Report Integrity Verification

Every report published on Bull Rider is cryptographically signed. This means you can independently verify that a report has not been modified since publication.

Content Hashing

When a report is published, its entire JSON content is canonicalized (sorted keys, no whitespace) and hashed with SHA-256. This produces a unique fingerprint of the report content.

Ed25519 Signing

The SHA-256 hash is signed with our Ed25519 private key. Ed25519 produces compact 64-byte signatures with 128-bit security level — equivalent to RSA-3072 but orders of magnitude smaller.

Embedded Integrity Block

Each report includes an integrity block with the content hash, Ed25519 signature, signing timestamp, and our public key. This block is verifiable by anyone without contacting our servers.

Client-Side Verification

Your browser can verify the signature using our public key (embedded in this website). The @noble/ed25519 library runs entirely in your browser — no server calls needed.

What This Guarantees

Tamper-proof: Any modification to the report content would invalidate the SHA-256 hash, breaking the signature.
Authorship: Only the holder of Bull Rider's private key can produce valid signatures.
Timestamp: The signing timestamp proves when the report was published.
No server trust needed: Verification runs entirely in your browser using standard cryptographic primitives.

Technical Details

Algorithm: Ed25519 (RFC 8032)

Hash: SHA-256

Canonicalization: JSON with sorted keys, no whitespace

Client library: @noble/ed25519 (5KB, zero dependencies)

Signature size: 64 bytes

Public key size: 32 bytes