Cryptographic audit receipt for every AI inference run.
One function call generates a tamper-proof 128-byte signed record of what model ran, what it touched, when, and how many operations it made. Works with any model — Claude, GPT, Gemini, or a local Ollama model. EU AI Act §13(3)(c) compliant out of the box.
▶ Watch the 90-second demo · pip install aetherproof
python examples/record_demo.py phi3 (a real local model via Ollama):
[1] Asking a local model (phi3) via Ollama — one line:
r = aetherproof.ollama('phi3', prompt)
answer (live local model):
> A cryptographic signature is a mathematical scheme for verifying the
authenticity of a message by proving it was signed by the claimed sender.
[2] Every call gets a 128-byte signed receipt. Verify it offline:
r.verify() -> True
[3] An attacker flips ONE byte of the receipt:
original -> True
1 byte changed -> False (instantly detected)
[4] The receipt can ride INSIDE the AI's own output text, invisibly:
chars : 182 visible -> 315 with hidden receipt
verify hidden: True
Run a local model and get its answer plus a signed, tamper-evident receipt — no extra dependencies, no server, no account:
import aetherproof
r = aetherproof.ollama("llama3", "Explain quantum tunneling")
print(r.text) # the model's answer
print(r.verify()) # True — cryptographically receipted
r.save("call.receipt")Cloud providers work the same way (pip install openai / anthropic):
r = aetherproof.openai("gpt-4o", "Summarise this contract.")
r = aetherproof.anthropic("claude-3-opus-20240229", "Explain GDPR Article 13")Already have the response? Receipt it directly:
receipt = aetherproof.generate(open("model.onnx", "rb").read())
print(receipt.verify()) # True
receipt.save("run.receipt")$ aetherproof verify run.receipt
┌─────────────────────────────────────────────────────────┐
│ AetherProof Receipt — AI Execution Audit │
├─────────────────────────────────────────────────────────┤
│ pid : 1 │
│ binary_hash : 0xA3F2B1C4D5E6F708 │
│ memory_hash : 0x0000000000000000 │
│ syscall_count : 0 │
│ binary_len : 4096 │
├─────────────────────────────────────────────────────────┤
│ ✓ VALID — Ed25519 verified — EU AI Act §13(3)(c) ✓ │
└─────────────────────────────────────────────────────────┘
The EU AI Act (enforcement: August 2026) requires technical documentation of every automated AI decision under Article 13(3)(c). Companies deploying high-risk AI systems face €15M or 3% of global revenue for non-compliance.
AetherProof is the minimal technical primitive that satisfies this requirement: a cryptographically signed, tamper-evident record that proves exactly what code ran.
| Field | Proof |
|---|---|
binary_hash |
WHAT ran — FNV-1a of model/binary bytes; any byte change = different hash |
memory_hash |
WHAT it touched — hash of outputs or memory region |
timestamp_ns |
WHEN it ran — nanoseconds UTC; replay detectable by timestamp comparison |
syscall_count |
HOW MANY operations — inference call count; anomalous behavior detectable |
sig[64] |
INTEGRITY — Ed25519 over all above; 1-byte tamper anywhere = invalid |
# Python
pip install aetherproof
# Rust
cargo add aetherproof-core
# CLI (build from source)
cargo install --path cliimport aetherproof
receipt = aetherproof.generate(
model_bytes,
pid = 1,
memory_hash = aetherproof.fnv1a(output_bytes),
syscall_count = num_calls,
)
receipt.save("run.receipt")
print(receipt.verify()) # Truewith aetherproof.Session(pid=1) as s:
output = my_model.predict(input_data)
s.record_output(output.tobytes())
receipt = s.seal(model_path="model.onnx")
receipt.save("run.receipt")@aetherproof.audit(model_path="model.onnx", save_to="receipts/{call}.receipt")
def run_inference(data):
return model.predict(data)
result = run_inference(my_data)
# receipt auto-saved to receipts/0.receipt# Generate
aetherproof generate --binary model.onnx --pid 1
# Verify
aetherproof verify run.receipt
# Self-test (runs all internal correctness checks)
aetherproof self-test
# Benchmark
aetherproof bench --count 50000use aetherproof_core::{generate, verify, dev_signing_key, dev_verifying_key};
let sk = dev_signing_key();
let receipt = generate(1, model_bytes, memory_hash, call_count, &sk);
let bytes = aetherproof_core::to_bytes(&receipt);
assert!(verify(&bytes, &dev_verifying_key()));[0..8] "AETHPRF1" magic
[8] 1 version
[9..12] [0; 3] padding
[12..16] pid u32
[16..24] binary_hash u64 FNV-1a of model bytes
[24..32] memory_hash u64 hash of outputs
[32..36] syscall_cnt u32 inference call count
[36..40] entropy_seed u32 random nonce at generation
[40..48] timestamp_ns u64 nanoseconds since Unix epoch
[48..56] binary_len u64 byte count of model
[56..64] [0; 8] reserved
[64..128] sig [u8; 64] Ed25519 over bytes[0..64]
Wire format is identical to the AetherOS kernel receipt format — receipts from AetherOS QEMU can be verified by this library and CLI.
The dev key (DEV_SIGNING_SEED) is for development and testing. In production, replace with an HSM or TPM-loaded key:
sk = aetherproof.SigningKey.from_seed(tpm.get_key_seed())
receipt = aetherproof.generate(model_bytes, signing_key=sk)A receipt is cheap enough to attach to every AI call — the overhead is negligible next to model latency (an LLM call takes seconds; a receipt takes microseconds).
| Operation | Time | Throughput |
|---|---|---|
| Receipt generate (Ed25519 sign) | ~92 µs | ~10,900 / sec |
| Receipt verify | ~154 µs | ~6,500 / sec |
| Watermark embed + verify | ~167 µs | — |
| Receipt size | 128 bytes | — |
Measured with examples/benchmark.py (pure Python, typical laptop). Reproduce:
cd python && python examples/benchmark.pyAt ~0.1 ms per call, AetherProof adds well under 0.01% latency to a typical inference request.
# Python tests
cd python && pip install -e ".[test]" && pytest
# Rust tests (includes 20 unit tests)
cargo test
# Full: Rust + Python cross-language test
cargo build && cd python && pytest tests/test_cross_lang.pyTests include:
- Format invariants (RECEIPT_SIZE == 128, magic, version)
- Round-trip serialisation for all fields
- Flip every byte in the 128-byte receipt — all 128 flips must invalidate
- 1 000 receipts: 100% verify, 100% tamper-detect
- Throughput benchmark
- Cross-language: Python generates → Rust CLI verifies ✓
Built on top of AetherOS — a research OS with a custom VELA-1 ISA, AetherBridge JIT compiler, and kernel-level AI sandboxing. AetherProof is the portable, standalone extract of the kernel's execution receipt engine.
AetherOS kernel AetherProof (this repo)
───────────────── ──────────────────────────
aetherproof.rs → core/src/lib.rs (std Rust)
tools/verifier/ → cli/src/main.rs (+ generate + bench)
python/ (pure Python SDK)
AetherProof is dual-licensed.
1. Open source — GNU Affero General Public License v3.0 (AGPL-3.0-or-later). Free to use, modify, and self-host for open-source projects, research, and personal use. Under the AGPL, if you build on AetherProof and offer it to others (including over a network/SaaS), you must release your entire derivative work's source under the AGPL as well.
2. Commercial license. If you want to use AetherProof inside a proprietary or closed-source product or service — without the AGPL's source-disclosure obligation — you need a commercial license. This also covers managed/enterprise features (hardware-bound signing keys, hosted verification, audit dashboards, support).
In short: free for the open community, licensed for closed-source commercial use.
For commercial licensing or enterprise inquiries: open a GitHub issue or reach out via LinkedIn.
See LICENSE for full AGPL terms.