Registra

Registra protects digital artists by generating automatic, verifiable proof‑of‑authorship directly inside their creative tools.

Comment

Inspiration

Independent creators are losing control of their work the moment it goes online. AI models scrape vast image corpora, reposts strip attribution, and proving authorship is often costly or technically out of reach.

For many small artists, this creates a deeper problem: hesitation. Instead of sharing their work, they hold it back—because once it’s posted, it can be taken, reposted, or claimed by someone else with little recourse. Unlike larger creators, they don’t have the visibility or resources to defend their ownership.

We built Registra to remove that barrier. It gives creators a simple, workflow-native way to prove they made something at the moment of creation, not after the damage is done. No platform lock-in, no arcane tooling, and no expensive gatekeepers. Just verifiable ownership that lets artists share their work with confidence.

What it does

Registra creates verifiable, timestamped proofs of authorship tied to the artist’s creation process and provides tools to detect reposts.

  • Register artwork with a certificate generated from the creation workflow.
  • Produce a tamper‑resistant proof bundle (hash history + signatures).
  • Verify certificate signatures and hash integrity via a public endpoint.
  • Provide one‑time upload challenges to prevent replay attacks.
  • Track registered works in a creator dashboard and publish verified pieces to a public gallery.
  • Run reverse image search to find reposts and link matches back to certificates.

How we built it

Architecture overview (high level)

  • GIMP plugin (proof‑of‑process): fingerprints canvas states periodically and exports a proof bundle at export time.
  • Backend API (Flask): accepts uploads, verifies hash chains, signature validity, and challenge responses; stores metadata in Supabase (Postgres).
  • Frontend (Vite + React): upload/verification UI, dashboard, public gallery, and reverse‑search flows.
  • Reverse search: Imgbb for image hosting + SerpApi to query search results and surface matches.
  • Key/email flows: signing keys managed via backend; Resend used for reset emails when needed.

Key cryptographic flow (simplified)

  • Periodic local hashing: compute hashes of canvas state H_i = SHA256(canvas_i).
  • Final certificate includes ordered hashes, timestamp T, and an artist signature S = Sign_sk( H_1 || ... || H_n || T ).
  • Verification checks signature S, the ordered hash chain, and timestamps.

LaTeX example (displayed): $$ S = \text{Sign}_{sk}\Big(\,T \,|\, \mathrm{SHA256}(\text{canvas}_1)\,|\,\mathrm{SHA256}(\text{canvas}_2)\,|\,\dots\,\Big) $$

Project layout (summary)

  • frontend/: Vite + React, DM Sans / DM Serif Display for design
  • backend/: Flask API, Supabase integration, PyCryptodome for crypto
  • gimp_plugin/: Proof‑of‑process plugin for GIMP
  • Storage: Supabase Postgres for metadata, uploads stored in configured object storage

Challenges we ran into

  • UX friction vs. cryptographic guarantees: balancing minimal artist overhead while preserving strong proof semantics (we kept hashing local and exports explicit).
  • Font and platform differences: embedding web fonts in generated artifacts is unreliable; fallback handling required.
  • Reverse search reliability & cost: SerpApi and image hosting introduce rate limits/cost; matching thresholds needed tuning to avoid false positives.
  • Deterministic proofs from non‑deterministic workflows: handling layered image files, metadata differences, and export formats required normalizing canvas states before hashing.
  • Runtime environments: different OSes and GIMP versions required testing and graceful degradation in the plugin.

Accomplishments that we're proud of

  • Workflow‑native proof generation: the plugin fingerprints while creators work, avoiding post‑hoc steps.
  • Simple verification UX: public verification links and badges anyone can open to validate authenticity.
  • Portable certificate bundles: signed bundles that can be independently verified off‑chain or with third‑party tools.
  • Extensibility: API endpoints and proof format designed so other apps (Photoshop, Procreate, Krita) can integrate with minimal changes.
  • Open tooling choices: built on open software (GIMP, Supabase) to keep costs low and accessibility high.

What we learned

  • Security vs. convenience is a tradeoff you must design around: local-first hashing avoided many privacy concerns but required clear UX so artists understand when proofs are created and exported.
  • Small design choices materially affect adoption: tight, familiar integrations (a plugin inside GIMP) drastically lower the barrier compared to a separate service.
  • Reverse image search is useful but noisy: the best workflow is to surface likely matches and let the artist confirm via certificate links.
  • Operational realities matter: API rate limits, hosting costs for image search, and key management are first‑class concerns even in a prototype.

What's next for Registra

  • Multi‑DAW/Host plugins: build proof integrations for Photoshop, Procreate, and Krita.
  • Decentralized anchoring (optional): anchor certificate digests to a public ledger (e.g., optional blockchain anchoring) for added immutability.
  • Improved matching: combine perceptual hashing (pHash) + ML ranking to reduce false positives in reverse search.
  • Mobile & social flows: easy mobile upload + automatic badge/claim sharing for creators on social platforms.
  • UX polish: in‑app onboarding, clearer export/consent flows, and better messaging around how proofs protect authorship.

Built With

  • flask
  • gimp
  • imgbb
  • javascript
  • pycryptodome
  • python
  • python-(flask)-frontend-libraries:-react-router
  • python-pptx-/-pillow-(for-slide-generation-tooling)
  • react)
  • resend
  • resend-tools:-gimp-(plugin)
  • serpapi
  • supabase
  • supabase-js-client-backend:-flask
  • supabase-python-client-auth-&-db:-supabase-auth-+-postgres-external-services:-imgbb
Share this project:

Updates