How OmegaChain Works

OmegaChain is a public, non-financial registry for unique digital challenge coins. It uses ordinary files, SHA-256 hashes, and issuer signatures so a recipient can upload a coin PNG and check whether it is an authentic keepsake.

OmegaChain coins are commemorative tokens of appreciation. They are not currency, securities, investments, or a cryptocurrency system.

The Short Version

Each coin has a public record

A token record identifies the coin and carries verification hashes, the issuer signature, and encrypted coin details. The readable details are stored as ciphertext.

Each PNG carries the unlock key

The minted coin image contains a small hidden payload in its pixels. The verifier extracts that payload from the uploaded PNG and uses it to decrypt the matching public record.

Records are chained together

Every token record includes the hash of the previous record. Changing an older public record would break the link for every later coin.

The issuer signs the record hash

The private key stays on the minting computer. The public website publishes only public_key.pem, which lets anyone verify the signature.

Encrypted Registry Details

What the JSON shows

The public JSON keeps structural verification data readable: token ID, image filename, image hash, previous record hash, record hash, issuer signature, verification URL, and encryption metadata.

What the JSON hides

Human-readable details such as title, description, issuer, coin type, recipient, purpose, note, and date are encrypted into private_fields_ciphertext. Browsing the registry does not reveal those values.

What the coin provides

The PNG contains a hidden private_fields_key. When the coin is uploaded, the browser uses that key with AES-GCM to decrypt the public JSON locally.

What gets displayed

After decryption, the verifier checks the decrypted details against private_fields_sha256. If the checks pass, it displays the coin details on the verify page.

Hash Chain

Canonical record hash

Each JSON record is canonicalized into a stable key order, then hashed with SHA-256. The record_hash and issuer_signature fields are excluded from that hash so the record can contain its own hash and signature.

Previous hash link

Every token record stores the previous record's record_hash in previous_hash. That means coin 2 depends on coin 1, coin 3 depends on coin 2, and so on.

Tamper evidence

If someone edits an older JSON file, its record_hash changes. The next record's previous_hash no longer matches, so the chain check fails.

Coin-bound readable data

The encrypted details live in the JSON, but they are only readable when paired with the appropriate coin PNG because the decrypt key is hidden inside that coin.

Minting Flow

1

Create the coin locally

The minting GUI runs on the issuer's computer. It accepts the artwork, title, description, recipient text, and other commemorative fields.

2

Render the PNG

OmegaChain generates a coin image, blends in the artwork, and hides a verification payload inside the image pixels. Recipient and message details are not printed visibly on the PNG.

3

Hash the image and record

The PNG gets a SHA-256 image hash. The JSON token record is canonicalized, then hashed with SHA-256 while excluding record_hash and issuer_signature. Human-readable coin details, recipient text, and stamp details are encrypted with AES-GCM before the public record is signed. The decrypt key is hidden in the minted PNG.

4

Sign the record hash

The issuer private key signs the record hash. The signature proves that the issuer approved that exact record.

5

Publish only the public records

The public website receives the verifier page, public key, genesis record, and token JSON records. The public JSON can carry encrypted coin details without publishing readable titles, names, or messages. The minted coin PNGs remain private unless the issuer gives one to a recipient.

Verification Flow

  1. The recipient opens the static verifier page and selects their OmegaChain PNG.
  2. The browser reads the hidden payload from the uploaded image. The image is not sent to a server.
  3. The verifier loads the matching public token JSON record.
  4. It recalculates the canonical record hash and compares it to the published record_hash.
  5. It verifies the issuer signature using the published public key.
  6. It hashes the uploaded PNG and checks that hash against image_sha256.
  7. It uses the key hidden in the PNG to decrypt human-readable coin details from the public JSON.
  8. It loads the previous public record and checks that previous_hash links correctly.
  9. If all checks pass, the page displays Verified.

What The Checks Prove

Authenticity

A valid signature means the record was signed by the holder of the OmegaChain private key.

Image integrity

A matching image hash means the uploaded PNG is byte-for-byte the same image recorded at minting time.

Tamper evidence

A matching record hash and previous hash link mean the public JSON record still fits into the append-only chain.

Uniqueness in the registry

Each token ID identifies one public record in the OmegaChain registry. The coin is unique as a signed commemorative record, not as a financial asset.

What It Does Not Mean

Why This Design

The goal is simple public verification without financial baggage. A GitHub Pages site can host the verifier, public key, and token records as static files. The issuer can mint coins locally, give PNGs directly to recipients, update the public records, and push the site. Recipients can later verify their coin with only a browser.