Citation Proof
A cryptographic mechanism that proves a citation embedded in an AI response really came from the claimed source document, with neither tampering nor fabrication. The authenticity core of a RAG pipeline.
Definition
Citation proof has two stages. (1) Source identity: the source document's byte stream matches a declared docHash. (2) Citation containment: the quoted string in the response exists, character-for-character, at the declared position within that document.
The second proof never ships the document — only the existence of the quoted string at a position is asserted inside a zero-knowledge proof circuit. Confidential source material can host verifiable citations.
This is qualitatively different from a "URL footnote." URLs are mutable and replaceable after publication; citation proof is cryptographically bound and resists post-hoc swaps as long as the hash matches at verification time.
Lemma Oracle implementation
Lemma attaches a ZK proof to each citation in a RAG response. The recipient verifies the citation's authenticity without ever fetching the underlying document.
The transparency obligations in EU AI Act, journalistic and legal fact-checking, and citation review for medical documents are all domains where citation proof is the direct answer.
Combined with selective disclosure, you can release only the cited paragraph or sentence — while still proving it is a legitimate citation from the source. Copyright's subordination and source-attribution requirements line up cleanly with cryptographic authenticity.