Veris: Building a Camera That Cannot Lie
The deepfake problem has an asymmetry: it's getting trivially easy to fabricate a photo, and structurally impossible to prove one is real — after the fact.
So don't prove it after the fact. Prove it at capture time, in hardware.
That's Veris: a Web3 camera system where every photo carries cryptographic proof of which physical device captured it, and when.
Hardware identity
Each camera derives a unique ed25519 keypair from its own hardware (`seed = sha256(hw_id + salt)`). The private key never leaves the device. When you press the shutter:
- Capture the image
- Compute the SHA-256 hash
- Sign the hash with the device key
The device itself is a Raspberry Pi 4 with a camera module and a 3.5" touchscreen, running a Python/Kivy app in kiosk mode. Photo capture to signed-and-queued: under 2 seconds.
The trick: making Solana verify the signature
Here's the part I'm proud of. The `veris` Anchor program doesn't trust the uploader's claim that the device signed the image. It makes the Solana runtime itself prove it:
- `mint_photo` requires a native ed25519 signature-verify instruction in the same transaction
- The program checks it via instruction introspection — it inspects the sibling instruction and confirms the verified message is the image hash and the verified key is the registered device
- No off-chain trust, no oracle
Two more properties come free from the account design:
- On-chain dedupe: `PhotoRecord` is a PDA seeded by the image hash — the same image can literally never be recorded twice
- Device registry: devices are registered and activated on-chain (`Device` + `DeviceIdIndex` PDAs), so only authorized cameras can mint
Storage and the claim flow
Images and metadata go to Filecoin via Lighthouse — permanent, censorship-resistant, no platform lock-in.
Then the fun UX part: the camera displays a QR code. Anyone in the photo — or anyone at the event — scans it, enters their wallet address, and the system mints them a capped Edition of the photo. Proof of attendance, memory NFTs, and creator royalty-splitting all fall out of the same primitive.
Capture → Sign (device key) → Filecoin (image + metadata CIDs)
→ Claim created → QR on screen → user scans, enters wallet
→ mint_photo (ed25519-verified on-chain) → PhotoRecord PDA
→ Editions minted to attendees
Why this matters
- Journalism: prove a photo of a breaking event is a real capture, not AI output
- Wildlife/media: outlets verify authenticity before buying; photographers get paid directly
- Events: verified proof-of-attendance minting with zero friction
- Science: tamper-proof field documentation with immutable timestamps
Stack: Rust + Anchor (Solana program), Python/Kivy + Picamera2 (camera app), Node.js/Express (web3 service), SQLite, Lighthouse SDK (Filecoin). Currently on Solana devnet.
Code: github.com/Adityaadpandey/Veris · Site: veris.live
// RELATED_TRANSMISSIONS
- Solana Smart Contract Betting dApp — Anchor + RustA full-stack decentralized betting dApp on Solana. Smart contract in Rust + Anchor, frontend in Next.js.
- PHANTOM: I Built a Benchmark Where an RL Attacker Gaslights an LLM DefenderMost cybersecurity benchmarks test what an agent knows. PHANTOM tests whether it can still think when a co-evolving adversary is lying to it in real time.
- Training a Masked Diffusion Language Model on a MacBookGPT generates left to right. My model starts from a fully masked sequence and denoises it into a story — trained from scratch on TinyStories on an M4 Pro.