FAQ

Common questions about the OCC Protocol.

Does OCC upload my file?

No. Your file is hashed locally in your browser or application. Only the SHA-256 digest (32 bytes) is sent to the enclave. The actual file bytes never leave your machine.

Can I verify a proof without an internet connection?

Yes. Core verification (digest match + Ed25519 signature) is fully offline. You need the original bytes, the proof JSON, and a verifier implementation. No API calls required.

What happens if the enclave restarts?

A new epoch begins — new Ed25519 keypair, new epochId, counter potentially resets. The first proof of the new epoch has no prevB64 (chain link). Cross-epoch counter continuity can be maintained via a DynamoDB anchor.

Is this a blockchain?

No. OCC has no distributed consensus, no global ledger, no tokens. It constrains a single execution boundary. Proof chaining (prevB64) is a local hash chain, not a distributed data structure.

Does OCC prove who created the content?

A base proof attests which execution boundary committed specific bytes — not who created them. Actor-bound proofs (using device-bound biometric keys) can additionally attest that a specific person or device authorized the commitment.

What if someone modifies the proof JSON?

The Ed25519 signature covers the canonical signed body. Any modification to signed fields (artifact, commit, signer identity, environment) invalidates the signature. Unsigned fields (timestamps, metadata) are advisory and should not be trusted for security decisions.

What is the measurement field?

For AWS Nitro Enclaves, it is the PCR0 value — a SHA-384 hash of the enclave image. It uniquely identifies the exact code running inside the boundary. Verifiers should pin allowedMeasurements to known-good values.

Are timestamps signed?

No. RFC 3161 timestamps are added post-signature by the parent server via an external Time Stamping Authority. They are independently verifiable (via the TSA certificate) but are not covered by the Ed25519 signature. Use them as advisory evidence, not as primary trust.

Can the same file produce different proofs?

Yes. Each commit generates a fresh nonce, increments the counter, and produces a new signature. The artifact digest will be the same (same file = same SHA-256), but the commit context differs. This is correct behavior — each is a distinct commit event.

What is prevB64?

The SHA-256 hash of the previous complete proof in the chain. It creates a linked sequence within an epoch. If any proof in the chain is modified, deleted, or reordered, the hash chain breaks. The first proof of an epoch has no prevB64.

How is this different from just signing a file?

A standard digital signature proves someone with the private key signed the bytes. OCC additionally provides: a measured execution boundary (PCR0), a monotonic counter (ordering), a fresh nonce (non-replayability), proof chaining (sequence integrity), and hardware attestation (boundary evidence). The key never leaves the enclave.

What libraries does OCC use?

The core library uses @noble/ed25519 for signatures and @noble/hashes for SHA-256 — both audited, pure TypeScript, zero-dependency libraries. No Node.js native bindings.