Skip to main content
Red-Teamed · Standards Track · Open Source

WritersProof Security Model

Every cryptographic system is only as strong as its weakest assumption. Here is every attack vector and what it would cost to defeat.

Independent Validation

Red-Teamed

Adversarial security testing by Blake Self, GenAI security researcher and author of Attack Surface Management

WritersProof Protocol

Open standard drafted for transparent authorship tracking and immutable evidence

NISO CRediT & CAWG

Granular assignments of contributor roles and rigorous content identity assertions

W3C Verifiable Credentials

Cryptographic evidence packaged natively as W3C Verifiable Credentials

The 5-Way Entanglement Specification

WritersProof entangles five distinct data vectors into every cryptographic block, preventing sophisticated spoofing and establishing a mathematical arrow of time.

1. IdentityA CAWG-compliant or W3C VC Identity Assertion. Binds the anonymous public key to an organizational or personal identity (e.g., student ID, employer).
2. ChronologyAn explicit Timestamp locking the block to a precise moment. Anchored periodically via external timestamp servers (RFC 3161) to prevent clock forgery.
3. PayloadThe Bincode Hash of the differential state. A dense, deterministic binary representation of the changes (additions, deletions, pauses) made since the previous block.
4. AncestryThe Parent Hash (SHA-256). The immediate prior state is included in the new hash, structurally forbidding post-hoc insertion of generated text.
5. NonceThe calculated Proof of Effort. A mathematical integer derived directly from the cognitive friction inside the payload.

The Cognitive Spectrum & Biological Friction

Our 5-Way Entanglement relies on Biological Friction. Across 13 datasets and 195,000 checkpoints, human composition leaves distinct entropy and revision density signatures that AI cannot replicate (KS=1.000).

Task ClassMean IKI (d)Revision Density (d)Entropy (d)
Composition (KLiCKe)1.115-4.7-28.9
Transcription (Aalto 136M)0.519-177-68.2
Password (CMU)0.084-62.1-46.3
AI Simulation(baseline 0)(baseline 0)(baseline 0)

Key Finding: Transcription yields near-zero revisions (d=-177) because copying is cognitively lightweight compared to composition (d=-4.7). WritersLogic specifically uses this Biological Friction gradient to act as the unforgeable input to the cryptographic nonce.

Design Principles

Unforgeable by Construction

Evidence is not a snapshot — it's a chain. Each checkpoint is cryptographically linked to the previous one. You can't insert, remove, or reorder checkpoints without breaking the hash chain.

Time Cannot Be Faked

SWF (Slow Work Function) proofs enforce minimum real-world time between checkpoints. External timestamp anchors (RFC 3161, OpenTimestamps) provide independent time attestation.

Open and Reproducible

Every algorithm, threshold, and formula is published. Evidence packets include the exact algorithm version and commit ID used. Anyone can verify independently — no proprietary black box.

Local-First, Zero Trust

All evidence generation happens on the user's machine. Private keys never leave the device. No server, no cloud, no third party is trusted with the writing process.

Threat Model & Attack Resistance

Each known attack vector, how WritersProof addresses it, and the realistic effort required to defeat the mitigation.

Retype Attack

MitigatedEffort: High

Attack: An attacker copies existing text by retyping it character-by-character to generate synthetic keystroke evidence.

Mitigation: SWF (Slow Work Function) timing proofs enforce minimum computational delay between checkpoints. Behavioral fingerprinting detects unnaturally consistent typing cadence. The appraisal verifier measures SNR (signal-to-noise ratio) and Lyapunov exponents — retyped text produces detectable statistical regularity.

Cost to defeat: Requires physically retyping the entire document with natural-looking timing variation, pauses, and corrections. SWF proofs force minimum real-world time. Behavioral analysis flags cadence anomalies.

Paste-and-Edit Attack

DetectedEffort: Low

Attack: An attacker pastes AI-generated or copied text and makes minor edits to simulate a writing process.

Mitigation: Dual-layer keystroke capture (IOKit HID + CGEventTap on macOS) distinguishes typed input from clipboard paste events. Large pastes are flagged and recorded with exact byte counts. The checkpoint chain shows the ratio of typed vs pasted content.

Cost to defeat: Easy to attempt but immediately detected. Paste events are recorded at the OS input layer — they cannot be disguised as typed input.

Timestamp Forgery

MitigatedEffort: Infeasible

Attack: An attacker manipulates system clocks or evidence timestamps to fabricate when writing occurred.

Mitigation: Evidence is anchored to external timestamp authorities: RFC 3161 TSA receipts and OpenTimestamps (Bitcoin blockchain). These are independently verifiable and cannot be forged without controlling the timestamp authority or rewriting the blockchain.

Cost to defeat: Would require forging RFC 3161 TSA signatures or rewriting Bitcoin blocks. No known practical attack exists.

Evidence Tampering

MitigatedEffort: Infeasible

Attack: An attacker modifies an exported evidence packet to alter the recorded process.

Mitigation: Every checkpoint is hash-chained (SHA-256). Modifying any checkpoint invalidates the chain. The export is signed with the author's Ed25519 key. The CBOR envelope includes algorithm version and commit ID for reproducible verification.

Cost to defeat: SHA-256 collision resistance makes selective modification computationally infeasible. Ed25519 signatures prevent wholesale replacement.

Identity Spoofing

MitigatedEffort: Infeasible

Attack: An attacker claims someone else's evidence as their own or generates evidence under a false identity.

Mitigation: Each user has a unique Ed25519 keypair generated at `writersproof init`. The identity is expressed as a DID (Decentralized Identifier). Private keys never leave the local machine. Evidence packets are signed with the author's private key — verification confirms the signature matches.

Cost to defeat: Requires possession of the victim's Ed25519 private key. Key extraction requires physical access to the machine or compromise of the user's keychain.

Replay Attack

DetectedEffort: Trivial

Attack: An attacker reuses a legitimate evidence packet for a different document.

Mitigation: Each evidence packet includes the SHA-256 hash of the final document content. Verification checks that the hash matches the document being claimed. The hash chain is document-specific — it cannot be transferred to a different file.

Cost to defeat: Easy to attempt but immediately caught. The document hash won't match the replayed evidence.

SWF Bypass

MitigatedEffort: Extreme

Attack: An attacker attempts to skip or accelerate the Slow Work Function proofs to compress fabricated evidence into a shorter timeframe.

Mitigation: SWF proofs are calibrated to the local hardware at init time. Each proof chain is verified by recomputing the sequential hash iterations. There is no shortcut — the work must be performed sequentially (not parallelizable). The verifier measures expected vs actual computation time.

Cost to defeat: Would require hardware significantly faster than what was calibrated, AND the ability to forge the calibration record. The sequential nature of the hash chain prevents GPU/parallel acceleration.

Behavioral Forgery

Partially MitigatedEffort: Extreme

Attack: An attacker uses automation to simulate human-like typing patterns while inputting pre-written text.

Mitigation: The behavioral fingerprint captures inter-key timing, error correction patterns, pause distribution, and cognitive load signals. These form a multi-dimensional profile that is unique to each writer. Automated input shows detectable statistical regularity in Lyapunov exponent analysis.

Cost to defeat: Requires not just simulating typing speed but reproducing the specific author's pause patterns, error rates, correction behaviors, and cognitive load signatures. No known tool can replicate a full behavioral fingerprint.

Effort Scale

Trivial
Low
Moderate
High
Extreme
Infeasible

Trivial = no special tools or knowledge. Low = basic technical ability. Moderate = skilled attacker with custom tools. High = significant time and domain expertise. Extreme = nation-state level resources. Infeasible = no known practical attack.

What WritersProof Does Not Claim

  • WritersProof does not detect AI-generated content. It records the physical writing process — it cannot determine the origin of ideas.
  • WritersProof does not prove the author is the original creator of the ideas — only that the recorded process occurred as described.
  • Behavioral fingerprinting provides probabilistic evidence, not absolute proof. It is one layer in a multi-layered evidence system.
  • No cryptographic system can prevent a determined attacker with physical access to the author's machine and unlimited time.