EARLY ACCESSHelp us improve! Share feedback

IOProof

Dashboard GitHub

Cryptographic proof that an AI said what it said.

Cryptographic proof for AI calls and stored data

IOProof is an open-source toolkit for tamper-evident computing. Our proxy sits between you and any AI provider — hashing requests and responses, batching proofs into Merkle trees, and anchoring roots to Sui. Our storage SDK does the same for your database — row-level integrity with on-chain anchoring. One transaction proves thousands of records, without exposing any data on-chain.

Use cases

Regulatory Compliance

AI regulation is accelerating globally. IOProof gives you an immutable audit trail of every AI interaction — what was asked, what was answered, and when. Satisfy the EU AI Act, NIST AI RMF, and emerging frameworks with cryptographic certainty instead of screenshots.

Auditors verify proofs directly against Sui — no need to trust your internal logs.
Consumer Disputes

When an AI chatbot gives wrong medical advice, denies a valid insurance claim, or provides misleading financial guidance — users need proof. With dual-secret verification, end-users get their own independent cryptographic receipt for every interaction.

Users verify against the blockchain directly — no cooperation from the service needed.
Healthcare AI

AI-assisted diagnostics, triage recommendations, and treatment suggestions carry serious liability. IOProof creates a tamper-proof chain of evidence showing exactly what the AI recommended — critical for malpractice defense, patient safety audits, and regulatory reporting.

HIPAA-compatible: payloads stay on your servers, only blinded hashes go on-chain.
Financial Services

When AI generates investment analysis, risk assessments, or loan decisions, firms need to demonstrate exactly what the model produced — not what an employee edited afterward. IOProof anchors the raw AI output with a timestamp that holds up under regulatory scrutiny.

SEC, FINRA, and MiFID II require demonstrable record-keeping for AI-driven advice.
Legal Evidence

Traditional screenshots can be fabricated in seconds. IOProof proofs are anchored to Sui with verifiable timestamps and Merkle paths — creating digital evidence that is independently verifiable by any party. Courts and arbitrators can validate without trusting either side.

Exportable proof bundles work offline — no dependency on IOProof servers for verification.
Data Integrity

Beyond AI calls — @ioproof/store adds tamper-evident integrity to any SQLite database. Every row is SHA-256 hashed, batched into Merkle trees, and anchored to Sui. Detect unauthorized modifications to user records, transaction logs, or audit trails.

Drop-in SDK with automatic triggers — no schema changes or application rewrites.

How it works

1 Send your request

Call our proxy instead of the AI API directly. We support OpenAI, Anthropic, xAI, Gemini, and any custom HTTP API.

2 We hash & blind

SHA-256 hashes of the exact request and response bytes, combined with a random secret to produce a blinded hash. Two independent secrets are generated — one for you, one for the end-user.

3 Full audit stored

The complete request body, target URL, and response body are stored server-side. Accessible only with a valid secret — either party can verify independently.

4 Merkle batching

Blinded proofs are collected hourly and batched into a Merkle tree. One Sui transaction commits the root for all proofs in the batch.

5 Verify or export

Verify any proof with your secret — or export a self-contained bundle for independent verification against Sui, no trust in IOProof required.

Zero-knowledge privacy

Each proof is blinded with a unique 256-bit secret before being included in the Merkle tree. On-chain, observers see only a Merkle root — they cannot determine how many proofs exist, what providers were used, or any content. Your secret is your key to proving ownership of a specific interaction, and you choose who to share it with.

On-chain (public)
  • Merkle root (single hash)
  • Batch metadata
  • Sui tx digest
On IOProof (secret-gated)
  • Full request/response
  • Target URL, provider
  • Individual proof hashes

Dual-secret verification

Every proof generates two independent secrets — one for the service (owner), one for the end-user. Both can verify the exact same interaction without trusting each other.

For services

Keep the owner secret server-side. Prove to regulators, auditors, or users exactly what your AI produced — with cryptographic certainty.

For end-users

Receive a verification link for every AI interaction. In a dispute, prove exactly what you asked and what you were told — independently, no trust required.

How it works in practice

A service like a chatbot proxies user requests through IOProof. The API response includes both secrets. The service keeps secret and gives user_secret to the end-user (e.g. as a "View proof" link). Either party can access the full cryptographic proof and on-chain verification at any time.

Trust model

IOProof cryptographically proves when a proof was committed and that the recorded data hasn't changed since. For proof that a specific AI provider generated the content, IOProof captures provider response headers (request IDs, timestamps) and supports provider-signed responses — when a provider installs @ioproof/provider, every response is Ed25519-signed, making proofs cryptographically tamper-proof. Read the full trust model.

@ioproof/store — Tamper-evident SQLite

Drop-in integrity for any SQLite database. Row-level SHA-256 hashing, Merkle tree batching, optional AES-256 encryption, and Sui chain anchoring — all via automatic triggers. No schema changes required.

const { createStore } = require('@ioproof/store');
const store = createStore({ db, tables: ['users', 'orders'] });
store.start();

// Your normal SQL — triggers track every change automatically
db.prepare('INSERT INTO users (name, email) VALUES (?, ?)').run('Alice', 'alice@ex.com');

await store.flush();
const result = store.verify('users', 1);
console.log(result.valid); // true — row hasn't been tampered with
Row-level hashing

SHA-256 per row, automatic triggers

Merkle batching

Batch rows into trees, anchor to Sui

Encrypted storage

AES-256-GCM, hash before encrypt

Supported AI providers

OpenAI Anthropic xAI Google Gemini + any HTTP API

Pricing

Pay-as-you-go with Alexiuz credits. No subscription. Sign in with your Alexiuz account — credits are shared across all Alexiuz services.

Hosted (ioproof.com)

$0.25/week free credits
Buy $5–$1,000 on demand
No subscription
Sui anchoring included

Cost per action
Per proof: $0.01
Verify: free
Chain anchoring: included
Sign in with Alexiuz
Self-hosted

Unlimited proofs
Your own Sui keys
No account required
MIT licensed

View on GitHub

Quick start

curl -X POST https://ioproof.com/v1/proxy/openai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "X-IOProof-Key: iop_live_your_key_here" \
  -H "X-Provider-Key: sk-your-openai-key" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

The response wraps the provider's original response with a verification receipt including your unique secret.

Verify a proof

Paste a combined hash to look up its on-chain attestation. Include your secret for full details.

Have an exported proof bundle? Use the standalone verifier to verify it entirely client-side — no trust in IOProof required.