Blockchain is a type of distributed ledger technology (DLT) where records are organized in blocks. These blocks are appended sequentially to a chain using distributed consensus and cryptography. Each block contains a timestamp and a link to the previous block. This way, if data in any block is altered retroactively by a node, the whole subsequent chain in its ledger will change. Hence, the fraudulent node will be rejected by the others on the network as ‘source of truth’. Some efficient use of blockchain are event recording, records management, provenance tracking, document lifecycle management.
To validate the consistency and the order of added block of records (transactions), all nodes make an agreement on the implemented consensus mechanism. Examples are Proof of Work (Bitcoin), Proof of Stake (Ethereum).
To create a digital signature of a document, all the bytes of the file are taken to create a digest with a cryptographic hash function from those bytes. This hash value is signed with the private key of the owner of the document and stored. The details contained in a signature are the signed document hash, the signer’s identity (public key corresponding to the private key used for signing) and a timestamp. All of these elements will be required to verify the signature of a document afterwards.
Unlike with traditional databases, distributed database storage devices are not attached to a central processing unit. Instead, storage devices are spread across a network (of nodes, see below). Examples of distributed databases are Hadoop and NoSQL.
Distributed ledger technology (DLT)
A distributed ledger technology is a type of distributed database with specific characteristics:
- Records in the ledger are replicated over all nodes in the network.
- Each node can add new records upon consensus reached by other nodes in the network.
- Ledger records are validated for integrity, authenticity, immutability and non-repudiation.
- Different nodes on the network act as independent participants; they don’t need to trust each other.
A collection of permanent definitive records of transactions.
An entry in the ledger that contains information about transactions.
A document can be signed multiple times by different signers sequentially, to avoid that new signers invalidate the previous signers’ signatures.
In a distributed network, a node is a connection point able to receive, create store or send data from and to other nodes within the network.
Proof of Existence
Common uses of the Proof of Existence service include:
- Demonstrating data ownership without revealing actual data: You can publicly reveal the digest (hash) and if conflict arises, you can prove you had the data that generates it. Useful for copyrighted material, patents, etc.
- Document timestamping: You can prove certain data exists at a certain moment of time. As we use public blockchains (Bitcoin, Ethereum) to store the document proof, you can certify the existence of your document without the need of a central authority.
- Checking for document integrity: If you store a proof for your document and later re-upload it, the system will only recognize it if it is completely and fully the same document. The slightest change will be recognized it is different, giving you the security that certified data can't be changed.
Public key infrastructure (PKI)
In a PKI system, signers own a key pair which consists of a public key and a private key. Encryption is when someone uses a public key to encrypt a message and the party possessing the corresponding private key can decrypt the message. On the other hand, signing happens when someone uses the private key to encrypt a message and everyone who has access to the publicly can decrypt the message.
Smart contracts can be understood in terms of ‘self-executing computer code’ on a distributed ledger, ruling the transaction logic in the network, or in terms of legally binding contract coded in programming language.
In the case of registering and processing files and documents with CertiMint, smart contracts are used to define whether and how to register them, the time at which it was recorded and at what cost.
The EU defines digital signatures as follows: An electronic signature is an electronic indication of a person’s intent to agree to the content of a document or a set of data to which the signature relates. Like its handwritten counterpart in the offline world, an electronic signature is a legal concept capturing the signatory's intent to be bound by the terms of the signed document.
Electronic signatures in the European Union
Electronic signatures were first recognized in European legislation through the Directive on a Community framework for electronic signature (eSignature Directive) adopted in 1999. Since 1 July 2016, electronic signatures in the EU are governed by the Electronic Identification and Trust Services (eIDAS) Regulation. eIDAS provides a predictable regulatory environment directly applicable to all EU member states to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
'Simple electronic signatures
An electronic signature is defined as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign" (eIDAS Article 3). Thus, something as simple as writing your name under an e-mail might constitute an electronic signature.
Advanced electronic signatures (AdES)
An advanced electronic signature (eIDAS Article 3) is an electronic signature which is additionally:
- Uniquely linked to and capable of identifying the signatory.
- Created in a way that allows the signatory to retain control.
- Linked to the document in a way that any subsequent change of the data is detectable.
The most commonly used technology able to provide these features is the use of a public key infrastructure (PKI), which involves the use of certificates and cryptographic keys.
Qualified electronic signatures (QES)
A qualified electronic signature (eIDAS Article 3) is an advanced electronic signature which is additionally:
- Created by a qualified signature creation device.
- Based on a qualified certificate for electronic signatures.
Signature creation devices come in many forms to protect the electronic signature creation data of the signatory, such as smartcards, SIM cards, USB sticks. Remote signature creation devices can be used where the device is not in the physical possession of the signatory but managed by a provider. Those remote qualified signature solutions offer an improved user experience while maintaining the legal certainty offered by qualified electronic signatures.
Qualified certificates for electronic signatures are provided by (public and private) providers which have been granted a qualified status by a national competent authority as indicated in the national 'trusted lists' of the EU member state. Those lists can be accessed through the Trusted List Browser. Many providers of qualified certificates will deliver the corresponding private key on a qualified signature creation device.
While different levels of electronic signatures may be appropriate in different contexts, only qualified electronic signatures are explicitly recognized to have the equivalent legal effect of hand-written signatures all over the EU.
How can blockchain fit in?
While blockchain technology is not recognized yet by the EU as a qualified electronic signature, additional national legislation (for example, in the Netherlands) offers some more guidance in when a digital signature is deemed valid. The signature needs to meet the eIDAS criteria for an electronic or advanced signature (See the paragraph 'Advanced electronic signatures').
The electronic signature needs to fulfil the same basic functions as a handwritten signature. The method used for signing needs to be sufficiently reliable considering the purpose of the agreement.
These requirements complement each other so that together they provide a reasonable assurance of the quality of a signature. However not all of them are specific enough to be directly enforceable. In case there is a conflict, the assessment of these aspects requires an analysis of the specific circumstances under which a document was signed.
How CertiMint enables digital signatures
The CertiMint platform allows you to register a document (in the widest sense of the word) on the blockchain and by doing so they are able to prove existence and integrity of the document (detectable document integrity). They also have native support for elliptic curve cryptography which is built around individual public/private key infrastructure (uniquely linked signatory and signatory is in control).
The signing process will, initiated by an individual, represented by a private key and address, will digitally sign the hash of the document, uniquely tying the individual to that specific document. The platform will package the resulting message and store it in a transaction on the MintNet blockchain network. This way the signature is timestamped and stored immutably.