Koryu
← Research library
Research · 研究 · 06 · Proof

Screenshots ask for trust. Hashes make it unnecessary.

13 Jul 20266 min readMethodologyKoryu Research

Attestation proves WHEN something was published and that it was not altered afterward. It does not prove the content was smart, profitable, or complete, and it cannot reach back before the chain began. Those limits are part of the design and stated plainly below. Nothing here is investment advice. Decisions are yours.

Crypto invented cryptographic commitment schemes, then built a signal industry that runs on screenshots. The embarrassing truth of this market is that the technology to make every performance claim checkable has existed the whole time, costs nearly nothing, and is used by almost nobody whose income depends on their track record looking good. Here is how we use it, in enough detail that you can check us, and check anyone.

The three exploits of an unverifiable record

Any performance history you cannot independently verify has three classic attacks, and all three are endemic in this market. Backdating: write the call after the outcome is known, then present it as foresight. Revision: quietly edit or delete the entries that aged badly, leaving a curated remainder. Survivor curation: run many parallel feeds, channels, model versions, or accounts, then market whichever one got lucky, an old newsletter scam reborn at internet scale. None of these require sophistication, only an editable medium and an incentive, and every Telegram channel, Discord, and self-hosted dashboard is an editable medium. The countermeasure must therefore make editing DETECTABLE by outsiders, not merely promise it will not happen.

The mechanism, concretely

Commit-reveal does this with two moves and one mathematical fact. The fact: a cryptographic hash function like SHA-256 converts any input into a fixed 64-character fingerprint, such that changing even one character of the input produces a completely different fingerprint, and no known method exists to craft a different input matching a given fingerprint. Hash the sentence "the dial reads RISK-ON" and you get one fingerprint; change a single letter and every character of the output scrambles. That asymmetry, trivial to compute forward, infeasible to forge backward, is the entire trust engine.

Move one, the commit: at publication time each day, 00:05 UTC, we serialize the day's full snapshot, every monitor row, the regime dial state, the timestamps, into one canonical byte string with a fixed field order, and publish its SHA-256 hash to a public, append-only log immediately. Move two, the reveal: the full snapshot itself is published after a fixed delay. Anyone can then recompute the hash of the revealed data and compare it with the fingerprint committed earlier. A match proves the revealed content is byte-for-byte what existed at commit time. A mismatch would be public, permanent, and ours to wear.

The chain and the anchor

Two reinforcements close the remaining holes. First, chaining: each day's committed record includes the previous day's hash, so the log is a linked chain in which rewriting any historical day would force rewriting every subsequent day, in a log whose copies live in public version control we do not exclusively hold. Second, external time anchoring: our log's timestamps are ultimately our claim, so each commitment is additionally stamped via OpenTimestamps, which aggregates hashes into the Bitcoin blockchain. That makes "this fingerprint existed by this date" verifiable against the most expensive clock humanity runs, rather than against our infrastructure or our word. The marginal cost of all of this rounds to zero, which is worth remembering whenever a provider explains why they could not possibly offer it.

The threat model, attack by attack

Walk the exploits against the machinery. Backdating a call: impossible to hide, because the call's hash would be absent from the chain and the OpenTimestamps proof for its claimed date. Editing a published day: detectable by anyone recomputing the revealed snapshot's hash against the commitment. Deleting a bad day: visible as a hole in the chain, since day N+1 commits to day N's hash. Running parallel versions and keeping the winner: the chain is singular and public; a second chain would have to have been published, in public, from its own day one, which is no longer curation but honest parallel publication. Replacing the whole history: breaks every OpenTimestamps anchor at once. The design goal is not that cheating is forbidden. It is that cheating is LOUD.

What it cannot do

Honesty about limits, because attestation marketing can itself become a costume. It proves nothing about quality: a perfectly attested chain of mediocre measurements is still mediocre, which is why quality has its own separate machinery of validation gates, per measurement vs advice. It cannot reach backward: our chain proves nothing about any day before it began, and no one else's retroactive claims gain credibility from the technique either. And it does not prevent cherry-picked COMMENTARY on top of honest data; it only guarantees the underlying record is intact for you to check the commentary against. Separating truthfulness from quality is a feature: you should never have to take both on the same faith.

Why attest a board that predicts nothing

Two reasons. First, the regime dial's entire value is its provable history: the claim "this fixed formula, published on this date, read RISK-OFF through that stretch" only means something if the formula and its daily readings demonstrably predate the outcomes, and every day on the chain extends that record, per the regime-dial methodology. Second, infrastructure: when our derivation program's strategy candidates enter their public paper period, their daily outputs will ride this same attestation lane, and the lane will already be long, boring, and battle-tested. Trust compounds. We started the compounding before we had anything to sell, which is the only time starting it is fully credible.

Verify a day yourself

The procedure, end to end. Pick any date from the public log. Download that day's revealed snapshot file and its committed hash entry. Recompute the snapshot's SHA-256 with any tool you trust, your operating system ships one, and compare it with the committed fingerprint. Check that the entry embeds the previous day's hash, confirming the chain. Then verify the OpenTimestamps proof against Bitcoin to confirm the commitment's age independently of us. Total time, a few minutes; required trust in this site, none. That last number is the product. Everything else on these pages is commentary on top of it, and what you do with any of it is your decision.

Related reading
MethodologyThe transplant experiment: running a stock engine on crypto, in full7 min readMethodologyThe crypto graveyard problem: why every backtest you've seen is survivor-biased6 min readThe systemThe Momentum Monitor methodology: every formula on the board6 min read
Frequently asked

What is commit-reveal attestation?

A two-step scheme: at publication time, the SHA-256 hash of the full content is committed to a public, append-only log; the content itself is revealed later. Anyone can recompute the revealed content's hash and confirm it matches the earlier commitment, proving nothing was altered after the fact.

What does attestation actually prove?

That a record existed in exactly its current form at the committed time: no retroactive edits, no deleted losers, no backdated calls. It does not prove the content was smart or profitable; truthfulness and quality are separate tests, by design.

What stops you from rewriting old commitments?

Each day's commitment includes the previous day's hash, chaining the records, and commitments are additionally anchored into the Bitcoin blockchain via OpenTimestamps. Rewriting any day would break every subsequent link in a log whose copies we do not control.

How do I verify a day myself?

Pick a date from the public log, download the revealed snapshot and the committed hash, recompute the SHA-256 with any tool, and compare. Then check the OpenTimestamps proof against Bitcoin's clock. The verifier script is public and takes seconds to run.

Why attest a measurement board that makes no predictions?

Two reasons: the regime dial's value is its provable history, which only counts if the formula demonstrably predates the claims about it; and the chain is infrastructure, so when strategy candidates enter public paper trading, the attestation lane is already years long.