VeriChain: Proof of Real

As AI makes evidence cheap to fabricate, trust on the internet is breaking. VeriChain is a proposed cryptographic provenance layer — that proves what's real instead of detecting what's fake.

Comment

The problem we're addressing

We're entering a world where seeing is no longer believing.

A customer can generate a photo of "spoiled" food that was never delivered, and most support teams will refund it. A freelancer can submit a portfolio of work they never made. A student can hand in an essay written entirely by a model. A small restaurant can be buried under forty AI-generated one-star reviews overnight, each with a fabricated photo. An insurance adjuster can receive a perfectly rendered image of damage that doesn't exist.

The cost of producing fake evidence has collapsed to near zero. The cost of defending against fake evidence has not. E-commerce platforms, universities, hiring managers, insurance companies, journalists, and courts are all quietly drowning in synthetic content — and most of them don't yet have the vocabulary for the problem.

This is one of the defining infrastructure problems of the next decade. We came to HackDavis to make a serious case for what the solution should look like.

Our thesis

The instinct, when AI-fabricated content rises, is to build better AI detectors. We believe this is a losing strategy. Detection is an arms race the defender always loses, because the adversary controls the content and every detector is beaten by the next model six months later.

So we flipped the question. Instead of detecting what's fake, prove what's real.

This is a key-management problem, not a detection problem — and cryptography doesn't get worse as generative models get better.

What VeriChain is

VeriChain is a cryptographic provenance layer for human-generated content, designed as an open protocol with three components:

1. Capture. A lightweight client (browser extension, mobile SDK, or web capture flow) signs content at the moment of creation. Photos, video, audio, and text are hashed, timestamped, and signed with a device-bound key.

2. Anchor. Signatures are anchored to a tamper-evident public log using a Merkle-tree structure, so verification is fast and the log is auditable without exposing user content.

3. Verify. Any platform — an e-commerce returns dashboard, a university honor system, an insurance portal — can verify a submission's provenance in milliseconds via a public API or one-line embed, and display a clear trust signal: Verified Capture, Edited After Capture, or Unverifiable Origin.

We are deliberately building on top of the C2PA (Coalition for Content Provenance and Authenticity) standard, which Adobe, Sony, Leica, and the BBC are already shipping. C2PA today covers high-end capture devices. VeriChain extends the same primitive to the long tail — every customer, freelancer, student, and small business that doesn't own a $4,000 camera but still needs to prove what's real.

What we're presenting at HackDavis

Given the scope of the problem and the time we had, we made a deliberate choice: rather than ship a half-built prototype, we built a rigorous concept design with a clickable user-experience demo focused on the highest-pain wedge — e-commerce complaint and return fraud.

Our demo shows a support dashboard at a fictional e-commerce company. Two complaints come in. One is signed at capture and verifies instantly. The other has no provenance — generated by us in under a minute using Gemini. The dashboard treats them differently, automatically. The rep never has to play AI detective.

This single interaction generalizes to every domain where evidence matters.

Why we think this matters

The 1990s web was insecure by default, and we fixed it with cryptographic signatures everyone could verify — HTTPS. The post-AI internet has a structurally similar problem and needs a structurally similar fix.

The platforms, institutions, and democracies that will function well in the next decade are the ones that can answer "where did this actually come from?" instantly and credibly. The ones that can't are going to be overwhelmed.

VeriChain is our proposal for what that answer looks like.

What's next

  • Reference implementation of the capture client and verification API on top of the existing C2PA libraries.
  • Vertical pilots: e-commerce returns, insurance claims, freelance marketplaces, and university honor codes — the four highest-pain wedges where we believe a paid product is viable today.
  • Hardware attestation partnerships with phone OEMs to bind keys to the secure enclave.
  • A free public verification widget so any small platform can show "Verified Capture" without integrating an SDK.

In a world where anything can be faked, the most valuable thing we can build is a cheap, obvious way to prove what's real.

Built With

  • c2pa-standard
  • ed25519
  • excalidraw
  • figma
  • gemini-api
  • merkle-trees
  • sha-256
  • v0-by-vercel
Share this project:

Updates