Content Provenance Standard + Public Signing Service
π Live Service: sign.openelara.org
elaraSign is a content provenance standard that embeds generation metadata into files. It answers the question: "How was this content created?"
| Layer | Name | Technique | Survives |
|---|---|---|---|
| 1 | Billboard | EXIF/PNG metadata | Basic sharing (easily stripped) |
| 2 | DNA | LSB steganography | Lossless only |
| 3 | The Spread | DCT spread spectrum | JPEG, screenshots, cropping |
| 4 | Forensic | AES-256 encrypted | Same as The Spread |
Every signed file contains:
- Generation Method:
ai,human,mixed,unknown - Generator: Which tool/app created it
- Timestamp: When it was created
- Integrity Hash: Proof content hasn't been modified
- Forensic Data: Encrypted accountability (IP, fingerprint) - operator only
- β JPEG compression (>50% quality)
- β Screenshots
- β Cropping
- β Social media upload
- β Format conversion
- β Heavy blur or noise
- β Extreme compression (<50% JPEG)
- β Rotation/perspective transforms
- β AI regeneration (img2img)
- β Print and re-scan
- β Dedicated removal attacks
This is a deterrent and accountability system, not magic.
This repository provides a free public signing service at sign.openelara.org:
- Upload an image β Get it signed with provenance metadata
- Upload a signed image β Verify its authenticity and view metadata
TODAY: Anyone can claim any image is real or AI-generated. No proof either way.
WITH ELARASIGN: Generation method is embedded at creation time.
When adopted, AI images always show their provenance.
Transparency becomes the default, not the exception.
elaraSign doesn't detect AI images - it records provenance at generation time.
- β AI generators that adopt elaraSign β Always signed as AI
- β Human artists can sign their work β Proves human creation
β οΈ Bad actors can still lie β But they can't forge a legitimate signature- π― Goal: Make signing ubiquitous, so unsigned = suspicious
When image APIs adopt this standard, the problem solves itself.
| Type | Status | Notes |
|---|---|---|
| Images | β Ready | PNG, JPEG, WebP |
| π Planned | Metadata in document properties | |
| Video | π Planned | Frame-level + file-level signing |
| Audio | π Planned | Waveform embedding |
Current Focus: Images - AI images are trivial to create and impossible to distinguish. We solve this first.
- Metadata created: Generation method, timestamp, model, etc.
- Hashes computed: Content hash + metadata hash (SHA-256)
- Signature embedded: 48-byte compact binary in 3 locations
- PNG chunks added: Full metadata in standard PNG text chunks
βββββββββββββββββββββββββββββββββββββββββββββββββ
β LOC1 β β LOC2 β
β TL β β TR β
ββββββββ ββββββββ
β β
β YOUR IMAGE β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββ€
β β LOC3 β β
β β BC β β
ββββββββββββββββββββββββββββββββββββββββββββββββ
Any ONE location surviving = Valid signature
Trolls must crop ALL THREE corners to remove provenance
POST /api/sign
Content-Type: multipart/form-data
file: <image file>
generator: "my-app" (optional)
method: "ai" | "human" | "mixed" (optional, default: "ai")POST /api/verify
Content-Type: multipart/form-data
file: <image file>GET /api/download/:sessionIdGET /api/sidecar/:sessionIdelaraSign/
βββ src/
β βββ core/ # THE signing standard (portable)
β β βββ signing-core.ts
β β βββ signing-core.test.ts
β βββ cloud/ # Cloud Run service
β β βββ server.ts
β β βββ routes/
β βββ local/ # CLI tool (future)
βββ web/ # Demo UI
βββ deploy/ # Cloud Run deployment
elaraSign/src/core/signing-core.ts β CANONICAL SOURCE
β
β COPY to (not import):
β
ββββΊ openElara Desktop (src/lib/)
ββββΊ openElaraCloud (src/lib/)
# Install dependencies
npm install
# Run tests (12/12 should pass)
npm test
# Start local server
npm run dev
# Server at http://localhost:3010- 48-byte compact binary embedded in image pixels
- 3 locations: top-left, top-right, bottom-center
- Crop-resilient: Any 1 location surviving = valid signature
- Metadata: content hash, meta hash, timestamp, generator, method
| Format | Sign | Verify | Notes |
|---|---|---|---|
| PNG | β | β | Full support |
| JPEG | β | β | Lossy compression may degrade some locations |
| WebP | β | β | Full support |
| Project | Type | Signing |
|---|---|---|
| elaraSign | Public Service | Reference implementation (this repo) |
| openElara | Desktop App | Embedded signing |
| openElaraCloud | Cloud App | Embedded signing |
All projects use identical copies of signing-core.ts - this repo is the source of truth.
MIT License - Use this standard freely. The more adoption, the better for everyone.
"Transparency is not optional. It's the foundation of trust."