AI content provenance with C2PA and post-quantum signatures
Content provenance answers "where did this asset come from and what happened to it?" by attaching a signed, tamper-evident manifest to a piece of media. The C2PA standard (Content Credentials) is the open specification for this: it binds a cryptographically-signed record of origin and edit history to an image, video, audio clip or document, so a viewer can check the claim rather than guess whether content is authentic or AI-generated.
How C2PA provenance works
A C2PA manifest records assertions about an asset — who created it, whether an AI tool was involved, what edits were applied — and hashes the asset so the manifest is bound to those exact bits. The manifest is then signed. Alter the pixels or the manifest and verification fails, revealing tampering. This is provenance by declaration and signature, not by after-the-fact detection: the trust comes from a verifiable chain back to a signing identity, not from a classifier guessing at authenticity.
The signature is the trust anchor
A Content Credential is only as trustworthy as the signature on it. If that signature can be forged, an attacker can fabricate provenance — attach a convincing but false origin history to any asset. Today most signing uses classical schemes (ECDSA, RSA). Because provenance records are meant to be checked for years, and a classical signature becomes forgeable once large quantum computers exist, signing manifests with post-quantum ML-DSA (Dilithium, FIPS 204) keeps the provenance claim unforgeable across the asset lifetime.
Honest scope
C2PA proves an asset carries a signed history from a specific identity and has not changed since signing. It does not prove the content is true, nor detect assets that carry no credential — provenance is opt-in marking, not universal detection, and it is not an AI detector. Its value is a verifiable chain of custody. Post-quantum signatures extend that chain durability; they are resistant to known classical and quantum attacks per NIST, not unbreakable.
Try it yourself — live, free, verifiable in 30 seconds:
Sign content credentials →