Inferensys

Glossary

Edit History Graph

A visual or programmatic representation of the provenance chain, showing a directed acyclic graph of ingredients and actions that resulted in the final digital content.
Supply chain manager using AI negotiator on laptop, supplier data visible, casual office afternoon setup.
PROVENANCE DATA STRUCTURE

What is an Edit History Graph?

An Edit History Graph is a directed acyclic graph (DAG) that provides a visual and programmatic representation of a digital asset's complete provenance chain, mapping every ingredient and action that contributed to the final content.

An Edit History Graph is a directed acyclic graph (DAG) that formally models the provenance of a digital asset. Unlike a simple linear log, it captures complex, non-linear derivations where multiple source assets, or ingredients, are combined through specific actions—such as compositing, cropping, or AI generation—to produce a final output. Each node represents a discrete state of an asset or an operation, while directed edges define the flow of derivation, creating a mathematically rigorous, machine-readable map of the content's entire lineage from raw capture to final publication.

This graph structure is foundational to the C2PA provenance data model, where ingredient assertions explicitly link a composite output back to its source media. By representing the edit history as a DAG, validators can programmatically traverse the chain, cryptographically verify each manifest assertion, and detect unauthorized insertions or deletions. This transforms the edit history from a fragile, strip-prone metadata tag into a robust, tamper-evident data structure that enables automated trust decisions based on the complete, verifiable context of how a piece of content came to exist.

PROVENANCE ARCHITECTURE

Key Features of an Edit History Graph

An Edit History Graph provides a cryptographically verifiable, directed acyclic graph (DAG) representing the complete lineage of a digital asset. It maps every ingredient and action, from initial creation to final publication.

01

Directed Acyclic Graph (DAG) Structure

Unlike a simple linear chain, the Edit History Graph uses a DAG to model complex content creation. This structure allows a single output to be derived from multiple input ingredients (e.g., compositing several images) and for a single ingredient to be used in multiple outputs. The 'acyclic' property prevents circular references, ensuring a mathematically sound and resolvable provenance path from any final asset back to its root sources.

02

Cryptographic Integrity via Hash Chaining

Each node in the graph, representing an asset or an action, is uniquely identified by a cryptographic hash of its content and metadata. A new version's hash is computed over both the new content and the hash of its parent node(s). This forms a tamper-evident chain:

  • Altering any past asset immediately changes its hash.
  • This break in the chain invalidates all subsequent hashes.
  • Verification of the final asset's hash confirms the integrity of the entire history.
03

Ingredient and Action Assertions

The graph is composed of two primary node types that tell the full story of an asset's creation:

  • Ingredient Assertions: These nodes document the raw source media, such as a specific RAW photo file or a vector graphic. They are identified by their hash and can include metadata like capture device or creator.
  • Action Assertions: These nodes represent operations performed on ingredients, such as c2pa.cropped, c2pa.resized, or c2pa.color_adjusted. They record the software agent used and the parameters of the edit, making the editing process auditable.
04

Identity and Non-Repudiation

Actions within the graph are digitally signed by the actor (human or software agent) who performed them. This is achieved using a Claim Signature backed by an X.509 Certificate issued by a trusted Certificate Authority. This cryptographically binds a verified identity to each edit, providing non-repudiation. A verifier can trace not just what was done, but who did it and when, establishing a chain of accountability from the photographer to the final editor.

05

Programmatic Validation and Traversal

A Validator Engine can programmatically traverse the entire graph to verify its integrity. The process involves:

  • Hash Validation: Recomputing the hash of every asset and comparing it to the recorded value.
  • Signature Verification: Cryptographically verifying every Claim Signature using the signer's public key.
  • Certificate Chain Check: Validating the X.509 certificate chain up to a trusted root CA.
  • Revocation Check: Querying the CA to ensure the signing certificate hasn't been revoked. This automated process provides a binary, trustworthy validation result.
06

Distinction from Simple Version History

A standard version history (like in a wiki or Google Docs) is a linear, server-controlled log that can be altered by an administrator. An Edit History Graph is fundamentally different:

  • Decentralized Verification: Integrity is proven mathematically, not by trusting a central server.
  • Tamper-Evidence: Any post-hoc modification is cryptographically detectable.
  • Complex Lineage: It natively models non-linear, multi-source compositions, which a simple linear log cannot represent. This makes it a forensic tool, not just a record.
EDIT HISTORY GRAPH

Frequently Asked Questions

Clear, technical answers to the most common questions about the structure, function, and implementation of edit history graphs for content provenance.

An edit history graph is a formal, machine-readable representation of the complete provenance chain of a digital asset, structured as a Directed Acyclic Graph (DAG). It works by modeling every ingredient (source media) and action (editing operation) as a node, with directed edges representing the flow of derivation from raw inputs to the final output. Unlike a simple linear log, the DAG structure captures complex, non-linear compositions where multiple source images are blended, or a single video clip is used in multiple final renders. Each node in the graph is cryptographically hashed, and the edges are secured via digital signatures, creating a tamper-evident record. This allows a validator engine to programmatically traverse the graph, re-compute hashes, and verify that the final content is the authentic result of the claimed sequence of operations without any undeclared manipulation.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.