ERC-7007 — Verifiable AI-Generated Content Token

Back to Token Standards

ERC-7007: Verifiable AI-Generated Content NFTs

ERC-7007 records the algorithmic provenance of AI-generated NFT content: each token stores the prompt, the model identifier, the output hash, and a zero-knowledge or signature-based proof that the output came from running the named model on the prompt. This is the on-chain answer to "did an AI generate this image?" — without trusting the minter's claim.

Used by:

• AI-art collections wanting cryptographic attestation of algorithmic origin.
• Content authenticity initiatives (Coalition for Content Provenance and Authenticity adjacent).
• Royalty splits to model owners based on verified usage.
• Audit trails for AI-generated art in regulated contexts.

Required Interface

interface IERC7007 {
    event AigcData(uint256 indexed tokenId, bytes prompt, bytes aigcData, bytes proof);

    function addAigcData(uint256 tokenId, bytes calldata prompt, bytes calldata aigcData,
                         bytes calldata proof) external;

    function verify(bytes calldata prompt, bytes calldata aigcData, bytes calldata proof)
        external view returns (bool success);
}

The proof is opaque to the spec — the most common implementations use:

• A signature from the model operator (cheaper, requires trusting the operator).
• A zk-SNARK proof that the output came from running the model (more expensive, trustless).

Neo Equivalent: NEP-11 + AIGC Attestation Storage

The Neo port stores the (prompt, output hash, proof) tuple per tokenId; verification calls out to a verifier contract or runs an inline signature check.

public static void AddAigcData(ByteString tokenId, ByteString prompt, ByteString aigcData, ByteString proof)
{
    if (!Runtime.CheckWitness(GetAdmin())) throw new Exception("NEP11:NotAdmin");
    if (!Verify(prompt, aigcData, proof))   throw new Exception("NEP11:InvalidProof");

    var entry = new Map<string, object>
    {
        ["prompt"]   = prompt,
        ["aigcData"] = aigcData,
        ["proof"]    = proof,
    };
    Storage.Put(Storage.CurrentContext, AigcKey(tokenId), StdLib.Serialize(entry));
    OnAigcData(tokenId, prompt, aigcData, proof);
}

public static bool Verify(ByteString prompt, ByteString aigcData, ByteString proof)
{
    // Simple model-operator-signature check.
    var pubKey = (ECPoint)Storage.Get(Storage.CurrentContext, ModelKey());
    var msg = prompt.Concat(aigcData);
    return (bool)CryptoLib.VerifyWithECDsa(msg, pubKey, proof, NamedCurveHash.secp256r1SHA256);

    // For a zk-SNARK variant, replace with:
    //   Contract.Call(zkVerifier, "verify", CallFlags.ReadOnly, new object[] { prompt, aigcData, proof })
}

ERC-7007 (Ethereum)	Neo Equivalent	Notes
addAigcData(tokenId, prompt, aigcData, proof)	AddAigcData(...) admin-witness-checked + verifies proof	Direct port
verify(prompt, aigcData, proof)	Verify(...) either inline ECDSA or cross-contract zk verifier	Pluggable verifier
AigcData event	OnAigcData notification	Direct port
Per-tokenId attestation	Per-tokenId storage entry	Same shape

Composition

• ERC-5375 — author + consent. Pair: author attestation + algorithmic provenance for full-stack creator attribution.
• ERC-2981 — royalties. Royalty splits between prompt author and model operator based on verified provenance.
• ERC-7160 — multi-metadata. Different model runs produce different metadata variants; pin the active one.
• ERC-2767 — governance. The model operator's pubkey rotates via governance proposals.

Verification Strategies

1. Operator-signature (cheapest) — model operator runs the model, signs the (prompt, output) pair. Anyone holding the operator's pubkey can verify. Trusts the operator.
2. TEE-attested signature — the model runs inside a Trusted Execution Environment (Intel SGX, AWS Nitro) that signs with a key bound to the TEE attestation. Verifiable by checking the attestation chain.
3. zk-SNARK — the model run produces a SNARK proving correct execution. Verifiable by a SNARK verifier contract. Most expensive but trustless.

The Neo port supports all three: pubkey verification is inline; TEE attestation is a thin extension; zk-SNARK delegates to a verifier contract.

Migration Notes

For Solidity AI-art collections using ERC-7007:

1. Pick a verification strategy at deploy time and store the model-operator pubkey or zk-verifier hash in a constant slot.
2. Each mint records (prompt, output, proof) via AddAigcData; the verification check rejects invalid proofs before storage.
3. For zk-SNARK proofs, the verifier contract is application-specific — pre-deploy a SNARK verifier (Groth16, Plonk, etc.) that matches the proving system the model run uses.

The on-chain footprint per AIGC NFT is ~200-1000 bytes (prompt + output hash + proof). For large prompts / outputs, store hashes on-chain and the originals in IPFS.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

contract ERC7007 {
    mapping(uint256 => bytes) internal _prompt;
    mapping(uint256 => bytes) internal _aigcData;
    mapping(uint256 => bytes) internal _proof;

    event AigcData(uint256 indexed tokenId, bytes prompt, bytes aigcData, bytes proof);

    function addAigcData(uint256 tokenId, bytes calldata prompt,
                         bytes calldata aigcData, bytes calldata proof) external
    {
        require(verify(prompt, aigcData, proof), "invalid proof");
        _prompt[tokenId]   = prompt;
        _aigcData[tokenId] = aigcData;
        _proof[tokenId]    = proof;
        emit AigcData(tokenId, prompt, aigcData, proof);
    }

    function verify(bytes calldata prompt, bytes calldata aigcData, bytes calldata proof)
        public view returns (bool)
    {
        // Operator-signature variant; zk-SNARK variant calls the verifier.
        return true;  // simplified
    }
}

using System;
using System.ComponentModel;
using Neo;
using Neo.Cryptography.ECC;
using Neo.SmartContract.Framework;
using Neo.SmartContract.Framework.Attributes;
using Neo.SmartContract.Framework.Native;
using Neo.SmartContract.Framework.Services;

namespace R3E.Examples;

[DisplayName("AigcNFT")]
[ContractPermission("*", "*")]
[SupportedStandards(NepStandard.Nep11)]
public class AigcNFT : Nep11Token<TokenState>
{
    public override string Symbol => "AIGC";

    private const byte Prefix_Aigc      = 0x90;
    private const byte Prefix_ModelKey  = 0xfe;
    private const byte Prefix_Admin     = 0xff;

    [DisplayName("AigcData")]
    public static event Action<ByteString, ByteString, ByteString, ByteString> OnAigcData;

    [DisplayName("_deploy")]
    public static void Deploy(object data, bool update)
    {
        if (update) return;
        var args = (object[])data;
        Storage.Put(Storage.CurrentContext, new byte[] { Prefix_Admin },    (UInt160)args[0]);
        Storage.Put(Storage.CurrentContext, new byte[] { Prefix_ModelKey }, ((ECPoint)args[1]).EncodePoint(true));
    }

    public static void AddAigcData(ByteString tokenId, ByteString prompt,
                                   ByteString aigcData, ByteString proof)
    {
        var admin = (UInt160)Storage.Get(Storage.CurrentContext, new byte[] { Prefix_Admin });
        if (!Runtime.CheckWitness(admin)) throw new Exception("NEP11:NotAdmin");
        if (!Verify(prompt, aigcData, proof)) throw new Exception("NEP11:InvalidProof");

        var entry = new Map<string, object>
        {
            ["prompt"]   = prompt,
            ["aigcData"] = aigcData,
            ["proof"]    = proof,
        };
        Storage.Put(Storage.CurrentContext, AigcKey(tokenId), StdLib.Serialize(entry));
        OnAigcData(tokenId, prompt, aigcData, proof);
    }

    public static bool Verify(ByteString prompt, ByteString aigcData, ByteString proof)
    {
        var pubKey = (ECPoint)Storage.Get(Storage.CurrentContext, new byte[] { Prefix_ModelKey });
        var msg    = prompt.Concat(aigcData);
        return (bool)CryptoLib.VerifyWithECDsa(msg, pubKey, proof, NamedCurveHash.secp256r1SHA256);
    }

    public static (ByteString, ByteString, ByteString) GetAigcData(ByteString tokenId)
    {
        var raw = Storage.Get(Storage.CurrentContext, AigcKey(tokenId));
        if (raw is null) return (null, null, null);
        var entry = (Map<string, object>)StdLib.Deserialize((ByteString)raw);
        return ((ByteString)entry["prompt"], (ByteString)entry["aigcData"], (ByteString)entry["proof"]);
    }

    private static byte[] AigcKey(ByteString tokenId) => new byte[] { Prefix_Aigc }.Concat(tokenId);
}

Why This Standard Will Grow

AI-generated content is the largest growing NFT category. Without ERC-7007 attestation, proof of "this was AI-generated by model X" relies on minter trust. With it, the chain serves as the root of trust for AI provenance. As AI models become economically valuable licensable artefacts, ERC-7007 is the substrate for paying model operators royalties on derivative work.