Data doesn't lie if you make it impossible to.
PlayArch is the research lab behind PlayWebit, building systems that make tampering detectable by design.
PlayArch is the research lab behind PlayWebit, focused on one question: how do you make it impossible to quietly alter data that people depend on? Most systems trust that nobody with access will misuse it. We build systems that don't need that trust — where any tampering is mathematically detectable the moment it happens.
The common thread across our work is that computation and trust should happen on the user's own device, not on someone else's server. SpiderWeave verifies data integrity cryptographically instead of trusting a database. Sharelock lets credentials expire by design instead of trusting revocation. CipherV encrypts files entirely client-side so no server ever holds a usable key. We're extending the same principle to AI — building models that run fully in the browser, so your data never has to leave your device to get an answer.
We work backwards from real problems. Every project starts as a tool built to solve something specific, and only becomes a paper once we've tested it against reality and have results worth writing down.
PlayArch sits alongside PlayWebit Networks, the company's blockchain product, but exists to ask harder, longer-horizon questions than a single product roadmap allows — the kind of research that takes months to get right and years to matter.
This list will grow as new projects ship — PlayArch is built to hold many research threads over time, not just one.
Cross-table hash architecture for tamper-proof data integrity. Links database tables with cryptographic hashes and anchors the result on any blockchain — one changed row breaks the whole chain, exposing the attack instantly.
- –Adapters for Supabase, PostgreSQL, and EVM chains out of the box
- –Write a custom adapter for any database or chain in 5 methods
- –Verify integrity and detect exactly which table was tampered with
Public, permissionless L1 blockchain for cross-platform digital ownership. Any marketplace, creator app, or content service can register content, verify ownership, and enforce creator royalties — enforced at the protocol level, across every platform on the network, forever.
- –Duplicate content detection across every platform on the network, not just one
- –Royalties set once at mint, paid to creators on every resale automatically
- –Storage-agnostic — runs on Supabase, SQLite, LevelDB, or in memory
A private vault that encrypts everything on-device before it ever moves. Files stay off any public network entirely while still producing a real, verifiable ERC-721 token in your wallet — with no passwords stored and no server ever seeing your files.
- –Content-addressed ownership — a SHA-256 fingerprint blocks the same file being registered twice
- –Three-layer key separation (AES-256-GCM · ChaCha20-Poly1305 · AES-256-GCM) so no server ever holds a usable key
- –On-chain marketplace — creators earn on every resale, not just the first
A browser-native peer-to-peer authentication framework where credential validity is bounded by a user-set expiry, not by revocation. When the timer runs out, the client and server both delete their side of the record at the same moment — there's nothing left to steal after that point.
- –RSA-PSS-2048 challenge-response over WebRTC, no software install required
- –Six security properties formally verified with ProVerif under a Dolev-Yao adversary model
- –Tested across 120 sessions, 4 browsers, 4 network conditions — signing latency 1.32–2.14ms