Back to verification

Hedera-anchored verification

How verification works

Hedera is a distributed consensus network. ProofLayer uses Hedera Consensus Service as a tamper-resistant, ordered, timestamped proof log.

What ProofLayer verifies

ProofLayer checks whether an issuer record exists, whether the credential is currently valid or revoked, whether the original PDF hash matches when a PDF is uploaded, and whether the credential lifecycle has an HCS proof event.

New verification QR codes and verified PDFs carry portable proof coordinates: Hedera network, HCS topic ID, sequence number, and the expected SHA-256 document hash. Those coordinates let a verifier inspect the consensus-anchored proof without depending on the ProofLayer hosted app.

HCS topic ID

The topic ID identifies the Hedera Consensus Service topic used by the issuer as an ordered proof log.

Sequence number

The sequence number identifies the ordered position of a proof event inside that HCS topic.

Document hash

The document hash is the SHA-256 fingerprint of the original issuer PDF. It is the integrity proof for document upload verification.

Inspecting proof coordinates independently

A QR verification URL may include the credential ID, Hedera network, HCS topic ID, sequence number, and original PDF hash. A verifier can compare those coordinates with the public verification result and, when mirror-node access is available, inspect the HCS proof event at that topic and sequence.

Verified PDFs are derived copies with a ProofLayer cover page, QR code, preserved original pages, and a technical appendix. Their file hash may differ from the original issuer PDF, so QR-based verification is preferred for verified PDFs.

Mirror node verification

  1. 1. Compute the SHA-256 hash of the original credential PDF.
  2. 2. Read the proof coordinates from the QR code, verification URL, or verified PDF cover/appendix.
  3. 3. Query the Hedera mirror node for the HCS message at the topic and sequence number.
  4. 4. Base64-decode the message payload if the mirror node returns it encoded.
  5. 5. Confirm the message has action = ISSUE, the same credential ID, and the same document hash.
# Testnet
curl "https://testnet.mirrornode.hedera.com/api/v1/topics/{topicId}/messages/{sequenceNumber}"

# Mainnet
curl "https://mainnet-public.mirrornode.hedera.com/api/v1/topics/{topicId}/messages/{sequenceNumber}"

Revocation is checked by ProofLayer using issuer records, status-list data when available, and later HCS revocation proof events. Independent verifiers can inspect later topic messages for a matching REVOKE event; scalable independent revocation checking improves further when status lists are broadly available.

Limitations

Independent verification proves that a PDF hash matches a public HCS proof event at the supplied coordinates. It does not reveal private recipient details, and it does not by itself prove that no later revocation event exists unless the verifier also checks later events or a trusted status list.