I had been studying up on blockchains when I started thinking about time locks on bank vaults and safes. I thought to myself how could one make a digital time lock that could not be hacked just by changing the time?
Then over the next few hours I came up with what I think is a cool idea. I even made a proof of concept program to test it out!
How My Time Lock Concept Works
I could not really rely on any clock because they could always be changed. So maybe the best option would be to rely on the amount of time it takes to find a hash. Kind of like how bitcoin works.
Pseudocode Steps To Create The Time Lock.
- So I take some lock combination like 1234 and I hash it with a random salt. Let’s say the salt is “timesalt”. So are combination string would look something like “1234timesalt”.
- To add difficulty and increase the time it will take to solve we can hash the hash in a loop. (For example, 10,000 times.)
- Store this hash, salt, and the loop count for later use and destroy the original copy of the combination
Pseudocode Steps To Solve The Time Lock
- Start by hashing one of the possible combinations for the lock and use the same salt that was used to create the lock.
- Then hash that first hash over and over in a loop until we reach the difficulty count. (For example, 10,000 times.)
- Take this hash and compare it to the copy of the combination hash we have.
- If they match then we have found the combination. If not then we move on to the next possible combinations.
For a lock or password with just numbers this is easy because you can just count up and try every number. If the lock has letters and symbols then you would have to come up with some system to try them all. But the whole point to this time lock is to be able to solve it eventually. If you make things too complicated then you may end up with a time lock that would take years or decades to open.
No Exact Time To Open
One of the downsides is there is no way to pick an exact time for it to open. But with a little math and trial and error you should be able to find the longest amount of time it will stay locked.
For example, if the computer can test 100 combinations a minute and there are 9999 combinations then 9999 / 100 = 99.99. So the max time for that lock would be about 100 minutes or 1 hour and 40 minutes.
Why Do I Think This Is Cool?
I just think it is kind of neat to be able to keep some kind of info locked down for a period of time without relying on a 3rd party. As long as the hashing functions are secure then I do not see any way someone could get to the info without putting the time into doing the work to solve the lock.
This is basically a brute force attack on a hash. But it is designed to be crackable within a reasonable time.
What Is The Point Of All Of This?
I have no clue. Sometimes I just think about random things and this seemed like a cool concept to me. So when I got to my computer I decided to throw together a proof of concept.
Download My Time Lock Proof Of Concept
I have a zip file with the c++ source code of my proof of concept and a compiled exe for windows if you want to check it out. Download Time Lock