Verification Protocol
How IMPP verifies memory artifacts. Covers the Ed25519 certificate format, adversarial probe suite, and offline verification.
Verification Protocol
Every artifact published to the IMPP registry undergoes a multi-stage verification pipeline before receiving a signed certificate.
Ed25519 Certificate Format
Certificates are compact Ed25519 signatures over a canonical JSON representation of the artifact header. The header includes the artifact hash, domain, trust score, and expiry timestamp.
{
"artifact_id": "defi-risk-assessment@v2.1",
"domain": "defi",
"trust_score": 94.2,
"issued_at": "2026-04-24T10:00:00Z",
"expires_at": "2026-07-24T10:00:00Z",
"signature": "base64url(Ed25519_sig)",
"pubkey": "base64url(registry_pubkey)"
}Certificates expire after 90 days by default. Artifact owners can re-verify to issue a fresh certificate without re-publishing.
Adversarial Probe Suite
Before issuance, artifacts are subjected to the following probes. A failing probe blocks certification.
| Probe | What It Checks |
|---|---|
| Steganography Detection | Hidden payloads encoded in artifact content |
| Overfit Probe | Whether the artifact memorises its training set rather than generalising |
| Negative Transfer | Performance degradation when attached to a clean baseline agent |
| Freshness Check | Flags artifacts whose source data is older than the domain threshold |
| Schema Integrity | Validates all required fields and version constraints are present |
Probe Details
Steganography Detection runs statistical analysis on the artifact content to detect unusual patterns that could encode hidden instructions or payloads. Uses KL-divergence against reference distributions for the artifact's content format.
Overfit Probe evaluates the artifact against held-out test sets from the same domain. An artifact that performs significantly better on its training distribution than on the test set is flagged.
Negative Transfer Probe attaches the artifact to a clean baseline agent and measures task performance before and after. A statistically significant drop in baseline tasks indicates negative transfer.
Freshness Check compares the artifact's source data timestamps against domain-specific thresholds. DeFi artifacts with data older than 30 days are flagged. Cybersecurity artifacts have a 90-day threshold. Freshness is computed using exponential decay with a configurable half-life (default 180 days).
Schema Integrity validates the IMPP artifact schema M = (D, K, P, A, H): required fields (domain, knowledge, provenance, attestation), version format, and content format constraints.
Adversarial Risk Thresholds
Each probe contributes to a composite adversarial risk score (0–100), weighted as follows:
| Probe | Weight |
|---|---|
| Bias | 0.30 |
| Consistency | 0.25 |
| Steganography | 0.25 |
| Overfit | 0.20 |
The composite risk score determines the outcome:
| Risk Score | Outcome |
|---|---|
| 0–30 | PASS — artifact is clean |
| 31–50 | WARNING — manual review recommended |
| 51–100 | FAIL — artifact is rejected |
Trust Score Computation
The trust score is a weighted composite of three signals:
trust_score = (
0.50 * transfer_efficiency +
0.30 * adversarial_clean +
0.20 * freshness
)Where:
- transfer_efficiency — how well the artifact's knowledge transfers to a receiving agent, measured as task performance improvement (0–100)
- adversarial_clean —
100 - adversarial_risk_score; higher means cleaner (0–100) - freshness — exponential decay based on artifact age, with a 180-day half-life (0–100)
Scores range from 0 to 100. Artifacts below 50 are not certified.
Offline Verification
Certificates can be verified without network access using the bundled registry public key. The key is pinned in the CLI at install time and rotated annually.
$ impp verify artifact.json --offline --pubkey ~/.impp/registry.pubThe offline check validates:
- Ed25519 signature over the canonical header
- Certificate expiry timestamp
- Artifact hash matches the signed hash
It does not re-run the adversarial probes (those require server-side infrastructure).