Blockchain and SHA-256: Understanding the Technology Behind Your Protection

When you timestamp a file with Instampy, two technologies work behind the scenes to strengthen the probative value of your protection: the SHA-256 digital fingerprint (also called "hash") and blockchain recording.

If you've consulted our FAQ, you already know the basics. This article explains why these technologies are important, how they work together, and why they make your proof of prior existence technically solid.

---

The SHA-256 Digital Fingerprint

What is a Cryptographic Hash?

Imagine you need to prove that a paper document hasn't been modified since a certain date. You could photograph it, but a photo can be faked. You could digitize it, but a digital file can be altered.

The cryptographic hash solves this problem: it generates a unique digital fingerprint of your file, like a fingerprint for a human being. This fingerprint is a string of 64 characters (in hexadecimal) that represents the entire content of your file.

Example of SHA-256 hash:

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Why SHA-256 Specifically?

SHA-256 (for Secure Hash Algorithm 256-bit) is the algorithm we chose for Instampy. It's an industry standard, used by the largest financial institutions, governments, and even Bitcoin.

The properties of SHA-256:

1. Deterministic: The same file always produces exactly the same hash, no matter who calculates it, where, or when.

2. One-way: It's mathematically impossible to retrieve the original file from its hash. Your content remains private.

3. Collision-resistant: The probability that two different files produce the same fingerprint is 2^-256, or 1 in 10^77 (practically zero). Each file therefore has its unique signature.

4. Avalanche effect: The slightest modification of the file (even a single pixel, a single character) completely changes the resulting hash.

Concrete example:

Original file: "Hello world"
Hash: 64ec88ca00b268e5ba1a35678a1b5316d212f4f366b2477232534a8aeca37f3c

Modified file: "Hello world."  (addition of a period)
Hash: d9014c4624844aa5bac314773d6b689ad467fa4e1d1a50a1b8c99d7e01e15bc6

As you can see, a simple period radically changes the fingerprint. This property allows verifying the integrity of your file.

Hash Calculated in Your Browser: Guaranteed Confidentiality

Your file never leaves your device.

When you select a file, your browser calculates its SHA-256 fingerprint locally, directly on your machine. Only this 64-character fingerprint is transmitted to our servers for recording.

Your file remains confidential (photo, source code, design, manuscript...). No storage of your content on our servers. Risk of leakage or hacking considerably reduced since your data is not stored. Compliance with data protection regulations (GDPR).

We use the security capabilities built into your modern browser to calculate the fingerprint reliably and in a standardized manner.

---

The Blockchain, Immutable Public Ledger

What is a Blockchain?

If the fingerprint is your file's signature, the blockchain is the public and tamper-proof ledger that records this fingerprint with a precise date and time.

A blockchain is like a large digital accounting ledger. Each new piece of information is timestamped with precision, validated by a decentralized network of independent computers, recorded in a "page" (called a "block") cryptographically linked to previous pages. Once recorded, impossible to modify or delete.

Why Blockchain for Timestamping?

The blockchain offers three guarantees for proof of prior existence:

1. Certified and Verifiable Timestamping

A timestamping performed by a centralized server can have its clock manipulated. The blockchain provides a date and time validated by consensus among thousands of independent computers worldwide.

Your Instampy certificate contains the fingerprint of your file, the exact date and time of recording, the block number where your fingerprint is recorded, and the recording identifier.

2. Mathematical Immutability

Once your fingerprint is recorded, it's technically impossible to modify or delete it, even for Instampy. This technical property allows your proof to remain valid.

Information is recorded in groups called "blocks." Each new block is cryptographically linked to the previous one, creating an uninterrupted chain. Modifying an old block would break all subsequent links, which is mathematically and economically impossible.

3. Independent Verification

Anyone can verify the existence of your fingerprint on the blockchain, at any time, without depending on Instampy.

Even if our service closes tomorrow, your proof remains valid. The decentralized network will continue to exist. Your recording remains accessible via public consultation tools. An expert can reconstruct the complete proof of prior existence.

Your certificate contains a link to a public consultation tool:

https://example-explorer.com/tx/0x123abc...

By clicking on it, you see your fingerprint, the exact date, the block, all technical details. This data is public, permanent, and verifiable by all.

---

The Complete Workflow of Your Timestamping

Here's how the technologies work together during an Instampy timestamping:

Step 1: Fingerprint Calculation (in Your Browser)

1. You select your file in your browser
2. Your browser automatically calculates the SHA-256 digital fingerprint
3. The fingerprint is displayed instantly (local calculation, ultra-fast)
4. Only the fingerprint is transmitted

Step 2: Blockchain Recording (on Our Servers)

5. The fingerprint is transmitted to our server
6. Our program is called with:
   • The SHA-256 fingerprint
   • A unique identifier to link with our database
   • The precise date and time
7. The recording is submitted to the network
8. Validators confirm the recording in a few seconds
9. A recording identifier is generated

Step 3: Certificate Generation

10. Data is recorded in our database:
    • Fingerprint, unique identifier, date and time
    • Recording identifier, block number
    • Your information (filename, email, etc.)
11. The PDF certificate is automatically generated with:
    • All technical information
    • Verification links
    • A QR code for quick verification
12. You receive the certificate by email instantly

Step 4: Verification (at Any Time)

At any time, you or anyone else can:

1. Recalculate the SHA-256 fingerprint of your file
2. Compare it with the certificate's fingerprint
3. Verify on the public consultation tool that this fingerprint exists on the indicated date
4. Complete mathematical proof: your file existed on that precise date

---

The Legal Value of This Approach

Legal Admissibility

In French and European law, a digital timestamp can be used as evidence, even if it's not performed by a certified provider.

Courts verify the technical reliability of the proof.

What Courts Verify

For a timestamp to be recognized by a court, it must demonstrate three things:

1. ✅ Integrity: The file hasn't been modified (guaranteed by SHA-256)
2. ✅ Prior existence: The date is reliable and verifiable (guaranteed by the blockchain)
3. ✅ Verifiability: A third party can verify independently (public tool)

Instampy fulfills these three conditions with a solid level of technical proof.

Expert Proof

In case of dispute, a court-appointed expert can recalculate the SHA-256 fingerprint of the file, verify its presence via the public consultation tool, and produce an expert report certifying prior existence. This verification is independent: even without Instampy, the expert can reconstruct the proof via public tools.

---

Minimal Data on the Blockchain

Confidentiality Principle

Instampy applies a minimal data principle on the blockchain:

What is recorded on the public blockchain: the SHA-256 fingerprint of the file, the unique identifier for linking with our database, and the exact date and time of timestamping.

What is not on the blockchain: filename, file type, file size, your email, your name, no personal data.

Why This Separation?

No personal data is publicly exposed. GDPR compliance: respect for data minimization principle. The expert can still reconstruct the entire proof thanks to the unique identifier.

---

Technical Frequently Asked Questions

"Why not simply send my file to a notary?"

A notarial deposit is perfectly valid legally, but has limitations:

• Cost: €50-200 per deposit (vs €9.90 with Instampy)
• Delay: Several days (vs instant)
• Dependency: The notary must keep your files
• Verification: Requires going back through the notary

With Instampy, you get proof that's technically solid, independently verifiable, for a fraction of the cost and instantly.

"What happens if Instampy stops operating?"

Your proof remains technically valid. The decentralized network will continue to exist, your recording remains publicly accessible, and an expert can verify prior existence without going through us. Your PDF certificate contains all necessary information. This is a major advantage compared to centralized solutions.

"Can someone see the content of my file?"

No. Only the SHA-256 fingerprint is public. It's mathematically impossible to retrieve the original content from the fingerprint.

---

In conclusion

Timestamping with Instampy relies on two proven technologies: SHA-256 for your unique digital fingerprint, extremely difficult to falsify, and the blockchain for your immutable and publicly verifiable proof of prior existence.

This combination offers you a technically solid proof, lasting protection, independent verification, legal admissibility, and preserved confidentiality.

All in a few seconds.

Whether you're a photographer, developer, designer, author, or simply concerned about protecting your creations, you have a recognized level of technical protection accessible to all.

Ready to protect your work?

Timestamp a file now →