[hiq]

> He can broadcast this on Twitter, but that is not a secure and tamper proof ledger, and it is centrally owned, and it's not a great storage mechanism for this system to scale to thousands or millions of signatures.

Public blockchains[0] are not known to scale either. I can open a Twitter account for free and publish a signature right now, and do it on several other platforms at the same time to have some kind of redundancy.

I only care about the medium being tamper-proof to be able to prove the signature is at least this old (if it's in a certain block, the signature was made before this block. If it's in a certain message on Twitter, it was made before this message).

So from first principles, blockchains brings this theoretically better time-stamping mechanism, because somebody controlling Twitter could change timestamps there, while nobody could on a blockchain. In practice though, the redundancy is enough, and it's hard to change something people care about on the Internet without people noticing.

Overall this use-case somewhat legit (more legit than most), but it's a niche within a niche.

[0]: as defined in https://www.schneier.com/essays/archives/2019/02/theres_no_g...

[web3isgoing]

I don't think redundancy is a clean solve. It might give more confidence to the message time stamp to see the same message replicated across 10 different websites, but this does not scale. Eventually if you do aim for a distributed database you end up down the path of consensus mechanisms and blockchains.

What I outlined is unlikely to ever be realistic on a L1, but recursive zk rollups that post proofs to L1 do scale very well and have strong security and tamper-proof guarantees.