Bitcoin is helping secure the truthfulness of Guatemala’s election results.
Thanks to OpenTimestamps, a tool created by bitcoin developer Peter Todd a few years ago, Guatemalan tech startup Simple Proof is able to safeguard key documents about the country’s presidential elections from fraud and tampering. Todd’s tool, which leverages hash functions and the bitcoin blockchain, is able to timestamp pieces of information and make it easier to spot attempts at fraud and manipulation.
The idea of timestamping documents is fairly old. Individuals and societies have relied on this technique for centuries to indicate when a document was signed, when a cheque was written, or when someone was born. Cryptographic timestamps, however, are much newer. They take the concept of human timestamping a step further by relying on math instead of a fallible and corruptible human being. Signatures can be forged by sophisticated actors, and authorities can be subject to different incentives, making them capable of being bribed or corrupted. Also, “to err is human,” while math makes no error if the correct algorithms are used.
An example of a good algorithm is a hash function, a type of mathematical function that takes a variable sized input to output a fixed length result. This result is called the hash of that input. Hash functions are used in the bitcoin network, notably in blocks that get added to the blockchain, as well as by OpenTimestamps.
How Does OpenTimestamps Work?
OpenTimestamps leverages hash functions to cryptographically timestamp any piece of data into the bitcoin blockchain. In this case, math is being leveraged to improve upon the use of human signatures or attestation, and the bitcoin blockchain is being used as a decentralized digital ledger to anchor that information, linking it to a block. This ensures tens of thousands of nodes in the network can all independently witness the existence of the timestamp anchor and be able to verify that indeed that hash was added to a block which was mined at a certain time.
OpenTimestamps works by hashing the information submitted by a given user and adding it to a bitcoin block with a bitcoin transaction. Since the bitcoin block’s hash is calculated leveraging all the information contained in that block, the timestamping data is necessary for the calculation of that block’s hash. In other words, the assumption with the timestamping is that the miner must’ve necessarily started with that timestamp transaction –– along with the other transactions contained in the block –– to arrive at the block’s hash. This means that the information that was timestamped must have existed prior to the creation of that bitcoin block. Since every bitcoin block has a timestamp of its own, users can check the date and time that block was mined and be able to be assured with mathematical certainty that the document existed in a point in time prior to that block’s timestamp.
On its own, this assurance isn’t that valuable. Sure, it lets someone prove that a piece of data existed prior to a given point in time, but how is this useful? Well, combined with other types of information and evidence, many things can be deduced from this simple assurance. For example, one can deduce that since that information existed before that bitcoin block, any changes to that information were done after that time if its hash is different.
The pieces of information and evidence necessary for more sophisticated conclusions need to be handled by the user because, ultimately, all that OpenTimestamps provides is the proof of inclusion of the hash of that information in that bitcoin block. Therefore, users that requested the timestamp should keep the original information in hand in case they want to prove their data matches the timestamp. Given the properties of hash functions –– the same inputs always generate the same output –– the hash will be the same if the information hasn’t been altered. Thus, it becomes quite easy to tell if any alterations have been made to the original information because the hash would be different.
Under the hood, OpenTimestamps doesn’t put the hash of each individual piece of data being timestamped into bitcoin. That could be expensive, as it would require one on-chain bitcoin transaction for each timestamp. Instead, OpenTimestamps leverages Merkle trees to compact that information as much as possible.
Similar to how you can hash a large piece of information and arrive at a fixed length hash, you can hash two hashes further and get to a single hash. Likewise, you can start with four pieces of information, hash them individually, then hash them in pairs until you’re left with only one hash. The value proposition of Merkle trees in this context is all about scaling this setup, where you have a large number of individual pieces of information and you hash them until you’re left with one hash –– the root hash. OpenTimestamps takes this root hash and adds it to bitcoin, distributing the cost of a single bitcoin transaction to each initial piece of information that was submitted for timestamping and used to construct the tree.
Users can still check that their individual hash was added, and that ultimately their data was timestamped. They can leverage the OpenTimestamps website, or go full cypherpunk and hash all the data until they reach the tree’s root hash and crosscheck with the data that’s on bitcoin.
What Does This Have To Do With Guatemala?
Guatemala has a long history of corruption and fraud amid its political circles. Simple Proof was implemented in that context by ITZ DATA as an immutable backup solution for the Guatemalan Supreme Elections Tribunal (TSE) –– the highest electoral authority in the country.
"The Simple Proof solution, named Immutable Backup, leverages the OpenTimestamps protocol to record proofs of documents in a tamper-evident manner on the bitcoin blockchain," Rafael Cordón, co-founder of Simple Proof, told Bitcoin Magazine. "TSE used Simple Proof to safeguard official election documents and protect critical information from artificial intelligence and disinformation, ensuring that any tampering of documents is made evident and any citizen can independently verify the information for themselves."
Guatemala’s citizens can check any given tally sheet and verify its proof of timestamp through a dedicated web portal. Each sheet contains the sum of votes for each candidate at a voting poll. Therefore, transparency is provided to the population regarding the tally sheets that were scanned and used to count the votes, as well as when each tally sheet was timestamped.
It is important to note that this setup can’t attest whether a given tally sheet is valid or not; there is still a trust assumption towards TSE. However, it is an improvement over just taking officials for their word, as it is, for example, easier to spot outliers among all the tally sheets. Rather than being able to tell voters specific validity information for any single tally sheet, OpenTimestamps allows an overview of the entire context of the elections.
For example, it arguably shouldn’t take more than an hour after voting ends to scan a tally sheet, upload it to Simple Proof’s solution, and get it timestamped into a confirmed bitcoin block. If the majority of tally sheets fall within that hour but a few were timestamped much longer after the closing of votes, it is reasonable to assume that those outlier sheets have a much greater chance of being fraudulent than the other ones. In other words, in the event that a tally sheet was entered much after it was supposed to, the timestamps are going to tell you that it is suspicious that it took that long to timestamp the sheet after the polls closed rather than less than an hour later.
This was and still is being specially important in the context of Guatemala’s elections because of the tension there was leading up to the race, as well as the outlier candidate who ended up winning it. President-elect Bernardo Arévalo wasn’t expected to even qualify for the main race months before it took place.
Once Arévalo won the presidential election, the outcry was massive. Officials from the office of the country’s attorney general, María Consuelo Porras, raided facilities of the TSE, opening dozens of boxes of votes, per AP. The opposing party, UNE, claimed the victory was fraudulent and demanded a vote recount.
UNE posted a thread on X explaining their rationale with some alleged evidence –– including a screenshot of one tally sheet on Simple Proof’s web tool that showed it was timestamped before the polls closed.
Either in an attempt to push their narrative or by mistake, the screenshot of that tally sheet was taken on a different timezone than the country’s capital official time, leading to the one-hour difference. In this specific case, bitcoin helped ensure the claims made by UNE were false, and any citizen was able to verify it by checking the timestamp on their computer. Notably, one did –– publishing a screenshot on X rectifying that the tally sheet UNE claimed had been tampered with had actually not been timestamped too early.
While bitcoin was designed and developed solely to solve the double spend problem and achieve electronic peer-to-peer money, its network of nodes and decentralized ledger can power other interesting use cases.
In this case, it’s evident how Simple Proof played an important role in protecting key election information. Had OpenTimestamps and bitcoin not been a part of the process of securing that information in a cryptographic, public and decentralized manner, there could’ve been a much bigger outcry and tumultuous procedures to try to ensure the information hadn’t been tampered with. Doubts would most likely still persist, and in a country with a history of fragile democratic procedures, the shaking of confidence could deter the president-elect’s ability to lead the nation as its rightful new leader.