AI Content Attestation Protocol

Overview

The attest.ink protocol enables anyone to create verifiable attestations about AI involvement in content creation. It works entirely in your browser, requires no servers, and uses cryptographic signatures to prove authenticity. Anyone can verify attestations independently without connecting to any central authority.

How It Works

1. Create an Attestation

When you create content with AI, you generate a JSON file containing a SHA-256 hash of your content, the AI model used, a timestamp, and optionally a cryptographic signature. The content itself never leaves your device - only the hash is included.

2. Add Digital Signature

You can sign the attestation with your Ethereum wallet using MetaMask or similar tools. This creates a cryptographic proof linking the attestation to your wallet address. Alternatively, use a password-based local signature that doesn't require any wallet software, or implement HMAC-SHA256 signatures for server-side applications.

3. Share and Verify

The attestation is a self-contained proof that can be verified by anyone. Share it as a URL, embed it in your content, or store it anywhere public. Verification happens entirely client-side without contacting any servers.

Attestation Format

Attestations are simple JSON files with a standard schema. Here's a minimal example:

{
  "version": "2.0",
  "id": "2025-01-15-abc123",
  "content_name": "My Article Title",
  "content_hash": "sha256:b6a5c8d9e2f4a3b7c1d8e9f0a1b2c3d4...",
  "document_type": "text",
  "model": "gpt-4",
  "role": "generated",
  "timestamp": "2025-01-15T12:00:00Z",
  "platform": "attest.ink"
}

Additional fields can include author information, prompt hashes for privacy, platform details, and cryptographic signatures. The schema is designed to be minimal yet extensible.

Digital Signatures

Ethereum Wallet Signatures

The primary signing method uses Ethereum wallets like MetaMask. The wallet signs a message containing key attestation fields with your private key. Anyone can verify the signature using your public wallet address. This provides strong cryptographic proof without any blockchain transactions or fees.

Local Password Signatures

For users without crypto wallets, we provide password-based signatures. The system uses PBKDF2 to derive a signing key from your password, then creates an HMAC-SHA256 signature. While this requires the password for verification, it enables signing without any external tools.

HMAC-SHA256 Server Signatures

For server-side applications and automated systems, HMAC-SHA256 signatures provide a secure method using a private signing key. This enables integration with CI/CD pipelines, static site generators, and other automated workflows. The signature includes the content hash, timestamp, and model information, ensuring attestation integrity.

Privacy Features

The protocol preserves privacy by design. Content is never transmitted - only SHA-256 hashes. Prompts can be hashed instead of stored in plaintext. Author information is optional for anonymous attestations. Everything runs locally in your browser without tracking or analytics.

Integration

Attestations integrate seamlessly into existing systems. Add them to HTML meta tags, reference them in markdown files, include them in API responses, or embed them in NFT metadata. The self-contained nature means they work anywhere you can share a URL or JSON file.

Example HTML Integration

<meta name="ai-attestation" content="https://example.com/attestation.json">

<!-- Or embed directly -->
<a href="https://attest.ink/verify/?data=..." target="_blank">
    <img src="https://attest.ink/badge/gpt-4.svg" alt="AI Generated">
</a>

Frequently Asked Questions

Why not use a blockchain?

Blockchains add unnecessary cost and complexity. Our approach is completely free, works instantly, and functions offline. Ethereum signatures provide cryptographic proof without requiring any on-chain transactions.

Can attestations be faked?

Unsigned attestations can be created by anyone, which is by design for accessibility. However, signed attestations are cryptographically bound to the signer's wallet or password. You can trust attestations from known addresses or verify them with the correct password.

What about content storage?

Attestations work with any storage system. Use IPFS for decentralized storage, GitHub for version control, or any web server. The attestation proves the content hasn't changed through its hash, regardless of where it's stored.

Is this legally binding?

Attestations provide cryptographic proof of AI involvement but are not legal documents. They're designed for transparency and attribution in the age of AI, not regulatory compliance.

Open Protocol

This is a fully open protocol. The specification, reference implementation, and all tools are open source. You're free to implement your own tools, suggest improvements, or fork the protocol for your specific needs. Join us in building a more transparent future for AI-generated content.