WritersProof Security Model
Every cryptographic system is only as strong as its weakest assumption. Here is every attack vector and what it would cost to defeat.Every cryptographic system is only as strong as its weakest assumption. Here is ours — every attack vector, how we address it, and what it would cost to defeat.
This page documents the threat model for the Cryptographic Proof of Effort (CPoE) protocol. The WritersProof desktop application implements this protocol; the threat model applies to the protocol layer, not any specific client.
Independent Validation
Red-Teamed
Adversarial security testing by Blake Self, GenAI security researcher and author of Attack Surface Management
WritersProof Protocol
Open standard drafted for transparent authorship tracking and immutable evidence
NISO CRediT & CAWG
Granular assignments of contributor roles and rigorous content identity assertions
W3C Verifiable Credentials
Cryptographic evidence packaged natively as W3C Verifiable Credentials
The 5-Way Entanglement Specification
WritersProof entangles five distinct data vectors into every cryptographic block, preventing sophisticated spoofing and establishing a mathematical arrow of time.A basic hash chain is not enough. To create irrefutable, legally admissible evidence, WritersProof entangles five distinct data vectors into every cryptographic block. This prevents sophisticated spoofing and establishes a mathematical arrow of time.
The Cognitive Spectrum & Biological Friction
Our 5-Way Entanglement relies on Biological Friction. Across 13 datasets and 195,000 checkpoints, human composition leaves distinct entropy and revision density signatures that AI cannot replicate (KS=1.000).Our 5-Way Entanglement doesn't just look for "typing" — it relies on Biological Friction. Across 13 datasets and 195,000 checkpoints, empirical evidence proves that human composition leaves distinct entropy and revision density signatures that an AI simulation cannot replicate (KS=1.000). The table below defines the signals distinguishing true cognitive composition from pure transcription (copy-typing) and AI generation.
| Task Class | Mean IKI (d) | Revision Density (d) | Entropy (d) |
|---|---|---|---|
| Composition (KLiCKe) | 1.115 | -4.7 | -28.9 |
| Transcription (Aalto 136M) | 0.519 | -177 | -68.2 |
| Password (CMU) | 0.084 | -62.1 | -46.3 |
| AI Simulation | (baseline 0) | (baseline 0) | (baseline 0) |
Key Finding: Transcription yields near-zero revisions (d=-177) because copying is cognitively lightweight compared to composition (d=-4.7). WritersLogic specifically uses this Biological Friction gradient to act as the unforgeable input to the cryptographic nonce.
Design Principles
Unforgeable by Construction
Evidence is not a snapshot — it's a chain. Each checkpoint is cryptographically linked to the previous one. You can't insert, remove, or reorder checkpoints without breaking the hash chain.
Time Cannot Be Faked
SWF (Slow Work Function) proofs enforce minimum real-world time between checkpoints. External timestamp anchors (RFC 3161, OpenTimestamps) provide independent time attestation.
Open and Reproducible
Every algorithm, threshold, and formula is published. Evidence packets include the exact algorithm version and commit ID used. Anyone can verify independently — no proprietary black box.
Local-First, Zero Trust
All evidence generation happens on the user's machine. Private keys never leave the device. No server, no cloud, no third party is trusted with the writing process.
Threat Model & Attack Resistance
Each known attack vector, how WritersProof addresses it, and the realistic effort required to defeat the mitigation.
Retype Attack
MitigatedEffort: HighAttack: An attacker copies existing text by retyping it character-by-character to generate synthetic keystroke evidence.
Mitigation: SWF (Slow Work Function) timing proofs enforce minimum computational delay between checkpoints. Behavioral fingerprinting detects unnaturally consistent typing cadence. The appraisal verifier measures SNR (signal-to-noise ratio) and Lyapunov exponents — retyped text produces detectable statistical regularity.
Cost to defeat: Requires physically retyping the entire document with natural-looking timing variation, pauses, and corrections. SWF proofs force minimum real-world time. Behavioral analysis flags cadence anomalies.
Paste-and-Edit Attack
DetectedEffort: LowAttack: An attacker pastes AI-generated or copied text and makes minor edits to simulate a writing process.
Mitigation: Dual-layer keystroke capture (IOKit HID + CGEventTap on macOS) distinguishes typed input from clipboard paste events. Large pastes are flagged and recorded with exact byte counts. The checkpoint chain shows the ratio of typed vs pasted content.
Cost to defeat: Easy to attempt but immediately detected. Paste events are recorded at the OS input layer — they cannot be disguised as typed input.
Timestamp Forgery
MitigatedEffort: InfeasibleAttack: An attacker manipulates system clocks or evidence timestamps to fabricate when writing occurred.
Mitigation: Evidence is anchored to external timestamp authorities: RFC 3161 TSA receipts and OpenTimestamps (Bitcoin blockchain). These are independently verifiable and cannot be forged without controlling the timestamp authority or rewriting the blockchain.
Cost to defeat: Would require forging RFC 3161 TSA signatures or rewriting Bitcoin blocks. No known practical attack exists.
Evidence Tampering
MitigatedEffort: InfeasibleAttack: An attacker modifies an exported evidence packet to alter the recorded process.
Mitigation: Every checkpoint is hash-chained (SHA-256). Modifying any checkpoint invalidates the chain. The export is signed with the author's Ed25519 key. The CBOR envelope includes algorithm version and commit ID for reproducible verification.
Cost to defeat: SHA-256 collision resistance makes selective modification computationally infeasible. Ed25519 signatures prevent wholesale replacement.
Identity Spoofing
MitigatedEffort: InfeasibleAttack: An attacker claims someone else's evidence as their own or generates evidence under a false identity.
Mitigation: Each user has a unique Ed25519 keypair generated at `writersproof init`. The identity is expressed as a DID (Decentralized Identifier). Private keys never leave the local machine. Evidence packets are signed with the author's private key — verification confirms the signature matches.
Cost to defeat: Requires possession of the victim's Ed25519 private key. Key extraction requires physical access to the machine or compromise of the user's keychain.
Replay Attack
DetectedEffort: TrivialAttack: An attacker reuses a legitimate evidence packet for a different document.
Mitigation: Each evidence packet includes the SHA-256 hash of the final document content. Verification checks that the hash matches the document being claimed. The hash chain is document-specific — it cannot be transferred to a different file.
Cost to defeat: Easy to attempt but immediately caught. The document hash won't match the replayed evidence.
SWF Bypass
MitigatedEffort: ExtremeAttack: An attacker attempts to skip or accelerate the Slow Work Function proofs to compress fabricated evidence into a shorter timeframe.
Mitigation: SWF proofs are calibrated to the local hardware at init time. Each proof chain is verified by recomputing the sequential hash iterations. There is no shortcut — the work must be performed sequentially (not parallelizable). The verifier measures expected vs actual computation time.
Cost to defeat: Would require hardware significantly faster than what was calibrated, AND the ability to forge the calibration record. The sequential nature of the hash chain prevents GPU/parallel acceleration.
Behavioral Forgery
Partially MitigatedEffort: ExtremeAttack: An attacker uses automation to simulate human-like typing patterns while inputting pre-written text.
Mitigation: The behavioral fingerprint captures inter-key timing, error correction patterns, pause distribution, and cognitive load signals. These form a multi-dimensional profile that is unique to each writer. Automated input shows detectable statistical regularity in Lyapunov exponent analysis.
Cost to defeat: Requires not just simulating typing speed but reproducing the specific author's pause patterns, error rates, correction behaviors, and cognitive load signatures. No known tool can replicate a full behavioral fingerprint.
Effort Scale
Trivial = no special tools or knowledge. Low = basic technical ability. Moderate = skilled attacker with custom tools. High = significant time and domain expertise. Extreme = nation-state level resources. Infeasible = no known practical attack.
What WritersProof Does Not Claim
- WritersProof does not detect AI-generated content. It records the physical writing process — it cannot determine the origin of ideas.
- WritersProof does not prove the author is the original creator of the ideas — only that the recorded process occurred as described.
- Behavioral fingerprinting provides probabilistic evidence, not absolute proof. It is one layer in a multi-layered evidence system.
- No cryptographic system can prevent a determined attacker with physical access to the author's machine and unlimited time.