✦ VERITAS

In Roman myth, Veritas was the goddess of truth — said to hide at the bottom of a sacred well, so that finding her always took real effort. A fitting namesake for a tool that lets you prove what's true.

Tamper-proof receipts for AI,anchored to Bitcoin.

When an AI makes a claim, it can be signed and stamped onto the Bitcoin blockchain. Anyone can later confirm the claim is genuine and unaltered — without trusting the company that made it, or anyone at all.

Read the spec

How it works

Five steps turn an AI's output into something anyone can independently verify — no account, no server, no trust required.

  1. Sign

    The AI signs its output with its private key — an unforgeable fingerprint proving who produced it.

  2. Publish

    The signed receipt is posted publicly to the Nostr network, so it can't quietly disappear later.

  3. Batch

    Many receipts are bundled into one compact cryptographic summary, called a Merkle tree.

  4. Anchor

    That summary is written into the Bitcoin blockchain — permanent, public, impossible to rewrite.

  5. Verify

    Anyone — including this page — re-checks every step using only public math. Trust no one; check it yourself.

Where you've already seen this

Each step of VERITAS mirrors something the open internet already does — in plain sight. See it on a real, public site, then come back and verify it here yourself.

  • Sign. Like the 🔒 lock in your address bar that proves you're really talking to your bank, VERITAS puts an unforgeable signature on an AI's answer — so you know which AI said it, and that not one word was changed.

  • Publish. The signed receipt is posted to Nostr — a public network no single company runs. Like a bulletin board nobody can sneak back to and tear a page out of.

  • Batch. Thousands of receipts fold into one short fingerprint — the way each Bitcoin block bundles thousands of transactions (watch the live counts). Change any single receipt and the fingerprint won't match.

  • Anchor. That fingerprint is written into Bitcoin itself. The very first Bitcoin transaction has sat in the chain since 2009 with 950,000+ confirmations — rewriting it would mean rewriting history for everyone.

  • Verify. Anyone can re-check the whole chain with public math — no account, no trust. OpenTimestamps does this for any file; this page does it for AI receipts, right on your device.

See it in action

The same five-layer check, run right here on this page: one real receipt passes top to bottom, and a tampered one fails on the spot. Try it yourself in the next tab.

  • It all checks out. Every layer that applies comes back green — signature, public receipt, batch proof, and checkpoint all verify. (Anchor is skipped here — no Bitcoin transaction attached.)

  • And it catches fakes. Change a single byte of a sample receipt and the check fails instantly — which is how you know the green checks actually mean something.

Do it yourself — anchor an attestation to Bitcoin

Verifying in your browser is the easy half. Here's the other half: generate your own AI attestation and stamp it onto Bitcoin yourself. This short walkthrough does exactly that on signet, Bitcoin's free test network — no real money, the same mechanics as mainnet.

  1. Download the code:git clone https://github.com/Ifasola34/veritas.git
  2. Go into the folder:cd veritas
  3. Create a virtual environment:python3 -m venv .venv
  4. Turn it on (your prompt gets a (.venv) tag):source .venv/bin/activate
  5. Install VERITAS:pip install -e .
  6. Go to the signet example:cd examples/signet-anchor
  7. Generate your key and funding address:python make_address.pyCopy the printed SIGNET FUNDING ADDRESS: tb1q… — that address is yours.
  8. Fund it with free test coins: open bitcoinsignetfaucet.com, paste your tb1q… address, and request the coins. They have no real value — it's Bitcoin's test network — and arrive in about a minute.
  9. Build and broadcast the anchor:python anchor.pyIt prints ok=True txid=… and a mempool.space/signet/tx/… link.
  10. Open that link and find the OP_RETURN output — that's your AI attestation's fingerprint, now written onto Bitcoin.

Ready for the real thing? The same steps on Bitcoin mainnet are right below.

Do it on real Bitcoin — mainnet walkthrough

The signet run above is the free rehearsal. This is the real thing: the same flow on Bitcoin mainnet, where your attestation is stamped into the actual chain for anyone to verify, forever. It costs only the network fee (well under $1); the rest of your funding comes back to you.

The steps below are the current method. The video shows the overall flow and may differ slightly as we keep refining the process.

  1. Download the code:git clone https://github.com/Ifasola34/veritas.git
  2. Go into the folder:cd veritas
  3. Create a virtual environment:python3 -m venv .venv(Any Python 3.10 or newer.)
  4. Turn it on (your prompt gets a (.venv) tag):source .venv/bin/activate(Windows: .venv\Scripts\activate)
  5. Install VERITAS:pip install -e .
  6. Go to the mainnet example:cd examples/mainnet-anchor
  7. Generate your key and your funding address:python make_address.pyCopy the printed MAINNET FUNDING ADDRESS: bc1q… (that address is yours).
  8. Fund it: from your own Bitcoin wallet, send a dollar or two of real BTC to that bc1q… address. Wait for 1 confirmation (~10 minutes). This is real money. The anchor itself costs only the network fee (well under $1); the rest comes back to you as change.
  9. (Optional) Write your own message: by default the anchor attests a sample sentence. To put your own words on Bitcoin instead, you don't edit any file. You pass your message in the next step with --text "your message". Whatever you type inside the quotes is exactly what gets fingerprinted onto Bitcoin.
  10. Build and broadcast the anchor:python anchor.py --text "Anchor Demo BTC"Put your own message inside the quotes (or run plain python anchor.py for the default sample sentence). It shows the exact transaction and its cost, then asks you to type yes to broadcast. It prints ok=True txid=… and a https://mempool.space/tx/… link, and saves your receipt to artifacts/bundle.json. Keep that file; it's how you pull the message up later.
  11. See it on Bitcoin: open that link and scroll to the OP_RETURN output. That's your message's fingerprint, written onto real Bitcoin.
  12. Get your BTC back: first wait for your anchor transaction to confirm (about 1 block), then send the change to your own wallet:python sweep.py bc1qYOUR_OWN_ADDRESSReplace bc1qYOUR_OWN_ADDRESS with a real receive address from your own wallet (a bc1q… or legacy 1…/3… address, not a bc1p… Taproot one). Type yes; it sends your leftover BTC back to your wallet. If you paste the example as-is, the script stops and tells you to use your own address.

Try it yourself

Watch a real attestation verify end-to-end, or paste your own. Everything runs on your device — you can even turn off your internet.

This one is real. The sample below is a genuine AI attestation, signed on 13 June 2026 and permanently anchored to Bitcoin mainnet. Don't take our word for it — look it up yourself:

Bitcoin anchor tx: 92b2c4e434ae347f867e36a5ec7a1b608fd35ca45158caa258638c82215aafa0

Free 15-minute guide (PDF)
Paste JSON
Demo Vectors
or paste the pieces individually

Each demo adds another layer, building up to the full chain. The last one is tampered on purpose — it should FAIL.

Attestation Only
Schnorr signature check
+ Nostr Event
Attestation + kind-30078
+ Merkle Proof
Attestation + inclusion proof
Full Chain
All 5 layers + live Bitcoin anchor
Invalid Signature
Tampered payload — should FAIL
LayerStatusDetail

    PASS = cryptographically verified · FAIL = tampered or mismatched · SKIP = that optional layer wasn't provided.

    What each check proves

    • Schnorr Signature — this exact AI output was signed by this exact key and hasn't been altered by a single byte. The foundation: it really came from them, and it really says this.
    • Nostr Event — the receipt was published to a public, censorship-resistant network under a matching identity, so it can't be quietly erased after the fact.
    • Merkle Inclusion — this one receipt is provably part of a larger batch, so a single Bitcoin transaction can certify thousands of receipts at once.
    • Checkpoint — the batch's publicly posted summary matches the proof exactly: same epoch, same root, same count. Nothing was swapped in between.
    • Anchor TX — that summary is embedded in a real Bitcoin transaction — permanent, public, and impossible to rewrite.

    Match a record to its receipt

    A receipt commits only a fingerprint of the input — the original text never has to be made public. Later, to settle a claim, reveal the original record (and its secret salt, if it had one) and confirm it matches the fingerprint that was signed and anchored to Bitcoin. A match proves this exact document is the one the AI attested, unaltered.

    The check runs entirely on your device: the original record never leaves the page. Privacy is a dial — publish nothing, publish a fingerprint, or reveal the full record only when you choose to.

    Go deeper

    Seen it verify? Take the hands-on guide with you, or read the whole story — why proof beats trust, and what that means for an economy run by agents.

    The free guide

    Try VERITAS Yourself · PDF · about 15 minutes

    A hands-on walkthrough in plain English: verify the real Bitcoin-anchored attestation from this page, then run the whole machine on your own computer and sign a sentence of your choice. Free to download and share — no email, no account.

    Download the guide (PDF)

    The book

    Proof of Agent · Kindle & paperback

    Proof of Agent book cover

    Verifiable AI on Bitcoin, and the Missing Trust Layer of the Autonomous Economy — by Tutankhamun Castillo El-Bey, the creator of VERITAS. The full story in plain English, written for builders, founders, insurers, and anyone being asked to trust a machine.

    Get it on Amazon

    As an Amazon Associate, the author earns from qualifying purchases. More at proofofagent.net.