Provenance Tier · v1

Prove what your AI
actually generated.

Every Provenance Tier report is cryptographically signed by a Pi Zero physical witness node chained to a public entropy beacon. Third parties verify the signature in their own browser, against a public Ed25519 key, with no backend trust. Built for legal, financial, and regulated workflows where "we ran it through Claude" needs to survive discovery.

Talk to us How it works

fleet0 pk_fp cac5f21a70564aeb / pulse beacon since Apr 2026 / Ed25519 over Sha-256 chain

Buyer · 01

Why this exists.

/01

Litigation defense

Opposing counsel claims your AI analysis was retrofitted post-hoc. Hand them a signed manifest, an immutable timestamp on the public beacon, and a witness pubkey they can verify from their laptop.

/02

EU AI Act log-retention readiness (Article 26)

Article 26 (deployer log retention) demands "we used model X on data Y at time Z" kept for ≥6 months. Provenance answers it cryptographically — a checked box, not a paragraph. Article 13 documentation and Article 26 human-oversight obligations are organizational deliverables, not crypto artifacts; Provenance Tier covers the log-retention slice.

/03

Internal audit

SEC, FCA, internal risk. "Prove the AI was used correctly, not after the fact." Signed timestamps from a witness you don't control. The auditor verifies it in their browser; no audit log to argue about.

/04

Adversarial provenance

Intelligence and journalism workflows where the source matters. "Yes that's our analysis, here's proof of when it was generated and what it was generated from. Verify it yourself." The deepfake era's antibody.

Architecture · 02

The chain.

your input sha-256 prompt_hash
model output sha-256 response_hash
model identity weights_hash (canonical, public)
timestamp ISO-8601 UTC

all of the above canonical message sha-256 inner_digest

fleet0 reads current entropy/pulse  →  pulse_id, value_hex
fleet0 Ed25519-signs  attest|v1|inner_digest|pulse_id|value_hex|witnessed_at

ledatic.org PUTs the manifest at /provenance/manifest/<id>
public verifier at /verify/<id>  →  in-browser crypto.subtle.verify

no backend trust required. fleet0's pubkey is constant. you own the verification.
→ See a real signed manifest verify in your browser
Comparison · 03

What competitors can’t do.

OpenAI · Anthropic · Google

  • Sign their own outputs with their own key
  • You're trusting their audit log, not cryptography
  • No third-party witness
  • No public timestamp anchor
  • Centralized; opaque internals
  • "Trust the vendor"

Ledatic Provenance

  • Signed by a Pi Zero you can SSH into and inspect
  • Public Ed25519 pubkey, browser-verifiable signatures
  • Independent witness node, separately controlled
  • Chained to a public entropy beacon you can read live
  • Decentralized witness network (more nodes coming)
  • "Trust the cryptography"
Engagement · 04

Scoped to fit.

Provenance engagements are sized to the inspector you're answering to. A regulator with a quarterly audit cycle is a different shape than a newsroom defending a single story, which is different again from a litigation hold. Write us with the shape of your problem and we'll size honestly: what the chain has to cover, how many witnesses, what retention, what the verifier UX needs to look like for the person actually doing the checking. The cryptographic floor is included by default; that's the point.

Get in touch See a real signed manifest
FAQ · 05

Common questions.

How is this different from OpenAI signing my output?
OpenAI signs with a key they control, against an audit log they maintain. You're trusting them. We sign with a Pi Zero you can SSH into, verifiable against a public Ed25519 key, chained to a public beacon. The witness is independent of the signer. Anyone can verify the chain end-to-end without contacting us.
What if fleet0 (the Pi) goes down or is compromised?
If fleet0 is unreachable at sign-time, the report is delivered unsigned with a clear "unwitnessed" disclosure — no false claims. Provenance+Audit tier provisions a secondary witness so single-node outages don't block signing. If a key is ever compromised we publish a revocation and rotate; affected manifests are flagged on /verify.
Why a Pi Zero — that's not "enterprise-grade hardware."
Independence is the feature. The whole point is that the signing key lives on a small, dedicated, inspectable physical device that doesn't share infrastructure with the model host or the report generator. Off-the-shelf hardware is a virtue here, not a flaw.
Can you backdate a manifest?
No. The witness signs over the current pulse_id of the public entropy beacon. Pulses are append-only and timestamp-anchored on Cloudflare. To backdate, we would have to forge the public beacon — which third parties read continuously. Not happening.
Does the verify page need our backend?
No — with one honest qualifier. /verify/<id> serves a static HTML/JS page that fetches the manifest JSON and runs crypto.subtle.verify in the visitor's browser. The fleet0 public key is a constant in the page. The only network call is to fetch the manifest. You can clone the page, change the manifest URL, run it from disk — same result. For maximum independence, do that. Public verifications via the live URL trust Cloudflare's CDN to deliver the same JS to every visitor; that is industry-standard but not zero-trust. Belt-and-suspenders auditors should fetch a local copy of verify.html, verify its hash matches the published value, and run it from disk. We also publish a fully self-contained, zero-CDN verifier at tools/verify/standalone.html in the ledatic-site repo (SHA-256 fe114e269380c5b47883a12ccf3c6740b414e98eadb7cc72a667ac8ae24df821); download it, verify the hash with shasum -a 256 standalone.html, and open it in any modern browser to verify any manifest URL or pasted JSON without trusting our CDN at all.
Browser support for Ed25519?
Chrome 137+, Safari 17+, Firefox 138+. The verify page also displays the manifest fields and the inner-message integrity check independently of WebCrypto, so older browsers still see most of the chain — they just can't run the final signature check.
EU AI Act — concretely?
Article 26 (deployer obligations) demands logs retained ≥6 months. Provenance gives you a cryptographic, third-party-verifiable artifact for that requirement — auditable in seconds rather than reconstructed from internal logs after the fact. Article 13 (transparency to deployers — model identity, capabilities, intended use, training-data summary) and Article 26's human-oversight + monitoring obligations are organizational deliverables, not crypto artifacts. Provenance Tier covers the log-retention slice; we can scope the rest with you but do not produce them as crypto.
Inspect the witness · 06

Live infrastructure.

/pubkey

fleet0 Ed25519 public key

Raw 32 bytes (base64): BYCyN+fTbPuRA0BKpSmWhzW+auY1IXiOo99C4cmXBQI=

/witness

Latest signed observation

/witness/fleet0/latest — fleet0 signs each pulse it observes; this is the most recent.

/pulse

Public entropy beacon

/entropy/pulse — append-only, every ~30s, the chain anchor every Provenance manifest binds against.

/log

Beacon history

/entropy/pulse/log — last 50 pulses with prev_hash chain. Walk the chain in one request.

Ready · 07

Your AI generated something.
Prove it.

Start a conversation Verify a sample report