--- title: "Specifications Overview" description: " " url: https://instituteofprovenance.org/docs/overview source: Institute of Provenance --- # Specifications Overview The Institute of Provenance publishes open specifications for digital provenance and data attribution. These documents define the formats, protocols, and cryptographic primitives that make verifiable content trust interoperable across implementations. ## Published Specifications ### XION — XI Object Notation The core content format. XION embeds a cryptographic trust block directly in a digital artifact, making the artifact self-verifying without external lookups or third-party trust. - **Trust Block Schema** — Structure of the embedded proof: content hash, signature, public key, certificate chain, and signing metadata - **Canonicalization** — Deterministic content normalization ensuring the same content always produces the same hash regardless of platform or encoding order ### Certificate Hierarchy A purpose-built hierarchical certificate system for content attribution, rooted in the Institute's offline Root CA. - **Root Certificate Authority** — Self-signed Ed25519 root, offline key ceremony procedures, 10-year validity - **Intermediate Certificates** — Issued to Certified Orbital operators for organizational certificate issuance - **Leaf Certificates** — Short-lived (hours to one day) content signing certificates issued on demand ### Wire Protocol The XIO Resolution Protocol defines the binary wire format and query semantics for distributed provenance lookup. - **Record Types** — XIO, XSIGN, XFPR, and Proof record formats - **Query Format** — DNS-like binary message structure with header, question, answer, authority, and additional sections ### Cryptographic Primitives The mandated algorithm set: Ed25519 for signatures, BLAKE3 for content hashing, X.509 for certificate wrapping, and Sparse Merkle Trees for verifiable state. ### Verification Process The four-stage verification procedure: signature validity, chain integrity, revocation status, and temporal validity. ### Perceptual Fingerprinting Applied research specifications for transformation-resilient content identification. - **Luminance Waveform Analysis** — Signal-based image fingerprinting using spectral analysis of luminance waveforms - **Video Fingerprinting** — Dual-track visual and audio waveform analysis with hierarchical temporal aggregation ## Design Principles These specifications are governed by four principles: 1. **Verification must not require trust.** Any party can verify a XION artifact using only the artifact itself and the known Root CA public key. No API calls, no platform accounts, no network connectivity required. 2. **Provenance must survive transformation.** Data is compressed, cropped, re-encoded, and redistributed. Perceptual fingerprinting provides identity matching and manipulation detection that survives the real-world data lifecycle. 3. **Short-lived credentials, offline root.** The Root CA is never exposed to online systems. Leaf certificates are valid for hours, not years. Even a worst-case key compromise is measured in hours, not decades. 4. **Standards must be implementable.** Specifications include interoperability requirements so the standard is not defined by a single implementation. ## Versioning Specifications are versioned independently. The trust block schema includes a version field (`v`) to enable forward-compatible evolution. Breaking changes require a new major version. ## Intellectual Property The XION patent and trademark exist to ensure the standard remains coherent and interoperable, not to restrict adoption. The Institute governs the specification; implementations are open.