How Sealed Works

The cryptography behind every sealed claim.

Your claim is encrypted the moment you submit it

When you seal a claim, your prediction is immediately encrypted using AES-256-GCM — the same encryption standard used by banks and governments. The original text is never stored in the database. Instead, only the encrypted ciphertext is kept, and the decryption key is held securely in an external key management service, separate from the application. Not even we can read your claim before the reveal date.

A unique fingerprint proves you wrote it first

At the same time, we generate a SHA-256 hash of your claim — a one-way cryptographic fingerprint. This hash is publicly visible from the moment you seal your claim. When the text is later revealed, anyone can verify that the revealed text produces the exact same hash, proving the claim hasn't been changed since it was sealed.

The n_once prevents guessing

A hash alone has a weakness: if someone suspects what you predicted, they could hash their guess and compare it to yours. To prevent this, we generate a random n_once — a unique, one-time value — and mix it into the hash. The formula becomes:

SHA-256("sealed:{n_once}:{your claim text}")

Without knowing the n_once, it is computationally impossible to reverse-engineer or guess-check your claim from the hash. The n_once is kept secret until reveal, then published alongside your claim so anyone can independently verify the match.

What happens at reveal

On your chosen reveal date, the system:

  1. Retrieves the encrypted ciphertext from the database
  2. Requests the decryption key from the external key management service
  3. Decrypts the original claim text
  4. Verifies the text against the stored hash and n_once
  5. Publishes the claim, hash, and n_once together

If any step fails the integrity check — if even a single character doesn't match — the claim is not revealed. This guarantees that what you read is exactly what was originally sealed.

Why this matters

Traditional predictions are easy to fake after the fact. Sealed makes that impossible. Your claim is encrypted so no one can read it early, hashed so no one can change it, and verified so everyone can confirm it's authentic. The cryptography doesn't require you to trust us — it's independently verifiable by anyone.

How to verify a claim

You can independently verify any revealed claim in a few steps:

  1. Copy the revealed claim text exactly as shown.
  2. Copy the published n_once and SHA-256 hash.
  3. Build this exact string:
    sealed:<n_once>:<claim_text>
  4. Run:
    printf 'sealed:<n_once>:<claim_text>' | shasum -a 256
  5. Compare the output to the hash shown on the claim page. If they match, the revealed claim is exactly what was sealed.