IOProof

Dashboard GitHub

Cryptographic proof that an AI said what it said.

Tamper-evident AI attestation with zero-knowledge privacy

IOProof is an open-source proxy that sits between you and any AI provider. It captures the exact request and response, generates a blinded proof using a unique secret, batches proofs into a Merkle tree, and commits the root to Solana. One transaction proves thousands of interactions — without exposing any data on-chain.

How it works

1 Send your request

Call our proxy instead of the AI API directly. We support OpenAI, Anthropic, xAI, Gemini, and any custom HTTP API.

2 We hash & blind

SHA-256 hashes of the exact request and response bytes, combined with a random secret to produce a blinded hash. Two independent secrets are generated — one for you, one for the end-user.

3 Full audit stored

The complete request body, target URL, and response body are stored server-side. Accessible only with a valid secret — either party can verify independently.

4 Merkle batching

Blinded proofs are collected hourly and batched into a Merkle tree. One Solana transaction commits the root for all proofs in the batch.

5 Verify or export

Verify any proof with your secret — or export a self-contained bundle for independent verification against Solana, no trust in IOProof required.

Zero-knowledge privacy

Each proof is blinded with a unique 256-bit secret before being included in the Merkle tree. On-chain, observers see only a Merkle root — they cannot determine how many proofs exist, what providers were used, or any content. Your secret is your key to proving ownership of a specific interaction, and you choose who to share it with.

On-chain (public)
  • Merkle root (single hash)
  • Batch metadata
  • Solana tx signature
On IOProof (secret-gated)
  • Full request/response
  • Target URL, provider
  • Individual proof hashes

Dual-secret verification

Every proof generates two independent secrets — one for the service (owner), one for the end-user. Both can verify the exact same interaction without trusting each other.

For services

Keep the owner secret server-side. Prove to regulators, auditors, or users exactly what your AI produced — with cryptographic certainty.

For end-users

Receive a verification link for every AI interaction. In a dispute, prove exactly what you asked and what you were told — independently, no trust required.

How it works in practice

A service like a chatbot proxies user requests through IOProof. The API response includes both secrets. The service keeps secret and gives user_secret to the end-user (e.g. as a "View proof" link). Either party can access the full cryptographic proof and on-chain verification at any time.

Supported providers

OpenAI Anthropic xAI Google Gemini + any HTTP API

Pricing

Free

100 proofs/month
Full dashboard
API key access

Get started
Self-hosted

Unlimited proofs
Your own Solana keys
MIT licensed

View on GitHub

Quick start

curl -X POST https://ioproof.com/v1/proxy/openai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "X-IOProof-Key: iop_live_your_key_here" \
  -H "X-Provider-Key: sk-your-openai-key" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

The response wraps the provider's original response with a verification receipt including your unique secret.

Verify a proof

Paste a combined hash to look up its on-chain attestation. Include your secret for full details.

Have an exported proof bundle? Use the standalone verifier to verify it entirely client-side — no trust in IOProof required.