Verify a Parametric Memory snapshot
Drag a signed snapshot onto the page. Your browser verifies the Ed25519 signature, then independently recomputes the Merkle roots from the atoms and edges. Both checks must pass. No data leaves your browser.
How does the verification actually work?
Two independent cryptographic checks. Both must pass.
- Check A — Authenticity. The Ed25519 signature is verified against the public key embedded in the snapshot. The signed payload is a constant-size header containing the snapshot's Merkle commitments (master root, per-shard roots, edges root, audit-log root). MMPM's private signing key lives inside HashiCorp Vault and never leaves — the substrate sends bytes, Vault returns a signature.
- Check B — Merkle commitment. Your browser independently recomputes every Merkle root from the atoms, edges, and audit entries actually in the snapshot. Each recomputed root must equal the claimed value in the signed header. Tamper any atom, remove any edge, omit any audit entry — the recomputed root differs, the check fails.
The architecture is bitcoin-shaped on purpose. Bitcoin signs a block header that commits to a merkle root over transactions; we sign a snapshot header that commits to a merkle root over atoms, edges, and audit. Same cryptographic guarantee, same separation of authenticity and integrity, same auditability. Constant-size signed payload regardless of substrate scale — a 100-atom snapshot and a 10-million-atom snapshot sign in the same time and produce the same-size signature.
Together the two checks answer: does this snapshot describe a real Parametric Memory state, signed by MMPM, untampered since signing? If both checks above are green, yes.