Atlas Verify

Atlas Verify is the proof-bearing module of Atlas. In the current implementation, the concrete reusable proof is a signed proof-of-work object attached to the shared proofs bundle and transported in the atlas-proofs header. That makes identity creation and request spam more expensive without introducing a central verifier.

This page is intentionally focused on the PoW proof contract already implemented in Atlas. Broader identity and attestation systems can sit above it, but the portable artifact defined today is the signed proof-of-work object.

Proof Object

A PoW proof is a signed Schema.org-style object with additionalType set to atlas:proofOfWork. It carries the nonce plus a validity window and is signed by the identity key.

ProofOfWork

{
  "data": {
    "@type": "Intangible",
    "additionalType": "atlas:proofOfWork",
    "identifier": {
      "@type": "PropertyValue",
      "propertyID": "pow",
      "value": "<32-char-hex-nonce>"
    },
    "additionalProperty": [
      {
        "@type": "PropertyValue",
        "name": "validFrom",
        "value": "2026-04-02T10:15:00.000Z"
      },
      {
        "@type": "PropertyValue",
        "name": "validUntil",
        "value": "2027-04-02T10:15:00.000Z"
      }
    ]
  },
  "signature": "<root-signature>"
}

Field	Meaning	Current Atlas handling
`additionalType`	Declares the proof kind.	Fixed to `atlas:proofOfWork`.
`identifier.value`	The PoW nonce bound to the public key.	Validated as a 32-character hex string with `propertyID: "pow"`.
`additionalProperty`	Validity metadata.	Stores `validFrom` and `validUntil`.
`signature`	Cryptographic attestation over the proof data.	Signed with the identity private key and verifiable with the root public key.

How It Is Attached To Proofs

Atlas does not ship PoW as a standalone side channel. The proof travels in the same proofs array as the delegated-key permit, which means a verifier receives authority proof and cost proof together.

Identity Session Proof Bundle

{
  "proofs": [
    {
      "data": {
        "@type": "Permit",
        "additionalType": "atlas:delegatedKey"
      },
      "signature": "<permit-signature>"
    },
    {
      "data": {
        "@type": "Intangible",
        "additionalType": "atlas:proofOfWork"
      },
      "signature": "<pow-signature>"
    }
  ]
}

Atlas Headers With PoW

POST /envelopes HTTP/2.0
atlas-identity:  <root-public-key>
atlas-signature: t=<timestamp>; s=<delegated-signature>
atlas-proofs:    [{Permit...}, {ProofOfWork...}]

Verification

A receiver can parse the PoW proof out of the shared proof bundle, verify its signature against the identity key, read the validity window, and evaluate the achieved difficulty against local policy.

verify-pow.ts

import {
  getProofOfWorkValidity,
  parseProofOfWorkProof,
  verifyProofOfWorkSignature,
} from '@app_/crypto/proofs';
import { parseRawPublicKey } from '@app_/crypto/keys';
import { verifyPowDifficulty } from '@app_/pow';

const proof = proofs
  .map((item) => parseProofOfWorkProof(item))
  .find((item) => item !== null);

if (!proof) throw new Error('Missing PoW proof');

await verifyProofOfWorkSignature(proof, publicKey);

const { validFrom, validUntil } = getProofOfWorkValidity(proof);
const difficulty = await verifyPowDifficulty(
  parseRawPublicKey(publicKey)!,
  proof.data.identifier.value,
  validFrom,
  validUntil,
);

Why It Is Reusable

The PoW proof is portable: it is self-describing, signed, serializable in atlas-proofs, and independent of Atlas registries. Any app or network that wants lightweight anti-spam cost can adopt the same proof object and verifier behavior.