🔐 Cryptographic Verification Guide

Understanding Dorsium's Bulletproof Audit Trail System

0. Understanding Pre-Mainnet vs Mainnet

🔄 Dorsium's Two-Phase Approach

Dorsium is currently in pre-mainnet development. This section explains our transparent centralization during bootstrap and the path to full decentralization.

📍 Current System (Pre-Mainnet)

✅ Deterministic backend scripts (Node.js/TypeScript)
✅ Publicly verifiable calculation formulas
✅ SHA-256 audit trail for every transaction
✅ Open-source logic (anyone can verify)
⚠️ Centralized database (Dorsium OÜ operated)
⚠️ Trust required: honest execution by operator

🚀 Future System (Post-Mainnet, Q1 2026)

✅ On-chain smart contracts (decentralized)
✅ Validator consensus (distributed execution)
✅ True immutability (blockchain guarantees)
✅ Zero trust required (code is law)

💡 Why This Approach?

Dorsium chose transparent centralization during bootstrap over taking venture capital or launching with incomplete infrastructure. This allows community building and development without external investors, preserving the project's decentralized future.

Key principle: Better to be honestly centralized during development than falsely claim decentralization before mainnet.

For complete details, see our Whitepaper - Pre-Mainnet Trust Model.

1. What is Cryptographic Hashing?

Imagine taking a fingerprint of a document - but this fingerprint is so unique that even changing a single letter creates a completely different fingerprint. That's cryptographic hashing.

SHA-256 in Action

"Hello World"

↓

a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e

"Hello World!" (added !)

↓

7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069

Notice how adding just one exclamation mark completely changes the hash? This makes it impossible to fake or tamper with data without detection.

🔍 Real-World Analogy

Think of SHA-256 like a ultra-secure DNA test for digital files. Just as every person has unique DNA, every file has a unique hash. And just like you can't fake someone's DNA, you can't fake a SHA-256 hash.

Unique: The chance of two different files having the same hash is astronomically small (1 in 2^256 - that's more than the number of atoms in the universe!)
One-way: You can create a hash from a file, but you can't recreate the file from the hash
Deterministic: The same file always produces the same hash

2. The Dorsium Audit Trail System

Why We Record Everything

Every reward calculation in Dorsium's pre-mainnet system creates a cryptographically verifiable audit trail. While the database is centralized during bootstrap, SHA-256 hashing makes tampering detectable. Any modification to past records would change the hash, immediately revealing the alteration.

Post-mainnet migration (Q1 2026): All balances and transactions will be migrated to true blockchain immutability with on-chain smart contracts.

📝

Contract Executes

User action triggers smart contract

→

📊

Audit Generated

Detailed record created with timestamps

→

🔐

Hash Created

SHA-256 fingerprint generated

→

💾

Stored Forever

Permanent, verifiable record

How Referral Contracts Work

Trigger: New user signs up with a referral code
Execution: Deterministic backend script calculates rewards using published formulas
Recording: Contract creates detailed audit trail including:
- Referrer and referred user (masked for privacy)
- Campaign details and rewards
- Exact timestamp of execution
- Contract version and parameters
Hashing: Complete audit trail is hashed with SHA-256
Storage: Hash stored in database, audit files in decentralized storage

🛡️ The Immutability Principle

Once created, an audit trail can never be modified. Any attempt to change even a single character would create a different hash, immediately revealing the tampering. This is the mathematical guarantee that makes our system trustworthy.

3. Three Layers of Verification

🔐

File Hash

Complete File Integrity

Verifies that the entire audit file (JSON or Markdown) hasn't been modified since creation. This is your first line of defense against tampering.

Technical: SHA-256 hash of the complete file contents

📝

Unmasked Hash

Raw Contract Execution Proof

The original, unmodified record of the smart contract execution. Contains all details including actual user IDs. This proves the exact contract execution.

Technical: SHA-256 hash of the original audit trail text

👤

Masked Hash

Privacy-Preserving Verification

Same audit trail but with user IDs hidden for privacy. Allows public verification while protecting user identities. Same mathematical proof, enhanced privacy.

Technical: SHA-256 hash of the privacy-masked audit trail

Verification Matrix

Hash Type	What It Proves	Who Can Verify	Privacy Level
File Hash	File integrity	Anyone	Public
Unmasked Hash	Exact execution	Authorized users	Private
Masked Hash	Contract validity	Anyone	Public

4. How to Manually Verify

Step-by-Step Verification Guide

Step 1: Get the Audit File

Download the audit file from the Off-Chain Explorer by clicking the "View" or "JSON" button.

Example file: audit_referral_2024-01-15_abc123.json

Step 2: Calculate SHA-256 Hash

Use one of these methods to calculate the hash:

Option A: Online Calculator

Visit a SHA-256 calculator (e.g., emn178.github.io/online-tools/sha256_checksum.html)
Upload your audit file or paste its contents
Click "Calculate"
Copy the resulting hash

Option B: Command Line (Linux/Mac)

shasum -a 256 audit_referral_2024-01-15_abc123.json

Option C: Command Line (Windows)

certutil -hashfile audit_referral_2024-01-15_abc123.json SHA256

Step 3: Compare with Stored Hash

Compare your calculated hash with the one shown in the Off-Chain Explorer. They must match exactly - every character must be identical.

Your Calculated Hash:a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e

Stored Hash in Explorer:a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e

✅ MATCH! File is authentic and unmodified

🔬 Live Example

Try it yourself with this sample audit data:

{
  "audit_type": "REFERRAL",
  "timestamp": "2024-01-15T10:30:00Z",
  "referrer": "USER_MASKED_123",
  "referred": "USER_MASKED_456",
  "campaign": "early_adopter",
  "reward": "10 dPOINT",
  "status": "completed"
}

This exact text produces hash:
f9e0c7b3186662940185a7a84ad8c192ffa36afbf86e4d27d34216a7b68f1276

Copy this JSON and verify it yourself using any SHA-256 calculator!

5. Why This Matters

🔍

Transparency in Blockchain

While Dorsium operates off-chain for efficiency, we maintain blockchain-level transparency. Every action is recorded, hashed, and made publicly verifiable. You don't need to trust us - you can verify everything yourself.

🛡️

Protection Against Manipulation

No one - not even Dorsium administrators - can alter historical records without detection. This protects users from fraud, ensures fair reward distribution, and maintains the integrity of our referral system.

🤝

Building Trust Through Mathematics

Trust isn't based on promises - it's based on mathematical proof. SHA-256 is used by Bitcoin, governments, and banks worldwide. It's battle-tested, quantum-resistant (for now), and universally accepted as secure.

Real-World Impact

For Users: Guaranteed fair treatment, verifiable rewards, and protection from tampering
For Partners: Auditable trail for compliance, transparent operations, and trustworthy data
For the Ecosystem: Sets a new standard for transparency in off-chain blockchain projects

6. Technical Details+

Deep dive into the cryptographic implementation

Ready to Verify?

Start exploring our transparent audit trail system

🔍 Open Explorer