01. Exhibits

Paintings with an Embedded Memory

Each exhibit is a physical painting embedded with a near-field communication tag controlled exclusively by the artist. The NFC chip acts as a dynamic cryptographic anchor, binding the physical work to a verifiable digital record—without minting, without marketplaces, without speculation.

The tag is not a token. It is a seal. When a viewer holds their device to the painting, they receive an immutable provenance document: verifiable authorship and an unalterable cryptographic history. Here, the physical artwork serves as the absolute anchor for the digital image. The canvas and the pixels become indivisible. To hold the painting is to hold its sovereign digital history. The paintings to the right are not ordinary images, they are charmed..

02. Trust Systems

The architecture of cryptographic memory

Trust Systems is not a traditional database; it is an ontological anchor. It is the software infrastructure we use to force infinitely reproducible digital files to obey the laws of physics. It acts as the vault, the provenance engine, and the cryptographic bridge for all charm.farm exhibits.

Instead of generating a passive paper trail, the system creates an active, append-only timeline. Through cryptographic manifest chaining, the artwork literally metabolizes its own history. Every transfer, exhibition, and authorized event is permanently digested into the object's digital DNA. The artifact does not just move through time; it mathematically accumulates it.

Trust Systems is built for galleries, private collections, and institutional archives. If endless digital reproduction strips a work of its "aura"—its unique presence in time and space—this architecture acts as an aura synthesizer. By irrevocably binding an infinitely reproducible file to a singular physical object, the system restores the gravity of a physical original. The result is an artifact with a mathematically verifiable presence, secured entirely independent of blockchains or fragile web infrastructure.

03. Protocols

Specifications for physical-digital cryptographic entanglement

Our protocols define the exact hardware capabilities, cryptographic primitives, and data schemas required to bridge the airgap between an infinitely reproducible digital file and a singular physical object. These are open implementation profiles, published for review and adoption by engineers building high-assurance, zero-trust provenance systems.

  • Protocol CF-001

    The Physical Anchor: SDM Provisioning & ISO 7816-4 File State

    Defines the strict hardware constraints and memory personalization sequence for embedding the physical challenge.

    Hardware Target
    NXP NTAG 424 DNA (NT4H2421Gx) operating over ISO/IEC 14443A-4.
    Provisioning Sequence
    Enforces a rigid ISO/IEC 7816-4.
    Access Policy
    File 02h (NDEF) is locked to access rights 0x00E0, enforcing free read access while strictly gating write and configuration capabilities behind AES-128 authentication.
    Key Derivation
    Abandons static keys in favor of deterministic per-tag derivation. Five 16-byte AES-128 keys are generated locally via HKDF-SHA256, utilizing a vault-secured root secret and the tag's 7-byte UID.

  • Protocol CF-002

    The Digital Ledger: C2PA Immutability & Content Addressing

    Defines the structure of the digital cryptographic oath. It replaces decentralized ledgers with self-contained, cryptographically signed file structures.

    Standardization
    Utilizes the Coalition for Content Provenance and Authenticity (C2PA) open standard for manifest generation.
    Cryptography
    All assertions are signed using ES256 (ECDSA P-256) via standard X.509 certificate chains in PEM format.
    Content Addressing
    The visual payload is hashed using a strict IPFS CIDv1 implementation: Base32, size-262144 fixed chunker (256 KB), balanced DAG layout, and raw leaves. This guarantees deterministic, reproducible content addressing across all environments.
    Physical Binding
    Injects a custom assertion (org.trustsystems.physical-anchor.v1) containing the canonical nfc:uid:<HEX> anchor directly into the manifest prior to signing, permanently binding the image's IPFS CID to the physical silicon.

  • Protocol CF-003

    The Oracle Handshake: Dynamic SDM Verification

    The procedure by which the digital manifest and physical reality are verified. It prevents cloning and replay attacks through thermodynamic entropy.

    Dynamic Challenge
    Upon tap, the NTAG 424 DNA generates a Secure Dynamic Messaging (SDM) cryptogram.
    Decryption & Validation
    The verification backend decrypts the 16-byte PICCData using the derived SDMMetaReadKey (AES-128-CBC) to expose the UID and the 3-byte Little-Endian ReadCtr.
    CMAC Verification
    The system computes a unique Cipher-based Message Authentication Code (CMAC) using the SDMFileReadKey and the exact incremented ReadCtr.
    Resolution
    If the CMAC is mathematically valid, the counter is strictly monotonic, and the UID perfectly matches the physical-anchor assertion inside the C2PA manifest, the Oracle Handshake succeeds. The physical object is authenticated.

05. Contact

General —
hello@charm.farm
Trust Systems —
systems@charm.farm
Exhibitions —
exhibits@charm.farm