How do I verify the authenticity of a Bernstein Bitcoin certificate?
Preliminary steps
1. Download the certificate
Browse your projects and select the right version. Then click on the "download certificate" button.
A pdf file will be downloaded to your computer. Its name will have the following structure: <yyaaddhhmm> - Bernstein - Bitcoin - <certID>.pdf
And it will look like this:
2. Download the associated files
From the same version of the project you now have to download the zip file containing all manually uploaded files plus the cover file containing the metadata you entered.
The zip files will be named "<yyaaddhhmm> - Bernstein - Bitcoin - <certID>.zip".
Download it and unzip it. and it will contain the cover file named "<yyaaddhhmm> - Bernstein - Bitcoin - <certID>.json".
Bernstein verification web app
The easiest way to check the authenticity of a file or collection of files is using the Bernstein verification web app.
Just point your browser to https://app.bernstein.io/verify and enter the certificate ID.
Manual verification
Since IP assets can have a lifespan of decades, we designed our certification service in a way that you will always be able to prove the authenticity of your Bernstein certificate independently even if Bernstein were not to be around anymore by then.
1. Check the Bitcoin transaction
Since the Bitcoin blockchain is public digital infrastructure, you can easily look up the transaction referenced on your certificate. Copy the transaction identifier (TX) from the certificate and enter it in any Bitcoin blockchain explorer service (BlockCypher, TradeBlock, BitcoinChain, ...).
✔ Make sure the specific transaction exists!
2. Check the transaction content
Now it’s time to compare the data extracted from the certificate with the ones found in the actual Bitcoin transaction.
Certificate date
The date of the transaction should match the ‘Certificate validation date’ value extracted from the certificate.
✔ Make sure the date displayed in the certificate matches the one shown by the blockchain explorer.
Protocol version
The OP_RETURN code of the transaction includes a ‘protocol version’. "BER 01.03 - REG - ..."
✔ Make sure the version displayed in the certificate matches the one shown by the blockchain explorer.
Outputs and public keys
The Bitcoin transaction should have two outputs:
- the OP_RETURN mentioned above
- a 3/3 MULTISIG output
On your certificate, you will find three public keys. Using these you will be able to calculate the MULTISIG address.
✔ Make sure the MULTISIG address to which the blockchain transaction was sent to matches the one you calculated
So, how do you calculate it? These are the keys you need and how they have been generated:
- Project Owner public key
What: a private/public key pair randomly generated and assigned to each organization owner during the signup process.
Who: only in possession of the organization owner, never disclosed to Bernstein server. - Project Data public key
What: a private/public key pair derived deterministically from the collection of files included in the project when the certificate was generated.
Who: anyone having access to those files can calculate the key. - Bernstein public key
What: an organization specific key pair randomly generated by Bernstein to secure the integrity and consistency of the chain of certificates.
Who: the key is only disclosed to the organization owner.
These are the steps you have to take to generate the Project Data public key and therefore prove their existence and integrity:
i) calculate the SHA-256 hash for each file contained in the .zip container; ii) sort the resulting hashes alphabetically and concatenate them; iii) calculate the SHA-256 hash of the resulting string; iv) use the obtained hash as a Bitcoin private key; v) compute the corresponding public key; vi) check that the resulting hash, expressed as a string of 64 hex characters, matches the Project Data public key displayed in the certificate. (explain the 64 vs 66 character mismatch)
✔ If date, protocol version, and MULTISIG scrip match, you have successfully authenticated your certificate!
=== Final remarks ===
- Please note that the above procedure enables you to prove the existence and integrity of just a specific file of the project without being forced to reveal all files associated with the certificate.
- The above steps does not prove the ownership of the Project Owner over the project files. This can be obtained by following these instructions.