Inspiration
Deepfakes are spreading faster than we can debunk them. Every day, manipulated images flood social media, and fact checkers are overwhelmed. I realized we were fighting the wrong battle. Instead of playing detective after images go viral, I needed to prove authenticity at the moment of capture.
I was inspired by Adobe's C2PA initiative, but I saw an opportunity to build something more accessible. I wanted to create a "Glass-to-Ledger" protocol: giving every real photo a digital birth certificate that nobody, not even me, can fake or erase.
What it does
TruthChain proves an image is real the moment the shutter clicks.
Capture: When you take a photo with my Android app, the phone's secure hardware chip instantly stamps it with GPS location, timestamp, and a cryptographic signature.
Lock: This isn't just metadata anyone can edit. It's signed by a private key locked inside the device's processor.
Store: I then upload the signed proof to IPFS, the decentralized web, making the record immutable.
Verify: Anyone can check an image on my web portal. Drag and drop a file, and if it's real, you get a green checkmark showing the hardware provenance. If even one pixel was changed, the math fails, and you get a red warning. No guessing, just proof.
How I built it
I engineered a full stack trust pipeline entirely on my own:
Android (The Source): I built the mobile client using Kotlin and CameraX. The core innovation is using the Android Keystore System to generate ECDSA signatures inside the Trusted Execution Environment. I also implemented WorkManager to queue uploads, ensuring evidence is saved even if the user loses internet connection.
Backend (The Anchor): I built a Spring Boot server to act as the trust coordinator. It verifies the hardware signatures and handles the pinning of evidence to IPFS via Pinata, ensuring decentralized persistence.
Frontend (The Verifier): The React web portal uses client-side hashing. I wrote logic to calculate SHA-256 hashes in the browser so the user never has to upload their actual file to verify it, preserving privacy while proving truth.
Challenges I ran into
Hardware Fragmentation: Getting the Android Keystore to sign data consistently across different devices was brutal. Documentation is sparse, and every manufacturer handles the security chip differently. I spent days debugging cryptographic exceptions.
Network Resilience: My initial version failed when the network dropped. I had to re-architect the upload logic using background workers to make the app field ready for journalists in poor connectivity zones.
Privacy vs. Proof: I needed to prove location without exposing it unnecessarily. I had to carefully design the data structure so verification could happen mathematically without leaking user data before they consented.
Accomplishments that I'm proud of
True Hardware Security: I didn't just build a photo app. I successfully interfaced with the processor's Secure Enclave. That's a high bar for a solo dev.
Zero Trust Architecture: I'm proud that my verification portal works without trusting the server. By doing the math in the user's browser, I built a system where the code is transparent.
It Actually Works: Seeing the red screen trigger instantly when I tampered with a single pixel of a signed image was the best moment of this project. It proved the concept wasn't just theory.
What I learned
Cryptography became my second language during this build. I learned that user experience matters just as much as security. My first prototype required users to copy paste hash strings. It was secure but unusable. Switching to a drag and drop interface made the complex math feel like magic.
I also learned the power of immutable storage. Using IPFS taught me that we can build systems where history cannot be rewritten.
What's next for Truth_Chain
I have a clear roadmap to turn this prototype into a standard:
Device Attestation: I plan to integrate the Google Play Integrity API. This will allow the backend to reject signatures if the phone has been rooted or compromised, closing the analog hole.
The Honest AI Engine: This is the big vision. I want to build a RAG pipeline that feeds my verified images into an LLM. Imagine asking an AI about a news event, and it answers with citations backed by cryptographically signed, verified photos. It would be the first AI that cannot lie, because it only reads the truth.
Check out the Github repos and test my TruthChain portal! I have provided the tampered and verified images. I have also provided a Google Drive link for the app APK file you can download and test it.
Log in or sign up for Devpost to join the conversation.