{
  "path": "/3m33j64dxgs2q",
  "site": "at://did:plc:cbkjy5n7bk3ax2wplmtjofq2/site.standard.publication/3lqpqvbdoas2z",
  "$type": "site.standard.document",
  "title": "Unforgeable Endorsements Technical Deep-Dive",
  "content": {
    "$type": "pub.leaflet.content",
    "pages": [
      {
        "$type": "pub.leaflet.pages.linearDocument",
        "blocks": [
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 112,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#italic"
                    }
                  ]
                },
                {
                  "index": {
                    "byteEnd": 144,
                    "byteStart": 112
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#italic"
                    },
                    {
                      "uri": "https://ngerakines.leaflet.pub/3m326qo4w522w",
                      "$type": "pub.leaflet.richtext.facet#link"
                    }
                  ]
                }
              ],
              "plaintext": "This is Part 2 of our technical deep-dive into building cryptographically-verified endorsements on ATProtocol. Read Part 1 for the overview →"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "In Part 1, we explored the high-level architecture of our two-record endorsement system. Now let's dive into the implementation details that make this system cryptographically unforgeable."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Content Identifiers: The Cryptographic Foundation"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 77,
                    "byteStart": 51
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "At the heart of our system is ATProtocol's use of Content Identifiers (CIDs). A CID is like a fingerprint of your data—but way better. Traditional database IDs are arbitrary numbers assigned by a central authority. CIDs are cryptographic hashes computed from the content itself. Same content always produces same CID. Different content produces different CID. And here's the kicker: it's computationally infeasible to create fake content that matches a given CID."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Step-by-Step CID Computation"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Here's exactly how ATProtocol computes a CID for an endorsement record:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "plaintext",
              "plaintext": "Step 1: Serialize to DAG-CBOR\nRecord data → Deterministic binary format\n{\n  \"$type\": \"place.atwork.endorsement\",\n  \"giver\": \"did:plc:alice123\",\n  \"receiver\": \"did:plc:bob456\",\n  \"text\": \"Bob designed our microservices platform...\",\n  \"createdAt\": \"2025-10-12T14:30:00Z\"\n}\n→ [binary DAG-CBOR bytes]\n\nStep 2: Hash with SHA-256\nBinary bytes → 32-byte hash digest\n→ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n\nStep 3: Create Multihash\nHash + algorithm ID + length\n→ 0x12 (SHA-256) + 0x20 (32 bytes) + digest\n\nStep 4: Add Codec and Version\n→ 0x01 (CIDv1) + 0x71 (dag-cbor) + multihash\n\nStep 5: Encode to Base32\n→ \"bafyreib7h3j2ixgz4e5b...\"\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 20,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "The critical insight: Step 1 uses DAG-CBOR, a deterministic serialization format. This means everyone who serializes the same data structure gets the exact same bytes. If serialization were non-deterministic (like standard JSON where key ordering can vary), different people computing the CID would get different results."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Why Signatures Are Excluded"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 81,
                    "byteStart": 36
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Here's a subtle but crucial point: the CID is computed from the unsigned content. Signatures are stored separately in ATProtocol's repository structure."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Think about why. If signatures were included in the content before CID computation, you'd have a chicken-and-egg problem:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.unorderedList",
              "children": [
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "To sign the data, you need to know what you're signing"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "The data includes the CID"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "But the CID depends on the signature"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Which depends on the data..."
                  },
                  "children": []
                }
              ]
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 31,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Infinite loop, system explodes. Instead, ATProtocol separates concerns:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.unorderedList",
              "children": [
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Compute CID from canonical unsigned content"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Sign the CID (or the bytes that produced it)"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Store signature in repository metadata"
                  },
                  "children": []
                }
              ]
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Implementation: The Complete Workflow"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Let's implement the complete endorsement lifecycle with actual code."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Phase 1: Draft Creation (Application State)"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// In Alice's app - create draft in application database (not PDS yet)\ndraft = {\n  id: \"01JBCDEF...\",  // ULID\n  giver: \"did:plc:alice123\",\n  receiver: \"did:plc:bob456\",\n  text: \"Bob designed our entire microservices platform...\",\n  status: \"drafting\",\n  proof_aturi: null,\n  proof_cid: null,\n  created_at: \"2025-10-12T14:30:00Z\"\n}\n\n// Store in application database, NOT published to PDS yet\nawait storage.createEndorsementDraft(draft)\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Nothing is on ATProtocol yet. The draft exists only in the application's database."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Phase 2: Giver Finalizes with Cryptographic Commitment"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// 1. Compute CID of endorsement content (without signatures)\nendorsementContent = {\n  giver: draft.giver,\n  receiver: draft.receiver,\n  text: draft.text,\n  createdAt: draft.created_at\n}\nproof_cid = computeEndorsementCID(endorsementContent)\n\n// 2. Create proof record in Alice's PDS\nproofURI = await createRecord({\n  repo: \"did:plc:alice123\",\n  collection: \"place.atwork.endorsementProof\",\n  record: {\n    cid: proof_cid\n  }\n})\n\n// This triggers:\n// 1. Proof record serialized to DAG-CBOR\n// 2. Added to Alice's repository Merkle tree\n// 3. New commit signed by Alice\n// 4. Broadcast to ATProtocol firehose\n\n// 3. Update draft to mark as \"drafted\" with proof info\ndraft.status = \"drafted\"\ndraft.proof_aturi = proofURI\ndraft.proof_cid = proof_cid\nawait storage.updateEndorsementDraft(draft)\n\n// 4. Notify Bob (via app-specific mechanism)\nsendNotification(bob, {\n  type: \"endorsement_received\",\n  from: alice,\n  draft_id: draft.id\n})\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Phase 3: Receiver Reviews and Accepts"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// 1. Bob creates the endorsement record in his PDS (receiver's repo)\nendorsementURI = await createRecord({\n  repo: \"did:plc:bob456\",\n  collection: \"place.atwork.endorsement\",\n  record: {\n    giver: \"did:plc:alice123\",\n    receiver: \"did:plc:bob456\",\n    text: \"Bob designed our entire microservices platform...\",\n    createdAt: \"2025-10-12T14:30:00Z\",\n    signatures: [{\n      uri: draft.proof_aturi,  // Alice's proof AT-URI\n      cid: draft.proof_cid     // Alice's proof CID\n    }]\n  }\n})\n\n// This triggers:\n// 1. Endorsement serialized to DAG-CBOR\n// 2. Added to Bob's repository Merkle tree\n// 3. New commit signed by Bob\n// 4. Broadcast to ATProtocol firehose\n\n// 2. Delete the draft (no longer needed)\nawait storage.deleteEndorsementDraft(draft.id)\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "The Validation Algorithm"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "When someone claims \"Here's Bob's endorsement with Alice's proof,\" here's the complete validation implementation:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "function validateEndorsement(endorsementRecord, proofRecord):\n  // 1. Extract the proof CID from Bob's endorsement signatures field\n  proofStrongRef = endorsementRecord.signatures[0]\n  expectedCID = proofStrongRef.cid\n\n  // 2. Recompute CID from endorsement content (without signatures)\n  endorsementContent = {\n    giver: endorsementRecord.giver,\n    receiver: endorsementRecord.receiver,\n    text: endorsementRecord.text,\n    createdAt: endorsementRecord.createdAt\n  }\n  canonicalBytes = encodeDagCBOR(endorsementContent)\n  computedHash = sha256(canonicalBytes)\n  computedCID = createCID(computedHash)\n\n  // 3. Verify it matches Alice's proof CID\n  if computedCID != proofRecord.cid:\n    return INVALID(\"Proof CID doesn't match computed endorsement CID\")\n\n  // 4. Verify it matches what Bob referenced\n  if computedCID != expectedCID:\n    return INVALID(\"Bob's reference doesn't match Alice's proof\")\n\n  // 5. Verify signatures in ATProtocol repositories\n  if !verifyRepoSignature(aliceRepo, proofRecord):\n    return INVALID(\"Alice's proof signature invalid\")\n\n  if !verifyRepoSignature(bobRepo, endorsementRecord):\n    return INVALID(\"Bob's endorsement signature invalid\")\n\n  return VALID\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Asynchronous Validation via Firehose"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Your app subscribes to the firehose and processes events in real-time:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// Firehose subscription handler\nonFirehoseCommit(event):\n  if event.collection == \"place.atwork.endorsement\":\n    // New endorsement created by receiver\n    endorsement = event.record\n\n    // Extract the proof reference from signatures\n    if endorsement.signatures and endorsement.signatures.length > 0:\n      proofRef = endorsement.signatures[0]\n\n      // Fetch proof record from giver's PDS\n      proof = await fetchRecord(proofRef.uri)\n\n      // Validate the cryptographic chain\n      if validateEndorsement(endorsement, proof):\n        // Update local database to mark as verified\n        db.createOrUpdateEndorsement({\n          aturi: event.uri,\n          giver: endorsement.giver,\n          receiver: endorsement.receiver,\n          text: endorsement.text,\n          validation_state: \"valid\",\n          proof_uri: proofRef.uri,\n          validated_at: now()\n        })\n\n  if event.collection == \"place.atwork.endorsementProof\":\n    // New proof created by giver\n    proof = event.record\n\n    // Store proof for later validation when endorsement is created\n    db.createEndorsementProof({\n      aturi: event.uri,\n      giver_did: event.repo,\n      cid: proof.cid,\n      created_at: now()\n    })\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Record Updates and Re-Validation"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "ATProtocol repositories are mutable, but endorsement records should be immutable by design. If Alice updates her proof to commit to different content:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// Original proof\nawait createRecord({\n  repo: \"did:plc:alice123\",\n  collection: \"place.atwork.endorsementProof\",\n  record: {\n    cid: \"bafyreiabc...\"  // CID of original endorsement content\n  }\n})\n\n// Later, Alice tries to \"update\" it\nawait updateRecord({\n  repo: \"did:plc:alice123\",\n  collection: \"place.atwork.endorsementProof\",\n  rkey: proofRecordKey,\n  record: {\n    cid: \"bafyreixyz...\"  // Different CID\n  }\n})\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "This breaks validation. Bob's endorsement still references the old proof CID. Apps will see the mismatch and mark the endorsement as invalid."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Re-Validation Implementation"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "function revalidateEndorsement(endorsementRecord):\n  // 1. Get the proof reference from endorsement\n  if !endorsementRecord.signatures or endorsementRecord.signatures.length == 0:\n    return \"INVALID\"  // No proof signature\n\n  proofRef = endorsementRecord.signatures[0]\n\n  // 2. Fetch latest proof from giver's repo\n  latestProof = await fetchLatestRecord(proofRef.uri)\n\n  if !latestProof:\n    return \"INVALID\"  // Proof was deleted\n\n  // 3. Compute CID from endorsement content (without signatures)\n  endorsementContent = {\n    giver: endorsementRecord.giver,\n    receiver: endorsementRecord.receiver,\n    text: endorsementRecord.text,\n    createdAt: endorsementRecord.createdAt\n  }\n  computedCID = computeEndorsementCID(endorsementContent)\n\n  // 4. Verify proof CID matches computed CID\n  if computedCID != latestProof.cid:\n    return \"INVALID\"  // Proof doesn't commit to this content\n\n  // 5. Verify proof CID matches what endorsement references\n  if computedCID != proofRef.cid:\n    return \"INVALID\"  // Reference mismatch\n\n  return \"VALID\"\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Validation State Machine"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "plaintext",
              "plaintext": "ValidationStates:\n  DRAFT     - Created by giver, not published\n  PENDING   - Published, awaiting receiver proof\n  VALID     - Both records exist, CIDs match, signatures valid\n  INVALID   - CID mismatch or missing records\n  REJECTED  - Receiver explicitly rejected\n  DELETED   - One or both parties deleted records\n\nState Transitions:\n  DRAFT → (publish) → PENDING\n  PENDING → (proof created) → VALID\n  PENDING → (explicit rejection) → REJECTED\n  VALID → (proof deleted) → INVALID\n  VALID → (endorsement deleted) → DELETED\n  INVALID → (re-validation succeeds) → VALID\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Security Analysis: Attack Scenarios"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Let's examine each attack vector in detail:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Forgery Attack"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 7,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Attempt: Eve creates a fake proof claiming Alice endorsed Bob."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 22,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Implementation defense:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// Attack fails at validation\nif proofRecord.repo != endorsement.giver:\n  return INVALID(\"Proof not from claimed giver\")\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Repudiation Attack"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 7,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Attempt: Alice creates a proof, then claims she never did."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 22,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Implementation defense:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// Proof was broadcast and cached\ncachedProof = db.getProof(proofURI)\nif cachedProof && verifySignature(cachedProof, aliceDID):\n  // Mathematical proof Alice created it\n  return PROVEN_AUTHORSHIP\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Modification Attack"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 7,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Attempt: Eve modifies endorsement text after Alice's proof."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 22,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Implementation defense:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// Any modification changes the CID\noriginalCID = computeCID(originalContent)\nmodifiedCID = computeCID(modifiedContent)\n// originalCID != modifiedCID\n// Validation fails\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Man-in-the-Middle"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 7,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Attempt: Eve intercepts and modifies Alice's proof."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 22,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Implementation defense:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.unorderedList",
              "children": [
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Proof is in Alice's signed repository"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Repository commits are cryptographically signed"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Modification invalidates signature chain"
                  },
                  "children": []
                }
              ]
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 3,
              "facets": [],
              "plaintext": "Replay Attack"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 7,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Attempt: Eve reuses Alice's proof for different receiver."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [
                {
                  "index": {
                    "byteEnd": 22,
                    "byteStart": 0
                  },
                  "features": [
                    {
                      "$type": "pub.leaflet.richtext.facet#bold"
                    }
                  ]
                }
              ],
              "plaintext": "Implementation defense:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "javascript",
              "plaintext": "// CID includes receiver DID\ncontent = {\n  giver: \"did:plc:alice123\",\n  receiver: \"did:plc:bob456\",  // Bound to Bob\n  text: \"...\"\n}\n// Can't change receiver without invalidating CID\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Lexicon Definitions"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "Here are the complete lexicon definitions for implementation:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.code",
              "language": "json",
              "plaintext": "// place.atwork.endorsementProof\n{\n  \"lexicon\": 1,\n  \"id\": \"place.atwork.endorsementProof\",\n  \"defs\": {\n    \"main\": {\n      \"type\": \"record\",\n      \"key\": \"literal:self\",\n      \"record\": {\n        \"type\": \"object\",\n        \"required\": [\"cid\"],\n        \"properties\": {\n          \"cid\": {\n            \"type\": \"string\",\n            \"description\": \"CID of the endorsement content\"\n          }\n        }\n      }\n    }\n  }\n}\n\n// place.atwork.endorsement\n{\n  \"lexicon\": 1,\n  \"id\": \"place.atwork.endorsement\",\n  \"defs\": {\n    \"main\": {\n      \"type\": \"record\",\n      \"key\": \"literal:self\",\n      \"record\": {\n        \"type\": \"object\",\n        \"required\": [\"giver\", \"receiver\", \"text\", \"createdAt\", \"signatures\"],\n        \"properties\": {\n          \"giver\": {\n            \"type\": \"string\",\n            \"format\": \"did\"\n          },\n          \"receiver\": {\n            \"type\": \"string\",\n            \"format\": \"did\"\n          },\n          \"text\": {\n            \"type\": \"string\",\n            \"maxLength\": 10000\n          },\n          \"createdAt\": {\n            \"type\": \"string\",\n            \"format\": \"datetime\"\n          },\n          \"signatures\": {\n            \"type\": \"array\",\n            \"items\": {\n              \"type\": \"ref\",\n              \"ref\": \"com.atproto.repo.strongRef\"\n            }\n          }\n        }\n      }\n    }\n  }\n}\n"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.header",
              "level": 2,
              "facets": [],
              "plaintext": "Conclusion"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "We've built a system where cryptographic math, not corporate databases, determines truth. The two-record architecture with CID-based mutual attestation creates unforgeable professional endorsements on fully decentralized infrastructure."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "The key insights:"
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.unorderedList",
              "children": [
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Content addressing (CIDs) creates unforgeable commitments"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Two-record separation enables asynchronous consent"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Firehose architecture allows autonomous validation"
                  },
                  "children": []
                },
                {
                  "$type": "pub.leaflet.blocks.unorderedList#listItem",
                  "content": {
                    "$type": "pub.leaflet.blocks.text",
                    "facets": [],
                    "plaintext": "Repository signatures provide cryptographic proof of authorship"
                  },
                  "children": []
                }
              ]
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "This pattern extends beyond endorsements to any scenario requiring mutual attestation: contracts, credentials, reviews, verifications. ATProtocol provides the primitives—now build something where nobody can forge or deny what happened."
            }
          },
          {
            "$type": "pub.leaflet.pages.linearDocument#block",
            "block": {
              "$type": "pub.leaflet.blocks.text",
              "facets": [],
              "plaintext": "The future of professional reputation is cryptographically-verified and radically decentralized. The code is the specification. The math is the truth."
            }
          }
        ]
      }
    ]
  },
  "description": "Deep technical implementation of the unforgeable endorsement system. Covers step-by-step CID computation, complete code for the endorsement workflow, validation algorithms, firehose event processing, and detailed security analysis of attack vectors. Includes working code examples, lexicon definitions, and the cryptographic mechanisms that make forgery mathematically impossible.",
  "publishedAt": "2025-10-13T15:18:38.575Z"
}