The following post describes a trustless timestamping service.
Motivation:
The Ergo protocol currently has “expected height” as an integer field in R3 (accessed as creationInfo._1
), which must be less than or equal to the actual height at which the box was created.
It is important for smart contract developers to realize that this value in R3, say x, does not give the actual height at which the box was created but rather it gives a range (x to now) during which the box could have been created.
Thus, if we want to verify that box
was created after a height x, we can use the condition box.creationInfo._1 >= x
, which will be true only if the box was indeed created at or after height x.
On the other hand, if we want to check that box
was created before height x, we cannot use box.creationInfo._1 <= x
, because even a box that gets mined now could have set creationInfo._1
equal to x
.
A future version of Ergo may add the actual inclusion height into the box (see this issue).
However, until then we need an alternative to decide if a box has obtained a certain number of confirmations.
For this, the timestamping service is proposed. This is a trustless 3rd party service on the Ergo blockchain that allows anyone to use this to reliably timestamp a box. Let Alice be the service provider, who may earn some profits but cannot cheat.
The service consists of two types of boxes
-
A master box that contains a large number of tokens t and this can only be used to generate a timestamp emission box containing 1000 t tokens.
The other output must be a copy of this box with the remaining number of tokens and the same number of Ergs. -
A large number of timestamp emission boxes with below script:
- If Alice is spending that she may withdraw any amount of Ergs only ensuring that min storage rent is kept. The output must be an identical box with the same number of tokens
- Otherwise, anyone can spend to timestamp another box b provided as data input. The output will be a timestamp box with an unspendable script (example
false
) and the following:- The boxId of b in R4
- The HEIGHT in R5
- One t token locked in the first index.
- Some min number or Ergs that allow the timestamp box to remain in UTXO set for few years (or decades, depending on application).
The script in the timestamp emission box may require the spender to pay some Ergs as a “fee” that Alice could later claim.
Then anyone can use the token id t as a generic timestamping token without much extra code as follows:
val timestampBox = CONTEXT.dataInputs(0)
val timestamp = timestampBox.R5[Int].get
val timestampBoxId = timestampBox.R4[Coll[Byte]].get
val token = timestampBox.tokens(0)._1
box.id == timestampBoxId && timestamp <= x && token == t
The above will be true only if box
was created at or before height x
One thing we need to ensure that that all t tokens are locked up in such boxes. This can be done off chain before I write my contract… The easiest way is to check that the transaction that created the tokens stored all of them in a single master box.
There are probably some ways to verify this on chain (topic for future research).