StellarProof is a decentralized digital content verification and provenance platform built on the Stellar blockchain. It enables creators, developers, and platforms to generate immutable authenticity proofs for digital media directly on-chain using Soroban smart contracts (Stellar's native smart contract platform built on Rust/WASM).
By leveraging Stellarβs ultra-low transaction fees (~0.00001 XLM), fast 3β5 second finality, and energy-efficient Stellar Consensus Protocol (SCP), StellarProof makes large-scale content verification affordable, scalable, and environmentally sustainable.
StellarProof provides Proof-as-a-Service APIs, allowing any application to verify content origin, integrity, and authenticity using a hybrid Web2 + Web3 verification pipeline. StellarProof transforms the Stellar network into a truth engine for digital media.
| Property | Value |
|---|---|
| Project Name | StellarProof |
| Goal | Provide verifiable, auditable provenance for digital media and metadata |
| Blockchain | Stellar Network |
| Smart Contracts | Soroban (Rust) |
| Frontend | Next.js + TypeScript + Tailwind CSS |
| Backend (Business Logic) | Node.js + Express + TypeScript + MongoDB |
| Storage Layer | IPFS (Decentralized) or MongoDB (High Performance) |
| Encryption Layer | StellarProof Key Management Service (KMS) |
| Trusted Verification Layer | Oracle-driven TEE using AWS Nitro Enclave |
| Monorepo Manager | pnpm |
Digital media today can easily be manipulated, forged, or misrepresented (e.g., Deepfakes, AI-generated content). StellarProof provides a robust solution through:
- β Tamper-proof content provenance: Ensures the history and origin of content are recorded immutably.
- β Cryptographic authenticity verification: Uses advanced cryptographic techniques to verify that media has not been altered.
- β On-chain certification of digital media: Mints a permanent record on the Stellar blockchain that serves as a "digital birth certificate" for the asset.
- β Trustless verification for third-party apps: Allows external applications to verify media without relying on a central authority.
- β Secure encryption and access control: Protects sensitive media content while allowing controlled sharing.
- β Developer APIs for integration: Simplifies the integration of trust verification into existing workflows.
StellarProof combines Web2 infrastructure (for speed and storage) with Web3 trust guarantees (for immutability and verification).
graph TD
A[Media + Manifest] -->|Upload| B(Storage: IPFS / MongoDB)
B -->|Fetch| C{TEE Verification}
C -->|Oracle Worker| D[AWS Nitro Enclave]
D -->|Attestation| E[Soroban Smart Contract]
E -->|Mint| F[On-Chain Provenance Certificate]
- Upload: Supports images, videos, documents, or AI-generated media.
- Manifest: Attaches a JSON manifest describing origin metadata (creator, timestamp, device info).
- Certification: Generates immutable authenticity certificates on Stellar.
StellarProof provides a comprehensive Key Management Service that:
- Encrypts media before it enters the storage layer, ensuring privacy.
- Controls decryption permissions, allowing creators to specify who can view the content.
- Enables creator-controlled content access via dynamic policies.
- Supports key rotation and audit trails for enterprise-grade security.
StellarProof leverages Trusted Execution Environments (TEEs) to bridge off-chain data with on-chain trust.
- AWS Nitro Enclaves: Provides a highly isolated compute environment to protect verification code and data from external tampering.
- Oracle Worker Nodes: Orchestrate the flow of data between storage and the TEE.
- Cryptographic Attestation: The TEE generates a signed proof that the verification code ran correctly and produced specific results.
- Verifies media integrity against the manifest.
- Verifies manifest authenticity.
- Generates signed attestation hashes for the blockchain.
Soroban contracts mint immutable certificates containing:
- Storage reference IDs: Links to the off-chain media (IPFS CID or Database ID).
- Manifest hash: Ensures the metadata hasn't been altered.
- Attestation proof hash: Links to the TEE verification result.
- Timestamp & Creator Identity: Proves when and by whom the content was created.
Developers can easily integrate StellarProof:
- Submit verification jobs:
POST /api/verify/submit - Query certificate status:
GET /api/verify/status/:jobId - Receive webhook notifications: Real-time updates on verification progress.
StellarProof/
βββ README.md
βββ Dockerfile
βββ pnpm-workspace.yaml
βββ package.json
βββ .env.example
β
βββ frontend/ # Next.js frontend + API routes
β βββ app/
β β βββ api/
β β β βββ health/
β β β βββ route.ts
β β βββ layout.tsx
β β βββ page.tsx
β β βββ creator/
β β βββ upload-content/
β β βββ page.tsx
β βββ components/
β βββ styles/
β
βββ backend/ # Node.js + Express backend (Business Logic & APIs)
β βββ src/
β β βββ config/
β β βββ controllers/
β β βββ routes/
β β βββ index.ts
β βββ package.json
β βββ tsconfig.json
β
βββ oracle-worker/ # TEE orchestration worker
β βββ src/
β β βββ teeExecutor.ts
β β βββ attestationService.ts
β β βββ verificationPipeline.ts
β
βββ services/
β βββ storage/ # IPFS / MongoDB management
β βββ kms/ # Encryption & key management
β βββ stellar/ # Stellar SDK integration
β βββ verification/ # Verification orchestration
β
βββ contracts/
β βββ stellarproof/
β βββ src/
β β βββ lib.rs
β β βββ test.rs
β βββ target/
β βββ Cargo.lock
β βββ Cargo.toml
β βββ Makefile
β
βββ packages/
β βββ ui/
β βββ shared/
β βββ types/
β βββ utils/
β
βββ scripts/
βββ deploy.sh
βββ testnet-config.sh
- Manifest Creation: Creators prepare a JSON manifest containing content hash, timestamp, creator metadata, and optional device/AI info.
- Upload Media & Manifest: Uploaded via
/creator/upload-content. - Optional Encryption: Media is encrypted using StellarProof KMS, generating encryption metadata and access policies.
- Storage Layer: Files are stored on IPFS (for decentralization) or MongoDB (for speed). A storage reference ID is returned.
- Verification Request: The creator submits a request to the Soroban smart contract.
- TEE Oracle Verification:
- The Oracle Worker fetches files.
- Executes verification inside the AWS Nitro Enclave.
- Produces an attestation report and verification hash.
- On-Chain Certification: Soroban contract verifies the attestation and mints a Provenance Certificate.
- POST
/api/verify/submit: Submit a new media file for verification. - GET
/api/verify/status/:jobId: Check the status of the verification process. - POST
/api/webhook: Receive a callback when verification is complete.
Each verification uses a flexible JSON manifest to enable unlimited use cases without backend modification:
{
"contentHash": "sha256:...",
"creator": "G...",
"timestamp": "2023-10-27T10:00:00Z",
"metadata": {
"device": "Camera Model X",
"location": "Lat/Long",
"aiModel": "None"
}
}- Store verification requests: Acts as the immutable log of requests.
- Validate TEE attestation signatures: Ensures the proof comes from a trusted enclave.
- Store trusted TEE code hashes: Governance mechanism to approve valid TEE versions.
- Mint provenance certificates: Creates the final digital asset.
- File storage: Handles large media files (expensive on-chain).
- Encryption management: Securely manages keys (KMS).
- TEE execution: Performs heavy computation for verification.
- Oracle orchestration: Coordinates the workflow.
- π Verification Oracle Contract: Handles verification request submission, attestation verification, and request state management.
- π Provenance Certificate Contract: Stores storage IDs, attestation hashes, creator identity, and timestamps.
- π§Ύ TEE Registry Contract: Maintains a registry of approved TEE code hashes and trusted Oracle providers.
Each attestation includes:
- TEE signature: Cryptographic proof of origin.
- Code measurement hash: Proof that the correct code ran.
- Input storage hashes: Proof of what data was processed.
- Verification output hash: The result of the verification.
- Execution timestamp: When it happened.
| Storage | Purpose | Details |
|---|---|---|
| IPFS | Decentralized permanent storage | Ensures content is available globally and uncensorable. Ideal for public proofs. |
| MongoDB | Fast metadata queries & MVP storage | Provides low-latency access and easier management for private or enterprise use cases. |
| Component | Technology |
|---|---|
| Blockchain | Stellar Network |
| Smart Contracts | Soroban (Rust) |
| Frontend | Next.js + TypeScript + Tailwind CSS |
| Backend | Node.js + Express + TypeScript |
| Storage | IPFS / MongoDB |
| Encryption | Custom KMS |
| Trusted Compute | AWS Nitro Enclave |
| Oracle | Node.js Worker |
| Package Manager | pnpm |
- Node.js 20+
- Rust (latest stable)
- Cargo
- Use Stellar CLI for Soroban commands (Recommended)
- pnpm
- Stellar wallet (Freighter recommended)
-
Clone Repository
git clone https://github.com/yourusername/StellarProof.git cd StellarProof pnpm install -
Run Frontend
cd frontend pnpm dev -
Run Backend
cd backend pnpm dev -
Run Oracle Worker
cd oracle-worker pnpm dev -
Compile Smart Contracts
cd contracts cargo build --target wasm32-unknown-unknown --release OR stellar contract build OR Soroban contract build
-
Unit Tests:
cargo test -
Integration Testing:
soroban network start ./scripts/deploy.sh
-
Testnet:
soroban contract deploy \ --wasm target/wasm32-unknown-unknown/release/contract.wasm \ --network testnet
-
Mainnet:
soroban contract deploy \ --network mainnet
- Journalism Authenticity: Verify source and time of news footage.
- AI-Generated Content Verification: Distinguish between human and AI creation.
- NFT Provenance: Link NFTs to verifiable off-chain assets.
- Document Compliance: Ensure legal or regulatory documents haven't been tampered with.
- Legal Audit Trails: Create immutable chains of custody for evidence.
- Media Authenticity Platforms: Power social media fact-checking.
- Supply Chain Media Verification: Verify photos of goods at different transit points.
- Prediction Market Resolution: Use verified media as trustless oracles to resolve market outcomes (e.g., sports results, weather events).
- Phase 0 β Architecture Design: Manifest schema, storage abstraction, Soroban contract schema.
- Phase 1 β MVP Creator Workflow: Upload UI, Storage integration, Verification Oracle contract, Basic TEE simulation.
- Phase 2 β Developer APIs: SDK release, Webhooks, Job management.
- Phase 3 β Security Hardening: Full Nitro Enclave deployment, KMS key rotation, Monitoring dashboard.
- Phase 4 β Ecosystem Integration: NFT provenance linking, Marketplace verification APIs, Cross-platform SDKs.
- Phase 5 β Governance & Registry: TEE hash governance, Oracle provider staking.
We welcome contributions!
- Fork the repository.
- Create a feature branch (
git checkout -b feature/amazing-feature). - Commit your changes (
git commit -m 'Add some amazing feature'). - Push to the branch (
git push origin feature/amazing-feature). - Open a Pull Request.
- For more details, please check our CONTRIBUTING.md.
MIT License
- Built on Stellar Blockchain
- Powered by Soroban Smart Contracts
- Inspired by decentralized authenticity infrastructure
StellarProof aims to become the universal authenticity layer for digital content across the Stellar ecosystem, enabling trust, transparency, and verifiable digital truth.