[MINUTES] CCG Weekly 2025-06-03 from meetings@w3c-ccg.org on 2025-06-03 (public-credentials@w3.org from June 2025)

From: <meetings@w3c-ccg.org>
Date: Tue, 3 Jun 2025 18:12:18 -0400
To: public-credentials@w3.org
Message-ID: <CA+ChqYdHmMHnjnMUk+xrz=n1oNjr63JsBo2T8t1B0tX844bNNw@mail.gmail.com>
W3C CCG Meeting Summary - 2025/06/03

*Topics Covered:*

   - *Administrative Items:* Code of ethics, intellectual property rights,
   meeting recordings and transcriptions, upcoming meeting agendas (Open
   Wallet Initiative, Verifiable Credentials implementation, community
   meet-and-greet). A statement published by noonhome.com against phoneme
   as an identity solution was also announced.
   - *Providence Marks:* This was the main focus of the meeting. Wolf
   McNally (Blockchain Commons) presented Providence Marks as an innovative
   solution for authenticity verification, particularly relevant in the age of
   AI-generated content and deepfakes.

*Key Points:*

   - *Providence Marks as "Smart Serial Numbers":* These marks provide
   verifiable authenticity and time-sequenced provenance for digital or
   physical works, regardless of ownership. They leverage forward hash chains
   and minimal cryptographic infrastructure, aiming for low cost and ease of
   use for creators. The system is designed to be scalable and interoperable.
   - *Value Creation through Scarcity and Provenance:* The presentation
   emphasized that value is created by the intersection of scarcity and
   verifiable authenticity. Providence Marks address the provenance aspect,
   even where digital scarcity is inherently limited.
   - *Comparison to Existing Systems:* Providence Marks were compared to
   other provenance solutions like cryptographic event logs and C2PA,
   highlighting their minimal data model and low barrier to entry.
   - *Technical Details:* The presentation detailed the technical workings
   of Providence Marks, including the use of forward hash chains,
   pseudo-random number generators (PRNGs), data serialization (DCBORE), and
   human-friendly identifiers (bite words, bite emoji).
   - *Use Cases and Applications:* Several examples demonstrated how
   Providence Marks can be embedded in various forms of media and used to
   track the provenance of digital works and establish trust. The system
   allows for the creation of a verifiable chain of custody and can be
   extended with additional metadata using the optional 'info' field.
   - *Future Development:* The discussion emphasized the need for community
   engagement to further develop tools, public registries, and integration
   with existing services. Further development plans include seed backup and
   recovery, multi-party seed control, and improved integration of metadata
   using various encoding standards.
   - *Contrast with Other Provenance Solutions:* Providence Marks were
   differentiated from blockchains and NFTs by their minimal infrastructure
   requirements, lower barrier to entry, and focus on establishing origin and
   sequencing rather than ownership. The system prioritizes a low barrier to
   entry, making it accessible to a broader range of creators.

Text: https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-weekly-2025-06-03.md

Video: https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-weekly-2025-06-03.mp4
*CCG Weekly - 2025/06/03 11:48 EDT - Transcript* *Attendees*

Alex Higuera, Benjamin Young, Christopher Allen, Erica Connell, Gregory
Natran, Harrison Tang, Hiroyuki Sano, James Chartrand, JeffO - HumanOS,
Jennie Meier, Joe Andrieu, Kaliya Identity Woman, Kayode Ezike, Phillip
Long, Rob Padula, Ted Thibodeau Jr, Vanessa Xu, wendy seltzer, Will
Abramson, Wolf McNally, Ying Tong
*Transcript*

Erica Connell: Yeah. One minute.

Wolf McNally: Good morning. Good morning. Can you hear me?

Ted Thibodeau Jr: Yeah, you're audible.

Wolf McNally: And my main microphone wasn't working, so I switched. I'm not
sure what's going on, but that's something that work.

Ted Thibodeau Jr: I heard you twice. I just didn't get to the button in
time. Yep.

Wolf McNally: Try switching back to my main microphone and see if that
works. This is my main microphone.

Harrison Tang: Yeah, it was me,…

Harrison Tang: I think.

Wolf McNally: Can you hear me?

Harrison Tang: Can you guys hear me?

Wolf McNally: Yes. Absolutely.

Harrison Tang:

Harrison Tang: Okay, thanks thanks again for jumping on. Thanks a lot. All
right, we'll start in about a minute. usually people straw in around 9:03
9:04 mark, but we'll start a little bit before they join. It's fine.

Harrison Tang: All right, we'll start now. So, welcome everyone to this
week's W3CG meeting. today we're very excited to have Wolfe and also I alo
see Christopher jumping from blockchain comments here to actually talk
about Providence Marks. but before we get to the main agenda, just want to
quickly go over some administrative stuff. first of all, just a quick
reminder on the code of ethics and professional conduct. Just want to make
sure we hold a respectful and constructive conversations that we've always
had. It's always good to have a quick remind Next, intellectual property
notes. anyone can participate in these calls. However, all substantive
contributions to any CCG items must be member of the CCG with full IPR
agreements signed.

Harrison Tang: So, if you have any questions in regards to getting a W3C
account or the community contributor license agreement, please feel free to
reach out to any of the co-chairs. All right. these meetings are
automatically recorded and transcribed and we will share the transcriptions
in the next 24 hours. it's all automatic thanks to Manu's work. so you'll
get the transcription audio and video recordings all within the next 24
hours. All right, just want to take a quick moment for introductions and
reintroductions. So, if you're new to the community or you haven't been
active and want to engage, feel free to just unmute. and Christopher,
there's no separate chat.

Harrison Tang: It's just the Google chat. All right. and Any announcements
reminders. A quick note. So next week we'll have Daniel to give updates on
the open wallet initiative and the week following we'll have Andrea and
Jerry Mill to talk about key multibase verifiable credentials
implementation and on June 24th we'll have a special session around just a
meet and greet for different community members to just have meet and greet
breakout sessions and the cultures
00:05:00

Harrison Tang: and we'll kind of lead those breakout sessions. All right.
Any other announcements Updates on We'll hold the work item review on July
15th, so about six weeks from now.

Harrison Tang: Job, please.

Joe Andrieu: And yeah,…

Joe Andrieu: just a little announcement. some of the people on this call
are already aware of the statement that we published at noonhome.com.
taking a stand against phoneome as a technological solution to certain
identity problems. So check it out. it stands on its own after that. So
just want to share it.

Harrison Tang: Sounds good. Yeah, I was planning to find someone to lead
and…

Harrison Tang: moderate a discussion around that topic. Do you want to do
that, Joe? …

Joe Andrieu: Yeah,…

Joe Andrieu: I'll bring in, maybe Steve or Timothy or some of the other
folks. He'll put it together or Kim. but yeah, let's schedule something.
We'd be happy to talk about it.

Harrison Tang: we'll do. Okay, I'll email you and Kim and Timothy
afterwards. Thank you.

Joe Andrieu: He wet them.

Harrison Tang: Any other or last calls for introductions, announcements,
reminders, or work item related stuff. All right, let's get to the main
agenda.

Harrison Tang: So this week very excited again to have Wolfe here to
actually talk about Providence Mark. let me share a link to their paper
right here. And it's basically a innovative solution to authenticity
verification.

Harrison Tang: So very excited to have Wolfe here to talk about that. So
Wolfe the floor is yours.

Wolf McNally: Yeah, thank you.

Wolf McNally: Let's see. let me share my screen here. There we go. That
should do it. So, you should be seeing my presentation screen. that Do you
have that?

Harrison Tang: Yep.

Wolf McNally: Very So, my name is Wolf McNelli. I'm lead researcher for
blockchain commons. Christopher is the primary from blockchain commons.
He's in attendance. this talk was partly inspired and invited because I
attended the W3 CCCG meeting on cryptographic event logs a couple months
ago and I mentioned Providence marks and gratefully was invited back to
talk about them. So thank you very much everybody who encouraged and
offered that.

Wolf McNally: So we'll jump right in. So the main source for this as
Harrison mentioned is this paper BCR stands for blockchain comments
research. This is our research repository on GitHub. Providence marks an
innovative approach for authenticity verification. This is the full link
but if you just want an easy to remember link this is just a redirect
proofmark.com. and there's one other sublink to that I'll mention later but
that's all you really need to remember to get to the main white paper about
this.

Wolf McNally: So, I just want to start with the idea that scarcity and
providence are what together create value. And I'm going to unpack that
just a bit because I'm going to come back to that a couple times. value is
what induces people to trade is what to trade things value for things and
value is created by the intersection of scarcity, which is some kind of
limited supply, which as you know with bits is hard to do, and providence,
which is verifiable authenticity.

Wolf McNally: So just some quick examples if you have neither providence
nor scarcity you have things like ambient air tap water and master AI
images all of which may or may not be good but in either case you don't
need to know where it came from you just either assume it's good and it's
not scarce if you have providence but no scarcity you have things like
cryptographically signed Linux ISOs creative common licensed art and Google
fonts which exactly where they came from and what but they're not scarce.
When you have scarcity but no providence, you have things like counterfeit
handbags, forged artwork, ungraded trading cards, deep fakes, things like
that. deep fakes aren't really scarce because they're just produced by
people. But these things purport to have scarcity. but they have no
provenence and that's what makes them essentially valueless.
00:10:00

Wolf McNally: When both, you have things like certified organic produce
with traceability, authentic luxury goods with serial numbers, museum grade
artwork with chain of custody, and things like Bitcoin, which has a fixed
supply and a public ledger that give it both providence and scarcity. And
so, a question asked right now, which I'll come back to later, which is
when bits are never scarce, how does establishing providence help creators
manage scarcity? Okay, so I'm going to uce Providence marks, you can think
of them as smart serial numbers. They're usable for physical or digital
works. they establish an object's originating entity, which is different
from current ownership, but we'll come back to that as well because there's
some paths to keeping track of that as well. they situate a work again
digital or physical in a time sequence stream of works and they can prove
that a work has been unaltered.

Wolf McNally: and they can provide any other metadata you want no matter
how The requirements for providence marks are that they be global unique
that they be of negligible cost to generate and verify that they be small
and easy to handle they need to be flexible and extensible they need to be
non-reputable by the issuer and they need to be easy for small creators to
pick up and use this is very important for me because I see a lot of cases
where people are starting to be confused by production of AI art by deep
fakes by things

Wolf McNally: like that and having obviously providence that's easy for
people to access is extremely important or it's going to become more and
more important in the age of AI but I also it be scalable to industrial
applications so importantly I want very little infrastructure needed at all
to support these so for example no public key no signatures no
certification authority no global ledgers no expensive consensus algorithms

Wolf McNally: and that seems like a tall order, but I think you'll see
that, and obviously you can add infrastructure to this, and we'll talk
about that as well, but I think that this is kind of my baseline goal. The
preconditions for providence marks are you need a private cryptographic
seed that is held by the originating entity and carries the same protection
concerns as any private key and the originator's publicly published chain
of marks. and this can be a sole source publishing. In fact, if you go to
provemark.com/wolf, you'll see a GitHub gist and this is where I publish my
personal u chain of digital works which include posts on X, other art I
published elsewhere, writings I publish, things like that. but these
basically show both the providence and time sequence ordering of these
works. So this is an active example.

Wolf McNally: the interesting thing is you're welcome to copy and reproduce
this log. in which case that makes it harder for me to repudiate later. And
that's part of this ecosystem. So, the more widely published and copied the
better. So, I'm not going to go into detail on this slide. It's kind of
dense, but this is basically comparison to other systems including
cryptographic event logs and the C2PA system. and I just want to highlight
things like for example the data model complexity the providence marks is
very minimal but very extensible and we'll talk about that soon and that
obviously this is not intended to replace either of these other two systems
they all have their place but I think providence marks actually has an
entry point at the low end which I think gives a unique position and
obviously I'm very interested in feedback from anybody who works in these
systems or whatever as to how these systems could be integrated

Wolf McNally: or occupy different niches. So I want to spend a moment to
talk about provenence marks as it relates to centralized identity. the
providence marks can provide a self-s sovereign trust anchor. They did URIs
without reliance on external authorities or global ledgers. They provide
forwardl hash chains which we'll talk about more that ensure tamper evident
continuity across did document versions. And this is something that we're
also experimenting in our own extensible identifier proposals. and supports
simple revocation and rotation of the seed lightweight non-reputable
cryptography. and uses a single private seed, no signatures, public keys or
consensus needed and very simple verification. Flexible centralized
storage. These marks can live in Git, IPFS or social media.
00:15:00

Wolf McNally: because SHA 56 which is a primary structure in this is
preserved under quantum attacks there's no need for postquantum
cryptographic algorithms like DSA or ML MLKM make sure my watch is not
making noise here thank you okay all right so how do I promise marks worked
I promised a lot now I'd like to deliver so the core concept is the forward
hash chain each mark both links itself into the chain by revealing a secret
key committed in the previous mark and commits to the still secret next key
by publishing a hash which includes in its image the next key and other
data from the current mark. So for example if you have prominence mark one
contains a key one that basically unlocks or is the last remaining piece in
computing the hash from the previous mark mark zero in this case.

Wolf McNally: So the hash is represented by the lock. The key is obviously
the key. And so this province mark one also publishes its own hash which
then is a pre-commitment to the next marks key which is then revealed in
that mark which then publishes its own hash So the arrow here as you can
see here is double-headed because the hash commits to the key and the key
reveals the hash. So it's really is a double list in that sense. So the
forward hash chain has actually a pretty long conceptual image. It's
conceptual lineage. It's not a original idea. Lamport used it back in 1981.
And as you can see there's several other examples here. I won't dwell on
them, but you're welcome to rearch research that further. the thing here is
we basically packaged it specifically for use in provenence. A core
mechanism is the pseudo random number generator or PRNG.

Wolf McNally: The purpose is to generate the sequence of keys that is both
deterministic and hard for attackers to providence marks use the zoshi row
56 star PR RNG which was chosen for its speed, portability, and statistical
quality. It doesn't have to be a cryptographically strong random number
generator because we want a deterministic sequence. So the originator holds
a secret 32- byt seed that is generated using a cryptoquality RNG and
optionally the current PRNG state and the reason why you want to hold that
is because that makes gener the next key O of one whereas it's O of N if
you only start with a seed and you want to generate key N. So let's talk
about the anatomy of a provenence mark. It's a binary structure with five
mandatory fixed length order fields. The key is the current output of the
PRNG.

Wolf McNally: The hash is the Shaw 56 of the next marks PRNG output and the
other fields of this mark. The ID is a unique identifier of this chain. is
the sequence number of the mark within this chain which increases
monotonically. The date is the date of market generation which always has
to be greater equal to the previous mark state. And there may be an
optional sixth variable in link field at the end called the info field. And
this could be deterministic seabore of any kind embedded in the mark. So
now that I've mentioned DCBORE, I'm going to take a quick sidebar and
describe what I mean by DCOR because for you heard of Seabore DCore is
conformant seabore which is RFC 8949. you can again if you're not familiar
with Seabore it's like binary JSON. It has a few restrictions which we
consider to be best practices. numeric values are all encoded in the char
form.

Wolf McNally: floatingoint values that can be encoded as integers must be
no nanss with payloads. I didn't even know nans had payloads before I began
the project. map keys have to be sorted with indefinite length types which
is a great feature core but not useful when you're trying to do
deterministic work. And only the simple values true false and null are
allowed and that may only matter to you if you already know core. and
finally strings have to encoded in unic code normalization form C or NFC.
This is specified in the IETF internet draft specified here and we have
reference implementations in Rust and Swift. That's right. There's also
third parties implementations available. So quickly the genesis mark is the
first mark that establishes the basis of trust in the chain. It sets
certain things like the key is the first bytes of the PRNG.

Wolf McNally: The ID has to be same as the key. So you can't choose your
chain's ID. The sequence number must be zero. So you can always recognize a
genesis mark in a chain by the key being the same as the ID and sequence
number being zero. It's the only mark that has those attributes. Now the
resolution we talked about using Shaw 256. but my goal for this was to
actually make it possible to have a very small mark. in fact as low as 16
bytes. And you can see that's the low resolution mark here. this basically
kind of specifies the various kinds of the four resolutions which I'm not
going to dwell on deeply but you see they all have the same fields that are
different sizes. you generate by concatenating those fields including the
next key which is the commitment to the next key. and anything bound into
info also becomes bound to the mark. The date field depends on the
resolution.
00:20:00

Wolf McNally: At the low end, it's 16 bits and has one day accuracy, which
means you can publish a podcast a day for, 100 years. medium, you have one
second accuracy for over 100 years. And quartile and high, you have 1
millisecond accuracy basically for the next 8,000 years. And as I mentioned
before, the date always has to be greater equal to. So they can have an
equal date as long as the sequence number increases. there's a total
ordering over marks no matter what the date is and if the date goes down
then it's invalid. There's one more step I do when serializing which is
obiscation because as you can see the fields marked payload here ID
sequence and date in particular are not statistically random and for a
couple reasons I wanted to make the entire provenence mark statistically
random.

Wolf McNally: So I actually go through a separate offiscation step where
I'm using the chaa 20 cipher on the payload with the headers the key is the
header and it statistic the payload becomes statistically random with
obiscation which is reversible human identification. So basically now that
you have this binary structure you want to make it friendly for humans to
handle. So each providence mark is globally unique but statistically
random. Humans need a quick way to establish between and search for unique
dig digital objects like marks. so for example the entire providence mark
which you see outlined in blue there can be used as input to a visual
hashing algorithm You can actually go to life hash.info and find out more
about that algorithm which we developed at blockchain commons. Those are
examples of life hashes. So each one of those could represent a separate
unique mark.

Wolf McNally: or as you can see highlighting the hashfield there, the first
four bytes of the hash can be used as a 32-bit identifier and converted to
human friendly forms that can be used as search keys because even though
it's only four bytes, it's still unlikely to collide and even if it does
collide, it's easy to disambiguate two colliding hashes, two colliding four
byte identifiers. These can be encoded in friendly forms like bite words.
This is a curated list of 256 words. I'll mention a little bit more later
that that are all four-letter English words and all have unique
characteristics that make them the increase error direct detection
correction or bite emoji which is a cur list of 256 emoji that can be used
for rapid identification of digital objects. The circle P here identifies
this as a providence mark identifier. It's not the full providence mark
obviously. We'll talk a little bit more about that.

Wolf McNally: So examples of providence marks in the wild. I mentioned that
my GitHub gist lists I basically use it to publish my providence marks. so
let's take a few examples from that. So for example one I made this kind of
word poster here and posted it to X. And as you can see in the upper
leftand corner there's some emoji pulling those out. That's a providence
mark identifier. And so if you take that and just directly to my GitHub
gist at promark.com/wolf and enter that as in your find box it immedately
jumps down to the search result which includes the date I published the
mark created the full mark itself in what's called in UR form which is a
blockchain common standard or proposal for which is actually being used
quite a few people now to encode binary as

Wolf McNally: minimal bite words which is the first and last letters of
each bite word. and then you can see the two identifiers there both in
bitewords and bite emmoji. a summary of the actual content of it and then a
link back to where I published it So example two, this is a piece of AI art
I created based on a very well-known meme in the AI world about how models
are trained. and I observed that humans also work this way. In this case,
the providence mark isn't contained in the QR code. And if you pull that
out, you get that the link directly back to where I published the
providence mark as well as the anchor to the bitewords handle. So that
basically when you click that when you scan that QR code, you get back to
the original province mark in Example three, another piece of AIR I created.

Wolf McNally: I did also publish this to X, but if you saw this artwork
somewhere in the wild where somebody just took it and sent it to you, you
wouldn't be able to necessarily connect it back. there's no obvious
provenence On closer inspection, you can see that the actual file drawers
actually have words in them. there's first word is road. The last two words
are cash and navy. The second word is a bit ambiguous. could be Gaga or
Saga. but the thing about bitewords is, and I'm going to show you the
actual original artwork or high-res artwork as I uploaded it, it's saga.
But the nice thing about bitewords is of the 256 curated words, the first
three letters are always unique. The last three letters are always unique,
and the first and last letters are always unique. And the first and last
letters together are called the minimal form, and that's what's used in the
UR format.
00:25:00

Wolf McNally: So in this case we can see that that second word must be saga
because there are no other letters that No other bite words end with a ga.
So using those four words we use that as a search key and we turn up the
actual mark. and of course this is a sole publish location. You'd have to
know to go to my GitHub gist for this. But the idea as we build the
ecosystem is that people will collect scrape distribute these mark chains
because they're and so that when you search even these four words or for
emoji or for the full mark you'll basically get not just confirmation that
it exists but where the original subject is and whether or not there's any
things that might damage its integrity.

Wolf McNally: So tooling currently our Rusty reference implementation is at
crates.io. and this is what we're primarily working with although our swift
implementation is compatible as well. right that's the link and then we
have our command line tool and you can actually install that right now
assuming you have the rust tool chain installed cargo install providence
mark CLI and all you have to do is say providence new and then a directory
name which will be created if you does it doesn't exist and then it
basically creates the chain and then writes the genesis mark to it as you
can see then immediately outputs the genesis mark this is the format that I
copy and paste directly into my gist

Wolf McNally: starting with the three dashes. To add a new mark, you say
providence next and you can add an optional comment and again the directory
and then it creates and writes the mark to the directory and then outputs
it again in basically just copy paste form. if you show the actual JSON
file that's written it's pretty simple. It has the actual providence mark
in this UR format and it pulls out a number of things. the identifiers from
it, the comment which is not actually part of the info field. I'm not using
the info field for anything at this point. So that means this comment is
editable. If it were in the info field, then it wouldn't be editable
without invalidating the mark. And then the actual fields of the mark
itself, they're all pulled out there. The sequence number, date,
resolution, which is actually not a field of the mark, but it's basically
part of what identifi the mark itself has a resolution. The whole chain has
a resolution. the chain ID, the key and the hash.

Wolf McNally: The other file that you need to keep secret is the
generator.json. This includes the resolution, the original seed, the chain
ID, the next sequence number to be generated, and the random number
generator state. A little bit about interoperability. So, I've mentioned
seabore before. Provenence marks are not seabor. They're just a binary
blob. And if you don't use the info, you don't need to know anything about
seabore or dcore. and using the info field for simple objects like
cryptographic digests or digital works or descriptive text is Adding only a
few bytes of overhead for the seabboard type and length. You can do that
very mechanically without even having a full seawore parser in your code.
using Gordian envelope and info as a principal carrier of complex metadata
is recommended. If you haven't heard of Gordian envelope, I recommend you
Google it.

Wolf McNally: it's based on Seabor and it's a container for complex smart
documents that u are both privacy preserving and have a lot of other
features which we're very proud of but it's not the subject of this talk so
I won't go into it much more deeply. Providence marks however are seabboard
friendly. you can encode a providence mark is a two element array. All you
need to add is the resolution which is just a enumerated number and the
mark itself is a binary string. And then we've registered a seabboard tag
for providence marks with Ayanna in their seabboard tag registry. So
anything tagged this way is a providence mark and when so tag with
providence marks become selfidentified. the type URL providence goes with
the tag and allow providence marks to be handled as URIs as you've seen a
couple examples of already. Embedding providence marks.
00:30:00

Wolf McNally: So providence marks can be embedded in any kind of uments.
Blockchain common extensible identifier XID documents can include
providence marks to verify authenticity and ordering of document updates.
And so each time you publish an update to ID or your XID, you publish the
next mark in the chain. And that basically allows anybody in a
decentralized way to verify the order and provenence of the marks in your
chain. Documents can also be embedded in providence marks in the info
field. So the info field can hold complex structures like orient envelopes
that may themselves hold providence marks. So it's very Various potential
uses of the info field because this is not something that we've closely
defined yet but that's work in progress include things like counterparty
signatures, blind signatures, digests of and links to claimed objects,
trees of third party works in adapted attributed logs of work and chain of
custody.

Wolf McNally: and things that need to be done or that we're just getting
started doing and that we would love some input and help on include
friendly apps and tools, public registries and verification services, seed
backup and recovery services which we also have tools like SSKR which help
you do social key backup and recovery which is based on Shamir secret
sharing integration with existing services including social media and
creating public standards for the use of the info build and multi-party
control of seeds via distributed computation and zero knowledge proofs. So
actually it may require more than one party to actually produce in the next
mark in a chain. So real briefly I want to come back to the question I
posed at the beginning when bits are never scarce how does establishing
providence help creators manage scarcity.

Wolf McNally: So the quick scenario here where you can establish value
using providence chains. in this case we're talking about where A
commissions work from B. Now A colon also implies that is publishing a mark
to her chain where she's basically saying I'm commissioning this work from
B. B then publish a mark to his chain saying he accepts the commission. B
then logs a series of events in the creative process. Stat and this is what
actually establishes the value of the work because what I tell people is
people don't buy and I'm using the example of art. This could be anything
including chains of custody or supply chains or anything. But people don't
buy the art, they buy the artist. And so the artist showing their work by
publishing a series of time sequence marks that link back to source
materials which could be sketches, models, prototypes, things like that.
Establish the actual value of the work being done. And this actually is a
way of showing that it's not being done by third parties, not being done by
machines, whatever.

Wolf McNally: It's part of the process that makes this very personal and
actually creates value in the work. B finally requests payment from
finished work from A. A pays the B B for finished work. B assigns ownership
of the finished work to A. A receives ownership of the work from B. And
again these are all marks in their respective chains that can be cross-
linked and referenced. So later A can transfer the ownership to C and C
understands that the value in this is inherent in the chain and it can be
audited by anybody and C receives ownership of work from A. So that's a way
that just using providence marks you can actually establish work whether
it's digital or physical or anything the value of work. Further topics
discussed in the white paper that I didn't have time to go to in here
include deep security analysis of the four resolutions and why you might
want to use each one.

Wolf McNally: increase security using heartbeat marks which is publishing a
market intervals which basically makes it even harder for an attacker to
spoof marks by putting by inserting marks into the chain. seed rotation. We
have a mechanism for rotating the seed. by basically publishing in the info
field what's called a burn mark which basically invalidates the old seed
and starts a new chain but continues the actual the understanding this is a
continuing coming from the same source and a discussion of various
potential fields of application and that's it with that I'll be happy to
take questions.

Harrison Tang: Thank you, Wolf. Any questions?

Harrison Tang: By the way, do you mind sending me the presentation deck or
maybe a link to Great.

Wolf McNally: Absolutely.

Wolf McNally: I'll be happy to share the deck with you and you can
distribute that.

Christopher Allen: Yeah, we'll have it up on our website with some
transcripts and…

Christopher Allen: other stuff tomorrow night.

Wolf McNally: And we will also be giving this presentation tomorrow, right
at our monthly Gordian developers meeting.

Wolf McNally: So I'll be giving a slightly modified version of this
presentation there for our regular attendees to our Gordian developers
meeting. So, you're all obviously invited to attend that as well.

Harrison Tang: Great. Thank you.

Harrison Tang: So, quick question. Do you mind clarifying again how is this
solution different or what are the tradeoffs compared against other
providence solutions such as a lot of blockchains, NFTTS, right? They claim
they can not claim but they can solve provenence problems.
00:35:00

Wolf McNally: …

Harrison Tang: Obviously verifiable credentials in some ways can actually
make the providence verifiable as well. So what are the trade-offs I know
you kind of briefly touch upon it but do you mind clarifying it a little
bit?

Wolf McNally: as I mentioned in the beginning, there's very little
infrastructure actually required to enter into this to publish a chain. I
didn't even have to publish a public key for you to verify my chain at my
gist.

Wolf McNally: so a lot of the infrastructure that these other things
require including with NFTTS or crypto currency blockchains and so on
require buyins of various kinds transaction fees the efforts of miners
proof of work proof of stake all you have to provide for this is what we
call proof of seed which is basically the next mark in the chain reveals
the key which nobody else can do and therefore each mark itself is self-
authenticating as part of the rest of its chain. and that requires both
essentially negligible computational overhead or overhead of any kind
really. So the bar is much lower for entry.

Wolf McNally: The idea being that anybody who if I had a hypothetical
provenence mark app with a couple taps I could create a provenence mark
chain start creating marks in it and then publish those to various
resources like GitHub gists or whatever which could then be considered to
be publicly recognizable. In fact, if I modify my gist, you can actually
see the modification history of my gist because occasionally I've gone back
and made corrections or even made updates to the province smart protocol as
I developed it and you can see all those. So that history is all preserved
in that particular publishing format.

Wolf McNally: But the more people who choose to publish or copy these
things, there may be chains of particular interest like by well-known
authors or producers or news agencies or whatever. that the idea being that
this is something that has very low barrier entry,…

Wolf McNally: very low computational or storage requirements and almost no
effort to verify something has integrity. So I would ma mainly contrast it
with these other methods by how little effort and resources it takes to use
providence marks compared to these other methods.

Christopher Allen: Yeah. Yeah.

Christopher Allen: Let me also speak to I mean obviously blockchains offer
a number of properties that provenence marks is not trying to address. we
don't have a global state. we don't have ce what I would call true
censorship resistance of global state. Instead we approach censorship
resistance by basically making it very easy and highly distributable etc.
there is no automated discovery in the sense that I can go to say the
Bitcoin blockchain and look up a particular transaction and then look up
its OP return and that's distributed worldwide every 10 minutes.

Christopher Allen: those kinds of properties I felt like were not necessary
to just sort of reduce things to the fundamentals. And I think you'll see
with a number of different blockchain commons architectural approaches that
we really want to try to start at the bottom at the base and what are the
mal cryptographic properties to meet the needs and also what are really
mature versions and as Wolf had in the fifth or sixth slide there is a long
history of forward commitment hash chains there are other kinds

Christopher Allen: kinds of hash chains. but in the case of the forward
commitment hash chains they're well understood. It's got 40 years plus of
history. There are lots of papers on it. There are more recent papers that
talk about how they're quantum resistant. and they're very simple. so given
that we just needed the essential property of being able to say this
ordering happened here the ordering is the most fundamental property is
really all we needed and same way with SSKR uses 40 year old plus shamir
envelope leverages hash trees things of that nature.

Christopher Allen: We're really trying to give a very simple base but then
through the use of the info field you can add things like counterparty
signatures you you can put a bitcoin take some point of this provenance
mark and you can basically make a commitment to bitcoin and do the time
stamp protocol that bitcoin coin has you can use a variety of other
different kinds of mechanisms. I think one of the other fundamental
difference other fundamental things to realize here is that privacy here a
publication is immediately violates privacy in some fashion. I mean the
whole point of publication is it is no longer private.
00:40:00

Christopher Allen: so we aren't necessarily trying to focus on the privacy
aspects of that where you do other parts of the system focus on that of the
overall Gordian system. but by basically keeping the information very
constrained etc. we do offer a certain amount of correlation resistance
outside of just simply being able to attribute the chain of provenance
marks.

Wolf McNally: A couple things I would also add for example with NFTTS NFTs
are about establishing the ownership of a particular digital asset at a
given point in time. as I mentioned early on the point of providence marks
is not to establish ownership even though I showed at the end how that
could even be done. but the primary purpose of providence marks is to
establish the origin and sequencing of works.

Wolf McNally: So for example a person wanted to publish a series of
providence marks anonymously through anything from 4chan to any other way
that you could actually publish anonymously on the net and publish a mark
with each one of their works people would know whether or not people could
determine that source's reputation over time and using the pro because it's
bas based on the providence chain understand that that is, and they don't
even have to have a public key to do this. All they have to have is the
chain. and so as that origin continues publishing works, people can
continue to judge that this is coming from the same source. and obviously
quality may go up or down, but the origin would not be in question. and so
it requires again no infrastructure whatsoever except some way to publish a
chain of marks. and that can be various.

Wolf McNally: So, I think that's another thing that makes this,…

Wolf McNally: different because there's no certification authority. There's
no So, it can be entirely anonymous or it can be as tied to a real identity
as you want it to be.

Harrison Tang: So,…

Harrison Tang: a follow-up question is if it doesn't contain public key,
then how does the…

Harrison Tang: how does the verifier know exactly who the origin is?

Wolf McNally: That's the thing is it doesn't say…

Wolf McNally: who the origin is. It says that they're all from the same
origin. So, when you receive say a genesis mark, all you can tell is that
it's a genesis mark. You can tell who claimed to publish it, but you can't
know that for sure.

Wolf McNally: but for example let's say a journalist decides to start
publishing videos they take on their camera without necessarily C2PA or
anything like that being involved is something that they do themselves but
they publish a series of marks with these things and these marks either are
embedded in it or published alongside it site people begin to expect to see
those marks along with their chains. So if s something suddenly appears out
of sequence and claims to be of that basically a new sequence in that chain
a new mark in that chain but doesn't verify because it's key does not match
in the previous mark then that basically means that that key is not that
mark is not valid that could not have been from the same source.

Wolf McNally: So because it's a hash chain where each mark commits the next
key that basically means that when the next key arrives it has to basically
match that hash and…

Wolf McNally: if it doesn't then it has not proven that the seed holder
created it Yes,…

Harrison Tang: ah got it.

Harrison Tang: I think this clarifies my misconception earlier because I
was equating this more to transfer of origin that kind of thing but this is
actually not for that. is more about basically making sure that the same
author or the same creators their changes are actually verifiable in some
ways, right?

Wolf McNally: exactly. that's inherent in the name providence mark. The
idea is this is a mark that indicates where it came from. And again you can
think of it like the signature on an oil painting or something like that.
People obviously verify oil painting by using a number of different methods
but you look at the signature and that's one of the first indicators.
00:45:00

Wolf McNally: this is obviously a lot stronger than a mere signature a lot
harder to forge in a cryptographic sense. but you could also imagine that
for example authors of physical work sculpture or paintings or whatever
could generate a providence mark for each painting or for each sculpture or
for each even printing a series and just inscribe the four words of that of
the providence mark identifier on the back of the frame or whatever or
somewhere on inconspicuous inconspicuency like you see I did in that
artwork and that itself could then be a search key for people who encounter
that artwork to

Wolf McNally: would be able go look it up and even maybe see its transfer
history. so if the transfer history becomes a standard part of the
Providence Mark info field, then not only can you tell the work you're
looking at now physically in a gallery or in a collector's collection or
whatever is the real thing, but that you can actually see its ownership
history, including it's transferred to where it is right now physically.

Harrison Tang: Cool. Thank you.

Harrison Tang: Any other question?

Wolf McNally: And to be clear,…

Wolf McNally: I also see this being used by podcasters, by, bloggers and so
on. and again, you see examples of blog posts I've done in my chain that
have provenence marks on them. And the thing is, I can't go back and…

Wolf McNally: change the marks. And anybody else who wants to claim those
marks has to be able to prove that they can generate the next mark in the
chain, which they can't.

Christopher Allen: So to bring it kind of to the identity story…

Christopher Allen: which is one of the places that we created this for I
think if there's one theme of the Gordian architecture that has in addition
to kind of starting with simple cryptographic primitives and then building
architecturally on top of them is that we are very suspicious of global
type of things external resources to require other parties to give you
permission to be able to do so or have to pay be able to do so so that's
why we created ZIDS which is in the family of DID key except it's rotatable
and has some other properties and other stuff but we really wanted to make
it extremely easy to

Christopher Allen: be able to create some of the other properties you might
want about an identity. but even with a ZID you still have this fundamental
problem. How do I prove the next ZID document and the third ZID document
whatever are associated with the earlier ones and do without requiring any
kind of infrastructure and you can do it with provenence marks but you can
also do things with cadmma log style stuff.

Christopher Allen: You can do other things, but all of those require you to
submit to some kind of global database and we didn't want that to be
required. but we want to support those. So just to be different there's a
difference here. we want to have the flexibility to take advantage of
global services and things of that nature, but we don't want to require
them at the bottom. That help?

Harrison Tang: Yep. Thank you, Will.

Will Abramson: Yeah. Hi, thanks. I really like this approach. I think it
seems nice and quite elegant, simple. I have a few questions. The first is
around the use of my understanding is I create That provenence mark is, I
can update it, but to associate content with it,… that's what I use the
info for, I use the info to I have an image like a picture I shove the byes
in the info. Is that correct?

Will Abramson:

Wolf McNally: That's correct.

Wolf McNally: Yeah, the info is one of the pieces of the image of the hash.
So basically you cannot change if you put anything in the info field
because the sequence of keys is deterministic. It's basically the output of
the PRNG at each step. whereas the info field is obviously not terministic
because it's anything you want to put there. And so assuming you put for
example if you're creating a series of digital works and you put say the
Shaw 256 hash of that in the info field and that becomes part of the mark
and assuming that you provide some source of linking back to the original
source material there that actually hashes that Shaw 256 hash you can show
that that is a valid claim.

Wolf McNally: you don't need to include the full work in the info field.
You can just include a hash or pointer to it that can include and for
example that could be a URL and a hash and again the no one mark stands
alone. It's about producing a body of work over time which is why I also
suggest that people can produce artbeat marks. So if I only produce work
once a month, but I want to publish a mark a day just so that puts up a
barrier to anybody actually saying they created a mark in my name three
days ago. Even if they still might seed, they still can't create a mark in
the history of my chain inserted between two marks because the marking
system doesn't allow it.
00:50:00

Will Abramson: Thanks. Yeah, that answered that question.

Will Abramson: My second question is I guess more generally is there
anybody else using this? how far along are you in terms of getting people
publishing mark?

Wolf McNally: it's very new.

Wolf McNally: Basically, some of the first people to hear about it. like I
said, the provenence mark command line tool doesn't even verify chains yet.
All the actual crate has all the tools in it to verify chains. but I use it
to create the marks for my chain. I'm very part of what we're doing here is
announcing this so that other people who are interested can start
contributing blockchain commons relies on both contributions of individual
contributors in terms of code PRs and…

Wolf McNally: application of our work and we rely on individual donations
and institutional donations because we're a public benefit corporation.

Wolf McNally: And everything we do is open source and completely
transparent. and we're all about helping people create and manage digital
sovereignty. So we feel like this is an important primitive building block
to much bigger things.

Will Abramson: Mhm. Yeah,…

Wolf McNally: But we like to begin with first principles and so yeah we're
inviting all of you and third degree out to come join us in building out a
pro the providence mark ecosystem which is why I had that slide because
there's a lot that needs to be done.

Will Abramson:

Will Abramson: totally. I mean, I really like I guess Chris, I see you on
the queue. I'll just to flag I did try to run the province CLI and I failed
to create a new province smart this side thing, but I created an issue.
Maybe at some point you guys take a look at okay.

Wolf McNally: Yeah. I mean, I'd be happy even get jump on a Zoom call with
you later or…

Christopher Allen: Yeah,

Wolf McNally: whatever and, walk you through it maybe see what went wrong.
So, …

Will Abramson: Yeah, cool.

Wolf McNally: you can call,…

Wolf McNally: email me at wolfwolfmcnal.com. and, we have a number of
signal groups that blockchain comments runs as well. And yeah,…

Will Abramson: Yeah. Yeah.

Will Abramson: I'm in a few.

Wolf McNally: so yeah,…

Will Abramson: Thanks. Cool.

Wolf McNally: I'd be happy to work with you individually to make sure that
it's up and running for you.

Christopher Allen: I did want to come back to the question of how this is
being deployed and things of that nature and providence marks like ZIDS are
very much in the proof of concept stage and we built a lot of beginning
tooling mostly command line for both of them and we've working on some
tutorials and things of that nature but to a certain extent this entire
project is

Christopher Allen: trying to influence what I would call DID30 or 40 or
what VC30 or 40 might be able to do by proving that some of these
architectural things work that they are functional and can solve problems
and have some elegance and architecture that are useful.

Christopher Allen: some of these things can inform the future of the
international standards like DIDs and but to be able to do so, we basically
had to say no, we're not trying to conform completely to the legacy
standards, we're really trying to show what is possible by more radical
rethinking of them. So, I know it takes years for a standard. I mean, we're
just now finishing up the revision of DIDs, and, a lot of people would
argue, it's definitely not DID 20, much less 3. as, you know, how it's
architecturally different or improved. but, if people are thinking a little
bit further down the road, there's some real opportunities here.

Christopher Allen: And of course, we're really focused on, small community
type of projects where you have small groups that want to do things operate
together. …

Christopher Allen: we want to enable them to be able to use these very
lightweight protocols that don't require, a big, blockchain infrastructure
and tokens and all that kind of stuff.
00:55:00

Wolf McNally: At the same time,…

Wolf McNally: we've tried to anticipate foot guns which would keep our
technologies from being used in larger industrial contexts. So, we do
definitely have an expansive vision for the possibilities, but it all
depends on the interest and uptake in various spheres.

Harrison Tang: By the way, Kalia, you have a comment earlier or question
earlier. Did that get Any other questions or comments? All right,…

Wolf McNally: Absolutely. Yes,…

Harrison Tang:

Harrison Tang: sounds good. So, I'll follow up with you later, to get a
deck, and then I think you're, calling for community, to actually, engage
with this initiative. So, if you could just respond back to that email and
then with, know ways to how the community can engage.

Wolf McNally: I will do that. Thank you, Harrison. Thank you everybody.

Harrison Tang: All right, this concludes this week's WC CCG meeting. So,
thanks, thanks Christopher again for taking the time to jump on the call.

Wolf McNally: We really appreciate your attention.
Meeting ended after 00:56:42 👋

*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Tuesday, 3 June 2025 22:12:28 UTC