Prediction Integrity · Manifests

Daily Prediction Manifest Certification

Prevent selective disclosure. A daily prediction manifest is a single signed record proving the complete set of predictions issued during a period — not just the ones that turned out well.

Individual receipts prove a single forecast existed. Manifest certification proves the complete prediction set existed. The combination is what makes a published archive verifiable.

The selective disclosure problem

Why publishing the complete set matters more than publishing individual receipts.

Cherry-picking favorable predictions

An operator can publish only the predictions that turned out well. Without a manifest, the published archive looks complete even when it represents a hand-selected subset.

Backfilling fabricated predictions

After an outcome is known, an operator can write a prediction record that claims to have been issued in advance. Individual receipts make backfilling expensive but possible if the operator controls the signing key. A daily manifest reduces the attack surface because backfilling requires altering the manifest hash.

Silently deleting unfavorable predictions

An operator can remove predictions that failed and leave only the successful ones. With a manifest, the deletion is visible — the count and hash list in the manifest does not match the published archive.

Asymmetric disclosure to different audiences

An operator can show one subset of predictions to investors and a different subset to regulators. A signed daily manifest creates a single canonical record that every audience can reference.

Manifest payload structure

The manifest is a standard CertifiedData certificate of type MANIFEST whose signed payload contains the period bounds and the array of child prediction hashes.

{
  "artifact_type": "prediction_manifest",
  "artifact_schema": "prediction_manifest.v1",
  "source": "betfire-ai",
  "period_start": "2026-05-14T00:00:00Z",
  "period_end": "2026-05-14T23:59:59Z",
  "prediction_hashes": [
    "sha256:abc123...",
    "sha256:def456...",
    "sha256:ghi789..."
  ],
  "manifest_hash": "sha256:xyz000..."
}

The Ed25519 signature covers the canonicalized manifest payload. Adding, removing, or reordering hashes in prediction_hashes after issuance invalidates the signature.

Implementation flow

Issue individual prediction receipts during the day

Each prediction is certified at issuance time and receives a SHA-256 fingerprint and Ed25519-signed certificate.

At period close, collect the prediction hashes

When the period (typically a calendar day) ends, gather the canonical hashes of every prediction issued during the window.

Construct the manifest payload

Build the prediction_manifest.v1 payload with period_start, period_end, the ordered list of prediction_hashes, and a manifest_hash that binds them.

Certify the manifest as certificateType: MANIFEST

The existing CertifiedData issuance flow accepts MANIFEST as a certificate type. The manifest payload is canonicalized, hashed, signed, and stored.

Publish the manifest certificate ID

Display the manifest certificate ID alongside the daily archive. Anyone can verify the manifest, then verify that every published prediction hash appears in it.

Verifying a manifest matches its child receipts

A manifest is only useful if a third party can verify that the published prediction archive matches the manifest's claimed hash set. The verification flow is deterministic — anyone with the manifest certificate and the published prediction payloads can run the check.

Fetch the manifest certificate

Retrieve the signed manifest payload from GET /api/cert/:certId/manifest. Confirm the certificateType is MANIFEST and the artifact_schema is prediction_manifest.v1.

Validate the manifest signature

Canonicalize the manifest payload (RFC 8785). Verify the Ed25519 signature using the published public key. If the signature validates, the prediction_hashes array is authentic and unchanged since issuance.

Collect the published prediction payloads

Fetch every prediction the publisher claims to have issued during the period. Each prediction has its own certificate, and the publisher should expose the payload alongside the certificate ID.

Recompute each prediction hash

For each prediction payload, canonicalize it and compute the SHA-256 hash. The result must match the corresponding entry in the manifest's prediction_hashes array.

Compare set membership

Every hash in the manifest must appear in the published archive, and every published prediction must appear in the manifest. Missing entries indicate selective disclosure; extra entries indicate undeclared additions.

Frequently asked questions

Why is an individual prediction receipt not enough?

An individual receipt proves that one specific prediction was issued at a specific time. It does not prove that other predictions issued the same day were also published. Without a manifest, the operator can choose which receipts to display — making the archive look favorable without making the archive false.

What exactly does a daily manifest prove?

The daily manifest proves the complete set of prediction hashes that existed at the end of the period. Once the manifest is signed, the operator cannot add, remove, or reorder predictions in that set without invalidating the manifest signature. The manifest is the canonical record of what the operator claimed to have predicted during the day.

How does this prevent backdating?

Backdating an individual prediction requires re-signing a single certificate with a falsified timestamp — possible if the operator controls the signing key. Backdating into a previously published manifest is harder: the manifest hash is already known, and changing the underlying prediction set would change the manifest hash. Daily manifest publication makes backdating economically and operationally expensive.

How is the manifest implemented in CertifiedData?

The CertifiedData certificate schema already supports certificateType: MANIFEST. The manifest payload uses the prediction_manifest.v1 schema documented above. No schema migration is required — the manifest is a standard certificate whose payload contains the array of child prediction hashes.

Can the manifest reference predictions from sources other than CertifiedData?

Yes. The prediction_hashes array contains SHA-256 hashes — the predictions themselves can be hashed and stored anywhere. The manifest just creates the cryptographic binding that proves which hashes existed at period close. The certificate operator is responsible for making the underlying predictions available so verifiers can reconstruct their hashes.

Machine-readable summary

{
  "concept": "Daily prediction manifest",
  "concept_type": "prediction-manifest-primitive",
  "canonical_url": "https://certifieddata.io/prediction-integrity/daily-manifest-certification",
  "parent_concept": "Prediction Integrity",
  "related_concepts": [
    "Certified predictions",
    "Selective disclosure",
    "Prediction market auditability"
  ],
  "artifact_schema": "prediction_manifest.v1",
  "certificate_type": "MANIFEST",
  "signing_algorithm": "Ed25519",
  "hash_algorithm": "SHA-256 (RFC 8785 canonicalized)",
  "payload_fields": [
    "artifact_type",
    "artifact_schema",
    "source",
    "period_start",
    "period_end",
    "prediction_hashes",
    "manifest_hash"
  ],
  "issuance_endpoint": "POST /api/notary/create",
  "verification_endpoint": "GET /api/verify/:certId",
  "purpose": "Bind the complete set of predictions issued during a period into a single tamper-evident record. Prevents selective disclosure."
}

Add manifest certification to your archive

Issue individual prediction receipts as predictions happen. Certify the complete daily set at period close.

Developer reference →Prediction integrity

Prediction integrity →Certified predictions →Prediction market auditability →Verified prediction archive →BetFire reference integration →