Get Started

How NeoZip Works

NeoZip upgrades the ZIP format with embedded cryptographic proofs and optional blockchain anchors, enabling independent, zero-trust verification of archive integrity.

Open NeoZip PortalDeveloper Docs

2.1 Building on the ZIP foundation

NeoZip builds on ZIP because ZIP is ubiquitous and backward compatible. The ZIP specification supports custom metadata fields—most tools ignore them, but they are valid and portable. NeoZip uses those fields to embed verification data while maintaining compatibility with existing ZIP tooling.

2.2 The cryptographic layer

Hash every file
NeoZip computes a SHA-256 fingerprint for each file. Any byte change produces a completely different fingerprint.
Summarize with a Merkle tree
File fingerprints are combined deterministically into a single root hash that represents the entire archive.
Anchor on-chain
The ZipStamp server (via neozip-blockchain) batches digests and writes timestamps to the blockchain. Only the minimal fingerprint and reference metadata are recorded—never the file contents.
Your Files(ZIP input)Create fingerprintsBuild summary (Merkle)Embed metadataNeoZip Archive(self-contained proof)Blockchain Record(Zip Fingerprint + Timestamp)

Figure 1: NeoZip archive creation workflow (from the paper).

Merkle trees in one picture

Merkle RootCombined Hash of LeavesHash A & BHash C & DH(A)H(B)H(C)H(D)

Figure 2: How the summary tree (Merkle tree) works (from the paper).

2.3 The verification process

Verification recalculates the archive fingerprint and compares it against the immutable ledger record. The archive may include a small pointer file (for example, META-INF/NZIP.TOKEN) that helps locate the record, but the ledger remains the source of truth.

  1. Read the pointer to determine which network/record to verify against.
  2. Recompute the fingerprint of the archive contents (excluding NeoZip’s own pointer/proof files).
  3. Fetch the official fingerprint from the blockchain.
  4. Compare: match means verified; mismatch means tampering or different content.

2.3a ZipStamp Server Timestamping (neozip-blockchain)

The ZipStamp server is the recommended path for blockchain timestamping, provided by the neozip-blockchain library. Your application submits the archive digest (Merkle root) to a ZipStamp server, which batches submissions and writes timestamps to the blockchain. The workflow supports Base Mainnet and Base Sepolia.

  • Stamp: Submit your digest to the ZipStamp server; it queues your request for batching.
  • Upgrade: Once the batch is confirmed on-chain, fetch TIMESTAMP.NZIP proof data and embed it in your archive.
  • Mint: Optionally mint an NFT proof for ownership and audit trail.

The neozip-blockchain package provides the ZipStamp server API client. Configure your app with the ZipStamp server URL and use neozip-blockchain together with neozipkit for full NZIP workflows. See the Developer Docs for integration details.

2.4 NFT tokenization (ownership + audit trail)

NeoZip can tokenize an archive as an ERC-721 NFT to provide an immutable ownership trail and enable transfer. The token references the archive fingerprint (Merkle root) and timestamp metadata, enabling duplicate prevention and versioning semantics.

1. Add Files2. Hash Each File3. Compress Files4. Build Merkle Tree5. Mint NFT On-Chain6. Embed NZIP.TOKEN

Figure 3: Complete end-to-end tokenization workflow (from the paper).

Off-chain vs on-chain (privacy + efficiency)

A core design point is separation: the archive (files + embedded proofs) stays off-chain wherever you store it, while the blockchain stores only minimal fingerprints and reference data. This keeps confidential content private while preserving perpetual verifiability.

NeoZip Archive (Off-Chain)Your files + hashes + proofsMETA-INF/NZIP.TOKEN (pointer)Blockchain Ledger (On-Chain)Merkle root (fingerprint)Creator + timestamp + refs

Figure 4: Off-chain vs on-chain (from the paper).

Key Benefits

  • Tamper-proof Archives

    Any modification to files inside your NeoZip archive will be detected through cryptographic verification.

  • ZipStamp Server Timestamping

    Submit your archive digest to the ZipStamp server (via neozip-blockchain). The server batches digests and writes timestamps to the blockchain, creating immutable proof of existence at a specific point in time.

  • Independent Verification

    Anyone can verify your NeoZip files against the blockchain record. The archive embeds TIMESTAMP.NZIP proof data, enabling zero-trust verification without relying on a central authority.

  • NFT Ownership

    Transform your ZIP files into blockchain-based NFTs, providing immutable proof of ownership and enabling secure transfer of your archived files.

  • Advanced Monitoring

    With a NeoZip account, get real-time monitoring of your archive's integrity status and notifications for any security issues.

Want the hands-on path?

Use NeoZip Portal to create and verify archives, or integrate via NeoZipKit and neozip-blockchain.

Open PortalDeveloper Docs