How Chronicled works
The four proof signals
A timeline of a session, on its own, only proves a progression happened over time — not that a human made it. Chronicled strengthens the claim by binding four independent signals into one tamper-evident record:
- Process telemetry — stroke timing, pressure, tilt, tool changes, undo/redo. Human input cadence is hard to fabricate convincingly at scale.
- Incremental visual diffs — periodic canvas snapshots showing the work building up monotonically.
- Device & environment attestation — the device/app context the work was captured in.
- Continuity hash-chain — every event commits to the previous one, and every sitting commits to the previous sitting, so nothing can be inserted, removed, reordered, or backdated across the whole multi-sitting timeline.
Sittings, sealing & anchoring
A work is built over one or more sittings. Each sitting is its own event hash-chain; when you pause, it's committed into a session digest, signed, and timestamped on Bitcoin via OpenTimestamps — so every sitting has independent proof of when it happened. When you finalize, all sitting digests are committed into one work Merkle root (a two-level structure: events → sitting → work), signed, and anchored as the certificate. A public chain only moves forward, so backdating is impossible and any later edit breaks the proof. Building across real calendar time makes the record stronger, not weaker — it's far harder to fake a believable multi-week rhythm than a single burst.
Automatic watermarking at finish
Finalizing also auto-embeds a layered invisible watermark into the finished artwork (steganographic + signed metadata + perceptual hash) pointing back to the certificate — no separate upload step. If you publish a higher-resolution export, you can submit it and we verify it perceptually matches the captured progression before watermarking it, so a certificate can never be attached to an unrelated image. Anyone can later drop any copy into the resolver to trace it back.
Importing from a partner tool (Procreate)
You can also create in Procreate and upload its exported timelapse .mp4. A timelapse alone doesn't prove a human made it — so the certification rests on a vendor attestation: the tool cryptographically signs the export with its key, and we verify against Procreate's known public key. We also analyse the timelapse to confirm it builds up graduallylike real drawing rather than a finished image appearing at once. (In this prototype the Procreate signature is simulated, but the verification path is real.)
What stays private
Only hashes are public. Your draft frames and raw telemetry are stored privately and content-addressed; you choose if and when to reveal them. The certificate can prove the record is intact without exposing the work itself.
Honest threat model
Chronicled raises the cost of forgery and makes tampering detectable; it does not claim magic. Known limits we design against: (1) a sufficiently sophisticated actor could replay synthetic telemetry — countered by device attestation, optional liveness, and identity staking; (2) invisible watermarks can be cropped or re-encoded — countered by layering steganography + signed C2PA-style metadata + a perceptual-hash registry, so defeating one layer still leaves the others (implemented; try the self-test); (3) the chain proves when and that it's unchanged, while the human-cadence heuristics provide the who/how. Strength comes from combining all layers.