Note that OpenTimestamps itself doesn't actually use a blockchain. But while the protocol supports multiple time attestation mechanisms, almost everyone using OTS uses it in conjunction with Bitcoin (the public calendars all timestamp via Bitcoin). Thus almost all OTS timestamps are depending on the Bitcoin blockchain for their timestamp security.
Is there a high-to-low level design document to read on how to verify the timestamp? A simple OP_RETURN + hash output in a transaction is dead simple to verify (just get the transaction from any place, see the output, check the timestamp). I'd like to compare OTS with it.
Not really. But if you understand the basics of how OTS works, it's fairly easy to figure out how to do that with the `ots info` command. Basically, it just prints out the raw commitment operations the timestamp proof performs, letting you follow along.
Note that OTS proofs do not have any notion of a transaction in them. Rather, they perform commitment operations that end up at a merkle root of a Bitcoin block (at least in the 99.9999% of proofs that use Bitcoin). With the `--no-bitcoin` option, the OTS client will tell you what block # to look for, and what the merkle should be for the proof to be valid.
