Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Authenticity

What Makes a Photo Authentic?

An authentic photo is one that was genuinely captured by a camera.

With ZCAM, authenticity means:

  1. Captured by the device camera: The image bytes came directly from the iPhone's camera sensor.
  2. Signed at capture time: A cryptographic signature was created immediately, before any editing could occur.
  3. Tamper-evident: Any modification to the image breaks the signature.
  4. Verifiable by anyone: Anyone can cryptographically verify the photo.

Verifiable Photos Today

Until now, the only way to get a verifiably authentic photo that was cryptographically attested at capture time was to use a C2PA-compatible hardware camera.

These cameras exist, but they're rare and expensive. For example, the Leica M11-P is around $9,000, Sony C2PA supported cameras are anywhere between $5,000-$6,500, and the Nikon Z9 $5,500.

This creates a significant barrier. The cost puts authentic capture out of reach for most people. Even from a usability standpoint, carrying a dedicated camera isn't practical for everyday moments.

Meanwhile, billions of photos are taken on smartphones every day.

ZCAM: Authentic Capture on Every iPhone

ZCAM takes a fundamentally different approach to enable anybody to take verifiably authentic photos using their iPhones.

Hardware-Rooted Authenticity

Every ZCAM photo is signed using Apple's Secure Enclave and App Attest:

  • The signing key is generated and stored in tamper-resistant hardware
  • The key is bound to a specific app on a specific device
  • Apple's attestation chains to their root certificate

This means the signature isn't just a signing key "vouching" for the authenticity of a photo. Rather, it indicates, "Apple's hardware guarantees this key exists on a genuine iPhone running this specific app."

Ubiquitous Authentic Capture

There are over 1.5 billion active iPhones worldwide. ZCAM turns every one of them into a verifiable camera, making hardware-attested photography accessible to everyone.

Immutability After Capture

Once a photo is captured and signed:

  • Editing the image invalidates the signature
  • Stripping the metadata removes the proof (but verifiers will reject unsigned photos)
  • Re-signing would require access to the original device's Secure Enclave key

The signature is bound to the exact bytes of the captured image. Changing the picture results in the verification failing.