Civic Attest is a robust cryptographic infrastructure aimed at ensuring origin authenticity, content integrity, and public accountability for digital communications, particularly in high-trust environments such as government and public institutions.

Key Features

Civic Attest offers a range of system guarantees that enhance the security and reliability of digital communications:

• Origin Authenticity: Employs Ed25519 signatures for cryptographic non-repudiation, ensuring that the source of information is verifiable.
• Byte-level Integrity: Utilizes SHA-256, SHA-3-512, and BLAKE3 hashing techniques to confirm the integrity of the content.
• Verifiable Timestamp Anchoring: Conforms to RFC 3161 for reliable time-stamping of documents.
• Append-only Public Transparency: Implements a Merkle tree-based public ledger that maintains a transparent record of all transactions.
• Key Lifecycle Governance: Features formal trustee-based key ceremonies for managing cryptographic keys.
• Deterministic Reproducibility: Uses canonical CBOR and JSON encoding to ensure consistent document formatting.
• Offline Verification: Allows for document verification without network connectivity, enhancing usability in various scenarios.

System Limitations

It is important to clarify that while Civic Attest ensures authorship through cryptographic signatures, it does not validate the truthfulness of content or determine the intent behind actions. Additionally, it does not guarantee neutrality, semantic authenticity, or the detection of coercion.

Usage Example

To sign a document, the following command can be utilized:

./bin/signer \
  -input message.txt \
  -identity mayor-springfield-v1 \
  -key private.key \
  -output message.txt.sig

To verify a signature, the command is as follows:

./bin/verifier \
  -media message.txt \
  -bundle message.txt.sig \
  -pubkey mayor.pub

Architecture Overview

The project consists of several components:

• Command-line tools like the signer and verifier are designed for handling signing and verification processes.
• Core libraries support cryptographic functions, identity management, and ledger operations.
• A public ledger ensures data integrity through an append-only binary Merkle tree.

Governance and Security Framework

Civic Attest employs a stringent governance model with a trustee structure, ensuring that operations are conducted with a quorum of decision-makers. The system is designed to withstand threats posed by nation-state actors, utilizing High-Security Module (HSM) technology to safeguard private keys.

Key Management

Keys are generated in a formal ceremony to ensure their security, and revocations are permanently recorded in the public ledger to maintain transparency and accountability.

Documentation and Support

Comprehensive documentation is available in the /docs directory, covering protocol specifications, threat models, operational tuning guides, and an API reference.

API Access

For developers, Civic Attest provides a REST API for interacting with the system, enabling users to append entries and retrieve signed tree heads.

Conclusion

Civic Attest is a production-ready reference implementation, version 2.0, offering a high-trust framework for authenticity in public digital communications. With features geared towards security and transparency, it stands as a critical tool for organizations demanding reliable digital interactions.