Verified provenance

What “Verified” means

Every track encoded by SynthCamp carries a tamper-proof cryptographic signature that proves three things at once: it really came from SynthCamp, it was uploaded by the named artist, and the Creative Credits the artist declared at attestation time match what you're hearing.

The three layers

1. Platform key

SynthCamp publishes one Ed25519 public key (with rotation over time). Anyone can fetch the registry and use the key to validate signatures we emit. The platform key is the trust anchor; without it, nothing below verifies.

2. Artist attestation (per release)

Before a release ships, the artist signs an attestation listing the human contributions and AI tools used. That declaration is timestamped and bound to the release; changing any of it later invalidates the prior signature and forces the artist to re-sign.

3. Per-track signature (in the audio itself)

When a track is encoded, every audio segment ships with an embedded ID3 frame containing the signed payload: release and track identifiers, credit category, human contributions, declared AI tools, any upstream C2PA reference, the attestation timestamp, the encode time, and the signing key id. The signature lives inside the audio bytes themselves, so it survives in any copy of the audio that escapes SynthCamp, regardless of how the copy was obtained. SynthCamp itself does not offer downloads; playback is streaming-only with DRM.

What this lets you do

As a buyer, the green check tells you the track in your library is the same audio the artist signed for. If anyone claimed differently, the signature would catch it.

As a journalist or auditor, you can independently confirm that an audio file came from SynthCamp without trusting our word. Given any SynthCamp-encoded audio in your hands, extract the embedded frame, fetch our public key registry, and verify the signature with any standard Ed25519 library.

As an AI Act conformity check, the embedded marking satisfies article 50 paragraph 2's requirement that AI-generated or AI-modified content be machine-readable.

For developers / verifiers

The two technical artifacts you need are:

Public key registry (JWKS-style JSON)/.well-known/synthcamp-keys.json: list of active and historical signing keys with their key IDs.
Verification spec (Markdown)/docs/provenance-spec: frame format, signature construction, rotation strategy, sample verifier pseudocode.

Both URLs are stable and intended for scripted access (curl, fetch). The Markdown is served as text/markdown so a verifier can pipe it through a renderer or read it raw.

Provenance is part of SynthCamp's commitment to honest AI attribution. Read the broader policy in our transparency report.