Who can read it, and what stays private

Sometimes you don't want to prove something to the whole world — only to a few people. Co-authors on a discovery you're not ready to announce. The parties to a confidential contract. A friend you're trusting with a secret recipe. You still want the permanent, tamper-proof timestamp a blockchain gives you. You just don't want strangers reading along.

Label 309's sealed proofs solve this. You lock the content so that only the people you choose can open it, and you anchor a timestamped record of it on the public ledger anyway. The natural worry is: it's a public ledger. Anyone can look. So what do they actually see?

The honest answer is: surprisingly little. But not nothing — and Label 309 is careful to be precise about the difference.

Picture a row of locked boxes

Imagine you put your sealed message in a vault wall that everyone can walk past. On that wall is a row of small, identical locked boxes — one for each person you're sending to. Each box holds a key that opens the same message, but each box can only be unlocked by one specific person's private key.

A passerby can see the wall. They can see there's a row of boxes. They can even count them. What they can't do is open any box, see whose key fits which, or read a single word of what's inside.

That's almost exactly how Label 309 sealing works.

What a stranger can see

• That something was sealed. The record openly marks that it carries locked content rather than being in the clear. (A watcher can even tell whether you used ordinary or post-quantum-safe locking — but nothing more.)
• The timestamp — the moment the network agreed the record existed, accurate to the second. That's the whole point; it's meant to be public.
• The content's fingerprint — the same one-way code from an ordinary proof of existence. It reveals nothing about the content itself and can't be turned back into it.
• Roughly how many recipients there are — the number of locked boxes. This is the one thing that leaks, and we'll come back to it.

What stays hidden

• The actual content. It's never on the ledger — only its fingerprint and the locked boxes are, and the scrambled file itself lives off-chain. Without one of the matching private keys, the content is just noise.
• Who the recipients are. Label 309 puts no recipient's name or public key anywhere on the record. There's no "to:" field to read. A recipient only discovers a message is theirs by quietly trying their key on each box until one opens.
• Who sent it — if you choose not to sign. Signing your authorship is always optional in Label 309. Skip it, and the record carries nothing that ties it back to you: every box holds only fresh, one-time key material that points at no one.

And two subtler protections matter just as much:

• Recipients can't see each other. Opening your own box tells you nothing about anyone else's. You can't learn who else was included, and they can't learn about you.
• The order is shuffled. Before publishing, the boxes are scrambled into a random order. So even the position of a box — first, last — leaks no hint about who's "primary" or how the group is arranged.

The one honest caveat

The count is visible. A stranger can't tell who your recipients are, but they can count the boxes and learn how many there are. For most uses that's harmless — three co-authors, two parties to a contract. But if even the number is sensitive, you can blunt it: add a few extra boxes as padding, or split the sending into separate records. Label 309 doesn't hide the count for you, so when it matters, that's your move to make.

Two smaller honesties, while we're being precise. The timestamp is exact to the second, so for a leak where timing alone is sensitive, that itself is a real exposure. And the record can't hide which wallet paid for the Cardano transaction — that lives in the transaction itself, outside the sealed record, so anyone who needs that hidden has to handle it at the wallet level.

It's also worth remembering that anyone you do give a key to can read the message for as long as the stored content exists. Sealing protects you from the world, not from the people you chose to trust.