Authenticity isn't a single trick. We embed five overlapping layers of cryptographic proof into media at the moment of capture, and bracket each capture between two independent public timestamps that we don't control. Verification is open and free for anyone — forever.
This page is the architecture, in public. The provisional patent has been filed; what's secret is the operational tuning, not the design.
A single watermark is a single point of failure. We use five independent authentication layers, each defending against different attacks, each verifiable on its own. Defeating Reality Registry means defeating all five at once — and the cost of doing so exceeds the value of any synthetic claim.
An imperceptible 256-bit identifier is embedded directly into the pixels of every frame using research-grade neural watermarking (Meta's Video Seal for video, TrustMark for photos). Lives inside the image, not in the metadata — survives compression, re-encoding, screenshots, and most editing.
Each three-second segment of the audio track carries a hidden segment-index marker (Meta's AudioSeal). If a clip is trimmed or spliced, the segment indices reveal the cut — even if the visual watermark is intact.
Every three-second segment is independently hashed (SHA-256) and the resulting hashes are combined into a Merkle tree. The Merkle root is what gets registered on the public blockchain. A single altered pixel anywhere in the clip invalidates the segment that contains it — without affecting verification of the rest.
Each capture incorporates a fresh value from the NIST Randomness Beacon — a public, government-published random value that updates every 60 seconds. The beacon proves the capture cannot have happened before that minute, because the value didn't exist before then. We don't control NIST.
The Merkle root, NIST beacon value, and capture metadata are written together to a public blockchain (Polygon) within seconds of capture. The blockchain timestamp proves the capture cannot have happened after that block. We don't control the blockchain. Together with Layer 4, the capture is bracketed between two independent timestamps neither owned by us nor by the creator — discussed in detail below.
Every Reality Registry capture is sandwiched between two public timestamps published by entities outside our company: the NIST Randomness Beacon at one end, and a public blockchain block at the other. The capture cannot have happened before the beacon was published, and cannot have happened after the block was confirmed. The window between them is mathematically tight, and verifiable by anyone with internet access — without trusting Reality Registry, or anyone else.
The U.S. National Institute of Standards and Technology publishes a fresh, signed random value every 60 seconds at beacon.nist.gov. The values are unpredictable in advance, archived publicly, and signed by NIST's HSM. Embedding the most recent beacon value in a capture is a cryptographic guarantee that the capture is no older than that beacon's publication time.
The Merkle root of the capture's segment hashes is written to a public blockchain (Polygon today; multiple chains supported as the network matures). Once a block is confirmed, the timestamp is immutable and globally observable. The capture must have existed at or before that block — its hash is on the chain.
Why this matters: most authenticity systems require trusting someone — the platform, a certificate authority, a forensic firm. Reality Registry's time window requires trusting only the U.S. government's randomness beacon and the global state of a public blockchain. Reality Registry as a company could shut down tomorrow, and the time window on every previously registered capture would remain mathematically valid.
The user taps the shutter — or finishes recording — and the entire authentication chain runs end-to-end in real time. No upload to verify. No external service to call. The capture is registered before the file leaves the device for ordinary distribution.
Photo or video is captured through the application's camera flow. The most recent NIST beacon value is fetched and incorporated.
The visual and audio watermarks are embedded; each three-second segment is hashed; the hashes form a Merkle tree.
The Merkle root is signed by a hardware-backed key in the device's secure element (StrongBox on Android, Secure Enclave on iOS).
The signed Merkle root, NIST beacon value, and capture metadata are written to the public blockchain.
A blockchain block confirms within ~30 seconds. The upper bound of the time window is now public and immutable.
The watermarked file is now ready to share, store, or submit. Authentication travels with the pixels — no separate proof file required.
A trust system that gates verification behind payment is not a trust system. Anyone — recipient, journalist, court, regulator — can verify a Reality Registry-authenticated photo or video at no cost, with no account, and no Reality Registry product installed. Three independent paths exist.
Every registered capture comes with a short share link. Click it; see the full authenticity record on a public web page. No login.
Have a copy of a photo or video and want to know if it's registered? Upload it. Our extractor reads the watermark, looks up the chain entry, and reports back. Free.
The blockchain record is public. Anyone with a Polygon block explorer can confirm the Merkle root, NIST beacon, and timestamp without our involvement.
We believe trust systems benefit from public scrutiny of their architecture. The provisional patent (Application 64/049,784) covers the novel combination described above; we have no incentive to obscure it. What we don't publish are the operational specifics — the empirically tuned watermark parameters, the device-attestation thresholds, the live-capture detection internals — because those are tuning constants in an active arms race with adversaries. Disclosing them buys an attacker hours of saved work and the world nothing.
For enterprise reviewers: full implementation detail, including the proprietary beacon protocol scheduled for the non-provisional filing, is available under NDA. Independent third-party validation of the watermark survival suite is committed for Q3 2026.
The architecture is the easy part. The interesting question is whether it survives your specific workflow — journalism, witness documentation, evidence chain-of-custody, or a custom integration. Get early access to the consumer Android app or request a hands-on technical briefing.
