As such, the IPFS assigns a unique CID to each file uploaded on the network, but does not provide a timestamp for the uploads. How can such a timestamp be obtained in a trustless manner and without exposing the content of the file?
Within the constraint you gave the only solution is to use a consensus algorithm that provides trustless timing.
For example publish the CID on ethereum, bitcoin, filecoin, …
If you have many CIDs it is common to use a merkle-tree datastructure to compact ∞ hashes into 1 cryptographic hash you need to post on chain.
Thanks Jorropo - I was thinking of using a third-party timestamp provider (such as OpenTimesStamps) instead of creating my own on-chain solution.
After looking at the page you sent, OpenTimesStamps is a service that collects your attestations, pack them in a merkle-tree and post them on the Bitcoin chain. So it does seems to fit what I suggested.
I don’t know about it tho, and can’t recommend it either way.
Thank you so much Jorropo!