Verification

AI Artifact Verification — Independently Verify AI Datasets, Models, and Outputs

AI artifact verification is the process of independently confirming that an AI artifact — dataset, model, or output — is authentic, unaltered, and matches its cryptographic certificate. Verification requires no issuer contact, no account, and no proprietary tool.

CertifiedData uses SHA-256 fingerprinting and Ed25519 digital signatures to make every certified artifact independently verifiable. This page explains the technical model behind AI artifact verification and how to perform it.

What is AI artifact verification?

AI artifact verification confirms two things simultaneously: that the artifact you hold is the exact artifact that was certified (integrity), and that the certificate itself was issued by the claimed authority (authenticity). Both checks are required. Passing only one is not sufficient for trust.

Verification is performed using only three inputs: the artifact file, the certificate JSON, and the issuer's public key. All three are available without authentication. This makes verification portable, auditable, and suitable for inclusion in automated pipelines, regulatory reviews, and third-party audits.

How to verify a certified AI artifact

Obtain the artifact and certificate

Download the artifact file and its associated certificate JSON. The certificate is accessible at /verify/{cert_id} and via the registry API at /api/artifacts/{id}.

Compute the artifact fingerprint

Hash the artifact file using SHA-256. Any standard hashing tool or library works: openssl dgst -sha256, Python hashlib, Node.js crypto.createHash('sha256'). The result is the artifact fingerprint.

Compare fingerprints

Compare your computed SHA-256 hash to the artifact_hash field in the certificate. An exact match confirms the artifact has not been modified since certification. Any mismatch — even a single byte — produces a completely different hash and fails this check.

Verify the certificate signature

Retrieve the issuer public key from /.well-known/certifieddata-registry.json. Verify the certificate's Ed25519 signature using this public key. A valid signature confirms the certificate was issued by CertifiedData and has not been altered.

Confirm status

Optionally, confirm the certificate status is 'issued' or 'active' via the API. This detects revoked or expired certificates. For most use cases, hash match + signature validity is sufficient.

What verification proves

Artifact integrity

The SHA-256 fingerprint check proves the artifact has not been modified since certification. Any post-certification change — adding a row, altering a field, recompressing the file — invalidates the fingerprint match.

Certificate authenticity

CertifiedData

The Ed25519 signature check proves the certificate was issued by CertifiedData using its private key. The private key never leaves the issuer — only the public key is published for verification.

Issuer identity

The public key at /.well-known/certifieddata-registry.json is the canonical source of CertifiedData's signing key. Any certificate signed by this key is traceable to the same issuer.

Provenance timestamp

The certificate records issued_at as an ISO-8601 timestamp embedded in the signed payload. Because it is part of the signed data, the timestamp cannot be altered without invalidating the signature.

Generation metadata

Certified synthetic datasets include algorithm, rows, columns, and generation parameters in the signed payload. Verification confirms these metadata fields are authentic and unmodified.

Independent verification — no issuer contact required

CertifiedData's verification model is fully offline after the public key is retrieved. Once you have the artifact, the certificate, and the public key, verification can be performed in an air-gapped environment, in a CI pipeline, or in a regulatory review — without any connection to the issuer.

This is a deliberate design choice. Verification that requires issuer contact creates a dependency: if the issuer's API is unavailable, verification fails. CertifiedData's model ensures that certified artifacts remain verifiable regardless of platform availability — a property required for long-term archival, regulatory submissions, and compliance audits.

Verification — Node.js example

import { createHash, createPublicKey, verify } from "crypto";
import { readFileSync } from "fs";

// 1. Compute artifact fingerprint
const artifactBytes = readFileSync("your-dataset.csv");
const computedHash = "sha256:" + createHash("sha256").update(artifactBytes).digest("hex");

// 2. Load certificate
const cert = JSON.parse(readFileSync("certificate.json", "utf8"));

// 3. Compare fingerprints
if (computedHash !== cert.artifact_hash) {
  throw new Error("Fingerprint mismatch — artifact modified since certification");
}

// 4. Verify signature
const publicKeyDer = Buffer.from(cert.public_key_spki, "base64");
const publicKey = createPublicKey({ key: publicKeyDer, format: "der", type: "spki" });
const payload = Buffer.from(cert.signed_payload, "utf8");
const signature = Buffer.from(cert.signature.replace("ed25519:", ""), "base64");
const valid = verify(null, payload, publicKey, signature);

if (!valid) throw new Error("Signature invalid — certificate may be forged or tampered");
console.log("✓ Artifact verified:", cert.cert_id);

Verification use cases

Regulatory compliance

EU AI Act Articles 10 and 12 require documentation of training data origin and logging of AI system events. Verified artifact certificates provide independently auditable evidence for both.

CI/CD pipeline integration

Run artifact verification as a pipeline step before deploying a model or publishing a dataset. Verification failure halts the pipeline — preventing uncertified artifacts from reaching production.

Third-party audits

Auditors and conformity assessment bodies can verify artifact certificates without platform access. The certificate, artifact, and public key are the only inputs required for an independent audit.

AIBOM (AI Bill of Materials)

Each certificate ID is a stable, verifiable reference for AIBOM entries. Downstream consumers can verify component provenance using only the certificate ID and the artifact file.

Data marketplace trust

CertifiedData

Buyers of certified synthetic datasets can verify the artifact before use — confirming it matches the advertised fingerprint and was certified by the claimed authority.

Frequently asked questions

Can I verify an artifact without a CertifiedData account?

Yes. Verification requires only the artifact file, the certificate JSON (available at /verify/{cert_id}), and the public key (available at /.well-known/certifieddata-registry.json). No account, no API key, and no SDK is required.

What does a failed verification mean?

A fingerprint mismatch means the artifact has been modified since certification — the dataset, model, or output is not the one that was certified. A signature failure means the certificate itself may have been forged or tampered. Both cases indicate the artifact cannot be trusted.

Can verification be automated?

Yes. CertifiedData provides a verification API at GET /api/verify/{cert_id} that accepts an artifact hash and returns a machine-readable verification result. This endpoint is suitable for pipeline integration and automated governance checks.

Does verification require internet access?

Only to retrieve the certificate and public key. Once you have both, verification can be performed offline. The public key can be cached from /.well-known/certifieddata-registry.json and reused for all verification operations.

What algorithm does CertifiedData use for signing?

CertifiedData uses Ed25519 — a modern, high-performance elliptic curve signature algorithm. Ed25519 signatures are compact (64 bytes), fast to verify, and resistant to timing attacks. The signed payload is canonicalized using RFC 8785 JSON Canonicalization before signing to ensure deterministic verification across platforms.

AI Artifact Certification

Certify AI datasets, models, and outputs with SHA-256 fingerprints and Ed25519 signatures.

How Verification Works

Technical deep-dive into the two-layer cryptographic verification model.

SHA-256 Dataset Fingerprinting

How dataset fingerprints are computed and why they prove artifact integrity.

Ed25519 AI Certificates

The Ed25519 signature algorithm and its role in AI artifact trust.

Synthetic Data Certification

Certify synthetic datasets for AI training with cryptographic provenance.

Verify an artifact →Try sandbox certification

Explore the CertifiedData trust infrastructure

CertifiedData organizes AI trust infrastructure around certification, verification, governance, and artifact transparency. Explore related pages below.

Certify a Synthetic Dataset Synthetic Data Certification AI Artifact Registry Verify an AI Certificate AI Bill of Materials Decision Ledger

Verification tools

Verify a certificate Sandbox certification Artifact registry SHA-256 fingerprinting Ed25519 certificates

Verify API

Machine-readable verification for any certificate ID — suitable for CI pipelines and automated governance checks.

GET /api/verify/{cert_id}