Paste a session ID or erasure-request ID. We fetch the receipt chain from
api.dcsai.ai and verify every Ed25519 signature and the SHA-256 hash chain
client-side, against our published public key. No trust in DCS's servers required.
Try the demo session above, or paste any ID issued by DCS. Verification runs entirely in this tab — the public key is ed25519:dcs-receipt-key-2026.
Paste a real session ID and press Verify chain to open it in the live verifier, or go straight there: verify.dcsai.ai ↗
Every R+2 receipt commits to its predecessor. A valid chain has matching signatures, matching hashes, and the bundle root checks out on R+3.
We pull the full receipt list (JSON) over plain HTTPS from api.dcsai.ai.
No streaming SSE, no auth handshake — anyone can fetch a chain by ID.
RFC 8785 JCS pins one deterministic JSON encoding so the signed bytes are byte-for-byte reproducible. Without this step "the same JSON" can have a different hash.
Each receipt's signature is checked against the published ed25519:dcs-
receipt-key-2026 public key. The check runs in WebAssembly, in your tab.
Every receipt's prev_receipt_cid must equal the SHA-256 of the previous
receipt's canonical bytes. If anyone altered a historical receipt, the chain
breaks — visibly.
One Verify-chain click validates every property below in your browser.
RFC 8032 EdDSA over Curve25519, ~128-bit classical security. 32-byte public key, 64-byte signature. Verified against the published key.
Each receipt commits to the SHA-256 of the previous one. Tampering with any historical receipt invalidates every digest after it — visibly.
For an R+3 export, the SHA-256 binary Merkle tree is recomputed leaf-by-leaf and the root compared against the signed bundle root.
When present, the FIPS-204 ML-DSA-65 detached co-signature is verified alongside Ed25519 — a research-reference layer, not a quantum-product claim.
Every receipt's issued_at must be ≥ the previous one's. Out-of-order
timestamps mean a chain has been shuffled — an automatic fail.
Optional: if Storage is enabled, the bundle's content-addressed CID is verified against the published Filecoin deal — the bytes you verified are the bytes mirrored permanently.
One signing key, one Reputation SBT contract, one verifier package. Verifiable without contacting DCS.
npm, CLI or browser — same code path, same cryptography.
The same logic that runs in this page also runs at the command line and inside any CI pipeline. The package has zero non-cryptographic dependencies, ships an audited WebAssembly Ed25519 verifier, and is MIT-licensed.
@dcsplatform/r2-verify on npm — published, auditedGET for the receipt JSON — you can swap that
endpoint for any mirror, including a Filecoin gateway.SECURITY.md, and committed to the @dcsplatform/r2-verify
npm package's signed manifest. Verify the key independently from any of them — we
deliberately don't ask you to trust this page.R2_PQ_ENABLED (live in Wave-1). The
verifier checks it when present. It's a research reference — not a
quantum-product claim.verifyProof() takes the proof and the public statement and returns a
boolean. The reference prover is in the r4-standard repo.R-Series signs every action across the stack. Verify is how anyone audits it.
Paste a session ID. Watch every signature validate in your browser.