Frequently Asked Questions
What is data anchoring?
Data anchoring consists in building a time-stamped proof of existence for a data by linking it to a tamper resistant and time-stamped blockchain.
A strong cryptographic link between the data and a timestamped transaction in the blockchain is built and saved in a proof receipt. This receipt can be used later on by anyone having the data and an access to the blockchain to prove that the data existed and has not been modified since the transaction's confirmation date.
Woleet's data anchoring implementation relies on the resilience and immutability of the Bitcoin blockchain to provide the best possible security level. The Bitcoin blockchain being publicly accessible, Woleet proofs can be verified without any third party, at anytime, from anywhere.
What are the use cases of data anchoring?
There are many: proof of existence, timestamping, protection of intellectual property ... all use cases where the integrity and the anteriority of data need to be proven.
What is signature anchoring?
Signature anchoring is an improvement over data anchoring: instead of anchoring the data, the data is first signed, and the produced signature is anchored in place of the data. Anchoring a signature of the data is equivalent to anchoring the data itself (since the signature is derived from the data) but it additionally creates a timestamped proof of existence of the signature of the data, allowing new use cases like certification, authentication or traceability.
Read more about signature anchoring here.
What are the use cases of signature anchoring?
There are many: proof of signature, certification, authentication, traceability... all use cases where the validation of a data by an actor need to be proven.
What is a proof receipt?
It's the result of the anchoring process. It is a small JSON file containing all data required to verify a proof of timestamp or a proof of signature.
When you anchor a data or a signature, Woleet produces 3 types of proof receipts:
- proof of timestamp receipts,
- proof of seal receipts,
- proof of signature receipts.
A proof of timestamp receipt contains the cryptographic data required to verify the integrity of the data and its existence at a given time. It is important to store the proof receipt with the proven data, both being required by the verification process.
A proof of seal receipt is similar to a proof of timestamp receipt, but additionally contains a signature of the data, the identity of the sealer and the URL of the identity server that was used to sign: this URL allows to verify the identity of the sealer and the control of the signature key by the identity server (see Signature Anchoring).
A proof of signature receipt is similar to a proof of timestamp receipt, but additionally contains a signature of the data, the identity of the signer and the URL of the identity server that verified the identity and the signature key of the signer at the time of signature: this URL allows to verify the identity of the signer (see Signature Anchoring).
Are my data readable by Woleet?
Woleet only needs the SHA256 hash (ie. digital fingerprint) of your data, not the data itself. The hash is calculated client side (usually by the web browser) so that the actual data is never uploaded to our servers. It is impossible to build back the data from a hash. Our clients keep their data safe.
What is the purpose of metadata?
You can use metadata to enrich your anchors (most often to associate custom identifiers to them). Metadata are for your eyes only. You provide them as a set of key/values providing some contextual information only meaningful to you. Metadata are not used by the verification process nor included into the anchoring receipt. Nevertheless, we encourage you not to put sensitive data into your anchor's metadata, as they are stored into Woleet's databases.
What is the purpose of tags?
You can use tags to classify and search your anchors. Tags are for your eyes only. You provide them as a set of labels classifying your anchors in a way that is only meaningful to you. Tags are not used by the verification process nor included into the anchoring receipt. Since tags are indexed to allow very fast searches by tags, we encourage you not to add too many tags to your anchors.
What happens if I lose the proven data?
If you lose the proven data, it will be impossible to verify any proof related to it. It's therefore very important to carefully save the proven data next to its proofs.
What happens if I lose the proof receipt?
Don't panic! Woleet can re-generate any proof receipt as we keep the useful information to rebuild it on demand. You can ask for a receipt via our web interface or our API.
What is the average anchoring delay?
The average delay for anchoring depends on the type of contract you sign with Woleet. By default the maximum time for anchoring is 6 hours and the mean time 3 hours.
What happens to my proofs if Woleet disappears?
The proof format used by Woleet is open and the verification process is documented and independent from Woleet: a proof receipt built by Woleet is verifiable by anyone with an internet access and tools compatible with this proof format.
How do I share a proof?
You just have to share the proof receipt and the data to be verified. The recipient will be able to use any compatible tool to verify the proof. We also provide sharable URLs that can be sent to anyone wanting to verify a proof.
Which blockchain is used for anchoring?
For its security, its immutability and its open architecture, Woleet has chosen the Bitcoin blockchain for anchoring. This choice is based on our will to base on the safest infrastructure available out there, battled tested and resilient with the highest level of security.
What is Bitcoin?
Bitcoin is a currency, a network and a protocol. Woleet uses Bitcoin as a commodity useful to share an internationally verifiable timestamped truth.
Why not using Ethereum or other blockchains?
As we want a digital tamper-resistant digital proof, a certain degree of robustness and global security are mandatory. The security model is crucial because we need an immutable and censor-resistant ledger. Ethereum or other blockchain solutions implement other security models not suitable for the use cases offered by Woleet. Moreover, those blockchain solutions are not mature enough to consider using them in production.
Is Bitcoin secured?
Bitcoin has almost 14 years of research and development in multiple domains like cryptography, distributed computing and have seen important investment in its infrastructure globally. The maturity of Bitcoin ecosystem gives the opportunity to deploy applications in production. The decentralized model of Bitcoin moves the responsibility of securing the bitcoins to the end user. By using Woleet the user does not have to bother about buying or secure their own bitcoin as Woleet uses its own bitcoin and is in charge of their security.
Are bitcoin transaction reversible?
Bitcoin transaction are not reversible. Once confirmed by the network a bitcoin transaction cannot be modified or reversed. This is a crucial feature in the Bitcoin protocol and this is why Bitcoin has value.
What is the proof format used by Woleet?
The timestamp proof receipts generated by Woleet are compatible with Chainpoint 2.0.
The seal and signature proof receipts generated by Woleet are an extension of the Chainpoint 2.0 format.
Woleet can also generate timestamp proof receipts compatible with OpenTimestamps.
Is Woleet a Trust Service Provider?
Not per se.
In the case of proofs of timestamp, the Woleet platform only simplifies the access to the Bitcoin blockchain: you need to trust Woleet ability to link the hash of your data with the Bitcoin blockchain, but once done you don't need Woleet to verify the proof.
In the case of proofs of seals, the identity server containing the seal identity and controlling the signature key is usually hosted customer side, so you don't need Woleet to verify the proof.
In the case of proofs of signature, especially when Woleet acts as the identity verifier and key provider, Woleet is acting like a trust service providers (we ensure that emails and OTP SMS are sent to the right signers and generate their signature key). However, we do not have access to the signed documents, so we minimize the amount of trust you need to put in your signature provider.
Updated over 2 years ago