]> Content Provenance Profile (CPP) Core VeritasChain Co., Ltd.
tokachi@veritaschain.org
Security Independent Submission provenance timestamp merkle tree RFC 3161 media authenticity The Content Provenance Profile (CPP) is an open specification for cryptographically verifiable media capture provenance. This document defines the core data model, hashing conventions, Merkle tree construction rules, RFC 3161 Time-Stamp Authority (TSA) anchoring protocol, and offline verification procedures for CPP. CPP enables capture devices to produce tamper-evident provenance records that bind media content to external timestamps via trusted third parties. Unlike self-attestation models, CPP requires independent timestamp verification through RFC 3161 TSA services, providing externally verifiable proof of when media was captured. This specification focuses on the interoperable core of CPP: the data structures, cryptographic operations, and verification algorithms necessary for independent third-party verification. Application-specific features such as depth analysis are defined as optional extensions.
Introduction
Problem Statement Digital media authenticity faces several fundamental challenges:
  • Self-Attestation Weakness: Systems where creators sign their own claims provide no independent verification. A verifier must trust that the creator's claimed timestamp is accurate.
  • Metadata Stripping: Social media platforms and messaging applications routinely strip embedded metadata, breaking provenance chains that depend on file-level embedding.
  • Omission Attacks: Systems that prove individual media authenticity cannot detect when unfavorable evidence has been selectively deleted from a collection.
  • Terminology Confusion: Terms like "verified" mislead users into believing content truthfulness has been established, when only provenance has been recorded.
Design Goals CPP addresses these challenges through the following design principles:
  1. External Timestamp Verification: Timestamps MUST be anchored to independent RFC 3161 Time-Stamp Authorities, enabling third-party verification without trusting the capture device.
  2. Omission Detection: The Completeness Invariant mechanism enables detection of deleted events within a collection.
  3. Offline Verification: All data necessary for verification is included in the Evidence Pack, enabling verification without network access.
  4. Provenance ≠ Truth: CPP proves when and by what device media was captured. It does NOT prove content truthfulness or scene authenticity.
Scope This document specifies:
  • The CPP event data model
  • Hash computation and canonicalization rules
  • Merkle tree construction and proof verification
  • RFC 3161 TSA anchoring requirements
  • Verification procedures for implementers
This document does NOT specify:
  • Application user interface requirements
  • Network protocols for proof distribution
  • Key management or certificate policies
  • Content authenticity claims
Relationship to Other Specifications CPP defines its own Merkle tree construction that is NOT compatible with Certificate Transparency . While inspired by similar principles, CPP uses different domain separation prefixes and padding rules optimized for media provenance use cases. Implementations MUST NOT assume RFC 6962 compatibility.
Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. Additionally, this document uses the following terms:
Event
A discrete, signed record representing a provenance action (capture, export, deletion).
EventHash
A SHA-256 hash of the canonicalized event data, formatted as sha256:<64_hex_chars>.
LeafHash
SHA-256(0x00 || EventHash_bytes), used as input to the Merkle tree. The 0x00 prefix provides domain separation from internal nodes.
MerkleRoot
The root hash of a binary Merkle tree containing one or more LeafHashes.
AnchorDigest
The 32-byte value submitted to the TSA. Represented as a 64-character lowercase hexadecimal string without prefix. MUST equal the MerkleRoot value (after stripping the sha256: prefix).
TreeSize
The count of original leaves in the Merkle tree before any padding. An unsigned integer. MUST be >= 1.
PaddedSize
The count of leaves after padding to a power of 2. Computed as the smallest power of 2 greater than or equal to TreeSize.
Evidence Pack
A self-contained data structure containing all information necessary for offline verification.
Tombstone
An event that records the legitimate deletion of a previous event.
Provenance Available
The recommended terminology for UI display, indicating capture provenance is recorded without implying content truth verification.
Genesis PrevHash
The constant value used as PrevHash for the first event in a chain: sha256:0000000000000000000000000000000000000000000000000000000000000000 (64 zeros).
Threat Model
Addressed Threats
ThreatMitigation
Timestamp forgery RFC 3161 TSA provides independent timestamp
Evidence tampering EventHash binds content; Merkle proof binds to anchor
Selective deletion Completeness Invariant detects missing events
TSA token swapping messageImprint must match AnchorDigest
Explicitly Not Addressed
  • Content truthfulness (scene staging, deepfakes)
  • Device compromise before capture
  • Key extraction from secure hardware
  • TSA collusion with adversary
Data Model
Events An Event is the fundamental unit of provenance in CPP. Events are signed records that capture discrete provenance actions.
Event Types
TypeDescription
INGESTMedia captured from device sensor
SEALCollection sealed with Completeness Invariant
EXPORTProof shared externally
TOMBSTONELegitimate deletion record
Event Structure The following fields are REQUIRED for all events:
FieldTypeRequiredDescription
EventIDstringREQUIREDUnique identifier (UUID)
ChainIDstringREQUIREDIdentifier linking events in a sequence
PrevHashstringREQUIREDHash of previous event in chain
TimestampstringREQUIREDISO 8601 timestamp with millisecond precision
EventTypestringREQUIREDOne of: INGEST, SEAL, EXPORT, TOMBSTONE
HashAlgostringREQUIREDAlways "SHA256"
SignAlgostringREQUIRED"ES256" or "Ed25519"
EventHashstringREQUIREDSHA-256 hash of canonicalized event
SignaturestringREQUIREDRaw Base64-encoded signature (no prefix)
Encoding Requirements All Base64-encoded fields (Signature, TSA.Token, public_key) MUST conform to:
  • Section 4 (standard base64 alphabet, NOT base64url)
  • No whitespace characters (no line breaks, spaces, or tabs)
  • Padding characters (=) MUST be included when required
PROHIBITED:
  • base64:MEUCIQDx... - Prefixes not allowed
  • data:application/octet-stream;base64,... - Data URIs not allowed
  • Base64url alphabet (- and _ instead of + and /)
  • Line wrapping or embedded whitespace
INGEST Event INGEST events MUST include:
FieldTypeRequiredDescription
Asset.AssetHashstringREQUIREDSHA-256 hash of media bytes
Asset.AssetTypestringREQUIREDIMAGE or VIDEO
Asset.MimeTypestringREQUIREDMIME type of asset
Asset.AssetIDstringOPTIONALUnique asset identifier
Asset.AssetNamestringOPTIONALOriginal filename
Asset.AssetSizeintegerOPTIONALFile size in bytes
SEAL Event SEAL events finalize a collection and commit the Completeness Invariant. A SEAL event MUST include:
FieldTypeRequiredDescription
CollectionIDstringREQUIREDIdentifier for the sealed collection
EventCountintegerREQUIREDNumber of events in collection (excluding SEAL)
CompletenessInvariantobjectREQUIREDCompleteness verification data
MerkleRootstringREQUIREDRoot hash of events in collection
CompletenessInvariant Object
FieldTypeRequiredDescription
ExpectedCountintegerREQUIREDNumber of events that MUST be present
HashSumstringREQUIREDXOR of all EventHash values (sha256: format)
FirstTimestampstringREQUIREDISO 8601 timestamp of first event
LastTimestampstringREQUIREDISO 8601 timestamp of last event
The HashSum is computed as: Where XOR operates on the 32-byte binary values of each EventHash.
SEAL Anchoring Pattern The recommended anchoring pattern for SEAL events:
  1. Compute the Merkle tree over all INGEST events in the collection
  2. Create the SEAL event with MerkleRoot referencing this tree
  3. Include the SEAL event's EventHash as an additional leaf in a NEW Merkle tree
  4. Anchor this new tree (containing the SEAL event) to a TSA
This pattern ensures the Completeness Invariant itself is bound to an external timestamp. The SEAL event's EventHash covers all CI fields, so the TSA anchor proves the CI existed at GenTime. Alternative Pattern (NOT RECOMMENDED): Including the SEAL event in the same Merkle tree it references creates a circular dependency and is prohibited.
TOMBSTONE Event TOMBSTONE events MUST additionally include:
FieldTypeRequiredDescription
DeletedEventIdstringREQUIREDEventID being invalidated
ReasonstringREQUIREDDeletion reason code
DeletedAtstringREQUIREDISO 8601 deletion timestamp
Hash Chain Events form a hash chain through the PrevHash field: Verification of chain integrity:
  1. For each event after the first, the verifier MUST compute EventHash of the previous event.
  2. The computed hash MUST match the current event's PrevHash field.
  3. If any mismatch is detected, verification MUST fail with status CHAIN_INTEGRITY_VIOLATION.
Merkle Tree Structure CPP defines its own binary Merkle tree construction optimized for media provenance. This construction uses domain separation prefixes to prevent attacks where leaf values could be confused with internal node values. Important: CPP Merkle trees are NOT compatible with RFC 6962 (Certificate Transparency). Implementations MUST use the exact algorithms specified in this section.
Domain Separation CPP uses single-byte prefixes to separate domains:
DomainPrefix ByteDescription
Leaf0x00Applied to EventHash bytes
Internal0x01Applied to concatenated child hashes
Leaf Nodes Where:
  • 0x00 is a single byte with value zero
  • EventHash_bytes is the 32-byte binary representation of EventHash (after stripping the sha256: prefix)
  • || denotes byte concatenation
Rationale: The 0x00 prefix ensures leaf hashes cannot collide with internal node hashes, preventing second preimage attacks on the tree structure.
Internal Nodes Where:
  • 0x01 is a single byte with value one
  • Left_bytes is the 32-byte hash of the left child
  • Right_bytes is the 32-byte hash of the right child
  • || denotes byte concatenation
Tree Construction Step 1: Compute Leaf Hashes For each event, compute LeafHash = SHA256(0x00 || EventHash_bytes). Step 2: Determine Padding PaddedSize is the smallest power of 2 >= TreeSize: = 1 paddedSize = 1 while paddedSize < treeSize: paddedSize = paddedSize * 2 return paddedSize ]]> Step 3: Pad Leaf Array If TreeSize < PaddedSize, duplicate the last leaf hash until the array length equals PaddedSize. Step 4: Build Tree 1: nextLevel = [] for i in range(0, current.length, 2): left = current[i] right = current[i + 1] parent = SHA256(0x01 || left || right) nextLevel.append(parent) levels.append(nextLevel) current = nextLevel return levels // levels[0] = leaves, levels[-1] = [root] ]]>
Merkle Proof Structure
FieldTypeDescription
TreeSizeintegerOriginal leaf count (before padding), unsigned, MUST be >= 1
LeafHashMethodstringMUST be exactly SHA256(0x00||EventHash) (18 ASCII characters)
LeafHashstringComputed LeafHash for this event with sha256: prefix
LeafIndexinteger0-based position in tree, range [0, TreeSize-1]
ProofarraySibling hashes from bottom to top, each with sha256: prefix
RootstringMerkleRoot with sha256: prefix
TreeSize Constraint: An empty Merkle tree (TreeSize = 0) is not permitted. Verifiers MUST reject proofs where TreeSize < 1.
Anchor Structure
FieldTypeDescription
AnchorIDstringUnique anchor identifier
AnchorTypestringMUST be "RFC3161"
AnchorDigeststringMerkleRoot without prefix, 64 lowercase hex chars
AnchorDigestAlgorithmstringMUST be "sha-256"
MerkleobjectMerkle proof structure
TSAobjectTSA response data
Canonicalization and Hashing
JSON Canonicalization Events MUST be canonicalized using (JSON Canonicalization Scheme) before hashing. The following fields MUST be excluded from canonicalization:
  • EventHash
  • Signature
All other fields MUST be included. Field names in the canonical event object use PascalCase (e.g., EventID, ChainID, PrevHash).
EventHash Computation The resulting EventHash is a 71-character string: the prefix "sha256:" followed by 64 lowercase hexadecimal characters.
LeafHash Computation The 0x00 prefix byte provides domain separation from internal nodes.
Internal Node Hash Computation The 0x01 prefix byte distinguishes internal nodes from leaves.
AnchorDigest Computation AnchorDigest is the MerkleRoot value WITHOUT the sha256: prefix, represented as 64 lowercase hexadecimal characters. PROHIBITED:
  • SHA256(merkleRoot) - This would create double hashing
  • SHA256(stringEncode(merkleRoot)) - This would hash the string representation
  • Any transformation other than prefix removal
  • Mixed case output - MUST be lowercase
Anchoring Protocol
TSA Request Construction The messageImprint in TimeStampReq MUST contain:
  • hashAlgorithm: SHA-256 (OID 2.16.840.1.101.3.4.2.1)
  • hashedMessage: AnchorDigest as 32-byte OCTET STRING
certReq Recommendation Producers SHOULD set certReq to TRUE to request the TSA's signing certificate be included in the response. This enables:
  • Offline verification without fetching certificates separately
  • Long-term verification even if TSA infrastructure changes
  • Self-contained Evidence Packs
If certReq is FALSE and the TSA certificate is not included in the response, verifiers MUST attempt to obtain the certificate through other means (e.g., AIA extension, local cache) or return VALID_WARNING.
TSA Response Processing Upon receiving TimeStampResp, the producer:
  1. MUST verify the response status is granted (0) or grantedWithMods (1)
  2. MUST extract the TimeStampToken from the response
  3. MUST store the complete DER-encoded TimeStampToken
  4. MUST extract and store the messageImprint from TSTInfo
  5. MUST extract and store GenTime from TSTInfo
Single-Leaf Tree Rules When TreeSize equals 1, the following invariants MUST hold:
  • LeafIndex MUST equal 0
  • Proof MUST be an empty array
  • Root MUST equal LeafHash
  • LeafHash MUST equal SHA256(0x00 || EventHash_bytes)
If any of these conditions fail, verification MUST return INVALID.
Multi-Leaf Tree Rules For TreeSize greater than 1:
  • LeafIndex MUST be in range [0, TreeSize-1]
  • PaddedSize = smallest power of 2 >= TreeSize
  • Proof length MUST NOT exceed log2(PaddedSize)
  • Sibling hashes are ordered from bottom (leaf level) to top (root level)
  • Index parity determines pairing order: even=left, odd=right
  • All internal nodes use SHA256(0x01 || left || right)
Verification Procedures
Verification Result Codes
CodeMeaning
VALIDAll checks passed, including TSA signature verification
VALID_WARNINGCryptographic checks passed, but TSA certificate chain could not be fully validated
INVALIDCryptographic verification failed
CHAIN_INTEGRITY_VIOLATIONHash chain is broken
COMPLETENESS_VIOLATIONCompleteness Invariant mismatch
Note: VALID_WARNING indicates the proof is cryptographically sound but the TSA's identity could not be independently verified. Applications SHOULD display this distinction to users.
Event Verification
Merkle Proof Verification = 1") if leafIndex < 0 or leafIndex >= treeSize: return INVALID("LeafIndex out of range") paddedSize = computePaddedSize(treeSize) maxProofLength = log2(paddedSize) if proof.length > maxProofLength: return INVALID("Proof too long") // Step 2: Compute leaf hash with domain separation currentHash = computeLeafHash(eventHash) // SHA256(0x00 || bytes) // Step 3: Handle single-leaf case if treeSize == 1: if leafIndex != 0: return INVALID("LeafIndex must be 0 for single-leaf") if proof.length != 0: return INVALID("Proof must be empty for single-leaf") if lowercase(currentHash) != lowercase(expectedRoot): return INVALID("Root != LeafHash for single-leaf") return VALID // Step 4: Traverse proof from bottom to top index = leafIndex for siblingHash in proof: if index % 2 == 0: // Current is left child currentHash = computeInternalHash(currentHash, siblingHash) else: // Current is right child currentHash = computeInternalHash(siblingHash, currentHash) index = floor(index / 2) // Step 5: Compare with expected root (case-insensitive) if lowercase(currentHash) != lowercase(expectedRoot): return INVALID("Computed root != expected root") return VALID ]]>
TSA Verification TSA verification ensures the timestamp token was legitimately issued by a Time-Stamp Authority and binds the correct digest.
CMS Signature Verification Requirements Per , verifiers MUST:
  1. Parse the TimeStampToken as a ContentInfo structure
  2. Extract the SignedData from the content field
  3. Locate the SignerInfo corresponding to the TSA
  4. Verify the signature over the encapsulated TSTInfo
  5. Verify the signer's certificate was valid at signing time
Verifiers SHOULD:
  1. Build and validate the certificate chain to a trust anchor
  2. Verify the TSA certificate contains the id-kp-timeStamping extended key usage
  3. Check for certificate revocation
Chain Integrity Verification
Completeness Invariant Verification The Completeness Invariant is verified against a SEAL event. The SEAL event MUST be anchored to a TSA to provide external timestamp binding for the entire collection. ci.LastTimestamp: return COMPLETENESS_VIOLATION( "Event timestamp after collection end") return VALID ]]>
Attack Detection
AttackDetection
Delete eventHash sum mismatch and/or count mismatch
Add fake eventCount mismatch and/or hash sum mismatch
Reorder eventsChain integrity violation (PrevHash mismatch)
Modify eventEventHash mismatch in chain
Privacy Considerations
Location Data Location collection SHOULD be disabled by default. When enabled, implementations SHOULD:
  • Clearly indicate when location is being recorded
  • Allow users to delete location from individual events
  • Consider privacy implications of location precision
Biometric Data Implementations MUST NOT store raw biometric data (fingerprints, face images). Human presence verification, if implemented, SHOULD:
  • Process biometrics locally on-device
  • Store only verification results (boolean flags)
  • Never transmit biometric data to external services
Tombstone Privacy When events are deleted via TOMBSTONE:
  • Original event content is removed
  • TOMBSTONE preserves chain integrity
  • Reason codes allow selective disclosure
Shareable vs Forensic Proofs Evidence Packs may be created with different privacy levels:
LevelIncludesUse Case
ShareableTimestamp, device info, asset hashSocial sharing
ForensicAll metadata including locationLegal proceedings
Security Considerations
Hash Algorithm Agility This specification mandates SHA-256 for all hash computations. Future versions MAY define additional algorithms via the HashAlgo field. Verifiers MUST reject unknown hash algorithms.
Signature Algorithm Requirements Implementations MUST support ES256 (ECDSA with P-256 and SHA-256) for mobile device compatibility. Ed25519 MAY be supported for non-mobile implementations. Private keys SHOULD be stored in hardware security modules (Secure Enclave, StrongBox, TPM) where available.
TSA Trust Security of timestamp proofs depends on TSA trustworthiness. Implementations:
  • MUST verify the CMS signature in the TimeStampToken per
  • SHOULD validate the certificate chain to a configured trust anchor
  • SHOULD use TSAs with published certificate policies
  • MAY support multiple TSA services for redundancy
If certificate chain validation fails but CMS signature verification succeeds, the result SHOULD be VALID_WARNING rather than INVALID, as the timestamp binding is cryptographically sound even if the TSA's identity cannot be fully verified.
Merkle Tree Security
Domain Separation The 0x00/0x01 prefix bytes ensure:
  • Leaf hashes cannot equal internal node hashes for any input
  • An attacker cannot construct a valid proof by substituting internal nodes for leaves
  • The tree structure is unambiguous given a root hash
This construction differs from Certificate Transparency which uses a similar but incompatible scheme.
Padding Security Duplicating the last leaf for padding:
  • Is deterministic (no randomness)
  • Produces the same tree for the same inputs
  • Does not leak information about padding count (TreeSize is explicitly stored)
Clock Accuracy Device timestamps (Timestamp field) are self-attested and may be inaccurate. The authoritative timestamp is GenTime from the TSA response. Implementations SHOULD warn users when device time differs significantly from TSA GenTime (e.g., more than 5 minutes).
Deletion Detection Limitations The Completeness Invariant detects deletions within a sealed collection. It does NOT detect:
  • Events never created (adversary captured but never recorded)
  • Events in other collections
  • Deletions before sealing
XOR Hash Sum Limitations The Completeness Invariant uses XOR for omission detection, NOT for cryptographic commitment. Important limitations:
  • Collision by design: XOR is commutative and self-inverse. An attacker who can forge TWO events with EventHashes that XOR to zero can delete both without detection.
  • Not a commitment scheme: Unlike Merkle roots, the XOR hash sum does not cryptographically bind to a specific set of events.
  • Complementary mechanism: The CI is designed to work WITH the Merkle tree anchor, not replace it. The TSA-anchored Merkle root provides the cryptographic commitment; the CI provides additional omission detection for collections.
Threat model: The CI protects against accidental deletion or deletion by parties who cannot forge events (e.g., device owners deleting their own legitimately-captured evidence). It does NOT protect against adversaries who control event creation.
Canonicalization Attacks JSON canonicalization per prevents ordering and whitespace attacks. However, implementations MUST ensure:
  • Field names exactly match the specification (PascalCase for events)
  • No additional fields are introduced before hashing
  • Unicode normalization is handled consistently
IANA Considerations This document has no IANA actions.
Implementation Experience
VeraSnap (Non-Normative) VeraSnap is a consumer iOS application implementing CPP. It demonstrates:
  • Secure Enclave key storage with ES256 signatures
  • RFC 3161 TSA integration with multiple providers
  • Merkle tree construction per this specification
  • Offline proof verification
Implementation validated that:
  • Single-leaf Merkle proofs verify correctly
  • TSA messageImprint extraction works across TSA providers
  • Evidence Packs enable verification without network access
Deployment experience informed the explicit specification of:
  • AnchorDigest computation (avoiding double-hashing)
  • Single-leaf tree invariants
  • LeafHashMethod field for algorithm agility
 References Normative References Informative References C2PA Specification Coalition for Content Provenance and Authenticity
JSON Examples
Canonical Event (Normative) The canonical event structure uses PascalCase field names. This is the structure that MUST be used for EventHash computation.
SEAL Event (Normative)
Anchor Structure (Normative)
Evidence Pack (Non-Normative) The Evidence Pack is a distribution format. Field names use snake_case for compatibility with common JSON conventions in web APIs. This format is non-normative; implementations MAY use alternative formats. Note: When verifying an Evidence Pack, implementations MUST reconstruct the canonical event structure (PascalCase) from the evidence pack fields before computing EventHash.
Test Vectors All test vectors in this section use the domain-separated hash construction defined in this specification.
Test Vector 1: Single-Leaf Tree Input: Computation: Expected Anchor: Verification:
Test Vector 2: Two-Leaf Tree Input: Computation: Verification of Index 0: current is LEFT child 3. siblingHash = sha256:4f16119d36ccd0da91102f57692d73934fd0ad2494280df88449accedbbfb7ea 4. currentHash = SHA256(0x01 || currentHash_bytes || siblingHash_bytes) = sha256:03938e2c8f758e6cae443d499b41c899c373eb0c0198bae61796a069f2b05904 5. Compare with expected Root: MATCH Result: VALID ]]>
Test Vector 3: TSA messageImprint Verification Input: Verification:
Acknowledgements The authors thank:
  • The VeritasChain Standards Organization (VSO) for developing the CPP specification series
  • The implementers of VeraSnap for validation feedback that improved this specification
  • Early reviewers who identified the domain separation and Completeness Invariant modeling issues