Integrity model

Verifiable by anyone. Trusted by no one.

DarkMatter’s guarantees are cryptographic, not contractual. Here is exactly what we claim, and how to verify it yourself.

Run the verifier →Read ENVELOPE_SPEC_V1

Three properties · non-negotiable

L101 / 03

Tamper-evident hash chain

Every commit is SHA-256 hashed client-side and linked to its parent. Modifying any record breaks every downstream hash, detectable by anyone, offline, with no DarkMatter dependency.

L202 / 03

Independent timestamp anchor

Checkpoint bundles are anchored via OpenTimestamps. The timestamp proof lives entirely outside DarkMatter’s infrastructure and is independently verifiable.

L303 / 03

Non-repudiation

Commits are signed with a key only you hold before they reach our servers. DarkMatter cannot forge a record on your behalf. Non-repudiation by construction, not by policy.

Verification levels

Assurance levels (L1 through L3) describe the strength of the cryptographic guarantee. Each level is additive.

L101

Verifiable record

SHA-256 payload hash + parent chain linkage. Tampering at any node breaks every downstream hash. Independent offline verifier included.

Default with every dm.commit() call. No extra steps.

L202

Independent verification

Signed checkpoint bundles anchored via OpenTimestamps. Timestamp proof lives outside DarkMatter’s infrastructure entirely.

Automatic. Every checkpoint batch is anchored and signed.

L303

Non-repudiation

Customer-held signing keys. Even DarkMatter cannot forge a record. Only your key can sign a valid commit.

Available now. Generate a key with dm.generate_customer_keypair() in Python. See L3 setup.

What we claim · and what we don’t

We claim

Payload wasn’t altered after commit

The SHA-256 hash is computed client-side before transmission. Any modification breaks the hash. Verifiable offline.

We claim

Record predates any dispute

OpenTimestamps anchors checkpoint bundles independently. OpenTimestamps creates a cryptographic proof that a piece of data existed at a specific point in time, verified by an independent infrastructure outside DarkMatter. The timestamp proof is external and independently verifiable.

We claim (L3)

DarkMatter cannot forge a record

Customer-held Ed25519 keys sign the envelope before it reaches our servers. We never see the private key. We cannot produce a valid signature.

We do not claim

Payload confidentiality

Payloads are stored in plaintext by default. DarkMatter personnel with database access can read them. To keep payloads private, encrypt client-side before calling dm.commit(). This works on any plan. DarkMatter stores whatever you send.

Technical specification

Hash algorithm

SHA-256 · canonical JSON serialization

Signature algorithm

Ed25519 · ENVELOPE_SPEC_V1

Timestamp anchor

OpenTimestamps

Key management

Customer-generated Ed25519 keypair · public key registered · private key never transmitted

Offline verifier

Open-source · github.com/darkmatter-hub/darkmatter-l3-example

Spec

ENVELOPE_SPEC_V1.md

Get started

Verify it yourself.

Download a proof bundle and run the offline verifier. No DarkMatter account required.

Run the verifier →Read the docs