ZK Proof Details
The SP1 program proves the following:
- The photo bytes matches the expected bytes in the C2PA manifest
- The Apple Attest attestation is valid
- The assertion (i.e. signature of the photo hash using the attested key) is valid
The photo bytes are provided as input to the proof.
Proof Logic
| Step | Operation | Guarantees |
|---|---|---|
| 1 | Extract manifest from photo bytes | — |
| 2 | Extract bindings and data hash from manifest | — |
| 3 | Compute photo hash | — |
| 4 | Check data hash == photo hash | Manifest corresponds to this photo |
| 5 | Validate attestation | The attestation is valid and from Apple |
| 6 | Validate assertion | Photo hash was signed by the attested key |
Attestation Validation
Guarantees:
- The device key was generated in a genuine Apple Secure Enclave
- The key is bound to a specific app (via
app_id/ RP ID) - The device is running a legitimate app (AAGUID =
appattestorappattestdevelop)
Validates:
- Certificate chain verifies up to Apple Root CA
- Nonce matches the challenge
- Public key hash matches the key ID
- RP ID == SHA256(app_id)
- AAGUID is a valid Apple attestation identifier
Assertion Validation
Guarantees:
- The photo corresponding to this hash was signed using the ZCAM SDK
Validates:
- ECDSA signature over the photo hash using the public key from attestation
Public Outputs
- Photo hash (SHA-256)
- Apple Root CA certificate
These committed values allow verifiers to confirm the proof corresponds to a specific photo and chains to Apple's actual root certificate.