How It Works

MIR Assertions is a public registry where verified organizations make cryptographically-signed statements about media files. Here's the full process.

An organization applies to become an issuer

Any organization that publishes or creates media can apply. The application includes their name, domain, and use case. Enterprise issuers verify domain ownership via DNS TXT record.

What happens

MIR reviews the application. Once approved, the issuer gets access to the Issuer Portal and API. A subscription is required to create assertions.

The issuer registers a signing key

The issuer generates a cryptographic key pair (Ed25519 or ES256). The private key stays with them. The public key is registered with MIR.

Why this matters

Only the issuer holds the private key. When they sign an assertion, anyone can verify the signature against their public key. MIR never sees the private key.

The issuer hashes their media file

Before making an assertion, the issuer computes the SHA-256 hash of the file. This produces a unique 64-character fingerprint. The file itself is never uploaded to MIR.

Example hash

sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Even a single byte change produces a completely different hash. Identical files always produce the same hash.

The issuer signs and submits an assertion

Using their private key, the issuer signs a statement about the artifact. The assertion includes the hash, the assertion type, an optional scope/context, and the cryptographic signature.

Example assertion

ISSUED_BY — "We published this press photo."

NOT_ISSUED_BY — "This deepfake video is not from us."

DISPUTE — "We dispute the existing claim on this file."

Anyone can look up the assertion

Anyone with the file (or its hash) can query MIR. Drop a file into the lookup tool — it's hashed locally in your browser, then MIR returns any matching assertions.

Verification

The lookup shows who made each assertion, when, their verification status, and the assertion type. MIR records who said what — it does not decide who is right.

Nothing is uploaded

MIR stores only 64-character hashes. Your files are hashed in your browser or on your server. Media never touches MIR infrastructure.

Assertions are permanent

Once signed, assertions cannot be edited. They can be revoked by the issuer, but the revocation is also recorded. The full history is preserved.

Conflicts are visible

If two issuers make contradictory claims about the same file, both assertions appear. MIR does not resolve disputes — it surfaces them.

Perceptual matching

For images, MIR also computes a perceptual hash. If a file has been re-encoded or lightly modified, similar-content matches can still surface.

Assertion Types

ISSUED_BY Affirm that you published or created this artifact.

NOT_ISSUED_BY Deny that this artifact came from you. Deepfake defense.

DISPUTE Challenge an existing assertion on this artifact.

ROLE_SCOPE Clarify the role or department that created this. "Marketing team, not official communications."

INTENT Declare the intended purpose. "Parody," "training material," "satire."

METHOD Disclose how this was made. "AI-generated," "human-created," "hybrid."

SUPERSEDES Replace a previous assertion. The old assertion remains on record.

Hash limitations

SHA-256 identifies byte-for-byte identical files. Any modification — even re-encoding by a social platform — produces a different hash. For best results, assert against your original file before uploading it anywhere, then share the hash or verification link alongside your post.

MIR does not decide truth

MIR records who made each assertion and verifies their identity. It does not:

Judge whether an assertion is accurate
Automatically detect fakes or AI content
Label or classify media
Remove or censor content

Look Up an Artifact Become an Issuer Browser Signer