The DKIM of
the AI era.
Crovia Seal is a tamper-evident, cryptographically signed receipt — about 500 bytes of canonical JSON — attachable to any AI output: text, code, image, audio. Anyone can issue. Anyone can verify, offline, in three lines of Python. No vendor lock-in, no central server, no token, no consensus protocol. Just signatures and hash chains, the way standards should be.
AI outputs are generated billions of times per day with zero forensic trail. When one causes harm — a copyright claim, a defamation lawsuit, a regulatory inquiry — the evidence needed to reconstruct what happened has already evaporated. The logprobs are gone. The model state is gone. The input–output link is unverifiable.
Crovia Seal fixes this, by design, without requiring cooperation from model vendors. The seal can be emitted client-side — by a proxy, by a browser extension, by an IDE plugin. It becomes the DKIM of the AI era: silent, ubiquitous, eventually mandatory.
What Seal is not: not a judge, not a detector, not a blockchain, not surveillance. A seal commits to hashes of input/output, not the content itself. Privacy-preserving checks via optional ZK proof bundles are part of the extended spec. The seal records facts; courts judge.
Five things only Seal does
Canonicalization that cannot ambiguate
A strict subset of RFC 8785 that forbids floating-point in signed payloads. The exact bytes that get signed are fully derivable from the seal — with one canonicalization algorithm and no edge cases.
Invisible mark that survives copy-paste
Crovia Invisible Mark: zero-width Unicode steganography that embeds the seal_id directly inside the AI output. The text travels through Word, Telegram, court filings — the seal id rides along, invisible.
Cannot be back-dated, ever
Optional anchor against public randomness beacons (drand by League of Entropy). A seal that anchors to round R proves it was created after the moment R was published. Combined with our substrate's Bitcoin anchor: temporal proof at two layers.
Adoption without permission
Detectors implemented for ChatGPT, Claude, Gemini, Perplexity. A «Seal» button appears next to every AI answer. One click, the response is sealed with a local Ed25519 key and copied to your clipboard with the CIM embedded.
One env var, full conformance
Drop-in replacement for api.openai.com that seals every response. CROVIA_INJECT_CIM=true, CROVIA_BEACON_ANCHOR=true, done. Your enterprise AI is provenance-compliant by default.
Adopt in 60 seconds
Put the proxy in front of your model
Every response you serve carries a cryptographic receipt. Auditors, regulators, and users can prove a given output is — or is not — authentically from your system, regardless of the path it travelled.
# add the proxy in front of your endpoint pip install -e integrations/proxy CROVIA_UPSTREAM_URL=http://your-model:8000 \ CROVIA_INJECT_CIM=true \ CROVIA_BEACON_ANCHOR=true \ crovia-proxy --port 443
Install the browser extension
Every time you use ChatGPT / Claude / Gemini / Perplexity, a Seal button appears next to each answer. One click — the response is sealed with your local Ed25519 key and copied with an invisible Crovia mark that survives paste.
# build the extension (Chrome/Firefox MV3) cd integrations/browser-extension npm install && npm run build # load the dist/ folder as an unpacked extension
Verify a seal in three lines
You received a text claiming to be from an AI. Open the universal verifier, paste it. If a CIM is present, you see the seal_id. Ask the issuer for the seal, verify offline.
# offline verification, no network from crovia_seal import verify_seal import json seal = json.loads(open("received.seal.json").read()) vr = verify_seal(seal, issuer_pubkey_hex="<pinned key>") assert vr.ok, vr.errors
Run a transparency log
RFC 6962 Merkle log: any issuer can submit, any verifier can prove a seal was — or was not — submitted, and that the log has not re-written history.
# run the tlog server pip install -e integrations/tlog crovia-tlog --port 7979 # anywhere on the public internet curl http://localhost:7979/v1/sth
What a seal looks like
A seal is a single, self-describing JSON object. Below is a minimal example. The signature is computed over the CSC-1 canonicalization of every other field, with a domain-separated prefix ("CROVIA-SEAL-v1").
{
"seal_version": "crovia-seal-v1",
"seal_id": "sl_a8f2c4b919e7…",
"issuer": {
"id": "crovia-proxy.example.com",
"pubkey_alg": "Ed25519",
"pubkey": "0xabd5…"
},
"generator": {
"vendor": "openai",
"model": "gpt-4o-2024-11-20",
"params": {
"temperature": "0.7" // strings, not floats (CSC-1)
}
},
"subject": {
"input_hash": "sha256:c5f0…",
"output_hash": "sha256:9b1a…",
"output_length": 2174
},
"chain": {
"prev_seal_id": "sl_77e2b9c3…",
"index": 42891
},
"anchors": {
"drand_round": 3914027,
"tlog_inclusion": "<optional RFC 6962 proof>"
},
"issued_at": "2026-05-03T17:43:29Z",
"signature": "Ed25519:…"
}
Seal & Substrate — two halves of the same thesis
Substrate (the AXIOM ledger you see at /substrate/ and /chains/) is what Crovia observes about the rest of the AI world — signed forensic evidence we operate as a public service.
Seal is what Crovia gives back to the world — an open, permissionless protocol primitive anyone can run. It is not a service we sell. It is a standard we steward.
Substrate proves Crovia knows how to design append-only signed history. Seal is the productization of that knowledge for everyone else's AI outputs. Together they form a complete provenance fabric: what the world said, and what every AI output proved about itself when it was uttered.
Get involved
Permissionless by design.
No registration. No API key. No rate limit. The license is Apache 2.0 on code, CC0 on the specification text. You do not need our cooperation to start sealing AI outputs today.