HashWitness

Inspiration

In a world where digital files are easily modified, tampered with, or deleted, we needed a way to prove that a file existed at a specific time — and do so in a way that doesn't rely on trusting any central authority.

Inspired by blockchain-based timestamping and real-world audit needs (legal, medical, or financial records), we wanted to create a solution that would automatically protect files and generate tamper-proof cryptographic proofs of their existence.

What it does

HashWitness is a fully automated AWS-based system that:

1. Watches a folder (S3 bucket) for any new files.
2. Generates a secure SHA-256 hash for each file.
3. Stores all hashes in a database (DynamoDB) with timestamps.
4. Once per day, combines all hashes into a Merkle Tree and computes a Merkle Root.
5. Submits the Merkle Root to OpenTimestamps, which anchors it to the Bitcoin blockchain.
6. Verifies that the timestamp is anchored after 24 hours — fully decentralized and immutable.

Result: You can prove your files existed at a certain time — and verify it later, cryptographically.

How we built it

We used the following AWS services and tools:

• AWS Lambda: 4 serverless functions (HashAndLogS3Object, BuildMerkleTree, SubmitToOTS, VerifyOTS)
• Amazon S3: To store the uploaded files and generated OTS proof files.
• Amazon DynamoDB: To log file hashes and timestamps.
• OpenTimestamps (OTS): To timestamp data in a decentralized way using Bitcoin.
• Merkle Trees: To combine many file hashes into a single root hash (efficient and secure).
• EventBridge & Step Functions: To schedule and orchestrate each step automatically.

Challenges we ran into

• Dependency management: Some JavaScript libraries like javascript-opentimestamps were outdated or not ES module compatible, requiring workarounds.
• Network issues in Lambda: OpenTimestamps calendar servers sometimes weren't reachable inside AWS Lambda due to VPC or DNS configs.
• IAM Permissions: Setting precise AWS policies for each Lambda was time-consuming and required debugging access errors.
• Testing: Simulating the 24-hour flow locally was tricky, especially for proof verification that depends on blockchain confirmation.
• OTS verification logic: Understanding the binary .ots format and verifying against anchored transactions needed careful handling.

Accomplishments that we're proud of

• Built a fully serverless and automated audit trail system.
• Successfully integrated Bitcoin-based timestamping without using any wallet or crypto transactions directly.
• Made a system that’s verifiable, trustless, and tamper-evident.
• Learned how to orchestrate multiple cloud services with clean, secure workflows.

What we learned

• How to use Merkle Trees for secure and efficient data aggregation.
• How OpenTimestamps works under the hood.
• Deep dive into Node.js in Lambda, handling require() vs import, and managing binary buffers.
• Designing an event-driven architecture using AWS services.
• Creating audit-grade systems using only cryptography and cloud-native tools — no need for external dependencies or centralized databases.

What's next for HashWitness

• Web Dashboard: Let users check file proof status and upload files via browser.
• Email/SNS Alerts: Notify users if any proof fails or file is altered.
• PDF Proof Reports: Export verification receipts for legal/audit use.
• IPFS or Arweave integration: Store .ots proofs on decentralized storage.
• Real-time verification API: On-demand timestamp and verification API for third-party integration.
• Open-source CLI: For batch timestamping and verification from local machines.

Built With

• amazon-dynamodb
• amazon-eventbridge
• amazon-web-services
• aws-lambda
• aws-step-functions
• node.js