Security Standard
The technical specification of the ProofStack integrity layer. Built to withstand the era of synthetic misinformation.
"ProofStack verifies integrity, not truth or identity."
View Reference ImplementationHow Proofs Work
01. Hashing
Files, URLs, and metadata are passed through SHA-256 to create a unique identifier.
02. Signing
The hash is signed using Ed25519. This happens strictly client-side—your keys never leave your device.
03. Limits
ProofStack does not verify legal identity or the objective truth of a claim—it verifies that the claim hasn't changed.
Explicit Threat Model
| Threat | Mitigation | Status |
|---|---|---|
| Fake Claims | Mandatory evidence binding | Defended |
| Edited Artifacts | SHA-256 hash mismatch detection | Defended |
| URL Alteration | Snapshot hash verification | Defended |
| Impersonation | Explicitly labeled Out-of-Scope | Accepted Risk |
SHA-256 Fingerprinting
Every artifact uploaded to ProofStack is immediately passed through a SHA-256 hashing algorithm. This creates a unique "fingerprint" of the work that is mathematically impossible to replicate or reverse.
Ed25519 Authentication
All proofs are signed using the Ed25519 Edwards-curve Digital Signature Algorithm (EdDSA). This ensures that only the verified account owner can "mint" artifacts to their stack, providing non-repudiation across the entire protocol.
Immutable Logs
ProofStack uses an append-only cryptographic ledger. Once a proof is signed and verified, it can never be altered or removed without leaving a detectable audit trail.
Regular Audits
Our protocol core is subject to automated penetration testing and manual cryptographic audits every 48 hours to ensure zero-day resilience.