BitProof: Bitcoin-Anchored Timestamping for Files and Web Archives

Technical design for verifiable digital timestamps

Version 2.0 · February 2026

The Problem

We live in an era where digital content can be created, modified, and deleted without trace. AI-generated deepfakes are indistinguishable from reality. Screenshots can be fabricated. Websites change or disappear. There is no native mechanism in the digital world to prove that a specific piece of content existed in a specific form at a specific time.

The consequences are profound: whistleblowers can't prove they had evidence before an investigation began, researchers can't establish prior art with mathematical certainty, journalists can't prove a website said what it said before it was edited, and ordinary people can't prove they created something before someone else claimed it.

The Solution

BitProof anchors the SHA-256 hash of any digital content to Bitcoin's blockchain via the OpenTimestamps protocol. This creates a mathematical proof that the content existed in exactly that form at the time the hash was included in a Bitcoin block — without requiring trust in any organization, including BitProof itself.

The key properties of this approach:

• Verification-based. Proofs are anchored to Bitcoin and can be checked independently with standard OpenTimestamps tooling.
• Privacy-preserving. Files are hashed client-side. Only the hash — a 64-character string — ever touches our server. We never see your content.
• Durable. Verification data is stored in the proof bundle and anchored to Bitcoin block history.
• Independently verifiable. Anyone can verify a proof using standard OpenTimestamps tools. No dependency on our service.
• Stateless. No proof database, no user accounts, no retained file copies. You keep your proof bundle. Standard operational logs may exist.

How It Works

File Timestamping

1. User selects a file in the browser
2. The file is hashed locally using SHA-256 (Web Crypto API)
3. Only the 64-character hex hash is sent to BitProof's server
4. The server submits the hash to OpenTimestamps calendar servers
5. OpenTimestamps aggregates hashes into a Merkle tree and anchors the root to a Bitcoin transaction
6. The user downloads a .bitproof bundle containing a manifest and the OTS proof
7. Within ~1-2 hours, the proof is confirmed in a Bitcoin block

Web Archiving

1. User enters a URL
2. The server captures a full-page screenshot (PNG), the HTML source, and a PDF rendering via a headless browser
3. Each captured file is hashed, and the hashes are combined into a deterministic bundle hash
4. The bundle hash is submitted to OpenTimestamps
5. The user previews the captured content inline, then downloads a .bitproof bundle containing all captured files, manifest, and OTS proof

Verification

1. User uploads the original file (or archive bundle) and the .bitproof proof
2. The system re-hashes the original content and compares it to the hash in the proof
3. The OTS proof is verified against Bitcoin's blockchain
4. If both match, the proof is valid — the content existed in that exact form at the proven time

The .bitproof Format

A .bitproof file is a standard ZIP archive containing:

{
  "manifest.json"   // Metadata, hashes, proof status
  "proof.ots"       // OpenTimestamps proof file
  "screenshot.png"  // (archives only) Full-page screenshot
  "page.html"       // (archives only) HTML source
  "page.pdf"        // (archives only) PDF rendering
}

The manifest follows a versioned schema:

{
  "version": "2.0",
  "type": "bitproof-timestamp" | "bitproof-archive",
  "created_at": "ISO 8601 timestamp",
  "file": {                         // timestamps only
    "hash": "SHA-256 hex",
    "algorithm": "SHA-256",
    "name": "original filename",
    "size": bytes
  },
  "source": {                       // archives only
    "url": "https://...",
    "title": "Page Title"
  },
  "files": {                        // archives only
    "screenshot": { "filename", "hash", "algorithm" },
    "html": { ... },
    "pdf": { ... }
  },
  "bundle": {                       // archives only
    "hash": "SHA-256 of concatenated file hashes",
    "algorithm": "SHA-256"
  },
  "proof": {
    "method": "opentimestamps",
    "status": "pending" | "confirmed"
  }
}

Architecture

User's Browser              BitProof Server              Bitcoin
──────────────              ───────────────              ───────
                                                          
File → SHA-256 ──hash──→ OpenTimestamps stamp ──anchor──→ Block
                                  │                       
              ←── .bitproof ZIP ──┘                       
                                                          
URL ─────────────→ Playwright capture                     
                      │ screenshot.png                    
                      │ page.html                         
                      │ page.pdf                          
                      ↓                                   
              Bundle hash → OTS stamp ──anchor──→ Block   
                      │                                   
      ←── JSON preview + .bitproof ZIP                    

The backend is fully stateless. It uses temporary directories that are deleted after each response. There is no database, no file storage, no user accounts.

Security Model

What we protect against: content tampering, backdating, repudiation, and forgery. If the hash matches and the OTS proof verifies against Bitcoin, the content provably existed before the block timestamp.

What we don't protect against: proving who created the content (that would require digital signatures / identity binding, a potential future feature). BitProof proves existence, not authorship.

Trust assumptions: You trust Bitcoin's blockchain is immutable (secured by proof-of-work). You trust SHA-256 is collision-resistant. You trust your own computer computed the hash correctly. BitProof is not required for independent verification.

Use Cases

• Whistleblowers: Prove evidence existed before an investigation began
• Journalists: Archive web pages with mathematical proof of their content at capture time
• Researchers: Establish prior art and prove research existed before publication
• Legal: Create tamper-proof records of contracts, terms, and digital evidence
• Creators: Prove creation dates for intellectual property
• Business: Document competitor pricing, policy changes, and public statements

Why Bitcoin

Bitcoin is a widely used proof-of-work chain with long operational history and broad tooling support. Using OpenTimestamps on Bitcoin keeps proofs low-cost through Merkle aggregation and allows verification with standard OTS tooling.

Future Directions

• Browser extension: One-click web archiving from any page
• Authorship binding: Optional digital signatures to prove who created the proof
• Batch timestamping: Timestamp multiple files in a single proof
• CLI tool: Fully offline operation for maximum trustlessness

Philosophy

BitProof focuses on simple, auditable timestamping for digital files and captured web content. The goal is to make independent verification practical without requiring data custody by this service.

Verify independently.