A mission of The Carpocratian Church of Commonality and Equality
Prove when something existedβwithout trusting any single party, and without the bottlenecks of a blockchain.
Witness is a federated witness network that provides threshold-signed timestamps. It is designed to be a privacy-preserving, decentralized timestamping service that treats blockchains as optional storage, not as an execution engine.
- No Blockchain Bottlenecks: Transactions are instant and free. We use blockchains only for optional, batched settlement.
- Threshold Signatures: Requires multiple independent witnesses to collude to forge timestamps.
- BLS Signature Aggregation: Optional BLS12-381 signatures provide 50% bandwidth savings.
- Federated Architecture: Multiple independent networks can cross-anchor for additional security.
- Privacy-Preserving: Only hashes are submitted, not content.
- Simple Integration: Easy-to-use CLI and REST API.
Witness has three operating modes:
-
Phase 1 - Minimal (single network): One set of witnesses with threshold signatures. Good for development and low-stakes use.
-
Phase 2 - Federated (cross-network anchoring): Multiple independent Witness networks periodically witness each other's merkle roots. Enhanced security through federation.
-
Phase 3 - Hardened (external anchors): β Now Available! Batch merkle roots are automatically anchored to immutable public services. This effectively creates an "Optimistic Rollup" for truthβyou get the speed of a web API with the finality of Ethereum.
Start the entire network (Gateway + 3 Witnesses) with one command. No Rust installation required.
# 1. Start the network
docker compose up --build
# 2. Timestamp a file (using the CLI inside the container)
# We use the gateway container to run the CLI tool against itself
docker compose exec gateway witness-cli --gateway http://localhost:8080 timestamp --hash $(echo -n "hello" | sha256sum | awk '{print $1}')Identity is ephemeral. State is fluid. Witness provides the temporal context without requiring user accounts, tracking, or public transaction graphs.
Witness is designed to be metabolized, not mined.
- No Mining: We replace Proof-of-Work with lightweight threshold signatures. A Witness node can run on a Raspberry Pi.
- No Zombie Servers: The architecture is efficient and event-driven.
- Lazy Demurrage: By relying on bounded validity windows (in connected protocols like Scarcity), we prevent state bloat and infinite storage requirements.
- Ethical Anchoring: When we do use a blockchain (Phase 3), we use Proof-of-Stake Ethereum, ensuring our carbon footprint remains negligible.
Client β Gateway β Witnesses (threshold sign) β Signed Attestation
- witness-core: Shared types, crypto primitives (Ed25519 + BLS12-381), verification logic
- witness-node: Individual witness node that signs attestations
- witness-gateway: Aggregates requests, fans out to witnesses, collects/aggregates signatures
- witness-cli: Command-line tool for timestamping files
- Admin Dashboard: Optional web UI for monitoring (
--admin-uiflag)
- Rust 1.70+ (
cargo --version) - SQLite
- Clone the repository:
git clone [https://github.com/your-org/witness](https://github.com/your-org/witness)
cd witness- Run the setup script to generate keys and configs:
./examples/setup.sh- Start the network:
./examples/start.shTimestamp a file:
cargo run -p witness-cli -- timestamp --file README.md --save attestation.jsonDeploy a censorship-resistant multi-gateway network for under $20/month.
For production use with Scarcity, deploy 3 independent Witness networks across different datacenters. Clients query all gateways and require 2-of-3 agreementβno single gateway can censor or forge timestamps.
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β Gateway A β β Gateway B β β Gateway C β
β Frankfurt β β Nuremberg β β Helsinki β
β 3 witnesses β β 3 witnesses β β 3 witnesses β
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β β β
ββββββββββββββββββΌβββββββββββββββββ
βΌ
Client queries all 3
Requires 2-of-3 agreement
| Server | Location | Role | Spec | Cost |
|---|---|---|---|---|
| VPS 1 | FSN1 (DE) | Gateway A + Witness B3 + Witness C2 | CX22 | ~β¬6/mo |
| VPS 2 | NBG1 (DE) | Gateway B + Witness C3 + Witness A2 | CX22 | ~β¬6/mo |
| VPS 3 | HEL1 (FI) | Gateway C + Witness A3 + Witness B2 | CX22 | ~β¬6/mo |
Total: ~β¬18/month for a fault-tolerant, geographically distributed network.
Each datacenter hosts witnesses from all networksβno single datacenter failure takes down any network.
For maximum security and public verifiability, enable external anchoring to submit batch merkle roots to public services.
The "Post-Blockchain" Model: We use Ethereum (and other EVM chains) as they were intended: as a final settlement layer for truth, not a slow database for buying coffee. Users enjoy instant, free, private transactions. The Network pays the gas to anchor the history once per batch period.
Supported Providers:
- β Internet Archive - Free, public, permanent web archive
- β Trillian/Tessera - Cryptographic transparency logs
- β DNS TXT Records - Distributed verification via DNS
- β Blockchain (Ethereum/EVM) - Immutable hard finality
Add to your network.json:
{
"external_anchors": {
"enabled": true,
"anchor_period": 3600,
"minimum_required": 2,
"providers": [
{
"type": "internet_archive",
"enabled": true,
"priority": 1
},
{
"type": "trillian",
"enabled": true,
"priority": 2,
"log_url": "[https://your-trillian-log.example.com](https://your-trillian-log.example.com)"
},
{
"type": "blockchain",
"enabled": true,
"priority": 4,
"rpc_url": "[https://mainnet.infura.io/v3/YOUR_KEY](https://mainnet.infura.io/v3/YOUR_KEY)",
"private_key": "YOUR_GATEWAY_WALLET_PRIVATE_KEY",
"chain_id": 1
}
]
}
}Q: What does "Post-Blockchain" mean? A: It means goodbye to the bottlenecks of blockchains. We don't use the blockchain to process transactions (that's slow and expensive). We use it to bury the receipt (that's secure). We moved the blockchain to the basement where it belongs.
Q: Is this system really "Zero-Cost"? A: For the user, yes. There are no gas fees. For the Gateway operator, enabling Phase 3 Ethereum anchors incurs gas costs. This is an optional feature for networks that require hard finality.
Q: Can witnesses see my data? A: No, you only submit SHA-256 hashes, not the content itself.
Apache 2.0 - see LICENSE file for details.