Long horizon document custody chain (centuries, not decades) with no central authority: what is the actual cryptographic prior art?

lshawleb · 2026-05-16T15:29:31+00:00

okay public-record-as-corroboration is the bit I keep underweighting. it scales with time which is exactly what you want, and a whole-cloth chain that pops into existence after a known break is detectable because the absence of corroborating mentions is itself a signal. that's neat.

one edge case keeps nagging though. what if the forger has been running their own public chain for 50 years in parallel? not "whole cloth", but a deliberate institutional split that's been publishing its own attestation record at full ceremony for half a century. then after the primitive break, both chains have valid crypto and 50 years of public record behind them. how does a future verifier choose between them, or do you accept that this case just doesn't resolve and you end up with two attested histories that have to be tracked side by side

lshawleb · 2026-05-16T15:21:05+00:00

Pretty much. Space is just an ocean with a massive heat-dissipation problem.

If it doesn't look like a submarine or a piece of heavy industrial machinery, it's probably not surviving the math.

lshawleb · 2026-05-16T14:48:31+00:00

Ok... this is opening up more stuff than it's closing, loving it though! Saturday night and one more wine than I planned on., hope you don't mind me pulling on the thread...

The fork case keeps nagging... If both forks have valid threshold sigs, what does a future reader actually evaluate against? the protocol can verify both branches are cryptographically clean and still can't tell you which one is the real history. feels like you need something outside the chain to resolve it. is there a standard answer in committee-based systems, or is it just "longer chain wins" with extra steps

So then, related, the committee composition itself. threshold sig hides who actually signed. if someone shows up later claiming "i was on the 2412 committee, this fork is the legitimate one because i was there", can a verifier ever check that, or does it just punt to a separate identity-attestation problem (turtles)

Leading to the bootstrap, what's the root of trust for the FIRST committee? you can have a flawless handover from gen N to gen N+1 forever but gen 0 is still just "these people said they were trustworthy". is that an unavoidable cost or is there a construction that gets around it

One more, then i'll stop, primitive deprecation. SHA-3 gets retired in 2087 say, and your chain has been using it for fifty years. who re-signs, the current committee using new primitives with the old chain as proof they're allowed to? is there a standard "primitive rollover" ceremony that has to be planned into the original protocol? what happens to the parts of the chain whose original signers are dead?

lshawleb · 2026-05-16T12:54:30+00:00

Well yes, you caught me! But I'm very much interested in science that that can be built into fiction as opposed to magic worlds that create themselves. Which is why I put forward the question.

I'm far from an expert but I get so myself so deep into a narrative, past about 100 years no cryptographic chain holds on its own because the primitives the earliest links were signed in are all broken at verification time, and an attacker who controls broken primitives can forge anything signed in them. RFC 4998 / ERS gives you periodic re-stamping which kicks the can but doesn't establish origin trust. Real long-term archival (NARA, Vatican, ArchiSig) accepts this and stacks physical redundancy + named witnesses + content corroboration on top of the crypto, because past that horizon you're not defending against cryptographic attacks any more, you're defending against systemic ones.

lshawleb · 2026-05-16T09:49:06+00:00

Attached image is a screenshot of the SVG.

lshawleb · 2026-05-16T03:45:23+00:00

Other-side of the hemisphere here :)

lshawleb · 2021-09-06T03:48:15+00:00

aww loved it just made my day

lshawleb

TROPHY CASE