8 min read
Proof of Existence vs C2PA: how do they fit together?
C2PA describes the provenance of a media asset; Label 309 anchors a timestamped commitment to its bytes on Cardano. Here is what each one proves, and why most workflows want both.
C2PA and Proof of Existence answer different questions, so the practical answer is usually "both, not either."
C2PA describes the provenance of a media asset: who or what signed a claim about it, what assertions travel with it, how the asset is bound to its manifest, and what edits or ingredients are recorded. Label 309 does one narrow thing instead — it anchors a timestamped commitment to exact bytes (a file, a manifest, or a Merkle root) on the Cardano blockchain, so anyone can later prove those bytes existed by a public time without trusting the publisher.
They sit at different layers. C2PA carries the media story. Label 309 gives that story a public, independent time anchor. This article explains what each proves, where the seam between them is, and what to anchor in practice.
What is C2PA?
C2PA is the technical specification from the Coalition for Content Provenance and Authenticity. Its user-facing brand — the badge you may have seen on images from Adobe, Google, OpenAI, or Midjourney — is Content Credentials.
In practice, C2PA lets a media asset carry or reference a signed manifest. That manifest can hold assertions, a claim, a claim signature, content bindings, and ingredient references that link an asset to the earlier assets it was built from. Together they describe where an asset came from and how it was edited.
C2PA is designed for images, video, audio, journalism, creative tools, AI-generated media, camera capture, and publishing — anywhere people need to understand the origin and editing history of an asset.
It is not just a timestamp. It is a structured provenance layer, and that is exactly the part Proof of Existence does not try to replace.
What is Label 309?
Label 309 is an open, vendor-neutral standard for Proof of Existence records on Cardano. It has been submitted to the Cardano CIP process and is under review by the CIP editors as a Metadata-category proposal; the standard, not any one app, is the durable artifact.
A Label 309 record commits one or more content hashes — or a Merkle root over a large list of hashes — under Cardano transaction metadata label 309. From that point the claim stands on its own bytes. Anyone holding the transaction reference can fetch the metadata from a public Cardano explorer, check the record format, read the block time, and verify the cryptographic claims it carries (the hashes, any optional signatures, and, for a sealed record, the recipient key slots and a recipient's plaintext hash). No CardanoWall server is involved at any step.
The core claim is deliberately narrow:
These exact bytes — or this committed list of bytes — existed no later than this public Cardano time.
That narrowness is the point. It makes Label 309 usable under almost any kind of content, not only media files: source archives, datasets, contracts, evidence bundles, or a C2PA manifest.
What is the actual difference between them?
C2PA tells a provenance story. Label 309 anchors a timing commitment. The cleanest way to see it is to compare the questions each one answers.
C2PA can answer:
- What application, device, organisation, or signer produced this manifest?
- What assertions are attached to the asset?
- What earlier ingredients were used?
- What edits or transformations are recorded?
- How is the manifest bound to the asset?
- Which trust list or certificate context should a viewer evaluate?
Label 309 can answer:
- Did this exact asset hash exist by this public Cardano time?
- Did this exact C2PA manifest exist by this time?
- Was this asset or manifest included in a Merkle batch committed on chain?
- Did this identity key sign the record? (Optional — signatures are never required.)
- Can a recipient decrypt the sealed original and confirm its plaintext hash?
Those are complementary, not competing. One describes the asset; the other fixes a moment in public time.
Why would C2PA still want an external time anchor?
C2PA already includes signing and trust mechanisms, and the specification defines time-related concepts such as timestamp authorities and trust lists. For many media workflows that is exactly the right layer, and you do not need anything else.
But the trust in those mechanisms is rooted in named authorities, certificates, and trust lists — the platform, the editing tool, the timestamp authority, the manifest store. A publisher may want an anchor that sits outside all of that: independent of any media platform, editing vendor, website, or certificate chain, and durable even if those change. That is where Label 309 helps.
A team can hash the C2PA manifest store, the media asset, or a small bundle that references both, and publish a Label 309 proof of that hash. Later — even if the file has been copied, moved, challenged, or separated from its original hosting — the team can show that this exact provenance package existed by a specific block time, verified against public Cardano consensus rather than against any one company's word. If you want the deeper version of this argument, see why C2PA benefits from an external time anchor.
The blockchain anchor does not replace C2PA. It gives C2PA evidence a durable, independent time witness.
What should you actually anchor?
Anchor the thing you might need to prove later. Common patterns:
- the media file hash;
- the C2PA manifest store hash;
- a small bundle that contains both the media hash and the manifest hash;
- a release or publication manifest covering many assets at once;
- a Merkle root over thousands of C2PA manifests;
- a sealed archive, when the original asset must stay private but you still want a timestamped commitment to it.
For one important image, a single asset-or-manifest proof is usually enough. For high-volume work, reach for a Merkle root: one Label 309 record commits an entire list of assets or manifests, and you can later prove any single item was included without ever putting every file on chain. The mechanics of that pattern are covered in one record for thousands of files.
How does this help AI-generated content?
AI media pipelines produce large volumes of outputs, and provenance is often disputed after the fact. A company may need to show:
- which model or workflow generated an asset;
- which prompt set, policy version, or pipeline produced it;
- when the asset was generated;
- whether the asset was actually published by the company;
- whether a specific manifest existed before a dispute arose.
C2PA carries the provenance data that viewers, platforms, and downstream tools can read. Label 309 anchors the hash of that provenance data — at scale, through a Merkle root — so the timing claim survives independently of any platform. Because AI output is so easily copied, stripped of context, or republished elsewhere, a public proof gives the original publisher a way to show exactly what it committed and when.
Does Label 309 make media authentic?
No — and it is important to be precise about this.
Label 309 can prove that a file or manifest existed by a certain time. It does not prove that an image depicts reality, that a camera was honest, that the C2PA assertions are true, or that a viewer should trust the signer. A timestamp is evidence of timing and integrity, not of truth.
C2PA does not magically make every assertion true either. What it gives you is a structured, cryptographically verifiable way to carry and evaluate provenance, so a viewer can reason about it rather than guess.
Authenticity is a judgment built from signatures, device trust, editorial context, capture process, platform behaviour, and human review. A blockchain timestamp can support that judgment, but it cannot replace it. We treat this honestly in what a proof does not prove.
When should you reach for C2PA?
Use C2PA when the asset itself needs a provenance layer that media tools and viewers can read. It is the natural choice for:
- images and video;
- newsrooms and publishers;
- cameras and capture devices;
- creative software;
- AI media generation tools;
- platforms that display Content Credentials;
- workflows that track ingredients and edits.
C2PA is the right home for the media provenance story.
When should you reach for Label 309?
Use Label 309 when you need a public time anchor, or a proof record that lives outside the media file. It is useful for:
- anchoring C2PA manifests;
- proving publication batches;
- timestamping private assets without exposing them;
- sealing originals so a chosen recipient can recover and verify them later;
- committing large AI output sets with a single Merkle root;
- proving a dataset, prompt archive, or policy file existed by a time;
- preserving proof even if a website, platform, or manifest store changes.
Label 309 is the right home for the independent, timestamped commitment.
The short version
C2PA carries a signed provenance story for a media asset. Label 309 says that exact bytes — a file, a manifest, or a Merkle root — existed by a public Cardano time, verifiable by anyone, with no server to trust.
For serious media provenance, the strongest setup is both: C2PA for the story, Label 309 for the public anchor.
Further reading
- C2PA / Content Credentials: c2pa.org, the technical specification at spec.c2pa.org, and the user-facing programme at contentcredentials.org.
- The Label 309 standard and reference implementations: label309.org, with open-source code at github.com/cardanowall and the Cardano CIP submission in pull request #1205.