Technology

Proof created at the source. Verified by anyone.

Lumra signs events at their origin, links them into a hash-chained ledger, and exports bundles that verify with no PriviNet servers, accounts, or goodwill involved. This page is the engineering view of how.

Definition

What is a cryptographically verifiable event record?

A cryptographically verifiable event record is an event that is digitally signed where it happens and linked by hash to the record before it. The signature proves which device or person created it, and the hash chain proves nothing was altered, inserted, or deleted afterward. Verification requires only the exported records and open cryptographic checks (Ed25519 signatures and SHA-256 hashes), not access to the vendor's systems.

Architecture

From the edge, through Lumra, to independent verification.

Edge / source

Where events are born

  • Worker phone: NFC/code scanning, biometric-gated Ed25519
  • Enrolled gateway: sensor witnessing, per-tenant Ed25519 keys
  • Existing systems: cameras, dashcams, IoT platforms via webhook
Lumra core

Normalize, chain, anchor

  • Ingest adapters: normalize events, forward upstream signatures
  • Audit ledger: hash-chained, kept forever
  • Telemetry store: routine readings, 7-day default, fingerprinted into the ledger
Verification

Out of our hands

  • Signed export: JSON Lines audit pack
  • Standalone verifier: zero-dependency
  • Any third party: auditors, insurers, regulators

Signed at the source · linked into the chain · verifiable without us

The model

Proof is created where the event happens.

01 · Signed at source

Signatures bind to actors and devices

Ed25519 signatures are generated where the event occurs: biometric-gated on worker phones, device-bound per-tenant keys on gateways. The signature is born with the event, not added later in someone's cloud.

02 · Honest ingest

We never overstate what we verified

Webhook ingest accepts events from MIOTY networks, sensors, cameras, and dashcams. Vendor signatures we cannot yet verify are marked exactly that way (vendorSignatureUnverified) and preserved, never upgraded or discarded. Honest status is a feature, not a gap.

Two data planes

Permanent proof and high-volume telemetry are kept apart, on purpose.

Plane 1 · Audit ledger

Hash-chained, permanent

  • Carries the events that matter: check-ins, handoffs, anomalies, threshold crossings, batch anchors
  • Every entry signed at source, hash-linked to its predecessor
  • Any tampering breaks the chain, visibly
  • Lifetime retention
Plane 2 · Telemetry store

High-volume, summarized

  • Routine readings, not individually permanent
  • Compressed into a Merkle root
  • The root is anchored into the audit ledger
  • 7-day default retention

Every 60 seconds, a Merkle root of the telemetry anchors into the permanent ledger, so even the readings that expire leave a fingerprint that can't be rewritten.

Independent verification

The proof has to hold up without us. So it does.

No runtime dependency

The verifier is a standalone zero-dependency tool. No PriviNet servers, databases, accounts, or API keys involved.

Anyone can run it

Auditors, insurers, regulators, opposing counsel: the people who shouldn't have to trust you are exactly who it's built for.

The record survives us

Exported bundles verify even if PriviNet ceases to exist. Change one byte in the export and verification fails, naming the broken entry.

$ node verify.js audit-export.jsonl
# checking signatures and chain integrity
entries    1,482 read
signatures 1,482 valid
chain      intact (no breaks)
anchors    all telemetry roots match
✓ VERIFIED, record is complete and unaltered
Primitives & standards

Built on established cryptography, not novelty.

Ed25519 · digital signatures SHA-256 · hashing Merkle trees · telemetry compression ETSI TS 103 357 · MIOTY backbone standard JSON Lines · portable export format
Build status

Real and demoable today.

✓ Ed25519 signing ✓ End-to-end pipeline ✓ CI-tested ✓ Zero-dep standalone verifier ✓ MIOTY ingest ✓ Webhook ingest → roadmap: hardware-level attestation → roadmap: broader source integrations

We will not describe a capability as available until it is. Shipped: source signing, the hash-chained ledger, Merkle-anchored telemetry, MIOTY and HTTP webhook ingest, and the standalone verifier. Everything else is labeled roadmap, here and in every demo.

See it run on real hardware.

A phone tap becomes a signed, chained, independently verifiable record while you watch. Sixty days, twenty-five devices, zero dollars.