An Edit History Graph is a directed acyclic graph (DAG) that formally models the provenance of a digital asset. Unlike a simple linear log, it captures complex, non-linear derivations where multiple source assets, or ingredients, are combined through specific actions—such as compositing, cropping, or AI generation—to produce a final output. Each node represents a discrete state of an asset or an operation, while directed edges define the flow of derivation, creating a mathematically rigorous, machine-readable map of the content's entire lineage from raw capture to final publication.
Glossary
Edit History Graph

What is an Edit History Graph?
An Edit History Graph is a directed acyclic graph (DAG) that provides a visual and programmatic representation of a digital asset's complete provenance chain, mapping every ingredient and action that contributed to the final content.
This graph structure is foundational to the C2PA provenance data model, where ingredient assertions explicitly link a composite output back to its source media. By representing the edit history as a DAG, validators can programmatically traverse the chain, cryptographically verify each manifest assertion, and detect unauthorized insertions or deletions. This transforms the edit history from a fragile, strip-prone metadata tag into a robust, tamper-evident data structure that enables automated trust decisions based on the complete, verifiable context of how a piece of content came to exist.
Key Features of an Edit History Graph
An Edit History Graph provides a cryptographically verifiable, directed acyclic graph (DAG) representing the complete lineage of a digital asset. It maps every ingredient and action, from initial creation to final publication.
Directed Acyclic Graph (DAG) Structure
Unlike a simple linear chain, the Edit History Graph uses a DAG to model complex content creation. This structure allows a single output to be derived from multiple input ingredients (e.g., compositing several images) and for a single ingredient to be used in multiple outputs. The 'acyclic' property prevents circular references, ensuring a mathematically sound and resolvable provenance path from any final asset back to its root sources.
Cryptographic Integrity via Hash Chaining
Each node in the graph, representing an asset or an action, is uniquely identified by a cryptographic hash of its content and metadata. A new version's hash is computed over both the new content and the hash of its parent node(s). This forms a tamper-evident chain:
- Altering any past asset immediately changes its hash.
- This break in the chain invalidates all subsequent hashes.
- Verification of the final asset's hash confirms the integrity of the entire history.
Ingredient and Action Assertions
The graph is composed of two primary node types that tell the full story of an asset's creation:
- Ingredient Assertions: These nodes document the raw source media, such as a specific RAW photo file or a vector graphic. They are identified by their hash and can include metadata like capture device or creator.
- Action Assertions: These nodes represent operations performed on ingredients, such as
c2pa.cropped,c2pa.resized, orc2pa.color_adjusted. They record the software agent used and the parameters of the edit, making the editing process auditable.
Identity and Non-Repudiation
Actions within the graph are digitally signed by the actor (human or software agent) who performed them. This is achieved using a Claim Signature backed by an X.509 Certificate issued by a trusted Certificate Authority. This cryptographically binds a verified identity to each edit, providing non-repudiation. A verifier can trace not just what was done, but who did it and when, establishing a chain of accountability from the photographer to the final editor.
Programmatic Validation and Traversal
A Validator Engine can programmatically traverse the entire graph to verify its integrity. The process involves:
- Hash Validation: Recomputing the hash of every asset and comparing it to the recorded value.
- Signature Verification: Cryptographically verifying every Claim Signature using the signer's public key.
- Certificate Chain Check: Validating the X.509 certificate chain up to a trusted root CA.
- Revocation Check: Querying the CA to ensure the signing certificate hasn't been revoked. This automated process provides a binary, trustworthy validation result.
Distinction from Simple Version History
A standard version history (like in a wiki or Google Docs) is a linear, server-controlled log that can be altered by an administrator. An Edit History Graph is fundamentally different:
- Decentralized Verification: Integrity is proven mathematically, not by trusting a central server.
- Tamper-Evidence: Any post-hoc modification is cryptographically detectable.
- Complex Lineage: It natively models non-linear, multi-source compositions, which a simple linear log cannot represent. This makes it a forensic tool, not just a record.
Frequently Asked Questions
Clear, technical answers to the most common questions about the structure, function, and implementation of edit history graphs for content provenance.
An edit history graph is a formal, machine-readable representation of the complete provenance chain of a digital asset, structured as a Directed Acyclic Graph (DAG). It works by modeling every ingredient (source media) and action (editing operation) as a node, with directed edges representing the flow of derivation from raw inputs to the final output. Unlike a simple linear log, the DAG structure captures complex, non-linear compositions where multiple source images are blended, or a single video clip is used in multiple final renders. Each node in the graph is cryptographically hashed, and the edges are secured via digital signatures, creating a tamper-evident record. This allows a validator engine to programmatically traverse the graph, re-compute hashes, and verify that the final content is the authentic result of the claimed sequence of operations without any undeclared manipulation.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core concepts that interact with the edit history graph to form a complete content provenance architecture.
Cryptographic Hash Chain
A sequential chain of hashes linking each version of an asset to its predecessor, forming the cryptographic backbone of the edit history graph. Each node contains:
- The hash of the current asset state
- The hash of the previous node in the chain
- The action assertion describing the transformation Altering any past version immediately invalidates all subsequent hashes, making the edit history graph tamper-evident by construction. This is the same principle underlying blockchain integrity.
Action Assertion
A C2PA assertion that describes a specific operation performed on content, forming the labeled edges in the edit history graph. Each action assertion captures:
- Action type: crop, resize, filter, composite, transcode
- Software agent: The application and version that performed the action
- Parameters: Specific settings applied (e.g., resize dimensions)
- Timestamp: When the action occurred This granular documentation enables auditors to reconstruct the exact editing workflow and assess whether transformations were legitimate or deceptive.
Soft Binding vs Hard Binding
Two strategies for attaching the edit history graph to an asset, directly impacting its resilience:
- Hard Binding: The signed manifest is embedded directly into the asset's binary structure (e.g., JPEG JUMBF box). The graph travels with the file, surviving downloads and local transfers.
- Soft Binding: The manifest is stored externally as a sidecar file or cloud URL, referenced by a content hash. The graph is separable from the asset, requiring network access for verification. Hard binding is preferred for consumer-facing provenance; soft binding suits asset management systems where file size is critical.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us