Back to Learn

How Does the Lanveris Proof Method Work?

Lanveris hashes a file locally with SHA-256, includes records in a Merkle tree, and asks an independent TSA to timestamp the 32-byte batch root under RFC 3161. Public algorithms and test vectors support independent fingerprint and Merkle-root reproduction.

Lanveris Product & Engineering Team · Published 2026-07-09

Definition

The proof does not ask you to trust a timestamp stored in the Lanveris database. It cryptographically connects the file fingerprint, batch inclusion proof, and an independently signed trusted timestamp.

Step 1: Hash the exact file bytes with SHA-256

The browser or CLI reads the file locally and calculates SHA-256. Registration and web verification send the 64-character hexadecimal fingerprint and registration metadata, not the original file.

Names and extensions do not define file identity. Renaming unchanged bytes keeps the fingerprint; changing any byte will normally produce a different fingerprint.

Step 2: Include records in a Merkle batch

Pending records form a Merkle tree. Each credential carries a path from its leaf to the batch root, allowing many records to share one trusted timestamp without losing per-record verification.

A leaf binds exactly three fields: description, contentHash, and agent. They are serialized as no-whitespace UTF-8 JSON with fixed key order: {"d":"<description>","h":"<contentHash>","a":"<agent>"}, then hashed with SHA-256. Filename, size, media type, record ID, and account ownership are not part of the leaf.

A parent is SHA-256(hexDecode(left) || hexDecode(right)): decode each 64-character hex hash to its raw 32 bytes, concatenate left then right, and hash once. An unpaired final node is promoted unchanged rather than duplicated.

Verification applies each left/right proof step to rebuild the root. The public test-vector file fixes canonical JSON, leaf, parent, odd-node, root, and proof-path results for independent implementations.

Step 3: Obtain an RFC 3161 timestamp from an independent TSA

The Merkle root is already a 32-byte SHA-256 value. Lanveris sends those bytes directly as the SHA-256 messageImprint in the RFC 3161 request; it does not hash the root a second time. The TSA returns signed time, digest, and certificate information and receives neither original files nor batch records.

The timestamp means the TSA had seen that digest no later than its signed time. It is independent of a platform createdAt field, but it is not a copyright authority or authorship judgment.

Step 4: Verify online or offline

Public verification calculates the file fingerprint locally and checks the current public record. An exported .lanveris credential also contains the Merkle proof, batch root, and raw timestamp response.

The CLI needs a network connection the first time it downloads Mozilla trust roots; once cached, it can verify the fingerprint, Merkle root, TSA signature, and certificate chain offline. The web page computes fingerprints and Merkle roots locally but uses the online backend for complete TSA validation. The example page currently reproduces file SHA-256 only; a real credential example will follow after production creates one.

FAQ

Can the platform silently change the registration time?

A database field can be edited by an operator, but that cannot forge an earlier valid RFC 3161 timestamp. Offline verification uses the signed time and digest inside the TSA response.

How can one timestamp prove many records?

A Merkle path proves that a specific leaf belongs to the signed batch root. Changing the leaf or path produces a root that no longer matches the timestamped digest.

Does this prove the content is authentic?

No. It proves that exact bytes existed before trusted time and stayed intact. It does not prove originality, truthful capture, lawful use, or authorship by a particular person.

Sources

Related