Publishing Permanent Photo Signatures with Blockchains

I really don’t like copyright notices and logos on images. I wanted a way to digitally (cryptographically) sign my photos before publishing them, so I came up with my own method. I also want my signatures to be public and impossible to corrupt, modify, or delete. How is this possible? "Groan," you say, "don't say with a blockchain". Yes, I am using blockchains (oh no!).

Overview

I use a cryptographically-straightforward method of signing my photographs with my GPG key. I then record the signatures to public blockchains in order to create a way to later prove that each signature existed at least as early as the date it was written to those blockchains. In other words, if I publish a photo after writing its signature to the blockchain, then I can always show that the signature existed before anyone else ever saw the photo.

For blockchains, I am using Bitcoin Cash (BCH) and Algorand (ALGO). Both are inexpensive to create transactions on, and I have my bases covered in terms of using both a proof of work chain (BCH) and a proof of stake chain (ALGO). I don't know which, if either of them, will still be around in 10 years let alone 20, but I can always use another blockchain if those look like they're going belly up.

Procedure

I have not rolled my own crypto or anything — I’m just using off-the-shelf SHA-256 and gpg.

I refer to each set of photographs I sign as a "shoot." A single shoot may have several dozen photos, possibly more, that I wish to create a signature for. And for each "photo" I am actually signing at least three image files: the JPEG file, the RAW file, and a small thumbnail version of the JPEG. Rather than sign each of these photo files individually, I create a text file for the shoot that lists each file’s unique name and SHA-256 hash. Then I sign just that one text file with gpg.

Here's a section of a 16-line file of photo hashes, hashes-2021-09-16-195018.txt:

...
2021-09-15-115608-48-R6PT5954-sm.jpg:beb0d62f8f569567c77297fd75bd59b3331bfdef9bdf0c4ad8e65e0e81db7de0
2021-09-15-115608-48-R6PT5954.CR3:3798c1773f87edf3b15ad53d723941f781a679ae072dd5c66f200b940ff2cb63
2021-09-15-115608-48-R6PT5954.dng:095157e1d47afb11bb436267c5d08029fc9bb6bca1d1c4626fe28a1c439291a8
2021-09-15-115608-48-R6PT5954.jpg:b90b42bbd4e07ef712964ff6a4e43fa0f176d4de592d7c5c23cc7eac8bd8a2ef
...

gpg --detach-sign is used to create a separate file containing the signature of the hashes-...txt file, and when run though base64 the signature file content looks like:

iHUEABYIAB0WIQTrWmr4U4hBQ/LDj79lhthTICF+pgUCYUQCbgAKCRBlhthTICF+pjf/AQDXnFA+rC7F10aEFKgUZjpoyWOZc1J6AzAtnnhPMye+UQD/RA0bJ53kvHSq2b/CFnwgxKOAVPH3qSiCG1y6S531dQ0=

I then prepend the filename and a colon, and this results in about 189 characters of text. This is the text that I manually copy/paste into transactions I send myself on the BCH and ALGO blockchains:

hashes-2021-09-16-195018.txt.sig:iHUEABYIAB0WIQTrWmr4U4hBQ/LDj79lhthTICF+pgUCYUQCbgAKCRBlhthTICF+pjf/AQDXnFA+rC7F10aEFKgUZjpoyWOZc1J6AzAtnnhPMye+UQD/RA0bJ53kvHSq2b/CFnwgxKOAVPH3qSiCG1y6S531dQ0=

The above signature data goes into the OP RETURN field in a Bitcoin Cash transaction, and it goes into the Note field in an Algorand transaction. Both of these blockchains allow a small amount of arbitrary data to be included in each transaction, and "blockchain explorer" websites for both of these chains display the data. So it's both easy to write the data to these blockchains and easy to read it.

Each shoot gets its own gallery page on this blog. The gallery page displays the small, low-quality thumbnail version of each photo as well as all the signature information, with links to blockchain explorer websites to view the transactions where the signatures are written to each blockchain.

Only after the signatures are permanently recorded to the blockchains do I then publish the photos elsewhere.

What kind of protections does this give me?

I don’t know. I’m fairly confident it’s cryptographically sound, but if there ever was a copyright dispute over one of my images I don’t know if me having a signature file with proof the signature existed on such-and-such a date will actually allow me to defend my copyright.

Either way, this at least seems to me like an inexpensive way to truly digitally sign my photos.

What does it cost?

On both the Bitcoin Cash and Algorand blockchains, I use transactions where I send myself small amounts of the currency. Therefore the only actual expense is the transaction fees, which are (currently) a fraction of a cent per transaction. With only 189 bytes of additional signature data per transaction, and by only making one or two of these transactions per week on average, I do not believe I am taking particular advantage of these systems. For a very tiny fee, I am able to permanently record a very tiny amount of data. Seems like a good deal to me.