// SYSTEM_LOG_ENTRY_20260716● DECRYPTED
Veris: Building a Camera That Cannot Lie
Web3HardwareSolanaRustFilecoin

Veris: Building a Camera That Cannot Lie

AUTHOR: ADITYA_PANDEY // A Raspberry Pi camera with a hardware-derived ed25519 identity, on-chain signature verification on Solana, and Filecoin storage. Deepfakes die at capture time.

The deepfake problem has an asymmetry: it's getting trivially easy to fabricate a photo, and structurally impossible to prove one is real — after the fact.

So don't prove it after the fact. Prove it at capture time, in hardware.

That's Veris: a Web3 camera system where every photo carries cryptographic proof of which physical device captured it, and when.


Hardware identity

Each camera derives a unique ed25519 keypair from its own hardware (`seed = sha256(hw_id + salt)`). The private key never leaves the device. When you press the shutter:

  1. Capture the image
  2. Compute the SHA-256 hash
  3. Sign the hash with the device key

The device itself is a Raspberry Pi 4 with a camera module and a 3.5" touchscreen, running a Python/Kivy app in kiosk mode. Photo capture to signed-and-queued: under 2 seconds.

The trick: making Solana verify the signature

Here's the part I'm proud of. The `veris` Anchor program doesn't trust the uploader's claim that the device signed the image. It makes the Solana runtime itself prove it:

  • `mint_photo` requires a native ed25519 signature-verify instruction in the same transaction
  • The program checks it via instruction introspection — it inspects the sibling instruction and confirms the verified message is the image hash and the verified key is the registered device
  • No off-chain trust, no oracle

Two more properties come free from the account design:

  • On-chain dedupe: `PhotoRecord` is a PDA seeded by the image hash — the same image can literally never be recorded twice
  • Device registry: devices are registered and activated on-chain (`Device` + `DeviceIdIndex` PDAs), so only authorized cameras can mint

Storage and the claim flow

Images and metadata go to Filecoin via Lighthouse — permanent, censorship-resistant, no platform lock-in.

Then the fun UX part: the camera displays a QR code. Anyone in the photo — or anyone at the event — scans it, enters their wallet address, and the system mints them a capped Edition of the photo. Proof of attendance, memory NFTs, and creator royalty-splitting all fall out of the same primitive.

SH
Capture → Sign (device key) → Filecoin (image + metadata CIDs)
       → Claim created → QR on screen → user scans, enters wallet
       → mint_photo (ed25519-verified on-chain) → PhotoRecord PDA
       → Editions minted to attendees

Why this matters

  • Journalism: prove a photo of a breaking event is a real capture, not AI output
  • Wildlife/media: outlets verify authenticity before buying; photographers get paid directly
  • Events: verified proof-of-attendance minting with zero friction
  • Science: tamper-proof field documentation with immutable timestamps

Stack: Rust + Anchor (Solana program), Python/Kivy + Picamera2 (camera app), Node.js/Express (web3 service), SQLite, Lighthouse SDK (Filecoin). Currently on Solana devnet.

Code: github.com/Adityaadpandey/Veris · Site: veris.live

// END_OF_TRANSMISSION</ EXIT_SYSTEM_LOG >