I’ve spent a lot of time thinking about this in the course of a paper I am writing on Bitcoin timestamping and use of the Bitcoin blockchain for time-based proofs (trustless notary clock).
I strongly advoate that the genesis message be the hash of the latest bitcoin block. Forget my laziness, I will simply copy a passage from my upcomming article to justify this opinion.
What you are trying to do is a proof of absence. Essentially you are trying to prove that there was not a secret pre-mine. A good proof-of-absence has three features:
- It cannot be guessed in advance
- It is immutable
- It is universally and independently verifiable
The only piece of data that satisfies these criteria (or that does it the best) is bitcoin block hashes
"Proof-of-absence: an overview
A proof-of-absence process involves finding a temporal marker and cryptographically associating it to a message or piece of data using a digital signature process. Digital signatures are what allows us to cryptographically bind the proof-of-absence time-marker to a message or data that is later timestamped in the Bitcoin blockchain. The digital signature is not just a step in our process: it is the objective of the process.
First, we need a piece of data to act as a temporal marker with two specific properties: it cannot be guessed in advance and it is publicly verifiable.
Bitcoin block hashes are perfect because they are both impossible to guess in advance but also trustlessly verifiable using open-source software. The Bitcoin blockchain is immutable and distributed, which makes it a reliable source.
Traditionally, a common technique has been to use newspaper headlines, such as in “proof-of-life” evidence generation, where hostages are photographed or filmed holding a recent copy of a newspaper to prove that, at least until the day the newspaper was printed, they were alive.
Satoshi Nakamoto, the inventor of Bitcoin, used this technique himself when he mined the first block of the Bitcoin blockchain, referred to as the Genesis Block. According to the Bitcoin protocol, a miner can include arbitrary text in a block he is creating which, if included in the blockchain, will be permanently recorded for all the world to witness. In the case of the Genesis Block, Nakamoto included the message: “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.” On January 3rd 2009, The Times newspaper published a frontpage article with the headline “Chancellor on brink of second bailout for banks”
The reason Satoshi Nakamoto included a newspaper headline in a Bitcoin block is of course to prove that he did not mine this block prior to January 3rd 2009. Indeed, Nakamoto could have mined blocks of the bitcoin blockchain long before this time, accumulating proof-of-work without giving the opportunity to others to engage in the process, which is often called a premine. All of the bitcoin transactions are part of a shared history which provably starts, at the earliest, on January 3rd 2009.
There are two major problems with the use of newspaper headlines, which highlight why our proposed method of using bitcoin block hashes is far superior. Firstly, newspaper headlines are by definition trusted third parties, and they are subject to collusion and manipulation. The process of generating newspaper headlines is not auditable, and is certainly not trustless.
Did Satoshi Nakamoto bribe James Harding, editor of The Times in 2009, to publish at an agreed-upon time in the future the headline “Chancellor on brink of second bailout for banks” in order to gain a secret unfair advantage over future users of the Bitcoin protocol? This is extremely unlikely, but it is certainly possible.
Second, temporal markers also need to be publicly and independently auditable. They should be immutable, tamper-resistant and distributed to remain auditable for extremely long periods of time. Online news headlines, for example, are not immutable nor tamper-resistant. If The Times newspaper had been only digital, it would have been trivial for them to retroactively modify the headline. To some degree, physical newspapers can be widely distributed, but not for long periods of time, as inevitably the evidence physically disintegrates, gets destroyed and disappears. For example, it is practically impossible today to find a physical copy of the famous January 3rd The Times paper. If The Times’ website goes down without a proper trusted archive (and assuming it is not corrupted) then physical papers would be the only method for future generations of verify the proof-of-absence of Bitcoin’s genesis block. Of course there are methods to mitigate this, such as distributed archives and timestamping using the OpenTimestamps protocol: but they inevitably also use the Bitcoin blockchain to achieve the level of security and certainty, so it makes sense to simply use the bitcoin block headers directly.
Bitcoin block headers cannot be guessed in advance since they are created from the random entropy of Bitcoin transaction data. If one includes the hash of a poem in a Bitcoin transaction, the hash of the bitcoin block will be generated using, in part, this data. The Merkle root and Bitcoin block hash could never have been created if that specific data hadn’t been included in the transaction. Because anybody can write into the Bitcoin blockchain, it is impossible to guess what data will be included in the next block, and consequently it is impossible to guess future block hashes.
But couldn’t attackers collude with miners to generate, in advance, a particular block hash by changing the block’s nonce in order to defraud a proof-of-absence? This question is very legitimate because Bitcoin miners are in fact constantly trying to create a specific block hash by hashing the block data and changing a nonce in that data in order to obtain block hash which starts this a required amount of zeroes. The amount of zeroes is the bitcoin difficulty. If a miner wanted to mine a specific hash in advance, she would essentially be mining at the highest difficulty possible, since she’s looking not only for the first few numbers but in fact the entire hash. It is practically impossible for a miner to mine a specific block hash, since the difficulty is so high that she would never find a valid block matching her specific block hash as other miners mining at the lower, normal difficulty would inevitably find them much faster. Of course, attempting this impossible task would also cost the miner trying to collude not only the direct costs of mining but also the opportunity cost of not earning Bitcoin rewards.
Bitcoin block hashes are easy to independently verify. To do so, someone simply has to download the Bitcoin core software. The software will request a copy of the blockchain from peers. Using the “getblock” function of the Bitcoin software, anybody can look up the bitcoin block hash. The software will return information on this block, which includes its height and also the timestamp. Because of the Bitcoin consensus process, we know that all Bitcoin software will have the same copy of the blockchain. The Bitcoin software will know if the hash does not exist.
The Bitcoin software code itself is open-source and cryptographically signed by the Bitcoin Core developers and can be independently audited which provides a complete level of certainty. Alternatively it is possible to used a third-party block explorer to look-up a block hash, but in this case you are trusting a third-party (the person or company operating the block explorer)."