Stamp\&Extend returns a timestamp immediately after the request, unlike the schemes based on the concept of timestamping rounds. Despite the fact that all timestamps are linearly linked, verification of a timestamp requires a logarithmic number of steps with respect to the chain length. An extra feature of the scheme is that any attempt to forge a timestamp by the Time Stamping Authority (TSA) results in revealing its secret key, providing an undeniable cryptographic evidence of misbehavior of TSA.
Breaking Stamp\&Extend requires not only breaking Schnorr signatures, but to some extend also breaking Pedersen commitments.Category / Keywords: cryptographic protocols / timestamping, undeniability, forgery evidence, Schnorr signature Original Publication (in the same form): Chris J. Mitchell and Allan Tomlinson, editors, INTRUST, volume 7711 of Lecture Notes in Computer Science, pages 5–24. Springer, 2012.