Back to Learn

Why Lanveris Uploads Hashes, Not Files

Lanveris does not need the original file to create proof. A content fingerprint is enough to anchor the existence of that exact byte sequence before a trusted time.

Lanveris Product & Engineering Team · Published 2026-07-09

Definition

A hash is a public, reproducible digital fingerprint. The same file produces the same SHA-256 fingerprint; under practical security assumptions, any byte-level change produces a different fingerprint.

Privacy benefits

Code, business documents, camera originals, and project files can all be sensitive. Uploading only hashes means the platform does not host or read the content.

This reduces leak risk, hosting compliance risk, and storage cost, and makes it easier for teams to integrate Lanveris into internal workflows.

Why proof still works

A TSA signs a digest. The proof model relies on SHA-256 preimage, second-preimage, and collision resistance assumptions. Under those assumptions, the digest represents a specific byte sequence.

Verification recalculates the fingerprint and compares it with the public record or credential.

The proof chain does not depend on Lanveris storing the original file or endorsing the content.

Boundaries

Hash-only proof is exact byte proof. It does not understand file meaning, decide whether two videos look the same, or recognize a compressed version of an image as equivalent.

Semantic similarity, perceptual image matching, and public plagiarism checks are separate capabilities and should not be promised as part of exact proof.

FAQ

Can someone reconstruct my file from the hash?

Usually not for normal files. SHA-256 is a one-way digest, and the platform receives a 32-byte fingerprint, not reversible content. Very short text, low-entropy content, templates, or public candidate files can still be guessed and compared.

What if two files have the same fingerprint?

Under practical engineering assumptions, they are treated as the same content. A SHA-256 collision is not feasible in real use.

How can public verification work if the platform does not store files?

The verifier provides the file, and the browser or CLI calculates the fingerprint locally, then compares it with the public record or .lanveris credential.

Sources

Related