SealSign

SealSign: The Architecture of Immutable Truth

SealSign is a decentralized document integrity platform designed to solve the "Asymmetry of Truth." In our current world, when a dispute arises, whether it is about a construction permit, a safety certificate, or a legal contract, we are forced to rely on the "official version" held in a centralized archive. But archives can be tampered with, dates can be backdated, and critical evidence can "disappear" when accountability is at stake.

SealSign replaces institutional trust with cryptographic proof.

The Problem: The Fragility of Evidence

Injustice thrives where records are flexible. Whether it is a structural failure in a public building or a breach of a private contract, the party that controls the server or the filing cabinet controls the narrative. When documents are altered after an incident to hide negligence, the victim has no way to prove what the original looked like.

The Solution: A Decentralized Notary

SealSign turns documents into Digital DNA, making them impossible to forge, delete, or modify without detection.

- Privacy-First Hashing: When a user uploads a document, SealSign calculates its SHA-256 hash (a unique digital fingerprint) locally in the browser. The actual content never leaves the user’s device, ensuring 100% privacy while creating a permanent ID for the file.

- Hedera Consensus Service (HCS): This fingerprint is immediately anchored to the Hedera network. This creates a globally verifiable, immutable timestamp. It is a "Stone Tablet" for the digital age: it proves exactly what the document looked like at a specific second in time.

- Identity Resolution (ENS): We integrate the Ethereum Name Service (ENS) to replace anonymous wallet addresses with human-readable identities like engineer.eth or inspections.eth. This ensures that the responsibility for a signature is permanently tied to a recognizable entity.

The Innovation: The Autonomous Auditor

The breakthrough of SealSign lies in its verification layer using Chainlink Runtime Environment (CRE).

When a citizen or an auditor wants to verify a document, they do not ask a human for permission. They trigger a Chainlink CRE workflow. This autonomous "judge" operates in a confidential environment to:

1) Fetch the original fingerprint from the Hedera Mirror Node.

2) Compare it to the file provided by the user.

3) Issue a binary result: Verified or Tampered.

If even a single comma has been moved, the math fails and the system triggers a Red Alert.

Why It Matters

SealSign is a peace treaty between the individual and the system. It ensures that the truth about our safety, our rights, and our agreements is on the chain, not stored in a drawer where it can be changed.

SealSign. Because the truth should be as immutable as the consequences of ignoring it.

The Technical Stack

The project is built with a focus on security, decentralization, and performance, using a modern React 18 frontend and a hardened Node.js backend.

Frontend: React 18, TypeScript, and Vite. Styling is handled via Material UI (MUI) for the component architecture and Tailwind CSS for layout utility.

Wallet & Payments: Reown AppKit (WalletConnect) manages the connection. We interface directly with the EIP-1193 eth_sendTransaction method. To ensure network finality, we utilize ethers.providers.JsonRpcProvider to confirm transaction success before initiating ledger operations.

Identity: ENS (Ethereum Name Service) resolution is performed on the Sepolia network. We implemented both forward and reverse resolution to translate hexadecimal addresses into human-readable identities.

Core Engineering Decisions

1. Client-Side Cryptography

A fundamental privacy requirement was that the raw document must never leave the user's device. We implemented the SHA-256 hashing algorithm using the browser's native crypto.subtle API. By generating the digital fingerprint locally, the server only receives a 64-character hash, ensuring the original PDF remains private and secure.

1. Hedera Consensus Service (HCS)

We utilized the @hashgraph/sdk to anchor document fingerprints. Each notarization is submitted as a JSON-encoded message to a dedicated HCS Topic. This provides an immutable, decentralized timestamp that serves as the definitive proof of existence for the document.

1. Autonomous Auditing with Chainlink CRE

Verification is powered by Chainlink Runtime Environment (CRE). This acts as an independent auditor. The system retrieves the original hash from the Hedera Mirror Node and compares it against the user-provided file within a secure execution environment. This removes the need for a central authority to "vouch" for the document's validity.

1. Backend Security & Reliability

The Express 4 server is configured with Helmet for security headers, strict CORS policies, and rate limiting. We implemented a 4KB body cap to prevent payload injection. Crucially, all Hedera private keys are stored and managed server-side to prevent exposure to the client. Notable Technical Implementations ("Hacks")

HCS Document Normalizer: During development, our data schema evolved significantly. To maintain backwards compatibility without a database migration, we built a Normalizer that detects and handles four distinct legacy JSON structures. This ensures that every document ever notarized on our HCS topic remains verifiable today.

Key Format Auto-Detection: The backend supports multiple Hedera private key formats (DER-encoded ED25519, DER-encoded ECDSA, and raw hex). The system automatically detects the format, allowing for seamless integration across different account types.

Mirror Node Pagination: To provide a comprehensive public archive, we implemented a recursive fetching logic for the Hedera Mirror Node, following links.next cursors to reconstruct the full history of the ledger.

Partner Technology Benefits

Hedera: Provided the high-throughput and low-latency consensus required for real-time public auditing.

Chainlink: Facilitated the roadmap for trust-minimized, off-chain computation.

ENS: Resolved the "Identity Problem" by linking cryptographic proof to recognizable institutional names.

Reown: Standardized the cross-chain interaction, allowing for a simplified payment flow for network fees.