and relies upon several core pieces of technology to allow us to cryptographically commit to the integrity, provenance, authorship, and timestamp of any data. The system can handle data of any size, and any type. If it can be represented as bits and bytes, we can imbue it with additional trust signals and immutably commit it to the public blockchain.
Hash functions can digest any data, of any size, and reduce it to a specific output size, for example 32 Bytes in the case of the well known SHA-256 hash function. Hashes are the bedrock of most modern security systems. Hashes have some critically important properties, here are a few of them.
1) They are deterministic, always providing the same output for a given input. A single bit change will result in an 'avalanche' of changes to the output hash.
2) The output is infeasible to reverse (cryptographers use 'infeasible' the way the rest of us say 'pretty much impossible'). You cannot learn anything about the original data by examining its hash.
3) Due to #2, hashes are naturally privacy preserving. We never see your original data.
In the case of Truestamp, your submitted data and metadata is digested to a single hash value for inclusion in the system.
Watch this mind-bending (and fun) explainer that tackles the question of "How secure is 256 bit security?" using SHA256 as the example.
Merkle trees (named after famed cryptographer Ralph Merkle) raise hash utility to the next level and are a form of binary tree.
If you construct a Merkle tree with a 100k hashes of a 100k objects (the leaf nodes) it will find every hash, pair it with its neighbor, and construct a new hash. It keeps doing this until every branch is reduced to a single hash at the root of the tree known as the 'Merkle root'. Since its constructed entirely of hashes, if you change even a single bit of a leaf, you completely change the output of the Merkle root hash.
Oh, and did I mention they're fast? The creation of a 100k node Merkle tree takes a few hundred milliseconds.
This structure is useful as it allows you to represent a huge number of objects with a single 32 byte hash. However, the most "magical" (where math is considered magical) aspect of a Merkle tree is that you can generate a tiny mathematical proof called an "inclusion proof". This proof allows you to prove that any leaf of the tree is represented in the root.
It's as if you could prove that a certain very special shade of green was created by mixing a never before seen shade of blue, and an equally unique shade of yellow. The special blue could be accompanied by its own unique inclusion proof that proves it was the one used to make this lovely never before seen shade of green.
So for every leaf you submit, Truestamp stores an inclusion proof. To take it up a scalability notch Truestamp actually creates multiple layers of Merkle trees, where the root of one tree becomes the input leaf node of another. We do this for each public blockchain we commit to.
Watch: "What is a Merkle Tree?"
When hash, accompanied by metadata, is submitted to Truestamp it contains only information that the submitter intended for us to capture. Truestamp can provide additional value by decorating this metadata with additional attributes that we refer to as trust signals.
Trust signals provide additional context for commitment verifiers to use when evaluating the trustworthiness of content. We can't confirm what is true or false, but the preponderance of signal evidence will point at the truth.
The Truestamp observable entropy project provides additional time context. While information committed to a public blockchain can only ensure that a certain data hash was added before a point in time, the observable entropy hash can prove something was submitted after a provable point in time.
The observable entropy project continuously captures randomness from the world around us. This randomness is impossible to predict in advance, but easy to prove when examining it after the fact. Like the "proof of life" idea you sometimes see in the movies, by blending information about current events into your Truestamp commitment we can prove your data was received after confirmable events, like the value of the last Stellar ledger hash, took place. You can review the sources we capture every five minutes here.
If you are capturing video, or photographic content, we also encourage you to display or print our ever-advancing QR code and hash that links to the current state of observable entropy. This can be scanned from a video or photo frame to place the content in time. This trust signal can eliminate scenarios where content is claimed to be current but is actually recycled from another place or time. https://observable-entropy.truestamp.com/
Another signal we include are the values present in your request to our edge servers. For example, if you are making a claim to have captured and submitted an image from Ukraine, but your request properties indicate your request originated from somewhere in another country then you might have some explaining to do.
We can't prove you weren't using a VPN that masked your true location at the time, but when the signals don't match expectations it makes it hard to make the case.
You have the option to digitally sign your incoming metadata with one or more ed25519 digital signatures. Since only you control the private key, you can later prove that a Truestamp Item was in fact submitted by you, or you and a collection of colleagues. This is a powerful signal that you were the point of origination for a Truestamp commitment.
All commitments we return are also signed by Truestamp's private key so you can verify that the entirety of the commitment has not been tampered with and is provably authentic. Our public keys are online too.
Truestamp's use of the Stellar public blockchain, is where things really get interesting.
One of the most interesting properties of the blockchain is its immutability. Once written to it can no longer be changed. Once a transaction is included in a timestamped Stellar ledger entry, agreed upon by the network validators and published for all to see, it is generally considered to be unchangeable.
Truestamp leverages this immutability by including each Merkle root we generate in a transaction once per minute. Stellar provides an excellent platform for this as it is fast, inexpensive, and not subject to the periodic re-organizations or forks that many other blockchains suffer from.
Confirmations, Forks, and Rewriting History
I had the opportunity to ask David Mazières, Founder and Chief Scientist at the Stellar Development Foundation, about some of the properties of the Stellar blockchain in person and via email. He was very generous in his responses.
Can you comment on the immutability properties of transactions included in Stellar ledgers? [...] Other public blockchains require multiple confirmations (e.g. Bitcoin requires six confirmations, totaling ~60 minutes of wait time) to provide safety against block re-orgs.
A: David Mazières
Because SCP only requires computational difficulty for "asymptotically" hard problems, namely digital signatures and hashes, you don't need extra block confirmations.
During our in person Q&A I'll paraphrase how he went on to describe how if he:
...was to create a hypothetical billion dollar transaction, I might wait for a one single block for additional confirmation [five seconds].
Bitcoin takes at least an hour to achieve the same level of safety in its confirmations (6 * ~10m).
Another important aspect of blockchain choice for Truestamp is how a blockchain handles time and how that time equates to the wall clock time we are all familiar with. Truestamp is creating blockchain commitments to the hash of the data and by extension the timestamp. We purposely don't store these timestamps in our commitments since they are not owned by us. They are owned by the blockchain ledger entries that reference transactions containing our Merkle roots. So a timestamp is only available once a commitment has been fully verified against a ledger/block.
It is well known that blockchains, such as Bitcoin, make no guarantees about the accuracy of the timestamps in their blocks. In fact Bitcoin's protocol allows timestamps to vary by hours from wall-clock time, and blocks can even time travel with a later block having a timestamp prior a previous block in the chain.
Once again, David's insights into the guarantees that Stellar provides in this regard are helpful.
Can you comment on how Stellar blockchain validators treat the timestamp associated with a ledger/transaction?
A: David Mazières
A timestamp is considered valid if it is between the previous ledger close time and the current time (as defined by the local system clock). Nodes only vote to nominate valid values. If multiple values are confirmed nominated, they are combined by taking the highest valid timestamp among them.
The above guarantees that whatever timestamp the next block has A) must be later than the previous block, and B) must be no later than the local clocks on a quorum of validators.
This behavior provides much tighter tolerances where time is concerned which is clearly very important for Truestamp's use case.
Speed, Efficiency, and Cost
Stellar also provides the very useful properties high frequency ledger creation, with ~5 seconds between each ledger entry. This allows the time granularity that our commitments can commit to to be much finer.
Cost is also important. It is estimated that at current XLM prices it will cost less than $25 to submit a transaction every minute for a year to the Stellar blockchain.
Truestamp will continue add other public blockchains over time. Other chain's much greater cost per transaction (historically rising higher than $50 each) preclude them from being used at the same high frequency. This is why our implementation at Truestamp will use Stellar as our first, and primary ledger source and other chains will be committed to on a much less frequent basis, perhaps hourly, daily, or even weekly. You'll always have Stellar commitments to rely on for high precision timestamps, with the other chains serving as a backup in case any of the chains fail or are compromised.
Some would read this and think they would the naive approach of "just submit my own hash to the public chain". This is entirely possible, but ill advised. Doing so will be prohibitively expensive, and if many are doing that it would bloat the blockchain tremendously. In contrast, Truestamp can record millions of items to the blockchain with as few as 32 bytes of data stored on-chain. This is incredibly efficient in both storage and energy use.
Mr. Mazières reflected the he has, in fact, done this himself.
For what it's worth, I have personally placed SHA256 hashes and git commit hashes in the Stellar blockchain to timestamp messages.
I suspect that even he would reconsider doing this for thousands of transactions when a single Merkle root aggregating many off-chain commitments would do the job far more efficiently.
There is much more to talk about in relation to our technology, but one last concept we'll leave you with is how we manage provenance and authenticity using digital signatures.
Every time an item is submitted to Truestamp, it can be accompanied by simple or complex structured metadata. This can include who created or modified content, time or place of creation, the entities or individuals involved in the change and other free form data. It is up to you to determine how much, if any, additional metadata you want to commit. As we mentioned earlier, incoming data can also be signed with one or more `ed25519` digital signatures as a trust signal. Truestamp also digitally signs each commitment you download so that it can be authenticated as coming from us.
Each time some data is versioned (think about every Git commit in a repository for example), the new data can logically overwrite the old. But, the magic is in the fact that we keep every version of the metadata describing every item you submit. We refer to this as temporality. Every version also gets it own public blockchain commitment and can be independently verified. This will allow you to walk the history of a document and retrieve or verify each historical revision. Our own version of time travel.
It is important to us that the our cryptographic commitments that link user data with public blockchains be open and accessible. To that end we have developed open-source tooling, including a CLI and verification SDK. that allow for easy and complete verification of all Truestamp commitments. These tools can complete these verifications independent of Truestamp's systems, and can even operate when offline.
We believe strongly that user's own their own data and while we will provide friendly online tools, it is important that you have the confidence that you can download your commitments and verify them far into the future without our assistance. To do so you'll need:
For the developers who are curious. Here's some info about our technology stack.
The REST API is implemented as a collection of Cloudlfare workers, distributed serverless application that runs on the network edge in more than 300 global points of presence. Access and authorization services are provided by our identity provider Auth0.
Application payment processing and subscription management is handled through our integration with Stripe.
The primary back-end infrastructure runs on the Amazon Web Services cloud. All infrastructure is deployed using the 'infrastructure as code' concept that allows us to define the infrastructure as deployable code. We can deploy/redeploy multiple instances of the entire backend with a single command and without additional human intervention or manual configuration.
The backend makes very heavy use of publish and subscribe topics and queues for maximum reliability and durability, with a micro-service serverless Lambda function architecture handling all tasks related to interfacing with our distributed serverless database solution, public blockchains, and object storage.
The ability of this infrastructure to scale to the limits of the providers involved is present on day one. The front-end and back-end are decoupled and operate independently of each other.
The backend infrastructure has been tested at scale with millions of Items submitted to date.
Truestamp sees many use cases for lightweight commitments that attest to time, provenance, metadata, and even authorship via digital signatures. In fact we see use cases for nearly every activity that has a time or data component to it. Here are a few examples.
In the context of talking about the ethics of using deep-fake technology in film and television, famed director Jon Favreau discusses what could very well be a description of Truestamp. Here he is talking not only about how they incorporated the idea of blockchain identifiers in his show "The Mandalorian", but how he thinks about the thorny issues of synthetic content in his industry and the modern world in general.
"It becomes harder and harder to trust your own eyes and ears on this stuff. [...] We were alluding to, that there is a blockchain identification that everybody has. I wonder if certain images, or videos that are released in an official capacity, can have some kind of a stamp with it. Something, when you see something, that you know its real. Because its becoming harder and harder to tell fake from real. And if we know that, we have a technology that can address that."
I'll admit, the Star Wars universe fan that I am, I almost lost my mind when I first watched this incredibly on-point video. Jon, we are here to help.
In an age of deep fakes, misinformation, and disinformation the job of photo journalists in the field, and their publishers, is made all the more difficult. Global consumers of their content demand evidence based approaches that allow them to independently verify content integrity and trustworthiness. Proving exactly when and where an image was captured, and ensuring it has not been tampered with is critical.
These issues are of equal importance to organizations like Witness.org who champion the use of digital media to capture and record, for posterity and action, human rights abuses around the world.
When a journalist, or a human rights activist, captures an image, and tags it with metadata, it can be hashed and submitted to Truestamp using a mobile phone while still in the field. This can be done with very simple tools that require no expertise or technical knowledge. The bandwidth required to submit this verifiable fingerprint is minuscule (often less than 128 characters needs to be sent) but it will allow anyone with access to a copy of the original data to prove:
* A precision timestamp before which the image hash was sent (ledger time).
* A provable timestamp after which the image was sent using observable entropy.
* Proof of the integrity of the image and its metadata, down to the single bit level of change detection (content hash).
* A digital signature of the author.
* Additional trust signals and metadata, such as GPS coordinates and info about which global point of presence the sender used to submit the Item. For example, an image sent via a mobile network in Ukraine could reflect an entry point in Kyiv which would be recorded as part of the commitment. The photographer's onboard GPS will provide precise location information to be included in the capture.
Taking all of these trust signals into account it becomes much more difficult to create believable fakes. Authentic content can be verified with a high degree of confidence.
In response to a submission the journalist would receive a digitally signed Id immediately, and their Truestamp account would reflect this capture and make available the commitment approximately one minute later. The content and commitment can be shared publicly to allow independent verification by anyone.
Any entity that creates, and needs to protect, intellectual property can use Truestamp commitments to prove the provenance of their content or invention.
Again, we stand on the shoulders of giants. The concept that an author can pre-publish information about an invention or discovery, while obfuscating its content until a time of the author's choosing, goes back hundreds of years. There is documented historical proof that such notables as Galileo Galilei, Johannes Kepler, Christiaan Huygens, and Robert Hooke used these methods to protect their discoveries in the 17th and 18th centuries.
They used techniques such as creating an anagram of their key discovery text, and then publishing that anagram for others to see without releasing the content. Once they were ready to divulge their discovery, they could prove both the content and time of their discovery by revealing the original text for comparison with the anagram or cipher and the known time of when the anagram was published or sent in a letter.
There is a direct line between this technique and the modern equivalent of capturing the hash of a document for wide publication in a public, and immutable, blockchain ledger. When the content is ready to be verified publicly it can simply be released, and its hash compared to a verifiable commitment.
This has numerous applications in the fields of patents, copyright, intellectual property, and can serve as an inexpensive form of insurance against claims of prior art.
For example, in the pharmaceutical industry, huge sums are spent on research and development. In a world where such companies are in fierce competition, and frequently litigate, the ability to prove that your company did in fact document discoveries earlier than a competitor could potentially be extremely valuable.
One can easily imagine software patent claims being supported by the continuous recording of every git commit a company makes as a verifiable Truestamp commitment. This is lightweight and the integration with Truestamp is trivially implemented and fully automated.
Truestamp has a clear role to play when considering common issues related to the authenticity and chain of custody of digital content. As an example, the hashes of crime scene photography, captured data, or body-cam evidence can be committed to Truestamp at the time of capture, with provenance metadata indicating who/where/when it was captured.
At each transfer step in the chain of custody the content can be verified, and new metadata captured and submitted. Each step contributes to the verifiable temporal history of the data.
In this scenario any cryptographic break in the chain of custody can easily be identified.
In Summary, any industry, or individual that deals with data in any form, or that cares deeply about the integrity of their data, can rely on Truestamp to help protect their most valuable data. As the tagline says, "Know what's true." Thank you for your interest, and please feel free to reach out to us with questions at firstname.lastname@example.org.
 Disney/Jon Favreau clip used under copyright fair use.
© Disney, All Rights Reserved
STAR WARS: THE MANDALORIAN
S2:E2 Making of Season 2 Finale
Truestamp is a single-employee early-stage start-up that is currently funded through a friends & family round that has helped support the first 24 months of full-time R&D and development. The founder brings more than two decades of consulting, architecture design and development experience including in leadership positions working on blockchain and has been responsible for the totality of the software design and development efforts to date. Truestamp is planning to soft-launch our first public beta of the product at the 2022 Consensus blockchain conference in Austin, TX.
Truestamp has developed, and already deployed, a modern highly scalable global edge compute infrastructure that has been proven to handle millions of submissions per day. The infrastructure is designed to be globally performant from day one relying on a global edge network with more than 300 points of presence and designed to take advantage of serverless computing to the maximum extent possible.
Truestamp operates out of the United States, but the product, and the concepts of verifiably trust and data integrity have what we hope is global product appeal. The intention is to start with an English language website, and expand with translations and acceptance of other currencies as appropriate.
Truestamp has ambitious goals to gain broad cross-industry acceptance as a standard for ensuring the verifiable integrity, timestamp, and provenance of critically important data. In six months I would like to see an emerging positive customer growth trend after our open-beta release. We will be actively seeking to secure additional funding to carry the company through its first year of growth on a path to sustainable revenue.
I would expect that we will learn a great deal from our open beta experience and we will adjust the product fit as customer feedback demands.
Truestamp is nearing its production release and has a record of achieving its development milestones over the life of the company.
Truestamp is eager for additional help, initially freelance development support, transitioning to new hires once revenue growth and and financial backing support that.
Truestamp has had legal representation since its inception and there are no known licensing or regulatory requirements that the company needs to address at this time.
Truestamp's mission is to democratize access to tools and technology that can prove the integrity, timestamp, provenance, and authorship of any data or intellectual property.
We believe we are about to provide a solution that will allow our customers to accomplish that goal by combining strong cryptographic commitments of any data and metadata the are verifiably linked to public blockchains like Stellar.
Please read more about our product and service offerings in the sections above where we have gone into great detail on these topics.
Truestamp's target market is small to enterprise businesses and independents whose business would benefit from reducing the risk associated with their content and intellectual property.
Truestamp is a SaaS business with a subscription based revenue model that scales from individuals and developers testing and evaluating our service, all the way up to enterprise customers with the need to protect their data at scale.
Our pricing is value based, and discounted for annual pre-payment. Higher tiers of subscription service come with additional features and capabilities as well as increases in the number of Items that can be submitted before additional costs are incurred.
Usage overage, above and beyond plan limits, are charged at a rate disclosed in advance. There are no hard usage limits.
THREATS AND OPPORTUNITIES
A threat in the current environment is public perceptions of blockchain related applications. Many have seen "scams" or "rug pulls" in the crypto space and are concerned about businesses associated with this field.
We address this by operating as a standard SaaS business. We never expose our customers to discussion of crypto-currency, token offerings, or speculative activity.
We are a traditional, enterprise focused business that desires to use the best properties of the blockchain while keeping it in the abstract.
We are also concerned about the energy usage of blockchains we may integrate with. Low energy usage per transaction is one of the drivers in our choice to use Stellar as a primary commitment point.
We see many opportunities as we enter our launch phase. In the current world environment we see opportunities to engage with those doing the hard work of reporting and documenting human rights abuses worldwide. We are looking for opportunities to engage with those entities that are involved with this worthwhile endeavor and make our services available to them.
There have been attempts in the past to create open source tools, or startups funded via token sales. Our CEO has been personally involved with some of these efforts, and in this space for five years. Much has been learned about what not to do.
None of them have gained traction outside of a small cadre of fans or "investors", none of whom use the product at scale. Oftentimes, these projects do not have the ability to operate at scale, or reliably. In some cases they are more like hobby projects that can handle a few transactions an hour and commit to a single blockchain.
We want to bridge the divide between "crypto maximalists" who insist on maximum decentralization and use of their favorite chain, and the enterprise where the leaderless nature of blockchain is seen as a point of concern.
We believe there are advantages that a more centralized organization can provide on the ingestion of data into the system, while still freeing the customer to take their commitments with them for independent verification by anyone. It is not an either/or proposition.
Our experience in working for many years working at both crypto focused startups and the enterprise allows us to better understand both of their needs, strengths, and weaknesses.
MARKETING AND SALES
Truestamp has primarily been focused on active research and development, design, and software engineering. As we prepare to launch we are beginning the transition to needing more focus on the marketing and sales aspect of engaging with potential customers. This is a process, and we are just beginning this phase.
We hope, that with the support of the Stellar Community Fund, we can bring on additional expertise to help us manage this transition.
The company will soft-launch our first beta release at the Consensus 2022 conference in Austin, TX this June. We hope to meet more of the Stellar community there.
RESOURCES AND RELATIONSHIPS
The company's leadership, board of directors, and outside advisors bring a wealth of knowledge, decades of experience, and numerous business connections. We plan to leverage this as we launch and grow the initial customer base.
* The amounts shown are budget requests and not (yet) granted to the projects. During the Community Vote phase, voters can indicate whether the project deserves the amount it's asking for (budget request). The total pool of XLM available for SCF#11 is 8M XLM. SDF will allocate the XLM equivalent of the specified USD budget of the submissions with the most votes in descending order of rank until the earlier of (i) the XLM Pool is fully distributed (ii) there is not sufficient XLM remaining in the XLM pool to fully fund the next ranked submission or (iii) there are no remaining eligible submissions. The USD valuation of the budget request in XLM will be calculated using the CF Stellar Lumens-Dollar Settlement Price on December 5, 2022 as administered, maintained, and reported by the cryptocurrency index provider CF Benchmarks Ltd. (using the ticker “XLMUSD_RR”) (available at https://www.cfbenchmarks.com/indices/XLMUSD_RR). Learn more in the SCF Handbook.
*The USD valuation of the award in XLM is calculated using the CF Stellar Lumens-Dollar Settlement Price on July 5th as administered, maintained, and reported by the cryptocurrency index provider CF Benchmarks Ltd. (using the ticker “XLMUSD_RR”) (available at https://www.cfbenchmarks.com/indices/XLMUSD_RR)
**The USD valuation of the award in XLM is calculated using the CF Stellar Lumens-Dollar Settlement Price on December 16, 2021 as administered, maintained, and reported by the cryptocurrency index provider CF Benchmarks Ltd. (using the ticker “XLMUSD_RR”) (available at https://www.cfbenchmarks.com/indices/XLMUSD_RR)
*The USD valuation of the award in XLM is calculated using the CF Stellar Lumens-Dollar Settlement Price on September 27, 2021 as administered, maintained, and reported by the cryptocurrency index provider CF Benchmarks Ltd. (using the ticker “XLMUSD_RR”) (available at https://www.cfbenchmarks.com/indices/XLMUSD_RR)
* The USD valuation of the award in XLM is calculated using the CF Stellar Lumens-Dollar Settlement Price on the date of transfer as administered, maintained, and reported by the cryptocurrency index provider CF Benchmarks Ltd. (using the ticker “XLMUSD_RR”) (available at https://www.cfbenchmarks.com/indices/XLMUSD_RR)