Every receipt is math. Every signer is on-chain. Trust hierarchy: Root, Service, Producer. Every signing key derived from a BIP39 mnemonic via HKDF at a unique path. Keys form a three-level hierarchy. Verification walks the chain from any producer receipt up through its service signer to the DRM3 root. 29 signers anchored on Base mainnet via DRM3Registry. Paste a provenance receipt to verify its Ed25519 signature in your browser. Look up any signer path against the on-chain registry.